CN108234445A - The cloud of secret protection in vehicle-mounted cloud is established and data safe transmission method - Google Patents

The cloud of secret protection in vehicle-mounted cloud is established and data safe transmission method Download PDF

Info

Publication number
CN108234445A
CN108234445A CN201711245829.8A CN201711245829A CN108234445A CN 108234445 A CN108234445 A CN 108234445A CN 201711245829 A CN201711245829 A CN 201711245829A CN 108234445 A CN108234445 A CN 108234445A
Authority
CN
China
Prior art keywords
cloud
vehicle
key
group
management person
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711245829.8A
Other languages
Chinese (zh)
Other versions
CN108234445B (en
Inventor
张磊
戴菲菲
孟欣宇
张元飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Qusu Technology Co ltd
Original Assignee
East China Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by East China Normal University filed Critical East China Normal University
Priority to CN201711245829.8A priority Critical patent/CN108234445B/en
Publication of CN108234445A publication Critical patent/CN108234445A/en
Application granted granted Critical
Publication of CN108234445B publication Critical patent/CN108234445B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Traffic Control Systems (AREA)
  • Storage Device Security (AREA)

Abstract

Cloud the invention discloses secret protection in a kind of vehicle-mounted cloud is established and data safe transmission method, and this method includes TA settings, vehicle and RSU settings, the setting of vehicle-mounted cloud, message safe transmission, spoofing are tracked.The present invention provides a kind of safety and the anonymous method for establishing vehicle-mounted cloud, cloud user can efficiently join and depart from vehicle-mounted cloud.After the foundation of vehicle-mounted cloud, cloud user can pass through three kinds of different mode safeties and the vehicle sent messages in vehicle-mounted cloud of anonymity.The invention has the characteristics that:Meet sender's confirmability and privacy, the confidentiality of message and guarantee sender's sensitive position is not leaked.

Description

The cloud of secret protection in vehicle-mounted cloud is established and data safe transmission method
Technical field
The invention belongs to information security, vehicle-mounted cloud fields, and in particular to the cloud of secret protection in vehicle-mounted cloud a kind of establish with And data safe transmission method.
Background technology
Vehicular ad hoc net (vehicle-mounted net) is a kind of self-organizing network for inter-vehicular communication, and the vehicle in vehicle-mounted net is gathered around There are certain calculating and storage resource.It, will to make full use of the calculating and storage resource that vehicle is not fully utilized in vehicle-mounted net Vehicle-mounted net and cloud computing technology are combined so that and vehicle forms a vehicle-mounted cloud in vehicle-mounted net, and cloud service is provided for other vehicles, Traffic safety and its efficiency are ensured with this;Simultaneously vehicle-mounted cloud be a dynamic realtime system, need vehicle add in and from Still meet the safety of data transmission in vehicle user privacy and vehicle-mounted cloud when driving to carry cloud.
In order to reach the above-mentioned target of vehicle-mounted cloud, the safety of vehicle-mounted cloud is established and transmission data are safely received particularly It is important.Vehicle-mounted cloud establish and maintenance process in, the addition of vehicle and leave and can all bring safety problem, need vehicle cloud Timely update encryption key and decruption key.Vehicle privacy should be also taken into account in vehicle-mounted cloud simultaneously, and the message of vehicle includes vehicle Information, these information such as identity, position be directed to the privacy of car owner.But the privacy in vehicle-mounted cloud should be had ready conditions 's.Malice vehicle, which may send deceptive information and mislead other vehicles, occurs accident.Condition privacy requirement causes to endanger when deceptive information During evil, the generator of this deceptive information is traceable to.
Have scholar and propose to solve the scheme of vehicle-mounted cloud data transmission privacy and safety problem, but their some are to vehicle-mounted cloud Middle data transmission defines insufficient, and some does not account for location-based secret protection.
Invention content
It is an object of the invention to:It the shortcomings that in existing vehicle-mounted cloud foundation and data safe transmission method, provides The cloud of secret protection in vehicle-mounted cloud a kind of is established and data safe transmission method, and this method meets sender's confirmability and hidden Private, the confidentiality of message and guarantee sender's sensitive position are not leaked.
Realizing the specific technical solution of the object of the invention is:
A kind of cloud of secret protection in vehicle-mounted cloud is established and data safe transmission method, including following entity:Credible machine Structure (TA), roadside unit (RSU), vehicle (cloud member, cloud user, cloud management person) and cloud management center (CCM);This method packet Include following steps:
Step 1:TA is set
TA selecting system master keys, generation system global parameter Λ=(q, G, GT,g,gpub,H1~H5,EK(.)/DK(.), IDS), and global parameter is announced;Wherein, G, GTIt is cyclic group, q is cycle order of a group, and the generation that g is G is first, gpubIt is the public affairs of TA Key, H1~H5It is hash function, EK(.)/DK() represents symmetric encryption scheme, and K is key, and IDS is safety based on body The signature of part;
Step 2:Vehicle and RSU settings
TA passes through assumed name generation pair by vehicle identification mark and the term of validity being calculated multiple assumed names of vehicle The private key answered;TA generates corresponding private key using RSU true identities as the public key of RSU;
Step 3:Vehicle-mounted cloud setting
Vehicle-mounted cloud is initialized first:Share resource when one group of vehicle will form a vehicle-mounted cloud, first choose one Vehicle is as cloud management person and determines group's scale, then the vehicle in group broadcast the message successively determine group's encryption key and The different decruption key of each car;Member relation in vehicle-mounted cloud is dynamic, and each car can add in or leave this Vehicle-mounted cloud, every time variation are required for changing group's encryption key and the different decruption key of each car;
Step 4:The message transmission of safety
Cloud user finds vehicle-mounted cloud to send message by cloud management center CCM, and process is divided into Three models:
1) internal use pattern:This cloud user is the member of vehicle-mounted cloud to be sent, and cloud user is close using group's public encryption Key is to being broadcast to this vehicle-mounted cloud after message encryption, vehicle obtains message using respective group's decruption key in group;
2) short range use pattern:Cloud user sends messages to the vehicle in neighbouring vehicle-mounted cloud, process and 1) identical;
3) long-range use pattern:Cloud user sends messages to the vehicle in the vehicle-mounted cloud of distant place, using position encryption technology Hide the position for sending message;
Step 5:The tracking of spoofing
When there is malice vehicle to send spoofing, TA finds out the producer of spoofing;
Step 6:The enhancing of vehicle privacy
Since vehicle-mounted cloud is a dynamic environment, in order to protect the privacy of vehicle, vehicle is added in or leaves when there is vehicle Cloud is carried, group encryption key is changed using randomization again.
The initialization procedure of vehicle-mounted cloud, specifically includes described in step 3:
1) cloud management person is the vehicle in group, and group's scale is n, and cloud management person chooses a unique mark sid;
2) for not including other vehicles V of cloud management person in vehicle-mounted cloudi, i represents the number of vehicle, at present ViAssumed name Private key is to being (pi1,(si1,0,si1,1)), wherein pi1For ViAssumed name, si1,0,si1,1For ViPrivate key;For 1≤j≤n, calculate N signatureWherein ζiFor the cryptographic Hash to mark sid, assumed name, timestamp and random number, θiWith ηiFor random value, v is the cryptographic Hash to identifying sid, fjFor the cryptographic Hash of session id and j, entire signature is announced
σi=(pi1,tpi,ai,bi,{yi,j}j∈{1,…,n},j≠i), wherein tpiFor timestamp, ai,biFor random value;
3) for cloud management person Vt, current assumed name's private key is to for (pt1,(st1,0,st1,1)), such as 2), for 1≤i≤n, Generation signatureWherein ptiFor VtI-th of assumed name, tpiFor timestamp,For random value,For signature, announceWhereinIt is actually added into vehicle-mounted cloud The quantity of vehicle;
4) for each car V in vehicle-mounted cloudi, group's encryption key (E, Θ) is calculated,Wherein aiAnd biFor random value, pi,0And pI, 1For assumed name Cryptographic Hash, gpubFor main public key, v is the cryptographic Hash for identifying sid;
5) for each car V in vehicle-mounted cloudi, calculate its respective decruption keyWherein 1≤l≤n, yl,iFor ViSignature;
6) cloud management person generates cloud informationAnd cloud member is broadcast to, wherein info packets Time, obtainable calculating and storage resource that the information such as position, vehicle-mounted cloud of vehicle-mounted cloud create are included,Be to E, Θ, sid, The signature of info, pt(n+1)Assumed name for cloud management person;After cloud management person sends cloud information, cloud member need to verify having for signature Effect property.
Vehicle described in step 3 adds in and leaves the process of vehicle-mounted cloud, specifically includes:
1) after vehicle-mounted cloud is formed, there is vehicle VIPrepare to add in vehicle-mounted cloud as i-th cloud member, current assumed name is private Key is to for (pI,(sI,0,sI,1)), it calculates and announces its signature sigmaI=(pI,tpI,aI,bI,{yI,j}j∈{1,…,n},j≠l), wherein pIFor VIAssumed name, tpIFor timestamp, aI,bIFor random value, { yI,j}j∈{1,…,n},j≠lIt signs for it;
2) when in vehicle-mounted cloud remaining cloud member receive VIMessage after, need to update common encryption key and respective Decruption key, wherein cloud management person need to generate and broadcast new cloud information
3) when there is cloud member V in vehicle-mounted cloudlWhen leaving, it is divided into two kinds of situations:The first, as l ≠ t, i.e. VlNon- cloud management Person, the cloud information of cloud management person's update at this time, for each cloud member, verifies the validity of cloud information, if effectively, updating public affairs Encryption key and respective decruption key altogether;Second, work as l=t, i.e. VlFor cloud management person, then the vehicle-mounted cloud according to step 3 Initialization procedure chooses new cloud management person, and generates common encryption key and the respective decruption key of cloud member.
Inside use pattern during security message transmission described in step 4, specifically includes:
1) one random session key ζ ∈ K, ζ of cloud user are encipherment scheme EK(.)/DKThe symmetric key of ();
2) it is signed using identity-based signature scheme IDS to message m, obtains signature γ, calculate ciphertext C1=Eζ(m ||γ);
3) random value is selectedFor positive integer collection, encrypted session key C is calculated2=(A1, A2, A3), wherein A1= gρ,A1, A2, A3For median, and ciphertext C=C1||C2It is sent to vehicle-mounted cloud VCi
4) vehicle-mounted cloud VCiIn cloud member VlDecruption key be dl,VlSession keyflFor cryptographic Hash, H5For hash function;
5) decrypted plaintext m | | γ=Dζ(C1),DζFor decipherment algorithm, it is assumed that γ is verified effectively, then received message m.
The present invention provides a kind of safety and the anonymous method for establishing vehicle-mounted cloud, cloud user can efficiently add in and from It drives to carry cloud.After the foundation of vehicle-mounted cloud, cloud user can pass through three kinds of different mode safeties and the transmission message of anonymity To the vehicle in vehicle-mounted cloud.
Description of the drawings
Fig. 1 is the flow chart of the present invention.
Specific embodiment
A kind of cloud of secret protection in vehicle-mounted cloud is established and data safe transmission method, including following entity:Credible machine Structure (TA), roadside unit (RSU), vehicle (cloud member, cloud user, cloud management person) and cloud management center (CCM);This method packet Include following steps:
(1) TA is set
Using security parameter λ as input, TA generation global parameters are simultaneously distributed to vehicle, and specific implementation is as follows:
1) two cycle multiplicative groups G, G are chosenT, rank q, there are an effective bilinear maps: Choose g ∈ G.
2) a symmetric encryption scheme E is chosenK(.)/DK(.)。
3) a symmetric key ξ is selected, selects random numberFor positive integer collection, ξ is set, π is close for system master Key, setting public key are gpub=gπ
4) 5 hash functions are selected:H1, H2, H3:{ 0,1 }*→, H4H5:GT→K.Wherein K is close Key space.
5) setting system global parameter Λ=(q, G, GT,g,gpub,H1~H5,EK(.)/DK(), IDS), and announce the overall situation Parameter;Wherein, G, GTIt is cyclic group, q is cycle order of a group, and the generation that g is G is first, gpubIt is the public key of TA, H1~H5It is Hash letter Number, EK(.)/DK() represents symmetric encryption scheme, and K is key, and IDS is the identity-based signature scheme of a safety.
(2) vehicle and RSU settings
To vehicle ViIt is configured, true identity isAssuming that it needs μ assumed name's private key pair, ViIt will TA is sent to, detailed process is as follows:
1) for 1≤j≤μ, assumed name is setWherein τ be timestamp, vpjIt is effective Phase.
2) for 1≤j≤μ, the cryptographic Hash p of assumed name is calculatedij,0=H1(pij,0,pij,1=H1(pij,1)。
3) assumed name sign
4) TA is μ assumed name and its (p that signsij, sij) vehicle is sent to by safe lane.
To RSURiIt is configured, true identity isThe process for generating private key is as follows:
1) cryptographic Hash of RSU identity is calculated
2) signature to cryptographic Hash in 1) is calculated
3) TA is by private keyR is sent to by safe lanei
(3) vehicle-mounted cloud setting
Vehicle-mounted cloud is initialized first, detailed process is as follows:
1) cloud management person is assumed for the vehicle in group, and group's scale is n, and cloud management person chooses a unique session id and is sid.
2) for other vehicle (not including cloud management person) V in vehicle-mounted cloudi, it is assumed that V at presentiAssumed name's private key to being (pi1, (si1,0,si1,1)), wherein pi1For ViAssumed name, si1,0,si1,1For ViPrivate key pair.For 1≤j≤n, n signature is calculatedWherein ξiFor the cryptographic Hash to session id, assumed name, timestamp and random number, θiAnd ηiIt is random Value, v are to the cryptographic Hash of session id, fjFor the cryptographic Hash to session id and j, entire signature sigma is announcedi=(pi1,tpi,ai, bi,{yi,j}j∈{1,…,n},j≠i), wherein tpiFor timestamp, ai,biFor random value.
3) for cloud management person Vt, it is assumed that current assumed name's private key is to for (pt1,(st1,0,st1,1)), such as 2), for 1≤i ≤ n generation signaturesWherein ptiFor VtI-th of assumed name, tpiFor timestamp,For random value,For signature, announceWhereinIt is actually added into vehicle-mounted cloud The quantity of vehicle.
4) for each car V in vehicle-mounted cloudi, public encryption key (E, Θ) is calculated,Wherein aiAnd biFor random value, pi,0And pi,1For assumed name Cryptographic Hash, gpubFor main public key, v is the cryptographic Hash of session id.
5) for each car V in vehicle-mounted cloudi, calculate its respective decruption keyWherein 1≤l≤n, yl,iFor ViSignature.
6) cloud management person generates cloud informationAnd cloud member is broadcast to, wherein info packets The information (such as position, the time that vehicle-mounted cloud creates, obtainable calculating and storage resource) of vehicle-mounted cloud is included,Be to E, Θ, The signature of sid, info, pt(n+1)Assumed name for cloud management person;After cloud management person sends cloud information, cloud member need to verify signature Validity.
Vehicle adds in and leaves the process of vehicle-mounted cloud, specifically includes:
1) after vehicle-mounted cloud is formed, there is vehicle VIPrepare to add in vehicle-mounted cloud as l-th of cloud member, current assumed name is private Key is to for (pI,(sI,0,sI,1)), it calculates and announces its signature sigmaI=(pI,tpI,aI,bI,{yI,j}j∈(1,…,n},j≠l), wherein pIFor VIAssumed name, tpIFor timestamp, aI,bIFor random value, { yI,j}j∈{1,…,n},j≠lIt signs for it.
2) when in vehicle-mounted cloud remaining cloud member receive VIMessage after, they need to update common encryption key and each From decruption key, wherein cloud management person needs to generate and broadcasts new cloud information
3) when there is cloud member V in vehicle-mounted cloudlWhen leaving, it is divided into two kinds of situations:The first, as l ≠ t, i.e. VlNon- cloud management Person, the cloud information of cloud management person's update at this time, for each cloud member, verifies the validity of cloud information, if effectively, updating public affairs Encryption key and respective decruption key altogether;Second, work as l=t, i.e. VlFor cloud management person, then initialized according to vehicle-mounted cloud Journey chooses new cloud management person, and generates common encryption key and the respective decruption key of cloud member.
(4) safe message passing steps
According to different use patterns, the method for message transmission is divided into Three models.
The first pattern is internal use pattern, and detailed process is as follows:
1) one random session key ζ ∈ K, ζ of cloud user are encipherment scheme EK(.)/DKThe symmetric key of ().
2) it is signed using identity-based signature scheme IDS to message m, obtains signature γ, calculate ciphertext C1=Eζ(m ||γ)。
3) it selectsCalculate encrypted session key C2=(A1, A2, A3), wherein A1=gρ, And C=C1||C2It is sent to vehicle-mounted cloud VCi
4) vehicle-mounted cloud VCiIn cloud member VlDecruption key be dl,VlSession key
flFor cryptographic Hash, H5For hash function.
5) m is calculated | | γ=Dζ(C),DζFor decipherment algorithm, it is assumed that γ is verified effectively, then received message m.
Second pattern is short range use pattern, detailed process such as the first.
The third pattern is long-range use pattern, and detailed process is as follows:
1) assume that the message position that sender sends is insensitive, then process such as pattern one.
2) assume the position need for confidentiality that message is sent, then generated using location-based encryption technology (GeoLock) Key κ.
3) a random session key ζ ∈ K is selected.
4) it is signed using id-based signatures IDS to message m, obtains signature γ, calculate ciphertext C1=Eζ(m|| γ).
5) it selectsCalculate encrypted session key C2=(A1, A2, A3), wherein A1=gρ, And C=C1||C2It is sent to vehicle-mounted cloud VCi
6) vehicle-mounted cloud VCiIn cloud member VlDecruption key be dl,VlUse location-based encryption technology (GeoLock) κ, and session key are obtainedflFor cryptographic Hash, H5To breathe out Uncommon function.
7) m is calculated | | γ=Dζ(C1),DζFor decipherment algorithm, it is assumed that Υ is verified effectively, then received message m.
(5) tracking of spoofing
Assuming that the assumed name for sending the vehicle of spoofing is pi,j, specific tracing process is as follows:
1) due to assumed nameTA is calculatedIt can obtain true Identity
(6) enhancing of vehicle privacy
This stage realizes the enhancing of vehicle privacy using being randomized again, and detailed process is as follows:
1) assume that the l vehicle leaves vehicle-mounted cloud.
2) cloud management person uses new assumed name's private key to generating and announcing new signature

Claims (4)

1. a kind of cloud of secret protection in vehicle-mounted cloud is established and data safe transmission method, including following entity:Vehicle, that is, cloud The mechanism for the generation global parameter that member, cloud user and cloud management person, roadside unit RSU, vehicle and roadside unit are trusted Believe mechanism TA and cloud management center CCM;It is characterized in that, this method includes the following steps:
Step 1:TA is set
TA selecting system master keys, generation system global parameter Λ=(q, G, GT, g, gpub, H1~H5, Ek(.)/DK(), IDS), And announce global parameter;Wherein, G, GTIt is cyclic group, q is cycle order of a group, and the generation that g is G is first, gpubIt is the public key of TA, H1~ H5It is hash function, EK(.)/DK() represents symmetric encryption scheme, and K is key, and IDS is the label of the identity-based of a safety Name;
Step 2:Vehicle and RSU settings
TA is generated by assumed name corresponding by the way that multiple assumed names of vehicle are calculated to vehicle identification mark and the term of validity Private key;TA generates corresponding private key using RSU true identities as the public key of RSU;
Step 3:Vehicle-mounted cloud setting
Vehicle-mounted cloud is initialized first:Share resource when one group of vehicle will form a vehicle-mounted cloud, first choose vehicle As cloud management person and determine group scale, then the vehicle in group broadcast the message successively determine group's encryption key and each The different decruption key of vehicle;Member relation in vehicle-mounted cloud is dynamic, and each car can add in or to leave this vehicle-mounted Cloud, every time variation are required for changing group's encryption key and the different decruption key of each car;
Step 4:The message transmission of safety
Cloud user finds vehicle-mounted cloud to send message by cloud management center CCM, and process is divided into Three models:
1) internal use pattern:This cloud user is the member of vehicle-mounted cloud to be sent, and cloud user uses group's common encryption key pair This vehicle-mounted cloud is broadcast to after message encryption, vehicle obtains message using respective group's decruption key in group;
2) short range use pattern:Cloud user sends messages to the vehicle in neighbouring vehicle-mounted cloud, process and 1) identical;
3) long-range use pattern:Cloud user sends messages to the vehicle in the vehicle-mounted cloud of distant place, is hidden using position encryption technology Send the position of message;
Step 5:The tracking of spoofing
When there is malice vehicle to send spoofing, TA finds out the producer of spoofing;
Step 6:The enhancing of vehicle privacy
Since vehicle-mounted cloud is a dynamic environment, in order to protect the privacy of vehicle, when thering is vehicle to add in or leave vehicle-mounted cloud, Group encryption key is changed using randomization again.
2. according to the method described in claim 1, it is characterized in that, the initialization procedure of vehicle-mounted cloud described in step 3, specific to wrap It includes:
1) cloud management person is the t vehicle in group, and group's scale is n, and cloud management person chooses a unique mark sid;
2) for not including other vehicles V of cloud management person in vehicle-mounted cloudi, i represents the number of vehicle, at present ViAssumed name's private key To being (Pi1, (sI1,0, sI1,1)), wherein pi1For ViAssumed name, sI1,0, sI1,1For ViPrivate key;For 1≤j≤n, n are calculated SignatureWherein ξiFor the cryptographic Hash to mark sid, assumed name, timestamp and random number, θiAnd ηiFor Random value, v be to identify sid cryptographic Hash, fjFor the cryptographic Hash of session id and j, entire signature sigma is announcedi=(pi1, tpi, ai, bi, { yI, j}J ∈ { 1 ..., n }, j ≠ i), wherein tpiFor timestamp, ai, biFor random value;
3) for cloud management person Vt, current assumed name's private key is to for (pt1, (sT1,0, sT1,1)), such as 2), for 1≤i≤n, generation SignatureWherein ptiFor VtI-th of assumed name, tpiFor timestamp,For with Machine value,For signature, announceWhereinFor the quantity of vehicle being actually added into vehicle-mounted cloud;
4) for each car V in vehicle-mounted cloudi, group's encryption key (E, Θ) is calculated,Wherein aiAnd biFor random value, pI, 0And pI, 1For assumed name Cryptographic Hash, gpubFor main public key, v is the cryptographic Hash for identifying sid;
5) for each car V in vehicle-mounted cloudi, calculate its respective decruption keyWherein 1≤l≤n, yL, iFor Vi Signature:
6) cloud management person generates cloud informationAnd cloud member is broadcast to, wherein info includes vehicle Time, obtainable calculating and storage resource that the information such as position, vehicle-mounted cloud of cloud create are carried,It is to E, Θ, sid, info Signature, pt(n+1)Assumed name for cloud management person;After cloud management person sends cloud information, cloud member need to verify the validity of signature.
3. according to the method described in claim 1, it is characterized in that, vehicle described in step 3 adds in and leaves the mistake of vehicle-mounted cloud Journey specifically includes:
1) after vehicle-mounted cloud is formed, there is vehicle VIPrepare to add in vehicle-mounted cloud as i-th cloud member, current assumed name's private key pair For (pI, (sI, 0, sI, 1)), it calculates and announces its signature sigmaI=(pI, tpI, aI, bI, { yI, j}J ∈ { 1 ..., n }, j ≠ l), wherein pIFor VI Assumed name, tpIFor timestamp, aI, bIFor random value, { yI, j}J ∈ 1 ... and, n }, j ≠ lIt signs for it;
2) when in vehicle-mounted cloud remaining cloud member receive VIMessage after, need to update common encryption key and respective decryption Key, wherein cloud management person need to generate and broadcast new cloud information
3) when there is cloud member V in vehicle-mounted cloudlWhen leaving, it is divided into two kinds of situations:The first, as l ≠ t, i.e. VlNon-cloud manager, Cloud management person updates cloud information at this time, for each cloud member, the validity of cloud information is verified, if effectively, updating public Encryption key and respective decruption key;Second, work as l=t, i.e. VlFor cloud management person, then at the beginning of the vehicle-mounted cloud according to step 3 Beginning process chooses new cloud management person, and generates common encryption key and the respective decruption key of cloud member.
4. according to the method described in claim 1, it is characterized in that, described in step 4 security message transmit during inside Use pattern specifically includes:
1) one random session key ζ ∈ K, ζ of cloud user are encipherment scheme EK(.)/DKThe symmetric key of ();
2) it is signed, is signed to message m using identity-based signature scheme IDSCalculate ciphertext
3) random value is selectedFor positive integer collection, encrypted session key C is calculated2=(A1, A2, A3), whereinA1, A2, A3For median, and ciphertext C=C1||C2It is sent to vehicle-mounted cloud VCi
4) vehicle-mounted cloud VCiIn cloud member VlDecruption key be dl, VlSession key flFor cryptographic Hash, H5For hash function;
5) decrypted plaintextDζFor decipherment algorithm, it is assumed thatIt is verified effectively, then received message m.
CN201711245829.8A 2017-12-01 2017-12-01 Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud Active CN108234445B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711245829.8A CN108234445B (en) 2017-12-01 2017-12-01 Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711245829.8A CN108234445B (en) 2017-12-01 2017-12-01 Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud

Publications (2)

Publication Number Publication Date
CN108234445A true CN108234445A (en) 2018-06-29
CN108234445B CN108234445B (en) 2021-05-07

Family

ID=62653149

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711245829.8A Active CN108234445B (en) 2017-12-01 2017-12-01 Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud

Country Status (1)

Country Link
CN (1) CN108234445B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965313A (en) * 2018-07-31 2018-12-07 安徽大学 Vehicle violation information publishing method, system and storage medium
CN109118775A (en) * 2018-10-08 2019-01-01 北京理工大学 A kind of Traffic monitoring method and system of secret protection and wrong data packet filtering
CN110008752A (en) * 2019-04-12 2019-07-12 北京理工大学 A kind of platooning's evaluation method based on secret protection
CN113407956A (en) * 2021-05-31 2021-09-17 江铃汽车股份有限公司 Data control method and system, readable storage medium and vehicle
CN114286332A (en) * 2021-12-08 2022-04-05 重庆邮电大学 Dynamic and efficient vehicle-mounted cloud management method with privacy protection function
CN114389836A (en) * 2021-12-06 2022-04-22 重庆邮电大学 Vehicle-mounted cloud computing method with privacy protection based on SDN

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100033372A1 (en) * 2008-08-08 2010-02-11 General Motors Corporation@@Gm Global Technology Operations, Inc. In-vehicle alert of cloud point in engine diesel fuel
CN102740286A (en) * 2012-05-23 2012-10-17 杨涛 Floating vehicle-based traceability vehicle self-networking communication privacy protection method
CN104333596A (en) * 2014-11-11 2015-02-04 安徽大学 Information reliability assessment method in Internet of vehicles environment
CN105763558A (en) * 2016-01-20 2016-07-13 华东师范大学 Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network
CN106060148A (en) * 2016-06-24 2016-10-26 华东师范大学 Vehicle information secure collection method applicable to fog computing in intelligent traffic light system
CN106911471A (en) * 2017-02-22 2017-06-30 华东师范大学 The method that vehicle-mounted Wang Zhong code obfuscations area sets up
CN107071010A (en) * 2017-03-29 2017-08-18 常熟理工学院 A kind of network data communication method based on vehicle-mounted cloud
US9769658B2 (en) * 2013-06-23 2017-09-19 Shlomi Dolev Certificating vehicle public key with vehicle attributes

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100033372A1 (en) * 2008-08-08 2010-02-11 General Motors Corporation@@Gm Global Technology Operations, Inc. In-vehicle alert of cloud point in engine diesel fuel
CN102740286A (en) * 2012-05-23 2012-10-17 杨涛 Floating vehicle-based traceability vehicle self-networking communication privacy protection method
US9769658B2 (en) * 2013-06-23 2017-09-19 Shlomi Dolev Certificating vehicle public key with vehicle attributes
CN104333596A (en) * 2014-11-11 2015-02-04 安徽大学 Information reliability assessment method in Internet of vehicles environment
CN105763558A (en) * 2016-01-20 2016-07-13 华东师范大学 Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network
CN106060148A (en) * 2016-06-24 2016-10-26 华东师范大学 Vehicle information secure collection method applicable to fog computing in intelligent traffic light system
CN106911471A (en) * 2017-02-22 2017-06-30 华东师范大学 The method that vehicle-mounted Wang Zhong code obfuscations area sets up
CN107071010A (en) * 2017-03-29 2017-08-18 常熟理工学院 A kind of network data communication method based on vehicle-mounted cloud

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张文博: ""可信车联网云关键问题研究"", 《中国博士学位论文全文数据库-工程科技Ⅱ辑》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965313A (en) * 2018-07-31 2018-12-07 安徽大学 Vehicle violation information publishing method, system and storage medium
CN109118775A (en) * 2018-10-08 2019-01-01 北京理工大学 A kind of Traffic monitoring method and system of secret protection and wrong data packet filtering
CN110008752A (en) * 2019-04-12 2019-07-12 北京理工大学 A kind of platooning's evaluation method based on secret protection
CN110008752B (en) * 2019-04-12 2020-10-09 北京理工大学 Vehicle formation evaluation method based on privacy protection
CN113407956A (en) * 2021-05-31 2021-09-17 江铃汽车股份有限公司 Data control method and system, readable storage medium and vehicle
CN114389836A (en) * 2021-12-06 2022-04-22 重庆邮电大学 Vehicle-mounted cloud computing method with privacy protection based on SDN
CN114389836B (en) * 2021-12-06 2023-12-15 山东格仑特电动科技有限公司 SDN-based vehicle-mounted cloud computing method with privacy protection function
CN114286332A (en) * 2021-12-08 2022-04-05 重庆邮电大学 Dynamic and efficient vehicle-mounted cloud management method with privacy protection function
CN114286332B (en) * 2021-12-08 2023-10-20 重庆邮电大学 Dynamic efficient vehicle-mounted cloud management method with privacy protection function

Also Published As

Publication number Publication date
CN108234445B (en) 2021-05-07

Similar Documents

Publication Publication Date Title
Basudan et al. A privacy-preserving vehicular crowdsensing-based road surface condition monitoring system using fog computing
Ma et al. An efficient and provably secure authenticated key agreement protocol for fog-based vehicular ad-hoc networks
Vijayakumar et al. Dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks
CN108234445A (en) The cloud of secret protection in vehicle-mounted cloud is established and data safe transmission method
Huang et al. PACP: An efficient pseudonymous authentication-based conditional privacy protocol for VANETs
Li et al. Cryptanalysis and improvement of certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks
CN104683112B (en) A kind of car car safety communicating method that certification is assisted based on RSU
Jiang et al. BAT: A robust signature scheme for vehicular networks using binary authentication tree
Zeng et al. Privacy-preserving communication for VANETs with conditionally anonymous ring signature
CN104660415B (en) The method of asymmetric group key agreement agreement between multiple domain under mobile cloud computing
CN104753683B (en) There is the group signature method efficiently cancelled in car networking
Rasheed et al. Adaptive group-based zero knowledge proof-authentication protocol in vehicular ad hoc networks
CN109067525A (en) Message authentication method based on half credible administrative center in car networking
CN109922475A (en) Vehicle authentication and message verification method under In-vehicle networking environment
CN104219663A (en) A method and system for certificating vehicle identity
CN107566128A (en) A kind of two side's distribution SM9 digital signature generation methods and system
CN108696493A (en) Authentication and message distributing system and method in a kind of car networking
CN111211892A (en) Anti-quantum computing internet-of-vehicle system based on secret sharing and identity cryptography and authentication method thereof
Wang et al. A conditional privacy-preserving certificateless aggregate signature scheme in the standard model for VANETs
Jiang et al. A conditional privacy scheme based on anonymized batch authentication in vehicular ad hoc networks
CN110166228A (en) Based on the method for secret protection that no certificate ring label are close in vehicular ad hoc network
Wang et al. A practical authentication framework for VANETs
Liu et al. An efficient message access quality model in vehicular communication networks
CN103634788A (en) Certificateless multi-proxy signcryption method with forward secrecy
Kanumalli et al. Secure V2V Communication in IOV using IBE and PKI based Hybrid Approach

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20221222

Address after: 311800 17th floor, Jiyang Fortune Building, 28 Wenzhong South Road, Taozhu street, Zhuji City, Shaoxing City, Zhejiang Province

Patentee after: Zhejiang qusu Technology Co.,Ltd.

Address before: 200241 No. 500, Dongchuan Road, Shanghai, Minhang District

Patentee before: EAST CHINA NORMAL University

TR01 Transfer of patent right