Research On Wireless Communication Security Authentication Technology In High-speed Mobile Scenario

With the rapid development of communication and information technology,intelligent transportation,as an important means to effectively improve comprehensive transportation management capacity,ensure travel safety,and accelerate the sustainable development of cities,has attracted extensive attention from academia and industry.Especially in recent years,the "Outline of Building a Strong Transport Country" puts forward the goal of "developing a safe,convenient,efficient,green and economic modern comprehensive transportation system,and building a strong transport country in the forefront of the world" to further promote the development of China’s transport system to the direction of modernization,integration and intelligence.As the "central system" of intelligent transportation system,high-speed mobile communication system is responsible for carrying the efficient and reliable transmission of various traffic control information,user service information,sensing and detection information,which is an important basis for ensuring orderly operation of intelligent transportation.As a security-critical system,once the high-speed traffic communication system is infiltrated,attacked,or destroyed by attackers,it may cause traffic jams,scheduling imbalances,and vehicle collisions,which will seriously threaten driving safety.The traditional wireless communication security technology is mainly designed for the terminal with low mobile capability,which is not suitable for high-speed mobile scenarios.Taking the railway system as an example,the current running speed of high-speed trains has exceeded 300km/h.The high speed not only causes frequent handover of communication link,but also greatly improves the real-time requirements of the handover process.At the same time,due to the public life and property safety,its safety requirements are much higher than that of mobile phone mobile network.Therefore,the research on wireless communication security technology suitable for high-speed mobile scenarios is crucial to the safe and efficient operation of intelligent transportation.The thesis combines various authentication and key agreement technologies,provable security theories,formal security certification methods to carry out the research on the wireless communication security technology of transportation systems for high-speed mobile scenarios.Based on typical high-speed mobile scenarios(high-speed rail and vehicular Adhoc network),this thesis analyzes the security and performance deficiencies in the existing standards and improvement schemes,and designs authentication and key agreement schemes to meet the business requirements of different high-speed mobile scenarios with the help of advanced authentication technology and security proof theory.The main research contents are summarized as follows.(1)In view of the authentication scenarios existing in the train-ground wireless communication system of high-speed railway,the deficiencies in security and performance of existing standard protocols EPS-AKA,5G-AKA and related schemes are analyzed.According to the characteristics of railway communication,an efficient access authentication scheme is designed based on anonymous proxy signature algorithm to meet the requirements of different business scenarios,solving the problems of IMSI leakage,difficulty in resisting desynchronization attacks,lack of pre-authentication and complex signaling interaction in LTER access authentication.Analysis shows that this solution can solve the main problems in LTER,and at the same time achieve a balance between security and performance for specific scenarios.Subsequently,aiming at the existing problems existing in the NAS and AS of 5GR,such as difficulty in resisting denial of service attacks,lack of key forward/backward security,complex handover authentication interactions,etc.,a security authentication scheme for 5G-R train-ground wireless communication is designed based on certificateless proxy signature algorithm and proof of work theory.Analysis shows that the solution can effectively resist denial of service attacks,and provides security features such as SUPI confidentiality protection,non-repudiation,and complete forward/backward security.In addition,the calculation cost,communication cost,number of information exchanges,and the ability to resist denial of service attacks of the proposed scheme are better than or at the same level as the existing schemes,which can meet the security and real-time requirements of train-ground wireless communication in 5G-R NAS and AS environment.(2)In view of the coexistence and heterogeneous interconnection of multiple networks in the evolution process from GSM-R to LTE-R/5G-R and even the future space network,research on the security interconnection of space network and ground network is carried out.Low-Earth Orbit(LEO)satellites are introduced into LTE-R,and a space-ground integrated network architecture is constructed.Based on the elliptic curve cryptosystem and the Chinese remainder theorem,a lightweight and secure authentication key agreement scheme is proposed.Analysis shows that the proposed scheme is superior to the existing schemes in terms of security,computation cost and communication overhead.Subsequently,research on the security interconnection of terrestrial heterogeneous networks is carried out.With the goal of global ubiquitous access,multi-mode heterogeneous network interconnection and data secure transmission,facing the future intelligent railway wireless communication heterogeneous environment,a lightweight security authentication and key agreement scheme is proposed based on lattice cryptography,hash chain,Chinese remainder theorem and other technologies for the SDN-based space-ground integrated network architecture.The formal analysis and performance evaluation show that the scheme has good security and feasibility in the future multi-heterogeneous railway space-ground integrated network.(3)Aiming at the cross-domain service resource access process in multi-server environments of Vehicular Ad-Hoc Network(VANET),in order to solve the problems of the existing solutions,such as deployment difficulties,lack of limited anonymity and accountability services,and ignoring the limited computing capabilities of terminal entities in high-speed mobile environments,an authentication and key agreement scheme with limited anonymity is proposed.The trust relationship between heterogeneous domains is established by using public key crypto system-based distributed trust model.On this basis,the trust relationship between the user and the server is built by the authentication mechanism based on single-key cryptosystem.The service tickets are introduced into the scheme to achieve efficient re-authentication.With the help of temporary identity,the limited anonymous service for client was also supported in the scheme.Analysis shows that this solution can meet the security and real-time requirements of users in the process of accessing cloud servers in the multi-server environments of VANET.(4)In view of the problems existing in batch verification schemes of cloud-based VANET,such as over-ideal TPD security hypothesis,lack of effective means to retrieve erroneous signatures when aggregation signature verification fails,and privacy protection,an aggregation verification scheme with fine-grained error signature location function is proposed based on non-ideal TPD hypothesis.Specifically,the off-line self-updating method is utilized to update the data in TPD periodically to resist side-channel attacks.Furthermore,an efficient fine-grained error location algorithm is designed to quickly detect all invalid signatures within a problematic aggregate signature scenario.Our performance analysis shows that the proposed scheme outperforms the existing ones in terms of security,computation delay and communication overhead,thus more suitable in practical cloud-based VANET environment.