CN114915970A - PUF-based lightweight intelligent meter batch authentication method and gateway - Google Patents

PUF-based lightweight intelligent meter batch authentication method and gateway Download PDF

Info

Publication number
CN114915970A
CN114915970A CN202210350924.9A CN202210350924A CN114915970A CN 114915970 A CN114915970 A CN 114915970A CN 202210350924 A CN202210350924 A CN 202210350924A CN 114915970 A CN114915970 A CN 114915970A
Authority
CN
China
Prior art keywords
gateway
authentication
server
intelligent
meter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210350924.9A
Other languages
Chinese (zh)
Other versions
CN114915970B (en
Inventor
孙钰
刘霏霏
关振宇
李大伟
崔剑
刘建伟
刘文懋
王晓鹏
李东宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Nsfocus Technologies Group Co Ltd
Original Assignee
Beihang University
Nsfocus Technologies Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University, Nsfocus Technologies Group Co Ltd filed Critical Beihang University
Priority to CN202210350924.9A priority Critical patent/CN114915970B/en
Publication of CN114915970A publication Critical patent/CN114915970A/en
Application granted granted Critical
Publication of CN114915970B publication Critical patent/CN114915970B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a PUF-based lightweight intelligent meter batch authentication method and a gateway, and the method comprises the following steps: registering a gateway and an intelligent table, and binding and storing authentication certificates; the server authenticates the gateway, generates a session key with the gateway and the intelligent meter, and returns an aggregation certificate of the intelligent meter; the gateway authentication server is used for deriving a session key with the server, broadcasting the hash value of the aggregation certificate to the intelligent meter and informing the intelligent meter to report authentication information; the intelligent table derives a session key with the server and reports authentication information to the gateway; the gateway verifies the intelligent meters in batches through the aggregation certificates, and reports the authentication results to the server; the server checks the result, if the authentication fails, the broken smart meter can be found out to inform the gateway to reject the message, and the smart meter can also check the authentication result. The gateway has batch authentication and access control functions. Therefore, the problems that the operation overhead is large, the gateway security assumption is too strong, physical attack cannot be resisted, the sensor network architecture is not suitable and the like in the related technology are solved.

Description

Light-weight intelligent meter batch authentication method based on PUF and gateway
Technical Field
The application relates to the technical field of cryptography in information security, in particular to a PUF-based lightweight intelligent meter batch authentication method and a gateway.
Background
With the rapid development of emerging industries such as the internet of things and the mobile internet, the market of intelligent sensors is growing at a high speed. The intelligent sensor consists of a sensing element, a signal conditioning circuit and a controller (or a processor), has the functions of data acquisition, conversion, analysis and even decision making, and provides bidirectional communication, real-time monitoring, perception control and intelligent service for users and suppliers with higher efficiency, flexibility and reliability, thereby reducing power consumption and bringing more convenience. Compared with the traditional sensor network, the intelligent sensor network is deeply integrated with the Internet of things and the Internet, and has a large number of user-side intelligent terminals which are widely accessed and accessed, so that more attack surfaces are exposed. With the rapid development of communication technology, the scale of the terminal is continuously enlarged, and the malicious attacks on the intelligent sensor network are more violent and frequent, so that the alarm clock is sounded for the safety of the intelligent sensor network.
The intelligent sensor network is a typical end-edge-cloud architecture system with a control plane tightly coupled with an information plane. The information plane is mainly used for metering and information exchange, and is composed of a smart Meter Device (MD), a Neighborhood Gateway (NG), and a provider Server (SP). The smart meter is deployed at a user side, is usually an extremely resource-limited device, and is responsible for collecting and monitoring data of each sensor and reporting the data to the gateway regularly. The gateway is connected with the intelligent meter and the server, is responsible for reporting the information to the server after aggregation, and simultaneously forwards the control instruction from the server. The server is deployed at the supplier side and performs unified management on all functions. However, there is no scheme for deeply studying authentication and secure communication of the three.
As a technology with great development prospect, the narrowband-based internet of things (NB-IoT) supports low-cost, long-endurance and large-scale device connection, and also will promote secure communication of the smart sensor network. In data transmission optimization for NB-IoT, a Radio Resource Control (RRC) connection request transmits IP data or non-IP data by using a non-access stratum (NAS) Protocol Data Unit (PDU) without establishing a data radio bearer. That is, when the gateway wakes up from the idle state to the connected state by using the established link, uplink data can be directly embedded into the previously established NAS PDU. While downlink data transmission from the server requires the establishment of a new NAS connection. However, most of the existing internet of things scenario schemes do not consider the traffic optimization of the downlink.
In consideration of the price and signaling overhead of the NB-IoT module, when the connection is actually deployed, the intelligent meter needs to be connected to the gateway through a wired bus, and the gateway reports the collected data to the server through the NB-IoT wireless air interface. A typical commercial gateway is equipped with both NB-IoT modules and various bus interfaces to connect the server on the wireless side and the smart meter on the wired side. Due to the lack of privacy, integrity and access control capabilities, the wired side exposes more attack surfaces than the wireless side, making it more vulnerable to network attacks. In the sensor network, an external attacker can eavesdrop, tamper and replay messages transmitted between the gateway and the server; an internal attacker can imitate the identity of a legal node and speculate and steal secret information of other entities from data processing. Multiple researches show that through data analysis, an attacker can easily acquire privacy information such as the life law, the house occupancy rate, the economic condition and the like of family members. However, there is still a lack of integrated security protocols for bus-NB-IoT heterogeneous networks.
In addition to network attacks, another security challenge facing smart sensor networks is a physical attack against outdoor deployed devices. The security of conventional cryptography relies on the secrecy of long-term keys, while in physical attacks, an attacker can steal, copy, or replace long-term keys stored in non-volatile memory. One solution is to equip the device with tamper-resistant hardware, but this is a huge expense for sensor networks with tens of millions of smartmeters and gateway access. Thus, Physically Unclonable Functions (PUFs) are introduced into sensor network protocols as an economical and reliable method to avoid the storage of preset keys. But the existing 'end-edge-cloud' sensor network authentication scheme still stores long-term symmetric keys in the gateway and the intelligent table.
Currently, although all researchers agree on the "end-edge-cloud" architecture of the sensor network, most authentication schemes simplify the authentication process directly to communication between the smart meter and the server or the smart meter and the gateway. The former ignores the message forwarding, gathering, verification and other functions of the gateway in the middle, and avoids the security threat brought by introducing the gateway. The latter endows the gateway with extremely strong safety capability, the gateway is considered to be a completely credible entity, and the gateway is close to the user side in practice, is deployed outdoors and is extremely easy to be attacked. Even though many schemes propose inter-party authentication and key agreement schemes, most of them still give the gateway the ability to participate in session key agreement or introduce complicated and time-consuming cryptographic operations. In conclusion, the existing solutions have the problems of high operation overhead, too strong gateway security assumption, incapability of resisting physical attack and inapplicability of sensor network architecture. How to realize end-to-end batch authentication and key agreement with light weight and physical attack resistance is a problem which needs to be solved urgently in the security application of the intelligent meter.
Disclosure of Invention
The application provides a PUF-based lightweight intelligent meter batch authentication method and a gateway, which aim to solve the problems that in the prior art, the operation cost is high, the gateway security assumption is too strong, physical attack cannot be resisted, the sensor network architecture is not suitable, and the like.
An embodiment of a first aspect of the present application provides a PUF-based batch authentication method for lightweight smart meters, including the following steps: registering the server, the gateway and the intelligent table, and performing authentication and credential binding on registration information; a server receives a session access request sent by a gateway; verifying the identity information of the gateway, selecting a random number to calculate a session key between the random number and an intelligent table and the session key of the gateway after the identity information of the gateway passes the verification, aggregating authentication certificates of the intelligent table in an exclusive or mode, encrypting the authentication certificates by using the session key, and sending an access reply containing an encryption certificate, the random number and integrity check information to the gateway; the gateway derives the session key, decrypts a plaintext from the encrypted certificate, hides the plaintext through a hash function, broadcasts an aggregated intelligent meter certificate containing a server random number and a hash on a bus, and informs the intelligent meter of reporting authentication information; the intelligent meter recovers a correct response, calculates an end-to-end session key, an authentication certificate and a pseudo identity for the next round of session with the server, and returns an authentication response comprising the authentication certificate and the pseudo identity and integrity protection message for the next round of session to the gateway; the gateway checks the integrity of the intelligent meter information, authenticates the intelligent meters in batches, updates the false identity of the intelligent meter after the authentication is passed, and simultaneously informs a server of successful authentication; when the smart meter authentication is successful, the server checks whether the message from the gateway is correctly encrypted; and when the authentication of the intelligent meter fails, the server checks the certificates of the intelligent meter one by one, finds out the broken intelligent meter and informs the gateway of rejecting the reported information of the broken intelligent meter. The intelligent meter verifies whether the hash value of the previously received aggregation certificate is equal to the hash value of the exclusive or of all the currently received authentication certificates, and if so, the pseudo identity is updated; otherwise, the current pseudo identity is continuously used, and the re-authentication is waited.
Optionally, in an embodiment of the present application, the registering the server, the gateway, and the smart meter, and performing authentication credential binding on the registration information includes: generating a real identity, a pseudo identity and a challenge value of the intelligent meter through the registration center, generating a real identity and a challenge value of the gateway, generating a real identity and a private key of the server, and sending the generated registration information to each entity through a secure channel; the gateway and the intelligent meter derive a unique unclonable response value from the challenge value and return the response value to the registration center, the registration center derives auxiliary data from the response through a fuzzy extraction algorithm, calculates binding information and an integrity check value, and issues the auxiliary data to the gateway and the intelligent meter; the registry sends the binding information to the association database.
Optionally, in an embodiment of the present application, the receiving, by the server, a session access request sent through a gateway includes: selecting a challenge value through the gateway, generating an inaccurate response, locally recovering an actual response through auxiliary data, deriving a batch verification credential according to the actual response, and sending the access request containing a timestamp, an identity and integrity protection information to a server.
Optionally, in an embodiment of the present application, the verifying, by the server, the identity information of the gateway includes: inquiring the gateway identity in a database, and if the record is not inquired, the verification fails; requesting binding information from the associated database, checking an integrity protection value, confirming whether the message is tampered, calculating an authentication certificate of the intelligent meter and the gateway by using a private key, and authenticating the identity of the gateway according to a calculation result.
Optionally, in an embodiment of the present application, when the gateway checks the integrity of the smart meter message, if the authentication fails, all the smart meter credentials are encrypted by a session key with the server and then sent to the server.
An embodiment of a third aspect of the present application provides a gateway, configured to execute the PUF-based batch authentication method for a lightweight smart meter, where the gateway is configured to perform batch verification on the smart meter according to an authentication credential issued by a server, and perform access control by filtering a pseudo identity of the smart meter.
The PUF-based batch authentication method and gateway for the lightweight intelligent meters have the following beneficial effects:
1) the application provides a first key agreement (AKA) protocol for protecting and deploying outdoor edge and end devices by using PUFs. By using an intrinsic SRAM PUF, both the gateway and the smart meter can resist physical attacks without the need to store a long-term key. In addition, for honest and curious gateways and intelligent meters, the protocol still meets various security properties such as forward security, non-repudiation, man-in-the-middle attack resistance and the like.
2) The method is suitable for a more practical end-edge-cloud architecture of the heterogeneous sensor network. In the bus-NB-IoT heterogeneous network, a gateway is connected with an intelligent meter through a bus, and messages are reported to a server through a wireless air interface. In the authentication process, the gateway can verify the intelligent meters in batches by virtue of the authentication certificate issued by the server. In addition, through smart table ID filtering, the gateway plays a role in access control while reducing DoS attacks against the server. The protocol provides integrated security facing a bus-NB-IoT heterogeneous sensor network end-edge-cloud architecture.
3) To reduce NB-IoT downlink overhead, the present application reduces communication overhead from O (m) to O (1) through downlink traffic optimization. By aggregating the issuing of the authentication voucher, the signaling overhead can be greatly reduced. Because the protocol only uses the extremely light-weight cryptographic operation, the intelligent meter function can be realized on the singlechip with limited resources. The static binding technique of the authentication credentials enables the protocol to be implemented using a more lightweight weak PUF, and therefore also eliminates the need for storage and frequent updates of CRPs, reducing communication and storage overhead. The superiority of the protocol in computing, communication, storage and signaling overhead is further proved through performance analysis.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a registration flowchart of a PUF-based lightweight smart meter batch authentication method according to an embodiment of the present application;
fig. 2 is a flowchart of a PUF-based batch authentication method for lightweight smart meters according to an embodiment of the present application;
fig. 3 is a flowchart illustrating batch authentication and key agreement according to an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to the embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the drawings are exemplary and intended to be used for explaining the present application and should not be construed as limiting the present application.
The method provides a PUF-based lightweight intelligent meter batch authentication scheme for a heterogeneous intelligent sensor network, and the overall scheme is realized by cooperation of an initial module, a registration module and a batch authentication module. The symbols used in the model design are shown in the following table:
model symbol interpretation
Figure BDA0003580221770000041
Furthermore, in daily life, the mobile embedded device as a function platform can help users to fulfill various requirements conveniently and quickly, and has become an indispensable part of people's life. However, the development of mobile hardware security cannot keep pace with the era, and more security problems are emerging continuously. To improve security, it is proposed to place the keys in a non-volatile electrically erasable programmable read-only memory (EEPROM) or Static Random Access Memory (SRAM), using hardware encryption operations such as digital signatures or encryption. However, this method is power consuming and vulnerable to intrusion.
To address the security issues of mobile hardware, PUFs are proposed. A PUF is a function that takes advantage of the random differences that are inevitable during chip manufacturing, so that each chip outputs an unpredictable response depending on the stimulus that is input. PUFs generally comprise six properties:
1) light weight: the number and size of the elements for realizing the physical unclonable function are small, so that the method has wide application prospect in equipment with limited resources.
2) Non-clonality: assuming that one unclonable function f (x) is given, another unclonable function f' (x) is implemented by construction such that for any x 1 Within a very small error f (x) 1 )=f’(x 1 ) Is extremely difficult.
3) Unidirectional: when inputting any one stimulus x i Always has a response y i Corresponds thereto, but if given a response y i Cannot find out an excitation x corresponding to it i
4) Uniqueness: given the same stimulus C, the resulting responses of a certain number of PUFs of the same manufacturing structure differ.
5) Unpredictability: given any one excitation x, it is very difficult to predict the corresponding response y.
6) Tamper resistance: since PUFs rely on subtle physical construction differences, it is generally believed that tampering with a PUF will inevitably alter the excitation response behavior of the PUF.
The PUF helps the terminal equipment to realize key storage and identity authentication from a hardware level, and the light weight and unclonable characteristics of the PUF are very suitable for the terminal equipment of the Internet of things with limited resources. In the present application, SRAM PUFs extracted by microcontrollers are mainly used.
It should be noted that PUFs rely on analog physical characteristics of the manufactured circuit to obtain secret information, which is easily affected by noise and other environmental factors, so that responses obtained by inputting the same stimulus have certain differences. To address this problem, a fuzzy extractor is used to generate side information with appropriate entropy from the noise and non-uniform random PUF responses to recover the correct response.
Specifically, the fuzzy extraction algorithm consists of functions fe.gen () and fe.rec (). Gen () is a probabilistic key generation algorithm that takes an initial PUF response r as input and outputs a key K and helper data hd, i.e., (K, hd) ← fe. In contrast, the key recovery algorithm fe.rep () takes as input the noisy response r 'and the helper data hd, outputting the same key K, i.e. (K) ← fe.rec (r', hd).
The PUF-based lightweight smart meter batch authentication method and gateway according to the embodiments of the present application are described below with reference to the accompanying drawings. Aiming at the problems that the prior art mentioned in the background technology center is high in operation overhead, too strong in gateway security hypothesis, incapable of resisting physical attack, not suitable for a sensor network framework and the like, the application provides a lightweight intelligent meter batch authentication method based on PUF. In the enrollment phase, a unique unclonable authentication credential is generated by means of the PUF and data-bound. By establishing end-to-end bidirectional AKA in the smart meter and the server, the secure communication with an end-edge-cloud heterogeneous network of a wireless narrowband Internet of things (NB-IoT) through a wired bus is realized. The gateway provided by the application has the capabilities of batch authentication and access control, and can obviously reduce the calculation and communication overhead. The method and the device avoid key storage on two kinds of external field deployment equipment, namely the intelligent meter and the gateway, have obvious advantages in the aspects of calculation, communication, storage and signaling overhead, can resist network attack and physical attack at the same time, realize user privacy protection, and can provide the intelligent meter identity authentication function for safe and credible meter reading. Therefore, the problems that in the prior art, the operation cost is high, the gateway security assumption is too strong, physical attack cannot be resisted, the sensor network architecture is not suitable and the like are solved.
Specifically, fig. 2 is a flowchart of a PUF-based batch authentication method for a lightweight smart meter according to an embodiment of the present application.
As shown in fig. 2, the PUF-based batch authentication method for the lightweight smart meter includes the following steps:
in step S101, the server, the gateway, and the smart form are registered, and authentication and credential binding is performed on the registered information.
Optionally, in an embodiment of the present application, registering the server, the gateway, and the smart meter, and performing authentication credential binding on registration information includes: generating a real identity, a pseudo identity and a challenge value of the intelligent table through the registration center, generating a real identity and a challenge value of the gateway, generating a real identity and a private key of the server, and sending generated registration information to each entity through a secure channel; the gateway and the intelligent meter derive a unique unclonable response value from the challenge value and return the response value to the registration center, the registration center derives auxiliary data from the response through a fuzzy extraction algorithm, binding information and an integrity check value are calculated, and the auxiliary data are issued to the gateway and the intelligent meter; the registry sends the binding information to the association database.
The method comprises the steps of utilizing three main models to realize functions, wherein an initial model is used for initializing system parameters; the registration model is used for acquiring a device PUF response before deployment and generating binding data for subsequent authentication; the batch authentication model realizes end-to-end bidirectional authentication and key agreement between the intelligent table and the server.
Initialization and registration are first performed prior to mutual authentication and key agreement. In the initial model, a large prime number q is selected by the registry to be shared with the server. In the registration model, as shown in fig. 1, the gateway and the smart meter need to be registered with the registry together with the server before deployment and use. The registry generates a real identity ID for the smart meter i Pseudo identity TID i =H(K S ||ID i ) And challenge C i Generating a real identity ID for the gateway G And challenge C G Generating a real identity ID for a server S And a private key K S The registry sends registration information to each entity via a secure channel. Gateway and smart meter slave challengesDeriving a unique unclonable response value r * =PUF * (C * ) Returning to the registry, which derives the helper data hd from the response by means of a fuzzy extraction algorithm * ←FE.Gen(r * ) Calculating binding information alpha * =H(r * )/K S And integrity check value MAC * =H(K S ||ID * ||α * ) And sending the auxiliary data to the gateway and the intelligent meter. The registry will bind the information<{α * ,MAC * }>And sending the associated database, wherein the binding information does not need to be encrypted and can be stored in a public way.
In step S102, the server receives a session access request transmitted through the gateway.
Optionally, in an embodiment of the present application, the receiving, by the server, the session access request sent through the gateway includes: the gateway selects the challenge value, generates an inaccurate response, locally recovers an actual response through the auxiliary data, derives a batch verification credential according to the actual response, and sends an access request containing a timestamp, an identity and integrity protection information to the server.
Specifically, upon power-up or forced re-authentication, the gateway may initiate a session by requesting batch authentication credentials from the server. The gateway first selects a challenge value and generates an inaccurate response r G '=PUF G (C G ) Locally recovering the correct response r by means of auxiliary data G ←FE.Rec(r G ',hd G ) Then derive therefrom the credential y G =H(r G ). Integrity is represented by Q 1 =H(ID G ||TS||y G ) Protection, where TS is the current timestamp. Then an access request M containing timestamp, identity and integrity protection information is sent 1 =<TS,ID G ,Q 1 >And sending the data to a server.
And S103, the server verifies the identity information of the gateway, selects a random number to calculate a session key between the random number and the intelligent table and the session key of the gateway after the identity information of the gateway passes the verification, aggregates the authentication certificate of the intelligent table in an exclusive or mode, encrypts the authentication certificate by using the session key, and sends an access reply containing the encryption certificate, the random number and integrity check information to the gateway.
Optionally, in an embodiment of the present application, the verifying the identity information of the gateway by the server includes: inquiring the gateway identity in a database, and if the record is not inquired, the verification fails; requesting binding information from the associated database, checking an integrity protection value, confirming whether the message is tampered, calculating an authentication certificate of the intelligent meter and the gateway by using a private key, and authenticating the identity of the gateway according to a calculation result.
Specifically, after receiving an access request from a gateway, a server firstly queries a gateway Identity (ID) in a database G -{TID i -ID i And if no record is inquired, ignoring the request. Otherwise, the server sends to the association database<ID S ,ID G >Associating databases to return binding data<{α * ,MAC * }>. Server checks integrity protection value MAC * To confirm that the message has not been tampered with. Subsequently, using the private key K S Computing smart meter and gateway authentication credentials y * =H(α * ·K S ) Then can pass through y G And authenticating the gateway identity. The server then selects a random number N S Calculating the session key SK with the smart meter and the gateway * =H(y * ||N S ). In addition to this, the server calculates all the authentication credentials Auth of the smart meter i They are differentiated or aggregated into Auth and used with session key SK with the gateway G Encryption yields X. Finally, the access reply M containing the encryption certificate, the random number and the integrity check information 2 =<X,N S ,Q 2 >And sending the data to the gateway.
And step S104, the gateway derives a session key, decrypts the plaintext from the encrypted certificate, hides the plaintext through a hash function, broadcasts an aggregated intelligent meter certificate containing a server random number and hash on a bus, and informs an intelligent meter to report authentication information.
Specifically, by checking Q 2 Y in (1) G The gateway can authenticate the server and confirm the received random number N S Is generated by the server. The gateway then derives the session key SK G Decryption of Au from Xth, it is hidden by Auth' ═ h (Auth). The gateway then broadcasts M over the bus 3 =<ID G ,Auth',N S >And informing the intelligent meter to report the authentication information.
In step S105, the smart table recovers the correct response, calculates the end-to-end session key with the server, the authentication credential, and the pseudo-identity for the next round of session, and returns an authentication response including the authentication credential and the pseudo-identity for the next round of session and the integrity protection message to the gateway.
Specifically, the smart meter first recovers the correct response r i Then calculates the end-to-end session key SK with the server i =H(H(r i )||N S ). To be authenticated by the gateway, the smart meter calculates an authentication credential Auth i =H(SK i ||N S ). Simultaneous calculation of pseudo-identities for the next round of sessions
Figure BDA0003580221770000071
So as to play a role in privacy protection. But also saves the previous TID i To prevent the authentication from failing in the current round. Finally, along with integrity protection messages
Figure BDA0003580221770000072
An authentication response M containing authentication credentials 4i And returning to the gateway, wherein m intelligent meters send m messages.
In step S106, the gateway checks the integrity of the smart meter message, authenticates the smart meters in batch, and after the authentication is passed, updates the pseudo-identity of the smart meter and notifies the server that the authentication is successful.
Optionally, in an embodiment of the present application, when the gateway verifies the integrity of the smart meter message, if the verification fails, all the smart meter credentials are encrypted and sent to the server.
Specifically, after obtaining the aggregated smart table authentication credential Auth from the server, the gateway is given batch authentication and access control capabilities. Gateway first checks Q 3i Then checks whether Auth is equal to
Figure BDA0003580221770000081
If the number of the intelligent meters is equal to the number of the intelligent meters, the m intelligent meters pass verification, the gateway updates the pseudo identities of the intelligent meters and informs the server that the authentication is passed. To prevent the message from being tampered with, the gateway uses the session key SK G Encrypting TAG Done And N S To obtain M Done Will be<TAG done ,M done >And sending the data to a server. If they are not equal, it means that at least one intelligent table is broken, then the gateway will take all Auth i Using SK G Encrypt and put into M Fail Will be<TAG Fail ,M Fail >And sending the data to a server.
In step S107, when the smart meter authentication is successful, the server checks whether the message from the gateway is correctly encrypted; when the smart meter authentication fails, the server checks the smart meter certificates one by one, finds out the broken smart meter and informs the gateway of rejecting the reported information of the broken smart meter.
Specifically, if the smart meter authentication succeeds, the server checks M Done Whether or not equal to
Figure BDA0003580221770000082
To protect against impersonation or replay attacks. If the authentication of the intelligent meter fails, the server checks the certificates Auth of the intelligent meter one by one i To find out the broken intelligent meter and inform the gateway to reject the reported information of the intelligent meter.
In step S108, the smart meter verifies whether the hash value of the previously received aggregated certificate is equal to the hash value of the exclusive or of all currently received authentication certificates, and if so, updates the pseudo identity; otherwise, the current pseudo identity is continuously used, and the re-authentication is waited.
Specifically, while the smart meter sends an authentication response, authentication certificates of other smart meters on the bus are received, whether the received hashed aggregation certificate is equal to the xor hash value of the currently received prime authentication certificate or not is verified, if so, the smart meter confirms that the same session key is negotiated with the server, the pseudo identity is updated, and otherwise, the current pseudo identity is continuously used, and re-authentication is waited.
Specifically, the smart meter sends an authentication response Auth i Meanwhile, Auth of other intelligent meters on the bus can be received i . Thus, the smart meter can verify whether the previously received Auth' is equal to
Figure BDA0003580221770000083
If they are equal, the smart table may confirm that the same session key has been negotiated with the server and will update the pseudo-identity. Otherwise, the current pseudo-identity TID will continue to be used i And waiting for re-authentication.
According to the PUF-based lightweight intelligent meter batch authentication method, the intrinsic SRAM PUF is used for simultaneously protecting and deploying the outdoor gateway and the intelligent meter, and the end-to-end bidirectional AKA is established between the intelligent meter and the server, so that the safe communication between the intelligent meter and the wireless narrowband Internet of things heterogeneous gateway through the bus is realized. Meanwhile, the semi-honest gateway equipment has the capacity of batch authentication and access control, and calculation and communication expenses can be obviously reduced. The method avoids key storage at the intelligent meter and the gateway, has obvious advantages in the aspects of calculation, communication, storage and signaling overhead, can resist physical attack and various network attacks at the same time, and has wide application prospect and market value.
The embodiment also provides a gateway which has the functions of batch verification and access control. The gateway can carry out batch verification on the intelligent meters according to the authentication certificates issued by the server, so that the authentication pressure of the server is reduced. In addition, through the false identity filtering of the intelligent meter, the gateway plays a role in access control, and meanwhile DoS attacks on the server can be reduced.
In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or N embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one of the feature. In the description of the present application, "N" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more N executable instructions for implementing steps of a custom logic function or process, and alternate implementations are included within the scope of the preferred embodiment of the present application in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of implementing the embodiments of the present application.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the N steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. If implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.

Claims (6)

1. A light-weight intelligent meter batch authentication method based on PUF is characterized by comprising the following steps:
registering the server, the gateway and the intelligent meter, and performing authentication and credential binding on registration information;
a server receives a session access request sent by a gateway;
the server verifies the identity information of the gateway, selects a random number to calculate a session key between the random number and an intelligent table and the session key of the gateway after the identity information of the gateway passes the verification, aggregates authentication certificates of the intelligent table in an exclusive or mode, encrypts the authentication certificates by using the session key, and sends an access reply containing the encryption certificates, the random number and integrity check information to the gateway;
the gateway derives the session key, decrypts a plaintext from the encrypted certificate, hides the plaintext through a hash function, broadcasts an aggregated intelligent meter certificate containing a server random number and a hash on a bus, and informs the intelligent meter of reporting authentication information;
the intelligent meter recovers correct response, calculates an end-to-end session key, an authentication certificate and a pseudo identity for the next round of session with the server, and returns an authentication response comprising the authentication certificate and the pseudo identity and integrity protection message for the next round of session to the gateway;
the gateway checks the integrity of the intelligent meter information, authenticates the intelligent meters in batch, and after the authentication is passed, the gateway updates the pseudo-identity of the intelligent meters and informs a server of successful authentication;
when the smart meter authentication is successful, the server checks whether the message from the gateway is correctly encrypted; when the authentication of the intelligent meter fails, the server checks the certificates of the intelligent meter one by one, finds out the broken intelligent meter and informs the gateway of rejecting the reported information of the broken intelligent meter;
the intelligent meter verifies whether the hash value of the previously received aggregation certificate is equal to the hash value of the exclusive or of all currently received authentication certificates, and if so, the pseudo identity is updated; otherwise, the current pseudo identity is continuously used, and the re-authentication is waited.
2. The method of claim 1, wherein registering the server, the gateway and the smart meter and binding the registration information with the authentication credentials comprises:
generating a real identity, a pseudo identity and a challenge value of the intelligent meter through the registration center, generating a real identity and a challenge value of the gateway, generating a real identity and a private key of the server, and sending the generated registration information to each entity through a secure channel;
the gateway and the intelligent meter derive a unique unclonable response value from the challenge value and return the response value to the registration center, the registration center derives auxiliary data from the response through a fuzzy extraction algorithm, binding information and an integrity check value are calculated, and the auxiliary data are issued to the gateway and the intelligent meter;
the registry sends the binding information to the association database.
3. The method of claim 1, wherein the server receives the session access request sent through the gateway, and wherein the method comprises:
the gateway selects a challenge value, generates an inaccurate response, locally recovers an actual response through auxiliary data, derives a batch verification credential according to the actual response, and sends the access request containing a timestamp, an identity and integrity protection information to a server.
4. The method of claim 1, wherein the server verifies the identity information of the gateway, comprising:
inquiring the gateway identity in a database, and if the record is not inquired, the verification fails;
requesting binding information from the associated database, checking an integrity protection value, confirming whether the message is tampered, calculating an authentication certificate of the intelligent meter and the gateway by using a private key, and authenticating the identity of the gateway according to a calculation result.
5. The method of claim 1, wherein the gateway verifies the integrity of the smart meter message and if the verification fails, sends all smart meter credentials to the server encrypted with the session key associated with the server.
6. A gateway for executing the PUF-based lightweight smart meter batch authentication method according to claims 1-5, wherein the gateway is used for performing batch verification on the smart meters according to authentication credentials issued by a server and performing access control through smart meter pseudo-identity filtering.
CN202210350924.9A 2022-04-02 2022-04-02 PUF-based lightweight intelligent meter batch authentication method and gateway Active CN114915970B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210350924.9A CN114915970B (en) 2022-04-02 2022-04-02 PUF-based lightweight intelligent meter batch authentication method and gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210350924.9A CN114915970B (en) 2022-04-02 2022-04-02 PUF-based lightweight intelligent meter batch authentication method and gateway

Publications (2)

Publication Number Publication Date
CN114915970A true CN114915970A (en) 2022-08-16
CN114915970B CN114915970B (en) 2023-09-08

Family

ID=82763541

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210350924.9A Active CN114915970B (en) 2022-04-02 2022-04-02 PUF-based lightweight intelligent meter batch authentication method and gateway

Country Status (1)

Country Link
CN (1) CN114915970B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117097489A (en) * 2023-10-20 2023-11-21 华东交通大学 Lightweight double-factor agriculture Internet of things equipment continuous authentication method and system
CN117278330A (en) * 2023-11-21 2023-12-22 国网江西省电力有限公司电力科学研究院 Lightweight networking and secure communication method for electric power Internet of things equipment network
CN117614626A (en) * 2024-01-17 2024-02-27 济南大学 Lightweight identity authentication method based on PUF

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768660A (en) * 2018-05-28 2018-11-06 北京航空航天大学 Internet of things equipment identity identifying method based on physics unclonable function
CN111818039A (en) * 2020-07-03 2020-10-23 西安电子科技大学 Three-factor anonymous user authentication protocol method based on PUF in Internet of things
CN112954675A (en) * 2021-03-02 2021-06-11 西安电子科技大学 Multi-gateway authentication method, system, storage medium, computer device and terminal
CN113872759A (en) * 2021-09-29 2021-12-31 湘潭大学 Lightweight identity authentication method for smart power grid

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768660A (en) * 2018-05-28 2018-11-06 北京航空航天大学 Internet of things equipment identity identifying method based on physics unclonable function
CN111818039A (en) * 2020-07-03 2020-10-23 西安电子科技大学 Three-factor anonymous user authentication protocol method based on PUF in Internet of things
CN112954675A (en) * 2021-03-02 2021-06-11 西安电子科技大学 Multi-gateway authentication method, system, storage medium, computer device and terminal
CN113872759A (en) * 2021-09-29 2021-12-31 湘潭大学 Lightweight identity authentication method for smart power grid

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
HONGYUAN WANG, ET AL.: "Data security and privacy for fog/edge computing-based IoT", 《HINDAWI》 *
刘冬兰;刘新;陈剑飞;王文婷;张昊;马雷;李冬;: "基于物理不可克隆函数的电网NB-IoT端到端安全加密方案", 山东大学学报(工学版), no. 01 *
贺章擎;李红;万美琳;吴铁洲;: "一种基于PUF的两方认证与会话密钥交换协议", 计算机工程与应用, no. 18 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117097489A (en) * 2023-10-20 2023-11-21 华东交通大学 Lightweight double-factor agriculture Internet of things equipment continuous authentication method and system
CN117097489B (en) * 2023-10-20 2024-01-30 华东交通大学 Lightweight double-factor agriculture Internet of things equipment continuous authentication method and system
CN117278330A (en) * 2023-11-21 2023-12-22 国网江西省电力有限公司电力科学研究院 Lightweight networking and secure communication method for electric power Internet of things equipment network
CN117278330B (en) * 2023-11-21 2024-03-12 国网江西省电力有限公司电力科学研究院 Lightweight networking and secure communication method for electric power Internet of things equipment network
CN117614626A (en) * 2024-01-17 2024-02-27 济南大学 Lightweight identity authentication method based on PUF
CN117614626B (en) * 2024-01-17 2024-04-12 济南大学 Lightweight identity authentication method based on PUF

Also Published As

Publication number Publication date
CN114915970B (en) 2023-09-08

Similar Documents

Publication Publication Date Title
Lin et al. HomeChain: A blockchain-based secure mutual authentication system for smart homes
CN111294366B (en) Statistical analysis method for aggregation of encrypted data for resisting secret key leakage in smart power grid
Das Two-factor user authentication in wireless sensor networks
Saxena et al. Authentication and authorization scheme for various user roles and devices in smart grid
CN114915970B (en) PUF-based lightweight intelligent meter batch authentication method and gateway
Cao et al. GBAAM: group‐based access authentication for MTC in LTE networks
Feng et al. A replay-attack resistant authentication scheme for the internet of things
Turkanovic et al. An improved dynamic password-based user authentication scheme for hierarchical wireless sensor networks
CN113746632B (en) Multi-level identity authentication method for Internet of things system
Jiang et al. Two-factor authentication protocol using physical unclonable function for IoV
Badar et al. An identity based authentication protocol for smart grid environment using physical uncloneable function
CN111447067A (en) Encryption authentication method for power sensing equipment
CN109691156A (en) The enhanced gathering re-authentication of wireless device
Mutlaq et al. Symmetric Key Based Scheme for Verification Token Generation in Internet of Things Communication Environment
WO2023236551A1 (en) Decentralized trusted access method for cellular base station
Arikumar et al. Improved user authentication in wireless sensor networks
CN112804356A (en) Block chain-based networking equipment supervision authentication method and system
Hussain et al. Simple and secure device authentication mechanism for smart environments using Internet of things devices
Cao et al. A PUF-based lightweight authenticated metering data collection scheme with privacy protection in smart grid
Gupta et al. An improved authentication scheme for BLE devices with no I/O capabilities
Bansal et al. Lightweight authentication protocol for inter base station communication in heterogeneous networks
Naoui et al. Novel smart home authentication protocol LRP-SHAP
Li IoT node authentication
Tabassum et al. Scapach: Scalable password-changing protocol for smart grid device authentication
CN112039654A (en) Electric meter data security acquisition method for resisting man-in-the-middle attack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant