摘要
设备安全接入是电力物联网安全防护的第一道防线,是实现访问控制、入侵检测等安全机制的前提。完备的设备接入管理涵盖设备的可信认证和安全撤销两个关键环节,现行系统大多依赖PKI来建立可信基础设施,通过公钥证书的颁发、验证及撤销实现接入管理。然而,在电力物联网场景下,该方案为数量众多、资源受限的设备带来了额外的开销负担和效率问题,随之提出的轻量级认证方案实现了开销及效率的优化,但在功能上存在不足,无法实现安全撤销这一关键环节。针对以上不足,基于密码学累加器及布隆过滤器提出了一种电力物联网设备接入管理方案,同时实现了设备的可信认证及安全撤销,并有效地兼顾功能和效率。通过安全性分析,本方案实现了设备对网关的匿名认证、身份凭证的不可伪造性以及强制撤销安全性。实验结果表明,与主流的基于PKI的设备接入管理方案相比,本方案在设备身份验证及凭证撤销环节大大降低了通信开销和存储开销,在电力物联网场景下具备更高的实用性。
Device access is the first line of defense for the security protection of the power Internet of Things,and it is the premise for realizing security mechanisms such as access control and intrusion detection.Complete device access management covers two key links:trusted authentication and secure revocation.Most existing systems rely on PKI to establish trusted infrastructure,and realize access management through the issuance,verification and revocation of public key certificates.However,in the scenario of power Internet of Things,this scheme brings extra overhead burden and efficiency problems to a large number of devices with limited resources.The lightweight authentication scheme has realized the optimization of overhead and efficiency,but it is not functional enough to realize the key link of safe revocation.In view of the above shortcomings,this paper proposes an access management scheme for power Internet of Things devices based on cryptography accumulator and Bloom filter,which simultaneously realizes trusted authentication and security revocation of devices,and effectively considers both functions and efficiency.Through security analysis,this scheme realizes anonymous authentication of gateway,unforgeability of identity certificate and security of forced revocation.Experimental results show that,compared with the mainstream PKI-based device access management scheme,this scheme greatly reduces the communication overhead and storage overhead in the process of device authentication and revocation,and has higher practicability in the power Internet of Things scene.
作者
陈彬
徐欢
奚建飞
雷美炼
张锐
秦诗涵
CHEN Bin;XU Huan;XI Jian-fei;LEI Mei-lian;ZHANG Rui;QIN Shi-han(China Southern Power Grid,Guangzhou 510663,China;China Southern Power Grid Digital Power Grid Research Institute,Guangzhou 510663,China;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China)
出处
《计算机科学》
CSCD
北大核心
2022年第S02期750-755,共6页
Computer Science
基金
国家自然科学基金(61772520,61802392,61972094)
关键词
密码学累加器
电力物联网
接入认证
安全撤销
匿名
Cryptographic accumulator
Power Internet of things
Access authentication
Secure revocation
Anonymous
作者简介
陈彬,chenbin@csg.cn,born in 1983,Ph.D.His main research interests include power grid big data security and so on;通信作者:秦诗涵,qinshihan@iie.ac.cn,born in 1997,master.Her main research interests include cryptography technology and application,security certification agreement.
