摘要
在5G网络中,物联终端接入方式主要是无线接入。针对在海量接入场景下高昂的认证成本,该文提出了一种适用于电力5G终端二次认证的基于聚合签密的二次认证方法,该方法在保证安全性的同时,具有计算量和存储空间消耗少、运行效率高的特点,同时避免了传统公钥密码系统中的证书管理问题和基于身份的公钥密码系统中的密钥托管问题。该文对于适用于该方法的5G EAP-TLS鉴权协议进行研究。5G EAP-TLS协议主要用于5G专网或IoT场景下的鉴权和密钥协商,该文基于TS 33.501文档构建5G EAP-TLS协议模型,采用ProVerif验证工具验证协议的安全属性,并提出了修正方案。
In the 5G network,the access method of IoT terminals is mainly wireless access.Aiming at the high authentication cost in massive access scenarios,this paper proposes a secondary authentication method based on aggregate signcryption for the secondary authentication of power 5G terminals.This method not only ensures the security,but also has the characteristics of less computation and storage consumption,and high operation efficiency.At the same time,it avoids the certificate management problem in traditional public key cryptosystem and the key escrow problem in identity-based public key cryptosystem.In this paper,5G EAP-TLS authentication protocol suitable for this method is studied.5G EAP-TLS protocol is mainly used for authentication and key agreement in 5G private networks or IoT scenarios.This paper constructs the 5G EAP-TLS protocol model based on TS 33.501 document,uses ProVerif verification tool to verify the security attributes of the protocol,and proposes a modification scheme.
作者
马媛媛
李尼格
邵志鹏
徐子超
MA Yuan-yuan;LI Ni-ge;SHAO Zhi-peng;XU Zi-chao(State Grid Smart Grid Research Institute Co.,Ltd.,Nanjing 210003,China;State Grid Laboratory of Information&Network Security,Nanjing 210003,China;State Grid Zhejiang Electric Power Corporation Information&Telecommunication Branch,Hangzhou 310007,China)
出处
《自动化与仪表》
2022年第11期103-108,共6页
Automation & Instrumentation
基金
国家电网有限公司总部管理科技资助项目(5700-202119443A-0-0-00)。
关键词
电力5G终端
二次认证
聚合签密
形式化分析
power 5G terminal
secondary authentication
aggregated signcryption
formal analysis
作者简介
马媛媛(1978—),女,硕士,正高级工程师,研究方向为信息安全防护技术;李尼格(1985—),女,硕士,高级工程师,研究方向为信息安全防护技术。
