SM2 Implicit Certificate Authentication Protocol For IoD

With the rapid development of UAV technology and the gradual opening of airspace,the Internet of Drones(Io D)will be more widely used in agriculture,industry,and military fields.Due to the open nature of drone communication channels,ensuring the security and privacy of drone networks is critical.In view of the insurmountable defects of the security protocol based on the symmetric cryptography mechanism,the public key cryptography mechanism is more suitable for identity authentication,the establishment of session keys and message authentication between communication entities in the Io D.And public key authentication(that is,the binding of public key and identity)is the premise to ensure the security of public key cryptography.However,the existing public key authentication protocols are not suitable for resource-constrained Io D due to low computational efficiency and high communication overhead.In addition,current public key infrastructure(PKI)all relied on a trusted Certificate Authority(CA)to sign certificates.However,issuing certificates by CA alone has the problems of signing fraudulent certificates and weak Certificate Transparency(CT).The CT scheme proposed by Google makes certificate issuance publicly visible to everyone to enhance the credibility of CAs involved in the process of signing certificates.However,the CT scheme based on Signed Certificate Timestamp(SCT)requires high computational cost to verify SCT,and is also not suitable for resource-constrained Io D.To this end,this paper is devoted to the research of public key authentication protocols suitable for UAV scenarios.According to the credibility of CA,two public key authentication protocols are proposed.When the CA is trusted,an implicit certificate authentication scheme based on SM2 is proposed to solve the problems of low computational efficiency and high communication overhead in the existing public key authentication protocols.In the case that the CA is not completely trusted,an implicit certificate transparency authentication scheme based on SM2 is proposed to solve the problems existing on the CT scheme based on SCT and improve the certificate transparency and revocation transparency of the public key authentication protocol.The specific research results of this paper are summarized as follows:1.Under the premise that the CA is trusted,an implicit certificate protocol based on SM2 is proposed,and it is further combined with the SM2 key exchange protocol to give an authenticated key agreement protocol.Subsequently,the protocol optimization implementation based on the Four Q curve is explored.The scheme generally realizes the binding of the communication entity identity and the public key in the Io D,completes the identity authentication of both parties and establishes the session key.In terms of security,the protocol conforms to the SM2 signature algorithm standard,which can resist common attack methods on existing drone protocols,especially the man-in-the-middle attack that replaces the public key.Experiments show that the scheme has high computational efficiency and low bandwidth overhead,and can be used in resource-constrained Io D.2.The SM2-based Implicit Certificate Transparency(SICT)protocol is proposed based on the construction rules of the SM2 implicit certificate under the premise that the CA is not completely trusted.First of all,in the certificate issuance process of the SICT protocol,the SM2 implicit certificate submitted to the public log is consistent with the certificate received by the user,which reduces the complexity of deploying the CT scheme using the SM2 implicit certificate.Then,during the certificate receiving process of the SICT protocol,the certificate holder verifies the validity of the certificate and verifies the certificate transparency of the certificate,which solves the problems existing in the traditional PKI deployment of the SCT-based CT scheme.Furthermore,in order to reduce the possibility of CAs issuing forged certificates,a blockchain-based certificate transparency protocol is proposed based on the SICT protocol using blockchain technology.This protocol realizes the functions of registration,renewal,revocation and search of certificates on the blockchain,and enhanced certificate transparency and revocation transparency of the SICT protocol.The experimental results show that the protocol has low computational overhead and is suitable for IoD.