基于混合密钥增强的LTE-R车地认证密钥协商方案  被引量：6

作　　者：陈永[1] 刘雯 詹芝贤 CHEN Yong;LIU Wen;ZHAN Zhixian(School of Electronic and Information Engineering,Lanzhou Jiaotong University,Lanzhou 730070,China)

机构地区：[1]兰州交通大学电子与信息工程学院,甘肃兰州730070

出　　处：《铁道学报》2023年第6期69-79,共11页Journal of the China Railway Society

基　　金：国家自然科学基金(61963023,61841303);兰州交通大学基础研究拔尖人才项目(2022JC36);兰州交通大学天佑创新团队(TY202003)。

摘　　要：针对LTE-R车地认证协议EPS-AKA中IMSI明文传输、密钥泄露和认证开销高等问题,提出一种基于混合密钥增强的LTE-R车地认证密钥协商方案。针对典型高速铁路认证场景,分别设计注册认证、全认证、重认证和切换认证四种协议,提出采用非对称公钥加密和私钥签名机制,解决了IMSI明文传输的问题;并混合引入椭圆曲线密钥算法对密钥动态更新,可有效防范中间人、重放等攻击。该方案不仅能减少全认证协议的频繁重启,而且还具有前后向安全。最后,采用BAN逻辑进行形式化验证,结果表明:本文方法在安全性、认证开销较其他方法更优,能够满足LTE-R车地认证安全性和实时性的要求。In response to the problems of IMSI plaintext information transmission,secret key leakage and high authentication overhead in EPS-AKA of the LTE-R train-to-ground authentication protocol,a hybrid key-enhanced LTE-R train to ground authentication key agreement scheme was proposed.For typical high-speed railway authentication scenarios,four protocols including the registration protocol,full authentication protocol,re-authentication protocol and handover authentication protocol were introduced respectively.Asymmetric public key encryption and private key signature mechanism were proposed to solve IMSI plaintext transmission problem.The elliptic curve secret key algorithm was combined to update the secret key dynamically,which can effectively prevent attacks such as man-in-the-middle and replay.This scheme can not only reduce the frequent restarts of the full authentication protocols,but also has forward and backward security.Finally,the formal verification was carried out using BAN logic,and the results show that the proposed method is superior to other comparison methods in terms of security and authentication overhead and can suffice the requirements of LTE-R train-to-ground authentication security and real-time.

关 键 词：LTE-R 车地认证密钥协商 IMSI保护 椭圆曲线加密 BAN逻辑 

分 类 号：U285.2[交通运输工程—交通信息工程及控制] U929.5[交通运输工程—道路与铁道工程]