[1]王 冠,张倩倩.基于 SGX 的车联网身份认证方案研究[J].计算机技术与发展,2023,33(11):99-105.[doi:10. 3969 / j. issn. 1673-629X. 2023. 11. 015]
 WANG Guan,ZHANG Qian-qian.Research on Identity Authentication Scheme Based on SGX in Internet of Vehicles[J].,2023,33(11):99-105.[doi:10. 3969 / j. issn. 1673-629X. 2023. 11. 015]
点击复制

基于 SGX 的车联网身份认证方案研究()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
33
期数:
2023年11期
页码:
99-105
栏目:
网络空间安全
出版日期:
2023-11-10

文章信息/Info

Title:
Research on Identity Authentication Scheme Based on SGX in Internet of Vehicles
文章编号:
1673-629X(2023)11-0099-07
作者:
王 冠12 张倩倩12
1. 北京工业大学 信息学部,北京 100124;
2. 北京市可信计算重点实验室,北京 100124
Author(s):
WANG Guan12 ZHANG Qian-qian12
1. Faculty of Information Technology,Beijing University of Technology,Beijing 100124,China;
2. Beijing Key Laboratory of Trusted Computing,Beijing 100124,China
关键词:
车联网身份认证SGX计算卸载安全
Keywords:
Internet of vehiclesidentity authenticationSGXcomputation offloadingsecurity
分类号:
TP309
DOI:
10. 3969 / j. issn. 1673-629X. 2023. 11. 015
摘要:
车联网需要实时采集和处理交通数据,缓解交通拥堵,并保护用户的隐私数据,防止被攻击者窃取和操纵。 然而,目前大部分认证协议不能很好地抵抗来自内部的特权用户攻击,且没
有高效地利用路边基站单元( RSU) 。 针对上述问题,该文设计了基于 SGX 的车联网身份认证协议。 该协议将身份认证过程中主要的计算工作从 TA 卸载到 RSU 内完成,使 RSU?
不再只有简单的转发功能,实现了分布式计算。 通过 SGX 远程认证提供的安全通道将主密钥从 TA 传输到 RSU。并将身份认证过程中主密钥的使用过程转移到 SGX 的安全区内,
利用可信硬件来存储主密钥,同时用主密钥对 TA 中的车辆关系认证表进行加密。 在满足抵抗内部特权用户攻击的同时实现了计算工作的卸载。 实验结果表明,该协议的计算时间
减少了 23. 16% ,同时大大降低了 TA 的计算负载,在没有增加网络节点的情况下实现了去中心化的身份认证,具备较好的安全性和实时性。
Abstract:
IoV needs to collect and process traffic data in real time,alleviate traffic congestion,and protect users’ private data from beingstolen and manipulated by attackers. However,
most of the existing authentication protocols cannot resist the privileged user attack frominside,and do not make efficient use of roadside Base Station Unit ( RSU) . In view of?
the above problems,we design an identity authentication protocol based on SGX for IoV. The protocol offloads the main computing work in the process of identity authentication from TAto RSU,so that RSU no longer only has a simple forwarding function and realizes distributed computing. The master key is transferredfrom TA to RSU through the secure channel provided by SGX Remote attestation. The use of the master key in the process of identity authentication is transferred to the secure area of SGX,and the master key is stored by the trusted hardware. At the same time,the masterkey is used to encrypt the vehicle relationship authentication table in TA. The offloading of computing work is achieved while satisfyingthe resistance to internal privileged user attacks. The experimental results show that the computing time of the proposed protocol isreduced by 23. 16% , and the computational load of TA is greatly reduced. It realizes decentralized identity authentication withoutincreasing network nodes,and has good security and real-time performance.

相似文献/References:

[1]田志英 廖晓群 赵安新.校园网认证计费系统的研究与实现[J].计算机技术与发展,2010,(05):202.
 TIAN Zhi-ying,LIAO Xiao-qun,ZHAO An-xin.Research and Implementation of Campus Network Authentication and Accounting System[J].,2010,(11):202.
[2]万久士 李翔 林祥.基于JSSh实现身份认证网站信息采集[J].计算机技术与发展,2009,(10):156.
 WAN Jiu-shi,LI Xiang,LIN Xiang.Information Collection of Website which Achieve Identity Authentication Based on JSSh[J].,2009,(11):156.
[3]贺锋 王汝传.一种基于PKI的P2P身份认证技术[J].计算机技术与发展,2009,(10):181.
 HE Feng,WANG Ru-chuan.A Peer- to- Peer Identity Authentication Technology Based on PKI[J].,2009,(11):181.
[4]吕武玲 黎忠文.SIP中基于身份认证的安全机制研究[J].计算机技术与发展,2009,(02):158.
 LU Wu-ling,LI Zhong-wen.Research on Identity- Based Authentication in SIP[J].,2009,(11):158.
[5]孙印杰 陈智芳 王敏 洪力.基于指纹和数字水印的网络身份认证系统研究[J].计算机技术与发展,2008,(04):147.
 SUN Yin-jie,CHEN Zhi-fang,WANG Min,et al.Research of Authentication System Based on Fingerprint and Digital Watermarking[J].,2008,(11):147.
[6]黄叶珏 陈勤.Web网站统一口令认证系统的设计与实现[J].计算机技术与发展,2007,(06):163.
 HUANG Ye-jue,CHEN Qin.Design and Implementation of Web Site Universal Password Authentication System[J].,2007,(11):163.
[7]徐小平 尹颖禹.基于数字签名的身份认证模型的一种方案[J].计算机技术与发展,2006,(02):220.
 XU Xiao-ping,YIN Ying-yu.A Model Scheme for Identity Verification Based on Digital Signature[J].,2006,(11):220.
[8]范宏生 叶震 侯保花.基于公钥密码体制的Kerberos协议的改进[J].计算机技术与发展,2006,(04):224.
 FAN Hong-sheng,YE Zhen,HOU Bao-hua.Improvement of Kerberos Protocol Based on Public Key Cryptosystem[J].,2006,(11):224.
[9]刘建明 贺占庄.硬盘加密和身份认证的硬件实现[J].计算机技术与发展,2006,(06):139.
 LIU Jian-ming,HE Zhan-zhuang.A Hardware Design of Harddisk Encryption and Identification[J].,2006,(11):139.
[10]张球河 李也白 王宇鸽 尹天明.电子政务资源安全管理的研究与应用[J].计算机技术与发展,2006,(09):222.
 ZHANG Qiu-he,LI Ye-bai,WANG Yu-ge,et al.Research and Application of E- Government Resource Security Management[J].,2006,(11):222.

更新日期/Last Update: 2023-11-10