CN108234445A - The cloud of secret protection in vehicle-mounted cloud is established and data safe transmission method - Google Patents
The cloud of secret protection in vehicle-mounted cloud is established and data safe transmission method Download PDFInfo
- Publication number
- CN108234445A CN108234445A CN201711245829.8A CN201711245829A CN108234445A CN 108234445 A CN108234445 A CN 108234445A CN 201711245829 A CN201711245829 A CN 201711245829A CN 108234445 A CN108234445 A CN 108234445A
- Authority
- CN
- China
- Prior art keywords
- cloud
- vehicle
- key
- group
- management person
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/067—Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Mobile Radio Communication Systems (AREA)
- Traffic Control Systems (AREA)
- Storage Device Security (AREA)
Abstract
Cloud the invention discloses secret protection in a kind of vehicle-mounted cloud is established and data safe transmission method, and this method includes TA settings, vehicle and RSU settings, the setting of vehicle-mounted cloud, message safe transmission, spoofing are tracked.The present invention provides a kind of safety and the anonymous method for establishing vehicle-mounted cloud, cloud user can efficiently join and depart from vehicle-mounted cloud.After the foundation of vehicle-mounted cloud, cloud user can pass through three kinds of different mode safeties and the vehicle sent messages in vehicle-mounted cloud of anonymity.The invention has the characteristics that:Meet sender's confirmability and privacy, the confidentiality of message and guarantee sender's sensitive position is not leaked.
Description
Technical field
The invention belongs to information security, vehicle-mounted cloud fields, and in particular to the cloud of secret protection in vehicle-mounted cloud a kind of establish with
And data safe transmission method.
Background technology
Vehicular ad hoc net (vehicle-mounted net) is a kind of self-organizing network for inter-vehicular communication, and the vehicle in vehicle-mounted net is gathered around
There are certain calculating and storage resource.It, will to make full use of the calculating and storage resource that vehicle is not fully utilized in vehicle-mounted net
Vehicle-mounted net and cloud computing technology are combined so that and vehicle forms a vehicle-mounted cloud in vehicle-mounted net, and cloud service is provided for other vehicles,
Traffic safety and its efficiency are ensured with this;Simultaneously vehicle-mounted cloud be a dynamic realtime system, need vehicle add in and from
Still meet the safety of data transmission in vehicle user privacy and vehicle-mounted cloud when driving to carry cloud.
In order to reach the above-mentioned target of vehicle-mounted cloud, the safety of vehicle-mounted cloud is established and transmission data are safely received particularly
It is important.Vehicle-mounted cloud establish and maintenance process in, the addition of vehicle and leave and can all bring safety problem, need vehicle cloud
Timely update encryption key and decruption key.Vehicle privacy should be also taken into account in vehicle-mounted cloud simultaneously, and the message of vehicle includes vehicle
Information, these information such as identity, position be directed to the privacy of car owner.But the privacy in vehicle-mounted cloud should be had ready conditions
's.Malice vehicle, which may send deceptive information and mislead other vehicles, occurs accident.Condition privacy requirement causes to endanger when deceptive information
During evil, the generator of this deceptive information is traceable to.
Have scholar and propose to solve the scheme of vehicle-mounted cloud data transmission privacy and safety problem, but their some are to vehicle-mounted cloud
Middle data transmission defines insufficient, and some does not account for location-based secret protection.
Invention content
It is an object of the invention to:It the shortcomings that in existing vehicle-mounted cloud foundation and data safe transmission method, provides
The cloud of secret protection in vehicle-mounted cloud a kind of is established and data safe transmission method, and this method meets sender's confirmability and hidden
Private, the confidentiality of message and guarantee sender's sensitive position are not leaked.
Realizing the specific technical solution of the object of the invention is:
A kind of cloud of secret protection in vehicle-mounted cloud is established and data safe transmission method, including following entity:Credible machine
Structure (TA), roadside unit (RSU), vehicle (cloud member, cloud user, cloud management person) and cloud management center (CCM);This method packet
Include following steps:
Step 1:TA is set
TA selecting system master keys, generation system global parameter Λ=(q, G, GT,g,gpub,H1~H5,EK(.)/DK(.),
IDS), and global parameter is announced;Wherein, G, GTIt is cyclic group, q is cycle order of a group, and the generation that g is G is first, gpubIt is the public affairs of TA
Key, H1~H5It is hash function, EK(.)/DK() represents symmetric encryption scheme, and K is key, and IDS is safety based on body
The signature of part;
Step 2:Vehicle and RSU settings
TA passes through assumed name generation pair by vehicle identification mark and the term of validity being calculated multiple assumed names of vehicle
The private key answered;TA generates corresponding private key using RSU true identities as the public key of RSU;
Step 3:Vehicle-mounted cloud setting
Vehicle-mounted cloud is initialized first:Share resource when one group of vehicle will form a vehicle-mounted cloud, first choose one
Vehicle is as cloud management person and determines group's scale, then the vehicle in group broadcast the message successively determine group's encryption key and
The different decruption key of each car;Member relation in vehicle-mounted cloud is dynamic, and each car can add in or leave this
Vehicle-mounted cloud, every time variation are required for changing group's encryption key and the different decruption key of each car;
Step 4:The message transmission of safety
Cloud user finds vehicle-mounted cloud to send message by cloud management center CCM, and process is divided into Three models:
1) internal use pattern:This cloud user is the member of vehicle-mounted cloud to be sent, and cloud user is close using group's public encryption
Key is to being broadcast to this vehicle-mounted cloud after message encryption, vehicle obtains message using respective group's decruption key in group;
2) short range use pattern:Cloud user sends messages to the vehicle in neighbouring vehicle-mounted cloud, process and 1) identical;
3) long-range use pattern:Cloud user sends messages to the vehicle in the vehicle-mounted cloud of distant place, using position encryption technology
Hide the position for sending message;
Step 5:The tracking of spoofing
When there is malice vehicle to send spoofing, TA finds out the producer of spoofing;
Step 6:The enhancing of vehicle privacy
Since vehicle-mounted cloud is a dynamic environment, in order to protect the privacy of vehicle, vehicle is added in or leaves when there is vehicle
Cloud is carried, group encryption key is changed using randomization again.
The initialization procedure of vehicle-mounted cloud, specifically includes described in step 3:
1) cloud management person is the vehicle in group, and group's scale is n, and cloud management person chooses a unique mark sid;
2) for not including other vehicles V of cloud management person in vehicle-mounted cloudi, i represents the number of vehicle, at present ViAssumed name
Private key is to being (pi1,(si1,0,si1,1)), wherein pi1For ViAssumed name, si1,0,si1,1For ViPrivate key;For 1≤j≤n, calculate
N signatureWherein ζiFor the cryptographic Hash to mark sid, assumed name, timestamp and random number, θiWith
ηiFor random value, v is the cryptographic Hash to identifying sid, fjFor the cryptographic Hash of session id and j, entire signature is announced
σi=(pi1,tpi,ai,bi,{yi,j}j∈{1,…,n},j≠i), wherein tpiFor timestamp, ai,biFor random value;
3) for cloud management person Vt, current assumed name's private key is to for (pt1,(st1,0,st1,1)), such as 2), for 1≤i≤n,
Generation signatureWherein ptiFor VtI-th of assumed name, tpiFor timestamp,For random value,For signature, announceWhereinIt is actually added into vehicle-mounted cloud
The quantity of vehicle;
4) for each car V in vehicle-mounted cloudi, group's encryption key (E, Θ) is calculated,Wherein aiAnd biFor random value, pi,0And pI, 1For assumed name
Cryptographic Hash, gpubFor main public key, v is the cryptographic Hash for identifying sid;
5) for each car V in vehicle-mounted cloudi, calculate its respective decruption keyWherein 1≤l≤n,
yl,iFor ViSignature;
6) cloud management person generates cloud informationAnd cloud member is broadcast to, wherein info packets
Time, obtainable calculating and storage resource that the information such as position, vehicle-mounted cloud of vehicle-mounted cloud create are included,Be to E, Θ, sid,
The signature of info, pt(n+1)Assumed name for cloud management person;After cloud management person sends cloud information, cloud member need to verify having for signature
Effect property.
Vehicle described in step 3 adds in and leaves the process of vehicle-mounted cloud, specifically includes:
1) after vehicle-mounted cloud is formed, there is vehicle VIPrepare to add in vehicle-mounted cloud as i-th cloud member, current assumed name is private
Key is to for (pI,(sI,0,sI,1)), it calculates and announces its signature sigmaI=(pI,tpI,aI,bI,{yI,j}j∈{1,…,n},j≠l), wherein pIFor
VIAssumed name, tpIFor timestamp, aI,bIFor random value, { yI,j}j∈{1,…,n},j≠lIt signs for it;
2) when in vehicle-mounted cloud remaining cloud member receive VIMessage after, need to update common encryption key and respective
Decruption key, wherein cloud management person need to generate and broadcast new cloud information
3) when there is cloud member V in vehicle-mounted cloudlWhen leaving, it is divided into two kinds of situations:The first, as l ≠ t, i.e. VlNon- cloud management
Person, the cloud information of cloud management person's update at this time, for each cloud member, verifies the validity of cloud information, if effectively, updating public affairs
Encryption key and respective decruption key altogether;Second, work as l=t, i.e. VlFor cloud management person, then the vehicle-mounted cloud according to step 3
Initialization procedure chooses new cloud management person, and generates common encryption key and the respective decruption key of cloud member.
Inside use pattern during security message transmission described in step 4, specifically includes:
1) one random session key ζ ∈ K, ζ of cloud user are encipherment scheme EK(.)/DKThe symmetric key of ();
2) it is signed using identity-based signature scheme IDS to message m, obtains signature γ, calculate ciphertext C1=Eζ(m
||γ);
3) random value is selectedFor positive integer collection, encrypted session key C is calculated2=(A1, A2, A3), wherein A1=
gρ,A1, A2, A3For median, and ciphertext C=C1||C2It is sent to vehicle-mounted cloud VCi;
4) vehicle-mounted cloud VCiIn cloud member VlDecruption key be dl,VlSession keyflFor cryptographic Hash, H5For hash function;
5) decrypted plaintext m | | γ=Dζ(C1),DζFor decipherment algorithm, it is assumed that γ is verified effectively, then received message m.
The present invention provides a kind of safety and the anonymous method for establishing vehicle-mounted cloud, cloud user can efficiently add in and from
It drives to carry cloud.After the foundation of vehicle-mounted cloud, cloud user can pass through three kinds of different mode safeties and the transmission message of anonymity
To the vehicle in vehicle-mounted cloud.
Description of the drawings
Fig. 1 is the flow chart of the present invention.
Specific embodiment
A kind of cloud of secret protection in vehicle-mounted cloud is established and data safe transmission method, including following entity:Credible machine
Structure (TA), roadside unit (RSU), vehicle (cloud member, cloud user, cloud management person) and cloud management center (CCM);This method packet
Include following steps:
(1) TA is set
Using security parameter λ as input, TA generation global parameters are simultaneously distributed to vehicle, and specific implementation is as follows:
1) two cycle multiplicative groups G, G are chosenT, rank q, there are an effective bilinear maps:
Choose g ∈ G.
2) a symmetric encryption scheme E is chosenK(.)/DK(.)。
3) a symmetric key ξ is selected, selects random numberFor positive integer collection, ξ is set, π is close for system master
Key, setting public key are gpub=gπ。
4) 5 hash functions are selected:H1, H2, H3:{ 0,1 }*→, H4:H5:GT→K.Wherein K is close
Key space.
5) setting system global parameter Λ=(q, G, GT,g,gpub,H1~H5,EK(.)/DK(), IDS), and announce the overall situation
Parameter;Wherein, G, GTIt is cyclic group, q is cycle order of a group, and the generation that g is G is first, gpubIt is the public key of TA, H1~H5It is Hash letter
Number, EK(.)/DK() represents symmetric encryption scheme, and K is key, and IDS is the identity-based signature scheme of a safety.
(2) vehicle and RSU settings
To vehicle ViIt is configured, true identity isAssuming that it needs μ assumed name's private key pair, ViIt will
TA is sent to, detailed process is as follows:
1) for 1≤j≤μ, assumed name is setWherein τ be timestamp, vpjIt is effective
Phase.
2) for 1≤j≤μ, the cryptographic Hash p of assumed name is calculatedij,0=H1(pij,0,pij,1=H1(pij,1)。
3) assumed name sign
4) TA is μ assumed name and its (p that signsij, sij) vehicle is sent to by safe lane.
To RSURiIt is configured, true identity isThe process for generating private key is as follows:
1) cryptographic Hash of RSU identity is calculated
2) signature to cryptographic Hash in 1) is calculated
3) TA is by private keyR is sent to by safe lanei。
(3) vehicle-mounted cloud setting
Vehicle-mounted cloud is initialized first, detailed process is as follows:
1) cloud management person is assumed for the vehicle in group, and group's scale is n, and cloud management person chooses a unique session id and is
sid.
2) for other vehicle (not including cloud management person) V in vehicle-mounted cloudi, it is assumed that V at presentiAssumed name's private key to being (pi1,
(si1,0,si1,1)), wherein pi1For ViAssumed name, si1,0,si1,1For ViPrivate key pair.For 1≤j≤n, n signature is calculatedWherein ξiFor the cryptographic Hash to session id, assumed name, timestamp and random number, θiAnd ηiIt is random
Value, v are to the cryptographic Hash of session id, fjFor the cryptographic Hash to session id and j, entire signature sigma is announcedi=(pi1,tpi,ai,
bi,{yi,j}j∈{1,…,n},j≠i), wherein tpiFor timestamp, ai,biFor random value.
3) for cloud management person Vt, it is assumed that current assumed name's private key is to for (pt1,(st1,0,st1,1)), such as 2), for 1≤i
≤ n generation signaturesWherein ptiFor VtI-th of assumed name, tpiFor timestamp,For random value,For signature, announceWhereinIt is actually added into vehicle-mounted cloud
The quantity of vehicle.
4) for each car V in vehicle-mounted cloudi, public encryption key (E, Θ) is calculated,Wherein aiAnd biFor random value, pi,0And pi,1For assumed name
Cryptographic Hash, gpubFor main public key, v is the cryptographic Hash of session id.
5) for each car V in vehicle-mounted cloudi, calculate its respective decruption keyWherein 1≤l≤n,
yl,iFor ViSignature.
6) cloud management person generates cloud informationAnd cloud member is broadcast to, wherein info packets
The information (such as position, the time that vehicle-mounted cloud creates, obtainable calculating and storage resource) of vehicle-mounted cloud is included,Be to E, Θ,
The signature of sid, info, pt(n+1)Assumed name for cloud management person;After cloud management person sends cloud information, cloud member need to verify signature
Validity.
Vehicle adds in and leaves the process of vehicle-mounted cloud, specifically includes:
1) after vehicle-mounted cloud is formed, there is vehicle VIPrepare to add in vehicle-mounted cloud as l-th of cloud member, current assumed name is private
Key is to for (pI,(sI,0,sI,1)), it calculates and announces its signature sigmaI=(pI,tpI,aI,bI,{yI,j}j∈(1,…,n},j≠l), wherein pIFor
VIAssumed name, tpIFor timestamp, aI,bIFor random value, { yI,j}j∈{1,…,n},j≠lIt signs for it.
2) when in vehicle-mounted cloud remaining cloud member receive VIMessage after, they need to update common encryption key and each
From decruption key, wherein cloud management person needs to generate and broadcasts new cloud information
3) when there is cloud member V in vehicle-mounted cloudlWhen leaving, it is divided into two kinds of situations:The first, as l ≠ t, i.e. VlNon- cloud management
Person, the cloud information of cloud management person's update at this time, for each cloud member, verifies the validity of cloud information, if effectively, updating public affairs
Encryption key and respective decruption key altogether;Second, work as l=t, i.e. VlFor cloud management person, then initialized according to vehicle-mounted cloud
Journey chooses new cloud management person, and generates common encryption key and the respective decruption key of cloud member.
(4) safe message passing steps
According to different use patterns, the method for message transmission is divided into Three models.
The first pattern is internal use pattern, and detailed process is as follows:
1) one random session key ζ ∈ K, ζ of cloud user are encipherment scheme EK(.)/DKThe symmetric key of ().
2) it is signed using identity-based signature scheme IDS to message m, obtains signature γ, calculate ciphertext C1=Eζ(m
||γ)。
3) it selectsCalculate encrypted session key C2=(A1, A2, A3), wherein A1=gρ, And C=C1||C2It is sent to vehicle-mounted cloud VCi。
4) vehicle-mounted cloud VCiIn cloud member VlDecruption key be dl,VlSession key
flFor cryptographic Hash, H5For hash function.
5) m is calculated | | γ=Dζ(C),DζFor decipherment algorithm, it is assumed that γ is verified effectively, then received message m.
Second pattern is short range use pattern, detailed process such as the first.
The third pattern is long-range use pattern, and detailed process is as follows:
1) assume that the message position that sender sends is insensitive, then process such as pattern one.
2) assume the position need for confidentiality that message is sent, then generated using location-based encryption technology (GeoLock)
Key κ.
3) a random session key ζ ∈ K is selected.
4) it is signed using id-based signatures IDS to message m, obtains signature γ, calculate ciphertext C1=Eζ(m||
γ).
5) it selectsCalculate encrypted session key C2=(A1, A2, A3), wherein A1=gρ, And C=C1||C2It is sent to vehicle-mounted cloud VCi。
6) vehicle-mounted cloud VCiIn cloud member VlDecruption key be dl,VlUse location-based encryption technology
(GeoLock) κ, and session key are obtainedflFor cryptographic Hash, H5To breathe out
Uncommon function.
7) m is calculated | | γ=Dζ(C1),DζFor decipherment algorithm, it is assumed that Υ is verified effectively, then received message m.
(5) tracking of spoofing
Assuming that the assumed name for sending the vehicle of spoofing is pi,j, specific tracing process is as follows:
1) due to assumed nameTA is calculatedIt can obtain true
Identity
(6) enhancing of vehicle privacy
This stage realizes the enhancing of vehicle privacy using being randomized again, and detailed process is as follows:
1) assume that the l vehicle leaves vehicle-mounted cloud.
2) cloud management person uses new assumed name's private key to generating and announcing new signature
Claims (4)
1. a kind of cloud of secret protection in vehicle-mounted cloud is established and data safe transmission method, including following entity:Vehicle, that is, cloud
The mechanism for the generation global parameter that member, cloud user and cloud management person, roadside unit RSU, vehicle and roadside unit are trusted
Believe mechanism TA and cloud management center CCM;It is characterized in that, this method includes the following steps:
Step 1:TA is set
TA selecting system master keys, generation system global parameter Λ=(q, G, GT, g, gpub, H1~H5, Ek(.)/DK(), IDS),
And announce global parameter;Wherein, G, GTIt is cyclic group, q is cycle order of a group, and the generation that g is G is first, gpubIt is the public key of TA, H1~
H5It is hash function, EK(.)/DK() represents symmetric encryption scheme, and K is key, and IDS is the label of the identity-based of a safety
Name;
Step 2:Vehicle and RSU settings
TA is generated by assumed name corresponding by the way that multiple assumed names of vehicle are calculated to vehicle identification mark and the term of validity
Private key;TA generates corresponding private key using RSU true identities as the public key of RSU;
Step 3:Vehicle-mounted cloud setting
Vehicle-mounted cloud is initialized first:Share resource when one group of vehicle will form a vehicle-mounted cloud, first choose vehicle
As cloud management person and determine group scale, then the vehicle in group broadcast the message successively determine group's encryption key and each
The different decruption key of vehicle;Member relation in vehicle-mounted cloud is dynamic, and each car can add in or to leave this vehicle-mounted
Cloud, every time variation are required for changing group's encryption key and the different decruption key of each car;
Step 4:The message transmission of safety
Cloud user finds vehicle-mounted cloud to send message by cloud management center CCM, and process is divided into Three models:
1) internal use pattern:This cloud user is the member of vehicle-mounted cloud to be sent, and cloud user uses group's common encryption key pair
This vehicle-mounted cloud is broadcast to after message encryption, vehicle obtains message using respective group's decruption key in group;
2) short range use pattern:Cloud user sends messages to the vehicle in neighbouring vehicle-mounted cloud, process and 1) identical;
3) long-range use pattern:Cloud user sends messages to the vehicle in the vehicle-mounted cloud of distant place, is hidden using position encryption technology
Send the position of message;
Step 5:The tracking of spoofing
When there is malice vehicle to send spoofing, TA finds out the producer of spoofing;
Step 6:The enhancing of vehicle privacy
Since vehicle-mounted cloud is a dynamic environment, in order to protect the privacy of vehicle, when thering is vehicle to add in or leave vehicle-mounted cloud,
Group encryption key is changed using randomization again.
2. according to the method described in claim 1, it is characterized in that, the initialization procedure of vehicle-mounted cloud described in step 3, specific to wrap
It includes:
1) cloud management person is the t vehicle in group, and group's scale is n, and cloud management person chooses a unique mark sid;
2) for not including other vehicles V of cloud management person in vehicle-mounted cloudi, i represents the number of vehicle, at present ViAssumed name's private key
To being (Pi1, (sI1,0, sI1,1)), wherein pi1For ViAssumed name, sI1,0, sI1,1For ViPrivate key;For 1≤j≤n, n are calculated
SignatureWherein ξiFor the cryptographic Hash to mark sid, assumed name, timestamp and random number, θiAnd ηiFor
Random value, v be to identify sid cryptographic Hash, fjFor the cryptographic Hash of session id and j, entire signature sigma is announcedi=(pi1, tpi,
ai, bi, { yI, j}J ∈ { 1 ..., n }, j ≠ i), wherein tpiFor timestamp, ai, biFor random value;
3) for cloud management person Vt, current assumed name's private key is to for (pt1, (sT1,0, sT1,1)), such as 2), for 1≤i≤n, generation
SignatureWherein ptiFor VtI-th of assumed name, tpiFor timestamp,For with
Machine value,For signature, announceWhereinFor the quantity of vehicle being actually added into vehicle-mounted cloud;
4) for each car V in vehicle-mounted cloudi, group's encryption key (E, Θ) is calculated,Wherein aiAnd biFor random value, pI, 0And pI, 1For assumed name
Cryptographic Hash, gpubFor main public key, v is the cryptographic Hash for identifying sid;
5) for each car V in vehicle-mounted cloudi, calculate its respective decruption keyWherein 1≤l≤n, yL, iFor Vi
Signature:
6) cloud management person generates cloud informationAnd cloud member is broadcast to, wherein info includes vehicle
Time, obtainable calculating and storage resource that the information such as position, vehicle-mounted cloud of cloud create are carried,It is to E, Θ, sid, info
Signature, pt(n+1)Assumed name for cloud management person;After cloud management person sends cloud information, cloud member need to verify the validity of signature.
3. according to the method described in claim 1, it is characterized in that, vehicle described in step 3 adds in and leaves the mistake of vehicle-mounted cloud
Journey specifically includes:
1) after vehicle-mounted cloud is formed, there is vehicle VIPrepare to add in vehicle-mounted cloud as i-th cloud member, current assumed name's private key pair
For (pI, (sI, 0, sI, 1)), it calculates and announces its signature sigmaI=(pI, tpI, aI, bI, { yI, j}J ∈ { 1 ..., n }, j ≠ l), wherein pIFor VI
Assumed name, tpIFor timestamp, aI, bIFor random value, { yI, j}J ∈ 1 ... and, n }, j ≠ lIt signs for it;
2) when in vehicle-mounted cloud remaining cloud member receive VIMessage after, need to update common encryption key and respective decryption
Key, wherein cloud management person need to generate and broadcast new cloud information
3) when there is cloud member V in vehicle-mounted cloudlWhen leaving, it is divided into two kinds of situations:The first, as l ≠ t, i.e. VlNon-cloud manager,
Cloud management person updates cloud information at this time, for each cloud member, the validity of cloud information is verified, if effectively, updating public
Encryption key and respective decruption key;Second, work as l=t, i.e. VlFor cloud management person, then at the beginning of the vehicle-mounted cloud according to step 3
Beginning process chooses new cloud management person, and generates common encryption key and the respective decruption key of cloud member.
4. according to the method described in claim 1, it is characterized in that, described in step 4 security message transmit during inside
Use pattern specifically includes:
1) one random session key ζ ∈ K, ζ of cloud user are encipherment scheme EK(.)/DKThe symmetric key of ();
2) it is signed, is signed to message m using identity-based signature scheme IDSCalculate ciphertext
3) random value is selectedFor positive integer collection, encrypted session key C is calculated2=(A1, A2, A3), whereinA1, A2, A3For median, and ciphertext C=C1||C2It is sent to vehicle-mounted cloud
VCi;
4) vehicle-mounted cloud VCiIn cloud member VlDecruption key be dl, VlSession key
flFor cryptographic Hash, H5For hash function;
5) decrypted plaintextDζFor decipherment algorithm, it is assumed thatIt is verified effectively, then received message m.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711245829.8A CN108234445B (en) | 2017-12-01 | 2017-12-01 | Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711245829.8A CN108234445B (en) | 2017-12-01 | 2017-12-01 | Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108234445A true CN108234445A (en) | 2018-06-29 |
CN108234445B CN108234445B (en) | 2021-05-07 |
Family
ID=62653149
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711245829.8A Active CN108234445B (en) | 2017-12-01 | 2017-12-01 | Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108234445B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108965313A (en) * | 2018-07-31 | 2018-12-07 | 安徽大学 | Vehicle violation information publishing method, system and storage medium |
CN109118775A (en) * | 2018-10-08 | 2019-01-01 | 北京理工大学 | A kind of Traffic monitoring method and system of secret protection and wrong data packet filtering |
CN110008752A (en) * | 2019-04-12 | 2019-07-12 | 北京理工大学 | A kind of platooning's evaluation method based on secret protection |
CN113407956A (en) * | 2021-05-31 | 2021-09-17 | 江铃汽车股份有限公司 | Data control method and system, readable storage medium and vehicle |
CN114286332A (en) * | 2021-12-08 | 2022-04-05 | 重庆邮电大学 | Dynamic and efficient vehicle-mounted cloud management method with privacy protection function |
CN114389836A (en) * | 2021-12-06 | 2022-04-22 | 重庆邮电大学 | Vehicle-mounted cloud computing method with privacy protection based on SDN |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100033372A1 (en) * | 2008-08-08 | 2010-02-11 | General Motors Corporation@@Gm Global Technology Operations, Inc. | In-vehicle alert of cloud point in engine diesel fuel |
CN102740286A (en) * | 2012-05-23 | 2012-10-17 | 杨涛 | Floating vehicle-based traceability vehicle self-networking communication privacy protection method |
CN104333596A (en) * | 2014-11-11 | 2015-02-04 | 安徽大学 | Information reliability assessment method in Internet of vehicles environment |
CN105763558A (en) * | 2016-01-20 | 2016-07-13 | 华东师范大学 | Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network |
CN106060148A (en) * | 2016-06-24 | 2016-10-26 | 华东师范大学 | Vehicle information secure collection method applicable to fog computing in intelligent traffic light system |
CN106911471A (en) * | 2017-02-22 | 2017-06-30 | 华东师范大学 | The method that vehicle-mounted Wang Zhong code obfuscations area sets up |
CN107071010A (en) * | 2017-03-29 | 2017-08-18 | 常熟理工学院 | A kind of network data communication method based on vehicle-mounted cloud |
US9769658B2 (en) * | 2013-06-23 | 2017-09-19 | Shlomi Dolev | Certificating vehicle public key with vehicle attributes |
-
2017
- 2017-12-01 CN CN201711245829.8A patent/CN108234445B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100033372A1 (en) * | 2008-08-08 | 2010-02-11 | General Motors Corporation@@Gm Global Technology Operations, Inc. | In-vehicle alert of cloud point in engine diesel fuel |
CN102740286A (en) * | 2012-05-23 | 2012-10-17 | 杨涛 | Floating vehicle-based traceability vehicle self-networking communication privacy protection method |
US9769658B2 (en) * | 2013-06-23 | 2017-09-19 | Shlomi Dolev | Certificating vehicle public key with vehicle attributes |
CN104333596A (en) * | 2014-11-11 | 2015-02-04 | 安徽大学 | Information reliability assessment method in Internet of vehicles environment |
CN105763558A (en) * | 2016-01-20 | 2016-07-13 | 华东师范大学 | Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network |
CN106060148A (en) * | 2016-06-24 | 2016-10-26 | 华东师范大学 | Vehicle information secure collection method applicable to fog computing in intelligent traffic light system |
CN106911471A (en) * | 2017-02-22 | 2017-06-30 | 华东师范大学 | The method that vehicle-mounted Wang Zhong code obfuscations area sets up |
CN107071010A (en) * | 2017-03-29 | 2017-08-18 | 常熟理工学院 | A kind of network data communication method based on vehicle-mounted cloud |
Non-Patent Citations (1)
Title |
---|
张文博: ""可信车联网云关键问题研究"", 《中国博士学位论文全文数据库-工程科技Ⅱ辑》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108965313A (en) * | 2018-07-31 | 2018-12-07 | 安徽大学 | Vehicle violation information publishing method, system and storage medium |
CN109118775A (en) * | 2018-10-08 | 2019-01-01 | 北京理工大学 | A kind of Traffic monitoring method and system of secret protection and wrong data packet filtering |
CN110008752A (en) * | 2019-04-12 | 2019-07-12 | 北京理工大学 | A kind of platooning's evaluation method based on secret protection |
CN110008752B (en) * | 2019-04-12 | 2020-10-09 | 北京理工大学 | Vehicle formation evaluation method based on privacy protection |
CN113407956A (en) * | 2021-05-31 | 2021-09-17 | 江铃汽车股份有限公司 | Data control method and system, readable storage medium and vehicle |
CN114389836A (en) * | 2021-12-06 | 2022-04-22 | 重庆邮电大学 | Vehicle-mounted cloud computing method with privacy protection based on SDN |
CN114389836B (en) * | 2021-12-06 | 2023-12-15 | 山东格仑特电动科技有限公司 | SDN-based vehicle-mounted cloud computing method with privacy protection function |
CN114286332A (en) * | 2021-12-08 | 2022-04-05 | 重庆邮电大学 | Dynamic and efficient vehicle-mounted cloud management method with privacy protection function |
CN114286332B (en) * | 2021-12-08 | 2023-10-20 | 重庆邮电大学 | Dynamic efficient vehicle-mounted cloud management method with privacy protection function |
Also Published As
Publication number | Publication date |
---|---|
CN108234445B (en) | 2021-05-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Basudan et al. | A privacy-preserving vehicular crowdsensing-based road surface condition monitoring system using fog computing | |
Ma et al. | An efficient and provably secure authenticated key agreement protocol for fog-based vehicular ad-hoc networks | |
Vijayakumar et al. | Dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks | |
CN108234445A (en) | The cloud of secret protection in vehicle-mounted cloud is established and data safe transmission method | |
Huang et al. | PACP: An efficient pseudonymous authentication-based conditional privacy protocol for VANETs | |
Li et al. | Cryptanalysis and improvement of certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks | |
CN104683112B (en) | A kind of car car safety communicating method that certification is assisted based on RSU | |
Jiang et al. | BAT: A robust signature scheme for vehicular networks using binary authentication tree | |
Zeng et al. | Privacy-preserving communication for VANETs with conditionally anonymous ring signature | |
CN104660415B (en) | The method of asymmetric group key agreement agreement between multiple domain under mobile cloud computing | |
CN104753683B (en) | There is the group signature method efficiently cancelled in car networking | |
Rasheed et al. | Adaptive group-based zero knowledge proof-authentication protocol in vehicular ad hoc networks | |
CN109067525A (en) | Message authentication method based on half credible administrative center in car networking | |
CN109922475A (en) | Vehicle authentication and message verification method under In-vehicle networking environment | |
CN104219663A (en) | A method and system for certificating vehicle identity | |
CN107566128A (en) | A kind of two side's distribution SM9 digital signature generation methods and system | |
CN108696493A (en) | Authentication and message distributing system and method in a kind of car networking | |
CN111211892A (en) | Anti-quantum computing internet-of-vehicle system based on secret sharing and identity cryptography and authentication method thereof | |
Wang et al. | A conditional privacy-preserving certificateless aggregate signature scheme in the standard model for VANETs | |
Jiang et al. | A conditional privacy scheme based on anonymized batch authentication in vehicular ad hoc networks | |
CN110166228A (en) | Based on the method for secret protection that no certificate ring label are close in vehicular ad hoc network | |
Wang et al. | A practical authentication framework for VANETs | |
Liu et al. | An efficient message access quality model in vehicular communication networks | |
CN103634788A (en) | Certificateless multi-proxy signcryption method with forward secrecy | |
Kanumalli et al. | Secure V2V Communication in IOV using IBE and PKI based Hybrid Approach |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20221222 Address after: 311800 17th floor, Jiyang Fortune Building, 28 Wenzhong South Road, Taozhu street, Zhuji City, Shaoxing City, Zhejiang Province Patentee after: Zhejiang qusu Technology Co.,Ltd. Address before: 200241 No. 500, Dongchuan Road, Shanghai, Minhang District Patentee before: EAST CHINA NORMAL University |
|
TR01 | Transfer of patent right |