位置信息端云可信传输方案设计

doi:10.3969/j.issn.1671-1122.2023.10.006

信息网络安全 ›› 2023, Vol. 23 ›› Issue (10): 39-47.doi: 10.3969/j.issn.1671-1122.2023.10.006

位置信息端云可信传输方案设计

张璐¹^,², 屠晨阳¹(), 苗张旺³, 甘静鸿⁴^,⁵

1.中国科学院信息工程研究所信息安全国家重点实验室，北京 100085
2.中国科学院大学网络空间安全学院，北京 100049
3.国家信息中心，北京 10045
4.中国人民公安大学信息网络安全学院，北京 100038
5.漳州市公安局台商投资区分局，漳州 363000

收稿日期:2023-06-26 出版日期:2023-10-10 发布日期:2023-10-11
通讯作者: 屠晨阳 E-mail:tuchenyang@iie.ac.cn
作者简介:张璐（1998—），女，河南，硕士研究生，主要研究方向为信息安全|屠晨阳（1988—），男，北京，高级工程师，博士，主要研究方向为信息安全|苗张旺（1991—），男，河北，助理研究员，博士，主要研究方向为网络空间安全与人工智能|甘静鸿（1995—），女，福建，硕士研究生，主要研究方向为警务大数据分析技术
基金资助:
国家重点研发计划(2022YFB3903900)

Design of an End-to-Cloud Trusted Transmission Solution for Location Information

ZHANG Lu¹^,², TU Chenyang¹(), MIAO Zhangwang³, GAN Jinghong⁴^,⁵

1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100085, China
2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
3. The State Information Center, Beijing 100045, China
4. School of Information Network Security, People’s Public Security University of China, Beijing 100038, China
5. Zhangzhou Public Security Bureau Taiwan Business Investment Zone Branch, Zhangzhou 363000, China

Received:2023-06-26 Online:2023-10-10 Published:2023-10-11

摘要/Abstract

摘要：

由于北斗导航技术与大众消费级应用的深度融合发展，位置信息的重要性愈加凸显，但大多应用未对位置信息进行充分保护，计算复杂性高的传统密码学方案不能直接用于资源受限的北斗导航应用环境，且终端的软件执行环境也并不安全。因此文章基于专用的北斗导航芯片，在芯片内部利用密码与通信模块实现轻量级的位置信息端云可信传输机制，基于TLS（Transport Layer Security）的协议思路保护位置信息在传输中的真实性、完整性与机密性。文章所提方案尽可能少地使用复杂的计算、验证与证书管理，在保证数据处理性能的同时抵御中间人攻击、重放攻击、拒绝服务等攻击，具有一定的安全性与鲁棒性。

关键词: 北斗, 位置保护, 安全通信, 端云可信传输

Abstract:

Due to the deep integration and development of BeiDou navigation technology and mass consumer applications, the importance of location information has become increasingly prominent, but most applications have not fully protected the location information. The traditional Cryptography solutions with high computational complexity cannot be directly used in the resource constrained BeiDou navigation application environment, and the software execution environment of the terminal is not safe. This article was based on a dedicated BeiDou navigation chip, which utilized cryptographic and communication modules to achieve a lightweight end-to-cloud trusted transmission mechanism for location information within the chip. The mechanism protected the authenticity, integrity, and confidentiality of location information during transmission based on the TLS (Transport Layer Security) protocol concept. This solution not only minimizes the use of complex calculations, verification, and certificate management to ensure data processing performance, but also resists attacks such as man in the middle, replay, and denial of service, with a certain degree of security and robustness.

Key words: BeiDou, location protection, secure communication, end-to-cloud trusted transmission

中图分类号:

TP309

张璐, 屠晨阳, 苗张旺, 甘静鸿. 位置信息端云可信传输方案设计[J]. 信息网络安全, 2023, 23(10): 39-47.

ZHANG Lu, TU Chenyang, MIAO Zhangwang, GAN Jinghong. Design of an End-to-Cloud Trusted Transmission Solution for Location Information[J]. Netinfo Security, 2023, 23(10): 39-47.

图/表 12

图1

图2

表1

图3

图4

图5

表2

图6

图7

表3

表4

图8

参考文献 17

[1]	VERMA P, GUPTA D S. An Improved Certificateless Mutual Authentication and Key Agreement Protocol for Cloud-Assisted Wireless Body Area Networks[J]. Wireless Personal Communications, 2023, 131(4): 2399-2426. doi: 10.1007/s11277-023-10536-8
[2]	ZHOU Yuxiang, TAN Haowen, KARUNARATHINA C A A I. A Secure Authentication and Key Agreement Scheme with Dynamic Management for Vehicular Networks[EB/OL]. (2023-02-22) [2023-06-20]. https://doi.org/10.1080/09540091.2023.2176825.
[3]	WANG An, DONG Yongyin, ZHU Liehuang, et al. APT Backdoor for Block Cipher Software and Its Countermeasures[J]. Journal of Cryptologic Research, 2021, 8(1): 65-75.
	王安, 董永银, 祝烈煌, 等. 一种针对分组密码软件的APT后门及其防范[J]. 密码学报, 2021, 8(1):65-75. doi: 10.13868/j.cnki.jcr.000420
[4]	MA Guojun, BAI Lei, PEI Qingqi, et al. An End-to-End Security Scheme of the Internet of Things[J]. Netinfo Security, 2017, 17(10): 13-21.
	马国峻, 白磊, 裴庆祺, 等. 一种物联网端到端安全方案[J]. 信息网络安全, 2017, 17(10): 13-21.
[5]	ZHU Ying, YAN Yan, WAN Fang, et al. Comparison of Domestic Password and International Password Performance under Instant Messaging System[J]. Information Technology and Informatization, 2022(9): 164-167.
	朱颖, 严妍, 万芳, 等. 即时通信系统下国密与国际密码性能比较[J]. 信息技术与信息化, 2022(9):164-167.
[6]	GAO Mengzhou. Research on Selective and Stochastic Encryption Strategies for the Resource-Constrained Control Systems Security[D]. Hangzhou: Zhejiang University, 2017.
	高梦州. 面向资源受限控制系统安全的选择性及随机性加密策略研究[D]. 杭州: 浙江大学, 2017.
[7]	SAQIB M, MOON A H. A Systematic Security Assessment and Review of Internet of Things in the Context of Authentication[EB/OL]. (2022-12-13) [2023-06-20]. https://doi.org/10.1016/j.cose.2022.103053.
[8]	HOGLUND J, FURUHED M, RAZA S. Lightweight Certificate Revocation for Low-Power IoT with End-to-End Security[J]. Journal of Information Security and Applications, 2023, 73: 1-12.
[9]	DENG Dong. Research on Authentication and Key Management Based on Non-Traditional Certificates for WSN[D]. Chengdu: University of Electronic Science and Technology of China, 2022.
	邓东. WSN中基于非传统证书的身份认证和秘钥管理关键技术研究[D]. 成都: 电子科技大学, 2022.
[10]	PERAZZO P, RIGHETTI F, MANNA M L, et al. Performance Evaluation of Attribute-Based Encryption on Constrained IoT Devices[J]. Computer Communications, 2021, 170: 151-163. doi: 10.1016/j.comcom.2021.02.012 URL
[11]	AZIZ M F, KHAN A N, SHUJA J, et al. A Lightweight and Compromise-Resilient Authentication Scheme for IoTs[EB/OL]. (2019-11-25) [2023-06-20]. https://doi.org/10.1002/ett.3813.
[12]	XU Guodong. Research on Lightweight IoT Secure Transmission Protocol[D]. Nanjing: Nanjing University Of Information Science &Technology, 2022.
	许国栋. 轻量级物联网安全传输协议研究[D]. 南京: 南京信息工程大学, 2022.
[13]	LI Fengyin, YU Xinying, CUI Yang, et al. An Anonymous Authentication and Key Agreement Protocol in Smart Living[J]. Computer Communications, 2022, 186: 110-120. doi: 10.1016/j.comcom.2022.01.019 URL
[14]	SALEEM M A, LI Xiong, AYUB M F, et al. An Efficient and Physically Secure Privacy-Preserving Key-Agreement Protocol for Vehicular Ad-Hoc Network[J]. IEEE Transactions on Intelligent Transportation Systems, 2023, 24(9): 9940-9951. doi: 10.1109/TITS.2023.3266030 URL
[15]	VINOTH R, DEBORAH L J. An Efficient Key Agreement and Authentication Protocol for Secure Communication in Industrial IoT Applications[J]. Journal of Ambient Intelligence and Humanized Computing, 2023, 14: 1431-1443. doi: 10.1007/s12652-021-03167-z
[16]	BRAEKEN A. Authenticated Key Agreement Protocols for Dew-Assisted IoT Systems[EB/OL]. (2022-02-28) [2023-06-20]. https://doi.org/10.1007/s11227-022-04364-z.
[17]	RANA M, MAMUN Q, ISLAM R. Lightweight Cryptography in IoT Networks: A Survey[J]. Future Generations Computer Systems: FGCS, 2022, 129: 77-89.

符号	描述
D	芯片终端设备
S	定位芯片服务器
K	对称密钥
(PrvK, PubK)	公私钥对
hash()	哈希函数
Enc_Key	使用密钥Key的加密函数
Dec_Key	使用密钥Key的解密函数
Sig_PrvK	基于公私钥对(PrvK, PubK)的签名函数
{}	集合
\|\|	连接操作

符号	描述
ReKey_Uamount	会话传输的Data消息数量上限
ReKey_Utime	会话持续时长上限

	芯片终端设备	定位芯片服务器
长期存储	[设备公私钥、服务器证书链、服务器公钥PubS、设备标识DID]	[服务器公私钥、服务器证书链、芯片序列号、设备公钥PubD、设备标识DID]
临时维护	[会话密钥、会话时长、已传输的Data消息数量、随机数]	[会话密钥、随机数]

	一次密钥协商/次		M次加密传输/次		一次密钥更新/次		一次证书更新/次
	设备	云	设备	云	设备	云	设备	云
签名/验签	0	0	0	0	0	0	1	1
非对称加密/ 解密	3	3	0	0	0	0	0	0
对称加密/ 解密	0	0	M	M	2	2	0	0
哈希计算/ 校验	3	4	M	M	2	2	0	0
生成随机数	1	2	M	0	1	1	0	0
生成公私钥	1	1	0	0	0	0	0	0

位置信息端云可信传输方案设计

Design of an End-to-Cloud Trusted Transmission Solution for Location Information

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献 17

相关文章 5

编辑推荐

Metrics

本文评价

[1]	芦天亮, 王侨, 刘颖卿. 不安全通信中的用户隐私泄露问题[J]. 信息网络安全, 2015, 15(9): 119-123.
[2]	刘宝国, 徐凌伟, 张浩. 北斗导航系统中天线阵的选择研究[J]. 信息网络安全, 2015, 15(1): 12-15.
[3]	舒梦奇;常宇驰;白润杰;王绍人. 基于专用进程的移动办公安全通信系统研究[J]. , 2013, 13(4): 0-0.
[4]	吴小毛. 基于点对点即时信息交换安全通信协议模型研究[J]. , 2012, 12(4): 0-0.
[5]	范红;厉剑;胡志昂. 解读国标《信息系统等级保护安全设计技术要求》[J]. , 2009, 9(10): 0-0.