Cross-domain authentication and key agreement method based on block chain in Internet of Things environment

Abstract

The invention discloses a cross-domain authentication and key negotiation method based on a block chain in an Internet of Things environment. The method comprises the following steps: (1) initialization: each entity, an edge server and a block chain-based certificate authority center BCCA generate own public and private key pairs in an initialization stage; (2) user registration: the entity initiates a registration request to the BCCA through the edge server, and the legal entity receives a digital certificate returned by the edge server; (3) intra-domain authentication: initiating identity authentication in the home domain to the edge server by the entity which has been registered and has the digital certificate; and (4) inter-domain authentication: identity authentication performed by the trusted entity of one domain to another domain is recorded as inter-domain authentication. According to the invention, an Internet of Things entity identity authentication and key agreement protocol based on an elliptic curve is designed, high-efficiency communication of low-performance terminal equipment is ensured, higher security performance can be provided, and the method is more suitable for Internet of Things edge equipment with lower performance.

Description

technical field [0001] The invention relates to a block chain-based cross-domain authentication and key negotiation method in the Internet of Things environment. Background technique [0002] Due to the heterogeneity in the IoT environment and the existence of multiple different security domains, in which low-performance terminal devices represented by users have limited computing capabilities, in some IoT scenarios requiring real-time and security, traditional centralized It is difficult to realize the efficient cross-domain authentication and key agreement communication of "edge device-terminal device" in the existing edge computing environment. Based on public key infrastructure (Public Key Infrastructure, PKI) authentication technology relies on digital certificates for identity authentication, through encryption technology to ensure information security is not leaked, PKI as a security infrastructure, can provide identity authentication, data integrity, data confidentia...

AI Technical Summary

Problems solved by technology

Scholars have done the following research on IoT cross-domain authentication and key agreement based on the PKI system: In 2014, Zhang Wenfang and others established a trust link with the help of a virtual bridge CA to realize virtual enterprise-level PKI inter-domain authentication. The elliptic curve threshold signature scheme needs to split the key factor when signing, resulting in higher communication costs, and the scalability of user addition and cancellation will also be reduced

In 2018, Zhou Zhicheng and others used blockchain technology to design a trust model based on the Blockchain Certificate Authority (BCCA) to achieve efficient cross-domain authentication and effectively reduce the number of signatures and verifications in the public key algorithm. However, the design A large number of plaintext communications are used, and there is a greater risk of privacy leakage

In 2021, Zhang Jinhua and others designed a blockchain-based cross-domain authentication and key agreement protocol in an edge computing environment, but the ordinary DH protocol cannot resist man-in-the-middle attacks during key negotiation.

Images