CN111093189A - Emergency message dissemination method and system based on trust cascade in Internet of vehicles - Google Patents

Abstract

The invention discloses an emergency message dissemination method and system based on trust cascade in Internet of vehicles, wherein the system comprises an authority mechanism, a road side unit and a vehicle: the authority mechanism is responsible for providing registration and revocation services for the vehicle, and storing and updating trust information of the vehicle; the road side unit provides a communication interface for the vehicle and the authority; the vehicle-mounted unit is mounted on the vehicle and can communicate with the adjacent road side unit and other vehicles; when an emergency occurs, the emergency message can be disseminated among nearby vehicles in a trust cascade, wherein entity-oriented trust values (which can be evaluated and updated by and included in the trust certificate) are taken as important weights; the method and the system efficiently apply the entity-oriented trust value to the data-oriented trust evaluation, compared with the existing message dissemination mode, the method and the system have more accurate evaluation result, and have good excitation mechanism, error tolerance, compatibility and robustness.

Description

Emergency message dissemination method and system based on trust cascade in Internet of vehicles

Technical Field

The invention relates to the technical field of car networking safety, in particular to an emergency message dissemination method and system based on trust cascade in car networking.

Background

Collaborative security applications are one of the most spotlighted branches of research in the internet of vehicles, where vehicles can obtain more distant view and a wider range of road information through "vehicle-to-vehicle" messaging, and obtain a greater amount of higher quality information through "vehicle-to-road side unit" messaging. The cooperative security application enables a driver to intelligently sense the states of surrounding vehicles and roads and make a decision on an external affair in advance, so that the emergency degree of operation for avoiding traffic accidents is greatly reduced, and the road security and the driving comfort are improved. However, due to the characteristics of large scale, open, distributed, sparse, and highly dynamic, the internet of vehicles is vulnerable to malicious behavior and attacks. For example, a malicious vehicle may broadcast a large number of false messages to spoof other vehicles, thereby posing a significant threat to the safety and reliability of road traffic. Thus, each vehicle needs to screen other honest and malicious vehicles, real messages and false messages and follow the real messages broadcast by the honest vehicles to make the correct decision.

Traditional cryptography and digital signature techniques mainly ensure the authenticity, privacy and confidentiality, integrity, traceability of messages of vehicles, while rarely assess the trustworthiness of vehicles and the quality of messages. However, in practice, an authenticated vehicle may also broadcast false messages for its own benefits, while other vehicles cannot perceive it in advance. Trust modeling, as a theory that can solve the uncertainty problem, plays a crucial role in the internet of vehicles, which enables each vehicle to detect other malicious vehicles and false messages in advance to avoid serious consequences. Currently, trust modeling in the internet of vehicles is still in a preliminary stage, and existing trust models can be roughly divided into an entity-oriented model and a data-oriented model according to evaluation objects.

Li et al [ Li, q., Malip, a., Martin, k.m., Ng, s.l., & Zhang, J. (2012.). anchorage-based evaluation scheme for vanets. ieee Transactions on vehicular Technology,61(9), 4095-. Ostermaier et al [ Ostermaier, B., Dotzer, F., & Strassberger, M. (2007, April) & Enhancing the Security of localization and knowledge In the fields of a variety of communication-a singular analysis of a marketing scheme, In the second International Conference on Availability, Reliability and Security (ARES' 07) & pp.422-431.

Disclosure of Invention

The invention aims to overcome the defects of the prior art and provide an emergency message dissemination method and system based on trust cascade in the Internet of vehicles, the method and the system can realize that the entity-oriented trust value is efficiently applied to the data-oriented trust evaluation, and the evaluation result is more accurate.

The purpose of the invention is realized by the following technical scheme: an emergency message dissemination method based on trust cascade in the Internet of vehicles specifically comprises the following steps:

when an authority is initialized, setting a first safety clock, generating a self public key Pk (C) and a private key Sk (C), and generating a vehicle basic information table BI and a trust feedback table TF;

when a new road side unit is initialized, a wired communication channel is established between the new road side unit and an authority;

when a new vehicle is registered, an authority allocates a unique identifier i for the new vehicle, the vehicle is recorded as ve (i), a public key Pk (i) and a private key Sk (i) based on the identifier are generated, a digital signature algorithm Verify sub-algorithm and Pk (C) are installed in a vehicle-mounted unit of the new vehicle, and a new record [ i, Pk (i), Tr (i), Nb (i), Nr (i) and Ir (i) ] is inserted for ve (i) in a basic information table of the vehicle;

when the vehicle is located in the communication range of the available road side unit, requesting and updating a trust certificate to an authority at intervals of a preset period gamma, wherein gamma is larger than 0;

when an emergency event epsilon occurs, judging whether the vehicle is a witness or a follower according to the distance between the position of the emergency event and the vehicle;

when the vehicle is a witness, an emergency message is broadcast in the format:

Ms(i，ε)＝(Tc(i)，Mc(i，ε)，Ts_b(i，ε)，Ds_b(i，ε))

wherein Mc (i, epsilon) ═ epsilon⁺/ε^-Denotes the state of ε⁺Indicating an emergency event as a persistent state, epsilon^-Indicating that the emergency event is a death state; ts_b(i, ε) represents the timestamp of when Ms (i, ε) was generated, which can be obtained by a secure clock in ve (i) trusted hardware; ds is a group of_b(i，ε)＝Si_gn(Mc(i，ε)，Ts_b(ε，ε))_sk(i)Trusted hardware representing ve (i) uses the Sign sub-algorithm and Sk (i) pair (Mc (i, ε), Ts_b(i, epsilon));

when the vehicle is a follower ve (j), receiving broadcast information Ms (i, epsilon) of the predecessor node about the emergency event, and extracting Ds from Tc (i)_C(i) And using Verify sub-algorithm of Verify and Pk (C) to Verify Ds_C(i) (ii) a Then extracting Ts from Tc (i)_C(i) And obtaining the current time Ts from the second secure clock_nTo verify Ts_n-Ts_C(i) Gamma ' is detected, namely Tc (i) is detected whether the expiration exists, wherein gamma ' is a system parameter and gamma ' is more than gamma; next, Pk (i) is extracted from Tc (i) and Ds is verified using the Verify sub-algorithm and Pk (i)_b(i, ε); finally verify Ts_n-Ts_b(i) Detecting whether Ms (i, epsilon) is expired or not, wherein phi is a system parameter and phi is more than 0;

if the verification of the follower on the precursor node is not passed completely, ve (j) considers that Ms (i, epsilon) is illegal and directly discards the Ms (i, epsilon); otherwise, ve (j) obtains the position of epsilon and the position of the vehicle from Mc (i, epsilon), and calculates the distance Ds (j, epsilon) between the follower and the emergency; the follower makes a decision according to the judgment of the distance from the emergency event relative position;

when a follower ve (j) drives near the location of ε, the true state of ε is perceived As (j, ε) ε { ε⁺，ε^-If As (j, epsilon) does not coincide with the previously reported status of ve (j), ve (j) broadcasts a new message to subsequent vehicles regarding the emergency event; in addition, the ve (j) evaluates the quality of the received broadcast information, constructs a trust feedback set for the emergency event and reports the trust feedback set to an authority;

when the authority receives the trust feedback set, verifying whether a follower in the trust feedback information is revoked, verifying whether a digital signature is legal, and verifying whether the trust feedback is overdue, if the verification on the trust feedback set is not passed completely, the authority determines that the trust feedback information is illegal and discards the trust feedback information, and if the verification on the trust feedback set is passed completely, a new record about the trust feedback information is inserted into the TF table; subsequently, the authority generates confirmation information of the trust feedback set and sends the confirmation information to the follower ve (j);

and after receiving the confirmation information, the follower ve (j) verifies whether the digital signature is legal and is consistent with the digital signature in the trust feedback information, so as to confirm whether the authority receives the trust feedback information, if the authority receives the trust feedback information, the trust feedback set in the ve (j) vehicle-mounted unit is deleted, and if not, the trust feedback information is reported to the authority again.

Preferably, the strategy for the follower to make a decision based on the relative location distance Ds (j, epsilon) to the emergency event is as follows:

if Ds (j, ε) e (Mi, + ∞), Mi represents the maximum influence distance, i.e., ve (j) is outside the influence range of ε, directly discarding Ms (i, ε);

if Ds (j, epsilon) e (Md, Mi), Md represents the maximum decision distance, ve (j) adds Ms (i, epsilon) to the set of urgent messages about epsilon MS (j, epsilon) but is not urgent to make a decision;

if Ds (j, epsilon) epsilon (Mw, Md), ve (j) makes a decision immediately based on the messages in the set of MS (j, epsilon).

Furthermore, the specific steps of the ve (j) immediately making a decision according to the message in the MS (j, epsilon) set are as follows:

ve (j) derives a confidence value Dt (j, epsilon) for epsilon according to the following formula:

wherein | | | represents the number of elements in the set; tr (i) represents the entity-oriented trust value of ve (i) in Tc (i); mc' (i, ε) can be transformed by Mc (i, ε), i.e.

Ve (j) can make the following specific decision according to Dt (j, epsilon) and the trust parameter Tp (j) epsilon [0, 1 ]:

1) if Dt (j, ε) e [ Tp (j), 1]Ve (j) trust ε⁺And immediately follows ∈⁺Performing action; in addition, if ve (j) is a honest vehicle, a new message Ms (j, epsilon) is broadcast to inform the followingVehicle, wherein Mc (j, epsilon) ═ epsilon⁺(ii) a If ve (j) is a malicious vehicle, a new message Ms (j, epsilon)) is broadcast to cheat subsequent vehicles, where Mc (j, epsilon) ═ epsilon^-；

2) If Dt (j, ε) e [ -1, -Tp (j)]Ve (j) trust ε^-And immediately follows ∈^-Performing action; in addition, if ve (j) is an honest vehicle, a new message Ms (j, epsilon) is broadcast to notify the following vehicles, where Mc (j, epsilon) ═ epsilon^-(ii) a If ve (j) is a malicious vehicle, a new message Ms (j, epsilon) is broadcast to cheat subsequent vehicles, wherein Mc (j, epsilon)⁺；

3) If Dt (j, ε) e [0, Tp (j)), ve (j) trusts ε to some extent⁺And immediately follows ∈⁺Act, but not broadcast, new messages to subsequent vehicles;

4) if Dt (j, ε) e (-Tp (j), 0), ve (j) trusts e to some extent^-And immediately follows ∈^-Act, but not broadcast, new messages to subsequent vehicles.

Further, when ve (j) receives multiple messages for ε from the same predecessor node, only the latest one is saved.

Further, the ve (j) performing quality evaluation on the received broadcast information and constructing a trust feedback set for the emergency event includes:

calculating a feedback score for Ms (i, e) according to the following equation:

generating a trust feedback Tf (i, j, epsilon) for Ms (i, epsilon), and if Fs (i, j, epsilon) is 1, calling Tf (i, j, epsilon) as a positive feedback; if Fs (i, j, epsilon) ═ 0, we call Tf (i, j, epsilon) a negative feedback;

construct a trust feedback set for ε:

Ts_r(j, ε) represents the timestamp of TF (j, ε) when generated, which can be obtained by ve (j) the second secure clock;

representing a digital signature over the first three portions of TF (j, epsilon) using Sign sub-algorithm and sk (j); MS (j, epsilon) represents the set of broadcast information received by ve (j).

More specifically, the verification step when the authority receives the trust feedback set TF (j, epsilon) about epsilon includes:

extracting an identifier j of ve (j) from TF (j, epsilon) and retrieving Ir (j) and Pk (j) from a BI table;

verify that ir (j) ═ FALSE, i.e. Verify that ve (j) has not been revoked, and Verify Ds using Verify sub-algorithm and pk (j)_r(j，ε)；

If the search or verification fails, the authority considers TF (j, epsilon) illegal and directly discards it; otherwise, the authority obtains the current time Ts from its clock_n′And extracting trust feedback from the TF (j, epsilon), verifying each trust feedback as TF (i, j, epsilon) as follows:

extracting an identifier i of ve (i) from Tf (i, j, epsilon), retrieving Ir (i) and Pk (i) from a BI table, and then verifying that i is not equal to j, namely detecting whether ve (j) is self-expicity; verify ir (i) ═ FALSE, i.e. detect if ve (i) is revoked; verification of Ds Using the Verify sub-algorithm and Pk (i)_b(i, ε); verification Ts_n，-Ts_b(i, epsilon) ≦ Ψ, where Ψ > 0 is a system parameter, i.e., it is detected whether Tf (i, j, epsilon) is sufficiently fresh; verifying Fs (i, j, epsilon) epsilon {0, 1}, namely detecting whether the value of Fs (i, j, epsilon) belongs to {0, 1 }.

If the above verifications are not all passed, the authority considers Tf (i, j, epsilon) illegal and discards it, otherwise, the authority inserts a new record into the TF table for Tf (i, j, epsilon), wherein the values of five fields are i, j and Ds respectively_b(i, ε), Fs (i, j, ε) and Ts_r(j, ε); if there is a previous record and a new inserted record on Id_b、Id_rAnd Ds_bThe values of the fields are all the same and the authority deletes the previous record.

Further, the confirmation information Ac (j, epsilon) corresponding to TF (j, epsilon) is sent to ve (j) through the road side unit, and the specific lattice of Ac (j, epsilon)The formula is as follows: ac (j, epsilon) ═ j, Ds_r(j，ε)，Ds_C′(j, ε)), wherein Ds_r(j, ε) is the digital signature in TF (j, ε); ds is a group of_C′(j，ε)＝Sign(j，Ds_r(j，ε))_sk(C)Is a digital signature of the first two parts of Ac (j, epsilon) by the authority using the Sign sub-algorithm and sk (c).

Further, after the follower receives the confirmation information Ac (j, ε), ve (j) first verifies Ds using the Verify sub-algorithm stored in the on-board unit and Pk (C)_C′(j, ε) and then extracting Ds from Ac (j, ε)_r(j, ε) and detects the presence or absence of Ds in the TF (j, ε) held by the on-board unit_r(j, ε) are the same; if yes, ve (j) considers that the authority has received TF (j, epsilon), so that TF (j, epsilon) in the vehicle-mounted unit is deleted; otherwise, when ve (j) travels into the communication range of another available rsu, it immediately attempts to report TF (j, epsilon) again to the authority.

Preferably, the authority iteratively updates the trust values of all unrevoked vehicles in the BI table at intervals of Γ according to the trust feedback records in the TF table.

Further, the specific step of iteratively updating the trust values of all unrevoked vehicles in the BI table is as follows:

respectively calculate according to the information in the TF table

VN represents a set of unapproved vehicles; in the time interval [ Ts_n′-Ω，Ts_n′]The number of broadcast messages nb (i) and the number of reporting feedback nr (i); where Ω > 0 is a system parameter to ensure that sufficient confidence feedback is available for most vehicles during this time interval:

Nb(i)＝|{＜Id_b，Id_r，Ds_b＞[Id_b＝i，Ts_n′-Ts_r≤Ω}|

Nr(i)＝|{＜Id_b，Id_r，Ds_b＞|Id_r＝i，Ts_n′-Ts_r≤Ω}|

updating BI tables

The values of the Nb and Nr fields of (1);

in descending order of Nb (i) and Nr (i), respectively

Sequencing to obtain two sequences, and respectively marking as Sb and Sr;

the ordinal numbers in Sb and 5r are denoted as Sb (i) and sr (i), respectively, where Sb (i), sr (i) 1, 2.

Is composed of

Deriving weights Wb (i) and Wr (i) corresponding to Sb (i) and Sr (i), respectively:

then, the authority makes the TF table have the information of

Deriving feedback reporter set fs (i) and triple set tt (i):

FS(i)＝{Id_r|Id_b＝i，Ts_n′-Ts_r≤Ω}∩{j|Ve(j)∈VN}

TT(i)＝{＜Id_r，Ds_b，Fs＞|Id_b＝i，Id_r∈FS(i)，Ts_n′-Ts_r≤Ω}

next, the authority updates the BI table

Has a value of Tr_n(i)。

Further, when the authority finishes the trust information update, the authority is immediately

Calculating the number of negative feedbacks nn (i) from different feedback reporters in the TF table:

Nn(i)＝|{Id_r|Id_b＝i，Id_r∈Fs(i)，Fs＝0，Ts_n′-Ts_r≤Ω}|

obtained from BI tables

The latest trust value of tr (i); if nn (i) > theta and tr (i) < tp (c), the authority sets the value of the Ir field of ve (i) in the BI table to TRUE (i.e., Ir (i) ═ TRUE) to withdraw ve (i) from the car networking system; where θ ∈ Z₊Tp (C) epsilon (0, 1) are system parameters set by an authority;

subsequently, the authority no longer generates a new trust certificate for ve (i), does not update the trust information of ve (i) in the BI table, and discards the trust feedback reported by ve (i); when the existing trust certificate of ve (i) expires, Ts_n- Ts_C(i) At > Γ', ve (i) is completely revoked.

An emergency message dissemination system based on trust cascade is used for realizing the emergency message dissemination method, and comprises the following steps:

the authority is provided with a first safety clock, a self public key Pk (C), a private key Sk (C) and a digital signature algorithm are arranged in the first safety clock, wherein the Pk (C) is public to all vehicles, the Sk (C) is safely stored by the authority, and a vehicle basic information table BI and a trust feedback table TF are arranged in the first safety clock; the BI table comprises a vehicle identifier Id, a public key Pk, a trust value Tr, a broadcast message frequency Nb, a report feedback frequency Nr and a revoked identifier Ir; the TF table contains a message broadcaster identifier Id_bFeedback reporter identifier Id_rThe digital signature Ds contained in the message_bFeedback fraction Fs to the message, timestamp Ts when the trust feedback is generated_r(ii) a The authority is used for providing registration and revocation services for the vehicle, and storing and updating trust information of the vehicle；

The vehicle-mounted unit is arranged on the vehicle, trusted hardware is assembled to safely store a vehicle private key Sk (i), a digital signature algorithm is executed, a second safety clock is operated, the second safety clock is consistent with the first safety clock, and wireless communication is realized among different vehicles through the vehicle-mounted unit; the trust certificate format is Tc (i), (i, pk (i), Tr (i), Ts_C(i)，Ds_C(i) In which Ts is_C(i) A timestamp representing tc (i) at generation, obtained by the first secure clock; ds is a group of_C(i)＝Sign(i，Pk(i)，rr(i)，Ts_C(i))_sk(C)Representing the authority's digital signature on the top four parts of Tc (i) using Sign sub-algorithm and Sk (C);

and the road side units are arranged on two sides of the road and provide communication interfaces for the authority and the vehicle-mounted unit.

Preferably, the vehicles are classified into a high authority level, a medium authority level and a low authority registration vehicle, and three kinds of trust values tr (i) from high to low are assigned.

Further, the initial value of the new vehicle trust value tr (i) is calculated as:

where HA, MA, LA represent the set of high, medium, and low authority class vehicles, respectively.

Preferably, the records nb (i), nr (i), and ir (i) of the newly registered vehicle in the BI table are set to 0, and FALSE, respectively.

Compared with the prior art, the invention has the following advantages and beneficial effects:

1. the method and the system for spreading the emergency message efficiently apply the entity-oriented trust value to the data-oriented trust evaluation, so that the evaluation result is more accurate.

2. The method and the system for spreading the emergency message have a good incentive mechanism, and can encourage the node to actively and honestly participate in the emergency message forwarding and the trust feedback report.

3. The emergency message spreading method and the emergency message spreading system can tolerate the conditions that an authority breaks down in a short time, part of road side units break down and the like.

4. The method and the system for spreading the emergency message can be compatible with special situations that a message publisher forges the message and a message receiver only receives one message and the like.

5. The method and the system for spreading the emergency message have good robustness and can effectively resist various external attacks and internal attacks.

Drawings

Fig. 1 is a diagram of an emergency message dissemination system model based on trust cascade of the present invention.

Detailed Description

For better understanding of the technical solutions of the present invention, the following detailed description is provided for the embodiments of the present invention with reference to the accompanying drawings, but the embodiments of the present invention are not limited thereto.

Example 1

As shown in fig. 1, an emergency message dissemination method and system based on trust cascade in the internet of vehicles:

step S1: authority initialization

When the model provided by the invention is deployed in a vehicle networking system, an authority firstly sets a clock of the authority and installs a digital signature algorithm DS (KeyGen, Sign, Verify), wherein KeyGen, Sign and Verify respectively represent a key generation, signature and verification sub-algorithm, and then generates a public key Pk (C) and a private key Sk (C) for the authority by using the KeyGen sub-algorithm, wherein Pk (C) is public to all vehicles, and Sk (C) is safely stored by the authority. In addition, to securely store trust information for a vehicle, an authority maintains a database containing two data tables, namely a basic information table and a trust feedback table, which are respectively identified as a BI table and a TF table. The BI table contains six fields, namely a vehicle identifier Id, a public key Pk, a trust value Tr, a number of broadcast messages Nb, a number of reporting feedbacks Nr and a revoked identifier Ir. The TF table contains five fields, namely the message broadcaster identifier Id_bFeedback reporter identifier Id_r、Digital signatures Ds included in messages_bFeedback score Fs for a message and timestamp T when a trust feedback is generated_sr。

Step S2: roadside unit initialization

When a new road side unit is installed on both sides of a road or a bad road side unit is replaced by the new road side unit, a wired communication channel needs to be established between the new road side unit and an authority. The new roadside unit then also becomes the vehicle's communication interface with the authority.

Step S3: vehicle registration

When a new vehicle registers in the internet of vehicles system, the authority first assigns it a unique identifier (e.g., i), which can be referred to as ve (i) accordingly. Subsequently, the authority uses the KeyGen sub-algorithm to generate public key Pk (i) and private key Sk (i) for ve (i), and equips the onboard unit of ve (i) with trusted hardware to securely store Sk (i), execute Sign sub-algorithm, and run a secure clock that is consistent with the authority's clock. In addition, the authority installs the Verify sub-algorithm and Pk (c) in the onboard unit of ve (i), and inserts a new record for ve (i) in the BI table, where the values of Id and Pk fields are i and Pk (i), respectively, and the values of the other fields (denoted as tr (i), nb (i), nr (i), and ir (i), respectively) are obtained from the following analysis:

as is known, the car networking system includes different types of vehicles, such as police cars, taxis, buses, ambulances, private cars, and the like. According to the authority grades, the model provided by the patent divides the vehicles into three types, namely high authority grade vehicles (referring to law enforcement vehicles, such as police cars and the like), medium authority grade vehicles (referring to public service vehicles managed by special departments, such as taxis, buses, ambulances and the like) and low authority grade vehicles (referring to other vehicles controlled by individuals, such as private cars and the like). Specifically, the initial value of tr (i) is calculated as:

where HA, MA, LA represent the set of high, medium, and low authority class vehicles, respectively. In addition, nb (i), nr (i), and ir (i) are set to 0, and FALSE, respectively, since the newly registered vehicle ve (i) did not send an urgent message, did not report trust feedback, and was not revoked by the authority.

Step S4: trust certificate request

When located in the available roadside unitIs within communication range of (a), the vehicle (e.g. ve (i)) requests a new trust certificate from the authority every Γ times (where Γ > 0 is a system parameter). Specifically, ve (i) sends its identifier i to the authority via the roadside unit, and if ve (i) is not revoked (i.e., ir (i) ═ FALSE), the authority generates a new trust certificate tc (i) for ve (i) based on the trust information in the BI table, in the format: tc (i), (pk (i), Tr (i), Ts_C(i)，Ds_c(i) In which Ts is_C(i) A timestamp representing the time of generation of tc (i), obtainable by an authority's clock; ds is a group of_C(i)＝Sign(i，Pk(i)，rr(i)，Ts_C(i))_sk(C)Representing the authority's digital signature on the top four parts of tc (i) using Sign sub-algorithm and sk (c).

Subsequently, the authority sends Tc (i) to ve (i) through the roadside unit, and ve (i) saves the Tc (i) in the vehicle-mounted unit and deletes the old trust certificate; if Tc (i) is not received, ve (i) requests a new trust certificate from the authority again immediately after entering the communication range of other available RSUs.

Step S5: emergency message dissemination

When an emergency (marked as epsilon) occurs, the report shows that epsilon is different (namely, the status of existence and the status of extinction are respectively marked as epsilon)⁺And ε^-) Can be disseminated among nearby vehicles. Specifically, ve (i) broadcasts an urgent message about ε in the format: ms (i, e) ═ tc (i), Mc (i, e), Ts_b(i，ε)，Ds_b(i, ε)), wherein Mc (i, ε) ═ ε⁺/ε^-Represents the state of epsilon; ts_b(i, ε) represents the timestamp of when Ms (i, ε) was generated, which can be obtained by a secure clock in ve (i) trusted hardware; ds is a group of_b(i，ε)＝Sign(Mc(i，ε)，Ts_b(i，ε))_Sk(i)Trusted hardware representing ve (i) uses the Sign sub-algorithm and Sk (i) pair (Mc (i, ε), Ts_b(i, epsilon)). In this step, trusted hardware guarantees ve (i) that Ts cannot be tampered with_b(i, ε), which also ensures that ve (i) and other vehicles cannot acquire Sk (i).

The setting of the decision trigger is a trade-off between the probability of a correct decision and the timeliness of the decision. The model provided by the scheme provides three distances for a unidirectional highway, namely a maximum sighting distance (recorded as Mw), a maximum decision distance (recorded as Md) and a maximum influence distance (recorded as Mi), wherein Mw is more than Md and less than Mi; while for complex roads Mw, Md and Mi can also be obtained in combination with digital maps. If the distance Ds (i, epsilon) along the road from the position of epsilon meets Ds (i, epsilon) epsilon [0, Mw ], ve (i) is a witness of epsilon; otherwise (i.e., if Ds (i, ε) ∈ (Mw, + ∞)), ve (i) is the follower of ε.

When a follower (e.g. ve (j)) receives an urgent message Ms (i, epsilon) about epsilon broadcast by a predecessor node (e.g. ve (i)), ve (j) first extracts Ds from Tc (i)_C(i) And verifies Ds using Verify sub-algorithm stored in the on-board unit and Pk (C)_C(i) (ii) a Then extracting Ts from Tc (i)_C(i) And obtaining the current time Ts from the secure clock_nTo verify Ts_n-Ts_C(i) Γ ≦ (i.e., detect tc (i) is expired, where Γ' > Γ is a system parameter); then extracting Pk (i) from Tc (i) and validating Ds using the Verify sub-algorithm stored in the onboard unit and Pk (i)_b(i, ε); finally verify Ts_n-Ts_b(i) Less than or equal to phi (i.e. detecting whether Ms (i, epsilon) is expired, where phi > 0 is a system parameter).

If all the verification is not passed, ve (j) considers that Ms (i, epsilon) is illegal and directly discards the Ms (i, epsilon); otherwise ve (j) obtains the location of epsilon from Mc (i, epsilon) and the vehicle's own position from the GPS module, then calculates the distance Ds (j, epsilon) between the two positions along the road and uses the following strategy:

1) if Ds (j, ε) e (Mi, + ∞), i.e. ve (j), is outside the influence range of ε, then directly discard Ms (i, ε);

2) if Ds (j, ε) e (Md, Mi ], ve (j) adds Ms (i, ε) to the set of urgent messages on ε MS (j, ε) but is not an urgent decision. In addition, if ve (j) receives multiple messages for ε from the same predecessor node, only the latest one is saved.

3) If Ds (j, epsilon) epsilon (Mw, Md), ve (j) makes a decision immediately based on the messages in the set of MS (j, epsilon). Specifically, ve (j) first derives a confidence value Dt (j, ε) for ε according to the following formula:

wherein | | | represents the number of elements in the set; tr (i) represents the entity-oriented trust value of ve (i) in Tc (i); mc' (i, ε) can be transformed by Mc (i, ε), i.e.

Since tr (i) e [0, 1], Mc' (i, e) ± 1, Dt (j, e) e [ -1, 1] can be easily obtained. In addition, in the above calculation of Dt (j, ε), Tr (i) is taken as an important weight. In other words, entity-oriented trust values are efficiently introduced into data-oriented trust evaluations.

Then ve (j) can make the following specific decision according to Dt (j, epsilon) and the trust parameter tp (j) epsilon [0, 1 ]:

1) if Dt (j, ε) e [ Tp (j), 1]Ve (j) trust ε⁺And immediately follows ∈⁺And (e.g., reducing the speed of the vehicle). In addition, if ve (j) is an honest vehicle, a new message Ms (j, epsilon) is broadcast (where Mc (j, epsilon) ═ epsilon)⁺) To notify the subsequent vehicle; if ve (j) is a malicious vehicle, a new message Ms (j, epsilon) is broadcast (where Mc (j, epsilon) ═ epsilon)^-) To cheat subsequent vehicles;

2) if Dt (j, ε) e [ -1, -Tp (j)]Ve (j) trust ε^-And immediately follows ∈^-And (e.g., returning to vehicle speed, etc.). In addition, if ve (j) is an honest vehicle, a new message Ms (j, epsilon) is broadcast (where Mc (j, epsilon) ═ epsilon)^-) To notify the subsequent vehicle; if ve (j) is a malicious vehicle, a new message Ms (j, epsilon) is broadcast (where Mc (j, epsilon) ═ epsilon)⁺) To cheat subsequent vehicles;

3) if Dt (j, ε) e [0, Tp (j)), ve (j) trusts ε to some extent⁺And immediately follows ∈⁺Act (e.g., reduce vehicle speed, etc.) but not broadcast new messages to subsequent vehicles;

4) if Dt (j, ε) e (-Tp (j), 0), ve (j) trusts e to some extent^-And immediately follows ∈^-Act (e.g., resume vehicle speed, etc.), but not broadcast a new message to subsequent vehicles.

Step S6: trust feedback reporting

When the follower (e.g., ve (j)) travels to a position near ε (i.e., Ds (j, ε) ∈ [0 ], Mw]) Then, the real state of epsilon (marked As (j, epsilon) ∈ epsilon { epsilon) } can be sensed⁺，ε^-}). If As (j, ε) does not match the previously reported status of ve (j), ve (j) broadcasts a new message to subsequent vehicles.

In addition, ve (j) is able to evaluate the quality of each message in the set of MSs (j, epsilon). Specifically, ve (j) is first expressed by the following formula

Calculating a feedback score:

then is that

Generating confidence feedback, i.e., Tf (i, j, ε) — (i, Fs (i, j, ε), Mc (i, ε), Ts_b(i，ε)，Ds_b(i, ε)), where i is the identifier of the message broadcaster, Mc (i, ε), Ts_b(i, ε) and Ds_b(i, ε) is an element in Ms (i, ε). For convenience of illustration, if Fs (i, j, e) ═ 1, Tf (i, j, e) is called a positive feedback; if Fs (i, j, epsilon) ═ 0, Tf (i, j, epsilon) is called a negative feedback.

Then ve (j) constructs a set of trust feedbacks for ε:

wherein j represents an identifier of the feedback reporter; ts_r(j, ε) represents the timestamp of TF (j, ε) when generated, which can be obtained by a secure clock in ve (j) trusted hardware;

the trusted hardware representing ve (j) uses the Sign sub-algorithm and Sk (j) to digitally Sign the first three parts of TF (j, ε). In this step, trusted hardware guaranteesVe (j) tamper-proof Ts_r(j, ε), also ensure that ve (j) and other vehicles cannot acquire Sk (j).

Ve (j) then saves TF (j, epsilon) in the on board unit and reports it to the authority when driving into communication range of the available roadside units.

In addition, in this step, the malicious vehicle (e.g. ve (j)) can be calculated by modifying the calculation formula of Fs (i, j, epsilon) to be

To raise the trust value of the vehicle with which the collusion is concerned (the set of which is denoted as vc (j)) and to devalue the trust values of other vehicles.

Step S7: trust information update

When the authority receives a trust feedback set TF (j, epsilon) signed by ve (j) and about epsilon, first extracts the identifier j of ve (j) from TF (j, epsilon) and retrieves ir (j) and pk (j) from BI table, then verifies that ir (j) ═ FALSE (i.e. verifies that ve (j) is not revoked), and verifies Ds using Verify sub-algorithm and pk (j)_r(j, ε). If the search or verification fails, the authority considers TF (j, epsilon) illegal and directly discards it; otherwise, the authority obtains the current time Ts from its clock_n′And extracts the confidence feedback from TF (j, epsilon) and then verifies each confidence feedback (e.g., TF (i, j, epsilon)) as follows:

extracting an identifier i of ve (i) from Tf (i, j, epsilon), retrieving Ir (i) and Pk (i) from a BI table, and then verifying that i ≠ j (i.e. detecting whether ve (j) manifests itself); verify ir (i) FALSE (i.e. detect if ve (i) is revoked); verification of Ds Using the Verify sub-algorithm and Pk (i)_b(i, ε); verification Ts_n，-Ts_b(i, epsilon) ≦ Ψ (where Ψ > 0 is a system parameter, i.e., it is detected whether Tf (i, j, epsilon) is sufficiently fresh); verifying Fs (i, j, epsilon) epsilon {0, 1} (i.e., detecting whether the value of Fs (i, j, epsilon) belongs to {0, 1 }).

If the above verifications are not all passed, the authority considers Tf (i, j, epsilon) illegal and discards it, otherwise, the authority inserts a new record into the TF table for Tf (i, j, epsilon), wherein the values of five fields are i, j and Ds respectively_b(i，ε)、Fs(iJ, ε) and Ts_r(j, ε). In addition, if there is a previous record and a new inserted record on Id_b、Id_rAnd Ds_bThe values of the fields are all the same and the authority deletes the previous record.

Subsequently, the authority generates and sends the confirmation information Ac (j, epsilon) corresponding to the TF (j, epsilon) to ve (j) through the road side unit, wherein the specific format of Ac (j, epsilon) is as follows: ac (j, epsilon) ═ j, Ds_r(j，ε)，Ds_C′(j, ε)), wherein Ds_r(j, ε) is the digital signature in TF (j, ε); ds is a group of_C′(j，ε)＝Sign((j，Ds_r(j，ε))_sk(C)Is a digital signature of the first two parts of Ac (j, epsilon) by the authority using the Sign sub-algorithm and sk (c).

After Ac (j, ε) is received, ve (j) first verifies Ds using the Verify sub-algorithm stored in the on-board unit and Pk (C)_C′(j, ε) and then extracting Ds from Ac (j, ε)_r(j, ε) and detects the presence or absence of Ds in the TF (j, ε) held by the on-board unit_r(j, ε) are the same. If yes, ve (j) considers that the authority has received TF (j, epsilon), so that TF (j, epsilon) in the vehicle-mounted unit is deleted; otherwise, when ve (j) travels into the communication range of another available rsu, it immediately attempts to report TF (j, epsilon) again to the authority.

In addition, the authority iteratively updates the trust values of all unrevoked vehicles (the set of which is marked as VN) in the BI table according to the trust feedback records in the TF table at intervals of Γ. Specifically, the authority first calculates separately based on the information in the TF table

In the time interval [ Ts_n′-Ω，Ts_n′](where Ω > 0 is a system parameter that ensures that sufficient trusted feedback is available for most vehicles in this time interval) and the number of broadcast messages (denoted as nb (i)) and the number of reported feedbacks (denoted as nr (i)):

Nb(i)＝|{＜Id_b，Id_r，Ds_b＞|Id_b＝i，Ts_n，-Ts_r≤Ω}|

Nr(i)＝|{＜Id_b，Id_r，Ds_b＞|Id_r＝i，Ts_n′-Ts_r≤Ω}|

then updating BI table

Nb and Nr field of (a). Subsequently, the authorities pair in descending order Nb (i) and Nr (i), respectively

Sequencing is carried out to obtain two sequences which are marked as Sb and Sr respectively.

The ordinal numbers in Sb and 5r are denoted as Sb (i) and sr (i), respectively, where Sb (i), sr (i) 1, 2. Further, the authority can be

Deriving weights Wb (i) and Wr (i) corresponding to Sb (i) and Sr (i), respectively:

it is easy to derive from the above formulas that Wb (i) and Wr (i) both range from [0.5, 1 ].

The authority can then be able to do so based on the information in the TF table

Deriving feedback reporter set fs (i) and triple set tt (i):

FS(i)＝{Id_r|Id_b＝i，Ts_n′-Ts_r≤Ω}∩{j|Ve(j)∈VN}

TT(i)＝{＜Id_r，Ds_b，Fs＞|Id_b＝i，Id_r∈FS(i)，Ts_n′-Ts_r≤Ω}

and according to the following formula

Calculating a new trust value trn (i):

wherein Tr (i) represents the current trust value of ve (i) in the BI table; λ ∈ (0, 1) is a decay factor set by the authority; tt (i, j, epsilon) < j, Ds_b(i，ε)，Fs(i，j，ε)＞。

In other words, if ∑_Tt(i，j_{，ε)∈TT(i)}Tr(j)＞0，Tr_n(i) Calculated as the product of the weighted sum of (wb (i) + wr (i))/2 and Fs (i, j, epsilon), with the confidence value tr (j) of the feedback reporter taken as the important weight; otherwise, Tr_n(i) Is calculated as the product of the attenuation factor and ve (i) the current trust value tr (i).

Next, the authority updates the BI table

Has a value of Tr_n(i)。

Step S8: vehicle revocation

Whenever the authority completes the trust information update in step S6, it is immediately

Calculating the number of negative feedbacks nn (i) from different feedback reporters in the TF table:

Nn(i)＝|{Id_r|Id_b＝i，Id_r∈Fs(i)，Fs＝0，Ts_n′-Ts_r≤Ω}|

then obtaining from BI table

The latest trust value tr (i). If Nn (i) > θ and Tr (i) < Tp (C) (where θ ∈ Z₊Tp (C) epsilon (0, 1) is set by an authoritySystem parameters), the authority sets the value of the Ir field of ve (i) in the BI table to TRUE (i.e., Ir (i) ═ TRUE) to revoke ve (i) from the internet of vehicles system. Subsequently, the authority no longer generates new trust certificates for ve (i), and does not update the trust information of ve (i) in the BI table, and discards the trust feedback reported by ve (i). When the existing trust certificate of ve (i) expires (i.e. Ts)_n-Ts_C(i) > Γ'), ve (i) is completely revoked.

Example 2

An emergency message dissemination system based on trust cascade is used for realizing the emergency message dissemination method of the embodiment 1, and comprises the following steps:

the authority is provided with a first safety clock, a self public key Pk (C), a private key Sk (C) and a digital signature algorithm are arranged in the first safety clock, wherein the Pk (C) is public to all vehicles, the Sk (C) is safely stored by the authority, and a vehicle basic information table BI and a trust feedback table TF are arranged in the first safety clock; the BI table comprises a vehicle identifier Id, a public key Pk, a trust value Tr, a broadcast message frequency Nb, a report feedback frequency Nr and a revoked identifier Ir; the TF table contains a message broadcaster identifier Id_bFeedback reporter identifier Id_rThe digital signature Ds contained in the message_bFeedback fraction Fs to the message, timestamp Ts when the trust feedback is generated_r(ii) a The authority is used for providing registration and revocation services for the vehicle, and storing and updating trust information of the vehicle;

the vehicle-mounted unit is arranged on the vehicle, trusted hardware is assembled to safely store a vehicle private key Sk (i), a digital signature algorithm is executed, a second safety clock is operated, the second safety clock is consistent with the first safety clock, and wireless communication is realized among different vehicles through the vehicle-mounted unit; the trust certificate format is Tc (i), (i, pk (i), Tr (i), Ts_C(i)，Ds_C(i) In which Ts is_C(i) A timestamp representing tc (i) at generation, obtained by the first secure clock; ds is a group of_c(i)＝Sign(i，Pk(i)，Tr(i)，Ts_c(i))_sk(c)Representing the authority's digital signature on the top four parts of Tc (i) using Sign sub-algorithm and Sk (C);

and the road side units are arranged on two sides of the road and provide communication interfaces for the authority and the vehicle-mounted unit.

Dividing the vehicle into a high authority level, a medium authority level and a low authority registration vehicle, and giving three trust values Tr (i) from high to low; the initial value of tr (i) is calculated as:

where HA, MA, LA represent the set of high, medium, and low authority class vehicles, respectively.

The records nb (i), nr (i), and ir (i) of the newly registered vehicle in the BI table are set to 0, and FALSE, respectively.

The above embodiments are preferred embodiments of the present invention, but the present invention is not limited to the above embodiments, and any other changes, modifications, substitutions, combinations, and simplifications which do not depart from the spirit and principle of the present invention should be construed as equivalents thereof, and all such changes, modifications, substitutions, combinations, and simplifications are intended to be included in the scope of the present invention.

Claims (10)

1. An emergency message dissemination method based on trust cascade in the Internet of vehicles is characterized in that:

when an authority is initialized, setting a first safety clock, generating a self public key Pk (C) and a private key Sk (C), and generating a vehicle basic information table BI and a trust feedback table TF;

when a new road side unit is initialized, a wired communication channel is established between the new road side unit and an authority;

when a new vehicle is registered, an authority allocates a unique identifier i for the new vehicle, the vehicle is recorded as ve (i), a public key Pk (i) and a private key Sk (i) based on the identifier are generated, a digital signature algorithm Verify sub-algorithm and Pk (C) are installed in a vehicle-mounted unit of the new vehicle, and a new record [ i, Pk (i), Tr (i), Nb (i), Nr (i) and Ir (i) ] is inserted for ve (i) in a basic information table of the vehicle;

when the vehicle is located in the communication range of the available road side unit, requesting and updating a trust certificate to an authority at intervals of a preset period gamma, wherein gamma is larger than 0;

when an emergency event epsilon occurs, judging whether the vehicle is a witness or a follower according to the distance between the position of the emergency event and the vehicle;

when the vehicle is a witness, an emergency message is broadcast in the format:

Ms(i，ε)＝(Tc(i)，Mc(i，ε)，Ts_b(i，ε)，Ds_b(i，ε))

wherein Mc (i, epsilon) ═ epsilon⁺/ε^-Denotes the state of ε⁺Indicating an emergency event as a persistent state, epsilon^-Indicating that the emergency event is a death state; ts_b(i, ε) represents the timestamp of when Ms (i, ε) was generated, which can be obtained by a secure clock in ve (i) trusted hardware; ds is a group of_b(i，ε)＝Sign(Mc(i，ε)，Ts_b(i，ε))_Sk(i)Trusted hardware representing ve (i) uses the Sign sub-algorithm and Sk (i) pair (Mc (i, ε), Ts_b(i, epsilon));

when the vehicle is a follower ve (j), receiving broadcast information Ms (i, epsilon) of the predecessor node about the emergency event, and extracting Ds from Tc (i)_C(i) And using Verify sub-algorithm of Verify and Pk (C) to Verify Ds_C(i) (ii) a Then extracting Ts from Tc (i)_C(i) And obtaining the current time Ts from the second secure clock_nTo verify Ts_n-Ts_C(i) Gamma ' is detected, namely Tc (i) is detected whether the expiration exists, wherein gamma ' is a system parameter and gamma ' is more than gamma; next, Pk (i) is extracted from Tc (i) and Ds is verified using the Verify sub-algorithm and Pk (i)_b(i, ε); finally verify Ts_n-Ts_b(i) Detecting whether Ms (i, epsilon) is expired or not, wherein phi is a system parameter and phi is more than 0;

if the verification of the follower on the precursor node is not passed completely, ve (j) considers that Ms (i, epsilon) is illegal and directly discards the Ms (i, epsilon); otherwise, ve (j) obtains the position of epsilon and the position of the vehicle from Mc (i, epsilon), and calculates the distance Ds (j, epsilon) between the follower and the emergency; the follower makes a decision according to the judgment of the distance from the emergency event relative position;

when a follower ve (j) drives near the location of ε, the true state of ε is perceived As (j, ε) ε { ε⁺，ε^-If As (j, epsilon) does not coincide with the previously reported status of ve (j), ve (j) broadcasts a new message to subsequent vehicles regarding the emergency event;in addition, the ve (j) evaluates the quality of the received broadcast information, constructs a trust feedback set for the emergency event and reports the trust feedback set to an authority;

when the authority receives the trust feedback set, verifying whether a follower in the trust feedback information is revoked, verifying whether a digital signature is legal, and verifying whether the trust feedback is overdue, if the verification on the trust feedback set is not passed completely, the authority determines that the trust feedback information is illegal and discards the trust feedback information, and if the verification on the trust feedback set is passed completely, a new record about the trust feedback information is inserted into the TF table; subsequently, the authority generates confirmation information of the trust feedback set and sends the confirmation information to the follower ve (j);

and after receiving the confirmation information, the follower ve (j) verifies whether the digital signature is legal and is consistent with the digital signature in the trust feedback information, so as to confirm whether the authority receives the trust feedback information, if the authority receives the trust feedback information, the trust feedback set in the ve (j) vehicle-mounted unit is deleted, and if not, the trust feedback information is reported to the authority again.

2. The method according to claim 1, wherein the strategy for the follower to make a decision based on the relative location distance Ds (j, epsilon) to the emergency event is as follows:

if Ds (j, ε) e (Mi, + ∞), Mi represents the maximum influence distance, i.e., ve (j) is outside the influence range of ε, directly discarding Ms (i, ε);

if Ds (j, epsilon) e (Md, Mi), Md represents the maximum decision distance, ve (j) adds Ms (i, epsilon) to the set of urgent messages about epsilon MS (j, epsilon) but is not urgent to make a decision;

if Ds (j, epsilon) epsilon (Mw, Md), ve (j) makes a decision immediately based on the messages in the set of MS (j, epsilon).

3. The method as claimed in claim 2, wherein the step of Ve (/) making a decision immediately based on the message in the MS (j, epsilon) set comprises:

ve (j) derives a confidence value Dt (j, epsilon) for epsilon according to the following formula:

wherein | | | represents the number of elements in the set; tr (i) represents the entity-oriented trust value of ve (i) in Tc (i); mc' (i, ε) can be transformed by Mc (i, ε), i.e.

Ve (j) can make the following specific decision according to Dt (j, epsilon) and the trust parameter Tp (j) epsilon [0, 1 ]:

1) if Dt (j, ε) e [ Tp (j), 1]Ve (j) trust ε⁺And immediately follows ∈⁺Performing action; in addition, if ve (j) is an honest vehicle, a new message Ms (j, epsilon) is broadcast to notify the following vehicles, where Mc (j, epsilon) ═ epsilon⁺(ii) a If ve (j) is a malicious vehicle, a new message Ms (j, epsilon)) is broadcast to cheat subsequent vehicles, where Mc (j, epsilon) ═ epsilon^-；

2) If Dt (j, ε) e [ -1, -Tp (j)]Ve (j) trust ε^-And immediately follows ∈^-Performing action; in addition, if ve (j) is an honest vehicle, a new message Ms (j, epsilon) is broadcast to notify the following vehicles, where Mc (j, epsilon) ═ epsilon^-(ii) a If ve (j) is a malicious vehicle, a new message Ms (j, epsilon) is broadcast to cheat subsequent vehicles, wherein Mc (j, epsilon)⁺；

3) If Dt (j, ε) e [0, Tp (j)), ve (j) trusts ε to some extent⁺And immediately follows ∈⁺Act, but not broadcast, new messages to subsequent vehicles;

4) if Dt (j, ε) e (-Tp (j), 0), ve (j) trusts e to some extent^-And immediately follows ∈^-Act, but not broadcast, new messages to subsequent vehicles.

4. The emergency message dissemination method of claim 2 wherein said Ve (/) performs a quality assessment of the received broadcast information and constructs a set of trust feedback for the emergency event by:

calculating a feedback score for Ms (i, e) according to the following equation:

generating a trust feedback Tf (i, j, epsilon) for Ms (i, epsilon), and if Fs (i, j, epsilon) is 1, calling Tf (i, j, epsilon) as a positive feedback; if Fs (i, j, epsilon) ═ 0, we call Tf (i, j, epsilon) a negative feedback;

construct a trust feedback set for ε:

Ts_r(j, ε) represents the timestamp of TF (j, ε) when generated, which can be obtained by ve (j) the second secure clock;

representing a digital signature over the first three portions of TF (j, epsilon) using Sign sub-algorithm and sk (j); MS (j, epsilon) represents the set of broadcast information received by ve (j).

5. The method according to claim 4, wherein the step of verifying when the authority receives the set of trust feedbacks TF (j, epsilon) with respect to epsilon is specifically:

extracting an identifier j of ve (j) from TF (j, epsilon) and retrieving Ir (j) and Pk (j) from a BI table;

verify that ir (j) ═ FALSE, i.e. Verify that ve (j) has not been revoked, and Verify Ds using Verify sub-algorithm and pk (j)_r(j，ε)；

If the search or verification fails, the authority considers TF (j, epsilon) illegal and directly discards it; otherwise, the authority obtains the current time Ts from its clock_n′And extracting trust feedback from the TF (j, epsilon), verifying each trust feedback as TF (i, j, epsilon) as follows:

extracting an identifier i of ve (i) from Tf (i, j, epsilon), retrieving Ir (i) and Pk (i) from a BI table, and then verifying that i is not equal to j, namely detecting whether ve (j) is self-expicity; verify ir (i) ═ FALSE, i.e. detect if ve (i) is revoked; by usingVerify Ds using Verify sub-algorithm and Pk (i)_b(i, ε); verification Ts_n′-Ts_b(i, epsilon) ≦ Ψ, where Ψ > 0 is a system parameter, i.e., it is detected whether Tf (i, j, epsilon) is sufficiently fresh; verifying Fs (i, j, epsilon) to be {0, 1}, namely detecting whether the value of Fs (i, j, epsilon) belongs to {0, 1 });

if the above verifications are not all passed, the authority considers Tf (i, j, epsilon) illegal and discards it, otherwise, the authority inserts a new record into the TF table for Tf (i, j, epsilon), wherein the values of five fields are i, j and Ds respectively_b(i, ε), Fs (i, j, ε) and Ts_r(j, ε); if there is a previous record and a new inserted record on Id_b、Id_rAnd Ds_bThe values of the fields are all the same and the authority deletes the previous record.

6. The method according to claim 5, wherein the acknowledgement information Ac (j, epsilon) corresponding to TF (j, epsilon) is sent to ve (j) by the roadside unit, and the specific format of Ac (j, epsilon) is: ac (j, epsilon) ═ j, Ds_r(j，ε)，Ds_C′(j, ε)), wherein Ds_r(j, ε) is the digital signature in TF (j, ε); ds is a group of_C′(j，ε)＝Sign(j，Ds_r(j，ε))_Sk(C)Is a digital signature of the first two parts of Ac (j, epsilon) by the authority using the Sign sub-algorithm and sk (c).

7. The emergency message dissemination method according to claim 1, wherein said authority iteratively updates the trust values of all unrevoked vehicles in said BI table every Γ times according to trust feedback records in said TF table.

8. The urgent message dissemination method according to claim 7, wherein said specific step of iteratively updating the trust values of all unrevoked vehicles in the BI table is:

respectively calculate according to the information in the TF table

VN representationA set of unrevoked vehicles; in the time interval [ Ts_n′-Ω，Ts_n′]The number of broadcast messages nb (i) and the number of reporting feedback nr (i); where Ω > 0 is a system parameter to ensure that sufficient confidence feedback is available for most vehicles during this time interval:

Nb(i)＝|{＜Id_b，Id_r，Ds_b＞|Id_b＝i，Ts_n′-Ts_r≤Ω}|

Nr(i)＝|{＜Id_b，Id_r，Ds_b＞|Id_r＝i，Ts_n′-Ts_r≤Ω}|

updating BI tables

The values of the Nb and Nr fields of (1);

in descending order of Nb (i) and Nr (i), respectively

Sequencing to obtain two sequences, and respectively marking as Sb and Sr;

the ordinal numbers in Sb and Sr are denoted as Sb (i) and Sr (i), respectively, where Sb (i), Sr (i) ═ 1, 2.., or | VN |;

is composed of

Deriving weights Wb (i) and Wr (i) corresponding to Sb (i) and Sr (i), respectively:

then, the authority makes the TF table have the information of

Deriving feedback reporter set fs (i) and triple set tt (i):

FS(i)＝{Id_r|Id_b＝i，Ts_n′-Ts_r≤Ω}∩{j|Ve(j)∈VN}

TT(i)＝{＜Id_r，Ds_b，Fs＞|Id_b＝i，Id_r∈FS(i)，Ts_n′-Ts_r≤Ω}

next, the authority updates the BI table

Has a value of Tr_n(i)。

9. The emergency message dissemination method of claim 8, wherein the authority immediately updates the trust information by

Calculating the number of negative feedbacks nn (i) from different feedback reporters in the TF table:

Nn(i)＝|{Id_r|Id_b＝i，Id_r∈FS(i)，Fs＝0，Ts_n′-Ts_r≤Ω}|

obtained from BI tables

The latest trust value of tr (i); if nn (i) > theta and tr (i) < tp (c), the authority sets the value of the Ir field of ve (i) in the BI table to TRUE (i.e., Ir (i) ═ TRUE) to withdraw ve (i) from the car networking system; where θ ∈ Z₊Tp (C) epsilon (0, 1) are system parameters set by an authority;

subsequently, the authority no longer generates a new trust certificate for ve (i), does not update the trust information of ve (i) in the BI table, and discards the trust feedback reported by ve (i); when the existing trust certificate of ve (i) expires, Ts_n-Ts_C(i) At > Γ', ve (i) is completely revoked.

10. An emergency message dissemination system based on trust cascade in the internet of vehicles, for implementing the emergency message dissemination method of any one of the above claims 1-9, comprising:

the authority is provided with a first safety clock, a self public key Pk (C), a private key Sk (C) and a digital signature algorithm are arranged in the first safety clock, wherein the Pk (C) is public to all vehicles, the Sk (C) is safely stored by the authority, and a vehicle basic information table BI and a trust feedback table TF are arranged in the first safety clock; the BI table comprises a vehicle identifier Id, a public key Pk, a trust value Tr, a broadcast message frequency Nb, a report feedback frequency Nr and a revoked identifier Ir; the TF table contains a message broadcaster identifier Id_bFeedback reporter identifier Id_rThe digital signature Ds contained in the message_bFeedback fraction Fs to the message, timestamp Ts when the trust feedback is generated_rThe authority is used for providing registration and revocation services for the vehicle, and storing and updating trust information of the vehicle;

the vehicle-mounted unit is arranged on the vehicle, trusted hardware is assembled to safely store a vehicle private key Sk (i), a digital signature algorithm is executed, a second safety clock is operated, the second safety clock is consistent with the first safety clock, and wireless communication is realized among different vehicles through the vehicle-mounted unit; the trust certificate format is Tc (i), (i, pk (i), Tr (i), Ts_C(i)，Ds_C(i) In which Ts is_C(i) A timestamp representing tc (i) at generation, obtained by the first secure clock; ds is a group of_C(i)＝Sign(i，Pk(i)，Tr(i)，Ts_C(i))_Sk(C)Representing the authority's digital signature on the top four parts of Tc (i) using Sign sub-algorithm and Sk (C);

and the road side units are arranged on two sides of the road and provide communication interfaces for the authority and the vehicle-mounted unit.

Images