Computer Engineering and Applications ›› 2021, Vol. 57 ›› Issue (2): 119-126.DOI: 10.3778/j.issn.1002-8331.1912-0432

Previous Articles     Next Articles

tPUF-Based Security Access Scheme for IoT Devices

ZOU Jianwen, ZHAO Bo, LI Xiang, LIU Yifan, LI Jiayue   

  1. Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China
  • Online:2021-01-15 Published:2021-01-14

基于tPUF的物联网设备安全接入方案

邹建文,赵波,李想,刘一凡,黎佳玥   

  1. 武汉大学 国家网络安全学院 空天信息安全与可信计算教育部重点实验室,武汉 430072

Abstract:

Aiming at the problem that the existing IoT device secure access scheme is not applicable to resource-constrained IoT devices, a tPUF-based IoT device secure access scheme is proposed. Utilizing Physical Unclonable Function(PUF), IoT devices do not need to store any secret information, enabling mutual authentication between the device and the authenticator, and negotiating session keys. It utilizes Trusted Network Connect(TNC) technology to achieve identity authentication, platform identity authentication, and integrity authentication of IoT devices from the authentication end. Security analysis shows that the scheme can effectively resist tampering, replication, and physical attacks. Experimental results show that, compared with other schemes, this scheme significantly reduces the equipment resource overhead.

Key words: Internet of Things, physical unclonable function, trusted network connection, mutual authentication, device security access

摘要:

针对现有的物联网设备安全接入方案不适用于资源受限的物联网设备的问题,提出一种基于tPUF的物联网设备安全接入方案。利用物理不可克隆函数技术(Physical Unclonable Function,PUF),物联网设备不需要存储任何秘密信息,实现设备与认证端的双向认证以及协商会话秘钥;利用可信网络连接技术(Trusted Network Connect,TNC),完成认证端对物联网设备的身份认证、平台身份认证、完整性认证。安全性分析表明,方案能够有效抵抗篡改、复制、物理攻击等。实验结果表明,相较于其他方案,该方案明显降低了设备的资源开销。

关键词: 物联网, 物理不可克隆函数, 可信网络连接, 双向认证, 设备安全接入