Research On Lightweight And Security Certificateless Key Management Scheme For Internet Of Things

With the wide application of the Internet of things and the continuous scale expansion of the Internet of things,the efficiency and security of the Internet of things are greatly challenged.Internet of things applications face a variety of security vulnerabilities and efficiency constraints due to access of a large number of resource constrained nodes.Meanwhile the dominated Identity-Based Cryptograph and Public Key Infrastructure key management schemes also have security and efficiency defects,such as cumbersome authentication,unchangeable identity information,single point of failure and third-party trust crisis.In order to deal with the security and efficiency problems faced by the Internet of things,the certificateless public key mechanism uses the dynamic key generation model to improve security and efficiency performance.However,providing no secure key distribution channel,it can’t realize flexible key distribution,and can’t be applied to the Internet of things scene with flexible access of a large number of nodes.Therefore,the lightweight and secure certificateless key management scheme for large-scale Internet of things has become a hot spot in the research of secure communication protocols.This thesis will mainly study the certificateless key agreement protocol and certificateless key management scheme.Firstly,the security defects of the existing certificateless authentication key agreement protocols are analyzed.In view of these security defects,two more secure certificateless authentication key agreement protocols are proposed.Secondly,based on the proposed certificateless authentication key agreement protocols,this thesis also proposes a lightweight and secure certificateless key management scheme which is applicable to the Internet of things with flexible access of a large number of terminal nodes.The details are as follows:(1)Two certificateless authentication key agreement protocols against P-KCI are proposed.First,combined with the definition of session partial key compromise impersonation attack(P-KCI)in the Lippold security model proposed by Lippold,the security defects of the existing certificateless key agreement protocols are analyzed.It is pointed out that OPPRE protocol can’t resist the partial key leakage in the P-KCI attack of class Ⅰ adversary;and PSPRO protocol can’t resist the partial public key replacement in the P-KCI attack of class Ⅰ adversary.Then,analyzing the principle of P-KCI attack,this thesis improves the entanglement strategy of secret information,and designs two more secure and efficient certificateless authentication key agreement protocols.This thesis uses the definition of P-KCI attack to supplement the extended-Canetti-Krawczyk(eCK)security model,and proves the security of the two protocols.In the efficiency analysis,the computational performances of the two protocols are better.The first protocol adds an intermediate authentication part.and is suitable for Internet of things with high attack frequency scenario(> 0.35).The second protocol has better overall computational performance,and is suitable for Internet of things application scenarios with low attack frequency scenario(< 0.35).In this thesis,relevant simulation experiments are designed to verify the computational efficiency of the two protocols.(2)Using the proposed two certificateless key agreement protocols,a lightweight certificateless key management scheme based on smart contract is proposed.In order to realize the flexible distribution of key and lower cost of identity information consistency maintenance,this thesis improves the designs of core layer and interface layer in the architecture of distributed key management scheme.Then,compared with computational performances and security of current schemes,the proposed scheme is more secure,which can resist on malicious server attack and other malicious attacks,and its computational performance is in a better range(10-40ms).Finally,aiming at the two proposed certificateless authentication key agreement protocols,three key agreement strategies under different attack frequency scenarios are simulated in this scheme.It is proved that the strategy of selectively adopting the two certificateless key agreement protocols according to the attack frequency has better computational performance.