• ISSN 0258-2724
  • CN 51-1277/U
  • EI Compendex
  • Scopus 收录
  • 全国中文核心期刊
  • 中国科技论文统计源期刊
  • 中国科学引文数据库来源期刊

基于自更新哈希链的安全高效车-地鉴权方案

张文芳,孙海锋,王宇,蔺伟,王小敏

downloadPDF
文章导航> 江南娱乐网页版入口官网下载安装学报> 2020> 55(6): 1171-1180, 1206.
张文芳, 孙海锋, 王宇, 蔺伟, 王小敏. 基于自更新哈希链的安全高效车-地鉴权方案[J]. 江南娱乐网页版入口官网下载安装学报, 2020, 55(6): 1171-1180, 1206. doi: 10.3969/j.issn.0258-2724.20190205
引用本文: 张文芳, 孙海锋, 王宇, 蔺伟, 王小敏. 基于自更新哈希链的安全高效车-地鉴权方案[J]. 江南娱乐网页版入口官网下载安装学报, 2020, 55(6): 1171-1180, 1206.doi:10.3969/j.issn.0258-2724.20190205
shu
ZHANG Wenfang, SUN Haifeng, WANG Yu, LIN Wei, WANG Xiaomin. Security and Efficiency Enhanced Authentication Scheme Based on Self-Updated Hash Chain for Train-Ground Communication[J]. Journal of Southwest Jiaotong University, 2020, 55(6): 1171-1180, 1206. doi: 10.3969/j.issn.0258-2724.20190205
Citation: ZHANG Wenfang, SUN Haifeng, WANG Yu, LIN Wei, WANG Xiaomin. Security and Efficiency Enhanced Authentication Scheme Based on Self-Updated Hash Chain for Train-Ground Communication[J].Journal of Southwest Jiaotong University, 2020, 55(6): 1171-1180, 1206.doi:10.3969/j.issn.0258-2724.20190205
shu

基于自更新哈希链的安全高效车-地鉴权方案

doi:10.3969/j.issn.0258-2724.20190205
基金项目:国家自然科学基金(61872302);四川省科技计划重点研发项目(2018GZ0195);四川省国际科技创新合作重点项目(2019YFH0097)
详细信息
    作者简介:

    张文芳(1978—),女,副教授,博士,研究方向为信息安全与密码学,E-mail:wfzhang@swjtu.edu.cn

  • 中图分类号:TN918

Security and Efficiency Enhanced Authentication Scheme Based on Self-Updated Hash Chain for Train-Ground Communication

      摘要
    • 摘要:针对下一代高速铁路无线通信系统LTE-R (long term evolution-railway)对安全性和实时性的特殊需求,基于哈希链技术,提出一种完全基于对称密码体制的的车-地通信鉴权方案. 用户归属服务器(home subscriber sever,HSS)利用身份授权主密钥为车载设备(on-board unit,OBU)生成动态可变的匿名身份(temporary identity,TID),以在接入认证请求信令中保护车载设备的隐私,同时能够抵挡去同步攻击. 在列车高速移动过程中,方案采用高效的哈希链代替认证向量完成列车和服务网络之间的双向认证,哈希链的本地更新可解决认证向量耗尽导致的全认证重启问题. 此外,通过引入身份证明票据实现基于基站协同的高效无缝切换认证. 安全性和性能分析表明:在同样条件下,所提出的全认证协议、重认证协议和切换认证协议与目前性能最优的LTE (long term evolution)标准协议相比,计算量分别下降41.67%、44.44%和45.45%,通信量分别下降62.11%、50.91%和84.91%,能够满足LTE-R接入网络的安全性和实时性要求.

      Abstract:Aiming at the special requirement of security and real-time performance in next generation high-speed railway wireless communication system, long term evolution-railway (LTE-R), a security and efficiency enhanced train-ground authentication scheme based on self-updated hash chain is proposed. In the scheme, the master key of home subscriber sever (HSS) is used for encrypting the anonymous variable temporary identity (TID) of the on-board unity (OBU) so as to protect the privacy of OBU and resist the desynchronization attack. In order to realize efficient mutual authentication between the train and the service network, hash chains are used to replace the authentication vectors, and the local updating of hash chains can avoid restarting the full-authentication protocol caused by exhaustion of authentication vectors. Moreover, by using the identity ticket issued by the mobility management entity (MME), seamless handover-authentication can be realized in coordination with base stations. Security and performance analysis shows that compared with the long term evolution (LTE) standard protocols under the same condition, the computation cost of the proposed full-authentication protocol, re-authentication protocol and handover-authentication protocol is reduced by 41.67%, 44.44%, and 45.45% respectively, and the traffic is reduced by 62.11%, 50.91%, and 84.91% respectively, which can meet the security and real-time requirements of LTE-R network.

      • HTML全文

    • 图 1LTE-R系统架构

      Figure 1.LTE-R network architecture

      下载: 全尺寸图片 幻灯片

      图 2全认证协议

      Figure 2.Full authentication protocol

      下载: 全尺寸图片 幻灯片

      图 3重认证协议

      Figure 3.Re-authentication protocol

      下载: 全尺寸图片 幻灯片

      图 4哈希链更新协议

      Figure 4.Hash chain updating protocol

      下载: 全尺寸图片 幻灯片

      图 5切换认证协议

      Figure 5.Roaming handoff authentication ptotocol

      下载: 全尺寸图片 幻灯片

      图 6全认证协议SPIN验证结果

      Figure 6.SPIN verification results of full authentication protocol

      下载: 全尺寸图片 幻灯片

      图 7其他协议的SPIN验证结果

      Figure 7.SPIN verification results of other protocols

      下载: 全尺寸图片 幻灯片

      图 8模拟列车运行效率对比

      Figure 8.Efficiency comparison of simulated train running

      下载: 全尺寸图片 幻灯片

      表 1符号及注释

      Table 1.Symbols and annotation

      符号 注释 符号 注释 符号 注释
      IDHSS 用户归属服务器网络号 K OBU和HSS共享密钥 Ek(•) 利用密钥k进行加密
      GUTI 临时移动用户识别码 KASME 接入安全管理实体密钥 f1(•) 消息摘要生成函数
      SNIDx 实体x提供的服务网络号 Tid 身份证明票据 f2(•) 密钥生成函数
      TID/ TIDnew 匿名身份/更新后的临时身份 tlife 票据生存期 异或运算
      MACx 实体x生成的消息认证码 t 时戳
      下载: 导出CSV

      表 2安全性对比

      Table 2.Security comparison

      方案 隐私
      保护      		 重定向
      攻击      		 DOS
      攻击      		 重放
      攻击      		 中间人
      攻击      		 去同步
      攻击      		 前向安
      全性
      EPS-AKA[1] × × × × ×
      文献[5] × ×
      文献[10] ×
      文献[14] × × × ×
      文献[20] × × ×
      本方案
       注: √ 代表具有该项安全属性, × 代表不具有该项安    全属性.
      下载: 导出CSV

      表 3计算开销和通信开销

      Table 3.Computation overhead and communication overhead

      方案 全认证 重认证 切换认证
      计算开销/ms 通信开销/bit 计算开销/ms 通信开销/bit 计算开销/ms 通信开销/bit
      EPS-AKA[1] (6n+ 6)TH 880 + 736n 9TH 880 9TH+ 2TE 880 + 736m
      文献[5] (6n+ 5)TH+ 4TM 5 760 + 256n
      文献[10] 14TH+ 5TE 1 424 14TH 880 14TH+ 2TE 1 536
      文献[14] 12nTH+ 4TP+ 4TE 1 072 + 736n 13TH+ 4TP 1 888
      文献[20] (18 + 5m)TH 2 064
      本文方案 (2n+ 9)TH+ 2TE 1 728 5TH 432 5TH+TE 688
      下载: 导出CSV
      • 参考文献 (21)
    • The 3rd Generation Partnership Project. 3GPP system architecture evolution (SAE); security architecture: 3GPP TS 33.401 V12.5.0[S]. Valbonne: 3GPP Organizational Partners, 2012.
      CAO J, MA M, LI H. A survey on security aspects for LTE & LTE-A networks[J]. IEEE Communications Surveys and Tutorials, 2014, 16(1): 283-302.doi:10.1109/SURV.2013.041513.00174
      ABDRABOU M A, ELBAYOUMY A D E, El-WANIS E A. LTE authentication protocol (EPS-AKA) weaknesses solution[C]//2015 IEEE Seventh International Conference on Intelligent Computing and Information Systems. Cairo: IEEE, 2015: 434-441.
      ABDELJEBBAR M, ELKOUCH R. Security analysis of LTE/SAE networks over E-UTRAN[C]//2016 International Conference on Information Technology for Organizations Development (IT4OD). Fez: IEEE, 2016: 1-5.
      ALEZABI K A, HASHIM F, HASHIM S J, et al. An efficient authentication and key agreement protocol for 4G (LTE) networks[C]//IEEE REGION 10 SYMPOSIUM. Kuala Lumpur: IEEE, 2014: 502-507.
      KIM S, CHOI J Y, JEONG J. On authentication signaling costs in hierarchical LTE networks[C]//IEEE 7th International Conference on Ubi-Media Computing and Workshops. Ulaanbaatar: IEEE, 2014: 11-16.
      LI Jinguo, WEN Mi, ZHANG Tao. Group-based authentication and key agreement with dynamic policy updating for MTC in LTE-A networks[J]. IEEE Internet of Things Journal, 2016, 3(3): 408-417.doi:10.1109/JIOT.2015.2495321
      HUAN C K. Security analysis and enhancements in LTE-advanced networks[D]. Seoul: Sungkyunkwan University, 2011.
      HAMANDI K, SARJI I, CHEHAB A, et al. Privacy enhanced and computationally efficient HSK-AKA LTE scheme[C]//IEEE 27th International Conference on Advanced Information Networking and Applications Workshops (WAINA). Barcelona: IEEE, 2013: 929-934.
      DEGEFA F B, LEE D, KIM J, et al. Performance and security enhanced authentication and key agreement protocol for SAE/LTE network[J]. Computer Networks, 2016, 94(15): 145-163.
      LI Xiehua, WANG Yongjun. Security enhanced authentication and key agreement protocol for LTE/SAE network[C]//2011 7th International Conference on Wireless Communications, Networking and Mobile Computing. Wuhan: IEEE, 2011: 1-4.
      DENG Yaping, FU Hong, XIE Xianzhong, et al. A novel 3GPP SAE authentication and key agreement protocol[C]//IEEE International Conference on Network Infrastructure & Digital Content. Beijing: IEEE, 2009: 557-561.
      FANG Jiexiang, JIANG Rui. An analysis and improvement of 3GPP SAE AKA protocol based on strand space model[C]//2010 International Conference on Network Infrastructure and Digital Content (IC-NIDC). Beijing: IEEE, 2010: 789-793.
      QIU Y, MA M, WANG X. A proxy signature-based handover authentication scheme for LTE wireless networks[J]. Journal of Network and Computer Applications, 2017, 83(4): 63-71.
      PRASAD M, MANOHARAN R. A robust secure DS-AKA with mutual authentication for LTE-A[J]. Applied Mathematical Sciences, 2015, 9(4): 2337-2349.
      姚洪磊,张彦,周泽岩. 基于PKI/CA技术的铁路身份认证体系[J]. 中南大学学报(自然科学版),2013,44(1): 356-361.

      YAO Honglei, ZHANG Yan, ZHOU Zeyan. Planning and constructing of PKI/CA certification system of railway industry[J]. Journal of Central South University (Science and Technology), 2013, 44(1): 356-361.
      GAO Tingting, SUN Bin. A high-speed railway mobile communication system based on LTE[C]//International Conference on Electronics & Information Engineering. Kyoto: IEEE, 2010: 414-417.
      HE Ruisi, AI Bo. High-speed railway communications:from GSM-R to LTE-R[J]. IEEE Vehicular Technology Magazine, 2016, 11(3): 49-58.doi:10.1109/MVT.2016.2564446
      LAMPORT L. Password authentication with insecure communication[J]. Communications of the ACM, 1981, 24(24): 770-772.
      白媛,王倩,贾其兰,等. 一种高效安全的EPS AKA协议[J]. 北京邮电大学学报,2015,38(1): 10-14.

      BAI Yuan, WANG Qian, JIA Qilan, et al. An efficient and secured AKA for EPS networks[J]. Journal of Beijing University of Posts and Telecommunications, 2015, 38(1): 10-14.
      CAO Jin, LI Hui, MA M, et al. A simple and robust handover authentication between HeNB and eNB in LTE networks[J]. Computer Networks, 2012, 56(8): 2119-2131.doi:10.1016/j.comnet.2012.02.012
      • 相关文章
    • 施引文献
    • 附加材料 (0)
    • 加载中
    WeChat 点击查看大图
    图(8)/ 表(3)
    计量
    • 文章访问数:676
    • HTML全文浏览量:319
    • PDF下载量:15
    • 被引次数:0
    出版历程
    • 收稿日期:2019-03-13
    • 修回日期:2019-08-31
    • 网络出版日期:2019-10-16
    • 刊出日期:2020-12-15

    目录

      /

        返回文章
        返回

          Copyright © 2009 江南娱乐网页版入口官网下载安装学报

          地址:四川省成都市郫都区犀安路999号江南娱乐网页版入口官网下载安装犀浦校区《江南娱乐网页版入口官网下载安装学报》编辑部

          电话:028-66367562传真:028-66366552Email:xbz@home.swjtu.edu.cn

          本系统由北京仁和汇智信息技术有限公司开发 技术支持:info@rhhz.net

          Baidu
          map