基于群体认证的远程证明方案研究

摘要/Abstract

摘要： 远程证明是一种识别物联网中威胁的安全技术，具有低开销、高适用性以及高检测率等优势.然而，现有的技术在实际部署到物联网系统后存在一些潜在问题.首先，物联网系统的感知层节点没有较强的计算能力，因此无法针对终端服务器进行有效的远程证明；其次，远程证明方案通常具有不可中断性，而现有的方案会打断设备所进行的主要工作，导致设备的关键性数据丢失.针对以上问题，提出了一种基于群体认证的远程证明方案.该方案将终端服务器度量工作的负担分配到各个汇聚节点中，利用汇聚节点单独对每部分内容进行可信评估，最后通过一致性协议将全部度量结果进行统一，完成针对终端服务器的可信评估，解决节点计算能力有限的问题.同时，采取了主动式的自我度量方案，很好地解决了传统被动远程证明技术对设备关键性数据造成的损失.通过安全性分析以及仿真实验，证明了该方案在现有环境中是可行的，解决了上述的问题并在性能上有较大提高.

关键词: 远程证明, 群体认证, 物联网, 主动度量, 一致性协议

Abstract: Remote attestation is a security technology to identify threats in the Internet of things. It has the advantages of low overhead, high applicability and high detection rate. However, the existing technology has some potential problems after being actually deployed to the Internet of things system. First of all, the nodes in the perception layer of the Internet of things system do not have strong computing power, so it is impossible to carry out effective remote attestation for the terminal server. Secondly, the remote attestation scheme is usually uninterruptible, and the existing scheme will interrupt the main work of the equipment, resulting in the loss of key data of the equipment. To solve the above problems, a remote attestation scheme based on group authentication is proposed. In this scheme, the burden of measurement work of terminal server is allocated to each sink node, and the sink node is used to evaluate the credibility of each part of the content separately. Finally, all measurement results are unified through the consistency protocol to complete the credibility evaluation for terminal server and solve the problem of limited computing power of nodes. At the same time, this paper adopts an active selfmeasurement scheme to solve the loss of key data caused by the traditional passive remote attestation technology. Through security analysis and simulation experiments, it is proved that the scheme proposed in this paper is feasible in the existing environment, solves the above problems and greatly improves the performance.

Key words: remote attestation, group authentication, Internet of things, active measurement, consistency protocol

王冠, 高壮, . 基于群体认证的远程证明方案研究[J]. 信息安全研究, 2022, 8(11): 1121-.

参考文献

参考文献
［1］樊海华. 一种适用于物联网感知节点可信组网机制［J］. 信息安全研究, 2019, 5(12): 10961100［2］Ambrosin M, Conti M, Lazzeretti R, et al. Collective remote attestation at the Internet of things scale: Stateoftheart and future challenges［J］. IEEE Communications Surveys & Tutorials, 2020, 22(4): 24472461［3］Ammar M, Crispo B, Nunes I D O, et al. Delegated attestation: Scalable remote attestation of commodity CPS by blending proofs of execution with software attestation［C］ Proc of the 14th ACM Conf on Security and Privacy in Wireless and Mobile Networks. New York: ACM, 2021: 3747［4］De O, Nunes I, Dessouky G, Ibrahim A, et al. Towards systematic design of collective remote attestation protocols［C］ Proc of the 39th IEEE Int Conf on Distributed Computing Systems (ICDCS). Piscataway, NJ: IEEE, 2019: 11881198［5］Challener D, Yoder K, Catherman R, et al. A Practical Guide to Trusted Computing［M］. Englewood Cliffs, NJ: Prentice Hall, 2008: 98131［6］Trusted Computing Group (TCG). Summary of features under consideration for the next generation of TPM［EBOL］. ［20200918］. http:www. trustedcomputinggroup.orgresourcessummary_of_features_under_consideration_for_the_next_generation_of_tpm［7］Sailer R, Zhang X, Jaeger T, et al. Design and implementation of a TCGbased integrity measurement architecture［C］ Proc of the 13th USENIX Security Symp. Berkeley, CA: USENIX Association, 2004: 223238 ［8］王群, 李馥娟. 可信计算技术及其进展研究［J］. 信息安全研究, 2016, 2(9): 834844［9］Jaeger T,Sailer R, Shankar U. Prima: Policyreduced integrity measurement architecture［C］ Proc of ACM Symp on Access Control Models and Technologies. New York: ACM, 2006: 1928［10］Seshadri A, Luk M, Perrig A, et al. SCUBA: Secure code update by attestation in sensor networks［C］ Proc of the 2006 ACM Workshop on Wireless Security. New York: ACM, 2006: 8594［11］Seshadri A, Luk M, Perrig A. SAKE: Software attestation for key establishment in sensor networks［C］ Proc of the 4th IEEE Int Conf. Piscataway, NJ: IEEE, 2011: 10591067［12］Zhang D, Liu D. DataGuard: Dynamic data attestation in wireless sensor networks［C］  Proc of the IEEEIFIP Int Conf on Dependable Systems & Networks. Piscataway, NJ: IEEE, 2010: 261270［13］Haldar V, Chandra D, Franz M. Semantic remote attestation—A virtual machine directed approach to trusted computing［C］ Proc of the 3rd Conf on Virtual Machine Research and Technology Symp. Berkeley, CA: USENIX Association, 2004: 2941［14］Nair S K. Remote policy enforcement using java virtual machine［D］. Amsterdam: Vrije University Amsterdam, 2010［15］Carpent X, Rattanavipanon N, Tsudik G. Remote attestation of IoT devices via SMARM: Shuffled measurements against roving malware［C］ Proc of the 2018 IEEE Int Symp on Hardware Oriented Security and Trust (HOST). Piscataway, NJ: IEEE, 2018: 916［16］Castro M, Liskov B. Practical byzantine fault tolerance［J］. ACM Trans on Computer Systems, 2002, 20(1): 398461［17］Dushku E, Rabbani M M, Conti M, et al. SARA: Secure asynchronous remote attestation for IoT systems［JOL］. IEEE Trans on Information Forensics and Security, 2020 ［20211210］. https:ieeexplore.ieee.orgdocument9046860［18］Kuang B, Fu A, Yu S, et al. ESDRA: An efficient and secure distributed remote attestation scheme for IoT swarms［J］. Internet of Things Journal, 2019, 6(5): 83728383［19］Fu A, Kuang B, Zhou L, et al. DORA: DataOriented runtime attestation for IoT devices［J］. Computers & Security, 2020, 97(1): 101945［20］Ibrahim A,Sadeghi A R, Tsudik G. USAID: Unattended scalable attestation of IoT devices［C］ Proc of the 37th IEEE Symp on Reliable Distributed Systems (SRDS). Piscataway, NJ: IEEE, 2018: 2130

[1]	黄童祎, 李长连, 张小飞. 基于级联失效的标准物联网抗毁性研究[J]. 信息安全研究, 2022, 8(5): 506-.
[2]	梁忠辉, 王燕青. 智慧园区大数据网络安全管理平台解决方案[J]. 信息安全研究, 2021, 7(E1): 143-.
[3]	黄杰余若晨毛冬. 电力物联网场景下基于零信任的分布式数据库细粒度访问控制[J]. 信息安全研究, 2021, 7(6): 535-542.
[4]	徐超王纪军吴小虎张明远 . 一种基于流量指纹的物联网设备实时自动检测及识别[J]. 信息安全研究, 2021, 7(6): 543-549.
[5]	李俊柴海新. 基于FIDO技术的物联网身份认证解决方案[J]. 信息安全研究, 2021, 7(4): 358-366.
[6]	陈亚茹. 基于区块链的物联网安全应用研究[J]. 信息安全研究, 2021, 7(1): 90-94.
[7]	崔枭飞樊晓贺. 新基建浪潮下5G mMTC业务场景安全问题研究[J]. 信息安全研究, 2020, 6(8): 710-715.
[8]	王滨刘贤刚陈学明李琳. 物联网智能联网设备口令保护技术研究[J]. 信息安全研究, 2020, 6(7): 652-656.
[9]	林嘉涛李玉. 基于云计算的物联网安全问题探讨[J]. 信息安全研究, 2020, 6(4): 373-376.
[10]	安宁宇马东洋粟栗杜海涛. 基于机器学习算法的物联网卡安全风险监测系统研究与实现[J]. 信息安全研究, 2020, 6(12): 1133-1138.
[11]	王雪聪. 基于SE的物联网安全与应用[J]. 信息安全研究, 2020, 6(1): 62-66.
[12]	刘志勇朱希收王玉峰. 基于流量分析的工控系统安全防护策略研究[J]. 信息安全研究, 2019, 5(8): 668-672.
[13]	刘艺崔越谢金兴. 对未来国际科技发展的分析与预测[J]. 信息安全研究, 2019, 5(7): 592-598.
[14]	赵肃波. 中国IPv6发展与网络安全挑战赵肃波[J]. 信息安全研究, 2019, 5(3): 261-272.
[15]	樊海华. 一种适用于物联网感知节点可信组网机制[J]. 信息安全研究, 2019, 5(12): 1096-1100.