基于群组的MTC认证和密钥协商协议研究

发布时间：2018-01-16 09:32

本文关键词：基于群组的MTC认证和密钥协商协议研究　出处：《西安电子科技大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着物联网的普及,作为物联网的实现形式之一,机器类型通信(MTC)获得了飞速发展,在智能家居、智能电网、电子医疗以及远程监控与追踪等领域得到广泛应用。凭借着低成本、低能耗、易于部署以及无需人工参与等优点,机器类型通信有着巨大的发展前景,但是现有承载网络是面向人对人通信设计的,缺少针对机器类型通信的优化,海量的机器类型通信设备同时进行数据收发时会对现有网络形成巨大冲击,造成核心网的信令拥塞和关键节点的过载；在对实时性要求较高的机器类型通信的应用中,海量高并发的业务请求使服务器无时无刻不处于繁重的信息处理工作中,对应用服务器的性能和服务质量都提出了严峻挑战。针对上述问题虽然已经有一些优化方案,但是这些方案主要关注于如何设计接入控制机制来缓解MTC通信对现有网络的冲击,几乎没有考虑在应用层面上如何减轻业务数据拥塞和服务器过载,尤其是应用层上认证与密钥协商阶段的优化问题。因此,本文对机器类型通信在应用层上的认证和密钥协商机制进行了深入研究,通过改进的群组密钥协商机制和代理机制来降低核心网信令开销,减轻服务器负荷,所取得的主要研究成果有：1.对多媒体业务中的MTC群组密钥协商协议进行了研究。在支持多媒体业务的机器类型通信的应用中,服务器与每个机器类型通信设备的通信内容是相同的。利用这一特点,服务器可以以广播的方式向组中所有机器类型通信设备发送业务数据流。同时,为了业务数据流的安全,服务器与组中各个机器类型通信设备需要共享一个群组密钥。论文提出了一种基于群组的密钥协商方案。该方案中应用服务器分别与群组中各终端设备通过通用认证架构GAA生成预共享密钥,并通过广播的形式向群组设备分发计算群组密钥所需的必要信息。利用上述信息应用服务器与群组设备可独立计算出多媒体广播业务所需的安全的会话密钥。分析表明,与现有的广播多播业务MBMS的群组密钥分发方案相比,该密钥协商方案具有较少的消息交互轮数和通信开销。2.对基于群组代理的MTC应用架构及基于代理的认证和密钥协商协议进行了研究。通过毛细网络接入是机器类型通信的一种常见接入形式,网络中的设备通常不具有蜂窝移动通信能力,因此传统的通用认证架构GAA不再适用于设备和服务器间的认证和密钥协商。论文提出了基于群组代理的MTC应用架构,由网关作为服务器的代理,代替服务器对机器类型通信设备进行认证,并引入代理管理员,处理服务器的代理请求并管理代理群。基于该架构的认证和密钥协商协议中,代理网关与机器类型通信设备进行双向认证,认证通过后,网关向服务器发送必要信息,使得服务器计算出与各个机器类型通信设备之间的通信密钥。分析表明,该协议满足抗共谋攻击、抗中间人攻击、抗重放攻击等特性；并且降低了核心网的通信开销,减轻了服务器的负担。
[Abstract]:With the popularity of the Internet of things, as a form of networking, machine type communication (MTC) has been developing rapidly, in the smart grid, intelligent Home Furnishing, widely used electronic medical and remote monitoring and tracking fields. Because of its low cost, low energy consumption, easy to deploy and without artificial participation. The machine type communication has great prospects for development, but the existing network is for the person to person communication design, aiming at the lack of optimization of machine type communication, machine type communication equipment at the same time, the massive data transceiver will form a huge impact on the existing network overload, signaling congestion and key nodes caused by core network; application the machine type communication real-time in the massive high concurrent service request to the server is not in the information processing every hour and moment of the heavy work in the application server The performance and quality of service has posed a severe challenge. In order to solve the above problems although there have been some optimization solutions, but these solutions mainly focus on how to design the access control mechanism to mitigate the impact on the existing MTC communication network, almost did not consider how to reduce business data congestion and server overload at the application level, especially the optimization of application layer on the authentication and key agreement stage. Therefore, this paper makes a deep research on the authentication and key agreement mechanism of machine type communication at the application layer, reduce core network signaling overhead through improved group key negotiation mechanism and proxy mechanism, reduce the server load, the main research results are: MTC group key agreement 1. of the multimedia services are studied. The application of machine type communication for multimedia services in the server and each machine The communication content type communication equipment is the same. Using this characteristic, the server can broadcast to all the way to the machine type communication device transmits business data to the group flow. At the same time, in order to secure business data flow, each machine type communication equipment need to share a group key server and the group. This paper proposes a a key agreement scheme based on group. In this scheme, the application server in each group respectively with the terminal equipment through the general shared key authentication architecture GAA gennerate, and calculated the necessary information required by the form of group key to group broadcast equipment distribution. Can independently calculate the session key security of multimedia broadcast service required by the the information application server and group equipment. Analysis shows that, with the existing broadcast multicast group key distribution scheme is compared with the MBMS business, the key agreement scheme With fewer rounds of message exchange and communication overhead of.2. MTC application architecture based on agent and group authentication and key negotiation protocol based on agent is studied. Through the capillary network access is a common form of access machine type communication, network equipment usually has cellular mobile communication ability, authentication and key agreement so generic authentication architecture of traditional GAA is no longer applicable to equipment and server. This paper presents MTC application architecture based on agent group, as the server by the gateway proxy server, instead of on the machine type communication device for authentication, and introduces the proxy server administrator, the proxy request processing and management agent group. Based on the authentication and key agreement the protocol architecture, proxy gateway and machine type communication equipment for two-way authentication, after authentication, the gateway to the server to send the necessary Information enables the server to calculate the communication key between the communication devices of various machine types. The analysis shows that the protocol satisfies the collusion attack, anti middle man attack and anti replay attack characteristics, and reduces the communication cost of the core network, and lightens the burden of the server.

【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TN918.4

【参考文献】