基于SGX的车联网身份认证方案研究

Research on Identity Authentication Scheme Based on SGX in Internet of Vehicles

车联网需要实时采集和处理交通数据,缓解交通拥堵,并保护用户的隐私数据,防止被攻击者窃取和操纵。然而,目前大部分认证协议不能很好地抵抗来自内部的特权用户攻击,且没有高效地利用路边基站单元(RSU)。针对上述问题,该文设计了基于SGX的车联网身份认证协议。该协议将身份认证过程中主要的计算工作从TA卸载到RSU内完成,使RSU不再只有简单的转发功能,实现了分布式计算。通过SGX远程认证提供的安全通道将主密钥从TA传输到RSU。并将身份认证过程中主密钥的使用过程转移到SGX的安全区内,利用可信硬件来存储主密钥,同时用主密钥对TA中的车辆关系认证表进行加密。在满足抵抗内部特权用户攻击的同时实现了计算工作的卸载。实验结果表明,该协议的计算时间减少了23.16%,同时大大降低了TA的计算负载,在没有增加网络节点的情况下实现了去中心化的身份认证,具备较好的安全性和实时性。

IoV needs to collect and process traffic data in real time,alleviate traffic congestion,and protect users’private data from being stolen and manipulated by attackers.However,most of the existing authentication protocols cannot resist the privileged user attack from inside,and do not make efficient use of roadside Base Station Unit(RSU).In view of the above problems,we design an identity authentication protocol based on SGX for IoV.The protocol offloads the main computing work in the process of identity authentication from TA to RSU,so that RSU no longer only has a simple forwarding function and realizes distributed computing.The master key is transferred from TA to RSU through the secure channel provided by SGX Remote attestation.The use of the master key in the process of identity authentication is transferred to the secure area of SGX,and the master key is stored by the trusted hardware.At the same time,the master key is used to encrypt the vehicle relationship authentication table in TA.The offloading of computing work is achieved while satisfying the resistance to internal privileged user attacks.The experimental results show that the computing time of the proposed protocol is reduced by 23.16%,and the computational load of TA is greatly reduced.It realizes decentralized identity authentication without increasing network nodes,and has good security and real-time performance.