[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN114915970B - PUF-based lightweight intelligent meter batch authentication method and gateway - Google Patents

PUF-based lightweight intelligent meter batch authentication method and gateway Download PDF

Info

Publication number
CN114915970B
CN114915970B CN202210350924.9A CN202210350924A CN114915970B CN 114915970 B CN114915970 B CN 114915970B CN 202210350924 A CN202210350924 A CN 202210350924A CN 114915970 B CN114915970 B CN 114915970B
Authority
CN
China
Prior art keywords
gateway
authentication
server
intelligent
intelligent meter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210350924.9A
Other languages
Chinese (zh)
Other versions
CN114915970A (en
Inventor
孙钰
刘霏霏
关振宇
李大伟
崔剑
刘建伟
刘文懋
王晓鹏
李东宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Nsfocus Technologies Group Co Ltd
Original Assignee
Beihang University
Nsfocus Technologies Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University, Nsfocus Technologies Group Co Ltd filed Critical Beihang University
Priority to CN202210350924.9A priority Critical patent/CN114915970B/en
Publication of CN114915970A publication Critical patent/CN114915970A/en
Application granted granted Critical
Publication of CN114915970B publication Critical patent/CN114915970B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a PUF-based lightweight intelligent meter batch authentication method and a gateway, wherein the method comprises the following steps: the gateway registers with the intelligent table, and the authentication credentials are stored in a binding way; the server authenticates the gateway, generates a session key with the gateway and the intelligent meter, and returns an aggregation credential of the intelligent meter; the gateway authenticates the server, derives the session key with the server, broadcasts the hash value of the aggregation credential to the intelligent meter, and informs the intelligent meter of reporting authentication information; the intelligent meter derives a session key with the server and reports authentication information to the gateway; the gateway verifies the intelligent table in batches through the aggregate certificates, and reports the authentication result to the server; the server checks the result, if the authentication fails, the broken intelligent meter can be found out to inform the gateway to reject the message, and the intelligent meter can also check the authentication result. The gateway has batch authentication and access control functions. Therefore, the problems of high operation cost, over-strong gateway security assumption, incapability of resisting physical attack, inapplicability to a sensor network architecture and the like in the related art are solved.

Description

PUF-based lightweight intelligent meter batch authentication method and gateway
Technical Field
The application relates to the technical field of cryptography in information security, in particular to a PUF-based lightweight smart meter batch authentication method and a gateway.
Background
With the rapid development of the emerging industries such as the internet of things and the mobile internet, the market of intelligent sensors is growing at a high speed. The intelligent sensor consists of a sensing element, a signal conditioning circuit and a controller (or a processor), has the functions of data acquisition, conversion, analysis and even decision making, and provides bidirectional communication, real-time monitoring, perception control and intelligent service for users and suppliers with higher efficiency, flexibility and reliability, so that the power consumption is reduced, and more convenience is brought. Compared with the traditional sensor network, the intelligent sensor network is deeply integrated with the Internet of things and the Internet, and a large number of intelligent terminals on the user side are widely accessed and visited, so that more attack surfaces are exposed. With the rapid development of communication technology, the scale of the terminal is continuously enlarged, malicious attacks aiming at the intelligent sensor network are more violent and frequent, and the alarm clock is knocked off for the intelligent sensor network.
The intelligent sensor network is a typical 'end-side-cloud' architecture system with a control plane tightly coupled with an information plane. The information plane is mainly used for metering and information exchange, and consists of a Meter Device (MD), a neighborhood gateway (neighborhood gateway, NG) and a Service Provider (SP). The smart meter is deployed on the user side, usually a device with extremely limited resources, and is responsible for collecting and monitoring the data of each sensor and reporting to the gateway periodically. The gateway is connected with the intelligent meter and the server and is responsible for reporting the information to the server after the information is summarized, and meanwhile, the control instruction is forwarded from the server. The server is deployed on the provider side and performs unified management on all functions. However, no solution is currently being studied intensively for authentication and secure communication of the three.
As a very promising technology, narrowband internet of things (NB-IoT) supports low cost, long endurance and large scale device connections, which would also have to facilitate intelligent sensor network secure communications. In NB-IoT data transmission optimization, radio resource control (radio resource control, RRC) connection requests send IP data or non-IP data by using non-access stratum (NAS) protocol data units (protocol data unit, PDUs) without establishing a data radio bearer. That is, when the gateway wakes up from an idle state to a connected state by using an established link, uplink data may be directly embedded in a previously established NAS PDU. And downlink data transmissions from the server require a new NAS connection to be established. However, most of the existing internet of things scenario solutions do not consider the downlink traffic optimization.
Considering the price and signaling overhead of the NB-IoT module, when the connection is actually deployed, the smart meter needs to be connected to the gateway through a wired bus, and the gateway can report to the server through the NB-IoT wireless air interface after the gateway is summarized. A typical commercial gateway is equipped with both NB-IoT modules and various bus interfaces to connect the server at the wireless end and the smart meter at the wired end. Due to the lack of confidentiality, integrity and access control capabilities, the wired end exposes more attack surfaces than the wireless end and is more vulnerable to network attacks. In the sensor network, an external attacker can eavesdrop, tamper and replay the information transmitted between the gateway and the server; an internal attacker may impersonate the legitimate node identity, infer from the data processing, steal other entities' secret information. A plurality of researches find that through data analysis, an attacker can easily acquire privacy information such as the living rule, the house occupancy rate, the economic condition and the like of family members. However, there is still a lack of integrated security protocols for bus-NB-IoT heterogeneous networks.
In addition to network attacks, another security challenge faced by smart sensor networks is physical attacks against outdoor deployment devices. The security of conventional cryptographic techniques relies on the secrecy of long-term keys, whereas in a physical attack, an attacker can steal, copy or replace long-term keys stored in non-volatile memory. One solution is to equip the device with tamper-resistant hardware, but this is a significant overhead for sensor networks with tens of millions of smartmeters and gateway accesses. Thus, a physically unclonable function (physically unclonable function, PUF) is introduced into the sensor network protocol as an economical and reliable method to avoid the storage of preset keys. However, the existing end-side-cloud sensing network authentication scheme still stores long-term symmetric keys in the gateway and the smart meter.
Currently, although all researchers agree on the "end-to-edge-cloud" architecture of the sensor network, most authentication schemes will simplify the authentication process directly into communication between the smart meter and the server or between the smart meter and the gateway. The former ignores the functions of message forwarding, aggregation, verification and the like which are played in the middle by the gateway, and does not matter about security threat brought by the introduced gateway. The latter gives the gateway extremely strong security capability, and the gateway is considered to be a completely trusted entity, while the gateway is actually close to the user side, is deployed outdoors and is extremely vulnerable to various attacks. Even though many schemes propose inter-party authentication and key agreement schemes, most still give the gateway the ability to participate in session key agreement, or introduce complex and time-consuming cryptographic operations. In summary, the existing solution has the problems of high operation cost, over-strong gateway security assumption, incapability of resisting physical attack and inapplicability to a sensor network architecture. How to realize the end-to-end batch authentication and key negotiation which are lightweight and resist physical attacks is an urgent problem to be solved by the security application of the intelligent meter.
Disclosure of Invention
The application provides a PUF-based lightweight intelligent meter batch authentication method and a gateway, which are used for solving the problems that in the prior art, the operation cost is high, the security assumption of the gateway is too strong, the physical attack cannot be resisted, the sensor network architecture is not applicable, and the like.
An embodiment of a first aspect of the present application provides a PUF-based bulk authentication method for lightweight smart meters, including the steps of: registering the server, the gateway and the intelligent meter, and binding the registration information with authentication credentials; the server receives a session access request sent by a gateway; verifying the identity information of the gateway, selecting a random number to calculate a session key with the intelligent meter and the gateway after the identity information passes the verification, aggregating the authentication credentials of the intelligent meter in an exclusive-or mode, encrypting the session key, and sending an access reply containing the encryption credentials, the random number and the integrity check information to the gateway; the gateway derives the session key, decrypts the plaintext from the encryption certificate, conceals the plaintext through a hash function, broadcasts an aggregate smart meter certificate containing a server random number and hashed data on a bus, and reports authentication information to the smart meter; the intelligent meter restores correct response, calculates an end-to-end session key, an authentication credential and a pseudo-identity for the next round of session with the server, and returns an authentication response comprising the authentication credential and the pseudo-identity and integrity protection message for the next round of session to the gateway; the gateway checks the integrity of the intelligent meter information, authenticates the intelligent meters in batches, and after the intelligent meters pass the authentication, updates the pseudo identity of the intelligent meters and simultaneously informs a server of successful authentication; when the smart meter authentication is successful, the server checks whether the message from the gateway is correctly encrypted; when the authentication of the intelligent meter fails, the server checks the intelligent meter certificates one by one, finds out the broken intelligent meter, and informs the gateway of rejecting the report information of the broken intelligent meter. The intelligent meter verifies whether the hash value of the previously received aggregation credential is equal to the hash value after exclusive or of all currently received authentication credentials, and if so, the pseudo identity is updated; otherwise, the current pseudo identity is used and the re-authentication is waited.
Optionally, in one embodiment of the present application, the registering the server, the gateway and the smart table, and binding the registration information with the authentication credentials includes: generating a real identity, a pseudo identity and a challenge value of the intelligent meter through a registration center, generating a real identity and a challenge value of a gateway, generating a real identity and a private key of a server, and transmitting the generated registration information to each entity through a secure channel; the gateway and the intelligent meter derive unique unclonable response values from the challenge values and return the unique unclonable response values to the registry, the registry derives auxiliary data from the responses through a fuzzy extraction algorithm, binding information and an integrity check value are calculated, and the auxiliary data are issued to the gateway and the intelligent meter; the registry sends the binding information to the association database.
Optionally, in one embodiment of the present application, the server receives a session access request sent through a gateway, including: and selecting a challenge value through the gateway, generating an inaccurate response, locally recovering an actual response through auxiliary data, deriving a batch verification credential according to the actual response, and sending the access request containing the timestamp, the identity and the integrity protection information to a server.
Optionally, in one embodiment of the present application, the verifying, by the server, the identity information of the gateway includes: inquiring the gateway identity in the database, and if the record is not inquired, verifying that the record is not passed; and requesting binding information from the associated database, checking the integrity protection value, confirming whether the information is tampered, calculating authentication credentials of the intelligent meter and the gateway by using the private key, and authenticating the identity of the gateway according to the calculation result.
Optionally, in one embodiment of the present application, when the gateway verifies the integrity of the smart meter message, if the verification fails, all smart meter credentials are encrypted with a session key with the server and then sent to the server.
An embodiment of the third aspect of the present application provides a gateway, configured to perform the foregoing PUF-based lightweight smart meter batch authentication method, where the gateway is configured to perform batch authentication on a smart meter according to an authentication credential issued by a server, and perform access control by performing smart meter pseudo identity filtering.
The PUF-based lightweight intelligent meter batch authentication method and gateway provided by the embodiment of the application have the following beneficial effects:
1) The present application proposes the first use of PUF protection to deploy a key agreement (authentication and key agreement, AKA) protocol for the outdoor edge and end devices. By using an intrinsic SRAM PUF, both the gateway and the smart meter can resist physical attacks without storing long-term keys. In addition, for honest and curious gateways and smart meters, the protocol still satisfies a variety of security properties such as forward security, non-repudiation, resistance to man-in-the-middle attacks, and the like.
2) The method is suitable for a more practical heterogeneous sensor network 'end-side-cloud' architecture. In the bus-NB-IoT heterogeneous network, the gateway is connected with the smart meter through the bus, and the message is reported to the server through the wireless air interface. In the authentication process, the gateway can verify the intelligent meter in batches by means of the authentication credentials issued by the server. In addition, through smart meter ID filtering, the gateway plays a role in access control, and meanwhile DoS attacks to the server are reduced. The protocol provides integrated security for a bus-NB-IoT heterogeneous sensor network "end-side-cloud" architecture.
3) To reduce NB-IoT downstream overhead, the present application reduces communication overhead from O (m) to O (1) through downstream traffic optimization. By aggregating the issuance of authentication credentials, signaling overhead can be greatly reduced. Because the protocol only uses extremely light-weight cryptographic operation, the intelligent meter function can be realized on the singlechip with limited resources. The static binding technique of authentication credentials allows the protocol to be implemented using a more lightweight weak PUF, thus also eliminating the need to store and frequently update CRPs, reducing communication and storage overhead. The superiority of the protocol in computing, communication, storage and signaling overhead is further demonstrated by performance analysis.
Additional aspects and advantages of the application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the application.
Drawings
The foregoing and/or additional aspects and advantages of the application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings, in which:
fig. 1 is a registration flowchart of a PUF-based lightweight smart meter batch authentication method provided in accordance with an embodiment of the present application;
fig. 2 is a flowchart of a PUF-based lightweight smart meter batch authentication method according to an embodiment of the present application;
fig. 3 is a flow chart of batch authentication and key agreement according to an embodiment of the present application.
Detailed Description
Embodiments of the present application are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative and intended to explain the present application and should not be construed as limiting the application.
The method of the application provides a PUF-based lightweight intelligent meter batch authentication scheme for heterogeneous intelligent sensor networks, and the whole scheme is realized by cooperation of three models, namely an initial module, a registration module and a batch authentication module. The symbols used in the model design are shown in the following table:
model symbol interpretation
Further, in daily life, the mobile embedded device as a functional platform can help the user to complete various demands conveniently and rapidly, and is an indispensable part of people's life. However, the development of mobile hardware security cannot keep pace with the era, and more security problems are continuously emerging. To improve security, it is proposed to place the key in a non-volatile electrically erasable programmable read-only memory (EEPROM) or Static Random Access Memory (SRAM), using hardware encryption operations such as digital signature or encryption. But this approach consumes significant power and is vulnerable to intrusive attacks.
In order to solve the security problem of mobile hardware, PUFs are proposed. PUFs are a function that exploits the random differences that are unavoidable in the chip manufacturing process, such that each chip outputs an unpredictable response from an input stimulus. PUFs generally comprise six properties:
1) Light weight: the number and the size of the components for realizing the physical unclonable function are very small, so that the method has wide application prospect in equipment with limited resources.
2) Unclonability: given one unclonable function f (x), another unclonable function f' (x) is implemented by construction such that for any x 1 Within a small error f (x 1 )=f’(x 1 ) Is extremely difficult.
3) Unidirectional: when any one stimulus x is input i There is always a response y i Corresponding thereto, but given a response y i But cannot find an excitation x corresponding thereto i
4) Uniqueness: given the same stimulus C for a certain number of PUFs with the same manufacturing structure, the resulting responses of these PUFs are different.
5) Unpredictability: given any stimulus x, it is very difficult to predict the corresponding response y.
6) Tamper resistance: since PUFs rely on small physical construction differences, it is generally considered that tampering with a PUF will inevitably alter the stimulus response behavior of the PUF.
The PUF helps the terminal device to realize key storage and identity authentication from a hardware level, and the lightweight and unclonable characteristics of the PUF are very suitable for the terminal device of the internet of things with limited resources. The SRAM PUF extracted by the microcontroller is mainly used in the present application.
It should be noted that PUFs rely on the simulated physical properties of the manufactured circuit to obtain secret information, and are susceptible to noise and other environmental factors, so that the responses obtained by inputting the same stimulus are somewhat different. To solve this problem, a fuzzy extractor is used to generate side information with proper entropy from the noise and non-uniform random PUF response for recovering the correct response.
Specifically, the blur extraction algorithm is composed of functions fe.gen () and fe.rec (). Fe.gen () is a probabilistic key generation algorithm taking as input the initial PUF response r and outputting the key K and the helper data hd, i.e. (K, hd) ≡fe.gen (r); in contrast, the key recovery algorithm fe.rep () takes the noisy response r 'and the helper data hd as inputs, and outputs the same key K, i.e., (K) +.fe.rec (r', hd).
The PUF-based lightweight smart meter batch authentication method and gateway according to embodiments of the present application are described below with reference to the accompanying drawings. Aiming at the problems that the prior art mentioned by the background center is high in operation cost, too strong in gateway security assumption, incapable of resisting physical attacks, inapplicable to sensor network architecture and the like, the application provides a PUF-based lightweight smart meter batch authentication method, a PUF-based lightweight smart meter batch authentication and AKA method and gateway equipment supporting the AKA protocol are provided for heterogeneous smart sensor networks. In the enrolment phase, a unique unclonable authentication credential is generated by means of the PUF and data binding takes place. By establishing end-to-end bi-directional AKA at the smart meter and server, secure communication with an "end-edge-cloud" heterogeneous network of a wireless narrowband internet of things (NB-IoT) via a wired bus is achieved. The gateway provided by the application has batch authentication and access control capability, and can obviously reduce the calculation and communication expenditure. The application avoids the storage of the secret key on two kinds of external deployment equipment, namely the intelligent meter and the gateway end, has obvious advantages in the aspects of calculation, communication, storage and signaling overhead, can resist network attack and physical attack at the same time, realizes the privacy protection of users, and can provide the identity authentication function of the intelligent meter for safe and credible meter reading. Therefore, the problems that in the prior art, the operation cost is large, the security assumption of the gateway is too strong, the physical attack cannot be resisted, the sensor network architecture is not suitable and the like are solved.
Specifically, fig. 2 is a flowchart of a PUF-based lightweight smart meter batch authentication method according to an embodiment of the present application.
As shown in fig. 2, the PUF-based lightweight smart meter batch authentication method includes the following steps:
in step S101, a server, a gateway, and an intelligent meter are registered, and authentication credentials are bound to the registration information.
Optionally, in one embodiment of the present application, registering the server, the gateway and the smart meter and binding the registration information with the authentication credentials includes: generating a real identity, a pseudo identity and a challenge value of the intelligent meter through a registration center, generating a real identity and a challenge value of a gateway, generating a real identity and a private key of a server, and transmitting the generated registration information to each entity through a secure channel; the gateway and the intelligent meter derive unique unclonable response values from the challenge values and return the unique unclonable response values to the registry, the registry derives auxiliary data from the responses through a fuzzy extraction algorithm, binding information and an integrity check value are calculated, and the auxiliary data are issued to the gateway and the intelligent meter; the registry sends the binding information to the association database.
The application utilizes three main models to realize functions, wherein the initial model is used for initializing system parameters; the registration model is used for acquiring a device PUF response before deployment and generating binding data for subsequent authentication; the batch authentication model realizes end-to-end mutual authentication and key negotiation between the intelligent meter and the server.
Before mutual authentication and key agreement, initialization and registration are first performed. In the initial model, a large prime number q is selected by the registry and shared with the server. In the registration model, as shown in fig. 1, the gateway and the smart meter need to be registered with the registry together with the server before deployment. Generating a true identity ID for a smart meter by a registry i TID of pseudo identity i =H(K S ||ID i ) Challenge C i Generating a true identity ID for a gateway G Challenge C G Generating a true identity ID for a server S And private key K S The registry transmits registration information to each entity via a secure channel. Gateway and smart meter derive unique unclonable response value r from challenge * =PUF * (C * ) Returning to the registry, which derives auxiliary data hd from the response by means of a fuzzy extraction algorithm * ←FE.Gen(r * ) Calculating binding information alpha * =H(r * )/K S And an integrity check value MAC * =H(K S ||ID * ||α * ) And sending the auxiliary data to the gateway and the intelligent meter. The registry binds the information<{α * ,MAC * }>And the associated database is sent, and the binding information can be stored in a public way without encryption.
In step S102, the server receives a session access request transmitted through the gateway.
Optionally, in one embodiment of the present application, the server receives a session access request sent through the gateway, including: the gateway selects the challenge value, generates inaccurate response, locally recovers actual response through auxiliary data, derives batch verification credentials according to the actual response, and sends an access request containing time stamp, identity and integrity protection information to the server.
Specifically, once powered up or forced to require re-authentication, the gateway initiates the session by requesting a batch of authentication credentials from the server. The gateway first selects the challenge value, generates an inaccurate response r G '=PUF G (C G ) Locally restoring the correct response r by means of auxiliary data G ←FE.Rec(r G ',hd G ) From which the credentials y are then derived G =H(r G ). Integrity is defined by Q 1 =H(ID G ||TS||y G ) Protection, where TS is the current timestamp. Then access request M containing time stamp, identity, integrity protection information 1 =<TS,ID G ,Q 1 >And sending the data to a server.
Step S103, the server verifies the identity information of the gateway, after the verification is passed, the server selects a random number to calculate a session key with the intelligent meter and the gateway, the authentication credentials of the intelligent meter are aggregated in an exclusive-or mode, the session key is used for encryption, and an access reply containing the encryption credentials, the random number and the integrity check information is sent to the gateway.
Optionally, in one embodiment of the present application, the server verifies identity information of the gateway, including: inquiring the gateway identity in the database, and if the record is not inquired, verifying that the record is not passed; and requesting binding information from the associated database, checking the integrity protection value, confirming whether the information is tampered, calculating authentication credentials of the intelligent meter and the gateway by using the private key, and authenticating the identity of the gateway according to the calculation result.
Specifically, after receiving an access request from a gateway, the server first queries a database for a gateway identity ID G -{TID i -ID i If no record is queried, the request is ignored. Whether or notThe server sends the associated database<ID S ,ID G >The associated database returns binding data<{α * ,MAC * }>. Server checking integrity protection value MAC * To confirm that the message has not been tampered with. Subsequently, using the private key K S Computing authentication credentials y for smart meters and gateways * =H(α * ·K S ) Then can pass through y G The gateway identity is authenticated. The server then selects the random number N S Computing session key SK with smart meter and gateway * =H(y * ||N S ). In addition, the server calculates all the smart meter authentication credentials Auth i They are dissimilar or aggregated into Auth and used with the session key SK of the gateway G Encryption is carried out to obtain X. Finally, an access reply M containing encryption certificates, random numbers and integrity check information is provided 2 =<X,N S ,Q 2 >And sending the message to the gateway.
Step S104, the gateway derives the session key, decrypts the plaintext from the encryption certificate, conceals the plaintext through a hash function, broadcasts an aggregate smart meter certificate containing the server random number and the hash on a bus, and informs the smart meter of reporting authentication information.
Specifically, by checking Q 2 Y in (a) G The gateway can authenticate the server and confirm the received random number N S Is indeed server generated. The gateway then derives the session key SK G Auth is decrypted from X, and hidden by Auth' =h (Auth). Subsequently, the gateway broadcasts M on the bus 3 =<ID G ,Auth',N S >And informing the intelligent meter to report the authentication information.
In step S105, the smart meter recovers the correct response, calculates the end-to-end session key with the server, the authentication credentials, and the pseudo-identities for the next round of session, and returns an authentication response including the authentication credentials and the pseudo-identities and integrity protection messages for the next round of session to the gateway.
Specifically, the smart meter first recovers the correct response r i Then calculates an end-to-end session key SK with the server i =H(H(r i )||N S ). To be authenticated by the gateway, the smart meter calculates an authentication credential Auth i =H(SK i ||N S ). Simultaneous calculation of pseudo-identities for the next round of sessionsTo play a privacy preserving role. But also preserve the previous TID i In case of failure of the authentication of this round. Finally, together with the integrity protection message +.>Authentication response M to contain information such as authentication credentials 4i And returning to the gateway, and sending m messages by the m intelligent meters.
In step S106, the gateway checks the integrity of the smart meter message, authenticates the smart meter in batch, and after passing the authentication, updates the pseudo identity of the smart meter and simultaneously notifies the server that the authentication is successful.
Optionally, in one embodiment of the application, when the gateway verifies the integrity of the smart meter message, if the verification fails, all smart meter credentials are sent to the server in an encrypted manner.
Specifically, after acquiring the aggregated smart meter authentication credentials Auth from the server, the gateway is given batch authentication and access control capabilities. The gateway first checks Q 3i And then checking if Auth is equal to the integrity of (c)If the m intelligent tables are equal, the m intelligent tables pass verification, the gateway updates the pseudo identity of the intelligent tables, and meanwhile the server is informed of passing the authentication. To prevent message tampering, the gateway uses session key SK G Encryption of TAG Done And N S Obtaining M Done Will be<TAG done ,M done >And sending the data to a server. If not, meaning that at least one smart meter is breached, the gateway will send all auths i By SK G Encryption put into M Fail Will be<TAG Fail ,M Fail >And sending the data to a server.
In step S107, when the smart meter authentication is successful, the server checks whether the message from the gateway is correctly encrypted; when the authentication of the intelligent meter fails, the server checks the intelligent meter certificates one by one to find out the broken intelligent meter and inform the gateway to reject the report information of the broken intelligent meter.
Specifically, if the smart meter authentication is successful, the server checks M Done Whether or not to be equal toTo protect against counterfeiting or replay attacks. If the authentication of the intelligent meter fails, the server checks the certificate Auth of the intelligent meter one by one i To find out the broken intelligent meter and inform the gateway to reject the report information of the intelligent meter.
In step S108, the smart meter verifies whether the hash value of the previously received aggregate credential is equal to the hash value of all currently received authentication credentials after exclusive or, and if so, updates the pseudo identity; otherwise, the current pseudo identity is used and the re-authentication is waited.
Specifically, while the smart meter sends the authentication response, the smart meter receives authentication credentials of other smart meters on the bus, verifies whether the previously received aggregate credentials of Ha Xihou are equal to the xor hash value of the currently received plain authentication credentials, if so, the smart meter confirms that the same session key is negotiated with the server, and updates the pseudo identity, otherwise, the current pseudo identity is continued to be used, and the re-authentication is waited.
Specifically, the smart meter sends an authentication response Auth i Can also receive Auth of other intelligent meters on the bus i . Thus, the smart meter can verify whether the previously received Auth' is equal toIf so, the intelligent meter can confirm that the same session key was negotiated with the server and will update the pseudo-identity. Otherwise, the current pseudo-identity TID will continue to be used i Waiting for re-authentication.
According to the PUF-based lightweight intelligent meter batch authentication method provided by the embodiment of the application, the outdoor gateway and the intelligent meter are protected and deployed simultaneously by means of the intrinsic SRAM PUF, and the end-to-end bidirectional AKA is established between the intelligent meter and the server, so that the secure communication between the intelligent meter and the wireless narrowband internet of things heterogeneous gateway is realized. Meanwhile, the semi-honest gateway equipment has batch authentication and access control capability, and can obviously reduce calculation and communication expenses. The application avoids key storage at the intelligent meter and gateway end, has obvious advantages in the aspects of calculation, communication, storage and signaling overhead, can resist physical attack and various network attacks at the same time, and has wide application prospect and market value.
The embodiment also provides a gateway which has the functions of batch verification and access control. The gateway can verify the intelligent meter in batches according to the authentication credentials issued by the server, and the authentication pressure of the server is relieved. In addition, through intelligent meter false identity filtering, the gateway plays a role in access control, and meanwhile DoS attacks to the server can be reduced.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or N embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present application, "N" means at least two, for example, two, three, etc., unless specifically defined otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more N executable instructions for implementing specific logical functions or steps of the process, and further implementations are included within the scope of the preferred embodiment of the present application in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the embodiments of the present application.
It is to be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the N steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. As with the other embodiments, if implemented in hardware, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
Those of ordinary skill in the art will appreciate that all or a portion of the steps carried out in the method of the above-described embodiments may be implemented by a program to instruct related hardware, where the program may be stored in a computer readable storage medium, and where the program, when executed, includes one or a combination of the steps of the method embodiments.

Claims (5)

1. The light-weight intelligent meter batch authentication method based on the PUF is characterized by comprising the following steps of:
registering the server, the gateway and the intelligent meter, and binding the registration information with authentication credentials;
the server receives a session access request sent by a gateway;
the server verifies the identity information of the gateway, selects a random number to calculate a session key with the intelligent meter and the gateway after the identity information passes the verification, aggregates the authentication credentials of the intelligent meter in an exclusive-or mode, encrypts the session key, and sends an access reply containing the encryption credentials, the random number and the integrity check information to the gateway;
the gateway derives the session key, decrypts the plaintext from the encryption certificate, conceals the plaintext through a hash function, broadcasts an aggregate smart meter certificate containing a server random number and hashed data on a bus, and reports authentication information to the smart meter;
the intelligent meter restores correct response, calculates an end-to-end session key, an authentication credential and a pseudo-identity for the next round of session with the server, and returns an authentication response comprising the authentication credential and the pseudo-identity and integrity protection message for the next round of session to the gateway;
the gateway checks the integrity of the intelligent meter information, authenticates the intelligent meters in batches, and after the intelligent meters pass the authentication, updates the pseudo identity of the intelligent meters and simultaneously informs a server of successful authentication;
when the smart meter authentication is successful, the server checks whether the message from the gateway is correctly encrypted; when the authentication of the intelligent meter fails, the server checks the credentials of the intelligent meter one by one, finds out the broken intelligent meter, and informs the gateway of rejecting the report information of the broken intelligent meter;
the intelligent meter verifies whether the hash value of the previously received aggregation credential is equal to the hash value obtained by exclusive-OR of all currently received authentication credentials, and if so, the pseudo identity is updated; otherwise, the current pseudo identity is used and the re-authentication is waited;
the registering the server, the gateway and the intelligent table and binding the registration information with the authentication credentials comprises the following steps:
generating a real identity, a pseudo identity and a challenge value of the intelligent meter through a registration center, generating a real identity and a challenge value of a gateway, generating a real identity and a private key of a server, and transmitting the generated registration information to each entity through a secure channel;
the gateway and the intelligent meter derive unique unclonable response values from the challenge values and return the unique unclonable response values to the registry, the registry derives auxiliary data from the responses through a fuzzy extraction algorithm, binding information and an integrity check value are calculated, and the auxiliary data are issued to the gateway and the intelligent meter;
the registry sends the binding information to the association database.
2. The method of claim 1, wherein the server receiving the session access request sent through the gateway comprises:
the gateway selects a challenge value, generates an inaccurate response, locally recovers an actual response through auxiliary data, derives a batch verification credential according to the actual response, and sends the access request containing time stamp, identity and integrity protection information to a server.
3. The method of claim 1, wherein the server verifies the identity information of the gateway, comprising:
inquiring the gateway identity in the database, and if the record is not inquired, verifying that the record is not passed;
and requesting binding information from the associated database, checking the integrity protection value, confirming whether the information is tampered, calculating authentication credentials of the intelligent meter and the gateway by using the private key, and authenticating the identity of the gateway according to the calculation result.
4. The method of claim 1, wherein when the gateway verifies the integrity of the smart meter message, if the verification fails, all smart meter credentials are encrypted with a session key with the server and sent to the server.
5. A gateway for performing the PUF-based lightweight smart meter batch authentication method of any one of claims 1-4, wherein the gateway is configured to perform batch authentication on the smart meter according to authentication credentials issued by a server, and perform access control by smart meter pseudo-identity filtering.
CN202210350924.9A 2022-04-02 2022-04-02 PUF-based lightweight intelligent meter batch authentication method and gateway Active CN114915970B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210350924.9A CN114915970B (en) 2022-04-02 2022-04-02 PUF-based lightweight intelligent meter batch authentication method and gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210350924.9A CN114915970B (en) 2022-04-02 2022-04-02 PUF-based lightweight intelligent meter batch authentication method and gateway

Publications (2)

Publication Number Publication Date
CN114915970A CN114915970A (en) 2022-08-16
CN114915970B true CN114915970B (en) 2023-09-08

Family

ID=82763541

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210350924.9A Active CN114915970B (en) 2022-04-02 2022-04-02 PUF-based lightweight intelligent meter batch authentication method and gateway

Country Status (1)

Country Link
CN (1) CN114915970B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117097489B (en) * 2023-10-20 2024-01-30 华东交通大学 Lightweight double-factor agriculture Internet of things equipment continuous authentication method and system
CN117278330B (en) * 2023-11-21 2024-03-12 国网江西省电力有限公司电力科学研究院 Lightweight networking and secure communication method for electric power Internet of things equipment network
CN117614626B (en) * 2024-01-17 2024-04-12 济南大学 Lightweight identity authentication method based on PUF

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768660A (en) * 2018-05-28 2018-11-06 北京航空航天大学 Internet of things equipment identity identifying method based on physics unclonable function
CN111818039A (en) * 2020-07-03 2020-10-23 西安电子科技大学 Three-factor anonymous user authentication protocol method based on PUF in Internet of things
CN112954675A (en) * 2021-03-02 2021-06-11 西安电子科技大学 Multi-gateway authentication method, system, storage medium, computer device and terminal
CN113872759A (en) * 2021-09-29 2021-12-31 湘潭大学 Lightweight identity authentication method for smart power grid

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768660A (en) * 2018-05-28 2018-11-06 北京航空航天大学 Internet of things equipment identity identifying method based on physics unclonable function
CN111818039A (en) * 2020-07-03 2020-10-23 西安电子科技大学 Three-factor anonymous user authentication protocol method based on PUF in Internet of things
CN112954675A (en) * 2021-03-02 2021-06-11 西安电子科技大学 Multi-gateway authentication method, system, storage medium, computer device and terminal
CN113872759A (en) * 2021-09-29 2021-12-31 湘潭大学 Lightweight identity authentication method for smart power grid

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于物理不可克隆函数的电网NB-IoT端到端安全加密方案;刘冬兰;刘新;陈剑飞;王文婷;张昊;马雷;李冬;;山东大学学报(工学版)(第01期);全文· *

Also Published As

Publication number Publication date
CN114915970A (en) 2022-08-16

Similar Documents

Publication Publication Date Title
Lin et al. HomeChain: A blockchain-based secure mutual authentication system for smart homes
CN114915970B (en) PUF-based lightweight intelligent meter batch authentication method and gateway
Das Two-factor user authentication in wireless sensor networks
Barki et al. M2M security: Challenges and solutions
CN102647461B (en) Communication means based on HTTP, server, terminal
Cao et al. GBAAM: group‐based access authentication for MTC in LTE networks
Wang et al. A survey of security issues in wireless sensor networks
Feng et al. A replay-attack resistant authentication scheme for the internet of things
Papadopoulos et al. Exact in-network aggregation with integrity and confidentiality
Badar et al. An identity based authentication protocol for smart grid environment using physical uncloneable function
CN105530253B (en) Wireless sensor network access authentication method under Restful framework based on CA certificate
CN105681470A (en) Communication method, server and terminal based on hypertext transfer protocol
Shaikh et al. LSec: Lightweight security protocol for distributed wireless sensor network
Naoui et al. Novel enhanced LoRaWAN framework for smart home remote control security
Arikumar et al. Improved user authentication in wireless sensor networks
Niu et al. A novel user authentication scheme with anonymity for wireless communications
Sekhar et al. Security in wireless sensor networks with public key techniques
Roy et al. SDIWSN: A software-defined networking-based authentication protocol for real-time data transfer in industrial wireless sensor networks
Ying et al. Efficient authentication protocol for secure vehicular communications
Khashan et al. Innovative energy-efficient proxy Re-encryption for secure data exchange in Wireless sensor networks
CN112039654A (en) Electric meter data security acquisition method for resisting man-in-the-middle attack
Li IoT node authentication
Bansal et al. Lightweight authentication protocol for inter base station communication in heterogeneous networks
CN111294793A (en) Data privacy protection method for identity authentication in wireless sensor network
Nyangaresi et al. Anonymity preserving lightweight authentication protocol for resource-limited wireless sensor networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant