CN103491070A - Method for protecting privacy of vehicles in real-time migration of virtual machine - Google Patents
Method for protecting privacy of vehicles in real-time migration of virtual machine Download PDFInfo
- Publication number
- CN103491070A CN103491070A CN201310401603.8A CN201310401603A CN103491070A CN 103491070 A CN103491070 A CN 103491070A CN 201310401603 A CN201310401603 A CN 201310401603A CN 103491070 A CN103491070 A CN 103491070A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- network management
- management unit
- board units
- units obu
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a method for protecting privacy of vehicles in real-time migration of a virtual machine. A mobile vehicle-mounted unit sends an identity authentication request to a road side unit, the road side unit determines the identity legality of the vehicle-mounted unit, then starts the corresponding virtual machine for the vehicle-mounted unit, and stores identity associated information of the vehicle-mounted unit into the virtual machine, a network management unit conducts authentication on the virtual machine through a secret key, distributes an IP1 to the virtual machine, and meanwhile opens a routing cache region for the virtual machine, the vehicle-mounted unit has access to the virtual machine corresponding to the vehicle-mounted unit and uses services provided by the virtual machine, the virtual machine is added to an IP timed replacement mechanism of the network management unit, the IP timed replacement mechanism distributes a new IP address to the virtual machine in a timed mode, and the vehicle-mounted unit corresponding to the virtual machine has access to the virtual machine with the new IP address. According to the method for protecting the privacy of the vehicles in the real-time migration of the virtual machine, the probability that the vehicles are found through the virtual machine can be reduced, the vehicles can be effectively protected against tracking and attack by attackers inside or outside the network, and the user privacy of the vehicles can be effectively protected against leakage.
Description
Technical field
The present invention relates to the secret protection field of car networking, more specifically, relate to the vehicle method for secret protection in a kind of virtual machine real-time migration.
Background technology
The main target of car networking is to strengthen road safety, improves traffic efficiency and the consciousness of enhancing cooperation.It can help the driver to obtain in time running status and the road conditions of surrounding vehicles, obtains reply in advance and processing time to contingency, thereby ensures traffic safety better.Simultaneously, the car networked system can help the driver to obtain in advance Traffic Information, as far as possible reasonably arranges traffic path, promotes to drive to experience, and reduces road traffic pressure.
Along with the deep popularization of car Network and application, system safety and the privacy concern of car networking have caused everybody attention gradually.The assailant can follow the tracks of user's whereabouts, spies upon and invade user's privacy; Again, thus assailant's information of can distorting is escaped traffic accident responsibility etc.In information-intensive society, people wish to carry out safely and reliably alternately, can control personal data, and the protection sensitive data becomes a problem that needs special concern simultaneously.Traditional authentication techniques, as the numeral signature, can guarantee authentication property, integrality and non-repudiation etc. to data, yet it often can't meet the steady private needs of protection user.
For safety and the Privacy Protection of car networking, researchers had proposed as magnanimity anonymous credential method for secret protection, method for secret protection based on group's signature in the last few years, and based on bilinearity the solution of the right problems such as assumed name authentication method.These schemes have all solved corresponding car networking safety and privacy concern from certain side, but all have some defects or problem to be solved, such as the enforcement complexity of agreement is excessively high.Therefore; in the car networking, how rationally and effectively privacy of user to be protected; prevent the tracked utilization of vehicle position information; make the driver avoid the privacy information of self to be attacked utilization enjoying to the full when car networking offers convenience, become further extensive key issue of arranging facility of car networking.
Summary of the invention
In order to overcome the deficiencies in the prior art, the present invention proposes the vehicle method for secret protection in a kind of virtual machine real-time migration, easily tracked with vehicle in the networking of solution car, the technical problem that privacy is easily revealed.
For achieving the above object, technical scheme of the present invention is:
Vehicle method for secret protection in a kind of virtual machine real-time migration comprises:
Vehicle-carried mobile unit OBU sends ID authentication request to roadside unit RSU;
Roadside unit RSU opens corresponding virtual machine for this board units OBU after determining the identity legitimacy of board units OBU, and the identity related information of this board units OBU is stored in the first virtual machine;
Network management unit is authenticated the first virtual machine by key, and gives the first virtual machine distributing IP
1, be that the first virtual machine is opened up the route-caching district simultaneously;
Board units OBU is provided by the first corresponding with it virtual machine the service of using it to provide, and IP mechanism is changed in the timing that simultaneously the first virtual machine is joined to network management unit;
This regularly changes IP mechanism is to be regularly that the first virtual machine distributes new IP address, and the board units OBU access of corresponding the first virtual machine has the first virtual machine of new IP address.
Preferably, described board units OBU produces with affiliated car in the unique corresponding identity-related information of unit OBU in the first virtual machine of opening at roadside unit RSU by the letter of identity of board units OBU after connecting authentication to roadside unit RSU application.
The IP of the first virtual machine that preferably, described roadside unit RSU is board units OBU unlatching
1it is the unique network address distributed by network management unit.
Preferably, the implementation of the timing of described network management unit replacing IP mechanism is:
1) timing threshold value T is set
n;
2) regularly reach T
nbefore, board units OBU normally accesses the virtual machine that roadside unit RSU is its unlatching, and uses wherein each kind service; Regularly constantly arrive T
nthe time, described network management unit is that the first virtual machine is redistributed IP
2;
3) roadside unit RSU will obtain IP
2the first virtual machine with board units OBU, carry out associated; Board units OBU is IP by roadside unit RSU accesses network address
2virtual machine;
4) after this, regularly restart, described network management unit is constantly changed IP for virtual machine.
Preferably, described step 2) described network management unit is that the virtual machine that described board units OBU opens is redistributed IP to roadside unit RSU
2after, described network management unit can be IP to the network address by key
2virtual machine re-start authentication.
Preferably, described roadside unit RSU will redistribute IP
2the first virtual machine and board units OBU carry out associatedly, the network address is IP
2the first virtual machine in the identity related information with the letter of identity of board units OBU, be still unique corresponding.
Preferably, described network management unit is given old IP
1the first virtual machine distribute new IP
2the time, old IP
1with the mutual data message in upper strata, need to carry out route-caching, process is as follows:
1. described network management unit is by old IP
1in uploading download data flow to be written into be the route-caching district that the first virtual machine is opened up;
2. described network management unit also is routed to new IP gradually by the data in route-caching district
2in;
3. old IP
1data cached and new IP
2route data carry out simultaneously, until the route-caching district is cleared;
4. described network management unit thoroughly abandons IP
1packet header, by IP
1be set to idle IP;
Preferably, after the route-caching when through described network management unit, redistributing IP, the first virtual machine is changed IP and is just thoroughly completed, and after this regularly restarts, and regularly changes IP mechanism and still continues to carry out.
Compared with prior art, beneficial effect of the present invention is: in traditional virtual machine (vm) migration, virtual machine IP remains unchanged, and the vehicle corresponding with this virtual machine just is easy to be found.In the method for the invention; be the virtual machine distributing IP by network management unit, and added virtual machine regularly to change IP mechanism, can reduce the possibility of finding vehicle by virtual machine; can effectively protect vehicle not netted assailant interior or that net is outer and follow the tracks of attack, reveal the vehicle user privacy simultaneously.
The accompanying drawing explanation
The specific implementation flow chart that Fig. 1 is method for secret protection of the present invention;
Fig. 2 is application scenarios figure of the present invention.
Embodiment
As Fig. 1, the vehicle method for secret protection in a kind of virtual machine real-time migration comprises:
Vehicle-carried mobile unit OBU sends ID authentication request to roadside unit RSU;
Roadside unit RSU opens corresponding virtual machine for this board units OBU after determining the identity legitimacy of board units OBU, and the identity related information of this board units OBU is stored in the first virtual machine;
Network management unit is authenticated the first virtual machine by key, and gives the first virtual machine distributing IP
1, be that the first virtual machine is opened up the route-caching district simultaneously;
Board units OBU is provided by the first corresponding with it virtual machine the service of using it to provide, and IP mechanism is changed in the timing that simultaneously the first virtual machine is joined to network management unit;
This regularly changes IP mechanism is to be regularly that the first virtual machine distributes new IP address, and the board units OBU access of corresponding the first virtual machine has the first virtual machine of new IP address:
The implementation that IP mechanism is changed in the timing of described network management unit is:
1) timing threshold value T is set
n;
2) regularly reach T
nbefore, board units OBU normally accesses the virtual machine that roadside unit RSU is its unlatching, and uses wherein each kind service; Regularly constantly arrive T
nthe time, described network management unit is that the first virtual machine is redistributed IP
2;
3) roadside unit RSU will obtain IP
2the first virtual machine with board units OBU, carry out associated; Board units OBU is IP by roadside unit RSU accesses network address
2virtual machine;
4) after this, regularly restart, described network management unit is constantly changed IP for virtual machine.。
As shown in Figure 2, board units OBU sends connection application to roadside unit RSU-A, application access car networking network; Roadside unit RSU-A after testing and after having confirmed the identity legitimacy of board units OBU, allows board units OBU access car networking network.
The thin cloud that roadside unit RSU backstage has a computer cluster to form, can open virtual machine for board units OBU, so that various vehicle-mounted services to be provided.After roadside unit RSU-A is authenticated board units OBU, roadside unit RSU-A just opens proprietary virtual machine VM-car1 for board units OBU.
Network management unit couples together the backstage thin cloud of roadside unit RSU-A and RSU-B in the mode of bridge joint, and being convenient to network management unit is that the virtual machine that board units OBU opens manages to roadside unit RSU.
At t
1constantly, virtual machine VM-car1 is its distributing IP by network management unit
1.After distributing IP, network management unit is just IP by key to the network address
1virtual machine VM-car1 authenticated, meanwhile, network management unit is that virtual machine VM-car1 opens up the route-caching district.
Cars on hand carrier unit OBU can pass through network address IP
1visit the virtual machine VM-car1 that roadside unit RSU-A is its unlatching, and the service of using virtual machine VM-car1 to provide.
Implemented a kind of virtual machine in network management unit and regularly changed IP mechanism, at network management unit, to virtual machine VM-car1 distributing IP and after being authenticated, just virtual machine VM-car1 has been added to this mechanism.
Virtual machine is regularly changed in IP mechanism implementation process, and when timing does not finish, board units OBU is accesses virtual machine VM-car1 normally, and uses service wherein; As timing T
nfinish, at t
2constantly, network management unit can be redistributed IP for virtual machine VM-car1
2.
Network management unit is after virtual machine VM-car1 redistributes IP, will to the network address, be IP by key
2virtual machine VM-car1 re-start authentication.
Although the IP of virtual machine VM-car1 has changed, the identity related information in virtual machine VM-car1 is still unique corresponding with the letter of identity of board units OBU.
At network management unit, it is being virtual machine VM-car1 distributing IP
2the time, unavoidably can run into IP
1just with upper strata, carrying out data interaction, in this case, just with IP
1the data message of transmission need to carry out route-caching: at first, network management unit is by IP
1the data flow of being uploaded download is written into the route-caching district opened up for virtual machine VM-car1; Secondly, network management unit is routed to IP gradually by the data in the route-caching district
2in; IP
1data cached and IP
2route data carry out simultaneously, until the route-caching district is cleared, and no longer includes new data and flow into; Finally, network management unit thoroughly abandons IP
1packet header, by IP
1be set to idle IP.
After route-caching when through network management unit, redistributing IP, virtual machine VM-car1 changes IP and just thoroughly completes, and after this regularly restarts, and virtual machine is regularly changed IP mechanism and still continued to carry out.
At t
3constantly, board units OBU has sailed out of the signal cover of roadside unit RSU-A, and has entered the signal cover of roadside unit RSU-B.Now, virtual machine VM-car1 also moves to roadside unit RSU-B from roadside unit RSU-A.But due to t
3– t
2<t
2– t
1=T
n, at t
3constantly, the network address of virtual machine VM-car1 is still IP
2.
Virtual machine is regularly changed IP mechanism does not affect virtual machine (vm) migration, and along with t – t
2convergence T
n, network management unit also is about to start for virtual machine VM-car1 changes IP again.
Claims (8)
1. the vehicle method for secret protection in a virtual machine real-time migration, is characterized in that, comprising:
Vehicle-carried mobile unit OBU sends ID authentication request to roadside unit RSU;
Roadside unit RSU opens corresponding virtual machine for this board units OBU after determining the identity legitimacy of board units OBU, and the identity related information of this board units OBU is stored in the first virtual machine;
Network management unit is authenticated the first virtual machine by key, and gives the first virtual machine distributing IP
1, be that the first virtual machine is opened up the route-caching district simultaneously;
Board units OBU is provided by the first corresponding with it virtual machine the service of using it to provide, and IP mechanism is changed in the timing that simultaneously the first virtual machine is joined to network management unit;
This regularly changes IP mechanism is to be regularly that the first virtual machine distributes new IP address, and the board units OBU access of corresponding the first virtual machine has the first virtual machine of new IP address.
2. the vehicle method for secret protection in virtual machine real-time migration according to claim 1; it is characterized in that; described board units OBU produces with affiliated car in the unique corresponding identity-related information of unit OBU in the first virtual machine of opening at roadside unit RSU by the letter of identity of board units OBU after connecting authentication to roadside unit RSU application.
3. the vehicle method for secret protection in virtual machine real-time migration according to claim 2, is characterized in that, the IP of the first virtual machine that described roadside unit RSU is board units OBU unlatching
1it is the unique network address distributed by network management unit.
4. the vehicle method for secret protection in virtual machine real-time migration according to claim 3, is characterized in that, the implementation that IP mechanism is changed in the timing of described network management unit is:
1) timing threshold value T is set
n;
2) regularly reach T
nbefore, board units OBU normally accesses the virtual machine that roadside unit RSU is its unlatching, and uses wherein each kind service; Regularly constantly arrive T
nthe time, described network management unit is that the first virtual machine is redistributed IP
2;
3) roadside unit RSU will obtain IP
2the first virtual machine with board units OBU, carry out associated; Board units OBU is IP by roadside unit RSU accesses network address
2virtual machine;
4) after this, regularly restart, described network management unit is constantly changed IP for virtual machine.
5. the vehicle method for secret protection in virtual machine real-time migration according to claim 4, is characterized in that described step 2) described network management unit is that the virtual machine that described board units OBU opens is redistributed IP to roadside unit RSU
2after, described network management unit can be IP to the network address by key
2virtual machine re-start authentication.
6. the vehicle method for secret protection in virtual machine real-time migration according to claim 5, is characterized in that, described roadside unit RSU will redistribute IP
2the first virtual machine and board units OBU carry out associatedly, the network address is IP
2the first virtual machine in the identity related information with the letter of identity of board units OBU, be still unique corresponding.
7. the vehicle method for secret protection in virtual machine real-time migration according to claim 6, is characterized in that, described network management unit is given old IP
1the first virtual machine distribute new IP
2the time, old IP
1with the mutual data message in upper strata, need to carry out route-caching, process is as follows:
1. described network management unit is by old IP
1in uploading download data flow to be written into be the route-caching district that the first virtual machine is opened up;
2. described network management unit also is routed to new IP gradually by the data in route-caching district
2in;
3. old IP
1data cached and new IP
2route data carry out simultaneously, until the route-caching district is cleared;
4. described network management unit thoroughly abandons IP
1packet header, by IP
1be set to idle IP.
8. the vehicle method for secret protection in virtual machine real-time migration according to claim 7; it is characterized in that; after route-caching when through described network management unit, redistributing IP; the first virtual machine is changed IP and is just thoroughly completed; after this regularly restart, regularly change IP mechanism and still continue to carry out.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310401603.8A CN103491070B (en) | 2013-09-06 | 2013-09-06 | A kind of vehicle method for secret protection in real-time migration of virtual machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310401603.8A CN103491070B (en) | 2013-09-06 | 2013-09-06 | A kind of vehicle method for secret protection in real-time migration of virtual machine |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103491070A true CN103491070A (en) | 2014-01-01 |
| CN103491070B CN103491070B (en) | 2016-09-21 |
Family
ID=49831029
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310401603.8A Active CN103491070B (en) | 2013-09-06 | 2013-09-06 | A kind of vehicle method for secret protection in real-time migration of virtual machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103491070B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363586A (en) * | 2014-11-14 | 2015-02-18 | 安徽大学 | Lightweight-class roaming access authentication method for Internet of Vehicles |
| CN106406276A (en) * | 2015-07-29 | 2017-02-15 | 罗伯特·博世有限公司 | Method and device for the on-board diagnosis of a control unit |
| CN110286925A (en) * | 2019-06-17 | 2019-09-27 | 高新兴物联科技有限公司 | A kind of upgrade-system and upgrade method |
| US10764323B1 (en) * | 2015-12-21 | 2020-09-01 | Amdocs Development Limited | System, method, and computer program for isolating services of a communication network in response to a distributed denial of service (DDoS) attack |
| CN111866199A (en) * | 2019-04-30 | 2020-10-30 | 广州汽车集团股份有限公司 | IP address allocation method of ECU in vehicle-mounted communication system and related product |
| CN112004209A (en) * | 2020-08-04 | 2020-11-27 | 中国联合网络通信集团有限公司 | Vehicle communication method and device based on V2X |
| CN113268315A (en) * | 2021-06-10 | 2021-08-17 | 郑州市景安网络科技股份有限公司 | Online migration method for virtual host |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119206A (en) * | 2007-09-13 | 2008-02-06 | 北京交通大学 | Identification based integrated network terminal united access control method |
| US20090260057A1 (en) * | 2008-04-11 | 2009-10-15 | Toyota Motor Engineering & Manufacturing North America, Inc. | Method for distributing a list of certificate revocations in a vanet |
| CN102185774A (en) * | 2011-05-10 | 2011-09-14 | 中兴通讯股份有限公司 | Method, monitor and system for seamless migration of virtual machine |
| CN102594844A (en) * | 2012-03-29 | 2012-07-18 | 杨涛 | Privacy protection and authentication system based on digital re-signature and traceability technology |
-
2013
- 2013-09-06 CN CN201310401603.8A patent/CN103491070B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119206A (en) * | 2007-09-13 | 2008-02-06 | 北京交通大学 | Identification based integrated network terminal united access control method |
| US20090260057A1 (en) * | 2008-04-11 | 2009-10-15 | Toyota Motor Engineering & Manufacturing North America, Inc. | Method for distributing a list of certificate revocations in a vanet |
| CN102185774A (en) * | 2011-05-10 | 2011-09-14 | 中兴通讯股份有限公司 | Method, monitor and system for seamless migration of virtual machine |
| CN102594844A (en) * | 2012-03-29 | 2012-07-18 | 杨涛 | Privacy protection and authentication system based on digital re-signature and traceability technology |
Non-Patent Citations (1)
| Title |
|---|
| 杨列昂等: ""基于不可否认性和隐私保护的VANET安全框架研究"", 《智能计算机与应用》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363586A (en) * | 2014-11-14 | 2015-02-18 | 安徽大学 | Lightweight-class roaming access authentication method for Internet of Vehicles |
| CN104363586B (en) * | 2014-11-14 | 2017-11-17 | 安徽大学 | The roaming access authentication method of lightweight in a kind of car networking |
| CN106406276A (en) * | 2015-07-29 | 2017-02-15 | 罗伯特·博世有限公司 | Method and device for the on-board diagnosis of a control unit |
| CN106406276B (en) * | 2015-07-29 | 2021-07-27 | 罗伯特·博世有限公司 | Method and device for on-board diagnostics in a control device |
| US10764323B1 (en) * | 2015-12-21 | 2020-09-01 | Amdocs Development Limited | System, method, and computer program for isolating services of a communication network in response to a distributed denial of service (DDoS) attack |
| CN111866199A (en) * | 2019-04-30 | 2020-10-30 | 广州汽车集团股份有限公司 | IP address allocation method of ECU in vehicle-mounted communication system and related product |
| CN111866199B (en) * | 2019-04-30 | 2023-02-28 | 广州汽车集团股份有限公司 | IP address allocation method of ECU in vehicle-mounted communication system and related product |
| CN110286925A (en) * | 2019-06-17 | 2019-09-27 | 高新兴物联科技有限公司 | A kind of upgrade-system and upgrade method |
| CN112004209A (en) * | 2020-08-04 | 2020-11-27 | 中国联合网络通信集团有限公司 | Vehicle communication method and device based on V2X |
| CN112004209B (en) * | 2020-08-04 | 2022-08-12 | 中国联合网络通信集团有限公司 | Vehicle communication method and device based on V2X |
| CN113268315A (en) * | 2021-06-10 | 2021-08-17 | 郑州市景安网络科技股份有限公司 | Online migration method for virtual host |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103491070B (en) | 2016-09-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103491070A (en) | Method for protecting privacy of vehicles in real-time migration of virtual machine | |
| CN109714421B (en) | Intelligent networking automobile operation system based on vehicle-road cooperation | |
| Dibaei et al. | Attacks and defences on intelligent connected vehicles: A survey | |
| Wang et al. | An improved authentication scheme for internet of vehicles based on blockchain technology | |
| Li et al. | TSP security in intelligent and connected vehicles: Challenges and solutions | |
| Dorri et al. | Blockchain: A distributed solution to automotive security and privacy | |
| WO2020258060A2 (en) | Blockchain-based privacy protection trust model for internet of vehicles | |
| Lu et al. | Pseudonym changing at social spots: An effective strategy for location privacy in vanets | |
| Kim | Blockchain for a trust network among intelligent vehicles | |
| Ahmad et al. | Vehicular cloud networks: Architecture, applications and security issues | |
| Sharma et al. | BlockAPP: Using blockchain for authentication and privacy preservation in IoV | |
| CN109362062B (en) | ID-based group signature-based VANETs anonymous authentication system and method | |
| CN108012232A (en) | VANETs location privacy protection querying methods under mist computing architecture | |
| CN108260102B (en) | LTE-R vehicle-ground communication non-access layer authentication method based on proxy signature | |
| WO2019109598A1 (en) | Position privacy protection system and method for vanets, on basis of random encryption cycle | |
| US11049402B2 (en) | Cryptography-based platooning mechanism for autonomous vehicle fleet management | |
| Boualouache et al. | Towards an efficient pseudonym management and changing scheme for vehicular ad-hoc networks | |
| Corradi et al. | Mobile agents protection in the Internet environment | |
| Kumar Karn et al. | A survey on VANETs security attacks and sybil attack detection | |
| Ahmed et al. | A survey on location privacy attacks and prevention deployed with IoT in vehicular networks | |
| CN104010302A (en) | Vehicle-mounted self-organizing network traffic data trust evaluation method | |
| Lee et al. | Design of a two layered blockchain-based reputation system in vehicular networks | |
| Luo et al. | Privacy attacks and defenses for digital twin migrations in vehicular metaverses | |
| CN112489458B (en) | Credible privacy protection intelligent traffic light method and system based on V2X technology | |
| Tyagi et al. | Providing trust enabled services in vehicular cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |