基于物理不可克隆函数的车云轻量级匿名认证协议

柳亚男; 曹磊; 张正; 李戈; 邱硕; 王苏豪

doi:10.11959/j.issn.1000-0801.2025096

您当前的位置：

首页 >

文章列表页 >

基于物理不可克隆函数的车云轻量级匿名认证协议

专题：低空智联网与低空安全 | 更新时间：2025-04-24

- 基于物理不可克隆函数的车云轻量级匿名认证协议
- PUF-based light-weighted anonymous authentication protocol between vehicles and cloud
- 电信科学 2025年41卷第3期页码：96-107
- 作者机构：
  
  1.金陵科技学院网络安全学院，江苏南京 211169
  2.中国人民解放军陆军工程大学指挥控制工程学院，江苏南京 210007
- 作者简介：
  
  [ "柳亚男（1984- ），女，博士，金陵科技学院网络安全学院副教授，主要研究方向为车联网安全、密码协议。" ]
  [ "曹磊（2001- ），男，金陵科技学院网络安全学院硕士生，主要研究方向为车联网安全、软件安全。" ]
  [ "张正（1973- ），男，金陵科技学院网络安全学院研究员，主要研究方向为通信安全、网络攻防技术。" ]
  [ "李戈（1982- ），男，博士，中国人民解放军陆军工程大学指挥控制工程学院讲师，主要研究方向为软件安全、网络攻防。" ]
  [ "邱硕（1989- ），女，博士，金陵科技学院网络安全学院副教授，主要研究方向为密码协议、大数据安全。" ]
  [ "王苏豪（2000- ），男，金陵科技学院网络安全学院硕士生，主要研究方向为人工智能安全、入侵检测。" ]
- 基金信息：
  
  国家自然科学基金青年项目(42101428);江苏省“青蓝工程”项目;江苏省研究生科研与实践创新计划项目
- DOI：10.11959/j.issn.1000-0801.2025096
  中图分类号： TP309
- 收稿日期：2025-01-20，
  
  修回日期：2025-02-25，
  
  纸质出版日期：2025-03-20
- 稿件说明：
移动端阅览
柳亚男,曹磊,张正等.基于物理不可克隆函数的车云轻量级匿名认证协议[J].电信科学,2025,41(03):96-107.

LIU Yanan,CAO Lei,ZHANG Zheng,et al.PUF-based light-weighted anonymous authentication protocol between vehicles and cloud[J].Telecommunications Science,2025,41(03):96-107.
柳亚男,曹磊,张正等.基于物理不可克隆函数的车云轻量级匿名认证协议[J].电信科学,2025,41(03):96-107. DOI： 10.11959/j.issn.1000-0801.2025096.

LIU Yanan,CAO Lei,ZHANG Zheng,et al.PUF-based light-weighted anonymous authentication protocol between vehicles and cloud[J].Telecommunications Science,2025,41(03):96-107. DOI： 10.11959/j.issn.1000-0801.2025096.

摘要

针对低空经济中车辆与云端应用服务器的通信场景，提出基于PUF-ECC-Kerberos的轻量级车云匿名认证协议PEKE。该协议利用物理不可克隆函数（physical unclonable function，PUF）改进传统Kerberos的认证模式，结合椭圆曲线密码学（elliptic curve cryptography，ECC）算法获得车辆假名，实现车辆与云服务器之间的双向匿名认证和密钥交换。结合Scyther形式化分析工具验证，该协议不仅能够有效抵御密钥泄露、伪装攻击、中间人攻击以及反射攻击等多种安全威胁，同时还能在低空经济环境中实现车辆通信的匿名性，提供可靠的安全保障。通过与其他协议进行性能分析比较，进一步证明了PEKE协议在计算和通信消耗方面具有显著优势，并能有效降低通信时延，从而提高系统的整体效率。

Abstract

In the context of vehicle-to-cloud application server communication within the low-altitude economy

a novel vehicle-to-cloud anonymous authentication protocol named PEKE was proposed

which was based on PUF-ECC-Kerberos. The protocol was enhanced by incorporating physical unclonable function (PUF) and integrating the elliptic curve cryptography (ECC) public-key encryption algorithm to obtain vehicle pseudonyms. This enabled mutual anonymous authentication and key exchange between vehicles and cloud servers to be achieved. Through formal analysis using the Scyther tool

it was demonstrated that the PEKE protocol not only effectively resisted various security threats such as key leakage

masquerade attacks

man-in-the-middle attacks

and reflection attacks

but also ensured the anonymity of vehicle communications in the low-altitude economy

providing robust security guarantees. Furthermore

performance analysis comparisons with other protocols reveal that the PEKE protocol exhibited significant advantages in terms of computational and communication overhead

effectively reducing communication latency and thereby enhancing the overall system efficiency.

关键词

Keywords

references

翟苗 , 拱长青 , 刁俊胜 , 等 . 基于PKI的车联网安全通信与隐私保护机制 [J ] . 沈阳航空航天大学学报 , 2012 , 29 ( 5 ): 59 - 63 .

ZHAI M , GONG C Q , DIAO J S , et al . The PKI-based privacy protection mechanism for vehicle communication safety [J ] . Journal of Shenyang Aerospace University , 2012 , 29 ( 5 ): 59 - 63 .

DANG L J , XU J , CAO X F , et al . Efficient identity-based authenticated key agreement protocol with provable security for vehicular ad hoc networks [J ] . International Journal of Distributed Sensor Networks , 2018 , 14 ( 4 ): 155014771877254 .

DENG L Z , SHAO J X , HU Z Y . Identity based two-party authenticated key agreement scheme for vehicular ad hoc networks [J ] . Peer-to-Peer Networking and Applications , 2021 , 14 ( 4 ): 2236 - 2247 .

刘健 , 李艳俊 , 郑继虎 , 等 . 可溯源车联网匿名签名和批量验证方案设计 [J ] . 计算机工程与应用 , 2024 , 60 ( 23 ): 268 - 274 .

LIU J , LI Y J , ZHENG J H , et al . The anonymous signature and batch verification scheme design of traceable Internet of vehicles [J ] . Computer Engineering and Applications , 2024 , 60 ( 23 ): 268 - 274 .

毕昌兵 , 田有亮 . 车联网中基于身份签名的匿名可追溯消息认证方案 [J ] . 计算机工程 , 2024 : 1 - 8 .

BI C B , TIAN Y L . An anonymous traceable message authentication scheme based on identity signature in car networking [J ] . China Industrial Economics , 2024 : 1 - 8 .

谢永 , 吴黎兵 , 张宇波 , 等 . 面向车联网的多服务器架构的匿名双向认证与密钥协商协议 [J ] . 计算机研究与发展 , 2016 , 53 ( 10 ): 2323 - 2333 .

XIE Y , WU L B , ZHANG Y B , et al . Anonymous mutual authentication and key agreement protocol in multi-server architecture for VANETs [J ] . Journal of Computer Research and Development , 2016 , 53 ( 10 ): 2323 - 2333 .

刘辉 , 仲红 , 许艳 , 等 . 车联网云环境下多服务器架构的匿名认证及密钥协商协议 [J ] . 南京信息工程大学学报(自然科学版) , 2017 , 9 ( 5 ): 503 - 508 .

LIU H , ZHONG H , XU Y , et al . Anonymous authentication and key agreement protocol in multi-server architecture for vehicular cloud computing [J ] . Journal of Nanjing University of Information Science & Technology (Natural Science Edition) , 2017 , 9 ( 5 ): 503 - 508 .

YADAV K A , VIJAYAKUMAR P . LPPSA: an efficient lightweight privacy-preserving signature-based authentication protocol for a vehicular Ad Hoc network [J ] . Annals of Telecommunications , 2022 , 77 ( 7 ): 473 - 489 .

刘一丹 , 马永柳 , 杜宜宾 , 等 . 一种车联网中的无证书匿名认证密钥协商协议 [J ] . 信息网络安全 , 2024 , 24 ( 7 ): 983 - 992 .

LIU Y D , MA Y L , DU Y B , et al . A certificateless anonymous authentication key agreement protocol for VANET [J ] . Netinfo Security , 2024 , 24 ( 7 ): 983 - 992 .

杨小东 , 李沐紫 , 马国祖 , 等 . 车联网中支持非法签名定位的无证书匿名认证方案 [J ] . 计算机工程 , 2024 , 50 ( 6 ): 157 - 165 .

YANG X D , LI M Z , MA G Z , et al . Certificateless anonymous authentication scheme supporting illegal signatures localization for Internet of vehicles [J ] . Computer Engineering , 2024 , 50 ( 6 ): 157 - 165 .

AL-SHAREEDA M A , ANBAR M , MANICKAM S , et al . An efficient identity-based conditional privacy-preserving authentication scheme for secure communication in a vehicular ad hoc network [J ] . Symmetry , 2020 , 12 ( 10 ): 1687 .

RAI V K , TRIPATHY S , MATHEW J . LPA: a lightweight PUF-based authentication protocol for IoT system [C ] // Proceedings of the 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) . Piscataway : IEEE Press , 2023 : 1712 - 1717 .

侯琬钰 , 孙钰 , 李大伟 , 等 . 基于PUF的5G车联网V2V匿名认证与密钥协商协议 [J ] . 计算机研究与发展 , 2021 , 58 ( 10 ): 2265 - 2277 .

HOU W Y , SUN Y , LI D W , et al . Anonymous authentication and key agreement protocol for 5G-V2V based on PUF [J ] . Journal of Computer Research and Development , 2021 , 58 ( 10 ): 2265 - 2277 .

夏卓群 , 苏潮 , 徐梓桑 , 等 . 基于物理不可克隆函数的轻量级可证明安全车联网认证协议 [J ] . 电子与信息学报 , 2024 , 46 ( 9 ): 3788 - 3796 .

XIA Z Q , SU C , XU Z S , et al . A lightweight and provably secure authentication protocol for Internet of vehicles using physical unclonable function [J ] . Journal of Electronics & Information Technology , 2024 , 46 ( 9 ): 3788 - 3796 .

AWAIS S M , WU Y C , MAHMOOD K , et al . PUF-based privacy-preserving simultaneous authentication among multiple vehicles in VANET [J ] . IEEE Transactions on Vehicular Technology , 2024 , 73 ( 5 ): 6727 - 6739 .

LAI C Z , WANG X W , ZHENG D . A PUF-based authentication and key distribution scheme for in-vehicle network [C ] // Proceedings of the ICC 2023-IEEE International Conference on Communications . Piscataway : IEEE Press , 2023 : 1591 - 1596 .

NEUMAN B C , TS’O T . Kerberos: an authentication service for computer networks [J ] . IEEE Communications Magazine , 1994 , 32 ( 9 ): 33 - 38 .

RAHAYU M , HOSSAIN M B , ALI M A , et al . An integrated secured vehicular ad-hoc network leveraging Kerberos authentication and Blockchain technology [C ] // Proceedings of the 2023 Eleventh International Symposium on Computing and Networking Workshops (CANDARW) . Piscataway : IEEE Press , 2023 : 260 - 266 .

王冠 , 苗艺雪 . 基于Intel SGX的Kerberos安全增强方案 [J ] . 信息安全研究 , 2021 , 7 ( 4 ): 374 - 383 .

WANG G , MIAO Y X . Kerberos security enhancements based on Intel SGX [J ] . Journal of Information Security Research , 2021 , 7 ( 4 ): 374 - 383 .

GOPE P . PMAKE: Privacy-aware multi-factor authenticated key establishment scheme for Advance Metering Infrastructure in smart grid [J ] . Computer Communications , 2020 ( 152 ): 338 - 344 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

低空3.5 GHz双载波网络覆盖解决方案研究

5G-A/6G+北斗通感导技术在低空经济中的应用与展望

车联网中基于stacking集成学习的攻击检测模型

面向车联网的基于卷积神经网络的入侵检测模型

手机直连低轨卫星的应用场景及业务需求分析