CN113596778A - Vehicle networking node anonymous authentication method based on block chain - Google Patents

Vehicle networking node anonymous authentication method based on block chain Download PDF

Info

Publication number
CN113596778A
CN113596778A CN202110856001.6A CN202110856001A CN113596778A CN 113596778 A CN113596778 A CN 113596778A CN 202110856001 A CN202110856001 A CN 202110856001A CN 113596778 A CN113596778 A CN 113596778A
Authority
CN
China
Prior art keywords
vehicle
information
rsu
public key
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110856001.6A
Other languages
Chinese (zh)
Inventor
王心妍
贾峥
李东
张静
郭少勇
陈鑫
阮琳娜
苏天弘
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202110856001.6A priority Critical patent/CN113596778A/en
Publication of CN113596778A publication Critical patent/CN113596778A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/06Optimizing the usage of the radio link, e.g. header compression, information sizing, discarding information
    • H04W28/065Optimizing the usage of the radio link, e.g. header compression, information sizing, discarding information using assembly or disassembly of packets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Algebra (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a block chain-based anonymous authentication method for nodes in the Internet of vehicles, which comprises the following steps: (1) initializing a system; (2) the central law enforcement agency LEA packs the registration request information of the vehicle and the public key information of the vehicle into a generated transaction and uploads the transaction to the block chain network, and meanwhile, a certificate is issued to the vehicle through the central management agency TA; (3) authenticating the vehicle and the Road Side Unit (RSU); (4) vehicle and vehicle authentication, the effectual central server that has solved in the prior art car networking system makes when the data bulk is too big the central server paralysis lead to appearing central trouble, inquire user certificate list when the vehicle is great and can bring great time delay, communication transmission inefficiency, potential safety hazard's problem.

Description

Vehicle networking node anonymous authentication method based on block chain
Technical Field
The invention relates to the field of identity authentication, in particular to a vehicle networking node anonymous authentication method based on a block chain.
Background
In recent years, the internet of vehicles is a specific application of the internet of things in the field of intelligent transportation, vehicles in the internet of vehicles sense self driving information and surrounding environment information through vehicle-mounted sensors and communicate with other vehicles and road side units through the mobile internet, so that safe and efficient traffic service is obtained, and driving risks are reduced. The authentication technology is an important component in a safety mechanism of the Internet of vehicles, and reasonable identity authentication can not only check the legality of the identity of an accessed vehicle, but also effectively ensure the safety of node communication inside the Internet of vehicles.
After searching, comparing and analyzing the existing papers and patents, the following representative prior art information is screened out:
in the prior art scheme 1, a pseudonym change car networking privacy protection certification method based on mixed context is disclosed in scheme 1 (application number: CN201910105714.1, published: 2019.07.30). A trusted authority needs to generate three random numbers as a private key of the trusted authority when a system in scheme 1 is initialized, basic certification information such as a delivery address, a car name and a car license needs to be packaged and transmitted to a car when the car moves to the vicinity of the trusted authority, and an anonymous mode needs to be selected to prove the legality of a communication entity in order to protect the privacy of the entity.
In the prior art scheme 2, a group signature-based privacy protection and authentication method for the Internet of vehicles is disclosed in scheme 2 (application number: CN201910268580.5, published date: 2019.05.31). A key generation scheme and a DSA signature algorithm based on the Chinese remainder theorem not only can ensure the anonymity of the Internet of vehicles environment, but also can track member identity information by opening a signature when traffic escape occurs, thereby providing traceability for an authorized party. Meanwhile, the method has an efficient dynamic revocable function when group members send malicious messages or disputes exist, and the scheme 2 has anonymity, traceability and anti-evil attack functions.
Prior art scheme 3: scheme 3 (application number: CN201710364876.8, published date: 2017.07.28) discloses a dynamically adjustable k-anonymous location privacy protection method in VANET, and scheme 3 analyzes user historical behavior data by a data mining method, finds location privacy preferences of users, establishes a location privacy preference model to predict the location privacy preferences of target users in different contexts, and dynamically adjusts a location privacy protection degree k value to meet different requirements of the users on service quality.
Although the authentication method based on the pseudonym is realized in the prior art scheme 1, each authentication needs to be participated in by the trusted center, so that the risk of single-point failure exists, and meanwhile, due to lack of supervision of the trusted center, if the trusted center is paralyzed due to too high flow or information of the trusted center is illegally tampered and is not found in time, serious potential safety hazard is brought to the system; although the prior art scheme 2 has the functions of anonymity, traceability and anti-trap attack, querying the user certificate list when the number of vehicles is large brings about a large time delay; although the privacy protection is realized to a certain degree in the prior art scheme 3, since the vehicles in the VANETS are all in a high-speed moving state, it is difficult to maintain a stable anonymous area, and there is an error in analyzing the position privacy data according to the historical behavior, and the fixed k-anonymity scheme is not good for the all-round protection of the position privacy of the user vehicle.
In summary, in the car networking system in the prior art, when the data volume is too large, the central server is broken down, which causes a central fault, and when the number of vehicles is large, the user certificate list is inquired, which causes a large time delay, low communication transmission efficiency and potential safety hazard.
The present invention therefore provides a new solution to this problem.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a vehicle networking node anonymous authentication method based on a block chain, which effectively solves the problems that a central server is paralyzed to cause central failure when the data volume is overlarge, and a user certificate list is inquired when the number of vehicles is large in the prior art, so that the time delay is large, the communication transmission efficiency is low and the potential safety hazard is caused.
The technical scheme for solving the problem is that the vehicle networking node anonymous authentication method based on the block chain comprises the following steps:
(1) initializing a system;
(2) the central law enforcement agency LEA packs the registration request information of the vehicle and the public key information of the vehicle into a generated transaction and uploads the transaction to the block chain network, and meanwhile, a certificate is issued to the vehicle through the central management agency TA;
(3) authenticating the vehicle and the Road Side Unit (RSU);
(4) and authenticating the vehicle with the vehicle.
The system is initialized, a central management organization TA creates block chain accounts for the road side units RSU of each block chain node and generates intelligent contracts to be deployed in a block chain network, the central management organization TA determines system cryptography parameters L, road side unit RSU identity information is generated for each road side unit RSU, unique identifiers of the road side units RSU and public key information of the road side units RSU are issued to the block chains for identity authentication of subsequent vehicles and the road side units RSU, a central law enforcement agency LEA packs registration request information of the vehicles and the public key information of the vehicles into generated transactions to be uploaded to the block chain network, the central management organization TA issues the vehicles with certificates, the vehicles obtain the issued certificates represent that the subsequent vehicles are qualified to authenticate with the road side units RSU, and the road side units RSU can inquire the public key information of the vehicles in the block chain network through the intelligent contracts, when a vehicle in the internet of vehicles enters the communication range of the RSU for the first time, anonymous key registration needs to be carried out on the RSU, a communication authentication code needs to be generated, a public key associated with a real identity is replaced by the communication authentication code to be communicated with the communication authentication code, the communication authentication code is regularly updated and recorded in a block chain, after the vehicle and the RSU are successfully authenticated, the vehicle and the RSU can be communicated with the RSU and enjoy various services provided by the vehicle network, such as road condition information, navigation and the like, and meanwhile, the premise of vehicle and vehicle authentication is also provided, when the vehicle and the vehicle are authenticated, the authenticated vehicle firstly sends a workshop communication request, namely, sends a request authentication, before mutual communication, bidirectional authentication and temporary session key negotiation need to be completed through the communication authentication code, the anonymous key can be regularly updated, and after the vehicle and the vehicle are successfully authenticated, the vehicle and the vehicle which are successfully authenticated can communicate with each other, the whole process is connected in series by using the Hash pointers, and the scheme is designed based on the cryptology theory and the intelligent contract.
The invention has the following beneficial effects:
1. when the system is initialized, a central management organization TA creates a block chain account for the road side units RSU of each block chain node, simultaneously generates an intelligent contract and deploys the intelligent contract into a block chain network, the central management organization TA determines a system cryptology parameter L, generates road side unit RSU identity information for each road side unit RSU, and distributes a unique identifier of the road side unit RSU and public key information of the road side unit RSU into the block chain, the road side unit RSU operated in the above way is a credible road side unit RSU, only the credible road side unit RSU can inquire public key information of vehicles in the block chain network through the intelligent contract, and only the credible road side unit RSU stores a corresponding relation between a communication authentication code and a real public key of the vehicle, meanwhile, a whole process of hash pointer series connection is used in the scheme, the scheme based on the cryptology theory and the intelligent design ensures that data in the steps cannot be tampered maliciously, the integrity of the vehicle information is ensured, the confidentiality, integrity, authentication and non-repudiation of data in the implementation process of the scheme are ensured, and the safety of the vehicle networking system is improved.
2. In the authentication of the vehicle and the RSU, when the vehicle enters the communication range of the RSU, a communication authentication code needs to be generated, the communication authentication code replaces a public key associated with a real identity to communicate with the RSU, the communication authentication code is periodically updated and recorded in a block chain to improve the cross-domain authentication efficiency, namely, the communication transmission efficiency is improved, the problem that a central server is broken down when the data volume is too large to cause a central fault is solved, and the transmission delay is reduced.
3. In vehicle and vehicle authentication, bidirectional authentication and temporary session key agreement are required to be completed through communication authentication codes before mutual communication can be achieved, anonymous keys can be updated regularly, potential safety hazards caused by true public key leakage are avoided, and safety of the vehicle networking system is improved.
4. The vehicle and road side unit RSU authentication and the vehicle and vehicle authentication are carried out, the authentication process is automatically triggered by an intelligent contract, the authentication result is permanently recorded, a malicious vehicle cannot intervene in the authentication process, and the safety and traceability of the result are guaranteed.
Drawings
FIG. 1 is a system architecture of the present invention.
Detailed Description
The foregoing and other technical and other features and advantages of the invention will be apparent from the following detailed description of the embodiments, which proceeds with reference to fig. 1. The structural contents mentioned in the following embodiments are all referred to the attached drawings of the specification.
The anonymous authentication method for the car networking nodes based on the block chain provided by the invention is described in detail by embodiments with reference to the attached drawings.
A vehicle networking node anonymous authentication method based on a block chain comprises the following steps:
(1) initializing a system;
(2) the central law enforcement agency LEA packs the registration request information of the vehicle and the public key information of the vehicle into a generated transaction and uploads the transaction to the block chain network, and meanwhile, a certificate is issued to the vehicle through the central management agency TA;
(3) authenticating the vehicle and the Road Side Unit (RSU);
(4) and authenticating the vehicle with the vehicle.
The vehicle is characterized in that: vehicles in the Internet of vehicles are provided with a tamper-proof communication equipment OBU, and the vehicles can communicate with a road side unit RSU and other vehicles through the OBU;
the central authority TA: the TA is responsible for initialization of the system, RSU registration of the road side unit, vehicle registration and intelligent contract deployment of the block chain, and has certain communication and calculation capacity, so that privacy of users cannot be revealed;
the central law enforcement agency LEA: the central law enforcement agency LEA is responsible for reviewing the information of the central management agency TA, and can review the registration information and public key revocation information of the vehicle, deal with vehicle disputes, and other agencies cannot forge the LEA signature of the central law enforcement agency;
the road side unit RSU: the road side units are infrastructures distributed on two sides of a road, can be in wireless communication with vehicles within a certain range, can receive and process instant information of the vehicles, and provide identity authentication and other personalized services;
the intelligent contract: the intelligent contract is a trusted distributed application program and is a service logic of a block chain application program, the intelligent contract in the scheme mainly performs automatic feedback on a public key query request of a vehicle, and the intelligent contract is deployed in a block chain to ensure the accuracy of a calculation result.
The step (1) of initializing the system comprises the following steps:
the central management organization TA establishes a block chain account for the road side unit RSU of each block chain node, and simultaneously generates an intelligent contract to be deployed in a block chain network, so that any vehicle networking participant can monitor the operation of the block chain and the central management organization TA on the public key and timely trace the public key when disputes occur, the right of the central organization TA is greatly weakened, and the fairness of the system is improved;
the central authority TA determines a system cryptographic parameter L, where L ═ p, a, b, G, n, h, where p is the prime number that determines the finite field range, a, b are the parameters of the elliptic curve equation, G is the base point that generates the subgroup, n is the order of the subgroup, h is the cofactor of the subgroup, and the system passes through the parameter L in the finite field IFPUpper determination of an elliptic curve E, finite field IFPThe method comprises the steps that a central authority (TA) generates identity information of the RSU for each RSU, wherein the identity information comprises a unique identifier of the RSU, public key information of the RSU and private key information of the RSU, the unique identifier of the RSU and the public key information of the RSU are issued to a block chain and used for identity authentication of a subsequent vehicle and the RSU, and the RSU exists in a block chain network and is a node of the block chain network;
the final definition of the elliptic curve E is shown in equation 1:
Figure BDA0003183966360000051
the central law enforcement agency LEA in the step (2) packages the registration request information of the vehicle and the public key information of the vehicle into a generated transaction, uploads the transaction to the block chain network, and issues a certificate to the vehicle through the central management agency TA, wherein the specific contents are as follows:
the vehicle sends registration request information to a central authority (TA), and the registration request information sent by the vehicle comprises: the central management organization TA receives and verifies the registration request information sent by the vehicle, and after verification is successful, the central management organization TA generates the public key and private key information of the vehicle, and packaging the received registration request information and the generated vehicle public key information into a generated transaction and sending the generated transaction to a central law enforcement agency LEA, wherein the central law enforcement agency LEA receives the transaction sent by a central management agency TA, carries out transaction examination, uploads the transaction to a block chain network after the examination is correct, meanwhile, the central management organization TA sends the result of the examination feedback without errors, and after the central management organization TA receives the result of the examination feedback without errors, and issuing a certificate to the vehicle, wherein the vehicle obtains the issued certificate to represent that the vehicle is qualified to be authenticated with a Road Side Unit (RSU) in a subsequent sequence, and the RSU can inquire public key information of the vehicle in the blockchain network through an intelligent contract.
The step (3) of authenticating the vehicle and the Road Side Unit (RSU) comprises the following steps:
when a vehicle in the internet of vehicles enters a communication range of a Road Side Unit (RSU) for the first time, anonymous key registration needs to be carried out on the RSU, and after the vehicle and the RSU are successfully authenticated, the vehicle and the RSU can be communicated with the RSU and enjoy various services including road condition information, navigation and the like provided by a vehicle network, and meanwhile, the vehicle and the vehicle are authenticated;
the system sets the effective time of the authentication message as delta t, only when the difference between the current time Tc and the timestamp information Ts of the currently received authentication message is less than delta t, the system judges that the current authentication message is effective, otherwise, the current authentication message is discarded, namely Tc-Ts is less than delta t, and the timestamp information Ts meets the system requirement.
S1: the road side unit RSU broadcasts a beacon message within its communication range.
The road side unit RSU broadcasts a beacon message within its communication range, the beacon message including a road side unit RSU registration ID: is represented by RID,RIDFor the RSU unique identifier, RSU public key information: is represented by RPAnd the RSU public key identification: expressed as MerKTime stamp information Ts; vehicle is denoted as Vehicle.
Symbolically represented as: RSU → Vehicle: { RID,RP,Merk,Ts}
S2: after the vehicle receives the beacon message broadcast by the RSU, whether the timestamp information Ts meets the system requirement is firstly verified, and if yes, the vehicle identifies Mer according to the public key of the RSUKVerifying whether the RSU public key information exists or not, if so, generating a random number A by the vehicle, and enabling the random number A and the RSU unique identifier RIDVehicle identifier VIDAnd time stamp information Ts is packaged as an anonymous key certificate, and an anonymous public key P is generated according to the anonymous key certificate and an elliptic curve encryption algorithmkGenerating a corresponding anonymous private key S from the anonymous public keykSelf-anonymized private key S for vehicleskFor anonymous public key PkSignature, to identify the vehicle identifier VIDTimestamp information Ts, anonymous public key PkAnd a self-anonymizing private key S for vehicleskFor anonymous public key Pk ofThe signature is packaged to obtain the package information Msg1Encrypting Msg using RSU public key1And then sent to the road side unit RSU.
S2.1: after receiving a beacon message broadcast by a Road Side Unit (RSU), a vehicle firstly verifies whether timestamp information Ts meets system requirements, if yes, the vehicle judges that the received beacon message is valid, otherwise, the current beacon message is discarded;
s2.2: if the vehicle determines in step S2.1 that the beacon message is valid, the vehicle identifies Mer according to the RSU public keyKVerifying whether the RSU public key information exists or not, and if not, discarding the current beacon message;
s2.3, if the verification result in the step S2.2 is that the RSU public key information exists, the vehicle generates a random number A, and the random number A and the RSU unique identifier R are used for identifying the RSU public key informationIDVehicle self-registration ID: is shown as VID,VIDAlso for the vehicle identifier, and timestamp information Ts packaged as an anonymous key certificate, generating an anonymous public key based on the anonymous key certificate and an elliptic curve cryptography algorithmKey PkGenerating a corresponding anonymous private key S from the anonymous public keyk
The elliptic curve encryption algorithm mainly applies an elliptic curve to cryptography and utilizes an elliptic curve discrete logarithm problem to form elliptic curve cryptography. The elliptic curve cipher has the advantages of small memory occupation and high safety and is widely applied to the fields of encryption, decryption and digital signature;
s2.4: self-anonymizing private key S for vehicleskFor anonymous public key PkSignature, to identify the vehicle identifier VIDTimestamp information Ts, anonymous public key PkAnd a self-anonymizing private key S for vehicleskFor anonymous public key Pk ofThe signature is packaged to obtain the package information Msg1Encrypting Msg using RSU public key1And then sent to the road side unit RSU.
Symbolically represented as:
Figure BDA0003183966360000071
Figure BDA0003183966360000072
s3: the road side unit RSU receives the Msg of step S2.41After the information is encrypted, whether the timestamp information Ts meets the system requirement is firstly verified, if yes, the public key information of the current vehicle is inquired, if the inquiry is successful and the public key information of the current vehicle is not revoked, the authenticity of the anonymous public key signature of the current vehicle is verified, if the verification is successful, the signature public key of the current vehicle is extracted, and the RSU unique identifier R is used for identifying the RSU of the road side unitIDAnd anonymous public key pkCombining to generate a communication authentication code CAC, and storing the communication authentication code CAC in a block chain; RSU generates random number B, and generates session key pi by using random number B and communication authentication code CACRVThe session key is a symmetric key, and the RSU uses the generated session key piRVGenerating the abstract value of the communication authentication code CAC through an HMAC algorithm, and obtaining the signature of the abstract value of the communication authentication code CAC after the abstract value of the communication authentication code CAC is signed by a private keyThe RSU packs the random number B, the signature information of the abstract value of the communication authentication code CAC and the time stamp information Ts to generate packed information Msg2Mixing Msg2And sending the encrypted vehicle public key to the vehicle.
S3.1: the road side unit RSU receives the Msg of step S2.41After encrypting the message, firstly verifying whether the timestamp information Ts meets the system requirement, and if so, decrypting the message by using a private key of the user;
s3.2: after decryption is successful, the vehicle ID, i.e. V, is extractedIDCalling a SearchKeysByID () method in the intelligent contract to inquire the public key information of the current vehicle, recording the public key information of the current vehicle if the inquiry is successful and the public key information of the current vehicle is not cancelled, otherwise discarding the received Msg received in the step S3.11To terminate the authentication process;
s3.3, if the inquiry is successful in the step S3.2 and the public key information of the current vehicle is not cancelled, the RSU verifies the authenticity of the anonymous public key signature of the current vehicle by using the inquired public key information of the current vehicle, if the verification is successful, the RSU extracts the signature public key of the current vehicle, and the RSU unique identifier R is used for identifying the RSU of the RSUIDAnd anonymous public key pkCombining to generate a Communication Authentication Code, CAC for short, and storing in the block chain;
the RSU verifies the authenticity of the anonymous public key signature of the current vehicle by using the inquired public key information of the current vehicle, and the RSU is represented by a symbol as follows:
Figure BDA0003183966360000081
wherein P isk' using the queried public key information of the current vehicle for the road side unit RSU;
s3.4: RSU generates random number B, and generates session key pi by using random number B and communication authentication code CACRVThe session key is a symmetric key;
s3.5: RSU uses generated conversation key piRVGenerating the abstract value of the communication authentication code CAC by HMAC algorithm, and subjecting the abstract value of the communication authentication code CAC toObtaining signature information of the digest value of the communication authentication code CAC after the private key is signed;
s3.6: the RSU packs the random number B, the signature information of the abstract value of the communication authentication code CAC and the time stamp information Ts to generate packed information Msg2Mixing Msg2And sending the encrypted vehicle public key to the vehicle.
Symbolically represented as:
Figure BDA0003183966360000082
Figure BDA0003183966360000083
s4: vehicle sending Msg to road side unit RSUHelloMessage, certify authentication is complete.
S4.1, the vehicle receives the Msg sent to the vehicle by the road side unit RSU in the step S3.62After the message is encrypted, the message is decrypted by using a private key of the message, and whether the timestamp information Ts is valid or not is verified. After the verification is successful, extracting the random number B and the digest value of the communication authentication code CAC, signing by the private key, and discarding the received Msg if the verification is unsuccessful2The encrypted message of (1);
s4.2 vehicle utilization roadside Unit unique identifier RIDVehicle self-registration ID, i.e. VIDAnd anonymous public key pkGenerates a communication authentication code CAC' and generates a session key Se according to the same algorithm as in step S3 using the random numbers B and CACRV′;
S4.3: using session key SeRVUsing HMAC algorithm to generate abstract value of communication authentication code CAC, using RSU public key information to verify whether received abstract value of communication authentication code CAC is correct signed by private key, if correct, proving session key SeRV'valid', otherwise discarding the Msg2 encrypted message received in step S4.1 and notifying the road side unit RSU of negotiation failure;
s4.4: if the authentication in step S4.3 is correct, the session key SeRV'active', the vehicle sends Msg to the road side unit RSUHelloMessage, certify authentication is complete.
Symbolically represented as: vehicle → RSU: { MsgHello,Ts}
The step (4) of vehicle-to-vehicle authentication includes the steps of:
the authenticated vehicles are set to V1, V2, respectively, the roadside units RSU participating in authentication is R1, and the current vehicle V1 requests authentication.
A1: the vehicle V1 sends its own communication authentication code CACV1Obtaining a communication authentication code CAC using an anonymous private key signatureV1Signature of, communication authentication code CACV1Signature and communication authentication code (CVC)V1The time stamp information Ts is encrypted with the public key of the vehicle V2 and transmitted to the vehicle V2.
Symbolically represented as:
Figure BDA0003183966360000091
a2: the vehicle V2 generates authentication information in the same format as the vehicle V1, i.e., generates authentication information in the same format as the vehicle V1
Figure BDA0003183966360000092
The both-party authentication request information M1 is formed by appending the V1 request information, and the both-party authentication request information M1 is encrypted with the roadside unit R1 public key and transmitted to the roadside unit R1.
Symbolically represented as:
Figure BDA0003183966360000093
Figure BDA0003183966360000094
a3: after receiving the encrypted message of M1 sent in step A2, the road side unit R1 first decrypts and verifies whether the timestamp information Ts is valid, and if yes, queries the vehicle V1Anonymous public key of
Figure BDA0003183966360000095
And a vehicle V2Anonymous public key of
Figure BDA0003183966360000096
If it is, road side unit R1 uses vehicle V1Anonymous public key of
Figure BDA0003183966360000097
Vehicle V2Anonymous public key of
Figure BDA0003183966360000098
Verifying whether the signatures of the two parties are legal, and if the signatures are legal, the road side unit R1 extracts the communication authentication code CAC of the vehicle V2V2And signing CAC using a private keyV2And time stamp information Ts to obtain CACV2The road side unit R1 packages the communication authentication code CAC of the vehicle V2V2、CACV2The signature and the time stamp information Ts of (4) obtain the package information M2, and the M2 is encrypted by using the session key of the vehicle V1 and then transmitted to the vehicle V1.
A3.1: after receiving the encrypted message of M1 sent in step A2, the road side unit R1 decrypts the message by using a private key thereof, and verifies whether the timestamp information Ts is valid;
a3.2: if the timestamp information Ts verified in the step A3.1 is valid, the road side unit R1 calls a key inquiry contract after decryption is successful, and the vehicle V is inquired1Anonymous public key of
Figure BDA0003183966360000101
And a vehicle V2Anonymous public key of
Figure BDA0003183966360000102
Whether or not it exists;
a3.3: if the vehicle V1Anonymous public key of
Figure BDA0003183966360000103
And a vehicle V2Anonymous public key of
Figure BDA0003183966360000104
If so, the roadside unit R1 uses the vehicle V1Anonymous public key of
Figure BDA0003183966360000105
Vehicle V2Anonymous public key of
Figure BDA0003183966360000106
Verifying whether the signatures of the two parties are legal or not, if the signatures are legal, returning Success, and otherwise, returning False;
a3.4: if the signature of step A3.3 is legal, the road side unit R1 extracts the communication authentication code CAC of the vehicle V2V2And signing CAC using a private keyV2And time stamp information Ts to obtain CACV2The road side unit R1 packages the communication authentication code CAC of the vehicle V2V2、CACV2The signature and the time stamp information Ts of (4) obtain the package information M2, and the M2 is encrypted by using the session key of the vehicle V1 and then transmitted to the vehicle V1.
Symbolically represented as:
Figure BDA0003183966360000107
Figure BDA0003183966360000108
a4: the roadside unit R1 extracts the communication authentication code CAC of the vehicle V1V1Signing CAC using private keyV1And time stamp information Ts to obtain CACV1Signature of (2), CACV1Signature, communication authentication code CACV1And the timestamp information Ts are packaged to obtain packaged information M3, and the M3 is encrypted by using a session key negotiated by the vehicle V2 and the road side unit R1 and then is sent to the vehicle V2.
Symbolically represented as:
Figure BDA0003183966360000109
Figure BDA00031839663600001010
a5: after the vehicle V1 receives the message from the roadside unit R1 in step A3.4, it first sends a message to the roadside unit R1Decrypting and verifying whether the timestamp information Ts is valid, if so, verifying whether the signature of the road side unit R1 is valid, if so, extracting the anonymous public key of the vehicle V2 by the vehicle V1, generating a random number C, and using the anonymous public key of the vehicle V2
Figure BDA00031839663600001011
Roadside unit R1 unique identifier RIDGenerating an initial key I by a random number C and time stamp information Tsk(Initial Key), the Initial Key IkTime stamp information Ts obtains initial key I by using private key signature of vehicle V1kSignature information of (2), the initial key IkSignature information, initial key IkThe time stamp information Ts is packaged to obtain packaged information M4, and M4 is encrypted with the public key of the vehicle V2 and transmitted to the vehicle V2.
A5.1: after receiving the message sent by the roadside unit R1 in step a3.4, the vehicle V1 decrypts the message using the session key, verifies whether the timestamp information Ts is valid, and receives the message if the timestamp information Ts is valid;
a5.2: if the verification timestamp information Ts is valid in step a5.1, the vehicle V1 verifies the signature of the roadside unit R1 (the signature of R1 refers to:
Figure BDA0003183966360000111
(CACV2ts)) and if the signature verification fails, discarding the message received in step a 5.1;
a5.3: if the signature verification of step A5.2 is successful, the vehicle V1 extracts the anonymous public key of the vehicle V2 and generates a random number C, using the anonymous public key of the vehicle V2
Figure BDA0003183966360000112
Roadside unit R1 unique identifier RIDGenerating an initial key I by a random number C and time stamp information Tsk(Initial Key);
A5.4: initial key IkTime stamp information Ts obtains initial key I by using private key signature of vehicle V1kSignature information of (2), the initial key IkSignature information, initial key IkThe time stamp information Ts is packaged to obtain packaged information M4, and M4 is encrypted with the public key of the vehicle V2 and transmitted to the vehicle V2.
Symbolically represented as: m4 ═ Signskv1(Ik,Ts),Ik,Ts}
Figure BDA0003183966360000113
A6: the vehicle V2 verifies whether the signature of the rsu R1 in the received message of step a4 is correct, the signature is correct, the encrypted message of M4 sent in step a5.4 is processed, whether the timestamp information Ts is valid is verified, and if so, the vehicle initial key I is verifiedkIf the signature information of (2) is valid, the vehicle V2 generates a random number D in combination with the initial key IkVehicle V1Anonymous public key of
Figure BDA0003183966360000114
Timestamp information Ts' for generating a session key Se between two partiesV2VThe vehicle V2 uses SeV2VEncrypting the random number D and signing the random number D using an anonymous private key of the vehicle V2, the vehicle V2 packaging the random number D, the timestamp information Ts', the random number D using SeV2VThe encrypted information, the information signed by the random number D using the anonymous private key of the vehicle V2, is the packaged information M5, and M5 uses the public key of the vehicle V1 and is then transmitted to the vehicle V1.
A6.1: before verifying the received message sent in step a5.4, the vehicle V2 verifies whether the signature of the roadside unit R1 in the received message of step a4 is correct according to the same steps in step A5, and if the signature is correct, the identity of the vehicle V1 is proved to be legal;
a6.2: after the vehicle V2 verifies the identity validity of the vehicle V1, the received encrypted message of M4 sent in step a5.4 is processed, and first, whether the timestamp information Ts is valid is verified;
a6.3: if the timestamp information Ts is valid in step A6.2, the vehicle V2 extracts the initial key IkAnd verifies the vehicle initial key I using the anonymous public key of the vehicle V1kValidity of the signature information of (1);
a6.4: if the initial key I in step A6.3 is usedkIs valid, the vehicle V2 generates a random number D, in combination with the initial key IkVehicle V1Anonymous public key of
Figure BDA0003183966360000121
Timestamp information Ts' for generating a session key Se between two partiesV2VThe vehicle V2 uses SeV2VEncrypting the random number D and signing the random number D using the anonymous private key of the vehicle V2;
a6.5: vehicle V2 packages random number D, time stamp information Ts', and random number D uses SeV2VThe encrypted information, the information signed by the random number D using the anonymous private key of the vehicle V2, is the packaged information M5, and M5 uses the public key of the vehicle V1 and is then transmitted to the vehicle V1.
Symbolically represented as:
Figure BDA0003183966360000122
Figure BDA0003183966360000123
a7: after the vehicle V1 receives the message sent in step a6.5, it first verifies whether the timestamp information Ts' is valid, if so, decrypts the received message, verifies the validity of the signature using the vehicle V2 public key, if so, the vehicle V1 generates the session key Se using the random number D, the initial key Ik, and the timestamp information TsV2V', and using a session key SeV2V' decrypting received ciphertext message (ciphertext message means Enc)seV2V(D) If decryption is successful, then Se is provedV2V′=SeV2VIf the session key agreement is successful, vehicle V1 may send a message to vehicle V2 using the session key until the key agreement is complete. The message sent by vehicle V1 to vehicle V2 is denoted by Msg.
A7.1: after receiving the message sent in step a6.5, the vehicle V1 first verifies whether the timestamp information Ts' is valid, and if so, decrypts the encrypted message of M5 sent by the vehicle V2 in step a6.5 using an anonymous private key;
a7.2: the vehicle V1 extracts the random number D in the message received at step AT.1, along with the timestamp information Ts', and verifies the signature using the public key of the vehicle V2 (the signature here refers to Sign)skv2(D) Validity of);
a7.3: if the signature in step a7.2 is legitimate, the vehicle V1 generates a session key Se using the random number D, the initial key Ik, the timestamp information Ts ″V2V', and using a session key SeV2V' decrypting received ciphertext message (ciphertext message means Enc)seV2V(D) If decryption is successful, then Se is provedV2V′=SeV2VThe session key negotiation is successful;
a7.4: if the session key agreement is successful in step A7.3, vehicle V1 may send a message to vehicle V2 using the session key until the key agreement is complete. The message sent by vehicle V1 to vehicle V2 is denoted by Msg.
Symbolically represented as:
Figure BDA0003183966360000131
the symbols used in the present invention and their meanings are shown in the following table:
Figure BDA0003183966360000132
by adopting the invention described above with reference to the accompanying drawings, in specific use, the invention provides a block chain-based anonymous authentication method for nodes in the internet of vehicles, and the authentication method comprises the following steps: (1) initializing a system; (2) the central law enforcement agency LEA packs the registration request information of the vehicle and the public key information of the vehicle into a generated transaction and uploads the transaction to the block chain network, and meanwhile, a certificate is issued to the vehicle through the central management agency TA; (3) authenticating the vehicle and the Road Side Unit (RSU); (4) vehicle and vehicle authentication, the effectual central server that has solved in the prior art car networking system makes when the data bulk is too big the central server paralysis lead to appearing central trouble, inquire user certificate list when the vehicle is great and can bring great time delay, communication transmission inefficiency, potential safety hazard's problem.

Claims (5)

1. A vehicle networking node anonymous authentication method based on a block chain is characterized by comprising the following steps:
(1) initializing a system;
(2) the central law enforcement agency LEA packs the registration request information of the vehicle and the public key information of the vehicle into a generated transaction and uploads the transaction to the block chain network, and meanwhile, a certificate is issued to the vehicle through the central management agency TA;
(3) authenticating the vehicle and the Road Side Unit (RSU);
(4) vehicle to vehicle authentication;
the system is initialized, a central management organization TA creates a block chain account for each road side unit RSU and generates an intelligent contract to be deployed in a block chain network, the central management organization TA determines system cryptography parameters L, generates road side unit RSU identity information for each road side unit RSU and issues the road side unit RSU identity information to the block chain, a central law enforcement organization LEA packages registration request information and vehicle public key information of a vehicle into generated transactions to be uploaded to the block chain network, and issues a certificate to the vehicle through the central management organization TA, when the vehicle in the vehicle network enters a communication range of the road side unit RSU for the first time, the vehicle and the road side unit RSU need to be authenticated, the vehicle needs to register an anonymous secret key to the road side unit RSU to generate a communication authentication code, and after the vehicle and the road side unit RSU are authenticated successfully, the vehicle and the road side unit RSU can communicate with the road side unit RSU, meanwhile, the vehicle-to-vehicle authentication is also a prerequisite, when the vehicle is authenticated, the authenticated vehicle sends out a request for authentication, before mutual communication, bidirectional authentication and temporary session key agreement are required to be completed through a communication authentication code, and communication can be performed between vehicles which are successfully authenticated.
2. The anonymous authentication method for car networking nodes based on block chains as claimed in claim 1, wherein the step (1) of system initialization comprises the following steps:
the central management mechanism TA establishes block chain accounts for road side units RSU of each block chain node, simultaneously generates an intelligent contract and deploys the intelligent contract into a block chain network, determines system cryptography parameters L, wherein L is (p, a, b, G, n, h), p is prime number for determining a limited domain range, a and b are parameters of an elliptic curve equation, G is a base point for generating subgroups, n is the order of the subgroups, h is an auxiliary factor of the subgroups, and the system passes through the parameter L in a limited domain IFPUpper determination of an elliptic curve E, finite field IFPThe method is a set with limited elements, a central authority (TA) generates identity information of the RSU for each RSU, wherein the identity information comprises a unique identifier of the RSU, public key information of the RSU and private key information of the RSU, the unique identifier of the RSU and the public key information of the RSU are issued to a block chain, and the final definition of an elliptic curve E is shown as a formula 1:
Figure FDA0003183966350000021
3. the method according to claim 1, wherein in the step (2), the central law enforcement agency LEA packages the registration request information of the vehicle and the public key information of the vehicle into a generated transaction, uploads the transaction to the blockchain network, and issues a certificate to the vehicle through the central management agency TA, wherein the specific contents are as follows:
the vehicle sends registration request information to a central authority (TA), and the registration request information sent by the vehicle comprises: the central authority TA receives and audits registration request information sent by a vehicle, after the audit is successful, the central authority TA generates a vehicle public key and private key information, packages the received registration request information and the generated vehicle public key information into a generated transaction and sends the generated transaction to the central law enforcement agency LEA, the central law enforcement agency LEA receives the transaction sent by the central authority TA, carries out transaction audit, uploads the transaction to a block chain network after the audit is correct, and simultaneously sends an audit feedback correct result to the central authority TA, and the central authority TA issues a certificate to the vehicle after receiving the audit feedback correct result.
4. The anonymous authentication method for car networking nodes based on block chains as claimed in claim 1, wherein the step (3) of vehicle and Road Side Unit (RSU) authentication comprises the following steps:
the system sets the effective time of the authentication message as delta t, only when the difference between the current time Tc and the timestamp information Ts of the currently received authentication message is less than delta t, the system judges that the current authentication message is effective, otherwise, the current authentication message is discarded, namely Tc-Ts is less than delta t, and the timestamp information Ts meets the system requirement;
s1: the RSU broadcasts beacon information in the communication range of the RSU;
the road side unit RSU broadcasts a beacon message within its communication range, the beacon message including a road side unit RSU registration ID: is represented by RID,RIDFor the RSU unique identifier, RSU public key information: is represented by RPAnd the RSU public key identification: expressed as MerkTime stamp information Ts; vehicle represents a Vehicle;
symbolically represented as: RSU → Vehicle: { RID,RP,Merk,Ts}
S2: after the vehicle receives the beacon message broadcast by the RSU, whether the timestamp information Ts meets the system requirement is firstly verified, and if yes, the vehicle identifies Mer according to the public key of the RSUkVerifying whether the RSU public key information exists or not, if so, generating a random number A by the vehicle, and enabling the random number A and the RSU unique identifier RIDVehicle identifier VIDAnd time stamp information Ts is packaged as an anonymous key certificate, and an anonymous public key P is generated according to the anonymous key certificate and an elliptic curve encryption algorithmkGenerating a corresponding anonymous private key S from the anonymous public keykSelf-anonymized private key S for vehicleskFor anonymous public key PkSignature, to identify the vehicle identifier VIDTimestamp information Ts, anonymous public key PkAnd a self-anonymizing private key S for vehicleskFor anonymous public key PkThe signature of the user is packaged to obtain the packaged information Msg1Encrypting Msg using RSU public key1Then sending the data to a Road Side Unit (RSU);
symbolically represented as:
Figure FDA0003183966350000031
Figure FDA0003183966350000032
s3: the road side unit RSU receives the Msg of step S21After the information is encrypted, whether the timestamp information Ts meets the system requirement is verified firstly, if yes, the information is decrypted, the public key information of the current vehicle is inquired, if the inquiry is successful and the public key information of the current vehicle is not cancelled, the authenticity of the current vehicle for the signature of the anonymous public key is verified, if the verification is successful, the signature public key of the current vehicle is extracted, and the RSU unique identifier R is used for identifying the road side unitIDAnd anonymous public key pkCombining to generate communication authentication code CAC, storing in block chain, RSU generating random number B, and using random number B and communication authentication code CAC to generate session key SeRVThe session key is a symmetric key, and the RSU uses the generated session key SeRVGenerating an abstract value of a communication authentication code CAC through an HMAC algorithm, obtaining signature information of the abstract value of the communication authentication code CAC after the abstract value of the communication authentication code CAC is signed by a private key, and packing the random number B, the signature information of the abstract value of the communication authentication code CAC and the timestamp information Ts by a road side unit RSU to generate packing information Msg2Mixing Msg2The encrypted public key of the vehicle is sent to the vehicle;
symbolically represented as:
Figure FDA0003183966350000033
Figure FDA0003183966350000034
s4: the vehicle receives the Msg sent to the vehicle by the road side unit RSU in the step S32After the message is encrypted, the message is decrypted by using a private key of the vehicle, whether the timestamp information Ts is valid or not is verified, and if the timestamp information Ts is valid, the vehicle utilizes the unique identifier R of the road side unitIDVehicle self-registration ID, i.e. VIDAnd anonymous public key pkGenerates a communication authentication code CAC' and generates a session key Se according to the same algorithm as in step S3 using the random numbers B and CACRV', using session key SeRVUsing HMAC algorithm to generate abstract value of communication authentication code CAC, using RSU public key information to verify whether received abstract value of communication authentication code CAC is correct signed by private key, if correct, proving session key SeRV'active', the vehicle sends Msg to the road side unit RSUHelloMessage, authentication is completed; symbolically represented as: vehicle → RSU: { MsgHello,Ts}
5. The anonymous authentication method for the block chain-based vehicle networking node according to claim 1, wherein the vehicle-to-vehicle authentication of step (4) comprises the following steps:
setting the authentication vehicles as V1 and V2 respectively, the RSU participating in authentication as R1, and the current vehicle V1 requesting authentication;
a1: the vehicle V1 sends its own communication authentication code CACV1Obtaining a communication authentication code CAC using an anonymous private key signatureV1Signature of, communication authentication code CACV1Signature and communication authentication code (CVC)V1The timestamp information Ts is encrypted by using a public key of the vehicle V2 and is sent to the vehicle V2;
symbolically represented as:
Figure FDA0003183966350000041
a2: the vehicle V2 generates authentication information in the same format as the vehicle V1,namely to generate
Figure FDA0003183966350000042
The authentication request information M is composed after the request information of V11The authentication request information M1 of both parties is encrypted by using a public key of the road side unit R1 and then is sent to the road side unit R1;
symbolically represented as:
Figure FDA0003183966350000043
Figure FDA0003183966350000044
a3: after receiving the encrypted message of M1 sent in step A2, the road side unit R1 first decrypts and verifies whether the timestamp information Ts is valid, and if yes, queries the vehicle V1Anonymous public key of
Figure FDA0003183966350000045
And a vehicle V2Anonymous public key of
Figure FDA0003183966350000046
If it is, road side unit R1 uses vehicle V1Anonymous public key of
Figure FDA0003183966350000047
Vehicle V2Anonymous public key of
Figure FDA0003183966350000048
Verifying whether the signatures of the two parties are legal, and if the signatures are legal, the road side unit R1 extracts the communication authentication code CAC of the vehicle V2V2And signing CAC using a private keyV2And time stamp information Ts to obtain CACV2The road side unit R1 packages the communication authentication code CAC of the vehicle V2V2、CACV2Obtains the packaged information M2 by using the signature and time stamp information Ts of the vehicle V1 and uses the session key of the vehicle V1 to the M2Sending the encrypted data to the vehicle V1;
symbolically represented as:
Figure FDA0003183966350000049
R1→V1:{EncSeRV1(M2)}
a4: the roadside unit R1 extracts the communication authentication code CAC of the vehicle V1V1Signing CAC using private keyV1And time stamp information Ts to obtain CACV1Signature of (2), CACV1Signature, communication authentication code CACV1And the timestamp information Ts are packaged to obtain packaged information M3, and the M3 is encrypted by using a session key negotiated by the vehicle V2 and the road side unit R1 and then is sent to the vehicle V2;
symbolically represented as:
Figure FDA00031839663500000410
R1→V2:{EncSeRV2(M3)}
a5: after receiving the message sent by the roadside unit R1 in step A3, the vehicle V1 first decrypts and verifies whether the timestamp information Ts is valid, if so, verifies whether the signature of the roadside unit R1 is valid, if so, the vehicle V1 extracts the anonymous public key of the vehicle V2 and generates a random number C, and uses the anonymous public key of the vehicle V2
Figure FDA0003183966350000056
Roadside unit R1 unique identifier RIDGenerating an initial key I by a random number C and time stamp information Tsk(Initial Key), the Initial Key IkTime stamp information Ts obtains initial key I by using private key signature of vehicle V1kSignature information of (2), the initial key IkSignature information, initial key IkPackaging the timestamp information Ts to obtain packaged information M4, encrypting M4 by using a public key of the vehicle V2, and then sending the information to the vehicle V2;
symbolically represented as: m4 ═ Signskv1(Ik,Ts),Ik,Ts}
Figure FDA0003183966350000051
A6: the vehicle V2 verifies whether the signature of the road side unit R1 in the received step A4 message is correct, the signature is correct, the encrypted message of the M4 sent in the step A5 is processed, whether the timestamp information Ts is valid is verified, and if the timestamp information Ts is valid, the vehicle initial key I is verifiedkIf the signature information of (2) is valid, the vehicle V2 generates a random number D in combination with the initial key IkVehicle V1Anonymous public key of
Figure FDA0003183966350000052
Timestamp information Ts' for generating a session key Se between two partiesV2VThe vehicle V2 uses SeV2VEncrypting the random number D and signing the random number D using an anonymous private key of the vehicle V2, the vehicle V2 packaging the random number D, the timestamp information Ts', the random number D using SeV2VThe encrypted information and the information signed by the random number D by using the anonymous private key of the vehicle V2 obtain packaged information M5, and M5 uses the public key of the vehicle V1 and then sends the packaged information M5 to the vehicle V1;
symbolically represented as: m5 ═ D, Signskv2(D),Ts′,EncSev2v(D)}
Figure FDA0003183966350000053
A7: after the vehicle V1 receives the message sent in step a6, it first verifies whether the timestamp information Ts' is valid, if so, decrypts the received message, verifies the validity of the signature using the vehicle V2 public key, and if so, the vehicle V1 generates a session key Se using the random number D, the initial key Ik, and the timestamp information TsV2V', and using a session key SeV2V' decrypting received ciphertext information, ciphertext information referring to
Figure FDA0003183966350000054
If the decryption is successful, then the Se is provedV2V′=SeV2VIf the session key agreement is successful, vehicle V1 may send a message to vehicle V2 using the session key until the key agreement is complete. The message sent by vehicle V1 to vehicle V2 is denoted by Msg;
symbolically represented as:
Figure FDA0003183966350000055
CN202110856001.6A 2021-07-28 2021-07-28 Vehicle networking node anonymous authentication method based on block chain Pending CN113596778A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110856001.6A CN113596778A (en) 2021-07-28 2021-07-28 Vehicle networking node anonymous authentication method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110856001.6A CN113596778A (en) 2021-07-28 2021-07-28 Vehicle networking node anonymous authentication method based on block chain

Publications (1)

Publication Number Publication Date
CN113596778A true CN113596778A (en) 2021-11-02

Family

ID=78250875

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110856001.6A Pending CN113596778A (en) 2021-07-28 2021-07-28 Vehicle networking node anonymous authentication method based on block chain

Country Status (1)

Country Link
CN (1) CN113596778A (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113987460A (en) * 2021-11-03 2022-01-28 北京邮电大学 Distributed pseudonym and anonymous authentication method in crowd sensing scene based on alliance chain
CN114244514A (en) * 2022-02-21 2022-03-25 图灵人工智能研究院(南京)有限公司 Data security processing method based on Internet of vehicles
CN114531464A (en) * 2022-01-28 2022-05-24 芯安微众(上海)微电子技术有限公司 Data interaction method based on vehicle data and block chain network security
CN114786136A (en) * 2022-04-15 2022-07-22 深圳汇辰软件有限公司 Authentication method and device for road side unit, electronic equipment and storage medium
CN114867014A (en) * 2022-05-07 2022-08-05 华中师范大学 Internet of vehicles access control method, system, medium, equipment and terminal
CN114944953A (en) * 2022-05-20 2022-08-26 江苏大学 Certificateless anonymous authentication method for road condition monitoring in Internet of vehicles environment
CN114978687A (en) * 2022-05-20 2022-08-30 江苏大学 Efficient anonymous authentication method based on block chain technology in Internet of vehicles environment
CN115296813A (en) * 2022-07-15 2022-11-04 智己汽车科技有限公司 Identity authentication method and system for automobile Ethernet controller
CN115296804A (en) * 2022-08-03 2022-11-04 杭州师范大学 Traffic accident evidence obtaining method based on block chain
CN115412907A (en) * 2022-11-01 2022-11-29 北京金睛云华科技有限公司 Block chain-based VANETs anonymous authentication method, device and equipment
CN115460255A (en) * 2022-09-23 2022-12-09 电子科技大学 Named data network system based on block chain
CN115473631A (en) * 2022-08-22 2022-12-13 武汉大学 Block chain certificateless aggregation signcryption key negotiation method based on Chinese remainder theorem
CN117241267A (en) * 2023-11-15 2023-12-15 合肥工业大学 Quantum group key distribution method applicable to V2I scene based on blockchain
CN117376904A (en) * 2023-12-08 2024-01-09 合肥工业大学 Communication method for vehicle group

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104184724A (en) * 2014-07-29 2014-12-03 江苏大学 Location privacy based ring signature method in Internet of vehicles
CN109005542A (en) * 2018-07-25 2018-12-14 安徽大学 A kind of 5G car networking fast message authentication method based on reputation system
CN109391631A (en) * 2018-11-28 2019-02-26 重庆邮电大学 It is a kind of with the car networking anonymous authentication system and method controllably linked
CN109788482A (en) * 2019-02-26 2019-05-21 武汉大学 Message anonymous authentication method and system under a kind of car networking environment between vehicle
CN111372248A (en) * 2020-02-27 2020-07-03 南通大学 Efficient anonymous identity authentication method in Internet of vehicles environment
CN112272377A (en) * 2020-11-02 2021-01-26 桂林电子科技大学 Vehicle safety communication method based on block chain
CN112437108A (en) * 2020-10-09 2021-03-02 天津大学 Decentralized identity authentication device and method for privacy protection of Internet of vehicles
CN112489458A (en) * 2020-11-05 2021-03-12 暨南大学 Credible privacy protection intelligent traffic light method and system based on V2X technology

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104184724A (en) * 2014-07-29 2014-12-03 江苏大学 Location privacy based ring signature method in Internet of vehicles
CN109005542A (en) * 2018-07-25 2018-12-14 安徽大学 A kind of 5G car networking fast message authentication method based on reputation system
CN109391631A (en) * 2018-11-28 2019-02-26 重庆邮电大学 It is a kind of with the car networking anonymous authentication system and method controllably linked
CN109788482A (en) * 2019-02-26 2019-05-21 武汉大学 Message anonymous authentication method and system under a kind of car networking environment between vehicle
CN111372248A (en) * 2020-02-27 2020-07-03 南通大学 Efficient anonymous identity authentication method in Internet of vehicles environment
CN112437108A (en) * 2020-10-09 2021-03-02 天津大学 Decentralized identity authentication device and method for privacy protection of Internet of vehicles
CN112272377A (en) * 2020-11-02 2021-01-26 桂林电子科技大学 Vehicle safety communication method based on block chain
CN112489458A (en) * 2020-11-05 2021-03-12 暨南大学 Credible privacy protection intelligent traffic light method and system based on V2X technology

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113987460A (en) * 2021-11-03 2022-01-28 北京邮电大学 Distributed pseudonym and anonymous authentication method in crowd sensing scene based on alliance chain
CN114531464A (en) * 2022-01-28 2022-05-24 芯安微众(上海)微电子技术有限公司 Data interaction method based on vehicle data and block chain network security
CN114244514A (en) * 2022-02-21 2022-03-25 图灵人工智能研究院(南京)有限公司 Data security processing method based on Internet of vehicles
CN114786136B (en) * 2022-04-15 2024-02-13 深圳成谷科技有限公司 Authentication method and device for road side unit, electronic equipment and storage medium
CN114786136A (en) * 2022-04-15 2022-07-22 深圳汇辰软件有限公司 Authentication method and device for road side unit, electronic equipment and storage medium
CN114867014B (en) * 2022-05-07 2024-04-19 华中师范大学 Internet of vehicles access control method, system, medium, equipment and terminal
CN114867014A (en) * 2022-05-07 2022-08-05 华中师范大学 Internet of vehicles access control method, system, medium, equipment and terminal
CN114978687A (en) * 2022-05-20 2022-08-30 江苏大学 Efficient anonymous authentication method based on block chain technology in Internet of vehicles environment
CN114944953A (en) * 2022-05-20 2022-08-26 江苏大学 Certificateless anonymous authentication method for road condition monitoring in Internet of vehicles environment
CN114978687B (en) * 2022-05-20 2024-04-09 江苏大学 Efficient anonymous authentication method based on blockchain technology in Internet of vehicles environment
CN114944953B (en) * 2022-05-20 2024-04-09 江苏大学 Certificate-free anonymous authentication method for road condition monitoring in Internet of vehicles environment
CN115296813A (en) * 2022-07-15 2022-11-04 智己汽车科技有限公司 Identity authentication method and system for automobile Ethernet controller
CN115296813B (en) * 2022-07-15 2024-05-14 智己汽车科技有限公司 Identity authentication method and system for automobile Ethernet controller
CN115296804A (en) * 2022-08-03 2022-11-04 杭州师范大学 Traffic accident evidence obtaining method based on block chain
CN115296804B (en) * 2022-08-03 2024-03-29 杭州师范大学 Traffic accident evidence obtaining method based on blockchain
CN115473631B (en) * 2022-08-22 2024-04-26 武汉大学 Blockchain certificateless aggregation signcryption key negotiation method based on China remainder theorem
CN115473631A (en) * 2022-08-22 2022-12-13 武汉大学 Block chain certificateless aggregation signcryption key negotiation method based on Chinese remainder theorem
CN115460255B (en) * 2022-09-23 2024-03-29 电子科技大学 Named data networking system based on block chain
CN115460255A (en) * 2022-09-23 2022-12-09 电子科技大学 Named data network system based on block chain
CN115412907B (en) * 2022-11-01 2023-01-10 北京金睛云华科技有限公司 Block chain-based VANETs anonymous authentication method, device and equipment
CN115412907A (en) * 2022-11-01 2022-11-29 北京金睛云华科技有限公司 Block chain-based VANETs anonymous authentication method, device and equipment
CN117241267B (en) * 2023-11-15 2024-01-12 合肥工业大学 Quantum group key distribution method applicable to V2I scene based on blockchain
CN117241267A (en) * 2023-11-15 2023-12-15 合肥工业大学 Quantum group key distribution method applicable to V2I scene based on blockchain
CN117376904B (en) * 2023-12-08 2024-02-02 合肥工业大学 Communication method for vehicle group
CN117376904A (en) * 2023-12-08 2024-01-09 合肥工业大学 Communication method for vehicle group

Similar Documents

Publication Publication Date Title
CN113596778A (en) Vehicle networking node anonymous authentication method based on block chain
Ma et al. An efficient decentralized key management mechanism for VANET with blockchain
CN109412816B (en) Anonymous communication system and method for vehicle-mounted network based on ring signature
CN109462836B (en) Internet of vehicles malicious node detection system and method fusing block chain consensus mechanism
Jiang et al. An efficient anonymous batch authentication scheme based on HMAC for VANETs
CN104683112B (en) A kind of car car safety communicating method that certification is assisted based on RSU
Horng et al. b-SPECS+: Batch verification for secure pseudonymous authentication in VANET
CN109687976A (en) Fleet's establishment and management method and system based on block chain and PKI authentication mechanism
Feng et al. P2BA: A privacy-preserving protocol with batch authentication against semi-trusted RSUs in vehicular ad hoc networks
CN109698754A (en) Fleet's safety management system and method, vehicle management platform based on ring signatures
Xue et al. LPA: a new location‐based privacy‐preserving authentication protocol in VANET
Roman et al. Authentication protocol in CTNs for a CWD-WPT charging system in a cloud environment
CN103974255A (en) System and method for vehicle access
CN108933665B (en) Method for applying lightweight V2I group communication authentication protocol in VANETs
Baee et al. ALI: Anonymous lightweight inter-vehicle broadcast authentication with encryption
Fan et al. Strongly privacy-preserving communication protocol for VANETs
CN110166445A (en) A kind of the secret protection anonymous authentication and cryptographic key negotiation method of identity-based
CN114430552B (en) Vehicle networking v2v efficient communication method based on message pre-authentication technology
CN115580488A (en) Vehicle-mounted network message authentication method based on block chain and physical unclonable function
CN113364598B (en) Batch authentication method for privacy protection in Internet of vehicles environment
Suresh et al. A TPM-based architecture to secure VANET
CN113115309A (en) Data processing method and device for Internet of vehicles, storage medium and electronic equipment
CN116614811A (en) Distributed information authentication method and system for Internet of vehicles
CN113660662B (en) Authentication method based on trusted connection architecture in Internet of vehicles environment
Hathal et al. Token-based lightweight authentication scheme for vehicle to infrastructure communications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination