5G车联网中安全高效的组播服务认证与密钥协商方案

张应辉; 李国腾; 韩刚; 曹进; 郑东

doi:10.11999/JEIT231118

5G车联网中安全高效的组播服务认证与密钥协商方案

doi: 10.11999/JEIT231118

张应辉^1, ,,
李国腾¹,
韩刚¹,
曹进²,
郑东¹

1.
西安邮电大学网络空间安全学院西安 710121
2.
西安电子科技大学网络与信息安全学院西安 710071

基金项目: 国家自然科学基金(62072369, 62072371)，陕西高校青年创新团队基金，陕西省特支计划青年拔尖人才支持计划基金，陕西省重点研发计划 (2021ZDLGY06-02, 2020ZDLGY08-04)，陕西省技术创新引导计划 (2023-YD-CGZH-31)

详细信息

作者简介:
张应辉：男，教授，研究方向为公钥密码学、无线网络安全等

李国腾：男，硕士生，研究方向为无线网络安全和5G安全

韩刚：男，副教授，研究方向为区块链、数据安全共享、访问控制

曹进：男，教授，研究方向为应用密码学、天地一体化网络安全等

郑东：男，教授，研究方向为编码密码学和网络安全

通讯作者:
张应辉　yhzhaang@163.com

中图分类号: TN918
计量
- 文章访问数: 121
- HTML全文浏览量: 73
- PDF下载量: 24
- 被引次数: 0
出版历程
- 收稿日期: 2023-10-17
- 修回日期: 2023-12-22
- 网络出版日期: 2023-12-27

Secure and Efficient Authentication and Key Agreement Scheme for Multicast Services in 5G Vehicular to Everything

1.
School of Cyberspace Security, Xi’an University of Posts and Telecommunications, Xi’an 710121, China
2.
School of Cyber Engineering, Xidian University, Xi’an 710071, China

Funds: The National Natural Science Foundation of China (62072369, 62072371), The Youth Innovation Team of Shaanxi Universities Foundation, The Shaanxi Special Support Program Youth Top-notch Talent Program, The Key Research and Development Program of Shaanxi (2021ZDLGY06-02, 2020ZDLGY08-04), The Technology Innovation Leading Program of Shaanxi (2023-YD-CGZH-31)

摘要

摘要: 5G车联网(5G-V2X)中，内容提供者通过以点对多的传输方式向属于特定区域的一组车辆提供服务消息。针对于车辆获取组播服务遭受的安全威胁与隐私泄露问题，该文提出一种认证和密钥协商方案用于内容提供者与车辆之间的组播服务消息传输。首先，采用无证书聚合签名技术批量验证群组内所有车辆，提高了认证请求的效率。其次，基于多项式密钥管理技术实现安全的密钥协商，使得非法用户或核心网络无法获取共享会话密钥。最后，实现了群组内车辆的动态密钥更新机制，当车辆加入或离开群组时，内容提供者只需要发送1条密钥更新消息即可更新会话密钥。基于形式化验证工具和进一步安全性分析表明，所提方案可以保证匿名性、不可链接性、前向和后向安全性以及抗共谋攻击等安全需求。与现有方案相比，计算效率提高了约34.2%。
- 5G车联网 /
- 认证 /
- 密钥协商 /
- 动态群组 /
- 组播
Abstract: In 5G Vehicular to Everything (5G-V2X), service messages are provided to a group of vehicles belonging to a specific region by means of point-to-multipoint transmission. To address security threats and privacy leakage, an authentication and key negotiation scheme is proposed for multicast service message transmission between content providers and vehicles. A certificate-less aggregated signature technique is used to batch-verify all vehicles in the group, and improves the efficiency of authentication requests. Secure key negotiation is realized based on the polynomial key management technique, which makes it impossible for illegal users or the core network to obtain the shared session key. Finally, a dynamic key update mechanism for vehicles in the group is implemented, so that when a vehicle joins or leaves the group, the content provider only needs to send a key update message to update the session key. The proposed scheme can guarantee security requirements such as anonymity, unlinkability, forward and backward security, and resistance to conspiracy attacks, as shown by formal verification tools and further security analysis. The computational efficiency is improved by about 34.2% compared to existing schemes.
- 5G Vehicular to Everything (5G-V2X) /
- Authentication /
- Key agreement /
- Dynamic group /
- Multicast

HTML全文

图 1 组播服务模型

下载: 全尺寸图片幻灯片

图 2 组播接入认证及密钥分发阶段

下载: 全尺寸图片幻灯片

图 3 Scyther仿真结果

下载: 全尺寸图片幻灯片

图 4 总计算开销

下载: 全尺寸图片幻灯片

图 5 总传输开销

下载: 全尺寸图片幻灯片

1 聚合签名验证中无效消息查找算法

输入：群组接入请求消息$ {\text{ms}}{{\text{g}}_{{\text{RAN}}}} = \{ \{ {A_i},{T_i},{\text{PI}}{{\text{D}}_i}\} _{i = 1}^n,S\} $
输出：如果S中有无效请求，则输出无效请求；否则，返回true
(1) DetAlg(S):
(2) 　if SignatureVerify(S) then
(3) 　　return true;
(4) 　else if Num(S) == 1 then
(5) 　　return PID_i;
(6) 　else
(7) 　　set S_front = {S₁, S₂,···,S_[n/2]};
(8) 　　set S_rear = {S_[n/2]+1,S_[n/2]+2,···,S_n};
(9) 　　　DetAlg(S_front);
(10) 　　 DetAlg(S_rear);
(11) end if

下载: 导出CSV

表 1 安全和功能性比较

方案	双向认证	用户匿名	密钥更新	抗重放攻击	不可链接性	抗Dos攻击	可追溯性	PFS/PBS	抗共谋攻击
文献[11]	$ \surd $	$ \surd $	$ \surd $	$ \surd $	$ \surd $	$ \times $	$ \surd $	$ \surd $	$ \times $
文献[14]	$ \surd $	$ \surd $	$ \surd $	$ \surd $	$ \times $	$ \times $	$ \surd $	$ \surd $	$ \times $
文献[15]	$ \surd $	$ \surd $	$ \surd $	$ \surd $	$ \surd $	$ \surd $	$ \times $	$ \times $	$ \times $
本文方案	$ \surd $	$ \surd $	$ \surd $	$ \surd $	$ \surd $	$ \surd $	$ \surd $	$ \surd $	$ \surd $

下载: 导出CSV

表 2 计算开销

方案	n台车辆	网络实体或第三方
文献[11]	$ 3n{T_{{\text{mul}}}} + 9n{T_{\text{h}}} + n{T_{{\text{e/d}}}} $	$ (2n + 3){T_{{\text{mul}}}} + (13n + 4){T_{\text{h}}} + n{T_{{\text{e/d}}}} $
文献[14]	$ 6n{T_{{\text{mul}}}} + 5n{T_{\text{h}}} $	$ 3n{T_{{\text{mul}}}} + 7n{T_{\text{h}}} $
文献[15]	$ 3n{T_{{\text{mul}}}} + 5n{T_{\text{h}}} + 3n{T_{{\text{e/d}}}} $	$ 3n{T_{{\text{mul}}}} + 5n{T_{\text{h}}} + 3n{T_{{\text{e/d}}}} + {T_{{\text{mul}}}} $
本文方案	$ 3n{T_{{\text{mul}}}} + 3n{T_{\text{h}}} $	$ 3n{T_{{\text{mul}}}} + 3n{T_{\text{h}}} + {T_{{\text{mul}}}} $

下载: 导出CSV

表 3 传输开销

方案	V到SP	SP到V	总传输开销(Byte)
文献[11]	$ 112n + 132 $	$300n$	$ 412n + 132 $
文献[14]	$ 460n $	$360n$	$ 820n $
文献[15]	$ 476n + 64 $	$160$	$ 476n + 224 $
本文方案	$ 316n + 64 $	$396$	$ 316n + 460 $

下载: 导出CSV

表 4 重新生成密钥消息数量比较

方案	车辆加入	车辆离开	算法复杂度
文献[14]	$n$	$n$	$o(n)$
文献[15]	$2n$	$2n$	$o(n)$
本文方案	$1$	$1$	$o(1)$

下载: 导出CSV

参考文献(21)

[1]	GARCIA M H C, MOLINA-GALAN A, BOBAN M, et al. A tutorial on 5G NR V2X communications[J]. IEEE Communications Surveys & Tutorials, 2021, 23(3): 1972–2026. doi: 10.1109/COMST.2021.3057017
[2]	GYAWALI S, XU Shengjie, QIAN Yi, et al. Challenges and solutions for cellular based V2X communications[J]. IEEE Communications Surveys & Tutorials, 2021, 23(1): 222–255. doi: 10.1109/COMST.2020.3029723
[3]	CHEN Shanzhi, HU Jinling, SHI Yan, et al. Vehicle-to-everything (V2X) services supported by LTE-based systems and 5G[J]. IEEE Communications Standards Magazine, 2017, 1(2): 70–76. doi: 10.1109/MCOMSTD.2017.1700015
[4]	GANESAN K, LOHR J, MALLICK P B, et al. NR sidelink design overview for advanced V2X service[J]. IEEE Internet of Things Magazine, 2020, 3(1): 26–30. doi: 10.1109/IOTM.0001.1900071
[5]	SEHLA K, NGUYEN T M T, PUJOLLE G, et al. Resource allocation modes in C-V2X: From LTE-V2X to 5G-V2X[J]. IEEE Internet of Things Journal, 2022, 9(11): 8291–8314. doi: 10.1109/JIOT.2022.3159591
[6]	SHRIVASTAVA V K, BAEK S, and BAEK Y. 5G evolution for multicast and broadcast services in 3GPP release 17[J]. IEEE Communications Standards Magazine, 2022, 6(3): 70–76. doi: 10.1109/MCOMSTD.0001.2100068
[7]	ZHOU Wei, REN Changcheng, MA Chuan, et al. Multicast/broadcast service in integrated VANET-cellular heterogeneous wireless networks[C]. 2013 International Conference on Wireless Communications and Signal Processing, Hangzhou, China, 2013: 1–6.
[8]	XU Cheng, HUANG Xiaohong, MA Maode, et al. GAKAV: Group authentication and key agreement for LTE/LTE-A vehicular networks[C]. 2017 IEEE 19th International Conference on High Performance Computing and Communications; IEEE 15th International Conference on Smart City; IEEE 3rd International Conference on Data Science and Systems, Bangkok, Thailand, 2017: 412–418.
[9]	DUA A, KUMAR N, DAS A K, et al. Secure message communication protocol among vehicles in smart city[J]. IEEE Transactions on Vehicular Technology, 2018, 67(5): 4359–4373. doi: 10.1109/TVT.2017.2780183
[10]	ISLAM S K H, OBAIDAT M S, VIJAYAKUMAR P, et al. A robust and efficient password-based conditional privacy preserving authentication and group-key agreement protocol for VANETs[J]. Future Generation Computer Systems, 2018, 84: 216–227. doi: 10.1016/j.future.2017.07.002
[11]	ZHANG Jing, ZHONG Hong, CUI Jie, et al. SMAKA: Secure many-to-many authentication and key agreement scheme for vehicular networks[J]. IEEE Transactions on Information Forensics and Security, 2021, 16: 1810–1824. doi: 10.1109/TIFS.2020.3044855
[12]	XU Chang, LU Rongxing, WANG Huaxiong, et al. TJET: Ternary join-exit-tree based dynamic key management for vehicle platooning[J]. IEEE Access, 2017, 5: 26973–26989. doi: 10.1109/ACCESS.2017.2753778
[13]	CUI Jie, ZHANG Xiaoyu, ZHONG Hong, et al. Extensible conditional privacy protection authentication scheme for secure vehicular networks in a multi-cloud environment[J]. IEEE Transactions on Information Forensics and Security, 2020, 15: 1654–1667. doi: 10.1109/TIFS.2019.2946933
[14]	WEI Lu, CUI Jie, ZHONG Hong, et al. Proven secure tree-based authenticated key agreement for securing V2V and V2I communications in VANETs[J]. IEEE Transactions on Mobile Computing, 2022, 21(9): 3280–3297. doi: 10.1109/TMC.2021.3056712
[15]	MA Ruhui, CAO Jin, ZHANG Yinghui, et al. A group-based multicast service authentication and data transmission scheme for 5G-V2X[J]. IEEE Transactions on Intelligent Transportation Systems, 2022, 23(12): 23976–23992. doi: 10.1109/TITS.2022.3197767
[16]	3GPP. Security architecture and procedures for 5G system (Release16): TS33.501[S]. 2020.
[17]	3GPP. Security architecture and procedures for 5G system (Release 17): TS 33.501[Z]. 2022.
[18]	AKTAR S, BÄRTSCHI A, BADAWY A H A, et al. A divide-and-conquer approach to Dicke state preparation[J]. IEEE Transactions on Quantum Engineering, 2022, 3: 3101816. doi: 10.1109/TQE.2022.3174547
[19]	CREMERS C J F. The scyther tool: Verification, falsification, and analysis of security protocols: Tool paper[C]. 20th International Conference on Computer Aided Verification, Princeton, USA, 2008: 414–418.
[20]	CERVESATO I. The Dolev-Yao intruder is the most powerful attacker[C]. 16th Annual Symposium on Logic in Computer Science—LICS, Boston, USA, 2001, 1: 1–2.
[21]	DE CARO A and IOVINO V. jPBC: Java pairing based cryptography[C]. 2011 IEEE symposium on computers and communications (ISCC), Kerkyra, Greece, 2011: 850–855.