Cryptanalysis and Design of Anonymous Authentication Protocol for Value-Added Services in Internet of Vehicles
-
摘要: 车联网是智慧城市的重要组成部分,它能够提供道路安全、交通管理、自动驾驶和互联网内容分发服务.其中,内容分发服务是针对车辆或其驾乘人员的互联网增值服务,它面临着比传统互联网服务更严苛的安全挑战.面向车联网增值服务的密钥协商协议能够为其安全通信初始化会话密钥,但已有的多服务器协议大多存在匿名性和前向安全性脆弱的缺点.最近,Vasudev等人使用Hash函数设计了一种面向车联网增值服务的轻量级认证协议.密码分析显示该协议除了匿名性和前向安全性脆弱之外还存在因智能卡丢失导致系统主密钥泄露的致命缺陷.为了弥补这些不足,使用椭圆曲线密码和Hash函数设计了一种适用于车联网增值服务的认证密钥协商协议.安全分析显示,该提案能够满足随机预言模型下的认证密钥协商安全性,具有强匿名性和前向安全性,并且能够抵抗已知的互联网攻击.性能分析显示,所提协议安全性能优于同类协议、用户侧的通信开销至少降低了34%.Abstract: The Internet of vehicles (IoV) is an important part of a smart city. It can provide road safety, traffic management, autonomous driving, and Internet content distribution services. Among them, the content distribution service is an Internet value-added service for vehicles or their occupants. It faces more stringent security challenges than traditional Internet services. The key agreement protocol for the Internet of vehicles value-added service can initialize the session key for its secure communication, but most of the existing multi-server protocols have the shortcomings of anonymity and forward security. Recently, Vasudev et al. proposed a lightweight authentication protocol for value-added services in IoV using Hash functions. Cryptanalysis shows that in addition to the vulnerability of anonymity and forward security, the protocol also has fatal flaws such as the loss of the master key of the system due to the loss of the smart card. In order to overcome these flaws, elliptic curve cryptography (ECC) and Hash function are used to design an authenticated key agreement protocol suitable for the value-added services in IoV. Security analysis shows that the proposal can satisfy the authenticated key agreement security in the random oracle model, has strong anonymity and forward security, and can resist known Internet attacks. Performance analysis shows that the security of the proposed protocol is better than similar protocols, and the communication overhead on the user side is reduced by at least 34%.
-
Keywords:
- Internet of vehicles (IoV) /
- authentication /
- key agreement /
- content distribution /
- ECC
-
-
期刊类型引用(9)
1. 邢琦. 基于ECC算法的安全芯片增强双向匿名认证方法. 电子设计工程. 2024(02): 176-180+186 . 百度学术
2. 吴忠强,李孟亭. 基于CBAMTL-MobileNet V3的车载网络入侵检测. 计量学报. 2024(09): 1407-1415 . 百度学术
3. 王凯,董建阔,肖甫,吉欣仪,胡昕. 面向物联网的认证密钥协商协议研究综述. 网络空间安全科学学报. 2024(05): 2-16 . 百度学术
4. 姚海龙. 一种物联网轻量级匿名认证协议的仿冒攻击. 甘肃高师学报. 2023(02): 12-15 . 百度学术
5. 况博裕,李雨泽,顾芳铭,苏铓,付安民. 车联网安全研究综述:威胁、对策与未来展望. 计算机研究与发展. 2023(10): 2304-2321 . 本站查看
6. 蒋玉长,徐洋,李克资,秦庆凯,张思聪. 基于深度学习的轻量级车载网络入侵检测方法. 计算机工程与应用. 2023(22): 284-292 . 百度学术
7. 谢绒娜,谭莉,武佳卉,史国振,李楚涵,邓烨. 面向天地一体化网络的认证与密钥协商协议. 密码学报. 2023(05): 1035-1051 . 百度学术
8. 王理冬. 基于生成对抗网络的车载网络入侵检测系统. 安徽电子信息职业技术学院学报. 2023(04): 24-28 . 百度学术
9. 杨文山,陈骁. 基于V2X的车联网安全互信体系架构分析. 信息安全与通信保密. 2022(07): 133-139 . 百度学术
其他类型引用(3)
计量
- 文章访问数: 313
- HTML全文浏览量: 8
- PDF下载量: 210
- 被引次数: 12