适用于物联网应用的密码体制设计与分析

发布时间：2018-11-11 13:27

【摘要】：物联网作为新一代信息技术的重要组成部分,能够使物品与互联网相连接进行消息的通信,从而可以实现对物品的智能化识别、定位、追踪、监测与管理。无线传感器网络作为物联网的一个重要组成部分,主要负责感知、收集信息并把所收集的信息传送给服务器,服务器再对信息进行分析和管理。物联网是构建智能社会的基本工具,但同时也具有很大的技术挑战,数据的安全性就是存在的问题之一。本论文主要对如何将无线传感器收集到的数据安全地传送给服务器进行研究。无线传感器网络收集的数据如果在传输中被增加或删除,就会影响服务器对数据的分析结果,甚至会产生非常严重的后果,所以在无线传感器网络和服务器之间建立一个安全的通信信道是必要的。另一方面,传感器节点具有通信能力有限、电源能量有限、计算处理能力和存储能力有限的特点,所以需要设计高效的算法来实现数据的机密性、完整性、认证性和不可否认性。本论文为了解决上述的问题,进行了如下工作:(1)设计了一个异构环签密方案,该方案可以实现在一个逻辑步骤内同时实现数据的机密性、完整性、认证性、不可否认性和匿名性。同时该方案允许传感器节点使用基于身份的环境,而服务器使用基于公钥基础设施的环境。在随机预言模型下,本文证明了该方案在适应性选择密文攻击下具有不可区分性,且在适应性选择消息攻击下具有存在不可伪造性。(2)设计了一个基于身份的组合公钥密码方案,该方案可以实现加密和签名只使用一对公私钥,对基于身份的公钥密码体制来说,可以大大降低身份信息数量,降低密钥生成中心为用户生成私钥的成本。在随机预言模型下,本文证明该方案在适应性选择密文和身份攻击下具有不可区分性,在适应性选择消息和身份攻击下具有存在不可伪造性。之后本文又利用该方案设计了一个用于传感器节点和服务器之间通信的具有认证性的保密协议。本学位论文设计的两个方案都能同时实现数据的机密性、完整性、认证性、不可否认性。同时这两个方案是根据物联网的特点进行设计的,所以这两个方案适合解决物联网中通信消息的安全问题。
[Abstract]:As an important part of the new generation of information technology, the Internet of things can make objects communicate with the Internet of information, so that the intelligent identification, location, tracking, monitoring and management of objects can be realized. As an important part of the Internet of things, wireless sensor networks are mainly responsible for sensing, collecting information and transmitting the collected information to the server, which then analyzes and manages the information. The Internet of things is a basic tool for building an intelligent society, but it also has great technical challenges. The security of data is one of the problems. This thesis mainly studies how to transfer the data collected by wireless sensor to server safely. If the data collected by wireless sensor network is added or deleted in transmission, it will affect the result of the server's analysis of the data, and even have very serious consequences. So it is necessary to establish a secure communication channel between wireless sensor network and server. On the other hand, sensor nodes have the characteristics of limited communication capacity, limited power supply energy, limited computing and processing capacity and limited storage capacity, so it is necessary to design efficient algorithms to realize the confidentiality and integrity of data. Authentication and non-repudiation. In order to solve the above problems, the following work has been done in this paper: (1) A heterogeneous ring signcryption scheme is designed, which can realize the confidentiality, integrity and authentication of data simultaneously in a logical step. Undeniable and anonymous. At the same time, the scheme allows sensor nodes to use identity-based environments, while servers use public key infrastructure environments. In the stochastic prophecy model, it is proved that the scheme is indistinguishable under adaptive ciphertext attack. Under adaptive selection message attack, there is unforgeability. (2) an identity-based combined public key cryptosystem is designed, which can encrypt and sign only a pair of public and private keys. For identity-based public key cryptosystems, the amount of identity information can be greatly reduced, and the cost of generating private keys for users by key generation centers can be reduced. Under the stochastic prophecy model, it is proved that the scheme is indistinguishable under adaptive selection ciphertext and identity attack, and unforgeable under adaptive selection message and identity attack. Then this paper designs an authentication protocol for communication between sensor nodes and servers. The two schemes designed in this dissertation can realize the confidentiality, integrity, authentication and non-repudiation of the data simultaneously. At the same time, these two schemes are designed according to the characteristics of the Internet of things, so these two schemes are suitable to solve the security problem of communication messages in the Internet of things.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP391.44;TN929.5;TN918.1

【相似文献】