本文關(guān)鍵詞：基于群組的MTC認(rèn)證和密鑰協(xié)商協(xié)議研究　出處：《西安電子科技大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

  更多相關(guān)文章： 機(jī)器類型通信(MTC) 認(rèn)證和密鑰協(xié)商 代理簽名 通用認(rèn)證架構(gòu)(GAA)

【摘要】：隨著物聯(lián)網(wǎng)的普及,作為物聯(lián)網(wǎng)的實(shí)現(xiàn)形式之一,機(jī)器類型通信(MTC)獲得了飛速發(fā)展,在智能家居、智能電網(wǎng)、電子醫(yī)療以及遠(yuǎn)程監(jiān)控與追蹤等領(lǐng)域得到廣泛應(yīng)用。憑借著低成本、低能耗、易于部署以及無需人工參與等優(yōu)點(diǎn),機(jī)器類型通信有著巨大的發(fā)展前景,但是現(xiàn)有承載網(wǎng)絡(luò)是面向人對(duì)人通信設(shè)計(jì)的,缺少針對(duì)機(jī)器類型通信的優(yōu)化,海量的機(jī)器類型通信設(shè)備同時(shí)進(jìn)行數(shù)據(jù)收發(fā)時(shí)會(huì)對(duì)現(xiàn)有網(wǎng)絡(luò)形成巨大沖擊,造成核心網(wǎng)的信令擁塞和關(guān)鍵節(jié)點(diǎn)的過載；在對(duì)實(shí)時(shí)性要求較高的機(jī)器類型通信的應(yīng)用中,海量高并發(fā)的業(yè)務(wù)請(qǐng)求使服務(wù)器無時(shí)無刻不處于繁重的信息處理工作中,對(duì)應(yīng)用服務(wù)器的性能和服務(wù)質(zhì)量都提出了嚴(yán)峻挑戰(zhàn)。針對(duì)上述問題雖然已經(jīng)有一些優(yōu)化方案,但是這些方案主要關(guān)注于如何設(shè)計(jì)接入控制機(jī)制來緩解MTC通信對(duì)現(xiàn)有網(wǎng)絡(luò)的沖擊,幾乎沒有考慮在應(yīng)用層面上如何減輕業(yè)務(wù)數(shù)據(jù)擁塞和服務(wù)器過載,尤其是應(yīng)用層上認(rèn)證與密鑰協(xié)商階段的優(yōu)化問題。因此,本文對(duì)機(jī)器類型通信在應(yīng)用層上的認(rèn)證和密鑰協(xié)商機(jī)制進(jìn)行了深入研究,通過改進(jìn)的群組密鑰協(xié)商機(jī)制和代理機(jī)制來降低核心網(wǎng)信令開銷,減輕服務(wù)器負(fù)荷,所取得的主要研究成果有：1.對(duì)多媒體業(yè)務(wù)中的MTC群組密鑰協(xié)商協(xié)議進(jìn)行了研究。在支持多媒體業(yè)務(wù)的機(jī)器類型通信的應(yīng)用中,服務(wù)器與每個(gè)機(jī)器類型通信設(shè)備的通信內(nèi)容是相同的。利用這一特點(diǎn),服務(wù)器可以以廣播的方式向組中所有機(jī)器類型通信設(shè)備發(fā)送業(yè)務(wù)數(shù)據(jù)流。同時(shí),為了業(yè)務(wù)數(shù)據(jù)流的安全,服務(wù)器與組中各個(gè)機(jī)器類型通信設(shè)備需要共享一個(gè)群組密鑰。論文提出了一種基于群組的密鑰協(xié)商方案。該方案中應(yīng)用服務(wù)器分別與群組中各終端設(shè)備通過通用認(rèn)證架構(gòu)GAA生成預(yù)共享密鑰,并通過廣播的形式向群組設(shè)備分發(fā)計(jì)算群組密鑰所需的必要信息。利用上述信息應(yīng)用服務(wù)器與群組設(shè)備可獨(dú)立計(jì)算出多媒體廣播業(yè)務(wù)所需的安全的會(huì)話密鑰。分析表明,與現(xiàn)有的廣播多播業(yè)務(wù)MBMS的群組密鑰分發(fā)方案相比,該密鑰協(xié)商方案具有較少的消息交互輪數(shù)和通信開銷。2.對(duì)基于群組代理的MTC應(yīng)用架構(gòu)及基于代理的認(rèn)證和密鑰協(xié)商協(xié)議進(jìn)行了研究。通過毛細(xì)網(wǎng)絡(luò)接入是機(jī)器類型通信的一種常見接入形式,網(wǎng)絡(luò)中的設(shè)備通常不具有蜂窩移動(dòng)通信能力,因此傳統(tǒng)的通用認(rèn)證架構(gòu)GAA不再適用于設(shè)備和服務(wù)器間的認(rèn)證和密鑰協(xié)商。論文提出了基于群組代理的MTC應(yīng)用架構(gòu),由網(wǎng)關(guān)作為服務(wù)器的代理,代替服務(wù)器對(duì)機(jī)器類型通信設(shè)備進(jìn)行認(rèn)證,并引入代理管理員,處理服務(wù)器的代理請(qǐng)求并管理代理群。基于該架構(gòu)的認(rèn)證和密鑰協(xié)商協(xié)議中,代理網(wǎng)關(guān)與機(jī)器類型通信設(shè)備進(jìn)行雙向認(rèn)證,認(rèn)證通過后,網(wǎng)關(guān)向服務(wù)器發(fā)送必要信息,使得服務(wù)器計(jì)算出與各個(gè)機(jī)器類型通信設(shè)備之間的通信密鑰。分析表明,該協(xié)議滿足抗共謀攻擊、抗中間人攻擊、抗重放攻擊等特性；并且降低了核心網(wǎng)的通信開銷,減輕了服務(wù)器的負(fù)擔(dān)。
[Abstract]:With the popularity of the Internet of things, as a form of networking, machine type communication (MTC) has been developing rapidly, in the smart grid, intelligent Home Furnishing, widely used electronic medical and remote monitoring and tracking fields. Because of its low cost, low energy consumption, easy to deploy and without artificial participation. The machine type communication has great prospects for development, but the existing network is for the person to person communication design, aiming at the lack of optimization of machine type communication, machine type communication equipment at the same time, the massive data transceiver will form a huge impact on the existing network overload, signaling congestion and key nodes caused by core network; application the machine type communication real-time in the massive high concurrent service request to the server is not in the information processing every hour and moment of the heavy work in the application server The performance and quality of service has posed a severe challenge. In order to solve the above problems although there have been some optimization solutions, but these solutions mainly focus on how to design the access control mechanism to mitigate the impact on the existing MTC communication network, almost did not consider how to reduce business data congestion and server overload at the application level, especially the optimization of application layer on the authentication and key agreement stage. Therefore, this paper makes a deep research on the authentication and key agreement mechanism of machine type communication at the application layer, reduce core network signaling overhead through improved group key negotiation mechanism and proxy mechanism, reduce the server load, the main research results are: MTC group key agreement 1. of the multimedia services are studied. The application of machine type communication for multimedia services in the server and each machine The communication content type communication equipment is the same. Using this characteristic, the server can broadcast to all the way to the machine type communication device transmits business data to the group flow. At the same time, in order to secure business data flow, each machine type communication equipment need to share a group key server and the group. This paper proposes a a key agreement scheme based on group. In this scheme, the application server in each group respectively with the terminal equipment through the general shared key authentication architecture GAA gennerate, and calculated the necessary information required by the form of group key to group broadcast equipment distribution. Can independently calculate the session key security of multimedia broadcast service required by the the information application server and group equipment. Analysis shows that, with the existing broadcast multicast group key distribution scheme is compared with the MBMS business, the key agreement scheme With fewer rounds of message exchange and communication overhead of.2. MTC application architecture based on agent and group authentication and key negotiation protocol based on agent is studied. Through the capillary network access is a common form of access machine type communication, network equipment usually has cellular mobile communication ability, authentication and key agreement so generic authentication architecture of traditional GAA is no longer applicable to equipment and server. This paper presents MTC application architecture based on agent group, as the server by the gateway proxy server, instead of on the machine type communication device for authentication, and introduces the proxy server administrator, the proxy request processing and management agent group. Based on the authentication and key agreement the protocol architecture, proxy gateway and machine type communication equipment for two-way authentication, after authentication, the gateway to the server to send the necessary Information enables the server to calculate the communication key between the communication devices of various machine types. The analysis shows that the protocol satisfies the collusion attack, anti middle man attack and anti replay attack characteristics, and reduces the communication cost of the core network, and lightens the burden of the server.

【學(xué)位授予單位】：西安電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TN918.4

【參考文獻(xiàn)】

相關(guān)博士學(xué)位論文 前1條

1 肖攸安;網(wǎng)絡(luò)信息安全中的橢圓曲線公鑰密碼體系的研究[D];武漢理工大學(xué);2003年

，

本文編號(hào)：1432504