| In recent years,with the development of modern science and technology,China’s railways has gradually realized informatization,automation and intelligence.How to ensure the security of complex and redundant data has become the research focus in the open network environment of the railway system.In order to achieve the basic security of wireless network communication,the 3GPP specification clearly stipulates that both communicating parties must perform complete identity authentication and key agreement in an open wireless communication system.However,the railway system has the characteristics of dense crowd flow and huge number of mobile devices.When mass mobile devices request authentication and key agreement agreement at the same time,they will consume a lot of network resources and cause serious network congestion.In response to this problem,many scholars have proposed the idea of grouping a large number of mobile devices with the same physical properties or operating trajectories.Mobile devices in the same group only need to send an authentication message to request the core network to authenticate all mobile devices.At the same time,considering the limited data processing capabilities of mobile devices,lightweight algorithms should be used as much as possible to reduce the computational complexity.In view of this,this paper focuses on the authentication and key agreement protocols for massive mobile devices in wireless railway communication networks.The main contents are as follows:(1)In order to provide safe and stable services to passenger equipment,the 3GPP committee proposed the introduction of mobile relays in LTE-A networks to improve network performance.However,due to the open air interface and complex information interaction,the MRNs deployed on the same train are vulnerable to malicious attacks and consume a lot of communication bandwidth.To solve this problem,this paper proposes a safe and efficient group authentication and key agreement scheme for MRNs installed on the same train in LTE-A network.The scheme uses an improved secret sharing technology based on the Chinese remainder theorem to support LTE-A networks to simultaneously authenticate MRNs,and uses lightweight hash algorithms and XOR operations to implement session key negotiation between the core network and the MRNs.Security analysis shows that the scheme can provide security attributes such as identity privacy protection,key forward / backward security,and can resist various malicious attacks such as man-in-the-middle attacks and redirection attacks.Using BAN logic and formal verification tool AVISPA can verify the correctness and security of this scheme.Compared with other related schemes,this scheme maintains an average computational cost and lower communication cost.(2)In order to achieve greater network capacity and coverage to meet increasing service demands,the new generation of wireless communication systems will integrate LTE-A,WLAN or other wireless access technologies.In view of the lack of sufficient consideration of security in the relevant mobility management schemes,and the large number of user equipment on the same train cannot effectively implement handover authentication,this paper proposes an authentication scheme for railway user equipment to implement batch handover between LTE-A and WLAN heterogeneous networks.This scheme uses the aggregate message verification code to support the target network to simultaneously authenticate a large number of user equipment,and combines the lightweight symmetric encryption algorithm and the hash algorithm to negotiate the session key between the user equipment and the target network.Using BAN logic analysis,formal verification tool AVISPA and security attribute analysis show that this scheme can resist a variety of malicious attacks,such as privileged internal attacks and man-in-the-middle attacks.Finally,compared with related schemes,this scheme has obvious efficiency advantages in terms of signaling overhead,calculation overhead and communication overhead. |
PDF Full Text Request