摘要
工业互联网相对开放的网络环境可能导致身份伪造和数据泄露等安全隐患,因而实现有效身份认证并确保用户账户安全至关重要。而现有工业互联网认证协议大多专注于认证阶段,对认证设备丢失后的账户恢复问题则缺乏重视。此外,国家对密码应用的自主可控也有明确要求。为此,提出了基于SM2异步远程密钥生成(ARKG)的账户恢复协议。首先,采用SM2盲化密钥封装机制和模糊提取器设计ARKG协议,实现了私钥与用户生物特征的绑定,并增强了派生私钥的安全性。基于该ARKG构造,提出工业互联网账户恢复协议,实现用户与服务器在协议恢复阶段的双向认证,并有效应对备份验证设备丢失问题。可证明安全分析与性能评估实验表明,所提协议可满足工业互联网的高安全性和可用性需求。
The openness network environment of the industrial Internet may lead to security risks such as identity forgery and data leakage,making it crucial to achieve effective authentication and ensure account security.However,existing industrial Internet authentication protocols mostly focus on the authentication phase and often overlooking the issue of account recovery in cases of lost authenticators.Moreover,there are explicit national requirements for autonomy and control in cryptographic applications.Therefore,an account recovery protocol based on SM2 asynchronous remote key generation(ARKG)was proposed.Firstly,the SM2 blind key encapsulation mechanism and fuzzy extractor were used to design the ARKG algorithms,which bound the private key to the user’s biometric features and enhances the security of derived private keys.Based on this ARKG construction,an industrial Internet account recovery protocol was proposed,achieving mutual authentication between the user and the server in the recovery phase and effectively addressing the issue of lost backup authenticators.Security analysis and experimental results demonstrate that the proposed protocol meets the high security and usability requirements of the industrial Internet.
作者
肖浩
杨雪
姜奇
余增文
李兴华
马建峰
XIAO Hao;YANG Xue;JIANG Qi;YU Zengwen;LI Xinghua;MA Jianfeng(School of Cyber Engineering,Xidian University,Xi’an 710071,China;Laboratory for Big Data and Decision,Changsha 410073,China;Hainan Nuclear Power Co.,Ltd.,Changjiang 572732,China;Beijing Institute of Computer Technology and Application,Beijing 100039,China)
出处
《通信学报》
北大核心
2025年第5期47-64,共18页
Journal on Communications
基金
国家自然科学基金资助项目(No.62472337,No.62072352,No.62125205,No.62372350)
陕西省杰出青年科学基金资助项目(No.2025JC-JCQN-084)。
