Research On The Design And Analysis Of Authentication Key Agreement Protocols For The Internet Of Things

At present,the application of the Internet of Things(Io T)involves almost all walks of life,and therefore its security issue is widely concerned.A secure authentication key agreement scheme is one of the main technologies to ensure the communication security of the Io T.Considering the resource constraints of Io T devices on storage,computing and communication bandwidth,it is of great concern to design a secure and efficient authentication key agreement scheme which is flexible and suitable for different Io T scenarios.This dissertation is aimed at the design and security analysis of Io T authentication key agreement scheme,and studies the design and security analysis of the authentication key agreement protocol under the scenario of intra-domain and cross-domain.The main works of this dissertation are as follows:1.A secure intra-domain device-to-device(D2D)anonymous authentication key agreement protocol is proposed.Aiming at the lack of security proof in the research of end-to-end symmetric key establishment(SKKE)protocol,this dissertation presents a security proof of SKKE protocol based on computational complexity theory.Due to the shortcomings of SKKE protocol in terms of privacy protection,as well as the shortcomings of some current authentication key agreement protocols suitable for D2 D communication over the Internet of Things(Io T)in terms of efficiency,security,and privacy protection,an identity-based D2 D anonymous authentication key agreement protocol is proposed.The protocol includes a system initialization phase,a registration phase,an authentication key negotiation phase,and a key update phase.Under the random oracle model,a security proof of the protocol is given based on the ECCDH difficulty assumption.The formal analysis tool of Tamarin is used to verify the security of the protocol,and the verification results show that the protocol satisfies confidentiality,authentication,and perfect forward security.Compared to similar protocols,this protocol has anonymity and perfect forward security,and can resist common attacks such as key compromise impersonation attacks,replay attacks,and man-inthe-middle attacks;The protocol also has significant advantages in terms of computational and storage overhead.2.A cross-domain authenticated key agreement protocol based on elliptic curve Qu Vanstone(ECQV)implicit certificate is proposed.In the registration phase,the registered device and the certification authority CA utilize the implicit certificate scheme to complete the device registration,and obtain the public/private keys pair and implicit certificate of the device.In the authentication and key agreement phase,the initiator device first communicates with the responding’s CA to complete the authentication of the initiator device and obtain the access credentials of the responding device;then the initiator device communicates with the responder device based on the credentials and completes mutual authentication,and negotiates session key by the temporary elliptic curve Diffie Hellman key exchange(ECDHE)mechanism.Under the random oracle model,based on the security of the ECDLP difficult hypothesis and ECCDH difficult hypothesis,a security proof of the protocol is given.The formal verification results show that the protocol satisfies confidentiality,authentication,and perfect forward security.Compared to similar protocols,the security comparison shows that the protocol meets the requirements of anonymity,known session key security,and perfect forward security;The protocol has lower computational overhead.3.A cross-domain authenticated key agreement protocol based on certificateless signature is proposed.First,an efficient certificateless signature scheme supporting anonymous verification is proposed,and its security is proved.With that,by combining this certificateless signature scheme with ECDHE mechanism,a cross-domain authentication key agreement protocol under the consortium blockchain architecture is designed.This protocol uses the consortium blockchain to build trust between different domains,and realize the sharing of public parameters and public information of devices belong to different domains,solving the problem of identity credibility and data credibility.Then,under the random oracle model,based on the ECCDH difficulty hypothesis,a security proof of the protocol is given.The security of the protocol is verified by Tamarin,and the verification results show that the protocol satisfies confidentiality,authentication,and perfect forward security.Compared to similar protocols,the protocol has anonymity and perfect forward security,and can resist common security attacks;The protocol has lower communication overhead.