Design And Implementation Of Iot Cross-domain Key Agreement System

Traditional Io T environment adopts a chimney-like architecture,where Io T devices are authenticated by authentication servers,resulting in numerous authentication domains.With the emergence of new application scenarios such as smart cities,Io T devices are required to have cross-domain information interaction.To ensure data security,it is necessary to encrypt the data interacting across domains.Therefore,key negotiation between cross-domain devices has become an urgent problem to be solved.In addition,key negotiation requires authentication of devices to ensure data security.In large-scale Io T networks,due to the limitations of device power and the heterogeneity of security protocols among different domains,the existing identity authentication and key agreement technologies face the following two problems.First,there is no effective trust mechanism between domains,and it is difficult to achieve information sharing and mutual authentication between cross-domain devices.Second,in the case of a large scale of Io T networks,the management and maintenance costs of the traditional key negotiation method are too high,thus,a new key negotiation method is needed to save costs.Aiming at the lack of efficient mutual trust mechanism between domains,this paper proposes a solution to realize cross-domain authentication using blockchain technology.The authentication servers in each domain,work as Ethereum nodes to build a set of public storage directories with the help of smart contracts to realize cross-domain sharing of device information.On this basis,this paper uses the distributed weighted verification mechanism of the Ethereum Oracle to achieve cross-domain mutual trust,and designs a cross-domain authentication protocol with reference to the OAuth protocol to carry out real-time verification of device information on the chain,thereby verifying the identity of cross-domain devices.Finally,this paper analyzes several attack models and the corresponding formal verification to prove the security of the system.Aiming at the high cost of the existing key agreement methods in the large-scale Io T environment,this paper proposes a scheme to extract keys from the random delay feature in the network.The authentication server in each domain not only acts as an Ethereum node for crossdomain information synchronization,but also as a forwarding node to contribute to a random forwarding network.On this basis,Io T devices collect reciprocal delay characteristics,and then perform quantitative coding and information reconciliation on the characteristic data to obtain a consistent session key.Moreover,this paper lists out countermeasures and safety analysis for possible attack models.Finally,this paper designs and implements a distributed cross-domain key agreement system.Ethereum smart contracts are utilized to achieve cross-domain device information sharing,and Oracles are utilized to achieve cross-domain device authentication.Then,the cross-domain forwarding interface is deployed in the authentication server in each domain to form a random forwarding network.Finally,an Io T key agreement client is designed to realize feature extraction and key agreement.