5G技术为智能家居行业开拓了更大的发展空间,但安全问题也日益突出,用户身份认证作为信息安全防护的第一道关卡备受关注.智能家居系统传统的认证方法存在中心化信任挑战,且资源开销大.区块链技术因其去中心化、不可篡改等优势成为研究热点,为实现分布式智能家居系统安全认证提供了新思路.但无中心认证面临着用户与多个分布式终端认证的效率问题和用户隐私泄露问题两个方面的挑战.提出了一种基于区块链的动态可信轻量级认证机制(dynamic trusted lightweight authentication mechanism,DTL).DTL机制采用联盟链构建区块链系统,既保证了仅授权的智能家居传感器节点可加入网络,又满足分布式高效认证和安全访问需求.DTL具有以下优点:(1) 针对认证效率问题,通过改进共识算法建立面向智能家居的动态可信传感设备组(DT sensor group,DTSG)认证机制,避免了传统的用户端与传感终端或者网关节点之间一对一的频繁认证引起的接入效率低和用户访问速率低问题,实现了轻量级认证;(2) 针对用户隐私保护问题,创新性地设计了DTSG机制和零知识证明结合的认证方案,在不泄露用户隐私情况下,实现了用户身份的认证.对DTL的安全特性进行了定性分析,并通过大量仿真实验对DTL的实用性和轻量级进行了验证.
The promotion of 5G provides new opportunities for the rapid development of the smart home industry, while the authentication issue of smart home systems has become a concern. The traditional centralized management and authentication methods adopted by smart home systems face centralized trust issues, and have the disadvantages of high performance overhead. Blockchain technology has become a research hotspot due to its advantages of decentralized and non-tampering features, providing new ideas for the realization of security certification for distributed smart home. Nevertheless, it also faces two challenges: the efficiency of user authentication with multiple distributed terminals and the leakage of user privacy. This study proposes a dynamic trusted lightweight authentication mechanism (DTL) based on blockchain. DTL uses consortium blockchain to build a blockchain system, which not only ensures that only authorized smart home sensor nodes can join the network, but also meets the needs of distributed security and scalability. DTL can achieve the following two advantages. (1) Aiming at the issue of authentication efficiency, by improving the consensus algorithm, a dynamic trusted sensor group (DTSG) authentication mechanism for smart homes is established, which avoids low access efficiency and low user access rate caused by one-to-one frequent authentication between the user and sensor terminal or gateway node. DTL has realized lightweight authentication. (2) For addressing the problem of user privacy protection, an authentication scheme combining DTSG mechanism and zero-knowledge proof is innovatively designed, which realizes user identity authentication without leaking user privacy. These security features are demonstrated by carrying out security analysis. Meanwhile, extensive simulations are conducted to validate the practicality and lightweight of DTL.