物联网中适用于野外战场的基于口令的安全通信方案_英文_

722011．1AbstractMobileAdhocNETworkMANETisapartoftheInternetofThingsIoT．Inbattlefieldcommunicationsystemsgroundsoldierstanksandunmannedaerialvehiclescompriseaheteroge-neousMANET．In2006Byunetal．proposedthefirstconstant-roundpassword-basedgroupkeyexchangewithdifferentpasswordsforsuchnetworks．In2008Nametal．discoveredtheshortcomingsoftheschemeandmodifiedit．Buttheworksonlyprovidethegroupkey．Inthispaperweproposeapassword-basedsecurecommunicationschemefortheIoTwhichcouldbeappliedinthebattlefieldcommunica-tionsystemsandsupportdynamicgroupinwhichthenodesjoinorleave．ByperformingtheschemethenodesintheheterogeneousMANETcanrealizesecurebroadcastsecureunicastandsecuredirectcommunicationacrossrealms．Aftertheanalyseswedemon-stratethattheschemeissecureandefficient．KeywordsInternetofThingspasswordbroad-castunicastdirectcommunicationacrossrealmsI．INTRODUCTIONTheInternetofThingsIoTisatechnologicalrevolutionthatrepresentsthefutureofcompu-tingandcommunicationsanditisneithersci-encefictionnorindustryhypeitisbasedonsol-idtechnologicaladvancesandvisionsofnetworkubiquitythatarezealouslybeingrealized1．Whencomputationalpoweranddigitalcommu-nicationsareembeddedinalmostallobjectssur-roundinghumanIoTwillbecreatedandthenewkindofubiquitousapplicationswillbecomepossible2．Theywillpervadepeople'sdailylivesandotherareassuchasindustrialproduc-tionsandwars．Insuchacommunicationsystemsensitiveinformationwillbetransmittedsoinforma-tionsecuritymustbeconsidered．IoT'sdevelopmentRESEARCHPRPER2011．173dependsonwirelesssensors．Butsensorshavenotbeendeployedonalargescaleduetoenergyandre-sourceconstraintsandthelackofastrongsecuritymechanism3-4．MobileAdhocNETworkMANETisapartoftheIoT．Itisawirelessnetworkcomposedofmobilenodesthatrequirelittleornofixedinfra-structuretocommunicateandithasdynamicpropertybecauseanymobilenodemayjoinorleavethenetworkatanygiventime5．Tocommunicatesecurelyinthenetworkallnodesshouldsharesecretkeysbyexchangingmessages6-9．Toprotectcommunicationbetweenmo-bilenodesinMANETByunetal．10pro-posedapassword-basedgroupkeyexchangeschemewithmembers'differentpasswords．TheschemepresentsamultilayerMANETcomposedofthreekindsofnetworkunitswithheterogene-ousresourcestocommunicateandcompute．Theschemeonlyconsidersgroupkeyexchangeinonerealm．Intherealbattlefieldsthenodesofdif-ferentrealmswillcommunicate．Somecross-realmschemeshavebeendesigned11-14．In2008Nametal．15pointedoutthattheschemeinRef.10cannotguaranteeforwardsecurityandpasswordsecurity．InthispaperwefocusonaheterogeneousmultilayerMANETwithmobilebackbonenodesunmannedaerialvehiclesgroundsol-diersnodeswithsensors．BasedonRef．10wedesignapassword-basedsecurecommunica-tionschemeforthedynamicMANET．ThisschemeprotectscommunicationbetweenMBNnodesandUAVnodesfollowingRef．10．InthefirstgroundourpapershowsthemethodtogenerategroupkeyasdescribedinRefs．10and15．Thenweproposeaunicastkeyschemeandadirectcommunicationkeyscheme．II．RELATIONALKNOWLEDGEA．NetworkenvironmentAsillustratedinFigure1thebattlefieldcom-municationsystemiscomposedoftheregulargroundmobilenodesGNthemobileback-bonenodesMBNandtheunmannedaerialvehiclenodesUAV．TheyarethesameasinRef.10．Fig．1FrameworkofbattlefieldcommunicationsystemB．RequirementsBattlefieldcommunicationsystemswithheteroge-neouswirelessnetworksneedmeetthefollowingrequirementsbesidestheexistingrequirementsforgeneralsystems．1ConfidentialityToprotectthedatatransmittedbyencryp-tionasecurekeymanagementschemeisessen-tial．Inabattlefieldsystemthekeymanage-mentsystemshouldachievethefollowingobjec-tives．①Broadcast．ToprotectthecommandsbroadcastedfromMBNtoGNtheschemeshouldprovidebroadcastkey．②Unicast．ToprotectthemessagessentfromaparentnodeMBNorUAVtochildnodesinbattlefieldcommunicationsystemstheschemeshouldprovideunicastkey．③Directcommunication．Twonodesinonelayercouldcommunicate．Theschemeshouldprovidedirectcommunicationkey．④Keyfreshness．Groupmembershipschangefrequentlyfortheadditionofnewsoldiersdeduc-tionofsoldierskilled．Eachsessionshoulduseadifferentsessionkey．2EfficiencyAstheconstraintsonthenodesexisttheschemeshouldbeefficient．3AvailabilityInthesystemavailabilityismoreimportantthanconfidentiality．C．CDHassumptionLetGbeacyclicgroupofprimeorderpPisagen-eratorofGaPbP∈G．Ifaandbareunknown742011．1computingabPisimpossible．III．SECURECOMMUNICATIONSCHEMEInthesectionweproposeasecurecommunica-tionschemeforbattlefieldcommunications．Theschemesupportssecurecommunicationsinthecross-realmsetting．A．CommunicationmodelThesetupalgorithmSetupGsjoinalgorithmJoinGsGNsandremovealgorithmRemoveGsRfollowRef．10soweomitthem．1Participants．Leti=12ns∈12m．EachUAVnodehasmMBNnodesandapairofpublicandprivatekeysUKpubUKpri．LetMBN=MBN1MBN2MBNmGN=GN1GN2GNmGNs=GNs1GNs2GNsnGs=GNs∪MBNs．EachGNsi∈GNshasasecretpasswordpwsi．MBNshasapairofpublicandprivatekeysMKspubMKspriandPWsi=H1pwsi．EachofGNsregistersinMBNs．2PGA1k．InputasecurityparameterkoutputpwsiforGNsi∈GNsandPWsiforMBNsi=12n．3Securebroadcast．ThemembersofGsbroadcastencryptedmessageswithaprivatecommonsessionkeysks．4Secureunicast．GenerateaprivatesharedkeyforthecommunicationbetweenMBNsandanyGNsi．5Securedire