用户的身份认证和数据的保密传输是物联网信息安全中最基本的需求,而物联网中的终端设备一般呈分布式设置,大多数设备无人值守,因此需要有一个端到端的安全机制来保护物联网中的信息传输;物联网终端受带宽、计算能力和内存等限制,无法部署开销太大的安全协议.为了解决上述问题,提出并设计了一种基于ECQV(Elliptic Curve Qu-Vanstone)自签名隐式证书的认证密钥协商协议,主要基于ECQV自签名隐式证书生成机制和公钥提取机制,可完成感知节点和用户之间的相互认证及安全传输通道的建立,占用内存小,认证效率高.以C语言编写的双向认证密钥协商协议基于Contiki操作系统在WiSMote节点上接受了实验验证和评估分析.实验结果表明,由于ECQV证书比传统证书所需要的数据量小,故减少了带宽的占用,且时间和能量消耗也有降低,效率大幅提升.所设计的协议完全可以部署在资源限制型物联网上,且具有良好的安全性.%As well known,among all the information security requirements in Internet of Things (IoT) network,user authentication and data transmission confidentiality both are the most essential.However,edge devices in IoT are commonly distributed,and most of them are unattended,so it has become pressing to create an end-to-end security mechanism to secure the information transmission in IoT.Considering the confinations of devices in IoT network are bandwidth,computing power and memory limit,the IoT nodes cannot support heavy security protocol.In order to solve the above problems,a new authenticated key agreement protocol based on ECQV (Elliptic Curve Qu-Vanstone) self-signed implicit certificate has been introduced,which is based primarily on ECQV self-signed certificate generation scheme and ECQV self-signed implicit certificate public key extraction scheme and can perform mutual authentication between the user and node,with smaller footprint and higher authenticate efficiency.This proposed protocol programmed with C language run by Contiki operation system has been tested and evaluated with WiSMote nodes.Experiment results show that the ECQV certificate is smaller than traditional certificate,and thus the system bandwidth has been reduced as well as the time and energy consumption.In general the proposed protocol can be deployed on resource-constrained devices in IoT,and with better secure performance.
展开▼
