一种新型C-V2X车联网终端初始安全配置方案

A novel initial security configuration solution for C-V2X devices

在终端上安全部署数字证书是基于PKI的C-V2X直连通信安全机制发挥作用的先决条件。针对传统离线灌装方法成本高的缺点,本文提出一种基于4G/5G网络GBA开放安全能力的新型C-V2X终端初始安全配置方案。利用USIM在用户标识、根密钥、GBA能力及硬件安全环境方面的固有优势,V2X终端能够在最初阶段通过4G/5G网络与CA中心实现双向身份认证并建立安全连接,随后在线申请数字证书,自主完成安全初始化。该方案可避免生产线安全环境的升级改造,极大地降低企业C-V2X技术引入成本,具有简单有效、安全可靠、兼容性好、成熟度高和扩展性强的特点。

Deploying digital certifi cates on terminal devices safely is a prerequisite for PKI based C-V2X direct communication security mechanism to play a role.To overcome the shortcoming of high cost of traditional out-band injection method,a novel initial security confi guration solution based on GBA security capability exposed by 4G/5G cellular network is proposed for C-V2X devices in this paper.By taking USIM's inherent advantages in user identity,root key,GBA capability and hardware security environment,V2X devices at very beginning stage can mutually authenticate and establish secure connection with certifi cate authorization center through 4G/5G network,then apply for certifi cates online and implement security self-initialization.It helps to avoid security environment upgrade in production lines and reduce C-V2X technology introduction cost for enterprise greatly.Besides,it also has the characteristics of simple and effective,safe and reliable,good compatibility,high maturity and strong expansibility.