CN116980191A - Bidirectional lightweight authentication method and system for Internet of things equipment - Google Patents

Bidirectional lightweight authentication method and system for Internet of things equipment Download PDF

Info

Publication number
CN116980191A
CN116980191A CN202310896241.8A CN202310896241A CN116980191A CN 116980191 A CN116980191 A CN 116980191A CN 202310896241 A CN202310896241 A CN 202310896241A CN 116980191 A CN116980191 A CN 116980191A
Authority
CN
China
Prior art keywords
server
response
parameters
parameter
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310896241.8A
Other languages
Chinese (zh)
Inventor
曹元�
董为民
刘皖熠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hohai University HHU
Original Assignee
Hohai University HHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hohai University HHU filed Critical Hohai University HHU
Priority to CN202310896241.8A priority Critical patent/CN116980191A/en
Publication of CN116980191A publication Critical patent/CN116980191A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3278Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a bidirectional lightweight authentication method and a bidirectional lightweight authentication system for Internet of things equipment, wherein the bidirectional lightweight authentication method comprises the following steps: incentive C sent to server a And stimulus C sent to the device b Is an encrypted response M of (2) b For proving the encrypted content, generated by TRNG of the OTP usage apparatus and TRNG of the server, respectively. Since OTP has perfect confidentiality, encryption is probabilistic rather than deterministic. Even if an attacker can obtain C by eavesdropping or by impersonating a server or device issuing an authentication request a 、M a 、N d1 And N d2 The attacker cannot know the usage of N d1 And N d2 Which OTP key in between to obtain the encrypted M a It is not known which kth response bit is, and confidentiality is strong. The invention only adopts exclusive OR, negation and simpler circuit operation, which are all low-power consumption operation, soFor the whole design, the system is a lightweight identity authentication system which is never used at present.

Description

Bidirectional lightweight authentication method and system for Internet of things equipment
Technical Field
The invention belongs to the technical field of lightweight authentication, and particularly relates to a bidirectional lightweight authentication method and system for Internet of things equipment.
Background
The research of the safety problem of the Internet of things has extremely important significance, and the main aim is to keep the privacy and confidentiality of the Internet of things and ensure the safety of users, infrastructure, data and equipment of the Internet of things.
Authentication is the most popular security technology at present, and the research on encryption technology focuses on lightweight and low-cost encryption for low-power consumption and limited equipment, but the current lightweight encryption technology has high cracking rate and is not secure enough.
Disclosure of Invention
The invention aims to: the invention aims to overcome the defects of the prior art, provides a bidirectional lightweight authentication method for Internet of things equipment, solves the technical problems in the background art, and also provides a bidirectional lightweight authentication system for the Internet of things equipment.
The technical scheme is as follows: the invention provides a bidirectional lightweight authentication method for Internet of things equipment, which comprises the following steps:
registration:
s1, a server generates a unique random serial number and stores the unique random serial number into a device as the id of the device;
s2, setting the mode of the equipment as a physical unclonable function mode, randomly generating a random number by a server, applying the random number to excitation input of the equipment, generating internal excitation parameters and binary vector masks, storing the internal excitation parameters and response parameters measured by the internal excitation parameters in a database of the current equipment under the preset condition, and cycling the steps until excitation responses meeting the set maximum response value are all registered in the database of the server, and finishing registration;
and (3) identity verification stage:
s3, the device adopts a hardware random number generator to generate two different random numbers, and sends the id of the device and the generated random numbers to a server, if the id of the device cannot be found in a server database, the session is terminated;
otherwise, the server randomly selects two incentives, retrieves corresponding response parameters from the database according to the incentives, encrypts the response parameters to obtain encrypted parameters, and sends the encrypted parameters to the device;
s4, the device regenerates response parameters for one stimulus through a physical unclonable function, judges according to the value of the response parameters and the recovered response parameter values, if the Hamming distance between the response parameters and the recovered response parameter values is larger than a set threshold, the session is terminated, and otherwise, the server passes the authentication.
Further, the method comprises the steps of:
the step S2 specifically comprises the following steps:
s21, arbitrarily selecting a plurality of k values by a server, wherein the k values are used for positioning the kth bit;
s22, the server randomly generates an n-bit random number C ij And applies it to the excitation input of the device; s23 device generates m internal excitation parameters through hardware random number generator<C ij >Generating m-bit response parameter R through physical unclonable function ij A mask; response parameter R ij Is located in the binary vector mask (R ij ) Marked with 1; wherein j is the number of generated responses, the initial value is 1, k is 0, m-1];
S23 if binary vector mask (R ij ) Is equal to 0, and the binary vector mask (R ij ) The Hamming distance between the zero vector and the random number C is smaller than the threshold value tau ij And its measured response parameter R ij Will be stored in the database DBi of device i;
s24 loop iterating steps S22-S23 until the maximum value j of the number j of responses that can be generated is met max The excitation responses of (a) are all registered in the database DBi of the server.
Further, the method comprises the steps of:
the registration phase further comprises:
disabling the tri-state gate of the physically unclonable function, thereby disabling data readout, to prevent externally measurable responses when the device is deployed in the field;
the closed response port output buffer area can be re-started only after the equipment authentication is successful;
since the server has collected enough incentive responses from the device, the server can still recall the device to register additional incentive responses if needed.
Further, the method comprises the steps of:
the step S3 specifically comprises the following steps:
s31 the device generates two m-bit random numbers N through a hardware random number generator d1 And N d2 While ensuring that the k bits of the two random numbers generated by the device via the hardware random number generator are different,
s32, if the random numbers are the same, the kth bit is reversely given to another kth bit, and after the conditions of different random numbers are met, the id of the equipment and the generated two random numbers are sent to the server;
s33, if the device id can not be found in the server database, the session is terminated, otherwise, the server will send the id i Random selection of C in database DBi of =id a And C b Two excitations;
s34 to C a Generation by means of a hardware random number generator<C a >Then go through pair<C a >Retrieving response parameters R in DBi a
S35 server generates two m-bit random numbers N through hardware random number generator s1 And N s2 The kth bit of the two random numbers is different;
s36 if response parameter R a 0, then the random number N received from the device d1 R is used as a number for emphasis a Encryption as M a The method comprises the steps of carrying out a first treatment on the surface of the Otherwise the first set of parameters is selected,
using N d2 R is given as the number of emphasis used only once a Encryption as M a ,M a As a server directing device pair C a Secret proof of PUF response of (C) the server will C a 、C b 、N s1 、N s2 And M a To the device.
Further, the method comprises the steps of:
the step S4 specifically comprises the following steps:
s41 device pairs C through physical unclonable function a Regenerating response parametersIf->Is 0, then M will be received a And N d1 Exclusive or;
otherwise, M will be received a And N d2 Exclusive or to obtain recovered response parametersAnd will respond to the parameter +>Response parameter to recovery->Comparing;
s42 if the regenerated response parametersResponse parameter to recovery->FHD between them is greater than reliability threshold τ, session is terminated, otherwise the server is authenticated.
Further, the method comprises the steps of:
the authentication phase further comprises:
s43 after successful authentication of the server, the device will apply the incentive parameter C to its physical unclonable function b To generate response parameters
S44 if the response parametersK-th bit of (2) is 0, then->N to be served by s1 Encryption as M b Otherwise, to N s2 Encryption, device sends M to server b
S45 if the response parametersThe kth bit of (2) is 0 and the server will use N s1 Decryption M b The method comprises the steps of carrying out a first treatment on the surface of the Otherwise, if the response->The kth bit of (1) is 1, the server will use N s2 Decryption M b
S46 response parameters to be restoredResponse parameter retrieved from server database +.>Comparing; if it isAnd->The hamming distance value between exceeds the reliability threshold τ, the session is terminated, otherwise the server will confirm that the authentication of the device was successful and grant the requested service.
On the other hand, the invention also provides a bidirectional lightweight authentication system for the Internet of things equipment, which comprises:
registration:
the device ID generation module is used for generating a unique random serial number by adopting a server and storing the unique random serial number into a device as the ID of the device;
the registration module is used for setting the mode of the equipment as a physical unclonable function mode, the server randomly generates a random number, the random number is applied to the excitation input of the equipment, an internal excitation parameter and a binary vector mask are generated, under the condition that the internal excitation parameter and a response parameter measured by the internal excitation parameter accord with preset conditions, the internal excitation parameter and the response parameter measured by the internal excitation parameter are stored in a database of the current equipment, the steps are circulated until excitation responses meeting the set maximum response value are all registered in the database of the server, and the registration is completed;
and (3) identity verification stage:
an encryption module comprising: the device adopts a hardware random number generator to generate two different random numbers, and sends the id of the device and the generated random numbers to a server, if the id of the device cannot be found in a server database, the session is terminated;
otherwise, the server randomly selects two incentives, retrieves corresponding response parameters from the database according to the incentives, encrypts the response parameters to obtain encrypted parameters, and sends the encrypted parameters to the device;
the judging module comprises: the device regenerates response parameters for one of the stimuli through a physical unclonable function, judges according to the value of the response parameters and the recovered response parameter values, if the Hamming distance between the response parameters and the recovered response parameter values is larger than a set threshold, the session is terminated, and otherwise, the server passes the authentication.
Further, the registration module includes:
an excitation input unit comprising: the server randomly generates an n-bit random number C ij And applies it to the excitation input of the device;
a mask generation unit comprising: device generates m internal excitation parameters by hardware random number generator<C ij >Generating m-bit response parameter R through physical unclonable function ij A mask; response parameter R ij Is located in the binary vector mask (R ij ) Marked with 1; wherein j is the number of generated responses, the initial value is 1, k is 0, m-1];
A comparison unit comprising: if binary vector mask (R) ij ) Is the first of (2)k response bits are equal to 0, and the binary vector mask (R ij ) The Hamming distance between the zero vector and the random number C is smaller than the threshold value tau ij And its measured response parameter R ij Will be stored in the database DBi of device i;
an iteration unit comprising: loop iteration mask generating unit and comparing unit until maximum value j of response number j which can be generated is satisfied max The excitation responses of (a) are all registered in the database DBi of the server.
Further, the encryption module specifically includes:
a random number generation unit comprising: the device generates two m-bit random numbers N through a hardware random number generator d1 And N d2 While ensuring that the k bits of the two random numbers generated by the device via the hardware random number generator are different,
if the random numbers are the same, the kth bit is reversely given to other kth bits, and after the conditions of different random numbers are met, the id of the equipment and the generated two random numbers are sent to the server;
a search unit for terminating the session if the device id is not found in the server database, otherwise, the server will send the device id to the server i Random selection of C in database DBi of =id a And C b Two excitations;
a response parameter generation unit comprising: for C a Generation by means of a hardware random number generator<C a >Then go through pair<C a >Retrieving response parameters R in DBi a
A random number generation unit comprising: the server generates two m-bit random numbers N through a hardware random number generator s1 And N s2 The kth bit of the two random numbers is different;
an encryption unit comprising: if response parameter R a 0, then the random number N received from the device d1 R is used as a number for emphasis a Encryption as M a The method comprises the steps of carrying out a first treatment on the surface of the Otherwise the first set of parameters is selected,
using N d2 R is given as the number of emphasis used only once a Encryption isM a ,M a As a server directing device pair C a Secret proof of PUF response of (C) the server will C a 、C b 、N s1 、N s2 And M a To the device.
Further, the judging module specifically includes:
device pair C through physical unclonable function a Regenerating response parametersIf->Is 0, then M will be received a And N d1 Exclusive or;
otherwise, M will be received a And N d2 Exclusive or to obtain recovered response parametersAnd will respond to the parameter +>Response parameter to recovery->Comparing;
if the response parameters are regeneratedResponse parameter to recovery->FHD between them is greater than reliability threshold τ, session is terminated, otherwise the server is authenticated.
The beneficial effects are that: incentive C sent to server a And stimulus C sent to the device b Is an encrypted response M of (2) b For proving the encrypted content, generated by TRNG of the OTP usage apparatus and TRNG of the server, respectively. From the following componentsWith perfect confidentiality at OTP, the encryption is probabilistic rather than deterministic. Even if an attacker can obtain C by eavesdropping or by impersonating a server or device issuing an authentication request a 、M a 、N d1 And N d2 The attacker cannot know the usage of N d1 And N d2 Which OTP key in between to obtain the encrypted M a It is even less known which kth response bit is.
Given an encrypted response M a Due to N d1 Different from the k-th bit of Nd2, and the probability of both is 0 or 1, thus no matter R a How the kth bit of (b) is, ciphertext M a The k-th bit of (c) may be 0 or 1 as well. An attacker will not be able to distinguish between decryption by looking at the kth bit of Ra1 or Ra2Or-> Which of them is the actual R a . Thus the likelihood of cracking by an adversary is 0, furthermore R a =r1 and R a The probability of =r2 is 0.5, which results in a strict compression of less than 50% for a successful hacking by an attacker.
The same applies to the case of a given C b ,M b ,N s1 And N s2 The probability of Rb is correctly obtained. If an attacker trains his/her model using crp obtained from eavesdropping or query data, the training data set will contain 50% false crp and the prediction accuracy after training will not be significantly higher than 50%. Thus, the proposed mutual authentication protocol of the TRNG-PUF unified design can prove to be secure against ML attacks. Each session OTP key N for encryption server and device responses d1 、N d2 、N s1 And N s2 The freshness of (c) can also prevent replay and MITM attacks.
In addition, the invention only adopts exclusive OR, negation and simpler circuit operation, which are all low-power consumption operation, so that the invention is a lightweight identity authentication system which is never existed at present for the whole design.
Drawings
FIG. 1 is a pseudo code flow diagram of a registration phase according to an embodiment of the present invention;
figure 2 is a pseudo-code flow chart of an authentication phase according to an embodiment of the present invention.
Detailed Description
The invention is further described below with reference to the drawings and the detailed description.
TRNG (True Random Number Generator) a hardware random number generator, a device that generates random numbers from physical processes other than computer programs; the primary application is encryption technology for generating random encryption keys for securely transmitting data.
The PUF (Physical Unclonable Function) physically unclonable function uses an inherent physical construct to uniquely identify it, and inputting any stimulus outputs a unique and unpredictable response; the hardware function realization circuit which depends on chip characteristics has uniqueness and randomness, and realizes the function of the unique correspondence of the excitation signal and the response signal by extracting the technological parameter deviation which is necessarily introduced in the chip manufacturing process.
The invention adopts TRNG and PUF to realize a bidirectional authentication lightweight identity authentication protocol which can be completed by using a simple circuit and has low power consumption and machine learning resistance, and can be applied to lightweight low power consumption equipment such as NFC, RFID and the like.
The invention provides a bidirectional lightweight authentication method for Internet of things equipment, which comprises the following steps:
registration:
s1, a server generates a unique random serial number and stores the unique random serial number into a device as the id of the device;
s2, setting the mode of the equipment as a physical unclonable function mode, randomly generating a random number by the server, applying the random number to the excitation input of the equipment, generating an internal excitation parameter and a binary vector mask, storing the internal excitation parameter and a response parameter measured by the internal excitation parameter in a database of the current equipment under the preset condition, and cycling the steps until excitation response meeting the set maximum response value is all registered in the database of the server, thereby completing registration.
In particular, the enrolment of the PUF is performed in a secure environment in which a sufficient number of reliable crps in the PUF are physically measured under normal operation and stored in a database of trusted servers.
As shown in fig. 1, the server generates a unique random serial number id i This serial number is stored into device i as the id of its device. The server may store the generated unique random serial number in any device, but only one device, the relationship being one-to-one in a relative sense.
The device is set in PUF mode, some k values (for locating the kth bit) are arbitrarily chosen by the server; during the authentication phase this part of the response will act as a selector between two random numbers.
Subsequently, the server randomly generates an n-bit random number C i j And applies it to the excitation input of the device, similar to the excitation given to the device, for starting or other starting items of some function.
Device generates m internal stimuli through PRNG<C ij >Generating m-bit response R through PUF circuit ij A mask. R is R ij Is located in the binary vector mask (R ij ) Marked with '1'. If mask (R) ij ) And mask (R) ij ) And the Hamming distance (FHD) between the zero vector is less than the threshold τ, then excitation C ij And its measured response R ij Will be stored in the database DBi of device i. PUF pattern and PUF circuit are meant to represent physically unclonable technologies, where there is one PUF pattern, because the protocol is based on a module integrating PUF and TRNG at the same time.
This process is repeated until j is satisfied max Is all registered in the DBi of the server. j (j) max Depending on the application, the determined circuit will determine the maximum, maximum crp space, which represents the number of stimuli and the number of responses that can be generated.
The three-state buffer of the PUF is then disabled, the tri-state gates in the circuit, which mainly inhibit PUF data readout, to prevent externally measurable responses when the device is deployed in the field. The closed response port output buffer can only be re-enabled after the device authentication is successful. Since the server has collected a sufficiently good crp from the device, i.e.: a sufficient number of reliable stimulus pairs in the PUF. The server may still recall the device to register additional crps if needed.
And (3) identity verification stage:
s3, the device adopts a hardware random number generator to generate two different random numbers, and sends the id of the device and the generated random numbers to a server, if the id of the device cannot be found in a server database, the session is terminated;
otherwise, the server randomly selects two incentives, retrieves corresponding response parameters from the database according to the incentives, encrypts the response parameters to obtain encrypted parameters, and sends the encrypted parameters to the device;
s4, the device regenerates response parameters for one stimulus through a physical unclonable function, judges according to the value of the response parameters and the recovered response parameter values, if the Hamming distance between the response parameters and the recovered response parameter values is larger than a set threshold, the session is terminated, and otherwise, the server passes the authentication.
Specifically, a mutual authentication protocol proposed between the deployed device and the server is shown in (b). Either the server or the device may initiate authentication. In fig. 2, the device generates two m-bit random numbers N by TRNG d1 And N d2 While ensuring that the k bits of the two random numbers generated by the device through TRNG are different, if the two random numbers are the same, the k bits are inversely assigned to the other k bits, and after the conditions are met, the id of the device and the two generated random numbers are determinedThe number of machines is sent to the server. If the device id is not found in the server database, the session is terminated.
Otherwise, the server will go from id i Random selection of C in database DBi of =id a And C b Two excitations. For C a Generation with PRNG<C a >Then go through pair<C a >Retrieving the response R in DBi a Two m-bit random numbers N s1 And N s2 Are generated by the server through TRNG. The kth bit of the two servers is different. If R is a K-th bit of 0, then N received from the device d1 R is taken as OTP a Encryption as M a . Otherwise, use N d2 R is taken as OTP a Encryption as M a 。M a As a server directing device pair C a Secret proof of PUF response of (c). The server will C a 、C b 、N s1 、N s2 And M a To the device. Device passes through PUF circuit pair C a To regenerate a responseIf->Then M will be received a And N d1 Exclusive OR, otherwise, with N d2 Exclusive OR, the response is exclusive-ored with the recovered response>A comparison is made.
If regeneratedAnd restore->FHD between is greater than reliability threshold τ and the session is terminated. Otherwise, the server passes the authentication.
After successful authentication of the server, the device will apply a challenge to its PUFExcitation C b To generate a responseIf it isK-th bit of (2) is 0, then->Encrypting the OTP Ns1 of the server to M b . Otherwise, it will be emphasized by OTP (one time pad: number used only once, similar to nonce) for N s2 Encryption. The device sends M to the server b . If respond->The kth bit of (2) is 0 and the server will use N s1 Decryption M b The method comprises the steps of carrying out a first treatment on the surface of the If respond->The kth bit of (1) is 1, the server will use N s2 Decryption M b . Response parameters to be restoredResponse retrieved from the server database +.>A comparison is made. Namely: it is described as the result after the decryption operation;
if it isAnd->FHD value between exceeds reliability threshold τ, session termination. Otherwise, the server will confirm that the authentication of the device was successful and grant the requested service.
On the other hand, the invention also provides a bidirectional lightweight authentication system for the Internet of things equipment, which comprises:
registration:
the device ID generation module is used for generating a unique random serial number by adopting a server and storing the unique random serial number into a device as the ID of the device;
the registration module is used for setting the mode of the equipment as a physical unclonable function mode, the server randomly generates a random number, the random number is applied to the excitation input of the equipment, an internal excitation parameter and a binary vector mask are generated, under the condition that the internal excitation parameter and a response parameter measured by the internal excitation parameter accord with preset conditions, the internal excitation parameter and the response parameter measured by the internal excitation parameter are stored in a database of the current equipment, the steps are circulated until excitation responses meeting the set maximum response value are all registered in the database of the server, and the registration is completed;
and (3) identity verification stage:
an encryption module comprising: the device adopts a hardware random number generator to generate two different random numbers, and sends the id of the device and the generated random numbers to a server, if the id of the device cannot be found in a server database, the session is terminated;
otherwise, the server randomly selects two incentives, retrieves corresponding response parameters from the database according to the incentives, encrypts the response parameters to obtain encrypted parameters, and sends the encrypted parameters to the device;
the judging module comprises: the device regenerates response parameters for one of the stimuli through a physical unclonable function, judges according to the value of the response parameters and the recovered response parameter values, if the Hamming distance between the response parameters and the recovered response parameter values is larger than a set threshold, the session is terminated, and otherwise, the server passes the authentication.
Further, the registration module includes:
an excitation input unit comprising: the server randomly generates an n-bit random numberC ij And applies it to the excitation input of the device;
a mask generation unit comprising: device generates m internal excitation parameters by hardware random number generator<C ij >Generating m-bit response parameter R through physical unclonable function ij A mask; response parameter R ij Is located in the binary vector mask (R ij ) Marked with 1; wherein j is the number of generated responses, the initial value is 1, k is 0, m-1];
A comparison unit comprising: if binary vector mask (R) ij ) Is equal to 0, and the binary vector mask (R ij ) The Hamming distance between the zero vector and the random number C is smaller than the threshold value tau ij And its measured response parameter R ij Will be stored in the database DBi of device i;
an iteration unit comprising: loop iteration mask generating unit and comparing unit until maximum value j of response number j which can be generated is satisfied max The excitation responses of (a) are all registered in the database DBi of the server.
Further, the encryption module specifically includes:
a random number generation unit comprising: the device generates two m-bit random numbers N through a hardware random number generator d1 And N d2 While ensuring that the k bits of the two random numbers generated by the device via the hardware random number generator are different,
if the random numbers are the same, the kth bit is reversely given to other kth bits, and after the conditions of different random numbers are met, the id of the equipment and the generated two random numbers are sent to the server;
a search unit for terminating the session if the device id is not found in the server database, otherwise, the server will send the device id to the server i Random selection of C in database DBi of =id a And C b Two excitations;
a response parameter generation unit comprising: for C a Generation by means of a hardware random number generator<C a >Then go through pair<C a >Detection in DBiObtaining response parameter R a
A random number generation unit comprising: the server generates two m-bit random numbers N through a hardware random number generator s1 And N s2 The kth bit of the two random numbers is different;
an encryption unit comprising: if response parameter R a 0, then the random number N received from the device d1 R is used as a number for emphasis a Encryption as M a The method comprises the steps of carrying out a first treatment on the surface of the Otherwise the first set of parameters is selected,
using N d2 R is given as the number of emphasis used only once a Encryption as M a ,M a As a server directing device pair C a Secret proof of PUF response of (C) the server will C a 、C b 、N s1 、N s2 And M a To the device.
Further, the judging module specifically includes:
device pair C through physical unclonable function a Regenerating response parametersIf->Then M will be received a And N d1 Exclusive or;
otherwise, M will be received a And N d2 Exclusive or, the response is combined with the recovered response parametersComparing;
if the response parameters are regeneratedResponse parameter to recovery->FHD between them is greater than reliability threshold τ, session is terminated, otherwise the server passes throughAnd (5) authentication.
The foregoing is merely a preferred embodiment of the present invention, and it should be noted that modifications and variations could be made by those skilled in the art without departing from the technical principles of the present invention, and such modifications and variations should also be regarded as being within the scope of the invention.

Claims (10)

1. The bidirectional lightweight authentication method for the Internet of things equipment is characterized by comprising the following steps of:
registration:
s1, a server generates a unique random serial number and stores the unique random serial number into a device as the id of the device;
s2, setting the mode of the equipment as a physical unclonable function mode, randomly generating a random number by a server, applying the random number to excitation input of the equipment, generating internal excitation parameters and binary vector masks, storing the internal excitation parameters and response parameters measured by the internal excitation parameters in a database of the current equipment under the preset condition, and cycling the steps until excitation responses meeting the set maximum response value are all registered in the database of the server, and finishing registration;
and (3) identity verification stage:
s3, the device adopts a hardware random number generator to generate two different random numbers, and sends the id of the device and the generated random numbers to a server, if the id of the device cannot be found in a server database, the session is terminated;
otherwise, the server randomly selects two incentives, retrieves corresponding response parameters from the database according to the incentives, encrypts the response parameters to obtain encrypted parameters, and sends the encrypted parameters to the device;
s4, the device regenerates response parameters for one stimulus through a physical unclonable function, judges according to the value of the response parameters and the recovered response parameter values, if the Hamming distance between the response parameters and the recovered response parameter values is larger than a set threshold, the session is terminated, and otherwise, the server passes the authentication.
2. The authentication method according to claim 1, wherein step S2 specifically comprises the steps of:
s21, arbitrarily selecting a plurality of k values by a server, wherein the k values are used for positioning the kth bit;
s22, the server randomly generates an n-bit random number C ij And applies it to the excitation input of the device; s23 device generates m internal excitation parameters through hardware random number generator<C ij >Generating m-bit response parameter R through physical unclonable function ij A mask; response parameter R ij Is located in the binary vector mask (R ij ) Marked with 1; wherein j is the number of generated responses, the initial value is 1, k is 0, m-1];
S23 if binary vector mask (R ij ) Is equal to 0, and the binary vector mask (R ij ) The Hamming distance between the zero vector and the random number C is smaller than the threshold value tau ij And its measured response parameter R ij Will be stored in the database DBi of device i;
s24 loop iterating steps S22-S23 until the maximum value j of the number j of responses that can be generated is met max The excitation responses of (a) are all registered in the database DBi of the server.
3. The authentication method of claim 2, wherein the registration phase further comprises:
disabling the tri-state gate of the physically unclonable function, thereby disabling data readout, to prevent externally measurable responses when the device is deployed in the field;
the closed response port output buffer area can be re-started only after the equipment authentication is successful;
since the server has collected enough incentive responses from the device, the server can still recall the device to register additional incentive responses if needed.
4. The authentication method according to claim 3, wherein the step S3 specifically comprises the steps of:
s31 the device generates two m-bit random numbers N through a hardware random number generator d1 And N d2 While ensuring that the k bits of the two random numbers generated by the device via the hardware random number generator are different,
s32, if the random numbers are the same, the kth bit is reversely given to another kth bit, and after the conditions of different random numbers are met, the id of the equipment and the generated two random numbers are sent to the server;
s33, if the device id can not be found in the server database, the session is terminated, otherwise, the server will send the id i Random selection of C in database DBi of =id a And C b Two excitations;
s34 to C a Generation by means of a hardware random number generator<C a >Then go through pair<C a >Retrieving response parameters R in DBi a
S35 server generates two m-bit random numbers N through hardware random number generator s1 And N s2 The kth bit of the two random numbers is different;
s36 if response parameter R a 0, then the random number N received from the device d1 R is used as a number for emphasis a Encryption as M a The method comprises the steps of carrying out a first treatment on the surface of the Otherwise the first set of parameters is selected,
using N d2 R is given as the number of emphasis used only once a Encryption as M a ,M a As a server directing device pair C a Secret proof of PUF response of (C) the server will C a 、C b 、N s1 、N s2 And M a To the device.
5. The authentication method according to claim 4, wherein step S4 specifically comprises the steps of:
s41 device pairs C through physical unclonable function a Regenerating response parameter R a If R is a Is 0, then M will be received a And N d1 Exclusive OR;
Otherwise, M will be received a And N d2 Exclusive or, obtaining recovered response parameter R ^ a And will respond to parameter R a Response parameter R with recovery ^ a Comparing;
s42 if the regenerated response parameter R a Response parameter R with recovery ^ a FHD between them is greater than reliability threshold τ, session is terminated, otherwise the server is authenticated.
6. An authentication method according to claim 5, wherein the authentication phase further comprises:
s43 after successful authentication of the server, the device will apply the incentive parameter C to its physical unclonable function b To generate response parameter R b
S44 if response parameter R b And (k) is 0, R b N to be served by s1 Encryption as M b Otherwise, to N s2 Encryption, device sends M to server b
S45 response parameter R b The kth bit of (2) is 0 and the server will use N s1 Decryption M b The method comprises the steps of carrying out a first treatment on the surface of the Otherwise, if respond to R b The kth bit of (1) is 1, the server will use N s2 Decryption M b
S46 response parameter R to be restored ^ b With response parameters R retrieved from a server database b Comparing; if R is ^ b And R is b The hamming distance value between exceeds the reliability threshold τ, the session is terminated, otherwise the server will confirm that the authentication of the device was successful and grant the requested service.
7. The utility model provides a two-way lightweight authentication system towards thing networking device which characterized in that, this system includes:
registration:
the device ID generation module is used for generating a unique random serial number by adopting a server and storing the unique random serial number into a device as the ID of the device;
the registration module is used for setting the mode of the equipment as a physical unclonable function mode, the server randomly generates a random number, the random number is applied to the excitation input of the equipment, an internal excitation parameter and a binary vector mask are generated, under the condition that the internal excitation parameter and a response parameter measured by the internal excitation parameter accord with preset conditions, the internal excitation parameter and the response parameter measured by the internal excitation parameter are stored in a database of the current equipment, the steps are circulated until excitation responses meeting the set maximum response value are all registered in the database of the server, and the registration is completed;
and (3) identity verification stage:
an encryption module comprising: the device adopts a hardware random number generator to generate two different random numbers, and sends the id of the device and the generated random numbers to a server, if the id of the device cannot be found in a server database, the session is terminated;
otherwise, the server randomly selects two incentives, retrieves corresponding response parameters from the database according to the incentives, encrypts the response parameters to obtain encrypted parameters, and sends the encrypted parameters to the device;
the judging module comprises: the device regenerates response parameters for one of the stimuli through a physical unclonable function, judges according to the value of the response parameters and the recovered response parameter values, if the Hamming distance between the response parameters and the recovered response parameter values is larger than a set threshold, the session is terminated, and otherwise, the server passes the authentication.
8. The authentication system of claim 7, wherein the registration module comprises:
an excitation input unit comprising: the server randomly generates an n-bit random number C ij And applies it to the excitation input of the device;
a mask generation unit comprising: device generates m internal excitation parameters by hardware random number generator<C ij >Through againGenerating an m-bit response parameter R by a physically unclonable function ij A mask; response parameter R ij Is located in the binary vector mask (R ij ) Marked with 1; wherein j is the number of generated responses, the initial value is 1, k is 0, m-1];
A comparison unit comprising: if binary vector mask (R) ij ) Is equal to 0, and the binary vector mask (R ij ) The Hamming distance between the zero vector and the random number C is smaller than the threshold value tau ij And its measured response parameter R ij Will be stored in the database DBi of device i;
an iteration unit comprising: loop iteration mask generating unit and comparing unit until maximum value j of response number j which can be generated is satisfied max The excitation responses of (a) are all registered in the database DBi of the server.
9. The authentication system of claim 8, wherein the encryption module comprises:
a random number generation unit comprising: the device generates two m-bit random numbers N through a hardware random number generator d1 And N d2 While ensuring that the k bits of the two random numbers generated by the device via the hardware random number generator are different,
if the random numbers are the same, the kth bit is reversely given to other kth bits, and after the conditions of different random numbers are met, the id of the equipment and the generated two random numbers are sent to the server;
a search unit for terminating the session if the device id is not found in the server database, otherwise, the server will send the device id to the server i Random selection of C in database DBi of =id a And C b Two excitations;
a response parameter generation unit comprising: for C a Generation by means of a hardware random number generator<C a >Then go through pair<C a >Retrieving response parameters R in DBi a
A random number generation unit comprising: the server sends out the data through the hardware random numberThe generator generates two m-bit random numbers N s1 And N s2 The kth bit of the two random numbers is different;
an encryption unit comprising: if response parameter R a 0, then the random number N received from the device d1 R is used as a number for emphasis a Encryption as M a The method comprises the steps of carrying out a first treatment on the surface of the Otherwise the first set of parameters is selected,
using N d2 R is given as the number of emphasis used only once a Encryption as M a ,M a As a server directing device pair C a Secret proof of PUF response of (C) the server will C a 、C b 、N s1 、N s2 And M a To the device.
10. The authentication system of claim 8, wherein the determination module specifically comprises:
device pair C through physical unclonable function a Regenerating response parameter R a If R is a Is 0, then M will be received a And N d1 Exclusive or;
otherwise, M will be received a And N d2 Exclusive or, obtaining recovered response parameter R ^ a And will respond to parameter R a Response parameter R with recovery ^ a Comparing;
if the response parameters R are regenerated a Response parameter R with recovery ^ a FHD between them is greater than reliability threshold τ, session is terminated, otherwise the server is authenticated.
CN202310896241.8A 2023-07-20 2023-07-20 Bidirectional lightweight authentication method and system for Internet of things equipment Pending CN116980191A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310896241.8A CN116980191A (en) 2023-07-20 2023-07-20 Bidirectional lightweight authentication method and system for Internet of things equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310896241.8A CN116980191A (en) 2023-07-20 2023-07-20 Bidirectional lightweight authentication method and system for Internet of things equipment

Publications (1)

Publication Number Publication Date
CN116980191A true CN116980191A (en) 2023-10-31

Family

ID=88484369

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310896241.8A Pending CN116980191A (en) 2023-07-20 2023-07-20 Bidirectional lightweight authentication method and system for Internet of things equipment

Country Status (1)

Country Link
CN (1) CN116980191A (en)

Similar Documents

Publication Publication Date Title
CN111818039B (en) Three-factor anonymous user authentication protocol method based on PUF in Internet of things
Gope et al. Lightweight and practical anonymous authentication protocol for RFID systems using physically unclonable functions
Liang et al. A mutual security authentication method for RFID-PUF circuit based on deep learning
US8694778B2 (en) Enrollment of physically unclonable functions
US6038315A (en) Method and system for normalizing biometric variations to authenticate users from a public database and that ensures individual biometric data privacy
US9118661B1 (en) Methods and apparatus for authenticating a user using multi-server one-time passcode verification
Huth et al. Securing systems on the Internet of Things via physical properties of devices and communications
US11146410B2 (en) Pseudo-random generation of matrices for a computational fuzzy extractor and method for authentication
JP2014523192A (en) Security by encryption using fuzzy authentication information in device and server communication
Dubrova et al. CRC-PUF: A machine learning attack resistant lightweight PUF construction
JP2012527190A (en) System and method for securely identifying and authenticating a device in a symmetric encryption system
CN113114475B (en) PUF identity authentication system and protocol based on bit self-checking
Lounis et al. Lessons learned: Analysis of PUF-based authentication protocols for IoT
Hossain et al. ICAS: Two-factor identity-concealed authentication scheme for remote-servers
Panchal et al. Designing secure and efficient biometric-based access mechanism for cloud services
Jana et al. Differential fault attack on photon-beetle
Selvaraju et al. A method to improve the security level of ATM banking systems using AES algorithm
CN111740965B (en) Internet of things equipment authentication method based on physical unclonable equation
CN111355588B (en) Wearable device double-factor authentication method and system based on PUF and fingerprint characteristics
CN115913577B (en) Anti-physical clone equipment authentication system and method based on lightweight SPONGENT hash algorithm
Srinivas et al. An authentication framework for roaming service in global mobility networks
Yinhui et al. Research on a provable security RFID authentication protocol based on Hash function
CN116980191A (en) Bidirectional lightweight authentication method and system for Internet of things equipment
CN115941176A (en) PUF-based bidirectional authentication and key agreement method
US20230216838A1 (en) System and methods for puf-based authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination