面向无人机网络的密钥管理和认证协议

针对无人机在组网过程中面临的密钥管理与身份认证问题，面向不同应用场景分别提出了有控制站支持的无人机网络认证方案（ASUSG）和无控制站支持的无人机网络认证方案（ASWGS），实现了无人机间的信任建立与安全通信。ASUSG基于椭圆曲线密码体制设计，充分利用控制站计算资源充足、通信链路稳定的特点，将控制站作为密钥生成中心，令控制站实时分发无人机公钥，并辅助无人机完成身份认证、建立安全的通信链路，减少了无人机承担的计算任务。ASWGS基于身份密码体制设计，通过门限密钥技术实现了网内节点在无控制站支持下的身份认证与密钥协商。具体组网时，节点采用遮蔽密钥的方式在公开信道传输用于生成节点私钥的秘密份额，实现了节点私钥的分布式生成。该过程通过预置节点公钥份额的方式能够以较少的计算开销有效阻止恶意节点的干扰行为。安全性分析显示，所提方案能够有效抵御无人机网络面临的身份假冒、消息重放、中间人攻击等多种典型的安全威胁。同时，基于国密算法在Linux平台上对上述两种认证方案进行了仿真实现，实验结果表明，相比于现有方案，本方案中的无人机节点在密钥管理的过程中所需计算开销更少。本文方案能够实现无人机在资源受限条件下的安全组网认证与会话密钥协商。

Key Management and Authentication Protocol for UAV Network

In order to solve the issue of key management and authentication for unmanned aerial vehicle (UAV) networks, two authentication schemes targeted for different UAV networking conditions were proposed in the paper, including a scheme for UAV network supported by ground station (ASUSG) and a scheme for UAV network without ground station (ASWGS). Based on the elliptic curve cryptography, ASUSG was designed by making full use of the scenario characteristics of stable communication link and sufficient computing resource vesting in the ground station. In ASUSG, the ground station was the key generation center, which could distribute public key to UAV instantly and assist UAVs in achieving identity authentication, establishing secure communication links and reducing the computing task of UAVs. ASWGS was designed based on identity-based encryption, in which the identity authentication and key agreement of nodes could be realized without the support of ground station using the threshold cryptography. When networking, the masking key was exploited by nodes to transmit the secret share used to generate the node''s private key in the open channel, realizing the distributed generation of the node''s private key. By presetting the share of the public key of the node in UAVs, the interference behaviors of malicious nodes were effectively prevented with less computational overhead. Security analysis demonstrated that the schemes proposed in the paper could resist many typical security threats effectively, such as identity spoofing attack, message replay attack, man-in-the-middle attack and so on. At the same time, a simulation experiment was designed on Linux platform based on the national secret algorithm. Experimental results showed that compared with the existing schemes, UAV nodes in ASUSG and ASWSG need less computational overhead in the process of key management. It can be concluded that these two schemes could achieve the authentication and secure communication of UAV networking under resource-limited scenarios.