面向车联网的抗设备捕获认证密钥协商协议

Device capture resilient authentication and key agreement protocol for IoV

随着汽车保有量的持续增长和道路交通的饱和,车联网被视为有效提高交通效率,改善驾乘体验的有效技术之一.认证密钥协商协议是保证车载单元(onboard unit,OBU)与各种信息服务器安全交互的关键手段.通常,认证密钥协商协议所需的密钥被存储于OBU中.然而,由于车辆常处于无人值守状态,OBU失盗事件时有发生.因此,如何确保私钥的存储安全是一个具有挑战性的难题.为了解决上述问题,本文提出了基于不经意伪随机函数(oblivious pseudorandom functions,OPRF)和两方协同签名的抗捕获认证密钥协商协议.借助于两方协同签名,私钥被分成两个部分,一部分使用辅助设备的公钥加密,另一部分通过OBU和辅助设备运行OPRF协议才能恢复.由于OBU中没有存储任何秘密信息,即使OBU被盗取,攻击者仍然无法获取私钥.本文对提出的方案进行了全面的安全性分析和性能比较.结果表明所提出的方案可以抵抗各种已知的攻击,特别是设备被捕获导致的密钥泄露.此外,所提出的方案可以实现计算开销和通信开销的平衡.

With the steady growth of car ownership and the saturation of road traffic, the Internet of vehicle(IoV) is regarded as one of the most effective technologies to improve traffic efficiency and driving experience.Authentication and key agreement protocol(AKA) is a key means to ensure secure interaction between the onboard unit(OBU) and the various information servers. Typically, the private key of AKA protocol is stored in the OBU. However, OBU theft occurs as vehicles are often left unattended. Therefore, it is a challenge to ensure the secure storage of private keys. To address the above problem, a capture-resistant AKA protocol based on oblivious pseudorandom functions(OPRF) and collaborative signature is proposed in this paper. The private key is divided into two parts, one is encrypted using the public key of the auxiliary device and another can only be recovered by running the OPRF protocol between the OBU and the auxiliary device. Since no secret information is stored in the OBU, the adversary cannot obtain the private key even if the OBU is stolen. The comprehensive security analysis and performance comparison of the proposed scheme is provided in this paper.The result demonstrates that the proposed scheme is resistant to various known attacks, especially key leakage caused by device capture. In addition, the proposed scheme can strike a balance between computational and communication overhead.