| 40 | 0 | 5 |
| 下载次数 | 被引频次 | 阅读次数 |
针对航空通信网切换认证的安全与效率需求,提出一种基于物理不可克隆函数的民航高空平台站(High Altitude Platform Stations, HAPS)切换认证协议。该协议将物理不可克隆函数应用于切换认证,在注册阶段通过安全信道完成挑战响应对与用户身份绑定,依托其物理随机性抵御克隆与密钥泄露风险。设计物理不可克隆函数挑战响应对动态更新策略,生成不可预测的挑战响应组合,增强对重放攻击与数据库泄露的防御能力。安全性分析表明,利用BAN(Burrows Abadi Needham)逻辑形式化分析和Scyther工具证明了所提协议具备密钥一致性和双向认证能力,可抵抗重放攻击、中间人攻击等威胁。性能分析表明,所提协议计算开销仅为0.73 ms、通信开销低至2 088 bit,相较于传统认证协议,优化了资源受限场景下的认证效率。
Abstract:To address the security and efficiency requirements of handover authentication in aviation communication networks, a handover authentication protocol based on physical unclonable functions(PUF) for civil aviation high altitude platform stations(HAPS) is proposed. It applies PUF to handover authentication. During the registration phase, challenge-response pairs are bound to the user's identity via a secure channel, which relies on the physical randomness of PUF to resist cloning and key leakage attacks. A dynamic update strategy for PUF challenge-response pairs is designed to generate unpredictable challenge-response combinations, thereby enhancing resilience against replay attacks and database compromise. Security analysis shows that, through Burrows-Abadi-Needham(BAN) logic formal analysis and the Scyther tool, the proposed protocol achieves key consistency and mutual authentication, and can resist threats such as replay attacks and man-in-the-middle attacks. Performance analysis indicates that the computational overhead of the proposed protocol is only 0.73 ms, and the communication overhead is as low as 2 088 bits. Compared with traditional authentication protocols, it optimizes authentication efficiency in resource-constrained scenarios.
[1] Signore T L,Girard M.The aeronautical telecommunication network (ATN)[C]//IEEE Military Communications Conference.Boston:IEEE,1998:40-44.
[2] Ben Mahmoud M S,Pirovano A,Larrieu N.Aeronautical communication transition from analog to digital data:A network security survey[J].Computer Science Review,2014,11-12:1-29.
[3] Duan X Y,Wang X B.Authentication handover and privacy protection in 5G hetnets using software-defined networking[J].IEEE Communications Magazine,2015,53(4):28-35.
[4] Yi Z,Du X H,Liao Y,et al.A trust holding based secure seamless handover in space information network[C]//Space Information Networks.Singapore:Springer Singapore,2017:137-150.
[5] Guo J Y,Du Y,Zhang Y H,et al.A provably secure ECC-based access and handover authentication protocol for space information networks[J].Journal of Network and Computer Applications,2021,193:103183.
[6] Wang Y,Zhang W F,Wang X M.A lightweight and secure authentication protocol for space-ground integrated network of railway[C]//2021 International Conference on Communications,Information System and Computer Engineering.Beijing:IEEE,2021:30-35.
[7] Liu Y,Ni L Q,Peng M G.A secure and efficient authentication protocol for satellite-terrestrial networks[J].IEEE Internet of Things Journal,2023,10(7):5810-5822.
[8] 张应辉,钱佳乐,曹进,等.5G-V2X中基于轨迹预测的安全高效群组切换认证协议[J].通信学报,2023,44(8):144-154.Zhang Yinghui,Qian Jiale,Cao Jin,et al.Secure and efficient group handover authentication protocol based on trajectory prediction in 5G-V2X[J].Journal on Communications,2023,44(8):144-154.
[9] Oun A,Niamat M.PUF-based authentication for the security of IoT devices[C]//2023 IEEE International Conference on Electro Information Technology (eIT).Romeoville:IEEE,2023:67-70.
[10] 朱庆森,宋翔飞,何智旺.基于PUF的无人机网络轻量级身份认证方案[J].软件导刊,2024,23(6):114-120.Zhu Qingsen,Song Xiangfei,He Zhiwang.PUF-based lightweight identity authentication for UAV network[J].Software Guide,2024,23(6):114-120.
[11] Guo J Y,Chang L Y,Song Y,et al.AHA-BV:Access and handover authentication protocol with batch verification for satellite-terrestrial integrated networks[J].Computer Standards & Interfaces,2025,91:103870.
[12] 席铭辉,郜帅,兰江雨,等.一种无人机自组网中基于身份加密的认证方案[J].计算机技术与发展,2024,34(9):82-87.Xi Minghui,Gao Shuai,Lan Jiangyu,et al.An authentication scheme based on identity encryption in UAV AD hoc network[J].Computer Technology and Development,2024,34(9):82-87.
[13] 弓皓臣,胡涛,吴迪,等.基于轻量化区块链的无人机蜂群身份认证设计[J].指挥控制与仿真,2024,46(5):29-36.Gong Haochen,Hu Tao,Wu Di,et al.Design of UAV swarm identity authentication based on lightweight blockchain[J].Command Control & Simulation,2024,46(5):29-36.
[14] 蹇奇芮,陈泽茂,武晓康.面向无人机通信的认证和密钥协商协议[J].计算机科学,2022,49(8):306-313.Jian Qirui,Chen Zemao,Wu Xiaokang.Authentication and key agreement protocol for UAV communication[J].Computer Science,2022,49(8):306-313.
[15] 朱辉,张业平,于攀,等.面向无人机网络的密钥管理和认证协议[J].工程科学与技术,2019,51(3):158-166.Zhu Hui,Zhang Yeping,Yu Pan,et al.Key management and authentication protocol for UAV network[J].Journal of Sichuan University (Engineering Science Edition),2019,51(3):158-166.
[16] 冯志华,张宇轩,卢文涛,等.基于PUF的Kerberos认证协议[J].计算机工程与设计,2022,43(11):3045-3050.Feng Zhihua,Zhang Yuxuan,Lu Wentao,et al.Kerberos authentication protocol based on PUF[J].Computer Engineering and Design,2022,43(11):3045-3050.
[17] Grace D,Capstick M H,Mohorcic M,et al.Integrating users into the wider broadband network via high altitude platforms[J].IEEE Wireless Communications,2005,12(5):98-105.
[18] 管明祥,郭庆,顾学迈.HAPS通信覆盖及链路特性分析[J].电波科学学报,2012,27(4):832-839.Guan Mingxiang,Guo Qing,Gu Xuemai.Performance evaluation of coverage and wireless link characteristic for HAPS communication[J].Chinese Journal of Radio Science,2012,27(4):832-839.
[19] Pappu R,Recht B,Taylor J,et al.Physical one-way functions[J].Science,2002,297(5589):2026-2030.
[20] 张紫楠,郭渊博.物理不可克隆函数综述[J].计算机应用,2012,32(11):3115-3120.Zhang Zinan,Guo Yuanbo.Survey of physical unclonable function[J].Journal of Computer Applications,2012,32(11):3115-3120.
[21] Dolev D,Yao A.On the security of public key protocols[J].IEEE Transactions on Information Theory,1983,29(2):198-208.
[22] 冯登国.安全协议:理论与实践[M].北京:清华大学出版社,2011:73-74.Feng Dengguo.Security protocol:Theory and practice[M].Beijing:Tsinghua University Press,2011:73-74.
[23] Cremers C J F.The scyther tool:Verification,falsification,and analysis of security protocols[C]//Computer Aided Verification.Berlin:Springer,2008:414-418.
[24] Lai C Z,Li H,Lu R X,et al.SEGR:A secure and efficient group roaming scheme for machine to machine communications between 3GPP and WiMAX networks[C]//2014 IEEE International Conference on Communications.Sydney:IEEE,2014:1011-1016.
[25] Cao J,Ma M D,Fu Y L,et al.CPPHA:Capability-based privacy-protection handover authentication mechanism for SDN-based 5G HetNets[J].IEEE Transactions on Dependable and Secure Computing,2021,18(3):1182-1195.
[26] 柳亚男,曹磊,张正,等.基于物理不可克隆函数的车云轻量级匿名认证协议[J].电信科学,2025,41(3):96-107.Liu Yanan,Cao Lei,Zhang Zheng,et al.PUF-based light-weighted anonymous authentication protocol between vehicles and cloud[J].Telecommunications Science,2025,41(3):96-107.
[27] 柳亚男,曹磊,张正,等.车联网V2N中的轻量级双向认证与密钥协商[J].信息安全研究,2025,11(8):753-760.Liu Yanan,Cao Lei,Zhang Zheng,et al.Light-weighted mutual authentication and key agreement in V2N IoV[J].Journal of Information Security Research,2025,11(8):753-760.
[28] Liu F F,Yan Y,Sun Y,et al.Extremely lightweight PUF-based batch authentication protocol for end-edge-cloud hierarchical smart grid[J].Security and Communication Networks,2022,2022:9774853.
基本信息:
DOI:10.13682/j.issn.2095-6533.2026.03.010
中图分类号:TN918.4;V243.1
引用信息:
[1]刘镇涛,尚涛,刘建伟.基于物理不可克隆函数的民航HAPS切换认证协议[J].西安邮电大学学报,2026,31(03):99-109.DOI:10.13682/j.issn.2095-6533.2026.03.010.
基金信息:
北京市自然科学基金项目(L251066)
2026-02-03
2026
2026-04-08
2026-04-09
2026
1
2026-04-30
2026-04-30
2026-04-30