CN111093189A - Emergency message dissemination method and system based on trust cascade in Internet of vehicles - Google Patents
Emergency message dissemination method and system based on trust cascade in Internet of vehicles Download PDFInfo
- Publication number
- CN111093189A CN111093189A CN201911241257.5A CN201911241257A CN111093189A CN 111093189 A CN111093189 A CN 111093189A CN 201911241257 A CN201911241257 A CN 201911241257A CN 111093189 A CN111093189 A CN 111093189A
- Authority
- CN
- China
- Prior art keywords
- epsilon
- trust
- authority
- vehicle
- feedback
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/66—Trust-dependent, e.g. using trust scores or trust relationships
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/009—Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
- H04W4/44—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/90—Services for handling of emergency or hazardous situations, e.g. earthquake and tsunami warning systems [ETWS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- Emergency Management (AREA)
- Environmental & Geological Engineering (AREA)
- Public Health (AREA)
- Traffic Control Systems (AREA)
Abstract
The invention discloses an emergency message dissemination method and system based on trust cascade in Internet of vehicles, wherein the system comprises an authority mechanism, a road side unit and a vehicle: the authority mechanism is responsible for providing registration and revocation services for the vehicle, and storing and updating trust information of the vehicle; the road side unit provides a communication interface for the vehicle and the authority; the vehicle-mounted unit is mounted on the vehicle and can communicate with the adjacent road side unit and other vehicles; when an emergency occurs, the emergency message can be disseminated among nearby vehicles in a trust cascade, wherein entity-oriented trust values (which can be evaluated and updated by and included in the trust certificate) are taken as important weights; the method and the system efficiently apply the entity-oriented trust value to the data-oriented trust evaluation, compared with the existing message dissemination mode, the method and the system have more accurate evaluation result, and have good excitation mechanism, error tolerance, compatibility and robustness.
Description
Technical Field
The invention relates to the technical field of car networking safety, in particular to an emergency message dissemination method and system based on trust cascade in car networking.
Background
Collaborative security applications are one of the most spotlighted branches of research in the internet of vehicles, where vehicles can obtain more distant view and a wider range of road information through "vehicle-to-vehicle" messaging, and obtain a greater amount of higher quality information through "vehicle-to-road side unit" messaging. The cooperative security application enables a driver to intelligently sense the states of surrounding vehicles and roads and make a decision on an external affair in advance, so that the emergency degree of operation for avoiding traffic accidents is greatly reduced, and the road security and the driving comfort are improved. However, due to the characteristics of large scale, open, distributed, sparse, and highly dynamic, the internet of vehicles is vulnerable to malicious behavior and attacks. For example, a malicious vehicle may broadcast a large number of false messages to spoof other vehicles, thereby posing a significant threat to the safety and reliability of road traffic. Thus, each vehicle needs to screen other honest and malicious vehicles, real messages and false messages and follow the real messages broadcast by the honest vehicles to make the correct decision.
Traditional cryptography and digital signature techniques mainly ensure the authenticity, privacy and confidentiality, integrity, traceability of messages of vehicles, while rarely assess the trustworthiness of vehicles and the quality of messages. However, in practice, an authenticated vehicle may also broadcast false messages for its own benefits, while other vehicles cannot perceive it in advance. Trust modeling, as a theory that can solve the uncertainty problem, plays a crucial role in the internet of vehicles, which enables each vehicle to detect other malicious vehicles and false messages in advance to avoid serious consequences. Currently, trust modeling in the internet of vehicles is still in a preliminary stage, and existing trust models can be roughly divided into an entity-oriented model and a data-oriented model according to evaluation objects.
Li et al [ Li, q., Malip, a., Martin, k.m., Ng, s.l., & Zhang, J. (2012.). anchorage-based evaluation scheme for vanets. ieee Transactions on vehicular Technology,61(9), 4095-. Ostermaier et al [ Ostermaier, B., Dotzer, F., & Strassberger, M. (2007, April) & Enhancing the Security of localization and knowledge In the fields of a variety of communication-a singular analysis of a marketing scheme, In the second International Conference on Availability, Reliability and Security (ARES' 07) & pp.422-431.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide an emergency message dissemination method and system based on trust cascade in the Internet of vehicles, the method and the system can realize that the entity-oriented trust value is efficiently applied to the data-oriented trust evaluation, and the evaluation result is more accurate.
The purpose of the invention is realized by the following technical scheme: an emergency message dissemination method based on trust cascade in the Internet of vehicles specifically comprises the following steps:
when an authority is initialized, setting a first safety clock, generating a self public key Pk (C) and a private key Sk (C), and generating a vehicle basic information table BI and a trust feedback table TF;
when a new road side unit is initialized, a wired communication channel is established between the new road side unit and an authority;
when a new vehicle is registered, an authority allocates a unique identifier i for the new vehicle, the vehicle is recorded as ve (i), a public key Pk (i) and a private key Sk (i) based on the identifier are generated, a digital signature algorithm Verify sub-algorithm and Pk (C) are installed in a vehicle-mounted unit of the new vehicle, and a new record [ i, Pk (i), Tr (i), Nb (i), Nr (i) and Ir (i) ] is inserted for ve (i) in a basic information table of the vehicle;
when the vehicle is located in the communication range of the available road side unit, requesting and updating a trust certificate to an authority at intervals of a preset period gamma, wherein gamma is larger than 0;
when an emergency event epsilon occurs, judging whether the vehicle is a witness or a follower according to the distance between the position of the emergency event and the vehicle;
when the vehicle is a witness, an emergency message is broadcast in the format:
Ms(i,ε)=(Tc(i),Mc(i,ε),Tsb(i,ε),Dsb(i,ε))
wherein Mc (i, epsilon) ═ epsilon+/ε-Denotes the state of ε+Indicating an emergency event as a persistent state, epsilon-Indicating that the emergency event is a death state; tsb(i, ε) represents the timestamp of when Ms (i, ε) was generated, which can be obtained by a secure clock in ve (i) trusted hardware; ds is a group ofb(i,ε)=Sign(Mc(i,ε),Tsb(ε,ε))sk(i)Trusted hardware representing ve (i) uses the Sign sub-algorithm and Sk (i) pair (Mc (i, ε), Tsb(i, epsilon));
when the vehicle is a follower ve (j), receiving broadcast information Ms (i, epsilon) of the predecessor node about the emergency event, and extracting Ds from Tc (i)C(i) And using Verify sub-algorithm of Verify and Pk (C) to Verify DsC(i) (ii) a Then extracting Ts from Tc (i)C(i) And obtaining the current time Ts from the second secure clocknTo verify Tsn-TsC(i) Gamma ' is detected, namely Tc (i) is detected whether the expiration exists, wherein gamma ' is a system parameter and gamma ' is more than gamma; next, Pk (i) is extracted from Tc (i) and Ds is verified using the Verify sub-algorithm and Pk (i)b(i, ε); finally verify Tsn-Tsb(i) Detecting whether Ms (i, epsilon) is expired or not, wherein phi is a system parameter and phi is more than 0;
if the verification of the follower on the precursor node is not passed completely, ve (j) considers that Ms (i, epsilon) is illegal and directly discards the Ms (i, epsilon); otherwise, ve (j) obtains the position of epsilon and the position of the vehicle from Mc (i, epsilon), and calculates the distance Ds (j, epsilon) between the follower and the emergency; the follower makes a decision according to the judgment of the distance from the emergency event relative position;
when a follower ve (j) drives near the location of ε, the true state of ε is perceived As (j, ε) ε { ε+,ε-If As (j, epsilon) does not coincide with the previously reported status of ve (j), ve (j) broadcasts a new message to subsequent vehicles regarding the emergency event; in addition, the ve (j) evaluates the quality of the received broadcast information, constructs a trust feedback set for the emergency event and reports the trust feedback set to an authority;
when the authority receives the trust feedback set, verifying whether a follower in the trust feedback information is revoked, verifying whether a digital signature is legal, and verifying whether the trust feedback is overdue, if the verification on the trust feedback set is not passed completely, the authority determines that the trust feedback information is illegal and discards the trust feedback information, and if the verification on the trust feedback set is passed completely, a new record about the trust feedback information is inserted into the TF table; subsequently, the authority generates confirmation information of the trust feedback set and sends the confirmation information to the follower ve (j);
and after receiving the confirmation information, the follower ve (j) verifies whether the digital signature is legal and is consistent with the digital signature in the trust feedback information, so as to confirm whether the authority receives the trust feedback information, if the authority receives the trust feedback information, the trust feedback set in the ve (j) vehicle-mounted unit is deleted, and if not, the trust feedback information is reported to the authority again.
Preferably, the strategy for the follower to make a decision based on the relative location distance Ds (j, epsilon) to the emergency event is as follows:
if Ds (j, ε) e (Mi, + ∞), Mi represents the maximum influence distance, i.e., ve (j) is outside the influence range of ε, directly discarding Ms (i, ε);
if Ds (j, epsilon) e (Md, Mi), Md represents the maximum decision distance, ve (j) adds Ms (i, epsilon) to the set of urgent messages about epsilon MS (j, epsilon) but is not urgent to make a decision;
if Ds (j, epsilon) epsilon (Mw, Md), ve (j) makes a decision immediately based on the messages in the set of MS (j, epsilon).
Furthermore, the specific steps of the ve (j) immediately making a decision according to the message in the MS (j, epsilon) set are as follows:
ve (j) derives a confidence value Dt (j, epsilon) for epsilon according to the following formula:
wherein | | | represents the number of elements in the set; tr (i) represents the entity-oriented trust value of ve (i) in Tc (i); mc' (i, ε) can be transformed by Mc (i, ε), i.e.
Ve (j) can make the following specific decision according to Dt (j, epsilon) and the trust parameter Tp (j) epsilon [0, 1 ]:
1) if Dt (j, ε) e [ Tp (j), 1]Ve (j) trust ε+And immediately follows ∈+Performing action; in addition, if ve (j) is a honest vehicle, a new message Ms (j, epsilon) is broadcast to inform the followingVehicle, wherein Mc (j, epsilon) ═ epsilon+(ii) a If ve (j) is a malicious vehicle, a new message Ms (j, epsilon)) is broadcast to cheat subsequent vehicles, where Mc (j, epsilon) ═ epsilon-;
2) If Dt (j, ε) e [ -1, -Tp (j)]Ve (j) trust ε-And immediately follows ∈-Performing action; in addition, if ve (j) is an honest vehicle, a new message Ms (j, epsilon) is broadcast to notify the following vehicles, where Mc (j, epsilon) ═ epsilon-(ii) a If ve (j) is a malicious vehicle, a new message Ms (j, epsilon) is broadcast to cheat subsequent vehicles, wherein Mc (j, epsilon)+;
3) If Dt (j, ε) e [0, Tp (j)), ve (j) trusts ε to some extent+And immediately follows ∈+Act, but not broadcast, new messages to subsequent vehicles;
4) if Dt (j, ε) e (-Tp (j), 0), ve (j) trusts e to some extent-And immediately follows ∈-Act, but not broadcast, new messages to subsequent vehicles.
Further, when ve (j) receives multiple messages for ε from the same predecessor node, only the latest one is saved.
Further, the ve (j) performing quality evaluation on the received broadcast information and constructing a trust feedback set for the emergency event includes:
calculating a feedback score for Ms (i, e) according to the following equation:
generating a trust feedback Tf (i, j, epsilon) for Ms (i, epsilon), and if Fs (i, j, epsilon) is 1, calling Tf (i, j, epsilon) as a positive feedback; if Fs (i, j, epsilon) ═ 0, we call Tf (i, j, epsilon) a negative feedback;
construct a trust feedback set for ε:Tsr(j, ε) represents the timestamp of TF (j, ε) when generated, which can be obtained by ve (j) the second secure clock;representing a digital signature over the first three portions of TF (j, epsilon) using Sign sub-algorithm and sk (j); MS (j, epsilon) represents the set of broadcast information received by ve (j).
More specifically, the verification step when the authority receives the trust feedback set TF (j, epsilon) about epsilon includes:
extracting an identifier j of ve (j) from TF (j, epsilon) and retrieving Ir (j) and Pk (j) from a BI table;
verify that ir (j) ═ FALSE, i.e. Verify that ve (j) has not been revoked, and Verify Ds using Verify sub-algorithm and pk (j)r(j,ε);
If the search or verification fails, the authority considers TF (j, epsilon) illegal and directly discards it; otherwise, the authority obtains the current time Ts from its clockn′And extracting trust feedback from the TF (j, epsilon), verifying each trust feedback as TF (i, j, epsilon) as follows:
extracting an identifier i of ve (i) from Tf (i, j, epsilon), retrieving Ir (i) and Pk (i) from a BI table, and then verifying that i is not equal to j, namely detecting whether ve (j) is self-expicity; verify ir (i) ═ FALSE, i.e. detect if ve (i) is revoked; verification of Ds Using the Verify sub-algorithm and Pk (i)b(i, ε); verification Tsn,-Tsb(i, epsilon) ≦ Ψ, where Ψ > 0 is a system parameter, i.e., it is detected whether Tf (i, j, epsilon) is sufficiently fresh; verifying Fs (i, j, epsilon) epsilon {0, 1}, namely detecting whether the value of Fs (i, j, epsilon) belongs to {0, 1 }.
If the above verifications are not all passed, the authority considers Tf (i, j, epsilon) illegal and discards it, otherwise, the authority inserts a new record into the TF table for Tf (i, j, epsilon), wherein the values of five fields are i, j and Ds respectivelyb(i, ε), Fs (i, j, ε) and Tsr(j, ε); if there is a previous record and a new inserted record on Idb、IdrAnd DsbThe values of the fields are all the same and the authority deletes the previous record.
Further, the confirmation information Ac (j, epsilon) corresponding to TF (j, epsilon) is sent to ve (j) through the road side unit, and the specific lattice of Ac (j, epsilon)The formula is as follows: ac (j, epsilon) ═ j, Dsr(j,ε),DsC′(j, ε)), wherein Dsr(j, ε) is the digital signature in TF (j, ε); ds is a group ofC′(j,ε)=Sign(j,Dsr(j,ε))sk(C)Is a digital signature of the first two parts of Ac (j, epsilon) by the authority using the Sign sub-algorithm and sk (c).
Further, after the follower receives the confirmation information Ac (j, ε), ve (j) first verifies Ds using the Verify sub-algorithm stored in the on-board unit and Pk (C)C′(j, ε) and then extracting Ds from Ac (j, ε)r(j, ε) and detects the presence or absence of Ds in the TF (j, ε) held by the on-board unitr(j, ε) are the same; if yes, ve (j) considers that the authority has received TF (j, epsilon), so that TF (j, epsilon) in the vehicle-mounted unit is deleted; otherwise, when ve (j) travels into the communication range of another available rsu, it immediately attempts to report TF (j, epsilon) again to the authority.
Preferably, the authority iteratively updates the trust values of all unrevoked vehicles in the BI table at intervals of Γ according to the trust feedback records in the TF table.
Further, the specific step of iteratively updating the trust values of all unrevoked vehicles in the BI table is as follows:
respectively calculate according to the information in the TF tableVN represents a set of unapproved vehicles; in the time interval [ Tsn′-Ω,Tsn′]The number of broadcast messages nb (i) and the number of reporting feedback nr (i); where Ω > 0 is a system parameter to ensure that sufficient confidence feedback is available for most vehicles during this time interval:
Nb(i)=|{<Idb,Idr,Dsb>[Idb=i,Tsn′-Tsr≤Ω}|
Nr(i)=|{<Idb,Idr,Dsb>|Idr=i,Tsn′-Tsr≤Ω}|
in descending order of Nb (i) and Nr (i), respectivelySequencing to obtain two sequences, and respectively marking as Sb and Sr;the ordinal numbers in Sb and 5r are denoted as Sb (i) and sr (i), respectively, where Sb (i), sr (i) 1, 2.
then, the authority makes the TF table have the information ofDeriving feedback reporter set fs (i) and triple set tt (i):
FS(i)={Idr|Idb=i,Tsn′-Tsr≤Ω}∩{j|Ve(j)∈VN}
TT(i)={<Idr,Dsb,Fs>|Idb=i,Idr∈FS(i),Tsn′-Tsr≤Ω}
Further, when the authority finishes the trust information update, the authority is immediatelyCalculating the number of negative feedbacks nn (i) from different feedback reporters in the TF table:
Nn(i)=|{Idr|Idb=i,Idr∈Fs(i),Fs=0,Tsn′-Tsr≤Ω}|
obtained from BI tablesThe latest trust value of tr (i); if nn (i) > theta and tr (i) < tp (c), the authority sets the value of the Ir field of ve (i) in the BI table to TRUE (i.e., Ir (i) ═ TRUE) to withdraw ve (i) from the car networking system; where θ ∈ Z+Tp (C) epsilon (0, 1) are system parameters set by an authority;
subsequently, the authority no longer generates a new trust certificate for ve (i), does not update the trust information of ve (i) in the BI table, and discards the trust feedback reported by ve (i); when the existing trust certificate of ve (i) expires, Tsn- TsC(i) At > Γ', ve (i) is completely revoked.
An emergency message dissemination system based on trust cascade is used for realizing the emergency message dissemination method, and comprises the following steps:
the authority is provided with a first safety clock, a self public key Pk (C), a private key Sk (C) and a digital signature algorithm are arranged in the first safety clock, wherein the Pk (C) is public to all vehicles, the Sk (C) is safely stored by the authority, and a vehicle basic information table BI and a trust feedback table TF are arranged in the first safety clock; the BI table comprises a vehicle identifier Id, a public key Pk, a trust value Tr, a broadcast message frequency Nb, a report feedback frequency Nr and a revoked identifier Ir; the TF table contains a message broadcaster identifier IdbFeedback reporter identifier IdrThe digital signature Ds contained in the messagebFeedback fraction Fs to the message, timestamp Ts when the trust feedback is generatedr(ii) a The authority is used for providing registration and revocation services for the vehicle, and storing and updating trust information of the vehicle;
The vehicle-mounted unit is arranged on the vehicle, trusted hardware is assembled to safely store a vehicle private key Sk (i), a digital signature algorithm is executed, a second safety clock is operated, the second safety clock is consistent with the first safety clock, and wireless communication is realized among different vehicles through the vehicle-mounted unit; the trust certificate format is Tc (i), (i, pk (i), Tr (i), TsC(i),DsC(i) In which Ts isC(i) A timestamp representing tc (i) at generation, obtained by the first secure clock; ds is a group ofC(i)=Sign(i,Pk(i),rr(i),TsC(i))sk(C)Representing the authority's digital signature on the top four parts of Tc (i) using Sign sub-algorithm and Sk (C);
and the road side units are arranged on two sides of the road and provide communication interfaces for the authority and the vehicle-mounted unit.
Preferably, the vehicles are classified into a high authority level, a medium authority level and a low authority registration vehicle, and three kinds of trust values tr (i) from high to low are assigned.
Further, the initial value of the new vehicle trust value tr (i) is calculated as:where HA, MA, LA represent the set of high, medium, and low authority class vehicles, respectively.
Preferably, the records nb (i), nr (i), and ir (i) of the newly registered vehicle in the BI table are set to 0, and FALSE, respectively.
Compared with the prior art, the invention has the following advantages and beneficial effects:
1. the method and the system for spreading the emergency message efficiently apply the entity-oriented trust value to the data-oriented trust evaluation, so that the evaluation result is more accurate.
2. The method and the system for spreading the emergency message have a good incentive mechanism, and can encourage the node to actively and honestly participate in the emergency message forwarding and the trust feedback report.
3. The emergency message spreading method and the emergency message spreading system can tolerate the conditions that an authority breaks down in a short time, part of road side units break down and the like.
4. The method and the system for spreading the emergency message can be compatible with special situations that a message publisher forges the message and a message receiver only receives one message and the like.
5. The method and the system for spreading the emergency message have good robustness and can effectively resist various external attacks and internal attacks.
Drawings
Fig. 1 is a diagram of an emergency message dissemination system model based on trust cascade of the present invention.
Detailed Description
For better understanding of the technical solutions of the present invention, the following detailed description is provided for the embodiments of the present invention with reference to the accompanying drawings, but the embodiments of the present invention are not limited thereto.
Example 1
As shown in fig. 1, an emergency message dissemination method and system based on trust cascade in the internet of vehicles:
step S1: authority initialization
When the model provided by the invention is deployed in a vehicle networking system, an authority firstly sets a clock of the authority and installs a digital signature algorithm DS (KeyGen, Sign, Verify), wherein KeyGen, Sign and Verify respectively represent a key generation, signature and verification sub-algorithm, and then generates a public key Pk (C) and a private key Sk (C) for the authority by using the KeyGen sub-algorithm, wherein Pk (C) is public to all vehicles, and Sk (C) is safely stored by the authority. In addition, to securely store trust information for a vehicle, an authority maintains a database containing two data tables, namely a basic information table and a trust feedback table, which are respectively identified as a BI table and a TF table. The BI table contains six fields, namely a vehicle identifier Id, a public key Pk, a trust value Tr, a number of broadcast messages Nb, a number of reporting feedbacks Nr and a revoked identifier Ir. The TF table contains five fields, namely the message broadcaster identifier IdbFeedback reporter identifier Idr、Digital signatures Ds included in messagesbFeedback score Fs for a message and timestamp T when a trust feedback is generatedsr。
Step S2: roadside unit initialization
When a new road side unit is installed on both sides of a road or a bad road side unit is replaced by the new road side unit, a wired communication channel needs to be established between the new road side unit and an authority. The new roadside unit then also becomes the vehicle's communication interface with the authority.
Step S3: vehicle registration
When a new vehicle registers in the internet of vehicles system, the authority first assigns it a unique identifier (e.g., i), which can be referred to as ve (i) accordingly. Subsequently, the authority uses the KeyGen sub-algorithm to generate public key Pk (i) and private key Sk (i) for ve (i), and equips the onboard unit of ve (i) with trusted hardware to securely store Sk (i), execute Sign sub-algorithm, and run a secure clock that is consistent with the authority's clock. In addition, the authority installs the Verify sub-algorithm and Pk (c) in the onboard unit of ve (i), and inserts a new record for ve (i) in the BI table, where the values of Id and Pk fields are i and Pk (i), respectively, and the values of the other fields (denoted as tr (i), nb (i), nr (i), and ir (i), respectively) are obtained from the following analysis:
as is known, the car networking system includes different types of vehicles, such as police cars, taxis, buses, ambulances, private cars, and the like. According to the authority grades, the model provided by the patent divides the vehicles into three types, namely high authority grade vehicles (referring to law enforcement vehicles, such as police cars and the like), medium authority grade vehicles (referring to public service vehicles managed by special departments, such as taxis, buses, ambulances and the like) and low authority grade vehicles (referring to other vehicles controlled by individuals, such as private cars and the like). Specifically, the initial value of tr (i) is calculated as:where HA, MA, LA represent the set of high, medium, and low authority class vehicles, respectively. In addition, nb (i), nr (i), and ir (i) are set to 0, and FALSE, respectively, since the newly registered vehicle ve (i) did not send an urgent message, did not report trust feedback, and was not revoked by the authority.
Step S4: trust certificate request
When located in the available roadside unitIs within communication range of (a), the vehicle (e.g. ve (i)) requests a new trust certificate from the authority every Γ times (where Γ > 0 is a system parameter). Specifically, ve (i) sends its identifier i to the authority via the roadside unit, and if ve (i) is not revoked (i.e., ir (i) ═ FALSE), the authority generates a new trust certificate tc (i) for ve (i) based on the trust information in the BI table, in the format: tc (i), (pk (i), Tr (i), TsC(i),Dsc(i) In which Ts isC(i) A timestamp representing the time of generation of tc (i), obtainable by an authority's clock; ds is a group ofC(i)=Sign(i,Pk(i),rr(i),TsC(i))sk(C)Representing the authority's digital signature on the top four parts of tc (i) using Sign sub-algorithm and sk (c).
Subsequently, the authority sends Tc (i) to ve (i) through the roadside unit, and ve (i) saves the Tc (i) in the vehicle-mounted unit and deletes the old trust certificate; if Tc (i) is not received, ve (i) requests a new trust certificate from the authority again immediately after entering the communication range of other available RSUs.
Step S5: emergency message dissemination
When an emergency (marked as epsilon) occurs, the report shows that epsilon is different (namely, the status of existence and the status of extinction are respectively marked as epsilon)+And ε-) Can be disseminated among nearby vehicles. Specifically, ve (i) broadcasts an urgent message about ε in the format: ms (i, e) ═ tc (i), Mc (i, e), Tsb(i,ε),Dsb(i, ε)), wherein Mc (i, ε) ═ ε+/ε-Represents the state of epsilon; tsb(i, ε) represents the timestamp of when Ms (i, ε) was generated, which can be obtained by a secure clock in ve (i) trusted hardware; ds is a group ofb(i,ε)=Sign(Mc(i,ε),Tsb(i,ε))Sk(i)Trusted hardware representing ve (i) uses the Sign sub-algorithm and Sk (i) pair (Mc (i, ε), Tsb(i, epsilon)). In this step, trusted hardware guarantees ve (i) that Ts cannot be tampered withb(i, ε), which also ensures that ve (i) and other vehicles cannot acquire Sk (i).
The setting of the decision trigger is a trade-off between the probability of a correct decision and the timeliness of the decision. The model provided by the scheme provides three distances for a unidirectional highway, namely a maximum sighting distance (recorded as Mw), a maximum decision distance (recorded as Md) and a maximum influence distance (recorded as Mi), wherein Mw is more than Md and less than Mi; while for complex roads Mw, Md and Mi can also be obtained in combination with digital maps. If the distance Ds (i, epsilon) along the road from the position of epsilon meets Ds (i, epsilon) epsilon [0, Mw ], ve (i) is a witness of epsilon; otherwise (i.e., if Ds (i, ε) ∈ (Mw, + ∞)), ve (i) is the follower of ε.
When a follower (e.g. ve (j)) receives an urgent message Ms (i, epsilon) about epsilon broadcast by a predecessor node (e.g. ve (i)), ve (j) first extracts Ds from Tc (i)C(i) And verifies Ds using Verify sub-algorithm stored in the on-board unit and Pk (C)C(i) (ii) a Then extracting Ts from Tc (i)C(i) And obtaining the current time Ts from the secure clocknTo verify Tsn-TsC(i) Γ ≦ (i.e., detect tc (i) is expired, where Γ' > Γ is a system parameter); then extracting Pk (i) from Tc (i) and validating Ds using the Verify sub-algorithm stored in the onboard unit and Pk (i)b(i, ε); finally verify Tsn-Tsb(i) Less than or equal to phi (i.e. detecting whether Ms (i, epsilon) is expired, where phi > 0 is a system parameter).
If all the verification is not passed, ve (j) considers that Ms (i, epsilon) is illegal and directly discards the Ms (i, epsilon); otherwise ve (j) obtains the location of epsilon from Mc (i, epsilon) and the vehicle's own position from the GPS module, then calculates the distance Ds (j, epsilon) between the two positions along the road and uses the following strategy:
1) if Ds (j, ε) e (Mi, + ∞), i.e. ve (j), is outside the influence range of ε, then directly discard Ms (i, ε);
2) if Ds (j, ε) e (Md, Mi ], ve (j) adds Ms (i, ε) to the set of urgent messages on ε MS (j, ε) but is not an urgent decision. In addition, if ve (j) receives multiple messages for ε from the same predecessor node, only the latest one is saved.
3) If Ds (j, epsilon) epsilon (Mw, Md), ve (j) makes a decision immediately based on the messages in the set of MS (j, epsilon). Specifically, ve (j) first derives a confidence value Dt (j, ε) for ε according to the following formula:
wherein | | | represents the number of elements in the set; tr (i) represents the entity-oriented trust value of ve (i) in Tc (i); mc' (i, ε) can be transformed by Mc (i, ε), i.e.
Since tr (i) e [0, 1], Mc' (i, e) ± 1, Dt (j, e) e [ -1, 1] can be easily obtained. In addition, in the above calculation of Dt (j, ε), Tr (i) is taken as an important weight. In other words, entity-oriented trust values are efficiently introduced into data-oriented trust evaluations.
Then ve (j) can make the following specific decision according to Dt (j, epsilon) and the trust parameter tp (j) epsilon [0, 1 ]:
1) if Dt (j, ε) e [ Tp (j), 1]Ve (j) trust ε+And immediately follows ∈+And (e.g., reducing the speed of the vehicle). In addition, if ve (j) is an honest vehicle, a new message Ms (j, epsilon) is broadcast (where Mc (j, epsilon) ═ epsilon)+) To notify the subsequent vehicle; if ve (j) is a malicious vehicle, a new message Ms (j, epsilon) is broadcast (where Mc (j, epsilon) ═ epsilon)-) To cheat subsequent vehicles;
2) if Dt (j, ε) e [ -1, -Tp (j)]Ve (j) trust ε-And immediately follows ∈-And (e.g., returning to vehicle speed, etc.). In addition, if ve (j) is an honest vehicle, a new message Ms (j, epsilon) is broadcast (where Mc (j, epsilon) ═ epsilon)-) To notify the subsequent vehicle; if ve (j) is a malicious vehicle, a new message Ms (j, epsilon) is broadcast (where Mc (j, epsilon) ═ epsilon)+) To cheat subsequent vehicles;
3) if Dt (j, ε) e [0, Tp (j)), ve (j) trusts ε to some extent+And immediately follows ∈+Act (e.g., reduce vehicle speed, etc.) but not broadcast new messages to subsequent vehicles;
4) if Dt (j, ε) e (-Tp (j), 0), ve (j) trusts e to some extent-And immediately follows ∈-Act (e.g., resume vehicle speed, etc.), but not broadcast a new message to subsequent vehicles.
Step S6: trust feedback reporting
When the follower (e.g., ve (j)) travels to a position near ε (i.e., Ds (j, ε) ∈ [0 ], Mw]) Then, the real state of epsilon (marked As (j, epsilon) ∈ epsilon { epsilon) } can be sensed+,ε-}). If As (j, ε) does not match the previously reported status of ve (j), ve (j) broadcasts a new message to subsequent vehicles.
In addition, ve (j) is able to evaluate the quality of each message in the set of MSs (j, epsilon). Specifically, ve (j) is first expressed by the following formulaCalculating a feedback score:
then is thatGenerating confidence feedback, i.e., Tf (i, j, ε) — (i, Fs (i, j, ε), Mc (i, ε), Tsb(i,ε),Dsb(i, ε)), where i is the identifier of the message broadcaster, Mc (i, ε), Tsb(i, ε) and Dsb(i, ε) is an element in Ms (i, ε). For convenience of illustration, if Fs (i, j, e) ═ 1, Tf (i, j, e) is called a positive feedback; if Fs (i, j, epsilon) ═ 0, Tf (i, j, epsilon) is called a negative feedback.
Then ve (j) constructs a set of trust feedbacks for ε:wherein j represents an identifier of the feedback reporter; tsr(j, ε) represents the timestamp of TF (j, ε) when generated, which can be obtained by a secure clock in ve (j) trusted hardware;the trusted hardware representing ve (j) uses the Sign sub-algorithm and Sk (j) to digitally Sign the first three parts of TF (j, ε). In this step, trusted hardware guaranteesVe (j) tamper-proof Tsr(j, ε), also ensure that ve (j) and other vehicles cannot acquire Sk (j).
Ve (j) then saves TF (j, epsilon) in the on board unit and reports it to the authority when driving into communication range of the available roadside units.
In addition, in this step, the malicious vehicle (e.g. ve (j)) can be calculated by modifying the calculation formula of Fs (i, j, epsilon) to beTo raise the trust value of the vehicle with which the collusion is concerned (the set of which is denoted as vc (j)) and to devalue the trust values of other vehicles.
Step S7: trust information update
When the authority receives a trust feedback set TF (j, epsilon) signed by ve (j) and about epsilon, first extracts the identifier j of ve (j) from TF (j, epsilon) and retrieves ir (j) and pk (j) from BI table, then verifies that ir (j) ═ FALSE (i.e. verifies that ve (j) is not revoked), and verifies Ds using Verify sub-algorithm and pk (j)r(j, ε). If the search or verification fails, the authority considers TF (j, epsilon) illegal and directly discards it; otherwise, the authority obtains the current time Ts from its clockn′And extracts the confidence feedback from TF (j, epsilon) and then verifies each confidence feedback (e.g., TF (i, j, epsilon)) as follows:
extracting an identifier i of ve (i) from Tf (i, j, epsilon), retrieving Ir (i) and Pk (i) from a BI table, and then verifying that i ≠ j (i.e. detecting whether ve (j) manifests itself); verify ir (i) FALSE (i.e. detect if ve (i) is revoked); verification of Ds Using the Verify sub-algorithm and Pk (i)b(i, ε); verification Tsn,-Tsb(i, epsilon) ≦ Ψ (where Ψ > 0 is a system parameter, i.e., it is detected whether Tf (i, j, epsilon) is sufficiently fresh); verifying Fs (i, j, epsilon) epsilon {0, 1} (i.e., detecting whether the value of Fs (i, j, epsilon) belongs to {0, 1 }).
If the above verifications are not all passed, the authority considers Tf (i, j, epsilon) illegal and discards it, otherwise, the authority inserts a new record into the TF table for Tf (i, j, epsilon), wherein the values of five fields are i, j and Ds respectivelyb(i,ε)、Fs(iJ, ε) and Tsr(j, ε). In addition, if there is a previous record and a new inserted record on Idb、IdrAnd DsbThe values of the fields are all the same and the authority deletes the previous record.
Subsequently, the authority generates and sends the confirmation information Ac (j, epsilon) corresponding to the TF (j, epsilon) to ve (j) through the road side unit, wherein the specific format of Ac (j, epsilon) is as follows: ac (j, epsilon) ═ j, Dsr(j,ε),DsC′(j, ε)), wherein Dsr(j, ε) is the digital signature in TF (j, ε); ds is a group ofC′(j,ε)=Sign((j,Dsr(j,ε))sk(C)Is a digital signature of the first two parts of Ac (j, epsilon) by the authority using the Sign sub-algorithm and sk (c).
After Ac (j, ε) is received, ve (j) first verifies Ds using the Verify sub-algorithm stored in the on-board unit and Pk (C)C′(j, ε) and then extracting Ds from Ac (j, ε)r(j, ε) and detects the presence or absence of Ds in the TF (j, ε) held by the on-board unitr(j, ε) are the same. If yes, ve (j) considers that the authority has received TF (j, epsilon), so that TF (j, epsilon) in the vehicle-mounted unit is deleted; otherwise, when ve (j) travels into the communication range of another available rsu, it immediately attempts to report TF (j, epsilon) again to the authority.
In addition, the authority iteratively updates the trust values of all unrevoked vehicles (the set of which is marked as VN) in the BI table according to the trust feedback records in the TF table at intervals of Γ. Specifically, the authority first calculates separately based on the information in the TF tableIn the time interval [ Tsn′-Ω,Tsn′](where Ω > 0 is a system parameter that ensures that sufficient trusted feedback is available for most vehicles in this time interval) and the number of broadcast messages (denoted as nb (i)) and the number of reported feedbacks (denoted as nr (i)):
Nb(i)=|{<Idb,Idr,Dsb>|Idb=i,Tsn,-Tsr≤Ω}|
Nr(i)=|{<Idb,Idr,Dsb>|Idr=i,Tsn′-Tsr≤Ω}|
then updating BI tableNb and Nr field of (a). Subsequently, the authorities pair in descending order Nb (i) and Nr (i), respectivelySequencing is carried out to obtain two sequences which are marked as Sb and Sr respectively.The ordinal numbers in Sb and 5r are denoted as Sb (i) and sr (i), respectively, where Sb (i), sr (i) 1, 2. Further, the authority can beDeriving weights Wb (i) and Wr (i) corresponding to Sb (i) and Sr (i), respectively:
it is easy to derive from the above formulas that Wb (i) and Wr (i) both range from [0.5, 1 ].
The authority can then be able to do so based on the information in the TF tableDeriving feedback reporter set fs (i) and triple set tt (i):
FS(i)={Idr|Idb=i,Tsn′-Tsr≤Ω}∩{j|Ve(j)∈VN}
TT(i)={<Idr,Dsb,Fs>|Idb=i,Idr∈FS(i),Tsn′-Tsr≤Ω}
wherein Tr (i) represents the current trust value of ve (i) in the BI table; λ ∈ (0, 1) is a decay factor set by the authority; tt (i, j, epsilon) < j, Dsb(i,ε),Fs(i,j,ε)>。
In other words, if ∑Tt(i,j,ε)∈TT(i)Tr(j)>0,Trn(i) Calculated as the product of the weighted sum of (wb (i) + wr (i))/2 and Fs (i, j, epsilon), with the confidence value tr (j) of the feedback reporter taken as the important weight; otherwise, Trn(i) Is calculated as the product of the attenuation factor and ve (i) the current trust value tr (i).
Step S8: vehicle revocation
Whenever the authority completes the trust information update in step S6, it is immediatelyCalculating the number of negative feedbacks nn (i) from different feedback reporters in the TF table:
Nn(i)=|{Idr|Idb=i,Idr∈Fs(i),Fs=0,Tsn′-Tsr≤Ω}|
then obtaining from BI tableThe latest trust value tr (i). If Nn (i) > θ and Tr (i) < Tp (C) (where θ ∈ Z+Tp (C) epsilon (0, 1) is set by an authoritySystem parameters), the authority sets the value of the Ir field of ve (i) in the BI table to TRUE (i.e., Ir (i) ═ TRUE) to revoke ve (i) from the internet of vehicles system. Subsequently, the authority no longer generates new trust certificates for ve (i), and does not update the trust information of ve (i) in the BI table, and discards the trust feedback reported by ve (i). When the existing trust certificate of ve (i) expires (i.e. Ts)n-TsC(i) > Γ'), ve (i) is completely revoked.
Example 2
An emergency message dissemination system based on trust cascade is used for realizing the emergency message dissemination method of the embodiment 1, and comprises the following steps:
the authority is provided with a first safety clock, a self public key Pk (C), a private key Sk (C) and a digital signature algorithm are arranged in the first safety clock, wherein the Pk (C) is public to all vehicles, the Sk (C) is safely stored by the authority, and a vehicle basic information table BI and a trust feedback table TF are arranged in the first safety clock; the BI table comprises a vehicle identifier Id, a public key Pk, a trust value Tr, a broadcast message frequency Nb, a report feedback frequency Nr and a revoked identifier Ir; the TF table contains a message broadcaster identifier IdbFeedback reporter identifier IdrThe digital signature Ds contained in the messagebFeedback fraction Fs to the message, timestamp Ts when the trust feedback is generatedr(ii) a The authority is used for providing registration and revocation services for the vehicle, and storing and updating trust information of the vehicle;
the vehicle-mounted unit is arranged on the vehicle, trusted hardware is assembled to safely store a vehicle private key Sk (i), a digital signature algorithm is executed, a second safety clock is operated, the second safety clock is consistent with the first safety clock, and wireless communication is realized among different vehicles through the vehicle-mounted unit; the trust certificate format is Tc (i), (i, pk (i), Tr (i), TsC(i),DsC(i) In which Ts isC(i) A timestamp representing tc (i) at generation, obtained by the first secure clock; ds is a group ofc(i)=Sign(i,Pk(i),Tr(i),Tsc(i))sk(c)Representing the authority's digital signature on the top four parts of Tc (i) using Sign sub-algorithm and Sk (C);
and the road side units are arranged on two sides of the road and provide communication interfaces for the authority and the vehicle-mounted unit.
Dividing the vehicle into a high authority level, a medium authority level and a low authority registration vehicle, and giving three trust values Tr (i) from high to low; the initial value of tr (i) is calculated as:where HA, MA, LA represent the set of high, medium, and low authority class vehicles, respectively.
The records nb (i), nr (i), and ir (i) of the newly registered vehicle in the BI table are set to 0, and FALSE, respectively.
The above embodiments are preferred embodiments of the present invention, but the present invention is not limited to the above embodiments, and any other changes, modifications, substitutions, combinations, and simplifications which do not depart from the spirit and principle of the present invention should be construed as equivalents thereof, and all such changes, modifications, substitutions, combinations, and simplifications are intended to be included in the scope of the present invention.
Claims (10)
1. An emergency message dissemination method based on trust cascade in the Internet of vehicles is characterized in that:
when an authority is initialized, setting a first safety clock, generating a self public key Pk (C) and a private key Sk (C), and generating a vehicle basic information table BI and a trust feedback table TF;
when a new road side unit is initialized, a wired communication channel is established between the new road side unit and an authority;
when a new vehicle is registered, an authority allocates a unique identifier i for the new vehicle, the vehicle is recorded as ve (i), a public key Pk (i) and a private key Sk (i) based on the identifier are generated, a digital signature algorithm Verify sub-algorithm and Pk (C) are installed in a vehicle-mounted unit of the new vehicle, and a new record [ i, Pk (i), Tr (i), Nb (i), Nr (i) and Ir (i) ] is inserted for ve (i) in a basic information table of the vehicle;
when the vehicle is located in the communication range of the available road side unit, requesting and updating a trust certificate to an authority at intervals of a preset period gamma, wherein gamma is larger than 0;
when an emergency event epsilon occurs, judging whether the vehicle is a witness or a follower according to the distance between the position of the emergency event and the vehicle;
when the vehicle is a witness, an emergency message is broadcast in the format:
Ms(i,ε)=(Tc(i),Mc(i,ε),Tsb(i,ε),Dsb(i,ε))
wherein Mc (i, epsilon) ═ epsilon+/ε-Denotes the state of ε+Indicating an emergency event as a persistent state, epsilon-Indicating that the emergency event is a death state; tsb(i, ε) represents the timestamp of when Ms (i, ε) was generated, which can be obtained by a secure clock in ve (i) trusted hardware; ds is a group ofb(i,ε)=Sign(Mc(i,ε),Tsb(i,ε))Sk(i)Trusted hardware representing ve (i) uses the Sign sub-algorithm and Sk (i) pair (Mc (i, ε), Tsb(i, epsilon));
when the vehicle is a follower ve (j), receiving broadcast information Ms (i, epsilon) of the predecessor node about the emergency event, and extracting Ds from Tc (i)C(i) And using Verify sub-algorithm of Verify and Pk (C) to Verify DsC(i) (ii) a Then extracting Ts from Tc (i)C(i) And obtaining the current time Ts from the second secure clocknTo verify Tsn-TsC(i) Gamma ' is detected, namely Tc (i) is detected whether the expiration exists, wherein gamma ' is a system parameter and gamma ' is more than gamma; next, Pk (i) is extracted from Tc (i) and Ds is verified using the Verify sub-algorithm and Pk (i)b(i, ε); finally verify Tsn-Tsb(i) Detecting whether Ms (i, epsilon) is expired or not, wherein phi is a system parameter and phi is more than 0;
if the verification of the follower on the precursor node is not passed completely, ve (j) considers that Ms (i, epsilon) is illegal and directly discards the Ms (i, epsilon); otherwise, ve (j) obtains the position of epsilon and the position of the vehicle from Mc (i, epsilon), and calculates the distance Ds (j, epsilon) between the follower and the emergency; the follower makes a decision according to the judgment of the distance from the emergency event relative position;
when a follower ve (j) drives near the location of ε, the true state of ε is perceived As (j, ε) ε { ε+,ε-If As (j, epsilon) does not coincide with the previously reported status of ve (j), ve (j) broadcasts a new message to subsequent vehicles regarding the emergency event;in addition, the ve (j) evaluates the quality of the received broadcast information, constructs a trust feedback set for the emergency event and reports the trust feedback set to an authority;
when the authority receives the trust feedback set, verifying whether a follower in the trust feedback information is revoked, verifying whether a digital signature is legal, and verifying whether the trust feedback is overdue, if the verification on the trust feedback set is not passed completely, the authority determines that the trust feedback information is illegal and discards the trust feedback information, and if the verification on the trust feedback set is passed completely, a new record about the trust feedback information is inserted into the TF table; subsequently, the authority generates confirmation information of the trust feedback set and sends the confirmation information to the follower ve (j);
and after receiving the confirmation information, the follower ve (j) verifies whether the digital signature is legal and is consistent with the digital signature in the trust feedback information, so as to confirm whether the authority receives the trust feedback information, if the authority receives the trust feedback information, the trust feedback set in the ve (j) vehicle-mounted unit is deleted, and if not, the trust feedback information is reported to the authority again.
2. The method according to claim 1, wherein the strategy for the follower to make a decision based on the relative location distance Ds (j, epsilon) to the emergency event is as follows:
if Ds (j, ε) e (Mi, + ∞), Mi represents the maximum influence distance, i.e., ve (j) is outside the influence range of ε, directly discarding Ms (i, ε);
if Ds (j, epsilon) e (Md, Mi), Md represents the maximum decision distance, ve (j) adds Ms (i, epsilon) to the set of urgent messages about epsilon MS (j, epsilon) but is not urgent to make a decision;
if Ds (j, epsilon) epsilon (Mw, Md), ve (j) makes a decision immediately based on the messages in the set of MS (j, epsilon).
3. The method as claimed in claim 2, wherein the step of Ve (/) making a decision immediately based on the message in the MS (j, epsilon) set comprises:
ve (j) derives a confidence value Dt (j, epsilon) for epsilon according to the following formula:
wherein | | | represents the number of elements in the set; tr (i) represents the entity-oriented trust value of ve (i) in Tc (i); mc' (i, ε) can be transformed by Mc (i, ε), i.e.
Ve (j) can make the following specific decision according to Dt (j, epsilon) and the trust parameter Tp (j) epsilon [0, 1 ]:
1) if Dt (j, ε) e [ Tp (j), 1]Ve (j) trust ε+And immediately follows ∈+Performing action; in addition, if ve (j) is an honest vehicle, a new message Ms (j, epsilon) is broadcast to notify the following vehicles, where Mc (j, epsilon) ═ epsilon+(ii) a If ve (j) is a malicious vehicle, a new message Ms (j, epsilon)) is broadcast to cheat subsequent vehicles, where Mc (j, epsilon) ═ epsilon-;
2) If Dt (j, ε) e [ -1, -Tp (j)]Ve (j) trust ε-And immediately follows ∈-Performing action; in addition, if ve (j) is an honest vehicle, a new message Ms (j, epsilon) is broadcast to notify the following vehicles, where Mc (j, epsilon) ═ epsilon-(ii) a If ve (j) is a malicious vehicle, a new message Ms (j, epsilon) is broadcast to cheat subsequent vehicles, wherein Mc (j, epsilon)+;
3) If Dt (j, ε) e [0, Tp (j)), ve (j) trusts ε to some extent+And immediately follows ∈+Act, but not broadcast, new messages to subsequent vehicles;
4) if Dt (j, ε) e (-Tp (j), 0), ve (j) trusts e to some extent-And immediately follows ∈-Act, but not broadcast, new messages to subsequent vehicles.
4. The emergency message dissemination method of claim 2 wherein said Ve (/) performs a quality assessment of the received broadcast information and constructs a set of trust feedback for the emergency event by:
calculating a feedback score for Ms (i, e) according to the following equation:
generating a trust feedback Tf (i, j, epsilon) for Ms (i, epsilon), and if Fs (i, j, epsilon) is 1, calling Tf (i, j, epsilon) as a positive feedback; if Fs (i, j, epsilon) ═ 0, we call Tf (i, j, epsilon) a negative feedback;
construct a trust feedback set for ε:Tsr(j, ε) represents the timestamp of TF (j, ε) when generated, which can be obtained by ve (j) the second secure clock;representing a digital signature over the first three portions of TF (j, epsilon) using Sign sub-algorithm and sk (j); MS (j, epsilon) represents the set of broadcast information received by ve (j).
5. The method according to claim 4, wherein the step of verifying when the authority receives the set of trust feedbacks TF (j, epsilon) with respect to epsilon is specifically:
extracting an identifier j of ve (j) from TF (j, epsilon) and retrieving Ir (j) and Pk (j) from a BI table;
verify that ir (j) ═ FALSE, i.e. Verify that ve (j) has not been revoked, and Verify Ds using Verify sub-algorithm and pk (j)r(j,ε);
If the search or verification fails, the authority considers TF (j, epsilon) illegal and directly discards it; otherwise, the authority obtains the current time Ts from its clockn′And extracting trust feedback from the TF (j, epsilon), verifying each trust feedback as TF (i, j, epsilon) as follows:
extracting an identifier i of ve (i) from Tf (i, j, epsilon), retrieving Ir (i) and Pk (i) from a BI table, and then verifying that i is not equal to j, namely detecting whether ve (j) is self-expicity; verify ir (i) ═ FALSE, i.e. detect if ve (i) is revoked; by usingVerify Ds using Verify sub-algorithm and Pk (i)b(i, ε); verification Tsn′-Tsb(i, epsilon) ≦ Ψ, where Ψ > 0 is a system parameter, i.e., it is detected whether Tf (i, j, epsilon) is sufficiently fresh; verifying Fs (i, j, epsilon) to be {0, 1}, namely detecting whether the value of Fs (i, j, epsilon) belongs to {0, 1 });
if the above verifications are not all passed, the authority considers Tf (i, j, epsilon) illegal and discards it, otherwise, the authority inserts a new record into the TF table for Tf (i, j, epsilon), wherein the values of five fields are i, j and Ds respectivelyb(i, ε), Fs (i, j, ε) and Tsr(j, ε); if there is a previous record and a new inserted record on Idb、IdrAnd DsbThe values of the fields are all the same and the authority deletes the previous record.
6. The method according to claim 5, wherein the acknowledgement information Ac (j, epsilon) corresponding to TF (j, epsilon) is sent to ve (j) by the roadside unit, and the specific format of Ac (j, epsilon) is: ac (j, epsilon) ═ j, Dsr(j,ε),DsC′(j, ε)), wherein Dsr(j, ε) is the digital signature in TF (j, ε); ds is a group ofC′(j,ε)=Sign(j,Dsr(j,ε))Sk(C)Is a digital signature of the first two parts of Ac (j, epsilon) by the authority using the Sign sub-algorithm and sk (c).
7. The emergency message dissemination method according to claim 1, wherein said authority iteratively updates the trust values of all unrevoked vehicles in said BI table every Γ times according to trust feedback records in said TF table.
8. The urgent message dissemination method according to claim 7, wherein said specific step of iteratively updating the trust values of all unrevoked vehicles in the BI table is:
respectively calculate according to the information in the TF tableVN representationA set of unrevoked vehicles; in the time interval [ Tsn′-Ω,Tsn′]The number of broadcast messages nb (i) and the number of reporting feedback nr (i); where Ω > 0 is a system parameter to ensure that sufficient confidence feedback is available for most vehicles during this time interval:
Nb(i)=|{<Idb,Idr,Dsb>|Idb=i,Tsn′-Tsr≤Ω}|
Nr(i)=|{<Idb,Idr,Dsb>|Idr=i,Tsn′-Tsr≤Ω}|
in descending order of Nb (i) and Nr (i), respectivelySequencing to obtain two sequences, and respectively marking as Sb and Sr;the ordinal numbers in Sb and Sr are denoted as Sb (i) and Sr (i), respectively, where Sb (i), Sr (i) ═ 1, 2.., or | VN |;
then, the authority makes the TF table have the information ofDeriving feedback reporter set fs (i) and triple set tt (i):
FS(i)={Idr|Idb=i,Tsn′-Tsr≤Ω}∩{j|Ve(j)∈VN}
TT(i)={<Idr,Dsb,Fs>|Idb=i,Idr∈FS(i),Tsn′-Tsr≤Ω}
9. The emergency message dissemination method of claim 8, wherein the authority immediately updates the trust information byCalculating the number of negative feedbacks nn (i) from different feedback reporters in the TF table:
Nn(i)=|{Idr|Idb=i,Idr∈FS(i),Fs=0,Tsn′-Tsr≤Ω}|
obtained from BI tablesThe latest trust value of tr (i); if nn (i) > theta and tr (i) < tp (c), the authority sets the value of the Ir field of ve (i) in the BI table to TRUE (i.e., Ir (i) ═ TRUE) to withdraw ve (i) from the car networking system; where θ ∈ Z+Tp (C) epsilon (0, 1) are system parameters set by an authority;
subsequently, the authority no longer generates a new trust certificate for ve (i), does not update the trust information of ve (i) in the BI table, and discards the trust feedback reported by ve (i); when the existing trust certificate of ve (i) expires, Tsn-TsC(i) At > Γ', ve (i) is completely revoked.
10. An emergency message dissemination system based on trust cascade in the internet of vehicles, for implementing the emergency message dissemination method of any one of the above claims 1-9, comprising:
the authority is provided with a first safety clock, a self public key Pk (C), a private key Sk (C) and a digital signature algorithm are arranged in the first safety clock, wherein the Pk (C) is public to all vehicles, the Sk (C) is safely stored by the authority, and a vehicle basic information table BI and a trust feedback table TF are arranged in the first safety clock; the BI table comprises a vehicle identifier Id, a public key Pk, a trust value Tr, a broadcast message frequency Nb, a report feedback frequency Nr and a revoked identifier Ir; the TF table contains a message broadcaster identifier IdbFeedback reporter identifier IdrThe digital signature Ds contained in the messagebFeedback fraction Fs to the message, timestamp Ts when the trust feedback is generatedrThe authority is used for providing registration and revocation services for the vehicle, and storing and updating trust information of the vehicle;
the vehicle-mounted unit is arranged on the vehicle, trusted hardware is assembled to safely store a vehicle private key Sk (i), a digital signature algorithm is executed, a second safety clock is operated, the second safety clock is consistent with the first safety clock, and wireless communication is realized among different vehicles through the vehicle-mounted unit; the trust certificate format is Tc (i), (i, pk (i), Tr (i), TsC(i),DsC(i) In which Ts isC(i) A timestamp representing tc (i) at generation, obtained by the first secure clock; ds is a group ofC(i)=Sign(i,Pk(i),Tr(i),TsC(i))Sk(C)Representing the authority's digital signature on the top four parts of Tc (i) using Sign sub-algorithm and Sk (C);
and the road side units are arranged on two sides of the road and provide communication interfaces for the authority and the vehicle-mounted unit.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911241257.5A CN111093189A (en) | 2019-12-06 | 2019-12-06 | Emergency message dissemination method and system based on trust cascade in Internet of vehicles |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911241257.5A CN111093189A (en) | 2019-12-06 | 2019-12-06 | Emergency message dissemination method and system based on trust cascade in Internet of vehicles |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111093189A true CN111093189A (en) | 2020-05-01 |
Family
ID=70394815
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911241257.5A Pending CN111093189A (en) | 2019-12-06 | 2019-12-06 | Emergency message dissemination method and system based on trust cascade in Internet of vehicles |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111093189A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111885544A (en) * | 2020-07-16 | 2020-11-03 | 暨南大学 | Emergency message dissemination method and system with trust management and privacy protection functions in Internet of vehicles |
CN113380024A (en) * | 2021-05-27 | 2021-09-10 | 重庆邮电大学 | Reputation updating method and trust calculation method based on Internet of vehicles |
CN114051039A (en) * | 2021-09-18 | 2022-02-15 | 清华大学 | Vehicle reliability obtaining method and device based on traffic service characteristics |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20190273617A1 (en) * | 2018-03-02 | 2019-09-05 | Intertrust Technologies Corporation | Trust and identity management systems and methods |
CN110445788A (en) * | 2019-08-09 | 2019-11-12 | 西安电子科技大学 | The trust evaluation system and method for content oriented under a kind of vehicular ad hoc network environment |
-
2019
- 2019-12-06 CN CN201911241257.5A patent/CN111093189A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20190273617A1 (en) * | 2018-03-02 | 2019-09-05 | Intertrust Technologies Corporation | Trust and identity management systems and methods |
CN110445788A (en) * | 2019-08-09 | 2019-11-12 | 西安电子科技大学 | The trust evaluation system and method for content oriented under a kind of vehicular ad hoc network environment |
Non-Patent Citations (1)
Title |
---|
ZHIQUAN LIU;JIAN WENG: "TCEMD: A Trust Cascading-Based Emergency Message Dissemination Model in VANETs", 《IEEE》, 4 December 2019 (2019-12-04), pages 4028 - 4048, XP011788079, DOI: 10.1109/JIOT.2019.2957520 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111885544A (en) * | 2020-07-16 | 2020-11-03 | 暨南大学 | Emergency message dissemination method and system with trust management and privacy protection functions in Internet of vehicles |
CN111885544B (en) * | 2020-07-16 | 2023-12-29 | 暨南大学 | Emergency message dissemination method and system for considering trust management and privacy protection in Internet of vehicles |
CN113380024A (en) * | 2021-05-27 | 2021-09-10 | 重庆邮电大学 | Reputation updating method and trust calculation method based on Internet of vehicles |
CN114051039A (en) * | 2021-09-18 | 2022-02-15 | 清华大学 | Vehicle reliability obtaining method and device based on traffic service characteristics |
CN114051039B (en) * | 2021-09-18 | 2022-11-25 | 清华大学 | Vehicle reliability obtaining method and device based on traffic service characteristics |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TWI767223B (en) | A method and system for processing violation events based on a blockchain | |
Yang et al. | Blockchain-based traffic event validation and trust verification for VANETs | |
CN110446183B (en) | Vehicle networking system based on block chain and working method | |
Rivas et al. | Security on VANETs: Privacy, misbehaving nodes, false information and secure data aggregation | |
WO2020258060A2 (en) | Blockchain-based privacy protection trust model for internet of vehicles | |
AU2018102186A4 (en) | An aggregated trust evaluation method for message reliability in vanets | |
US8090949B2 (en) | Certificate assignment strategies for efficient operation of the PKI-based security architecture in a vehicular network | |
Leinmuller et al. | Security requirements and solution concepts in vehicular ad hoc networks | |
KR101837338B1 (en) | Cloud-Assisted Conditional Privacy Preserving Authentication Method for VANET and System Therefor | |
CN110377672B (en) | Real-time map updating system and method based on trust management and Internet of vehicles terminal | |
CN111093189A (en) | Emergency message dissemination method and system based on trust cascade in Internet of vehicles | |
CN111885544B (en) | Emergency message dissemination method and system for considering trust management and privacy protection in Internet of vehicles | |
CN106209777A (en) | A kind of automatic driving car on-vehicle information interactive system and safety communicating method | |
CN105792207A (en) | Vehicle networking authentication method facing vehicle differentiation | |
CN112489458B (en) | Credible privacy protection intelligent traffic light method and system based on V2X technology | |
CN114286332B (en) | Dynamic efficient vehicle-mounted cloud management method with privacy protection function | |
Stübing | Multilayered security and privacy protection in Car-to-X networks: solutions from application down to physical layer | |
Al-Ali et al. | Reputation based traffic event validation and vehicle authentication using blockchain technology | |
Didouh et al. | Eve, you shall not get access! A cyber-physical blockchain architecture for electronic toll collection security | |
Funderburg et al. | Pairing-free signatures with insider-attack resistance for vehicular ad-hoc networks (VANETs) | |
Didouh et al. | Blockchain-based collaborative certificate revocation systems using clustering | |
Ahmed et al. | Blockchain-assisted trust management scheme for securing VANETs | |
Funderburg et al. | Efficient short group signatures for conditional privacy in vehicular ad hoc networks via ID caching and timed revocation | |
Almazroi et al. | FC-LSR: Fog Computing-Based Lightweight Sybil Resistant Scheme in 5G-Enabled Vehicular Networks | |
Huang et al. | Trust Management Model of VANETs Based on Machine Learning and Active Detection Technology |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200501 |
|
RJ01 | Rejection of invention patent application after publication |