资源受限的NB-IoT节点的安全认证选择机制

计算机与现代化 ›› 2023, Vol. 0 ›› Issue (02): 104-109.

资源受限的NB-IoT节点的安全认证选择机制

（1. 信息工程大学密码工程学院，河南郑州 450001； 2. 福州大学至诚学院，福建福州 350000）

出版日期:2023-04-10 发布日期:2023-04-10
作者简介:李伟群（1992—），男，福建泉州人，硕士研究生，研究方向：网络信息安全，NB-IoT安全，E-mail: lwqun9080@163.com；通信作者：常朝稳（1966-），男，河南郑州人，教授，博士生导师，研究方向：网络信息安全，E-mail: changchaowen@hnsl.gov.cn；李鹏劲（1992—），男，福建泉州人，助教，研究方向：网络信息安全，E-mail： 3256161593@qq.com。
基金资助:
国家自然科学基金资助项目（61572517)

Security Authentication Selection Mechanism for Resource-constrained NB-IoT Nodes

（1. School of Cryptography Engineering， University of Information Engineering， Zhengzhou 450001， China；
2. Zhicheng College， Fuzhou University， Fuzhou 350000， China）

Online:2023-04-10 Published:2023-04-10

摘要/Abstract

摘要： 部分窄带物联网设备因资源受限无法利用群组认证方式接入核心网络，在5G网络接入认证框架下，大量设备同时接入核心网络将导致设备处于排队等待状态，引起网络拥塞。本文基于IETF工作组发布的关于资源受限设备的RFC7228标准，提出3种设备类型的群组认证方案。首先，指出窄带物联网设备采用5G接入认证存在的安全与拥塞问题；然后，提出解决的群组认证方案；最后，为3种资源受限设备确定接入认证方式。实验结果对性能与安全分析表明，所提方案符合设备群组认证所需的资源能力。相较于5G接入认证方案，所提方案可降低60%以上的网络信令数，并随组内设备的增加而降低。安全上，具有抗重放攻击、中间人攻击与Dos攻击等能力。

关键词: 窄带物联网, 资源受限设备, 群组认证, 5G网络认证协议, 网络拥塞, IETF工作组

Abstract: Some narrowband IoT devices cannot use group authentication to access the core network due to resource constraints. Under the framework of 5G network access authentication， a large number of devices accessing the core network at the same time will cause the devices to wait in a queue and cause network congestion. Based on the RFC7228 standard on resource-constrained devices issued by the IETF working group， this paper proposes a group authentication scheme for 3 device types. Firstly， the security and congestion problems of 5G access authentication for narrowband IoT devices are pointed out; then， a solution group authentication scheme is proposed; finally， the access authentication methods are determined for three resource-constrained devices. Experimental results and performance and security analysis show that the proposed scheme meets the resource capabilities required for device group authentication. Compared with the 5G access authentication scheme， the proposed scheme can reduce the number of network signaling by more than 60%， and it decreases with the increase of devices in the group. In terms of security， it has the ability to resist replay attacks， man-in-the-middle attacks and Dos attacks.

Key words: NB-IoT； resource constrained devices； group authentication； 5G network authentication protocol, network congestion； IETF working group；

李伟群, 常朝稳, 李鹏劲. 资源受限的NB-IoT节点的安全认证选择机制[J]. 计算机与现代化, 2023, 0(02): 104-109.

LI Wei-qun, CHANG Chao-wen, LI Peng-jing. Security Authentication Selection Mechanism for Resource-constrained NB-IoT Nodes[J]. Computer and Modernization, 2023, 0(02): 104-109.

参考文献［30］

［1］	ROTHWELL R. Towards the fifth-generation innovation process［J］. International Marketing Review， 1994，11（1):7-31.
［2］	ASGHARI P， RAHMANI A M， JAVADI H H S. Internet of Things applications: A systematic review［J］. Computer Networks， 2018，148. DOI:10.1016/j.comnet.2018.12.008.
［3］	MIGABO E M， DJOUANI K D， KURIEN A M. The narrowband Internet of Things （NB-IoT) resources management performance state of art， challenges， and opportunities［J］. IEEE Access， 2020，8:97658 - 97675.
［4］	EBRAHIMI S， BAYAT-SARMADI S， MOSANAEI-BOORANI H. Post-quantum cryptoprocessors optimized for edge and resource-constrained devices in IoT［J］. IEEE Internet of Things Journal， 2019，6（3):5500-5507.
［5］	KOUTSOS A. The 5G-AKA Authentication Protocol Privacy［C］// 2019 IEEE European Symposium on Security and Privacy （EuroS&P). 2019:464-479.
［6］	CHEN Y W， WANG J T， CHI K H， et al. Group-based authentication and key agreement［J］. Wireless Personal Communications: An International Journal， 2012，62（4):965-979.
［7］	LAI C Z， LI H， LI X Q， et al. A novel group access authentication and key agreement protocol for machine-type communication［J］. Transactions on Emerging Telecommunications Technologies， 2015，26（3):414-431.
［8］	LAI C Z， LI H， LU R X， et al. SE-AKA: A secure and efficient group authentication and key agreement protocol for LTE networks［J］. Computer Networks， 2013，57（17):3492-3510.
［9］	HARN L， HSU C. A novel design of membership authentication and group key establishment protocol［J］. Security and Communication Networks， 2017，2017:1-7.
［10］	CAO J， YU P， MA M D， et al. Fast authentication and data transfer scheme for massive NB-IoT devices in 3GPP 5G network［J］. IEEE Internet of Things Journal， 2019，6（2):1561-1575.
［11］	YU P， CAO J， MA M D， et al. Quantum-resistance authentication and data transmission scheme for NB-IoT in 3GPP 5G networks［C］// 2019 IEEE Wireless Communications and Networking Conference （WCNC). 2019:1-7.
［12］	ZHANG Y H， REN F Y， WU A X， et al. Certificateless multi-party authenticated encryption for NB-IoT terminals in 5G Networks［J］. IEEE Access， 2019，7:114721-114730.
［13］	BORMANN C E M K A. RFC 7228: Terminology for Constrained Node Networks［EB/OL］. （2014-05-01)［2022-02-03］. https://datatracker.ietf.org/doc/html/rfc7228.
［14］	THAKOR V A， RAZZAQUE M A， KHANDAKER M R A. Lightweight cryptography algorithms for resource-Constrained IoT devices: A review， comparison and research opportunities［J］. IEEE Access，2021，9:28177-28193.
［15］	HATZIVASILIS G， FYSARAKIS K， PAPAEFSTATHIOU I， et al. A review of lightweight block ciphers［J］. Journal of Cryptographic Engineering， 2018，8（2):141-184.
［16］	MCKAY K A， BASSHAM L， TURAN M S， et al. Report on Lightweight Cryptography［R］. U.S. Department of Commerce， 2017.
［17］	NAIK N. Choice of effective messaging protocols for IoT systems: MQTT， CoAP， AMQP and HTTP［C］// 2017 IEEE International Systems Engineering Symposium （ISSE). 2017:1-7.
［18］	3GPP TS 33.102， 3G Security［S/OL］. ［2022-03-02］.https://www.3gpp.org/DynaReport/33102.htm.
［19］	3GPP TS 33.401， 3GPP System Architecture Evolution （SAE)［S/OL］. ［2022-03-02］. https://www.3gpp.org/DynaReport/33401.htm.
［20］	XIAO Y L， WU Y. 5G-IPAKA: An improved primary authentication and key agreement protocol for 5G Networks［J］. Information （Switzerland)， 2022，13（3). DOI:10.3390/info13030125.
［21］	LIU T， WU F， LI X， et al. A new authentication and key agreement protocol for 5G wireless networks［J］. Telecommunications Systems， 2021，78（3):317-329.
［22］	MOGHADAM M F， NIKOOGHADAM M， JABBAN M A B A， et al. An efficient authentication and key agreement scheme based on ECDH for wireless sensor network［J］. IEEE Access， 2020，8:73182-73192.
［23］	ALI S， ASHRAF H， KHAN I， et al. An efficient cryptographic technique using modified Diffie-Hellman in wireless sensor network［J］. International Journal of Distributed Sensor Networks， 2020，16（6):1-24.
［24］	STRANGIO M A. Efficient Diffie-Hellmann two-party key agreement protocols based on elliptic curves［C］// Proceedings of the 2005 ACM symposium on Applied computing. 2005:324-331.
［25］	MAXWELL G， POELSTRA A， SEURIN Y， et al. Simple Schnorr multi-signatures with applications to Bitcoin［J］. Designs， Codes and Cryptography，2019，87（9):2139-2164.
［26］	KOVATSCH M， DUQUENNOY S， DUNKELS A. A low-power CoAP for Contiki［C］// 2011 IEEE Eighth International Conference on Mobile Ad-Hoc and Sensor Systems. 2011:855-860.
［27］	DUNKELS A， GRONVALL B， VOIGT T. Contiki - a lightweight and flexible operating system for tiny networked sensors［C］// 29th Annual IEEE International Conference on Local Computer Networks. 2004:455-462.
［28］	BHATTACHARJYA A， ZHONG X， WANG J， et al. CoAP—Application layer connection-less lightweight protocol for the Internet of Things （IoT) and CoAP-IPSEC Security with DTLS Supporting CoAP［M］// Digital Twin Technologies and Smart Cities. Cham: Springer International Publishing， 2019:151-175.
［29］	常相茂，占俊，王志伟. 低开销的NB-IoT节点群组身份安全认证协议［J］. 通信学报， 2021，42（12):152-162.
［30］	马国峻，白磊，裴庆祺，等. 一种物联网端到端安全方案［J］. 信息网络安全， 2017（10):13-21.

[1]	肖权权;段迅. 队列管理算法DropTail和RED研究与仿真[J]. 计算机与现代化, 2011, 1(11): 40-3.
[2]	王光辉;万晓冬. S-Fuzzy2PI：一种新的主动队列管理算法[J]. 计算机与现代化, 2009, 1(10): 14-4.