面向车联网多点协作联合传输的安全认证与密钥更新方法

未来基于车联网的车路协同和自动驾驶场景要求车-车/车-路等网络通信在保证数据安全的前提下,具备低时延、高可靠的特性,从而保证车辆的行驶安全以及车/人的信息安全。LTE-V2X作为车联网通信方案之一,LTE的多点协作联合传输（Coordinated Multiple Points-Joint Transmission,CoMP-JT）技术不仅可以减少车辆在高速行驶过程中进行基站（Evolved Node B,eNB）切换时的通信中断,还能通过多个基站的协同传输来辅助提高网络的数据传输性能。然而当前LTE标准中的安全密钥管理方案无法满足多点协作联合传输过程中的密钥管理场景。针对该问题,提出一种可用于LTE-V2X车联网通信中多点协作传输切换的安全密钥生成与更新算法。该算法由车辆生成基站切换请求并使用随机数、共享密钥、目标基站公钥对切换请求进行加密、广播;基于密码学特性,目标基站不仅可基于私钥从密文请求中计算出共享密钥,还可以计算得到后续的会话密钥;车辆则可以基于目标基站位置信息、生成请求时的随机数计算出会话密钥,从而实现在只需要1次密钥传输的前提下,达成车辆与基站之间的密钥共享和密钥更新,并从密码学角度针对该密钥生成与更新算法进行验证分析。研究结果表明：在LTE-V2X多点协作传输时的基站切换过程中,该算法能够确保车辆与基站进行后向/前向密钥分离的安全认证以及会话密钥建立;与传统方案相比,所提方法可减少26.4%的基站切换过程中引入的通信时延,基站信道负载均仅为传统方案的1/2,并且随基站小区范围内车辆数目增加,基站的信道负载也仅线性增加,提升了该算法在LTE-V2X车联网场景中的适用性。

Key Management Scheme to Secure Coordinated Multi-point Joint Transmission for Vehicular Networks

With the popularization of vehicle-to-everything (V2X)-based autonomous driving and cooperative vehicular infrastructure, the requirements of acceptable delays and potential attack surfaces introduced for vehicular network communications have become more stringent in order to satisfy the basic requirements of driving safety and privacy security. As the major vehicular communication solution, long-term evolution (LTE)-V2X continues to use the coordinated multi-point joint transmission (CoMP-JT) introduced in LTE to reduce the handover delay at the base station (evolved node B, eNB) and mitigate the low quality of throughout in a high-speed moving scenario by employing the joint transmission technique during the handover process. However, the current security key management scheme in the LTE standard does not satisfy the requirements of the key management scenario in the CoMP-JT process. Therefore, this paper proposes a novel handover key generation and update scheme that can be used for CoMP-JT handover in LTE-V2X communication. Before transmission handover, the serving eNB and target eNB should each have a public-private key pair based on their location information and also share a re-encryption key. Subsequently, the moving vehicle generates a handover request, which is encrypted with the public key of the target eNB, the shared key, and a random number. The handover request will be broadcasted to the serving and target eNBs. The target eNB can recover the shared key and calculate the subsequent session key from the received ciphertext with its private key. Synchronously, the vehicle calculates the subsequent session key based on the location information of the target eNB and the random number used to generate the handover request. With this proposed scheme, the separation of forward/backward key can be achieved without reduction of the diversity gain achieved from joint transmission handover. In other words, the session key is generated by the vehicle and transmitted to the eNBs involved securely. In this study, the scheme for key generation and update was verified and analyzed based on cryptography theory and the capability of establishing a secure communication session between the vehicle and eNB without disrupting the separation of backward/forward keys in the process of handover during LTE-V2X CoMP-JT was demonstrated. The performance evaluation shows that compared with traditional schemes, the proposed scheme can reduce the communication delay introduced by the transmission handover process by 26.4%, and also reduce channel loading between the vehicle and target eNB by almost 50%. Moreover, with the increase in the number of vehicles in the cell range, the channel loading of the base station increases linearly, which improves the applicability of the scheme in the LTE-V2X vehicular networking scenario.