CN116614809A - Wireless sensor network authentication protocol method based on physical unclonable function - Google Patents

Abstract

The application discloses a wireless sensor network authentication protocol method based on a physical unclonable function, which comprises a network initialization step, a sensor registration step, a user registration step and a user authentication step, wherein the physical unclonable function can be used on a smart card of a user and a remote sensor to ensure the safe access of the user to the sensor, an improved dynamic updating technology is used for preventing desynchronization attack, and a plurality of uncorrelated parameters are used for generating a session key, so that the method has higher safety and efficiency.

Description

Wireless sensor network authentication protocol method based on physical unclonable function

Technical Field

The application relates to the technical field of sensor network authentication, in particular to a wireless sensor network authentication protocol method based on a physical unclonable function.

Background

The wireless sensor network is a wireless network which deploys a large number of sensors in a specific area to realize perception through data collection, and application scenes comprise environment monitoring, military, medical care, industrial production and the like. Wireless sensor networks often include three entities, a user, a gateway, and a wireless sensor. Because of the limited wireless signal coverage of wireless sensors, collected data needs to be sent to remote users through nearby gateways (or base stations). The user needs to send a login request to the gateway through the public network when accessing the wireless sensor node, the gateway sends the access request to the sensor after responding, and the sensor sends data to a remote user through the gateway through wireless communication, namely the whole access process is carried out in an open channel, so that the data transmission of the wireless sensor network faces serious security threat. Therefore, it is necessary to use an identity authentication mechanism to ensure the validity of the identity of each communication participant and encrypt the transmitted data, so as to ensure the smooth data transmission of the wireless sensor network. Currently, researchers have proposed a variety of wireless sensor network authentication protocol schemes. However, in the implementation of the present application, the present inventors have found that the existing protocol scheme has the following security problems that are easily ignored:

physical cloning attacks cannot be prevented: although researchers have proposed authentication protocols based on a few three factors (password, smart card, biometric information) to prevent illegal users from accessing sensor data, only the characteristics of the biometric information that is not easy to lose and difficult to imitate are considered as a whole, while side channel attacks or energy attacks that an attacker can launch on a smart card that is lost or acquired briefly by the attacker are ignored, and the attacker can launch physical cloning attacks on an unattended sensor as well. Through these attacks, an attacker can acquire secret information such as a key on a smart card or a sensor, and then use this information to further initiate a counterfeit attack. None of the three-factor authentication protocol schemes proposed by Xie et al, rangwan i et al, wang et al, prevents physical cloning attacks.

Desynchronization attacks cannot be prevented: anonymity is an important security attribute of wireless sensor network authentication protocols for protecting user privacy and preventing an attacker from tracking a user. In order to achieve user anonymity, the prior art often adopts dynamic identity identification, namely, when a user logs in a gateway every time, the gateway updates the identity identification used by the user and stores the identity identification in a database, then hides a new user identity identification in an authentication message to send the authentication message to the user, and the user logs in by using the new identity identification next time. Thus, the identity identifiers used by the users in each login are different, so that an attacker cannot identify whether different logins are initiated by the same user or not, and the users cannot be tracked, thereby avoiding privacy disclosure. However, if the attacker intercepts the message including the updated identity sent by the gateway to the user, the user identity in the gateway database is updated and the user end remains the old user identity, i.e. an unsynchronized condition occurs, so that the user is refused when logging in the gateway next time. In other words, such protocols are at risk of being vulnerable to desynchronization attacks. Although He et al, shin et al, and Amin et al respectively propose authentication protocols for application in different environments, all claim to defend against common attack means, they have been found by analysis to be unable to resist desynchronization attacks.

Temporary information leakage attacks cannot be prevented: the wireless sensor authentication protocols proposed by Farsh et al, amin et al and Lu et al cannot resist temporary information leakage attacks. The solutions of farah et al and Amin et al are both based on hash functions, and the generated session key is only dependent on two random numbers provided by the user and the sensor, respectively, and the inherent design defect causes leakage of one random number to cause leakage of the other random number, and finally, an attacker can directly calculate the session key. Lu et al are based on elliptic curve cryptography, and the generation of session keys is also dependent on random numbers supplied by both parties. Because of the elliptic curve discrete logarithm problem, although an attacker can intercept elliptic curve point values used for generating a session key from an open channel, random numbers of a user and a sensor cannot be calculated, and the session key cannot be calculated. However, if random numbers of any one of the user and the sensor are revealed, an attacker can generate a session key in combination with the hacked authentication message, so that the Lu et al scheme cannot prevent temporary information disclosure attacks either.

Sensor node anonymity cannot be provided: some existing protocols only consider user anonymity, ignoring sensor node anonymity. Neither the solutions proposed by adaboudi-Jolfaei et al nor farsh et al provide sensor anonymity, meaning that an attacker can acquire the identity of a sensor from an intercepted message, develop tracking for different communication sessions of a specific sensor according to the identity, and also determine the importance of the sensor according to how frequently it is accessed, and further launch a sensor node impersonation attack or node capture attack on the sensor.

In summary, the prior art has low security, and has potential safety hazards that are easy to ignore, such as being unable to prevent physical cloning attack, being unable to prevent desynchronization attack, being unable to prevent temporary information disclosure attack, etc.

Disclosure of Invention

The technical problem to be solved by the application is to provide a wireless sensor network authentication protocol method based on a physical unclonable function, which can ensure the safe access of a user to a sensor by using a PUF (Physical Unclonable Functions) on a smart card of the user and a remote sensor, and prevent desynchronization attack by using an improved dynamic updating technology, and in addition, a session key is generated by using a plurality of uncorrelated parameters, so that the method has higher security and efficiency.

In order to solve the technical problem, the first aspect of the present application discloses a wireless sensor network authentication protocol method based on a physical unclonable function, which comprises the following steps:

a network initialization step comprising:

gateway device GW selects a large prime number p and generates elliptic curve E/F _p One based on E/F _p The generator of the addition group G is P; wherein E/F _p To define a finite field F of order p _p An elliptic curve E on the upper part;

gateway device GW selects a private key X _g A one-way hash function H (), a biological information processing function H (), and secret storage { X ] _g Publication { E/F }, publication _p ，G，P，h()，H()}；

A sensor registration step comprising:

gateway device GW is for each sensor S _j Selecting identification SIDs _j Calculating a communication key K _j ＝h(SID _j ||X _GW ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein X is _GW The method is characterized in that the method is a password key of gateway equipment GW, and I is bit connection operation;

gateway device GW transmits { SID over a secure channel to sensor _j ，K _j ，C _j }, wherein C _j Is challenge information;

sensor S _j Calculating R _j ＝PUF _j (C _j ) And send { SID to gateway device GW _j ，R _j -wherein the PUF _j () A physical unclonable function in the sensor;

gateway device GW handles { SID _j ，C _j ，R _j Saving into a database;

a user registration step comprising:

user U _i Inputting identity ID _i Password PW _i And biometric information BIO _i Selecting a random number r _i And t E [2 ] ⁴ ,2 ⁸ ]Calculating PID _i ＝h(ID _i ||H(BIO _i )||r _i )，f _i ＝h(h(PW _i ||r _i ||H(BIO _i ) Mod t) and sends { ID over a secure channel to the gateway device GW _i ,PID _i -a }; wherein mod is the remainder operation;

gateway device GW computationSelect challenge C _i Handle { V _i ,C _i ,E _k (),D _k () Deposit into smart card and issue to user U _i ；

User U _i Calculation ofR _i ＝PUF _i (C _i ) And->Handle { A _i ,B _i ,f _i Store in smart card, delete V _i Then send { ID over secure channel to gateway device GW _i ，R _i -a }; wherein the PUF _i () For the physical unclonable function of the smart card, -, is given>Is an exclusive-or operation;

gateway device GW handles { ID } _i ，C _i ，R _i Saving into a database;

a user authentication step, comprising:

user U _i Inserting a smart card, entering an ID _i 、PW _i 、BIO _i Calculating R _i ＝PUF _i (C _i )， f _i ^* ＝h(h(PW _i ||r _i ^* ||H(BIO _i ) Mod t), and determine equation f _i ^* ＝f _i Whether or not to establish; if not, the smart card terminates the session, otherwise the smart card generates two random numbers r _i ^new And e _i And selecting the identification SID of a sensor to be accessed _j Calculating PID _i ^new ＝h(ID _i ||H(BIO _i )||r _i ^new ),/>

User U _i Selecting a random number a _i And a timestamp T ₁ Calculate m ₂ ＝a _i P, and m ₅ ＝h(ID _i ||PID _i ||PID _i ^new ||m ₂ ||SID _j ||R _i ||T ₁ ) Message { m } ₁ ,m ₂ ,m ₃ ,m ₄ ,m ₅ ,PID _i ,T ₁ -sending to gateway device GW;

gateway device GW first checks T ₁ If T is ₁ Invalidating and terminating the session; calculation of According to ID _i Finding R from a database _i And calculate m ₅ '＝h(ID _i ^* ||PID _i ||PID _i ^new ||m ₂ ||SID _j ^* ||R _i ||T ₁ ) Then determine equation m ₅ '＝m ₅ Whether or not to establish; if not, the session is terminated, otherwise the gateway device GW is based on SID _j Finding C from a database _j And R is _j Calculate K _j ＝h(SID _j ^* ||X _GWN ),e _k ＝h(SID _j ^* ||K _j ),/>m ₇ ＝h(K _j ||PID _i ^new ||SID _j ^* ||m ₂ ||R _j ||T ₂ ) Finally to the sensor S _j Send message { m ₂ ,m ₆ ,m ₇ ,T ₂ }；

Sensor S _j First check T ₂ If T is ₂ Invalidating and terminating the session; calculate e _k '＝h(SID _j ||K _j ) Then use e _k ' perform decryptionGet e _i ,C _j ，PID _i ^new Calculating R _j '＝PUF _j (C _j )，m ₇ '＝h(K _j ||PID _i ^new ||SID _j ^* ||m ₂ ||R _j '||T ₂ ) And determine the equationm ₇ '＝m ₇ Whether or not to establish; if not, the session is terminated, otherwise the sensor S _j Selecting a random number b _j Calculate m ₈ ＝b _j P，SK _S-U ＝h(b _j m ₂ ||PID _i ^new ||SID _j ||e _i )，m ₉ ＝h(SK _S-U ||PID _i ^new ||SID _j ||m ₈ ||T ₃ ),m ₁₀ ＝h(K _j ||PID _i ^new ||m ₈ ||R _j '||T ₃ ) Finally, a message { m } is sent to the gateway device GW ₈ ,m ₉ ,m ₁₀ ,T ₃ }；

Gateway device GW first checks T ₃ If T is ₃ Invalidating and terminating the session; calculating m ₁₀ '＝h(K _j ||PID _i ^new ||m ₈ ||R _j '||T ₃ ) And judge m ₁₀ '＝m ₁₀ Whether or not to establish; if not, the session is terminated, otherwise the gateway device GW calculates m ₁₂ ＝h(PID _i ^new ||e _i ||m ₈ ||R _i '||T ₄ ) To user U _i Send message { m ₈ ,m ₉ ,m ₁₁ ,T ₃ ,T ₄ }；

User U _i Check T ₄ If T is ₄ Invalidating and terminating the session; calculating m ₁₁ '＝h(PID _i ^new ||e _i ||m ₈ ||R _i ||T ₄ ) And determine equation m ₁₁ '＝m ₁₁ Whether or not to establish; if not, the session is terminated, otherwise, the user U _i Calculation of SK _U-S ＝h(a _i m ₈ ||PID _i ^new ||SID _j ||e _i ) And m ₉ '＝h(SK _U-S ||PID _i ^new ||SID _j ||m ₈ ||T ₃ ) Then determine equation m ₉ '＝m ₉ Whether or not to establish; if not, user U _i Terminating the session, otherwise accepting SK _U-S As a sensor S _j Is a session key of (a); smart card computation f _i ^new ＝h(h(PW _i ||r _i ^new ||H(BIO _i ))mod t)， And using (A) _i ^new ,B _i ^new ,f _i ^new ,PID _i ^new ) Instead of (A) on the card _i ,B _i ,f _i ,PID _i ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein E is _k () And D _k () Respectively symmetric encryption algorithm and decryption algorithm using key k, T _i For time stamp, i=1, 2, ….

As an alternative embodiment, in the first aspect of the present application, the method further includes:

a password updating step, comprising:

user U _i Inserting a smart card, entering an ID _i 、PW _i And BIO _i Calculating R _i ＝PUF _i (C _i )， f _i *＝h(h(PW _i ||r _i *||H(BIO _i ) Mod t), and checking equation f _i *＝f _i If yes, terminating the session, otherwise, continuing to execute the next step;

user U _i Inputting new password PW _i ^new Calculating f _i ^new ＝h(h(PW _i ^new ||r _i *||H(BIO _i ))mod t), Finally use (A) _i ^new ,B _i ^new ,f _i ^new ) Instead of (A) on a smart card _i ,B _i ,f _i )。

The second aspect of the application discloses a wireless sensor network, which is characterized in that the network comprises user equipment, a smart card, gateway equipment and a plurality of wireless sensors; the user equipment, the smart card, the gateway equipment and the wireless sensor are used for executing part or all of the steps in the wireless sensor network authentication protocol method based on the physical unclonable function disclosed in the first aspect of the application.

Compared with the prior art, the application has the following beneficial effects:

the application ensures the physical safety of the intelligent card and the sensor by using the physical unclonable function, and can effectively reduce the risk of secret information leakage of each participant in the authentication process; updating the pseudo identity of the user by using an improved dynamic updating technology, so as to realize the anonymity of the user and prevent desynchronization attack; and generating a session key by combining an elliptic curve encryption algorithm with multiple parameters, preventing temporary information leakage attack and realizing forward and backward security. The method is safe and efficient, not only completes three-party bidirectional authentication among the user, the gateway and the sensor, but also can prevent the security problems that physical cloning attack, desynchronization attack and the like are easy to ignore, and is very suitable for the security authentication of the wireless sensor network.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a schematic flow chart of a wireless sensor network authentication protocol method based on a physical unclonable function according to an embodiment of the present application;

FIG. 2 is a flowchart of a sensor registration step of an authentication and key agreement method according to an embodiment of the present application;

FIG. 3 is a flowchart illustrating a user registration step of an authentication and key agreement method according to an embodiment of the present application;

FIG. 4 is a flowchart illustrating a user authentication step of an authentication and key agreement method according to an embodiment of the present application;

FIG. 5 is a flowchart illustrating a password update step of an authentication and key agreement method according to an embodiment of the present application;

fig. 6 is a schematic structural diagram of a wireless sensor network according to an embodiment of the present application.

Detailed Description

In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

The terms first, second and the like in the description and in the claims and in the above-described figures are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, apparatus, article, or article that comprises a list of steps or elements is not limited to only those listed but may optionally include other steps or elements not listed or inherent to such process, method, article, or article.

Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.

The application discloses a wireless sensor network authentication protocol method based on a physical unclonable function, which can ensure the safe access of a user to a sensor by using the physical unclonable function on a smart card of the user and a remote sensor, and prevents desynchronization attack by using an improved dynamic updating technology. The following will describe in detail.

Example 1

Referring to fig. 1, fig. 1 is a flow chart of a wireless sensor network authentication protocol method based on a physical unclonable function according to an embodiment of the present application. The method described in fig. 1 may be applied to a corresponding wireless sensor network, which is not limited by the embodiment of the present application. As shown in fig. 1, the wireless sensor network authentication protocol method based on the physical unclonable function may include the following operations:

101. a network initialization step comprising:

gateway device GW selects a large prime number p and generates elliptic curve E/F _p One based on E/F _p The generator of the addition group G is P; wherein E/F _p To define a finite field F of order p _p An elliptic curve E on the upper part;

gateway device GW selects a private key X _g A one-way hash function H (), a biological information processing function H (), and secret storage { X ] _g Publication { E/F }, publication _p ，G，P，h()，H()}；

102. A sensor registration step comprising:

gateway device GW is for each sensor S _j Selecting identification SIDs _j Calculating a communication key K _j ＝h(SID _j ||X _GW ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein X is _GW The method is characterized in that the method is a password key of gateway equipment GW, and I is bit connection operation;

gateway device GW transmits { SID over a secure channel to sensor _j ，K _j ，C _j }, wherein C _j Is challenge information;

sensor S _j Calculating R _j ＝PUF _j (C _j ) And send { SID to gateway device GW _j ，R _j -wherein the PUF _j () A physical unclonable function in the sensor;

gateway device GW handles { SID _j ，C _j ，R _j Saving into a database;

specifically, the physical unclonable function PUF adopted by the application is a pseudo-random function which is realized by using a physical structure and is used for extracting the difference of the internal physical characteristics of the chip. It accepts the Challenge (C1) and outputs a unique and unpredictable Response (R1), a process which can be described as r1=puf (C1). Meanwhile, due to manufacturing differences, the response R1 generated by different chips for the same challenge C1 is not the same. The PUF has the advantages of defending physical cloning, being applicable to equipment with limited resources, reducing the expenditure of operation, communication and storage and improving the overall security of the system.

Details of step 102 may be seen in fig. 2, among others.

103. A user registration step comprising:

user U _i Inputting identity ID _i Password PW _i And biometric information BIO _i Selecting a random number r _i And t E [2 ] ⁴ ,2 ⁸ ]Calculating PID _i ＝h(ID _i ||H(BIO _i )||r _i )，f _i ＝h(h(PW _i ||r _i ||H(BIO _i ) Mod t) and sends { ID over a secure channel to the gateway device GW _i ,PID _i -a }; wherein mod is the remainder operation;

gateway device GW computationSelect challenge C _i Handle { V _i ,C _i ,E _k (),D _k () Deposit into smart card and issue to user U _i ；

User U _i Calculation ofR _i ＝PUF _i (C _i ) And->Handle { A _i ,B _i ,f _i Store in smart card, delete V _i Then send { ID over secure channel to gateway device GW _i ，R _i -a }; wherein the PUF _i () For the physical unclonable function of the smart card, -, is given>Is an exclusive-or operation;

gateway device GW handles { ID } _i ，C _i ，R _i Saving into a database;

details of step 103 may be seen in fig. 3, among others.

104. A user authentication step, comprising:

user U _i Inserting a smart card, entering an ID _i 、PW _i 、BIO _i Calculating R _i ＝PUF _i (C _i )， f _i ^* ＝h(h(PW _i ||r _i ^* ||H(BIO _i ) Mod t), and determine equation f _i ^* ＝f _i Whether or not to establish; if not, the smart card terminates the session, otherwise the smart card generates two random numbers r _i ^new And e _i And selecting the identification SID of a sensor to be accessed _j Calculating PID _i ^new ＝h(ID _i ||H(BIO _i )||r _i ^new ),/>

User U _i Selecting a random number a _i And a timestamp T ₁ Calculate m ₂ ＝a _i P, and m ₅ ＝h(ID _i ||PID _i ||PID _i ^new ||m ₂ ||SID _j ||R _i ||T ₁ ) Message { m } ₁ ,m ₂ ,m ₃ ,m ₄ ,m ₅ ,PID _i ,T ₁ -sending to gateway device GW;

gateway device GW first checks T ₁ If T is ₁ Invalidating and terminating the session; calculation of According to ID _i Finding R from a database _i And calculate m ₅ '＝h(ID _i ^* ||PID _i ||PID _i ^new ||m ₂ ||SID _j ^* ||R _i ||T ₁ ) Then determine equation m ₅ '＝m ₅ Whether or not to establish; if not, the session is terminated, otherwise the gateway device GW is based on SID _j Finding C from a database _j And R is _j Calculate K _j ＝h(SID _j ^* ||X _GWN ),e _k ＝h(SID _j ^* ||K _j ),/>m ₇ ＝h(K _j ||PID _i ^new ||SID _j ^* ||m ₂ ||R _j ||T ₂ ) Finally to the sensor S _j Send message { m ₂ ,m ₆ ,m ₇ ,T ₂ }；

Sensor S _j First check T ₂ If T is ₂ Invalidating and terminating the session; calculate e _k '＝h(SID _j ||K _j ) Then use e _k ' perform decryptionGet e _i ,C _j ，PID _i ^new Calculating R _j '＝PUF _j (C _j )，m ₇ '＝h(K _j ||PID _i ^new ||SID _j ^* ||m ₂ ||R _j '||T ₂ ) And determine equation m ₇ '＝m ₇ Whether or not to establish; if not, the session is terminated, otherwise the sensor S _j Selecting a random number b _j Calculate m ₈ ＝b _j P，SK _S-U ＝h(b _j m ₂ ||PID _i ^new ||SID _j ||e _i )，m ₉ ＝h(SK _S-U ||PID _i ^new ||SID _j ||m ₈ ||T ₃ ),m ₁₀ ＝h(K _j ||PID _i ^new ||m ₈ ||R _j '||T ₃ ) Finally, a message { m } is sent to the gateway device GW ₈ ,m ₉ ,m ₁₀ ,T ₃ }；

Gateway device GW first checks T ₃ If T is ₃ Invalidating and terminating the session; calculating m ₁₀ '＝h(K _j ||PID _i ^new ||m ₈ ||R _j '||T ₃ ) And judge m ₁₀ '＝m ₁₀ Whether or not to establish; if not, the session is terminated, otherwise the gateway device GW calculates m ₁₂ ＝h(PID _i ^new ||e _i ||m ₈ ||R _i '||T ₄ ) To user U _i Send message { m ₈ ,m ₉ ,m ₁₁ ,T ₃ ,T ₄ }；

User U _i Check T ₄ If T is ₄ Invalidating and terminating the session; calculating m ₁₁ '＝h(PID _i ^new ||e _i ||m ₈ ||R _i ||T ₄ ) And determine equation m ₁₁ '＝m ₁₁ Whether or not to establish; if not, the session is terminated, otherwise, the user U _i Calculation of SK _U-S ＝h(a _i m ₈ ||PID _i ^new ||SID _j ||e _i ) And m ₉ '＝h(SK _U-S ||PID _i ^new ||SID _j ||m ₈ ||T ₃ ) Then determine equation m ₉ '＝m ₉ Whether or not to establish; if not, user U _i Terminating the session, otherwise accepting SK _U-S As a sensor S _j Is a session key of (a); smart card computation f _i ^new ＝h(h(PW _i ||r _i ^new ||H(BIO _i ))mod t)， And using (A) _i ^new ,B _i ^new ,f _i ^new ,PID _i ^new ) Instead of (A) on the card _i ,B _i ,f _i ,PID _i ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein E is _k () And D _k () Respectively symmetric encryption algorithm and decryption algorithm using key k, T _i For time stamp, i=1, 2, ….

Details of step 104 may be seen in fig. 4, among others.

Therefore, the method described by the embodiment of the application can ensure the safe access of the user to the sensor by using the physical unclonable function on the smart card of the user and the remote sensor, and prevents desynchronization attack by using an improved dynamic updating technology, and in addition, a plurality of uncorrelated parameters are adopted to generate a session key, so that the method has higher safety and efficiency.

As an alternative embodiment, the method further comprises:

105. a password updating step, comprising:

user U _i Inserting a smart card, entering an ID _i 、PW _i And BIO _i Calculating R _i ＝PUF _i (C _i )， f _i *＝h(h(PW _i ||r _i *||H(BIO _i ) Mod t), and checking equation f _i *＝f _i If yes, terminating the session, otherwise, continuing to execute the next step;

user U _i Inputting new password PW _i ^new Calculating f _i ^new ＝h(h(PW _i ^new ||r _i *||H(BIO _i ))mod t), Finally use (A) _i ^new ,B _i ^new ,f _i ^new ) Instead of (A) on a smart card _i ,B _i ,f _i )。

A schematic diagram of the password updating step in step 105 described above may refer to fig. 5.

It can be seen that the key negotiation method provided by the embodiment of the present application has at least the following advantages:

the application solves the problem that the existing wireless sensor authentication protocol method cannot prevent the sensor and the user's smart card from launching physical cloning attack after being acquired by an attacker by applying a physical unclonable function.

The application processes the pseudo identity in the wireless sensor authentication protocol by using the improved dynamic updating technology, so that the pseudo identity of the user is not the same as the previous pseudo identity in each login process of the user, even if the authentication information is intercepted by an attacker, the user can still normally log in the gateway node next time, and the defect that the prior art aims to realize the anonymity of the user but cannot resist the synchronization attack is overcome.

According to the method, the session key negotiated by the user and the sensor relates to a plurality of parameters, which is different from the mode that only one parameter is provided by each of the two parties to generate the session key in the prior art, and the plurality of parameters can not cause an attacker to calculate the session key due to leakage of one of the parameters, so that the defect that the prior art cannot resist temporary information leakage attacks is overcome.

When the user sends a login message to the gateway, the user conceals the identifier of the sensor to be accessed through the secret information commonly owned by the user and the gateway, which is different from the common method for transmitting the identifier of the sensor in the clear, and solves various potential safety hazards caused by the fact that the anonymity of the sensor cannot be realized in the prior art.

More specific analysis is as follows:

the application applies PUF technology on the smart card and remote sensor of the user, and the authentication efficiency is improved because the challenge information and response information of the smart card and remote sensor and the high efficiency of PUF hardware operation are preserved in advance on the gateway. In addition, on one hand, due to the uncopyability of the PUF technology and the uniqueness of the challenge information and the response information, an attacker cannot forge the challenge information and the corresponding response information, and on the other hand, the challenge information and the response information in the authentication message are transmitted in a plaintext mode but are transmitted in an encryption mode, so that the attacker cannot know the challenge information and the response information, and the authentication security is greatly improved.

The method and the system protect the pseudo identity of the user by applying the improved dynamic updating technology, which is different from the dynamic updating technology used by the common method, the gateway end and the wireless sensor end in the method can identify the updated pseudo identity of the user without saving, and the user end replaces the original pseudo identity with the new pseudo identity after successful authentication, so that the pseudo identity is changed once when the user logs in to access the sensor once. Even if an attacker intercepts or eavesdrops the information in the authentication process, the next normal login of the user is not affected, and the attacker cannot identify the true identity of the user, so that the user cannot be tracked, and the method can resist the desynchronization attack which cannot be defended by the common method, and achieves true anonymity.

The session key generated by the user and the sensor in the method is SK _S-U ＝h(b _j m ₂ ||PID _i ^new ||SID _j ||e _i )＝h(a _i m ₈ ||PID _i ^new ||SID _j ||e _i ) Relates to b _j 、m ₂ 、PID _i ^new 、SID _j 、e _i Five parameters in total, wherein m ₂ ＝a _i P and m ₈ ＝b _j P are provided by the user and the sensor, respectively. Due to elliptic curve discrete logarithm problems and computational CDH problems, an attacker cannot eavesdrop m ₂ And m ₈ Is decomposed into a _i And b _j . In addition, PID _i ^new 、SID _j 、e _i One of the three is leaked without causing leakage of the other two parameters. Further, if a _i And b _j Is compromised, although an attacker can calculate b _j m ₂ Or a _i m ₈ But due to unaware of PID _i ^new 、SID _j 、e _i The session key can not be calculated, so the multi-parameter technology adopted by the application can well defend temporary information leakage attacks.

When a user logs in a gateway in the method of the application, the sensor identification SID is obtained _j By passing through In such a way that an attacker cannot track the communication session of a particular sensor from the common channel, or determine its importance according to how frequently the sensor is accessed, while the gateway can pass through secret informationThe sensor to be accessed by the user is identified, so that the anonymity of the sensor neglected by the common technology is realized, the related potential safety hazards are avoided, and the overall safety of the system is improved.

Example two

The embodiment of the application discloses a wireless sensor network, as shown in fig. 6, which comprises user equipment, a smart card, gateway equipment and a plurality of wireless sensors, wherein the user equipment, the smart card, the gateway equipment and the wireless sensors are used for executing part or all of the steps in the wireless sensor network authentication protocol method based on a physical unclonable function disclosed in the embodiment of the application.

The apparatus embodiments described above are merely illustrative, wherein the modules illustrated as separate components may or may not be physically separate, and the components shown as modules may or may not be physical, i.e., may be located in one place, or may be distributed over a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present application without undue burden.

From the above detailed description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course by means of hardware. Based on such understanding, the foregoing technical solutions may be embodied essentially or in part in the form of a software product that may be stored in a computer-readable storage medium including Read-Only Memory (ROM), random-access Memory (Random Access Memory, RAM), programmable Read-Only Memory (Programmable Read-Only Memory, PROM), erasable programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM), one-time programmable Read-Only Memory (OTPROM), electrically erasable programmable Read-Only Memory (EEPROM), compact disc Read-Only Memory (Compact Disc Read-Only Memory, CD-ROM) or other optical disc Memory, magnetic disc Memory, tape Memory, or any other medium that can be used for computer-readable carrying or storing data.

Finally, it should be noted that: the embodiment of the application discloses a wireless sensor network authentication protocol method based on a physical unclonable function, which is disclosed by the embodiment of the application only as a preferred embodiment of the application, and is only used for illustrating the technical scheme of the application, but not limiting the technical scheme; although the application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art will understand that; the technical scheme recorded in the various embodiments can be modified or part of technical features in the technical scheme can be replaced equivalently; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.

Claims (2)

1. A wireless sensor network authentication protocol method based on a physical unclonable function, the method comprising:

a network initialization step comprising:

gateway device GW selects a large prime number p and generates elliptic curve E/F _p One based on E/F _p The generator of the addition group G is P; wherein E/F _p To define a finite field F of order p _p An elliptic curve E on the upper part;

gateway device GW selects a private key X _g A one-way hash function H (), a biological information processing function H (), and secret storage { X ] _g Publication { E/F }, publication _p ，G，P，h()，H()}；

A sensor registration step comprising:

gateway device GW is for each sensor S _j Selecting identification SIDs _j Calculating a communication key K _j ＝h(SID _j ||X _GW ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein X is _GW The method is characterized in that the method is a password key of gateway equipment GW, and I is bit connection operation;

gateway device GW transmits { SID over a secure channel to sensor _j ，K _j ，C _j }, wherein C _j Is challenge information;

sensor S _j Calculating R _j ＝PUF _j (C _j ) And send { SID to gateway device GW _j ，R _j -wherein the PUF _j () A physical unclonable function in the sensor;

gateway device GW handles { SID _j ，C _j ，R _j Saving into a database;

a user registration step comprising:

user U _i Inputting identity ID _i Password PW _i And biometric information BIO _i Selecting a random number r _i And t E [2 ] ⁴ ,2 ⁸ ]Calculating PID _i ＝h(ID _i ||H(BIO _i )||r _i )，f _i ＝h(h(PW _i ||r _i ||H(BIO _i ) Mod t) and sends { ID over a secure channel to the gateway device GW _i ,PID _i -a }; wherein mod is the remainder operation;

gateway device GW computationSelect challenge C _i Handle { V _i ,C _i ,E _k (),D _k () Deposit into smart card and issue to user U _i ；

User U _i Calculation ofR _i ＝PUF _i (C _i ) And->Handle { A _i ,B _i ,f _i Store in smart card, delete V _i Then send { ID over secure channel to gateway device GW _i ，R _i -a }; wherein the PUF _i () For the physical unclonable function of the smart card, -, is given>Is an exclusive-or operation;

gateway device GW handles { ID } _i ，C _i ，R _i Saving into a database;

a user authentication step, comprising:

user U _i Inserting a smart card, entering an ID _i 、PW _i 、BIO _i Calculating R _i ＝PUF _i (C _i )，r _i ^* ＝h(ID _i ||H(BIO _i )||R _i ||PW _i )⊕B _i ，f _i ^* ＝h(h(PW _i ||r _i ^* ||H(BIO _i ) Mod t), and determine equation f _i ^* ＝f _i Whether or not to establish; if not, the smart card terminates the session, otherwise the smart card generates two random numbers r _i ^new And e _i And selecting the identification SID of a sensor to be accessed _j Calculating PID _i ^new ＝h(ID _i ||H(BIO _i )||r _i ^new ),

User U _i Selecting a random number a _i And a timestamp T ₁ Calculate m ₂ ＝a _i P, and m ₅ ＝h(ID _i ||PID _i ||PID _i ^new ||m ₂ ||SID _j ||R _i ||T ₁ ) Message { m } ₁ ,m ₂ ,m ₃ ,m ₄ ,m ₅ ,PID _i ,T ₁ -sending to gateway device GW;

gateway device GW first checks T ₁ If T is ₁ Invalidating and terminating the session; calculation of According to ID _i Finding R from a database _i And calculate m ₅ '＝h(ID _i ^* ||PID _i ||PID _i ^new ||m ₂ ||SID _j ^* ||R _i ||T ₁ ) Then determine equation m ₅ '＝m ₅ Whether or not to establish; if not, the session is terminated, otherwise the gateway device GW is based on SID _j Finding C from a database _j And R is _j Calculate K _j ＝h(SID _j ^* ||X _GWN ),e _k ＝h(SID _j ^* ||K _j ),/>m ₇ ＝h(K _j ||PID _i ^new ||SID _j ^* ||m ₂ ||R _j ||T ₂ ) Finally to the sensor S _j Send message { m ₂ ,m ₆ ,m ₇ ,T ₂ }；

Sensor S _j First check T ₂ If T is ₂ Invalidating and terminating the session; calculate e _k '＝h(SID _j ||K _j ) Then use e _k ' perform decryptionGet e _i ,C _j ，PID _i ^new Calculating R _j '＝PUF _j (C _j )，m ₇ '＝h(K _j ||PID _i ^new ||SID _j ^* ||m ₂ ||R _j '||T ₂ ) And determine equation m ₇ '＝m ₇ Whether or not to establish; if not, the session is terminated, otherwise the sensor S _j Selecting a random number b _j Calculate m ₈ ＝b _j P，SK _S-U ＝h(b _j m ₂ ||PID _i ^new ||SID _j ||e _i )，m ₉ ＝h(SK _S-U ||PID _i ^new ||SID _j ||m ₈ ||T ₃ ),m ₁₀ ＝h(K _j ||PID _i ^new ||m ₈ ||R _j '||T ₃ ) Finally, a message { m } is sent to the gateway device GW ₈ ,m ₉ ,m ₁₀ ,T ₃ }；

Gateway device GW first checks T ₃ If T is ₃ Invalidating and terminating the session; calculating m ₁₀ '＝h(K _j ||PID _i ^new ||m ₈ ||R _j '||T ₃ ) And judge m ₁₀ '＝m ₁₀ Whether or not to establish; if not, the session is terminated, otherwise the gateway device GW calculates m ₁₂ ＝h(PID _i ^new ||e _i ||m ₈ ||R _i '||T ₄ ) To user U _i Send message { m ₈ ,m ₉ ,m ₁₁ ,T ₃ ,T ₄ }；

User U _i Check T ₄ If T is ₄ Invalidating and terminating the session; calculating m ₁₁ '＝h(PID _i ^new ||e _i ||m ₈ ||R _i ||T ₄ ) And determine equation m ₁₁ '＝m ₁₁ Whether or not to establish; if not, the session is terminated, otherwise, the user U _i Calculation of SK _U-S ＝h(a _i m ₈ ||PID _i ^new ||SID _j ||e _i ) And m ₉ '＝h(SK _U-S ||PID _i ^new ||SID _j ||m ₈ ||T ₃ ) Then determine equation m ₉ '＝m ₉ Whether or not to establish; if not, user U _i Terminating the session, otherwise accepting SK _U-S As a sensor S _j Is a session key of (a); smart card computation f _i ^new ＝h(h(PW _i ||r _i ^new ||H(BIO _i ))mod t)， And using (A) _i ^new ,B _i ^new ,f _i ^new ,PID _i ^new ) Instead of (A) on the card _i ,B _i ,f _i ,PID _i ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein E is _k () And D _k () Respectively symmetric encryption algorithm and decryption algorithm using key k, T _i For time stamp, i=1, 2, ….

2. The wireless sensor network authentication protocol method based on a physical unclonable function according to claim 1, wherein the method further comprises:

a password updating step, comprising:

user U _i Inserting a smart card, entering an ID _i 、PW _i And BIO _i Calculating R _i ＝PUF _i (C _i )， f _i *＝h(h(PW _i ||r _i *||H(BIO _i ) Mod t), and checking equation f _i *＝f _i If yes, terminating the session, otherwise, continuing to execute the next step;

user U _i Inputting new password PW _i ^new Calculating f _i ^new ＝h(h(PW _i ^new ||r _i *||H(BIO _i ))mod t), Finally use (A) _i ^new ,B _i ^new ,f _i ^new ) Instead of (A) on a smart card _i ,B _i ,f _i )。