面向无人机通信的认证和密钥协商协议  被引量：5

作　　者：蹇奇芮 陈泽茂 武晓康 JIAN Qi-rui;CHEN Ze-mao;WU Xiao-kang(Key Laboratory of Aerospace Information Security and Trusted Computing,Ministry of Education,Wuhan 430072,China;School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,China;School of Electrical Engineering,Naval University of Engineering,Wuhan 430033,China)

机构地区：[1]空天信息安全与可信计算教育部重点实验室,武汉430072 [2]武汉大学国家网络安全学院,武汉430072 [3]海军工程大学电气工程学院,武汉430033

出　　处：《计算机科学》2022年第8期306-313,共8页Computer Science

基　　金：国家自然科学基金面上项目(61872430);国家优秀青年科学基金(42122025);湖北省杰出青年科学基金(2019CFA086)。

摘　　要：针对无人机通信中密钥配置的安全性和轻量化需求,面向不同计算性能的无人机系统分别提出了基于椭圆曲线密码算法的认证和密钥协商协议DroneSec,以及基于对称密码算法的认证和密钥协商协议DroneSec-lite。所提协议实现了无人机和地面站之间的双向身份认证和通信密钥配置功能,其中DroneSec协议通过结合使用ECDH(Elliptic-Curve Diffie-Hellman)和消息认证码,在保证前向安全性的情况下减小了计算开销,适用于较高性能的计算平台;DroneSec-lite协议仅使用了对称密码算法,因而计算开销极低,适用于低性能平台。使用安全协议形式化验证工具ProVerif验证了协议在加强的Dolve-Yao威胁模型下进行双向认证和密钥配置的安全性,并通过仿真环境实验对协议的性能进行了对比测试和分析。结果显示,协议的计算、通信开销和安全性优于已有协议。In order to achieve the requirement for security and lightweight in unmanned aerial vehicle(UAV)communication,two authentication and key agreement protocols targeted for UAVs with different computational performance are proposed,including an ECC based protocol,DroneSec,and a symmetric cipher based protocol,DroneSec-lite.The two protocols achieve secure mutual authentication and key configuration between ground stations and UAVs.DroneSec protocol achieves relatively low computational overhead while ensuring forward secrecy through combining ECDH and MAC,which is suitable for relatively high-performance platforms.DroneSec-lite protocol achieves extremely low computational overhead through using only symmetric ciphers,which is suitable for low-performance platforms.The security of the proposed protocols under the enhanced Dolve-Yao model is verified using ProVerif,a formal protocol verification tool,and the performance of the protocols is analyzed in the simulation environment.The results show that it is superior to existing protocols in terms of computation overhead,communication overhead and security.

关 键 词：无人机 双向认证 密钥协商 通信安全 安全协议 形式化验证 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]