基于CPN的车载网络无证书匿名认证和密钥协商方案研究  被引量：1

作　　者：郑路 冯涛[1] 苏春华 ZHENG Lu;FENG Tao;SU Chunhua(School of Computer and Communication,Lanzhou University of Technology,Lanzhou 730050,China;Division of Computer Science,University of Aizu,Fukushima 965-8580,Japan)

机构地区：[1]兰州理工大学计算机与通信学院,甘肃兰州730050 [2]日本会津大学计算机科学系,福岛会津若松965-8580

出　　处：《通信学报》2024年第6期101-116,共16页Journal on Communications

基　　金：国家自然科学基金资助项目(No.62162039,No.61762060);甘肃省重点研发基金资助项目(No.23YFGA0060);甘肃省优秀博士生基金资助项目(No.23JRRA837)。

摘　　要：为了解决现有车载网络的认证方案中普遍存在密钥托管带来的缺陷,以及没有考虑计算受限电子控制单元(ECU)轻量级部署和安全快速认证的问题,首先,针对计算不受限的ECU网络,提出了一种无双线性配对的轻量级无证书匿名认证和密钥协商方案,该方案通过椭圆曲线密码体制安全构建认证密钥对,通过哈希函数和异或等轻量级方法实现匿名认证和密钥协商。然后,针对计算受限的ECU网络,提出了一种无证书批量验证方案来降低认证成本。最后,提出了一种基于有色Petri网(CPN)和Dolev-Yao攻击者模型的安全验证方法,对整体方案进行形式化安全性评估。安全评估和性能分析表明,所提方案能有效抵抗重放、伪装、篡改、已知密钥、已知特定会话临时信息攻击等多种不同类型的攻击,在保证多重安全属性的同时有较小的计算与通信成本。To address the shortcomings of existing authentication schemes in vehicle networks,which commonly suffer from key escrow issues,as well as the lack of consideration for lightweight deployment and secure rapid authentication of compute-constrained electronic control unit(ECU),a lightweight certificateless anonymous authentication and key agreement scheme without bilinear pairings was proposed for compute-unconstrained ECU networks.The authentication key pair was securely constructed by elliptic curve cryptography,anonymous authentication and key agreement were realized by lightweight methods such as hash functions and XOR operation.Additionally,a certificateless batch verification scheme was proposed to reduce the authentication costs for compute-constrained ECU networks.Finally,a security verification method based on the colored Petri net(CPN)and Dolev-Yao attacker model was proposed to evaluate the formal security of the proposed scheme.The proposed scheme is proved through security evaluation and performance analysis to effectively resist various types of attacks such as replay,spoofing,tampering,known key,known specific session temporary information attack,etc.,with multiple security attributes,small computation and communication cost.

关 键 词：车载网络 安全协议 认证与密钥协商 有色PETRI网 形式化验证 

分 类 号：TN393.06[电子电信—物理电子学]