基于改进无证书公钥密码的轻量级DTLS协议设计

物联网在快速发展的同时，其数据交互容易遭受各种攻击.为了保证物联网传输层协议UDP传输数据的安全，在TLS协议架构基础上扩展形成了支持UDP数据报安全传输的DTLS（DatagramTLS）协议.现行的DTLS协议基于公钥证书密码体制，证书管理复杂、网络通信开销大，难以满足物联网等资源受限型网络的安全通信需求.本文提出一种基于离散对数的改进无证书公钥密码方案，设计了适应资源受限网络的轻量级DTLS协议，并基于嵌入式SSL库wolfSSL进行了协议实现.从通信开销和握手连接时间两方面，将本文提出的基于改进无证书公钥密码的DTLS协议分别与基于传统公钥证书的DTLS协议及基于身份标识的DTLS协议进行了对比实验.实验结果表明，在保证安全性的前提下，基于无证书的DTLS协议在通信开销和握手连接时间方面均优于基于公钥证书的DTLS协议和基于身份标识的DTLS协议.

Lightweight DTLS protocol design based on improved certificateless public key cryptography

The rapid development of the Internet of Things further makes its data interaction vulnerable to various attacks.To ensure the security of data transmitted by UDP, the transport layer protocol of the Internet of Things, namely the DTLS (DatagramTLS) protocol, which supports the secure transmission of UDP datagrams, has been formed on the basis of the TLS protocol architecture.However, based on certificate public key cryptography, the existing DTLS protocol has disadvantages such as complex certificate management as well as high network communication overhead, thus cannot meet the secure communication requirements of resource-constrained networks such as the Internet of Things.Here, we propose an improved certificateless public key cryptographic scheme based on discrete logarithm, and design a lightweight DTLS protocol adaptable to resource-constrained networks, and then implement the protocol based on the embedded SSL library of wolfSSL.Finally, experiments are conducted to compare the DTLS protocol based on improved certificateless public key cryptography proposed in this article with the DTLS protocol based on traditional public key certificates and the DTLS protocol based on identity markers, and experimental results verify the superiority of the proposed protocol in terms of communication overhead and handshake delay.