| Wireless sensor networks(WSNs)are distributed sensor networks that can ef-fectively integrate the physical world and cyberspace.Due to the characteristics like low cost,easy deployment,strong self-organization and data-centric,WSNs have been widely deployed in a large number of situations ranging from military security to en-vironmental monitoring.However,due to the openness of wireless channels and the sensitivity of collected data,the security has always been one of the core issues restrict-ing the wide application of WSNs.Identity authentication is an effective method to ensure secure communication in WSNs,and it is the first barrier of security and the ba-sis of data access in WSNs.Authentication and key agreement(AKA)protocol not only requires authentication of the legitimacy of users and other participants,but also nego-tiates a temporary session key after the process of mutual authentication for subsequent data communication.Anonymous AKA protocol is a hot topic of current research,and it plays an increasingly important role in protecting user privacy and information se-curity.Currently,user anonymity includes two aspects:one is the protection of user identity information,which can be summarized as the fact that the attacker can not ob-tain the user's real identity through the information sent by the user;the other is the untraceability of user behavior,that is,the attacker cannot determine whether any two or more messages are sent by the same user.Although many scholars have done deep research on anonymous AKA protocol and obtain a lot of achievements,the application environments of WSNs are usually complex and changeable,and the sensor nodes have the characteristics of limited resources,the traditional mature and effective anonymous AKA protocols cannot be adopted directly,and it is necessary to design anonymous AKA protocol suitable for WSNs environment.In recent years,researchers have pro-posed hundreds of anonymous AKA protocols for WSNs and their applications.How-ever,these protocols have more or less problems in terms of security and efficiency.Therefore,the research of anonymous AKA protocol for WSNs has important theoret-ical significance and practical value.This dissertation focuses on the research of anonymous AKA protocol for WSNs.First of all,we deeply analyze the security challenges faced in practical applications,and seek secure and efficient solutions.Subsequently,multiple anonymous AKA pro-tocols that meet the needs of specific scenarios are constructed based on different cryp-tographic technologies and security elements.The main work and innovations of this dissertation are as follows1.Proposed a two-factor authentication and key agreement protocol with identity privacy protectionRegarding the problems of user identity privacy,location tracking an d data secu-rity in the smart home environment,this dissertation firstly analyzes the internal causes of the problems in depth,and establishes a security model and a performance evaluation model suitable for smart home.Subsequently,a two-factor AKA protocol with iden-tity privacy protection is proposed based on elliptic curve cryptography(ECC).In order to deal with the problem of resource bottleneck,the proposed protocol only performs lightweight XOR operations and hash operations on resource-constrained smart de-vices.In addition,non-interactive key agreement technique has been adopted to achieve the anonymization of user identification information,which can effectively protect the identity privacy of end user.At the same time,the combination of "Honeywords" and"fuzzy-verifier" enables the proposed protocol to detect the attacker's online password guessing behavior in time,and a higher level of security has been achieved while meet-ing the availability of the protocol.The two-factor authentication method based on user password and mobile device has been adopted in the proposed protocol.With the help of gateway node,remote user can achieve mutual authentication with smart devices,and a shared session key is negotiated for secure transmission of collected data.Formal proof and comprehensive heuristic analysis demonstrate that the proposed protocol is secure.Performance analysis shows that the proposed protocol achieves a reasonable balance between security and usability,and it is suitable for resource-constrained smart home environment.2.Proposed an anonymous two-factor authentication and key agreement pro-tocol with forward secrecyTaking into account the complex network environment of Industrial Internet of Things(IIOT)and the limited resources of sensor nodes,traditional mature and effective authentication protocols can not be directly used,and we need to explore new design ideas for secure and efficient protocol.This dissertation first establishes the network model,security model and evaluation index system of IIOT environment,and then an anonymous two-factor AKA protocol with forward secrecy has been proposed based on Rabin cryptosystem.The proposed protocol makes full use of the computational asymmetric characteristics of Rabin cryptosystem,and it is especially suitable for the situation that the sensor node is the main energy bottleneck.Forward secrecy can be provided in the proposed protocol,especially in the communication between gateway node and sensor nodes,which is not available in most existing protocols.Not only that,the proposed protocol can provide multi-factor security and user anonymity without the need for additional synchronization mechanisms.By using random oracle model,the security of the proposed protocol has been proved strictly.With the help of tool ProVerif,the session key 's confidentiality and authentication properties of the proposed protocol are verified.In addition,a comprehensive heuristic security analysis shows that the proposed protocol can not only resist multiple known attacks like mobile device loss attack,privilege internal attack,and impersonation attack,but also achieve security goals such as user anonymity and forward secrecy.Finally,the comparisons with nine representative schemes demonstrate the superiority of the proposed protocol.3.Proposed two lightweight and anonymous authentication and key agree-ment protocols with resistance to de-synchronization attackConsidering the problem that existing lightweight AKA protocols cannot provide forward secrecy,user anonymity and resistance to de-synchronization attack at the same time,wireless medical sensor networks(WMSNs)with severely limited resources and high real-time requirements are studied,and two lightweight and anonymous AKA pro-tocols with resistance to de-synchronization attack have been futher proposed.First of all,we propose a lightweight and anonymous AKA protocol with forward secrecy based on pseudo-random identity and one-way hash chain technique.Subsequently,regarding the problem of de-synchronization attack caused by the improper use of pseudo-random identity and the failure update of one-time hash chain values,a lightweight and anony-mous AKA protocol with resistance to de-synchronization attack is proposed based on hash functions and XOR operations.The proposed protocol adopts the dynamic update of two pseudo-random identities to achieve user anonymity,and one-way hash chain technique and the serial number method are used to provide forward secrecy and resist de-synchronization attack occurred between gateway node and the sensor nodes.What is more,in order to further simplify the proposed protocol and improve its security,a new lightweight and anonymous AKA protocol with resistance to de-synchronization attack is proposed.Compared with the original protocol,the improvements of new protocol are mainly shown in three aspects:First,it simplifies the authentication pro-cess and reduces the number of messages exchanged,and the computing efficiency of the protocol has been improved and it is more suitable for resource-constrained applica-tions;Second,two sets of serial numbers are used to resist de-synchronization attack that may be occurred between the user and gateway node,and between gateway node and the coordinator;Third,the method of integrating " honeywords" and" fuzzy-verifier" is used to achieve balance between security and usability.Security proof and performance analysis demonstrate the advanced nature of the new protocol. |
PDF Full Text Request