基于CPN的车载网络无证书匿名认证和密钥协商方案研究

郑路; 冯涛; 苏春华

doi:10.11959/j.issn.1000-436x.2024121

您当前的位置：

首页 >

文章列表页 >

基于CPN的车载网络无证书匿名认证和密钥协商方案研究

专题：工业互联网安全技术 | 更新时间：2024-08-08

- 基于CPN的车载网络无证书匿名认证和密钥协商方案研究
- Research on certificateless anonymous authentication and key agreement scheme of vehicle network based on CPN
- 通信学报 2024年45卷第6期页码：101-116
- 作者机构：
  
  1.兰州理工大学计算机与通信学院，甘肃兰州 730050
  2.日本会津大学计算机科学系，福岛会津若松 965-8580
- 作者简介：
  
  [ "郑路（1997- ），女，河南郑州人，兰州理工大学博士生，主要研究方向为制造业信息化系统与网络安全、工业互联网、车联网等。" ]
  冯涛，fengt@lut.edu.cn
  苏春华（1981- ），男，广西钦州人，博士，日本会津大学高级副教授、博士生导师，主要研究方向为密码分析、密码协议、机器学习中的隐私保护技术和物联网安全与隐私等。
- 基金信息：
  
  国家自然科学基金资助项目(62162039;61762060);甘肃省重点研发基金资助项目(23YFGA0060);甘肃省优秀博士生基金资助项目(23JRRA837)
- DOI：10.11959/j.issn.1000-436x.2024121
  中图分类号： TN393.06
- 收稿日期：2024-02-05，
  
  修回日期：2024-05-31，
  
  纸质出版日期：2024-06-25
- 稿件说明：
移动端阅览
郑路,冯涛,苏春华.基于CPN的车载网络无证书匿名认证和密钥协商方案研究[J].通信学报,2024,45(06):101-116.

ZHENG Lu,FENG Tao,SU Chunhua.Research on certificateless anonymous authentication and key agreement scheme of vehicle network based on CPN[J].Journal on Communications,2024,45(06):101-116.
郑路,冯涛,苏春华.基于CPN的车载网络无证书匿名认证和密钥协商方案研究[J].通信学报,2024,45(06):101-116. DOI： 10.11959/j.issn.1000-436x.2024121.

ZHENG Lu,FENG Tao,SU Chunhua.Research on certificateless anonymous authentication and key agreement scheme of vehicle network based on CPN[J].Journal on Communications,2024,45(06):101-116. DOI： 10.11959/j.issn.1000-436x.2024121.

摘要

为了解决现有车载网络的认证方案中普遍存在密钥托管带来的缺陷，以及没有考虑计算受限电子控制单元（ECU）轻量级部署和安全快速认证的问题，首先，针对计算不受限的ECU网络，提出了一种无双线性配对的轻量级无证书匿名认证和密钥协商方案，该方案通过椭圆曲线密码体制安全构建认证密钥对，通过哈希函数和异或等轻量级方法实现匿名认证和密钥协商。然后，针对计算受限的ECU网络，提出了一种无证书批量验证方案来降低认证成本。最后，提出了一种基于有色Petri网（CPN）和Dolev-Yao攻击者模型的安全验证方法，对整体方案进行形式化安全性评估。安全评估和性能分析表明，所提方案能有效抵抗重放、伪装、篡改、已知密钥、已知特定会话临时信息攻击等多种不同类型的攻击，在保证多重安全属性的同时有较小的计算与通信成本。

Abstract

To address the shortcomings of existing authentication schemes in vehicle networks

which commonly suffer from key escrow issues

as well as the lack of consideration for lightweight deployment and secure rapid authentication of compute-constrained electronic control unit (ECU)

a lightweight certificateless anonymous authentication and key agreement scheme without bilinear pairings was proposed for compute-unconstrained ECU networks. The authentication key pair was securely constructed by elliptic curve cryptography

anonymous authentication and key agreement were realized by lightweight methods such as hash functions and XOR operation. Additionally

a certificateless batch verification scheme was proposed to reduce the authentication costs for compute-constrained ECU networks. Finally

a security verification method based on the colored Petri net (CPN) and Dolev-Yao attacker model was proposed to evaluate the formal security of the proposed scheme. The proposed scheme is proved through security evaluation and performance analysis to effectively resist various types of attacks such as replay

spoofing

tampering

known key

known specific session temporary information attack

etc.

with multiple security attributes

small computation and communication cost.

关键词

Keywords

references

GONG X , FENG T . Lightweight anonymous authentication and key agreement protocol based on CoAP of Internet of things [J ] . Sensors , 2022 , 22 ( 19 ): 7191 .

彭维平 , 韩宁 , 宋成 . 边缘计算环境下无证书车联网身份认证方案 [J ] . 北京邮电大学学报 , 2022 , 45 ( 1 ): 46 - 51 .

PENG W P , HAN N , SONG C . Certificateless identity authentication scheme for Internet of vehicles in edge computing environment [J ] . Journal of Beijing University of Posts and Telecommunications , 2022 , 45 ( 1 ): 46 - 51 .

PALANISWAMY B , ANSARI K , REDDY A G , et al . Robust certificateless authentication protocol for the SAE J1939 commercial vehicles bus [J ] . IEEE Transactions on Vehicular Technology , 2023 , 72 ( 4 ): 4493 - 4509 .

张海波 , 兰凯 , 陈舟 , 等 . 车联网中基于环的匿名高效批量认证与组密钥协商协议 [J ] . 通信学报 , 2023 , 44 ( 6 ): 103 - 116 .

ZHANG H B , LAN K , CHEN Z , et al . Ring-based efficient batch authentication and group key agreement protocol with anonymity in Internet of vehicles [J ] . Journal on Communications , 2023 , 44 ( 6 ): 103 - 116 .

DU J Z , TANG R , FENG T . Security analysis and improvement of vehicle Ethernet SOME/IP protocol [J ] . Sensors , 2022 , 22 ( 18 ): 6792 .

张海波 , 黄宏武 , 刘开健 , 等 . 车联网中可证安全的匿名可追溯快速组认证协议 [J ] . 通信学报 , 2021 , 42 ( 6 ): 213 - 225 .

ZHANG H B , HUANG H W , LIU K J , et al . Verifiably secure fast group authentication protocol with anonymous traceability for Internet of vehicles [J ] . Journal on Communications , 2021 , 42 ( 6 ): 213 - 225 .

肖敏 , 毛发英 , 黄永洪 , 等 . 基于属性签名的车载网匿名信任管理方案 [J ] . 网络与信息安全学报 , 2023 , 9 ( 2 ): 33 - 45 .

XIAO M , MAO F Y , HUANG Y H , et al . Anonymous trust management scheme of VANET based on attribute signature [J ] . Chinese Journal of Network and Information Security , 2023 , 9 ( 2 ): 33 - 45 .

吴武飞 , 李仁发 , 曾刚 , 等 . 智能网联车网络安全研究综述 [J ] . 通信学报 , 2020 , 41 ( 6 ): 161 - 174 .

WU W F , LI R F , ZENG G , et al . Survey of the intelligent and connected vehicle cybersecurity [J ] . Journal on Communications , 2020 , 41 ( 6 ): 161 - 174 .

GROZA B , MURVAY S , HERREWEGE A , et al . Libra-CAN: lightweight broadcast authentication for controller area networks [J ] . ACM Transactions on Embedded Computing Systems , 2017 , 16 ( 3 ): 90 .

GROZA B , MURVAY S . Efficient protocols for secure broadcast in controller area networks [J ] . IEEE Transactions on Industrial Informatics , 2013 , 9 ( 4 ): 2034 - 2042 .

PALANISWAMY B , CAMTEPE S , FOO E , et al . An efficient authentication scheme for intra-vehicular controller area network [J ] . IEEE Transactions on Information Forensics and Security , 2020 , 15 : 3107 - 3122 .

WOO S , JO H J , LEE D H . A practical wireless attack on the connected car and security protocol for In-vehicle CAN [J ] . IEEE Transactions on Intelligent Transportation Systems , 2015 , 16 ( 2 ): 993 - 1006 .

MURVAY P S , GROZA B . Security shortcomings and countermeasures for the SAE J1939 commercial vehicle bus protocol [J ] . IEEE Transactions on Vehicular Technology , 2018 , 67 ( 5 ): 4325 - 4339 .

刘雪艳 , 王力 , 郇丽娟 , 等 . 车联网环境下无证书匿名认证方案 [J ] . 电子与信息学报 , 2022 , 44 ( 1 ): 295 - 304 .

LIU X Y , WANG L , HUAN L J , et al . Certificateless anonymous authentication scheme for Internet of vehicles [J ] . Journal of Electronics & Information Technology , 2022 , 44 ( 1 ): 295 - 304 .

CHENG K , BAI Y B , ZHOU Y , et al . CANeleon: protecting CAN bus with frame ID chameleon [J ] . IEEE Transactions on Vehicular Technology , 2020 , 69 ( 7 ): 7116 - 7130 .

GROZA B , MURVAY P S . Identity-based key exchange on In-vehicle networks: CAN-FD & FlexRay [J ] . Sensors , 2019 , 19 ( 22 ): 4919 .

TSAI J L , LO N W . A privacy-aware authentication scheme for distributed mobile cloud computing services [J ] . IEEE Systems Journal , 2015 , 9 ( 3 ): 805 - 815 .

HE D B , KUMAR N , KHAN M K , et al . Efficient privacy-aware authentication scheme for mobile cloud computing services [J ] . IEEE Systems Journal , 2018 , 12 ( 2 ): 1621 - 1631 .

LI Q R , HSU C F , RAYMOND CHOO K K , et al . A provably secure and lightweight identity-based two-party authenticated key agreement protocol for vehicular ad hoc networks [J ] . Security and Communication Networks , 2019 , 2019 : 1 - 13 .

CARVAJAL-ROCA I E , WANG J , DU J , et al . A semi-centralized dynamic key management framework for in-vehicle networks [J ] . IEEE Transactions on Vehicular Technology , 2021 , 70 ( 10 ): 10864 - 10879 .

LIU X G , JIN C H , LI F G . An improved two-layer authentication scheme for wireless body area networks [J ] . Journal of Medical Systems , 2018 , 42 ( 8 ): 143 .

CHENG Q F , LI Y T , SHI W B , et al . A certificateless authentication and key agreement scheme for secure cloud-assisted wireless body area network [J ] . Mobile Networks and Applications , 2022 , 27 ( 1 ): 346 - 356 .

KUMAR M , CHAND S . A lightweight cloud-assisted identity-based anonymous authentication and key agreement protocol for secure wireless body area network [J ] . IEEE Systems Journal , 2021 , 15 ( 2 ): 2779 - 2786 .

SOWJANYA K , DASGUPTA M , RAY S . An elliptic curve cryptography based enhanced anonymous authentication protocol for wearable health monitoring systems [J ] . International Journal of Information Security , 2020 , 19 ( 1 ): 129 - 146 .

WANG W M , HUANG H P , XIAO F , et al . Computation-transferable authenticated key agreement protocol for smart healthcare [J ] . Journal of Systems Architecture , 2021 , 118 : 102215 .

XU C , HUANG X H , MA M D , et al . An anonymous handover authentication scheme based on LTE-A for vehicular networks [J ] . Wireless Communications and Mobile Computing , 2018 , 2018 : 1 - 15 .

DWIVEDI S K , AMIN R , VOLLALA S , et al . B-HAS: blockchain-assisted efficient handover authentication and secure communication protocol in VANETs [J ] . IEEE Transactions on Network Science and Engineering , 2023 , 10 ( 6 ): 3491 - 3504 .

HORNG S J , TZENG S F , PAN Y , et al . B-SPECS: batch verification for secure pseudonymous authentication in VANET [J ] . IEEE Transactions on Information Forensics and Security , 2013 , 8 ( 11 ): 1860 - 1875 .

CUI J , ZHANG J , ZHONG H , et al . SPACF: a secure privacy-preserving authentication scheme for VANET with cuckoo filter [J ] . IEEE Transactions on Vehicular Technology , 2017 , 66 ( 11 ): 10283 - 10295 .

HE D B , ZEADALLY S , XU B W , et al . An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks [J ] . IEEE Transactions on Information Forensics and Security , 2015 , 10 ( 12 ): 2681 - 2691 .

KARATI A , ISLAM S H , KARUPPIAH M . Provably secure and lightweight certificateless signature scheme for IIoT environments [J ] . IEEE Transactions on Industrial Informatics , 2018 , 14 ( 8 ): 3701 - 3711 .

ZHANG Y H , DENG R H , ZHENG D , et al . Efficient and robust certificateless signature for data crowdsensing in cloud-assisted industrial IoT [J ] . IEEE Transactions on Industrial Informatics , 2019 , 15 ( 9 ): 5099 - 5108 .

YANG W J , WANG S P , HUANG X Y , et al . On the security of an efficient and robust certificateless signature scheme for IIoT environments [J ] . IEEE Access , 2019 , 7 : 91074 - 91079 .

REZAEIBAGHA F , MU Y , HUANG X Y , et al . Fully secure lightweight certificateless signature scheme for IIoT [J ] . IEEE Access , 2019 , 7 : 144433 - 144443 .

XIONG H , MEI Q , ZHAO Y N . Efficient and provably secure certificateless parallel key-insulated signature without pairing for IIoT environments [J ] . IEEE Systems Journal , 2020 , 14 ( 1 ): 310 - 320 .

龚翔 , 冯涛 , 杜谨泽 . 基于CPN的安全协议形式化建模及安全分析方法 [J ] . 通信学报 , 2021 , 42 ( 9 ): 240 - 253 .

GONG X , FENG T , DU J Z . Formal modeling and security analysis method of security protocol based on CPN [J ] . Journal on Communications , 2021 , 42 ( 9 ): 240 - 253 .

YAN Z P , GU C L , HUANG H J . Analysis for threat models and improvement scheme of 5G AKA protocol based on petri-net [C ] // Proceedings of the 2021 IEEE 21st International Conference on Communication Technology (ICCT) . Piscataway : IEEE Press , 2021 : 11 - 17 .

GONG X , FENG T , ALBETTAR M . PEASE: a PUF-based efficient authentication and session establishment protocol for machine-to-machine communication in industrial IoT [J ] . Electronics , 2022 , 11 ( 23 ): 3920 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于CPN的安全协议形式化建模及安全分析方法

室内定位隐私保护综述

基于计算模型的安全协议Swift语言实施安全性分析

SSMCI：以攻击者为中心的安全协议验证机制

改进的安全协议自适应分析算法