无人机网络中基于无证书的群组认证密钥协商协议  

作　　者：王钺程 朱友文 张志强 WANG Yuecheng;ZHU Youwen;ZHANG Zhiqiang(College of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 210016)

机构地区：[1]南京航空航天大学计算机科学与技术学院,江苏南京210016

出　　处：《工程科学与技术》2025年第1期213-224,共12页Advanced Engineering Sciences

基　　金：江苏省重点研发计划(产业前瞻与关键核心技术)项目(BE2022068);国家自然科学基金项目(62172216);江苏省自然科学基金项目(BK20211180)。

摘　　要：随着无人机技术在物流行业等场景下的应用越来越广泛,在一些需要多无人机协同工作的场景下无人机之间需要对收集的数据进行交换,使用对称密钥进行加密和解密操作时,由于网络的通信环境是开放的,极易遭到第三方的窃听,通信前无人机协商的会话密钥也容易遭到泄露。因此,本文面向无人机网络通信中的身份认证及数据隐私需求,提出一种基于无证书密钥体系的群组认证密钥协商协议。本文协议将无人机群组分为一个高算力的中心节点和多个低算力的节点,以降低通信开销及计算开销。协议共分为注册、协商、加入/退出3个阶段。注册阶段会为每个节点生成密钥对;协商阶段进行会话密钥的计算,群组中高算力中心节点是中枢节点,承担大部分的计算与通信任务,所有节点在注册阶段计算好密钥对后,只需进行高算力的中心节点与低算力节点的两轮交互即可完成密钥协商;此外,在有无人机退出或加入群组的情况下,该协议支持无人机单元及群组密钥的动态变更。本文对所提协议进行了安全性分析并在eCK模型下进行了安全证明,分析结果表明,该协议满足不可否认性、前后向保密性以及抗公钥替换攻击。在模拟实验中与同类型协议进行了计算开销和通信开销的对比,实验结果表明,该协议具有较低的计算开销和通信开销。由于该协议不基于双线性配对构造,所以更适合轻量化的无人机通信场景。ObjectiveUAV technology is increasingly applied in the logistics industry,the military field,and other scenarios.Due to the nature of certain tasks,the collected data must be exchanged between UAVs in scenarios requiring multiple UAVs to work together.However,the network communication environment is open and insecure,necessitating the use of a symmetric key to encrypt and decrypt data during the data exchange process.Ensuring that the UAV group negotiates the session key safely and efficiently becomes a key issue in the process.This study presents a group authentication key negotiation protocol based on a certificateless key system to meet the requirements of identity authentication and data privacy in UAV network communication.Diffie and Hellman proposed a key exchange algorithm that requires only one round of message exchange between the two sides of the session to calculate the same session key.Even if a malicious attacker eavesdrops on the data during the exchange,the attacker cannot compute the complete session key.However,this key exchange algorithm does not address the issue of a man-in-themiddle attack.If a malicious third party forges the identities of both session parties,it can determine two session keys with both parties,allowing it to arbitrarily steal and tamper with subsequently transmitted data.Due to the small size of UAVs,the computational and communication overheads they can bear must remain low,and the key agreement scheme must meet the requirements of lightweight scenarios.If directly applied to multi-party interaction scenarios,traditional two-party key negotiation protocols require numerous interaction rounds,resulting in significant computational and communication overhead.Therefore,group key agreement protocols for UAV networks must provide a lighter computing process and stronger security guarantees.Methods This protocol adopts a certificateless key system.As a third-party trusted server,the Key Generation Center(KGC)primarily facilitates identity registration before drone networking.Eac

关 键 词：无人机 无证书公钥体系 身份认证 群密钥协商 椭圆曲线加密 

分 类 号：TN918[电子电信—通信与信息系统] TP393[电子电信—信息与通信工程]