无人机网络中数控分离的安全传输机制  

作　　者：马诗雨 张俊伟[1] 张兴隆 卢笛[1] 马建峰[1] Ma Shiyu;Zhang Junwei*;Zhang Xinglong;Lu Di;Ma Jianfeng(Xidian University,Xi’an 710071,China;National Key Laboratory of Science and Technology on Integrated Control Technology,AVIC Flight Automatic Control Research Institute,Xi’an 710065,China)

机构地区：[1]西安电子科技大学,陕西西安710071 [2]航空工业自控所飞行器控制一体化技术国防科技重点实验室,陕西西安710065

出　　处：《航空科学技术》2023年第9期110-120,共11页Aeronautical Science & Technology

基　　金：航空科学基金(20185881014);陕西省自然科学基础研究计划项目(2023-JC-JQ-49,2022JZ-33);中央高校基本科研业务费专项资金资助(YJSJ23007)。

摘　　要：数据和飞控指令的安全性是无人机网络安全性的一个重要方面。针对现有的无人机网络安全机制中的不足,本文提出了一种数控分离的安全传输机制。针对无人机向地面站发送的数据采用基于高级加密标准的计数器和密文分组链接消息认证码(AES-CCM)认证加密机制的数据安全传输协议,保证数据的机密性和完整性,针对地面站向无人机发送的飞控指令设计了基于一次签名的飞控广播认证协议,保证飞控指令的完整性。通过安全性分析,证明所提出的方案能够保护数据的机密性和完整性,以及飞控指令的完整性。最后,通过仿真试验分析了所提出方案的性能,结果表明,所提出的数据安全传输协议发送100B和1KB的消息时,平均每个消息的认证加密时间和解密验证时间均不超过1ms;所提出的飞控广播认证协议在使用不同的哈希函数时,对1MB的飞控指令生成签名和验证签名的时间为1~2.7ms,在实际应用中具有高效性。The security of data and flight control instruction is an important aspect of Unmanned Aerial Vehicle(UAV)network security.In view of the shortcomings of the existing UAV network security mechanisms,this paper proposes a data-control-separated secure transmission mechanism.For the data sent from a UAV to the ground station,this paper adopts a secure data transmission mechanism based on authenticated encryption of Advanced Encryption Standard-Counter with Cipher-Block Chaining Message Authentication Code(AES-CCM)to ensure the confidentiality and integrity of the data.For the flight control instructions sent from ground stations to UAVs,this paper designs a flight control broadcast authentication protocol based on one-time signature to ensure the integrity of flight control instructions.With the security analysis,this paper proves that the proposed scheme can provide confidentiality and integrity for the data,as well as the integrity for the flight control instructions.Finally,this paper analyzes the performance through simulation experiments.The results show that for the secure data transmission protocol,both the average authenticated encryption time and the average verification and decryption time are less than 1 millisecond when sending 100-byte and 1-kilobyte messages.For the flight control broadcast authentication protocol,both the time to generate a signature and the time to verify a signature of a 1MB flight control instruction are between 1 and 2.7 milliseconds,which is efficient in practical applications.

关 键 词：无人机网络 认证加密 广播认证 一次签名 网络安全 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]