| 基于自更新哈希链的安全高效车-地鉴权方案 |
| |
| 引用本文: | 张文芳,孙海锋,王宇,蔺伟,王小敏.基于自更新哈希链的安全高效车-地鉴权方案[J].西南交通大学学报,2020,55(6):1171-1180, 1206. |
| |
| 作者姓名: | 张文芳 孙海锋 王宇 蔺伟 王小敏 |
| |
| 基金项目: | 国家自然科学基金(61872302);四川省科技计划重点研发项目(2018GZ0195);四川省国际科技创新合作重点项目(2019YFH0097) |
| |
| 摘 要: | 针对下一代高速铁路无线通信系统LTE-R (long term evolution-railway)对安全性和实时性的特殊需求,基于哈希链技术,提出一种完全基于对称密码体制的的车-地通信鉴权方案. 用户归属服务器(home subscriber sever,HSS)利用身份授权主密钥为车载设备(on-board unit,OBU)生成动态可变的匿名身份(temporary identity,TID),以在接入认证请求信令中保护车载设备的隐私,同时能够抵挡去同步攻击. 在列车高速移动过程中,方案采用高效的哈希链代替认证向量完成列车和服务网络之间的双向认证,哈希链的本地更新可解决认证向量耗尽导致的全认证重启问题. 此外,通过引入身份证明票据实现基于基站协同的高效无缝切换认证. 安全性和性能分析表明:在同样条件下,所提出的全认证协议、重认证协议和切换认证协议与目前性能最优的LTE (long term evolution)标准协议相比,计算量分别下降41.67%、44.44%和45.45%,通信量分别下降62.11%、50.91%和84.91%,能够满足LTE-R接入网络的安全性和实时性要求.
|
| 关 键 词: | LTE-R 车-地通信鉴权 自更新哈希链 隐私保护 |
| 收稿时间: | 2019-03-13 |
Security and Efficiency Enhanced Authentication Scheme Based on Self-Updated Hash Chain for Train-Ground Communication |
| |
| ZHANG Wenfang,SUN Haifeng,WANG Yu,LIN Wei,WANG Xiaomin.Security and Efficiency Enhanced Authentication Scheme Based on Self-Updated Hash Chain for Train-Ground Communication[J].Journal of Southwest Jiaotong University,2020,55(6):1171-1180, 1206. |
| |
| Authors: | ZHANG Wenfang SUN Haifeng WANG Yu LIN Wei WANG Xiaomin |
| |
| Abstract: | Aiming at the special requirement of security and real-time performance in next generation high-speed railway wireless communication system, long term evolution-railway (LTE-R), a security and efficiency enhanced train-ground authentication scheme based on self-updated hash chain is proposed. In the scheme, the master key of home subscriber sever (HSS) is used for encrypting the anonymous variable temporary identity (TID) of the on-board unity (OBU) so as to protect the privacy of OBU and resist the desynchronization attack. In order to realize efficient mutual authentication between the train and the service network, hash chains are used to replace the authentication vectors, and the local updating of hash chains can avoid restarting the full-authentication protocol caused by exhaustion of authentication vectors. Moreover, by using the identity ticket issued by the mobility management entity (MME), seamless handover-authentication can be realized in coordination with base stations. Security and performance analysis shows that compared with the long term evolution (LTE) standard protocols under the same condition, the computation cost of the proposed full-authentication protocol, re-authentication protocol and handover-authentication protocol is reduced by 41.67%, 44.44%, and 45.45% respectively, and the traffic is reduced by 62.11%, 50.91%, and 84.91% respectively, which can meet the security and real-time requirements of LTE-R network. |
| |
| Keywords: | |
|
| 点击此处可从《西南交通大学学报》浏览原始摘要信息 |
| 点击此处可从《西南交通大学学报》下载免费的PDF全文 |
|
