Research On Resource-Constrained Terminal Security Authentication Methods For Cloud-Edge-Device Architecture

With the rapid development of communication technology,the number of resource-constrained terminals has increased rapidly,and the terminals will generate a large amount of data in real-time.If they are all processed in the cloud center,problems such as communication delay and privacy leakage will occur.Edge computing is close to the end data source and can support low latency services,and cloud-edge-end collaborative computing is emerging as new and important network architecture.Authentication and key negotiation protocols are key technologies for securing data sharing in an open and insecure network state and are the first barrier to information security protection in a cloud-edge-end architecture.Traditional authentication and key agreement protocols have a high computational overhead and are not fully applicable to resource-constrained terminals.With the changes in the security requirements,communication methods,and roles of cloud-edge-end network architectures,traditional authentication and key agreement protocols have been No longer applicable to new requirements.Therefore,based on the cloud-edge-end network architecture,designing authentication and key agreement protocols for resource-constrained terminals is an urgent problem to be solved.The main research contents of this thesis are as follows.(1)For the situation that requires low latency and the powerful computing and storage capabilities of the cloud center,a three-party authentication model for cloud-side-terminal communication for resource-constrained terminals is proposed.Aiming at the problems that current security authentication methods have security vulnerabilities such as replay attacks and man-in-the-middle attacks,and that most protocols use time-consuming operations such as bilinear pairing,which are not suitable for resource-constrained terminals,this thesis proposes a cloud-side-end-oriented three-party authentication and the key agreement protocol AKES-TEC.Based on elliptic curves to ensure protocol security and forward confidentiality,and decompose the authentication task,the main time-consuming calculations are done by the edge and the cloud center to achieve the goal of lightweight authentication of resource-constrained terminals.Finally,the security is verified using the BAN logical induction method and the ROM model.Experimental comparative analysis shows that the AKES-TEC protocol proposed in this thesis outperforms existing schemes in terms of total computation time and in terms of resource-constrained terminals.(2)For small-scale data,strong privacy requirements,and cloud link disconnection,the two-party authentication model for edge-end communication is proposed,following the principle that data is processed locally and the edge server provides services to the terminal.To address the problem that traditional edge-end authentication and key negotiation protocols still require third-party assistance in authentication from the cloud center,and considering the case of disconnected cloud links,this thesis proposes a two-party authentication and key negotiation protocol for the edge-end called AKES-TE.Realize efficient authentication of resource-constrained terminals and edge servers in a single round of message exchange,and transfer the main computing overhead to the edge side.The cloud center does not need real-time assistance in authentication and uses cryptographic algorithms to process terminal identity to achieve user anonymity and untraceability.Finally,the BAN logic and AVISPA tools are used to carry out strict security verification,and the experimental comparative analysis shows that the protocol AKES-TE can ensure security and at the same time,the computing performance is also better than other schemes.