杨珍娜,范九伦,祝剑,韩刚

• 1:西安邮电大学网络空间安全学院
• 2:西安邮电大学学报编辑部

摘要(Abstract)：

针对工业互联网中合法用户验证和用户隐私保护方面存在的缺陷，提出一种通用串行总线(Universal Serial Bus, USB)大容量存储设备的增强型安全协议(Control Protocol for USB,CPFU)。在YWC协议中引入新的哈希函数进行加密，使得攻击者在获取部分信息情况下，无法通过合法用户验证。基于Bellare-Rogaway不可区分性模型，将用户和服务器密钥进行交换，保证用户和服务器相互认证和协议会话密钥的机密性，为用户提供隐私保护。安全性分析表明，该协议具有用户隐私保护、防止密钥恢复攻击、防止离线口令猜测攻击、防止重放攻击和防止被盗验证者攻击等功能，并能够实现工业互联网存储设备USB端口文件的匿名传输，满足工业互联网存储设备安全需求。性能分析表明，该协议能够有效均衡计算与通信开销，安全性更高。

关键词(KeyWords)： 工业互联网;USB存储设备;用户验证;用户隐私;密钥恢复

Abstract:

Keywords:

基金项目(Foundation): 国家自然科学基金项目(62071378,62071379,62171380,62102312);; 工业和信息化部通信软科学研究项目(2021R45);; 陕西省自然科学基础研究计划项目(2021JQ-722);; 陕西省高校科协青年人才托举计划项目(20210119)

作者(Author): 杨珍娜,范九伦,祝剑,韩刚

DOI: 10.13682/j.issn.2095-6533.2022.01.006

参考文献(References)：

• [1] LETTINGA G,VAN V A F M,HOBMA S W,et al.Use of the upflow sludge blanket (USB) reactor concept for biological wastewater treatment,especially for anaerobic treatment[J].Biotechnology and Bioengineering,1980,22(4):699-734.
• [2] 罗韬.USB存储设备访问控制的设计与实现[J].信息化研究，2009,35(5):23-25.LU T.Design and implementation of USB storage device access control[J].Information Research,2009,35(5):23-25.(in Chinese)
• [3] 张锋，朱振荣，史胜伟.一种高速免驱USB加密卡的设计与实现[J].计算机工程，2017,43(1):292-296.ZHANG F,ZHU Z R,SHI S W.Design and implementation of a high speed driverless USB encryption card[J].Computer Engineering,2017,43(1):292-296.(in Chinese)
• [4] 吕志强，刘喆，常子敬，等.恶意USB设备攻击与防护技术研究[J].信息安全研究，2016,2 (2):150-158.LV Z Q,LIU Z,CHANG Z J,et al.Research on malicious USB device attack and protection technology[J].Information Security Research,2016,2 (2):150-158.(in Chinese)
• [5] KU W C,CHEN S M.Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards[J].IEEE Trans on Consumer Electronics,2004,50(1):204-207.
• [6] YOON E J,RYU E K,YOO K Y.Further improvement of an efficient password based remote user authentication scheme using smart cards[J].IEEE Trans on Consumer Electronics,2004,50(2):612-614.
• [7] YANG F Y,WU T D,CHIU H S.A secure control protocol for USB mass storage devices[J].IEEE Transactions on Consumer Electronics,2010,56(4):2339-2343.
• [8] YANG F Y,WU T D,CHIU S H.A secure control protocol for USB mass storage devices[J].IEEE Trans on Consumer Electronics,2011,56(4):2239-2343.
• [9] LEE K,SEOL S.Applying CoAP for real-time device control over public networks[C]//Proceedings of the 2018 International Conference on Electronics,Information,and Communication (ICEIC).Honolulu:IEEE,2018:1-2.
• [10] HE D,KUMAR N,LEE J H,et al.Enhanced three-factor security protocol for consumer USB mass storage devices[J].IEEE Trans on Consumer Electronics,2014,60(1):30-37.
• [11] GIRI D,SHERRATT R S,MAITRA T.A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer usb mass storage devices[J].IEEE Trans on Consumer Electronics,2016,62(3):283-291.
• [12] 韩刚，李辉.大容量存储设备身份认证与数据保护方案研究[J].西北工业大学学报，2018,36(3):550-557.HAN G,LI H.Research on identity authentication and data protection scheme of large capacity storage equipment[J].Journal of Northwest University of Technology,2018,36(3):550-557.(in Chinese)
• [13] 刘忻，杨浩睿，郭振斌，等.一种实现在线注册与权限分离的工业物联网身份认证协议[J].信息网络安全，2021,21(7):1-9.LIU X,YANG H R,GUO Z B,et al.An identity authentication protocol for industrial Internet of Things that realizes online registration and permission separation[J].Information Network Security,2021,21(7):1-9.(in Chinese)
• [14] 张中亚，吴文玲，邹剑.多轮EM结构的量子差分碰撞密钥恢复攻击[J].计算机研究与发展，2021(12):2811-2818.ZHANG Z Y,WU W L,ZOU J.Quantum differential collision key recovery attack on multi-round EM structure[J].Computer Research and Development,2021(12):2811-2818.(in Chinese)
• [15] 郑东，赵庆，张应辉.密码学综述[J].西安邮电大学学报，2013,18(6):1-10.ZHENG D,ZHAO Q,ZHANG Y H.Overview of cryptography[J].Journal of Xi'an University of Posts and Telecommunications,2013,18(6):1-10.(in Chinese)
• [16] 韩刚，庞龙，罗维，等.基于属性更新的MSP数据访问控制机制[J].西安邮电大学学报，2021,26(4):53-59.HAN G,PANG L,LUO W,et al.MSP data access control mechanism based on attribute updating[J].Journal of Xi'an University of Posts and Telecommunications,2021,26 (4):53-59.(in Chinese)
• [17] LU Y,LI L,PENG H,et al.A secure and efficient mutual authentication scheme for session initiation protocol[J].Peer-to-Peer Networking and Applications,2016,9(2):449-459.
• [18] 徐伟，危蓉.基于消息队列遥测传输和椭圆曲线加密的物联网身份验证方案[J].厦门大学学报(自然科学版),2021,60(6):1024-1031.XU W,WEI R.Authentication scheme of internet of things based on message queuing telemetry transmission and elliptic curve encryption[J].Journal of Xiamen University (Natural Science Edition),2021,60(6):1024-1031.(in Chinese)
• [19] 廉文娟，赵朵朵，范修斌.基于CFL_BLP模型的CFL SSL安全通信协议[J].计算机工程，2021,47(6):152-163.LIAN W J,ZHO D D,FAN X B.CFL SSL secure communication protocol based on CFL_BLP model[J].Computer Engineering,2021,47(6):152-163.(in Chinese)
• [20] BELLARE M,ROGAWAY P.Entity authentication and key distribution[C]//Proceedings of the Annual International Cryptology Conference.Berlin:Springer,1993:232-249.