CN112995992B - A collaborative authentication method for large-scale wireless sensor networks - Google Patents
A collaborative authentication method for large-scale wireless sensor networks Download PDFInfo
- Publication number
- CN112995992B CN112995992B CN202110255221.3A CN202110255221A CN112995992B CN 112995992 B CN112995992 B CN 112995992B CN 202110255221 A CN202110255221 A CN 202110255221A CN 112995992 B CN112995992 B CN 112995992B
- Authority
- CN
- China
- Prior art keywords
- certificate
- locator
- cloc
- value
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000012795 verification Methods 0.000 claims abstract description 54
- 241000854291 Dianthus carthusianorum Species 0.000 claims description 57
- 230000008569 process Effects 0.000 claims description 16
- 238000004891 communication Methods 0.000 claims description 12
- 238000010276 construction Methods 0.000 claims description 7
- 230000006870 function Effects 0.000 claims description 7
- 230000006872 improvement Effects 0.000 claims description 6
- 125000004122 cyclic group Chemical group 0.000 claims description 3
- 238000013507 mapping Methods 0.000 claims description 3
- 241000544061 Cuculus canorus Species 0.000 abstract description 9
- 230000009286 beneficial effect Effects 0.000 abstract 1
- 230000000694 effects Effects 0.000 abstract 1
- 230000007774 longterm Effects 0.000 abstract 1
- 230000007246 mechanism Effects 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 4
- 238000013461 design Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000003780 insertion Methods 0.000 description 2
- 230000037431 insertion Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/38—Services specially adapted for particular environments, situations or purposes for collecting sensor information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
本发明属于物联网安全技术领域,涉及一种大规模无线传感器网络协同身份验证方法。基于分布式思想,采用协作策略,将网络中所有节点上的存储空间看作大型池来缓存验证后的公钥证书。所有传感器设备构造CLoc定位器,在网络初始化后执行冷启动改进算法;当设备需要验证公钥证书时,首先查询基于布谷鸟散列的定位器,若得到缓存信息,则与其通信完成验证。此外,还设计了在动态网络中评估设备可信度的传感器信任模型。本发明的效果和益处是大大缩短了平均验证时间并且显著降低了计算以及空间复杂度,有利于在维护无线传感器网络长期运行的基础上实现安全的身份验证。
The invention belongs to the technical field of Internet of Things security, and relates to a large-scale wireless sensor network collaborative identity verification method. Based on the distributed idea, a cooperative strategy is adopted, and the storage space on all nodes in the network is regarded as a large pool to cache the verified public key certificates. All sensor devices construct a CLoc locator, and execute the cold-start improved algorithm after the network is initialized; when the device needs to verify the public key certificate, it first queries the locator based on the cuckoo hash, and if the cached information is obtained, it communicates with it to complete the verification. Furthermore, a sensor trust model for evaluating device trustworthiness in dynamic networks is designed. The effects and benefits of the present invention are that the average verification time is greatly shortened and the computation and space complexity are significantly reduced, which is beneficial to realize secure identity verification on the basis of maintaining the long-term operation of the wireless sensor network.
Description
Technical Field
The invention belongs to the technical field of Internet of things security, and particularly relates to a Locator structure (CLoc, Cuckoo Locator) for mapping a sensor and a verifier thereof, a collaborative verification protocol, a cold start improved algorithm and a trust model technology, in particular to a large-scale wireless sensor network collaborative identity verification method which can be used for equipment identity authentication in a large-scale Internet of things.
Background
In recent years, due to emerging applications of industrial automation, smart devices and smart cities, the internet of things attracts great attention of people. The sensing layer of the internet of things is composed of a group of sensors which are distributed in a scattered manner in space and are provided with special purposes, the sensors are used for monitoring and recording physical data in the environment and organizing the collected data in a central mode, and the sensing data have extremely high utilization value and need to be collected and processed safely and efficiently. Meanwhile, due to the application purpose and resource limitation characteristics of the wireless sensor network, the wireless sensor network becomes an attractive target for intrusion and other attacks. Therefore, the safety problem of the wireless sensor network is the basis for guaranteeing the normal operation of the Internet of things system, and the wireless sensor network has research value and application value.
The security requirements of the wireless sensor network are built based on three properties of the information system's security Class (CIA), including confidentiality, integrity, and availability. Confidentiality refers to the security mechanisms that must ensure that only the intended recipient is able to properly parse the message content and prevent unauthorized access and use; confidentiality is the basis for CIA, while integrity is the assurance that unauthorized users cannot destroy or alter the content of sensitive information; availability refers to the security mechanism's ability to perform security tasks without interruption while ensuring that the system or network is able to perform the security tasks. The identity authentication of the sensor equipment is a source problem for guaranteeing the security requirement of the wireless sensor network, and only if the security and verifiability of the equipment identity in the network are guaranteed, the basis can be provided for subsequent security mechanisms and data collection tasks.
Sensor authentication often occurs in the following scenarios:
(1) the authentication procedure in the protocol is used to establish a secure channel between two terminal devices or one device and the server.
(2) When a sensor device retrieves sensed data collected by other sensors and stored in the cloud, the integrity and authenticity of the data needs to be verified to ensure that the data is not tampered with or partially lost. The digital signature of the sensing data is suitable for the situation, and in order to verify the correctness of the data signed by the private key, the equipment needs to verify the public key certificate of the equipment to verify the public key, so that the identity of the equipment is ensured to be real and reliable.
In a wireless sensor network, Authentication schemes based on a symmetric cryptosystem, such as a scheme of a μ TESLA (micro time, Efficient, Streaming, Loss-complete Authentication) broadcast Authentication protocol and an extension protocol thereof, have the problems of time synchronization, delayed time existing in key disclosure, incapability of performing Authentication in time, dos (denial of service) attack and the like. The identity authentication scheme based on the asymmetric cryptosystem for broadcasting can solve the problem based on the symmetric cryptosystem. In addition, most of the identity authentication schemes currently in mainstream are based on a public key cryptosystem and a digital signature technology, and although there are many improved technologies and methods for wireless sensor networks, when the wireless sensor networks are in interactive communication with external networks, digital signatures and digital certificates still need to be verified, so that it is necessary to implement efficient asymmetric encryption algorithms in the wireless sensor networks with limited computation, storage and energy resources.
In the traditional internet, a Public Key Infrastructure (PKI) mechanism is mainly used, an x.509 digital Certificate containing relevant information such as a user Public Key is constructed through a trusted Certificate Authority (CA), and any user can obtain the user Public Key in the Certificate by obtaining the CA Public Key, so that data signed by a private Key and sent by a Certificate holder are verified, and the identity of a data sender is verified. The certificate authentication process requires certain encryption and decryption operations and storage resources, which can be easily completed on a common computing device or server, but is not suitable for a sensor network which requires energy saving and has limited computing and storage resources. For example, using an optimized approach to certificate verification requires only one signature verification operation, rather than verifying the complete certificate chain, but certificate verification still requires 1.9s of time and certificate-based public key operations account for 95% of the total processing time, which is a reluctant case.
Therefore, how to perform fast certificate verification in a wireless sensor network and solve the storage and communication resource consumption caused by certificate storage and transmission is a problem to be solved. Traditionally, as many verified certificates are cached as possible, but this is not reasonable on internet of things devices with limited memory resources. And it is a very time consuming operation for each internet of things device to verify each public key certificate separately by the CA's public key. The above method is not suitable for sensor terminals with limited storage and computational resources.
Disclosure of Invention
The invention provides a large-scale wireless sensor network collaborative identity authentication method, aiming at solving the technical problems of how to execute rapid certificate authentication in a wireless sensor network and solving the consumption of storage and communication resources caused by certificate storage and transmission; meanwhile, the safety and the reliability of the network are protected. The invention designs a locator CLOc and cold start improved algorithm based on cuckoo hash in a large-scale wireless sensor network based on a cooperation idea, and introduces a trust model to realize an efficient, safe and complete cooperative identity verification protocol.
The technical scheme of the invention is as follows:
a large-scale wireless sensor network collaborative identity authentication method comprises the following specific steps:
step (1), network initialization after cold start improvement
When the network is initialized, the cluster head nodes in the wireless sensor network based on the clustering routing protocol need to verify the identities of all sensors in a cluster, the time consumption is serious, and the cold start problem is generated. Therefore, a cold start improvement algorithm at network initialization is proposed. The network initialization after the cold start improvement is specifically as follows: when the network is initialized, the CLOC locator is empty, the CLOC is a mapping set of a public key certificate and a device ID for verifying the public key certificate, and the data structure of the CLOC locator is divided into two parts of index (key) and storage content (value); the non-cluster-head nodes are divided into two groups by the cluster-head nodes according to a Hungarian matching algorithm, and the nodes between the two groups randomly and mutually execute independent verification processes.
Step (2), independent verification process
The equipment receives the certificate which needs to be independently verified, and executes the certificate verification operation of the public key password. And if the certificate verification is successful, performing the inserting operation of the CLOC locator. Construction of CRC32(PKcer) As an index, where PKcerFor certificate public key values, CRC32Is a 32-bit Cyclic Redundancy Check function (A Cyclic Redundancy Check-32, CRC-32); construction of CRC32(PKcer)||CRC32(IDXver)>>24||IDXverAs stored contents, whereinIDXverIs the verifier's own sensor device ID. The constructed CLOC positioner can realize the quick positioning of the sensor equipment which verifies the public key certificate. After the equipment constructs the index of the CLoc locator and completes the construction of the storage content, the index is sent to the coordinator<NEW-CACHE>And (5) message, finishing updating the CLoc locator.
The coordinator works as follows:
the coordinator is responsible for receiving the CLoc locator update value sent by the sink node and updating the CLoc locator update value to all equipment in the network at regular time; in addition, the coordinator periodically queries the certificate revocation list from the CA and notifies the device to delete certificate records that need to be deleted from the locator, notifying the verifier of the certificate to delete its cached certificate. If the trust value of a device is still below the initial set value after a given time, the node is removed from the locator by the coordinator.
The trust value setting mode is as follows:
in order to better quantify the trust degree of the sensor equipment in the cooperative verification process, a subjective logic framework is introduced to construct a communication trust model, and a related trust value is calculated by depending on the honest verification event number s and the dishonest verification event number f in the record
The range of the trust value T is 0,1]A value of 1 indicates that trust is fully possible and a value of 0, on the contrary, indicates that trust is not possible at all. Initially, the trust value between each two devices is initially set to 0.5. And calculating to obtain a direct trust value according to the honest and dishonest event number in the verification process, and updating the trust value based on the sliding time window.
Step (3), collaborative verification process
After initialization is complete, when sensor device d is ready1Needs to communicate with another device d2When establishing the secure communication, the public key certificate C needs to be verified2The verification process is as follows:
first of all device d1Searching local CLOC locator, inquiring whether other equipment is verified and cachedCertificate C2. If the CLoc locator returns verification and caches the certificate C2The device of (1) verifies whether the CRC check value of the public key is consistent, then verifies whether the ID of the device is consistent with the CRC checked value, and if both are correct, communicates with the verifier device queried to cooperatively verify the certificate C2(ii) a If the query result of the CLoc locator indicates that no equipment is cached and the certificate C is verified2Or verifying that the CRC check value of the public key does not accord with the check value obtained by indexing in the CLOC locator, and then equipment d1And (5) carrying out the flow of independently verifying the certificate, and synchronizing the step (2).
The invention has the advantages that: based on the idea of cooperative verification, the invention executes an efficient certificate verification process and designs a cold start improved algorithm, thereby reducing a large amount of encryption and decryption calculation operations and the storage space requirement of nodes, and saving the calculation, storage and energy resources of sensor nodes; meanwhile, the designed locator CLOC structure based on cuckoo hash has the advantages of low memory consumption, quick query and low construction complexity, and meets the requirement of collaborative verification; finally, a trust model which is converted into a wireless sensor network design is introduced, so that intrusion tolerance can be realized, and network security is protected.
Drawings
FIG. 1 is a diagram of a positioner configuration.
FIG. 2 is a schematic diagram of a cold start improvement algorithm.
Fig. 3 is an overall flow chart of the present invention.
Detailed Description
The following detailed description of the embodiments of the invention is provided in connection with the accompanying drawings.
The structure of the locator CLOC based on the cuckoo hash is shown in figure 1, and similar to the basic cuckoo hash, the CLOC firstly constructs a hash table for storing key values. Second, two hash functions h are required1(·),h2(. cndot.) is used to determine two possible locations for the interpolated value.
The insertion operation of the CLoc positioner was as follows:
(1) CRC-3 public key value attached to certificate to be verified2, calculating the function: CRC32(PKcer)。
(2) Calculating the Key CRC to be stored in the locator32(PKcer)||CRC32(IDXver)>>24||IDXver。
(3) And inputting the obtained 32-bit check code into a hash function to obtain the first possible storage position of the Key.
(4) If the position is occupied by other key values, a greedy algorithm is executed according to the insertion strategy of the cuckoo hash.
(5) Finally, the Key value is inserted into the locator.
The delete operation of the CLoc locator was as follows:
(1) firstly, calculating the value of a public key of a certificate to be deleted to obtain a CRC-32 check code value: CRC32(PKcer)。
(2) Calculating two hash functions corresponding to the CRC-32 check code value to obtain a value h of two possible positions1(CRC32(PKcer)),h2(CRC32(PKcer))。
(3) Judging whether the value in the first possible position is the same as the Key value to be deleted or not, and if so, setting the position to be a null value; if not, searching whether the value in the second possible position is the same as the Key value to be deleted, and if so, setting the position to be a null value; if the value identical to the Key value to be deleted is not found in the two positions, the value returns to-1, which indicates that the verification information of the certificate is not stored in the locator, and the deletion operation fails.
The query operation of the CLoc locator is as follows:
(1) the CRC-32 check code value for the public key value of the certificate to be queried is first calculated: CRC32(PKcer)。
(2) Calculating two hash functions corresponding to the CRC-32 check code value to obtain a value h of two possible positions1(CRC32(PKcer)),h2(CRC32(PKcer))。
(3) Determining the first possible positionChecksum value and calculated CRC32(PKcer) Whether the Key values are the same or not is judged, if so, the Key values of the corresponding positions are returned; if not, searching whether the value in the second possible position is the same as the Key value to be inquired, and if so, returning the Key value of the corresponding position; if the same value as the Key value that is desired to be queried is not found in either of the two locations, a return is made to-1, indicating that the validator information associated with the credential has not been stored in the locator and that the credential has not been validated by the other device.
The cold start improved algorithm designed by the invention is schematically shown in fig. 2, after the network is initialized, if the number of nodes in the cluster is even, the cluster head constructs a bipartite graph G (S, E), wherein S is S1∪S2,
E is the set of edges. The cluster head calculates a maximum match according to the Hungarian algorithm, and each matched edge belongs to S1Aggregated sensor node independent verification of belonging to S2In order to avoid mutual interference between sensors, the cluster head recalculates a maximum match, leaving each matched edge as S2Aggregated sensor node independent verification of belonging to S1And the sensor nodes are gathered, so far, the verification is completed. Based on a cold start improved algorithm, the resource consumption of cluster head nodes can be obviously reduced, and the service life of the network is prolonged.
The invention introduces a trust model based on a subjective logic framework, and the direct trust value is based on a certificate verification result between the verification request sensor equipment and the verifier equipment. Monitoring the behavior of sensor nodes in a wireless sensor network based on previous communication behavior has considerable uncertainty due to the unstable and noisy communication channel between the two sensor nodes. To resolve this uncertainty, the present invention applies a subjective logical framework to compute direct trust. A triple T ═ b, d, u, a } is defined, where b, d, u correspond to the degree of confidence, the degree of distrust, and the degree of uncertainty, and a represents the base ratio, i.e., the prior probability in the absence of evidence, where a ═ 0.5 indicates the degree to which the degree of uncertainty affects the mean. b, d, u ∈ [0,1], b + d + u ═ 1. Wherein the calculation formula is as follows:
in the process of one round of data receiving and sending, the edge server receives and records the successful honest verification event number s and the dishonest verification event number f. The direct confidence value is calculated as follows:
the complete and efficient cooperative identity authentication protocol provided by the invention is driven by an event that a non-cluster head node and a cluster head node establish safe communication in an LEACH routing protocol, and performs authentication cooperation by sending messages between devices, as shown in FIG. 3. Based on an LEACH routing protocol, when the round of cluster head node election in the network is finished, the cluster head node broadcasts to inform all the sensor equipment of the condition that the sensor equipment is called as the cluster head node; each non-cluster head node decides which cluster to join according to the strength of a received signal when a message sent by the cluster head node reaches the non-cluster head node, communicates with the corresponding cluster head node, and attaches a certificate and a public key of the non-cluster head node. The cluster head node firstly checks the certificate cached locally to see whether the cluster head node verifies that the public key certificate is cached; if the cached public key certificate is not valid, the cluster head node sends a request to the cluster head node to verify the validity of the public key certificate. Otherwise, the cluster head node needs to query the cuckoo hash-based locator CLoc to confirm whether any device verifies and caches the certificate, and obtain the device index serial number of the verifier device. Wherein, after the network initialization, in order to prevent the cold start problem, the invention designs a cold start improvement algorithm.
Each sensor device stores a locator CLoc based on the cuckoo hash, and constructs the locator structure at the time of initialization, if the cluster head node obtains the index serial number of the verifier device and the check codes are consistent, the cluster head node sends a message < REQUEST _ VALI, C, h, v > to the corresponding device for cooperative verification, wherein the REQUEST _ VALI indicates the message type, C is the certificate to be verified, h represents the cluster head node, and v indicates the verifier device. If the check codes are not consistent, the cluster head node interrupts the cooperative verification mechanism and selects itself to perform independent verification.
The edge server periodically and dynamically updates the required new values in the locator to keep the content of the locator of all the devices consistent dynamically. The sensor device independently verifies and CACHEs the certificate of a certain device, and sends a NEW _ CACHE message to the edge server, the edge server collects all certificate UPDATE messages of the round of the wireless sensor network, and then sends the value to be updated to the sink node by using an UPDATE _ CLOC message, and the sink node distributes the value to all devices.
In the cooperative authentication protocol flow of the invention, there are two authentication modes, and the specific authentication flow is as follows:
(1) collaborative authentication
In order to request the joint authentication certificate C, the cluster head node sends a message<REQUESTVALIC, h, v > to verifier v, and once device v receives the message, it retrieves its cache to find the public key k corresponding to the certificate C+If the certificate exists and is the same as C which requests verification, a message is replied to the cluster head node<REPLYVALIC, h, v, Correct' > mark the result of the cooperative verification is Correct; if k is+Consistently, a certificate exists, but not consistent with C requesting authentication, a message will be sent<REPLY _ VALI, C, h, v, Wrong' > identifies error of the cooperative verification result; if k is+Reply message if there is no certificate cached in device v<REPLY _ NO _ CERT, C, h, v > identifies that NO certificate was found, and the reason for the lack of a certificate may be as follows: (1) there is a lack of space for caching certificates. (2) A false match.
When the cluster head node receives the message REPLY _ VALI and the Correct' identifier, the cluster head node indicates that the non-cluster head node is credible, the cluster head node establishes safe communication with the non-cluster head node, and then a time slice of communication is distributed to the cluster head node; if the cluster head node receives the message REPLY _ VALI and Wrong' identification, the cluster head node indicates that the non-cluster head node is not credible, the cluster head node discards the certificate and transmits the message to the sink node, the sink node forwards the message to the edge server, the non-cluster head node is removed from the network after the verification of the edge server, and if the edge server finds that the cluster head node defamation is performed, the cluster head node is removed from the network; when the cluster head node receives the message REPLY _ NO _ CERT, it indicates that the non-cluster head node is not authenticated by other sensor devices, and the cluster head node will authenticate the non-cluster head node by itself.
The cluster head node may send the result of the device v assisting its verification to the edge server to update the trust value of the verifier device. The message < UPDATE _ true, h, t, E > is sent where E contains one or more REPLY _ VALI messages it received in the previous round.
(2) Independent authentication
If the cluster head node verifies the certificate of the non-cluster head node and the attached public key by itself, the processing procedure consumes the calculation and energy consumption resources of the cluster head node and generates a certain time delay. When the certificate is verified, the cluster head node stores the verified certificate in its own local space for caching the certificate. In this process, the cluster head node needs to CHECK whether the certificate is revoked, the cluster head node needs to send a message < CHECK _ rev, C, h, t > to the edge server, where t represents a timestamp at the time of sending, to inquire whether the certificate is revoked, if the certificate is in the revocation list, the edge server sends a message < rev _ CERT, C, h, t > to the cluster head node to recall the certificate, and the cluster head node deletes the certificate from its cache. If the certificate is not revoked, the certificate public key and the cluster head node are added into an update list of the edge server, and are distributed to the whole network equipment after the subsequent data transmission round is finished. Before issuing, the edge server checks whether the verification result is correct.
Claims (1)
1. A large-scale wireless sensor network collaborative identity authentication method is characterized by comprising the following specific steps:
step (1), network initialization after cold start improvement
When the network is initialized, the CLOC locator is empty, the CLOC is a mapping set of a public key certificate and a device ID for verifying the public key certificate, and the data structure of the CLOC locator is divided into two parts of index and storage content; the cluster head node divides the non-cluster head nodes into two groups according to a Hungarian matching algorithm, and the nodes between the two groups randomly and mutually execute independent verification processes;
step (2), independent verification process
The equipment receives a certificate needing to be independently verified, and executes certificate verification operation of the public key password; if the certificate is verified successfully, performing the inserting operation of the CLOC locator; construction of CRC32(PKcer) As an index, where PKcerFor certificate public key values, CRC32Is a 32-bit cyclic redundancy check function; construction of CRC32(PKcer)||CRC32(IDXver)>>24||IDXverAs a memory content, wherein IDXverA sensor device ID of the verifier itself; the constructed CLoc positioner can realize the rapid positioning of the sensor equipment which verifies the public key certificate; after the equipment constructs the index of the CLoc locator and completes the construction of the storage content, the index is sent to the coordinator<NEW-CACHE>The message is sent to finish the updating of the CLoc locator;
the coordinator works as follows:
the coordinator is responsible for receiving the CLoc locator update value sent by the sink node and updating the CLoc locator update value to all equipment in the network at regular time; in addition, the coordinator regularly inquires a certificate revocation list from the CA, informs the equipment to delete the certificate record needing to be deleted from the locator, and informs the verifier of the certificate to delete the certificate cached by the verifier; if the trust value of a certain device is still lower than the initial set value after a given time, the device is removed from the locator by the coordinator;
the trust value setting mode is as follows:
in order to better quantify the trust degree of the sensor equipment in the cooperative verification process, a subjective logic framework is introduced to construct a communication trust model, and the honest verification event number s and the dishonest verification event number s in the record are relied onReal number of verification events f calculating the associated trust value
The range of the trust value T is 0,1]A value of 1 indicates that trust is completely possible and a value of 0, on the contrary, indicates that trust is not possible at all; initially, the trust value between every two devices is initially set to 0.5; calculating to obtain a direct trust value according to the honest and dishonest event number in the verification process, and updating the trust value based on a sliding time window;
step (3), collaborative verification process
After initialization is complete, when sensor device d is ready1Needs to communicate with another device d2When establishing the secure communication, the public key certificate C needs to be verified2The verification process is as follows:
first of all device d1Searching local CLOC locator, inquiring whether other equipment verifies and caches certificate C2(ii) a If the CLoc locator returns verification and caches the certificate C2D, verifying whether the CRC check values of the public keys are consistent, and then verifying the device d2If the ID of (a) and the value after the CRC check are consistent, and if both are correct, communicating with the inquired verifier device to cooperatively verify the certificate C2(ii) a If the query result of the CLoc locator indicates that no equipment is cached and the certificate C is verified2Or verifying that the CRC check value of the public key does not accord with the check value obtained by indexing in the CLOC locator, and then equipment d1And (5) carrying out the flow of independently verifying the certificate, and synchronizing the step (2).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110255221.3A CN112995992B (en) | 2021-03-09 | 2021-03-09 | A collaborative authentication method for large-scale wireless sensor networks |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110255221.3A CN112995992B (en) | 2021-03-09 | 2021-03-09 | A collaborative authentication method for large-scale wireless sensor networks |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112995992A CN112995992A (en) | 2021-06-18 |
| CN112995992B true CN112995992B (en) | 2022-01-04 |
Family
ID=76336165
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110255221.3A Active CN112995992B (en) | 2021-03-09 | 2021-03-09 | A collaborative authentication method for large-scale wireless sensor networks |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112995992B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114996233B (en) * | 2022-02-21 | 2024-12-13 | 深圳市玄羽科技有限公司 | Industrial Internet platform data processing method, device and computer readable medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102088462A (en) * | 2011-01-09 | 2011-06-08 | 浙江大学 | Sensor network distributed access control method capable of protecting user privacy |
| CN109245882A (en) * | 2018-09-08 | 2019-01-18 | 华东交通大学 | A kind of SM2 endorsement method suitable for electric power wireless sensor network |
| CN110012015A (en) * | 2019-04-09 | 2019-07-12 | 中国科学院沈阳计算技术研究所有限公司 | A kind of internet of things data sharing method and system based on block chain |
| CN110879879A (en) * | 2018-09-05 | 2020-03-13 | 航天信息股份有限公司 | Internet of things identity authentication method and device, electronic equipment, system and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101754364B1 (en) * | 2013-11-20 | 2017-07-07 | 한국전자통신연구원 | System and the Method of Key Management for Sensor Network Security |
-
2021
- 2021-03-09 CN CN202110255221.3A patent/CN112995992B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102088462A (en) * | 2011-01-09 | 2011-06-08 | 浙江大学 | Sensor network distributed access control method capable of protecting user privacy |
| CN110879879A (en) * | 2018-09-05 | 2020-03-13 | 航天信息股份有限公司 | Internet of things identity authentication method and device, electronic equipment, system and storage medium |
| CN109245882A (en) * | 2018-09-08 | 2019-01-18 | 华东交通大学 | A kind of SM2 endorsement method suitable for electric power wireless sensor network |
| CN110012015A (en) * | 2019-04-09 | 2019-07-12 | 中国科学院沈阳计算技术研究所有限公司 | A kind of internet of things data sharing method and system based on block chain |
Non-Patent Citations (1)
| Title |
|---|
| 无线传感器网络密钥种子管理和分配模型及应用;冯涛;《计算机研究与发展》;20080131;第45卷(第1期);146-153 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112995992A (en) | 2021-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107769925B (en) | Public key infrastructure system based on block chain and certificate management method thereof | |
| Miao et al. | Fair and dynamic data sharing framework in cloud-assisted internet of everything | |
| US7581095B2 (en) | Mobile-ad-hoc network including node authentication features and related methods | |
| Wang et al. | Hybrid conditional privacy-preserving authentication scheme for VANETs | |
| CN111970299A (en) | Block chain-based distributed Internet of things equipment identity authentication device and method | |
| Luo et al. | Lightweight three factor scheme for real-time data access in wireless sensor networks | |
| CN113626781B (en) | Block chain efficient authentication method based on trusted group | |
| CN109218981B (en) | Wi-Fi access authentication method based on location signal feature consensus | |
| US11902426B2 (en) | Efficient storage of blockchain in embedded device | |
| Subramani et al. | Blockchain-based physically secure and privacy-aware anonymous authentication scheme for fog-based vanets | |
| CN107210910A (en) | Method, electronic device and computer program for providing a hash value for a piece of data | |
| US20240430104A1 (en) | Device Authentication using Blockchain | |
| CN113747433B (en) | Equipment authentication method based on block side chain structure in fog network | |
| US20250031040A1 (en) | Decentralized trusted access method for cellular base station | |
| Gu et al. | Multi-fogs-based traceable privacy-preserving scheme for vehicular identity in Internet of Vehicles | |
| CN119011163A (en) | Universal distributed digital identity authentication management method and system with high integration | |
| CN112383393B (en) | Software-defined sensor network trusted communication system and method | |
| CN112039837B (en) | Electronic evidence preservation method based on block chain and secret sharing | |
| Li et al. | Lattice-based conditional privacy-preserving batch authentication protocol for fog-assisted vehicular ad hoc networks | |
| Li et al. | Blockchain-assisted secure message authentication with reputation management for VANETs: H. Li, D. Han | |
| EP4203377B1 (en) | Service registration method and device | |
| Wang et al. | Decentralized CRL management for vehicular networks with permissioned blockchain | |
| CN116260645B (en) | Node admittance method, consensus method, device, electronic equipment and storage medium | |
| CN112995992B (en) | A collaborative authentication method for large-scale wireless sensor networks | |
| Feng et al. | Reputation evaluation scheme based on puf and blockchain with channel congestion mitigation in the internet of vehicles |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information |
Inventor after: Li Fengqi Inventor after: Zhang Lupeng Inventor after: Wang Pingchuan Inventor after: Fan Yonggang Inventor after: Chi Zongzheng Inventor before: Li Fengqi Inventor before: Fan Yonggang Inventor before: Chi Zongzheng Inventor before: Zhang Lupeng Inventor before: Wang Pingchuan |
|
| CB03 | Change of inventor or designer information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |