计算机工程与设计2024,Vol.45Issue(7) :2066-2073.DOI:10.16208/j.issn1000-7024.2024.07.020

基于国密算法的CoAP安全协议研究与实现

Research and implementation of CoAP security protocol based on domestic cryptographic algorithms

宋永立 孙若尘 贾娟 刘泽超 高玫
计算机工程与设计2024,Vol.45Issue(7) :2066-2073.DOI:10.16208/j.issn1000-7024.2024.07.020
  • NETL
  • NSTL
  • 万方数据

基于国密算法的CoAP安全协议研究与实现

Research and implementation of CoAP security protocol based on domestic cryptographic algorithms

宋永立 1孙若尘 2贾娟 1刘泽超 3高玫1
扫码查看

作者信息

  • 1. 中国航天科工集团第二研究院七○六所,北京 100854
  • 2. 哈尔滨工程大学计算机科学与技术学院,黑龙江哈尔滨 150001
  • 3. 哈尔滨工程大学计算机科学与技术学院,黑龙江哈尔滨 150001;哈尔滨工程大学电子政务建模仿真国家工程实验室,北京 100037
  • 折叠

摘要

随着接入物联网的小型设备增多,受限应用协议(constrained application protocol,CoAP)的使用频率上升,对CoAP通信安全性的关切也日益突显.为确保客户端与服务器通信的安全性,提出一种基于国产密码算法的创新性CoAP安全方案.在配置阶段,将预共享密钥硬编码到设备中;身份认证及密钥协商阶段采用基于有效负载的加密方法,通过两条握手消息完成双方身份认证,并获取用于数据传输的协商密钥;数据传输阶段采用观察者模式,客户端发送观察资源请求,依赖服务器加密传输资源,实现节能观察.安全方案使用SM4算法对身份认证和数据传输的数据进行加密,利用SM3算法验证消息完整性,有效提升了 CoAP的安全防护能力.安全性分析和仿真实验结果展示了其在计算、通信和存储方面的卓越性能,确保了方案能够满足实际应用需求.

Abstract

With the increasing integration of small devices into the internet of things(IoT),the utilization of the constrained application protocol(CoAP)is on the rise,accentuating concerns about the security of CoAP communication.To ensure secure communication between clients and servers,an innovative CoAP security solution based on domestic cryptographic algorithms was proposed.In the configuration phase,pre-shared keys were hard-coded into devices.A payload-based encryption method was employed in the identity authentication and key negotiation phase,completing mutual authentication with two handshake messa-ges and obtaining negotiated keys for data transmission.In the data transmission phase,an observer pattern was applied,where the client sent an observe resource request,the reliable server encrypt and transmit resources,achieving energy-efficient observa-tion.The SM4 algorithm was used in the security solution to encrypt data in identity authentication and data transmission,and the SM3 algorithm was used to verify the message integrity.Simulation experiment results demonstrate outstanding performance in computation,communication,and storage,ensuring that the solution meets practical application requirements.

关键词

国密算法/受限制应用协议/身份认证/密钥协商/数据加密/数据传输/安全防护

Key words

domestic cryptographic algorithms/constrained application protocol/identity authentication/key negotiation/data encryption/data transmission/safety protection

引用本文复制引用

基金项目

国家重点研发计划基金项目(2021YFB1716304)

工信部产业基础再造和制造业高质量发展专项基金项目(TC220A04X-1)

出版年

2024
计算机工程与设计
中国航天科工集团二院706所

计算机工程与设计

CSTPCD北大核心
影响因子:0.617
ISSN:1000-7024
段落导航相关论文