Security Enhanced Authentication Protocol for Space-Ground Integrated Railway Networks

The Software Defined Network (SDN)-based space-ground integrated railway communication networks have attracted widespread attention from academia and industry. In such environments, the security of initial authentication and handover authentication for moving trains are two important challenges that need to be addressed. In this paper, a secure and efficient authentication key agreement scheme is proposed for the SDN-based space-ground integrated railway networks. Specifically, a lightweight mutual authentication mechanism based on the Number Theory Research Unit (NTRU) is proposed for the initial authentication process, which effectively prevents the unauthorized On-Board Unit (OBU) accessing networks. Then, according to the predictable path, we propose a key generation algorithm based on the hash chain and a fast key distribution mechanism based on the Chinese Remainder Theorem (CRT), which greatly reduce the calculation and communication burden of the key transmission process. On this basis, we adopt a hash-based message authentication code to achieve unified handover authentication in heterogeneous integrated railway networks. The Burrows-Abadi-Needham (BAN) logic proof and informal security analysis demonstrate that the proposed scheme can provide several robust security properties, including forward/backward security, universality, traceability, and resistance against quantum attacks. The performance evaluations show that our scheme outperforms other related schemes in computation cost, communication overhead, and performance under unknown attacks while guaranteeing higher security.