| 引用本文: |
-
陈永,刘雯,詹芝贤.下一代高速铁路异构网络切换安全认证[J].信息安全学报,2022,7(5):79-90 [点击复制]
- CHEN Yong,LIU Wen,ZHAN Zhixian.Safety Certification for Next Generation High-speed Railway Heterogeneous Network Handover[J].Journal of Cyber Security,2022,7(5):79-90 [点击复制]
|
|
| 摘要: |
| 近年来,随着高速铁路无线通信技术的快速发展,GSM-R无线通信系统将逐步向LTE-R系统演进。在此演进过程中存在GSM-R和LTE-R长期共存的局面,如何实现高速铁路无线通信异构网络之间的快速切换和安全认证成为铁路无线通信研究的热点问题。针对高速铁路无线通信异构网络切换认证过程中,存在安全性低和认证开销高等问题,提出了一种适用于下一代高速铁路异构网络的轻量级切换安全认证方案。首先,采用哈希函数等操作生成切换请求Token和异构网络切换认证码PASS,实现了用户身份匿名性和可追溯性等安全要求,并且高速列车无需多次注册就可实现异构网络间的无缝切换。其次,设计了基于椭圆曲线密钥交换的轻量级切换算法,完成了高速列车与目标基站的相互认证和密钥协商,降低了计算开销和通信开销,实现了会话协商密钥的前后向安全性。最后,采用形式化方式BAN逻辑进行了安全性验证,并使用朔黄铁路LTE-R线路实测数据进一步对本文所提方案的有效性进行了验证,分析得出所提方案能够满足可追溯性、匿名性、抗伪装用户攻击、抗中间人攻击和抗重放攻击等安全特性。性能分析表明,本文方案在通信开销和计算开销方面较比较方法性能更优,能够满足下一代高速铁路异构通信网络的高效、安全无缝切换的需求。 |
| 关键词: 异构网络 切换认证 哈希函数 椭圆曲线密钥交换算法 BAN逻辑 高速铁路 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2022.09.07 |
| 投稿时间:2021-09-14修订日期:2021-11-12 |
| 基金项目:本课题得到国家自然科学基金(No.61963023,No.61841303)、兰州交通大学天佑创新团队(No.TY202003)资助。 |
|
| Safety Certification for Next Generation High-speed Railway Heterogeneous Network Handover |
|
CHEN Yong, LIU Wen, ZHAN Zhixian
|
| (School of Electronic and Information Engineering, Lanzhou Jiaotong University, Lanzhou 730070, China) |
| Abstract: |
| In recent years, with the rapid development of high-speed railway wireless communication technology, GSM-R wireless communication system will gradually evolve to LTE-R wireless communication system. There is a situation of GSM-R and LTE-R will coexist for a long time during the evolution of the GSM-R communication system to LTE-R system. How to realize fast handover and security authentication between heterogeneous high-speed railway wireless communication networks has become one of the research hotspots in the field of railway wireless communication research. Aiming at the problems of low security and high authentication overhead during the handover authentication process of high-speed railway wireless communication heterogeneous networks, a lightweight handover safety authentication scheme suitable for the next generation of high-speed railway heterogeneous networks is proposed. Firstly, the hash function and other operations are used to generate the handover request Token and the heterogeneous network handover authentication code PASS, which realized the security requirements of user identity anonymity and traceability, and high-speed trains can achieve seamless switching between heterogeneous networks without multiple registration. Secondly, a lightweight handover algorithm based on elliptic curve key exchange is designed, which completed the mutual authentication and key negotiation between the high-speed train and the target base station, reduced the calculation and communication costs, and realized the forward and backward security of the session negotiation key. Finally, the formal BAN logic was used to verify the security, and the measured data of the Shuohuang Railway LTE-R line was used to further verify and analyze the effectiveness of the proposed scheme. It is concluded that the proposed scheme can satisfy traceability, anonymity, anti-disguised user attacks, anti-man-in-the-middle attacks and anti-replay attacks in the process of railway wireless communication. Performance analysis shows that the proposed scheme has better performance than existing similar comparison methods in terms of communication overhead and computing overhead, and can meet the requirements of efficient, safe and seamless handover for the next generation of high-speed railway heterogeneous communication networks. |
| Key words: heterogeneous network handover authentication hash function elliptic curve key exchange algorithm BAN logic high-speed railway |
