摘要
为了解决现有车载网络的认证方案中普遍存在密钥托管带来的缺陷,以及没有考虑计算受限电子控制单元(ECU)轻量级部署和安全快速认证的问题,首先,针对计算不受限的ECU网络,提出了一种无双线性配对的轻量级无证书匿名认证和密钥协商方案,该方案通过椭圆曲线密码体制安全构建认证密钥对,通过哈希函数和异或等轻量级方法实现匿名认证和密钥协商。然后,针对计算受限的ECU网络,提出了一种无证书批量验证方案来降低认证成本。最后,提出了一种基于有色Petri网(CPN)和Dolev-Yao攻击者模型的安全验证方法,对整体方案进行形式化安全性评估。安全评估和性能分析表明,所提方案能有效抵抗重放、伪装、篡改、已知密钥、已知特定会话临时信息攻击等多种不同类型的攻击,在保证多重安全属性的同时有较小的计算与通信成本。
To address the shortcomings of existing authentication schemes in vehicle networks,which commonly suffer from key escrow issues,as well as the lack of consideration for lightweight deployment and secure rapid authentication of compute-constrained electronic control unit(ECU),a lightweight certificateless anonymous authentication and key agreement scheme without bilinear pairings was proposed for compute-unconstrained ECU networks.The authentication key pair was securely constructed by elliptic curve cryptography,anonymous authentication and key agreement were realized by lightweight methods such as hash functions and XOR operation.Additionally,a certificateless batch verification scheme was proposed to reduce the authentication costs for compute-constrained ECU networks.Finally,a security verification method based on the colored Petri net(CPN)and Dolev-Yao attacker model was proposed to evaluate the formal security of the proposed scheme.The proposed scheme is proved through security evaluation and performance analysis to effectively resist various types of attacks such as replay,spoofing,tampering,known key,known specific session temporary information attack,etc.,with multiple security attributes,small computation and communication cost.
作者
郑路
冯涛
苏春华
ZHENG Lu;FENG Tao;SU Chunhua(School of Computer and Communication,Lanzhou University of Technology,Lanzhou 730050,China;Division of Computer Science,University of Aizu,Fukushima 965-8580,Japan)
出处
《通信学报》
EI
CSCD
北大核心
2024年第6期101-116,共16页
Journal on Communications
基金
国家自然科学基金资助项目(No.62162039,No.61762060)
甘肃省重点研发基金资助项目(No.23YFGA0060)
甘肃省优秀博士生基金资助项目(No.23JRRA837)。