一种基于区块链和secGear框架的车联网认证协议

doi:10.3969/j.issn.1671-1122.2022.01.004

摘要/Abstract

摘要：

车联网中,身份认证是安全的前提与核心技术,其不仅能够对发送数据的车辆进行合法性验证,还可以协商出临时会话密钥,从而保护关键数据的机密性。文章将区块链应用于认证协议中,设计了一种基于区块链和secGear统一机密计算框架的车联网认证协议,在满足抗抵赖要求的同时实现了跨区域认证,并采用secGear框架实现了认证表的机密计算,进一步保护了认证表的安全。文章利用AVISPA仿真工具和非形式化安全分析证明了协议的安全性,并通过NS3仿真实验与其他方案进行对比分析,证明了该协议具有更好的安全性和适用性。

关键词: 网络安全, 车联网, 区块链, 认证协议, 机密计算

Abstract:

In the Internet of vehicles, identity authentication is the prerequisite and core technology for security. It can not only verify the legality of the vehicle sending the data, but also negotiate a temporary session key to protect the confidentiality of key data. In this paper, the blockchain was applied to the authentication protocol, and a vehicle networking authentication protocol based on the blockchain and secGear unified confidential computing framework was designed. It met the non-repudiation requirements while achieving cross-regional authentication, and used the secGear framework to achieve the confidential calculation of the certification table, further protecting the security of the certification table. The AVISPA simulation tool and informal security analysis prove the security of this protocol, and use NS3 simulation experiment and comparative analysis to prove that this protocol has better applicability and advancement.

Key words: cyberspace security, Internet of vehicles, blockchain, authentication protocol, confidential computing

中图分类号:

TP309

刘忻, 王家寅, 杨浩睿, 张瑞生. 一种基于区块链和secGear框架的车联网认证协议[J]. 信息网络安全, 2022, 22(1): 27-36.

LIU Xin, WANG Jiayin, YANG Haorui, ZHANG Ruisheng. An Internet of Vehicles Authentication Protocol Based on Blockchain and secGear Framework[J]. Netinfo Security, 2022, 22(1): 27-36.

图/表 16

表1

图1

图2

图3

图4

图5

图6

图7

表2

表3

表4

表5

表6

表7

图8

图9

参考文献 22

[1]	TIAN Ye. Our Country will Establish a Vehicle Intelligent Management Standard System in Phases[J]. Industrial Economy Review, 2020, 7(3):10-11.
	田野. 我国将分阶段建立车辆智能管理标准体系[J]. 工业经济论坛, 2020, 7(3):10-11.
[2]	KUMARI S, KARUPPIAH M, LI Xiong, et al. An Enhanced and Secure Trust-extended Authentication Mechanism for Vehicular Ad-hoc Networks[J]. Security and Communication Networks, 2016, 9(17):4255-4271. doi: 10.1002/sec.v9.17 URL
[3]	ALI I, GERVAIS M, AHENE E, et al. A Blockchain-based Certificateless Public Key Signature Scheme for Vehicle-to-Infrastructure Communication in VANETs[EB/OL]. https://www.sciencedirect.com/science/article/abs/pii/S1383762119302103, 2021-04-11.
[4]	LIU Xin, ZHANG Ruisheng. A Robust Authentication Scheme with Continuously Updated Information for Vehicular Sensor Networks[EB/OL]. https://www.researchgate.net/publication/328891961_A_Robust_Authentication_Scheme_With_Continuously_Updated_Information_for_Vehicular_Sensor_Networks, 2021-04-11.
[5]	YU S J, LEE J Y, LEE K K, et al. Secure Authentication Protocol for Wireless Sensor Networks in Vehicular Communications[J]. Sensors, 2018, 18(10):3191-3204. doi: 10.3390/s18103191 URL
[6]	SADRI M J, RAJABZADEH ASAAR M. A Lightweight Anonymous Two-factor Authentication Protocol for Wireless Sensor Networks in Internet of Vehicles[EB/OL]. https://onlinelibrary.wiley.com/doi/10.1002/dac.4511, 2020-07-09.
[7]	VASUDEV H, DESHPANDE V, DAS D, et al. A Lightweight Mutual Authentication Protocol for V2V Communication in Internet of Vehicles[J]. IEEE Transactions on Vehicular Technology, 2020, 69(6):6709-6717. doi: 10.1109/TVT.25 URL
[8]	LI Kang, LAU W F, AU M H, et al. Efficient Message Authentication with Revocation Transparency Using Blockchain for Vehicular Networks[EB/OL]. https://www.sciencedirect.com/science/article/abs/pii/S0045790620305760, 2021-05-11.
[9]	BAGGA P, SUTRALA A K, DAS A K, et al. Blockchain-based Batch Authentication Protocol for Internet of Vehicles[EB/OL]. https://www.sciencedirect.com/science/article/abs/pii/S1383762120301569, 2021-06-11.
[10]	XU Zisang, LIANG Wei, LI K C, et al. A Blockchain-based Roadside Unit-assisted Authentication and Key Agreement Protocol for Internet of Vehicles[J]. Journal of Parallel and Distributed Computing, 2021, 149(6):29-39. doi: 10.1016/j.jpdc.2020.11.003 URL
[11]	KANG Jiawen, XIONG Zehui, NIYATO D, et al. Toward Secure Blockchain-enabled Internet of Vehicles: Optimizing Consensus Management Using Reputation and Contract Theory[J]. IEEE Transactions on Vehicular Technology, 2019, 68(3):2906-2920. doi: 10.1109/TVT.2019.2894944 URL
[12]	LIU Feng, YANG Jie, LI Zhibin, et al. A Secure Multi-party Computation Protocol for Universal Data Privacy Protection Based on Blockchain[J]. Journal of Computer Research and Development, 2021, 58(2):281-290.
	刘峰, 杨杰, 李志斌, 等. 一种基于区块链的泛用型数据隐私保护的安全多方计算协议[J]. 计算机研究与发展, 2021, 58(2):281-290.
[13]	Huawei. secGear[EB/OL]. https://gitee.com/src-openeuler/secGear#introduction, 2021-05-11.
[14]	WANG Jinwen, JIANG Yong, LI Qi, et al. Survey of Research on SGX Technology Application[J]. Network New Media Technology, 2017, 6(5):3-9.
	王进文, 江勇, 李琦, 等. SGX技术应用研究综述[J]. 网络新媒体技术, 2017, 6(5):3-9.
[15]	WANG Xiyou. Secure Isolation Based on ARM TrustZone Reaearch and Application[D]. Chengdu: University of Electronic Science and Technology of China, 2013.
	王熙友. ARM TrustZone安全隔离技术研究与应用[D]. 成都:电子科技大学, 2013.
[16]	MA Li. Industry Data through the Crisis Development Prospects in Dingli-“2018 Transport Industry Development Statistical Bulletin” Published[J]. China Road Transport, 2019(5):14-16.
	马力. 行业数据透危机发展前景在定力—《2018年交通运输行业发展统计公报》公布[J]. 中国道路运输, 2019(5):14-16.
[17]	SUKHWANI H, MARTÍNEZ J M, CHANG Xiaolin, et al. Performance Modeling of PBFT Consensus Process for Permissioned Blockchain Network(Hyperledger Fabric)[C]//IEEE. 36th IEEE Symposium on Reliable Distributed Systems (SRDS), September 26-29, 2017, Hong Kong, China. New Jersey: IEEE, 2017: 253-255.
[18]	LIU Xin, ZHANG Ruisheng, ZHAO Mingqi. A Robust Authentication Scheme with Dynamic Password for Wireless Body Area Networks[J]. Computer Networks, 2019, 161(10):220-234. doi: 10.1016/j.comnet.2019.07.003 URL
[19]	CUI Jie, XU Wenyu, HAN Yibo, et al. Secure Mutual Authentication with Privacy Preservation in Vehicular Ad Hoc Networks[EB/OL]. https://www.sciencedirect.com/science/article/abs/pii/S2214209619302475, 2021-04-11.
[20]	YING Bidi, NAYAK A. Anonymous and Lightweight Authentication for Secure Vehicular Networks[J]. IEEE Transactions on Vehicular Technology, 2017, 66(12):10626-10636. doi: 10.1109/TVT.2017.2744182 URL
[21]	ALAZZAWI M A, LU H, YASSIN A A, et al. Robust Conditional Privacy-preserving Authentication Based on Pseudonym Root with Cuckoo Filter in Vehicular Ad Hoc Networks[J]. KSII Transactions on Internet and Information Systems, 2019, 13(12):6121-6144.
[22]	LIU Xin, ZHANG Ruisheng, LIU Qidong. A Temporal Credential-based Mutual Authentication with Multiple-password Scheme for Wireless Sensor Networks[EB/OL]. https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0170657, 2017-01-30.

	TrustZone	SGX	secGear
硬件实现方法	利用总线对CPU时间片切换	指定安全内存分区并辅以单独的SGX汇编指令集进行安全内存操作	与芯片相关
部署应用方法	代码中定义	自行部署可信应用	基于多种接口自由开发
交互方式	SMC指令通信	通过EENTER、EEXIT等指令集进行enclave的进出和内存操作	基于芯片交互方式及TLS安全协议
并发性	低并发	较低并发	高并发

攻击类型	文献[19]协议	文献[20]协议	文献[21]协议	本文协议
认证表泄露攻击	N	Y	N	Y
认证表篡改攻击	N	Y	N	Y
窃听攻击	Y	Y	Y	Y
追踪攻击	Y	N	Y	Y
重放攻击	N	Y	Y	Y
RSU捕获攻击	N	Y	N	Y

时间	VN的运算时间/ms	RSU和TA的运算时间/ms
${{t}_{h}}$	0.056	0.007
${{t}_{MAC}}$	0.056	0.007
${{t}_{e}}$	2.249	0.339
${{t}_{sym}}$	0.224	0.028
${{t}_{pm}}$	13.405	2.165
${{t}_{asym}}$	22.4	2.8

协议	OBU	RSU	TA	总开销/ms
文献[19]	t_h+t_sym+t_asym	3t_sym	2t_h+2t_sym+t_asym	25.634
文献[20]	7t_h+t_e+t_sym	t_h	5t_h+t_e+t_sym	3.274
文献[21]	4t_h	7t_h	10t_h	0.343
本文协议	6t_h+2t_MAC	t_h	11t_h+2t_MA_C	0.546

协议	OBU/bit		RSU/bit		TA/bit		总开销/bit
协议	发送	接收	发送	接收	发送	接收	总开销/bit
文献[19]	480	288	928	608	128	640	3072
文献[20]	512	320	832	832	320	512	3328
文献[21]	544	512	1600	1088	1088	544	5376
本文协议	480	480	1120	960	640	480	4160