基于CPN的车载网络无证书匿名认证和密钥协商方案研究OA北大核心CSTPCD

To address the shortcomings of existing authentication schemes in vehicle networks,which commonly suffer from key escrow issues,as well as the lack of consideration for lightweight deployment and secure rapid authentication of compute-constrained electronic control unit(ECU),a lightweight certificateless anonymous authentication and key agreement scheme without bilinear pairings was proposed for compute-unconstrained ECU networks.The authentication key pair was securely constructed by elliptic curve cryptography,anonymous authentication and key agreement were re-alized by lightweight methods such as hash functions and XOR operation.Additionally,a certificateless batch verifica-tion scheme was proposed to reduce the authentication costs for compute-constrained ECU networks.Finally,a security verification method based on the colored Petri net(CPN)and Dolev-Yao attacker model was proposed to evaluate the for-mal security of the proposed scheme.The proposed scheme is proved through security evaluation and performance analy-sis to effectively resist various types of attacks such as replay,spoofing,tampering,known key,known specific session temporary information attack,etc.,with multiple security attributes,small computation and communication cost.