基于物理不可克隆函数的车云轻量级匿名认证协议  

作　　者：柳亚男 曹磊 张正[1] 李戈 邱硕 王苏豪 LIU Yanan;CAO Lei;ZHANG Zheng;LI Ge;QIU Shuo;WANG Suhao(School of Network Security,Jinling Institute of Technology,Nanjing 211169,China;School of Command and Control Engineering,Army Engineering University of PLA,Nanjing 210007,China)

机构地区：[1]金陵科技学院网络安全学院,江苏南京211169 [2]中国人民解放军陆军工程大学指挥控制工程学院,江苏南京210007

出　　处：《电信科学》2025年第3期96-107,共12页Telecommunications Science

基　　金：国家自然科学基金青年项目(No.42101428);江苏省“青蓝工程”项目;江苏省研究生科研与实践创新计划项目。

摘　　要：针对低空经济中车辆与云端应用服务器的通信场景,提出基于PUF-ECC-Kerberos的轻量级车云匿名认证协议PEKE。该协议利用物理不可克隆函数(physical unclonable function,PUF)改进传统Kerberos的认证模式,结合椭圆曲线密码学(elliptic curve cryptography,ECC)算法获得车辆假名,实现车辆与云服务器之间的双向匿名认证和密钥交换。结合Scyther形式化分析工具验证,该协议不仅能够有效抵御密钥泄露、伪装攻击、中间人攻击以及反射攻击等多种安全威胁,同时还能在低空经济环境中实现车辆通信的匿名性,提供可靠的安全保障。通过与其他协议进行性能分析比较,进一步证明了PEKE协议在计算和通信消耗方面具有显著优势,并能有效降低通信时延,从而提高系统的整体效率。In the context of vehicle-to-cloud application server communication within the low-altitude economy,a novel vehicle-to-cloud anonymous authentication protocol named PEKE was proposed,which was based on PUFECC-Kerberos.The protocol was enhanced by incorporating physical unclonable function(PUF)and integrating the elliptic curve cryptography(ECC)public-key encryption algorithm to obtain vehicle pseudonyms.This enabled mu tual anonymous authentication and key exchange between vehicles and cloud servers to be achieved.Through formal analysis using the Scyther tool,it was demonstrated that the PEKE protocol not only effectively resisted various secu rity threats such as key leakage,masquerade attacks,man-in-the-middle attacks,and reflection attacks,but also en sured the anonymity of vehicle communications in the low-altitude economy,providing robust security guarantees.Furthermore,performance analysis comparisons with other protocols reveal that the PEKE protocol exhibited signifi cant advantages in terms of computational and communication overhead,effectively reducing communication latency and thereby enhancing the overall system efficiency.

关 键 词：物理不可克隆函数 KERBEROS 椭圆曲线密码学算法 匿名认证 车联网 低空经济 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]