基于匿名代理签名的LTE-R车-地无线通信安全认证方案  被引量：5

作　　者：王宇 张文芳[1] 王小敏[1,2] 蔺伟 高尚勇 吴文丰 WANG Yu;ZHANG Wenfang;WANG Xiaomin;LIN Wei;GAO Shangyong;WU Wenfeng(School of Information Science and Technology,Southwest Jiaotong University,Chengdu 610031,China;The Center of National Railway Intelligent Transportation System Engineering and Technology,China Academy of Railway Science Corparation Limited,Beijing 100081,China)

机构地区：[1]西南交通大学信息科学与技术学院,四川成都610031 [2]国家铁路智能运输系统工程技术研究中心,中国铁道科学研究院集团有限公司,北京100081

出　　处：《铁道学报》2020年第3期76-84,共9页Journal of the China Railway Society

基　　金：国家自然科学基金(61872302);四川省科技计划项目(2018GZ0195,2019YFH0097,2019YFG0502);国家铁路智能运输系统工程技术研究中心开放课题(RITS2018KF02)。

摘　　要：针对铁路下一代移动通信系统LTE-R的车地无线通信实体认证安全漏洞及认证效率问题,提出了基于匿名代理签名的车-地无线通信安全认证方案。该方案针对3种认证场景分别设计了注册认证协议、初始认证协议和重认证协议,通过引入匿名代理签名机制,实现了IMSI的机密性保护和MME的预认证功能,可抵抗中间人攻击、重放攻击和拒绝服务攻击。此外,本方案实现了认证信息的本地生成,有效提高了高速移动环境下频繁重认证的计算和通信效率,避免了认证向量耗尽而重启初始认证协议的问题。性能分析表明,本方案能够满足LTE-R系统车地认证对安全性和实时性的实际需求。In the view of the security loopholes and authentication efficiency of train-ground wireless communication entity authentication in the next generation railway mobile communication system LTE-R,a security authentication scheme for vehicle-ground wireless communication based on anonymous proxy signature algorithm was proposed in this paper.This proposal introduced registration authentication,initialization authentication and re-authentication for a series of scenarios.This scheme can provide IMSI protection,mobile management entity pre-authentication,undeniable feature,and DoS resistant ability with the benefit of anonymous proxy signature.Along with that,the authentication information was generated locally to reduce the computational and communicational cost of re-authentication.The results of the analysis on the security and performance show that this scheme ensures the security of railway communications and the timeliness of authentication during the rapid movement process of trains.

关 键 词：LTE-R EPS-AKA 认证 匿名代理签名 IMSI保护 

分 类 号：U285.21[交通运输工程—交通信息工程及控制] TN929[交通运输工程—道路与铁道工程]