CN114302390A - Intra-group authentication key negotiation method in vehicle-mounted ad hoc network - Google Patents
Intra-group authentication key negotiation method in vehicle-mounted ad hoc network Download PDFInfo
- Publication number
- CN114302390A CN114302390A CN202111510554.2A CN202111510554A CN114302390A CN 114302390 A CN114302390 A CN 114302390A CN 202111510554 A CN202111510554 A CN 202111510554A CN 114302390 A CN114302390 A CN 114302390A
- Authority
- CN
- China
- Prior art keywords
- vehicle
- key
- rsu
- information
- pseudonym
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000004891 communication Methods 0.000 claims abstract description 21
- 230000007246 mechanism Effects 0.000 claims abstract description 17
- 230000000739 chaotic effect Effects 0.000 claims abstract description 10
- 238000013507 mapping Methods 0.000 claims abstract description 10
- 238000012795 verification Methods 0.000 claims description 54
- 230000008569 process Effects 0.000 claims description 23
- 238000004364 calculation method Methods 0.000 claims description 9
- 238000007689 inspection Methods 0.000 claims description 7
- 230000008859 change Effects 0.000 description 7
- 238000012360 testing method Methods 0.000 description 7
- 230000008901 benefit Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention belongs to the field of authentication key agreement, and particularly relates to an intra-group authentication key agreement method in a vehicle-mounted ad hoc network; the method comprises the following steps: establishing a dynamic vehicle group according to the Chinese remainder theorem; information sender V in vehicle groupiSigning information using private key information, information receiver VjInformation sender V through public key information in signature informationiThe identity of (2) is authenticated; information sender ViAnd an information receiver VjAfter the identities are authenticated mutually, the two communication parties carry out key agreement according to the semigroup of Chebyshev chaotic mapping; respectively updating the corresponding pseudonyms and private keys of the vehicles by adopting a pseudonym updating mechanism and a private key updating mechanism; the identity of the malicious vehicle is traced through the signature message, and the legal identity of the malicious vehicle is cancelled by modifying the public key information corresponding to the malicious vehicle.
Description
Technical Field
The invention belongs to the field of authentication key agreement, and particularly relates to an intra-group authentication key agreement method in a vehicle-mounted ad hoc network.
Background
The rapid development of wireless communication and automotive technologies has promoted the development of Intelligent Transportation Systems (ITS). As an important component of ITS, a Vehicular Ad Hoc Network (VANET) can provide auxiliary information such as a current driving road condition, a traffic congestion condition, a weather condition and the like for a vehicle node, so that a vehicle driver can drive a vehicle more safely and conveniently. The communication modes in the VANET are mainly divided into two types: Vehicle-to-Vehicle, Vehicle-to-infrastructure (V2V), and Vehicle-to-infrastructure (V2I). Since V2V and V2I both communicate over public wireless channels, they are vulnerable to attacks by malicious parties, such as eavesdropping, spoofing, replay attacks, etc., when transmitting information in VANET. The communication privacy security in VANET is threatened by the attack of the malicious person. Meanwhile, compared with other static network structures, the VANET system has the characteristics of high-speed vehicle mobility and rapid network topology change, so that the privacy security of the VANET system is more easily damaged by malicious persons.
The Authentication and Key Agreement (AKA) protocol enables participants to complete mutual authentication and establish a secure session Key on a public network, so as to protect privacy and security of both communication parties.
A number of scholars have done a great deal of research on AKA technology and have proposed a number of valuable solutions. In a conventional Public Key Infrastructure (PKI) based scheme, a digital certificate is used as a medium, and a symmetric and asymmetric encryption technology is combined to bind information such as a user identity and a public key together, so that integrity, identity authentication and non-repudiation of a message are ensured. However, the scheme needs to manage a large amount of anonymous certificates and revocation lists, and the storage cost is very large; and the certificate verification process of the scheme involves a large number of nodes and is relatively complicated, so that the scheme has relatively low authentication efficiency. The block chain based authenticated key agreement scheme provides mutual authentication and key agreement between users while protecting user privacy by taking advantage of block chains, such as auditable logs, decentralized architecture, and Denial of Service (DoS) prevention. However, the authentication key negotiation scheme based on the block chain rarely considers the factor of member dynamic change, and cannot cope with the characteristic of rapid change of the VANET network topology. A certificateless asymmetric group key agreement scheme provides a public encryption key, each group member can calculate a corresponding decryption key, and only the group members can correctly decrypt information encrypted by a public key. The scheme can realize mutual authentication and key agreement among members. But the scheme does not consider the identity traceability and revocable of the members and cannot process the malicious behaviors of the group members.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a method for negotiating an intra-group authentication key in a vehicle-mounted ad hoc network, which comprises the following steps: .
Establishing a dynamic vehicle group according to the Chinese remainder theorem;
information sender V in vehicle groupiSigning information using private key information, information receiver VjInformation sender V through public key information in signature informationiThe identity of (2) is authenticated; information sender ViAnd an information receiver VjAfter the identities are authenticated mutually, the two communication parties carry out key agreement according to the semigroup of Chebyshev chaotic mapping;
respectively updating the corresponding pseudonyms and private keys of the vehicles by adopting a pseudonym updating mechanism and a private key updating mechanism;
the identity of the malicious vehicle is traced through the signature message, and the legal identity of the malicious vehicle is revoked by modifying the public key information corresponding to the malicious vehicle.
Preferably, the establishing of the dynamic vehicle group according to the Chinese remainder theorem includes: initializing a trusted center TA; registering a vehicle-mounted unit OBU and a roadside unit RSU on the TA; and the TA constructs a dynamic vehicle group by adopting the Chinese remainder theorem according to the registered OBU and the registered RSU.
Further, the process of constructing the dynamic vehicle group comprises: the credible center constructs a congruence equation set according to the public key of the vehicle node i and the public key of the roadside unit, wherein the congruence equation set is expressed as follows:
where c denotes the system public key, yi(i ═ 1,2, …, k) denotes the public key of vehicle node i, yk+1Public key representing roadside unit, pi(i-1, 2, …, k) represents the prime number issued by the trust center to vehicle i, pk+1Representing the prime number sent by the trusted center to the roadside unit.
Preferably, the process of performing key agreement by both communication parties according to the semigroup of the chebyshev chaotic mapping includes:
S1:Viselecting a timestamp TviCalculating B from the selected time stampviAnd AIDV; will request message Bvi,Tvi,AIDVi,SIDVjSending to roadside units RSUi(ii) a Wherein, SIDVjRepresents VjPseudonym of (B)viRepresenting a first pseudonym-verification-assistance parameter, AIDViRepresenting a second pseudonym-verification-assistance parameter;
S2:RSUiverifying the received request message, and if the verification fails, rejecting the request message; if the verification is successful, the RSUiWill { pj,TRiIs sent to Vi(ii) a Wherein p isjRepresents VjPrime number of, TRiRepresenting the RSUiTo ViA timestamp of (d);
S3:Viauthentication from RSUiIf the verification is passed, sending a key negotiation request message to Vj(ii) a If the authentication fails, the authentication process is executed,refusing to receive the RSUiThe message of (2); wherein, the key negotiation request message includes: viFirst signature of
ViSecond signature of
Time slice tvi,ViTo VjTime stamp T ofijKey agreement information xi1;
S4:VjVerifying the time stamp in the key negotiation request message, and if the verification is successful, sending the time stamp to the RSUiSending prime number request message, if verification fails, refusing to receive key negotiation request message;
S5:RSUiverifying the received key negotiation request message, and if the verification fails, rejecting the request message; if the verification is successful, the RSUiWill { pi,TRjIs sent to Vj(ii) a Wherein p isiRepresents ViPrime number of, TRjIndicating a current timestamp of the system;
S6:Vjauthentication from RSUiAfter passing the verification, VjTo ViAfter the authentication is successful, the key negotiation message is sent to the Vi(ii) a Otherwise refusing to send the key negotiation message;
S7:Viinspection VjIf the verification fails, the establishment of the session key fails, and if the verification succeeds, the establishment of the session key succeeds.
Further, RSUiAuthenticating the received request message comprises: judging whether the freshness condition is satisfied, if not, rejecting the request message, if so, rejecting the request message according to ViPrime number p ofiTime stamp TviAnd AIDVi' calculation Bvi'; judgment Bvi' and BviAnd whether the two are equal or not is judged, if so, the verification is successful, and if not, the verification fails.
Go toOf step (V)jTo ViThe authenticating the identity information comprises: according to ViPrime number p ofiComputing public key y of vehicle node iiAccording to the public key y of the vehicle node iiCalculation equation
If it is not true, VjRefuse ViThe key agreement request is received, the identity authentication fails, and if the key agreement request is received, the identity authentication is successful.
Preferably, the pseudonym update mechanism is as follows: the trust center TA assigns a pseudonym update seed delta ID to each registered vehiclej(ii) a When the vehicle node ViAccess VjCurrent pseudonym
After the corresponding prime number, the road side unit RSU sends a pseudonym updating request to the TA; TA calculation of VjCorresponding next pseudonym
And publishing; record the corresponding prime number pjAnd l, corresponding pseudonym prime numbers to lists
Sent to the RSU.
Preferably, the private key update mechanism is as follows: viAt the t thviA private key of a time slice of
Then at tviV in +1 time slicesiThe private key of
When t isviAfter the private key corresponding to +1 time slice is generated, the OBUiImmediately will tviDeleting the private key of each time slice; if tviVehicle node V ═ LiT th of outputviThe key of +1 time slice is an empty string; when V isiTime ofWhen the fragment is used up, ViReselecting private key x'i,0And recalculates the corresponding public key yiTA from the recalculated public key yiThe system public key c is updated.
Preferably, the process of revoking the legal identity of the malicious vehicle by modifying the public key information corresponding to the malicious vehicle comprises: viIn the RSUiWhen a malicious message is issued in a coverage area, the RSUiObtaining ViP used in sending malicious messagesi(ii) a In the list of pseudonyms and prime numbers λSIDV,pFinding a trusted center TA of ViThe generated current pseudonym is obtained as ViCurrent pseudonym SIDVi(ii) a Sending pseudonyms SIDViAnd piTo TA, TA is given by equation H0(IDVi||δsk)=SIDVi、piCorresponding l and pseudonym update seed delta IDiJudging the real identity of the vehicle corresponding to the pseudonym; TA will pair V according to the real identity of the vehicle to which the pseudonym correspondsiThe revocation is performed with a legitimate identity within the group.
Further, the modifying the public key information corresponding to the malicious vehicle includes: will ViCorresponding public key information yiModified to another random number y'iAnd the other vehicle node information is kept unchanged, and the system public key c is updated.
The invention has the beneficial effects that: the invention considers the problems of rapid movement of vehicles and rapid change of vehicle topology in the VANET system, establishes a dynamic vehicle group by utilizing the Chinese remainder theorem and adapts to the rapid change of the VANET network topology; aiming at the problem that communication on a network which is disclosed again by vehicles in VANET is easy to be attacked by eavesdropping, tampering, counterfeiting and the like, the key agreement is carried out by utilizing the semigroup of Chebyshev chaotic mapping, and the communication message is encrypted by using the agreed key to complete the safe communication on the public network; a pseudonym updater and a private key updating scheme are adopted to update the pseudonym and the private key corresponding to the vehicle, so that the identity privacy safety of the vehicle is effectively protected; for the problem of the malicious vehicles in the vehicle group, the identity of the malicious vehicles is traced by using signature messages of the malicious vehicles, and the legal identity of the malicious vehicles is revoked by modifying public key information corresponding to the malicious vehicles; the BAN logic model is used for formalized proving of the semantic security of the authentication key agreement scheme, so that the secure communication can be ensured under the condition of malicious attack, and the method has good economic benefit.
Drawings
Fig. 1 is a schematic diagram illustrating an intra-group authentication key agreement method in a vehicle ad hoc network according to the present invention;
FIG. 2 is a model diagram of a vehicle-mounted ad hoc network system according to the present invention;
FIG. 3 is a flow chart of vehicle registration in the present invention;
FIG. 4 is a flow chart of roadside unit registration in the present invention;
FIG. 5 is a block diagram of an authenticated key agreement algorithm based on Chebyshev chaos operation and the Chinese remainder theorem in the present invention;
FIG. 6 is a flowchart of an identity tracing and revocation algorithm for a malicious vehicle according to the present invention;
fig. 7 is a block diagram of the BAN logic algorithm in the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a method for negotiating an intra-group authentication key in a vehicle-mounted ad hoc network, which comprises the following steps of: establishing a dynamic vehicle group according to the Chinese remainder theorem; information sender V in vehicle groupiSigning information using private key information, information receiver VjInformation sender V through public key information in signature informationiThe identity of (2) is authenticated; information sender ViAnd an information receiver VjAfter the identities are authenticated mutually, the two communication parties carry out key agreement according to the semigroup of Chebyshev chaotic mapping; using a pseudonym update mechanismThe private key updating mechanism updates the corresponding pseudonyms and private keys of the vehicles respectively; the identity of the malicious vehicle is traced through the signature message, and the legal identity of the malicious vehicle is revoked by modifying the public key information corresponding to the malicious vehicle.
As shown in fig. 2, the vehicle ad hoc network system includes: the system comprises a roadside unit RSU, a mobile automobile TV and a trusted authority TA, wherein wired communication is adopted between the TA and the RSU, and wireless communication is adopted between the TV and the RSU.
The TA (trusted center) will establish a dynamic group of vehicle sessions with registered vehicles and RSUs (road side units) using the chinese remainder theorem. The specific process is as follows:
and (3) TA initialization phase:
TA is responsible for system initialization, defining two one-way hash functions
liThe bit width output for the hash function. For Chebyshev chaotic mapping, TA selects a public parameter x, a large prime number n and a system private key deltask。
RSU and OBU (on board unit) registration phase:
1)OBUiis registered with
As shown in FIG. 3, assume that there is a group of vehicles, where there are now k members of the vehicle { V }1,V2,…,Vk}. Vehicle node ViIn identity registration, ViOn OBUiWill vehicle ViTrue identity IDV ofiSent to the TA over the secure channel. After TA receives the message, calculate ViIs the pseudonym SIDV ofi=H0(IDVi||δsk) And published in the whole system. TA selects a large prime number pi(i-1, 2, …, k) satisfying the condition that when i-j, pi≠pjAnd is in (0-p)iTwo large prime numbers in-1). TA selection System common parameter g, g is the primitive root of the exponential operation, and is also all multiplications
The generator of (1). TA will { SIDVi,piIs sent to V through a safety channeli。
ViReceiving SIDV from TAi,piAfter the code is multiplied, the initial code of the user is randomly selected
Calculating ViOf (2) a public key
ViWill { yiIt is sent to the TA over the secure channel. The TA divides the effective time of the public key of the vehicles in the vehicle group into L time segments, and the public key y of the vehicle node in the L time segmentsiRemain unchanged. When L time slices are exhausted, ViWill reselect private key x'i,0And recalculates the public key yiThe TA will also update the system public key c.
2)RSUiIs registered with
As shown in fig. 4, RSUiRegistration procedure and OBUiSimilar to the registration process of the prior art, the true identity IDR is obtainediSent to TA via secure channel, TA calculates RSUiIs a pseudonym SIDRi=H0(IDRi||δsk) And is allocated to RSUiA large prime number pk+1。RSUiSelecting a private key
And calculates the corresponding public key yk+1And returns to TA.
TA building groups
TA based on receiving y from k vehicle nodesi(i ═ 1,2, …, k) and (ii) from RSUiY of (A) to (B)k+1Constructing a congruence equation set:
wherein c is a system public key, and the congruence equation set can be calculated by utilizing the Chinese remainder theorem to be
Wherein P ═ P1p2…pk+1,
To represent
To piTaking the inverse of the modulus; TA calculation SPi=H1(SIDVi||pi) And will { SIDVi,piIs sent to the registered RSUi。RSUiAccording to received { SIDVi,pi} generation of a ViList lambda with corresponding pseudonyms and prime numbersSIDV,p。
The two communication parties utilize the signature information to quickly authenticate the identity of the message sender and carry out key agreement through the semigroup of Chebyshev chaotic mapping. The algorithm flow is shown in fig. 5, and the specific process of the algorithm is as follows:
S1:Viselecting a timestamp TviCalculating B from the selected time stampviAnd AIDV; will request message Bvi,Tvi,AIDVi,SIDVjSending to roadside units RSUi(ii) a Wherein, SIDVjRepresents VjPseudonym of (B)viAnd AIDViThe calculation formulas of (A) and (B) are respectively as follows:
Bvi=H1(SIDVi||pi||Tvi)
wherein, BviRepresenting a first pseudonym-verification-assistance parameter, AIDViDenotes a second pseudonym verification auxiliary parameter, H1() Representing a hash function, | | | represents a connector;
S2:RSUiverifying the received request message, wherein the verification process comprises the following steps: RSUiAfter receiving the message, first pass (T)iR-Tvi) < Δ T check TviWhere Δ T represents the effective time difference between the two timestamps specified by the system, TiRRepresents ViA timestamp issued to the RSU; if the verification fails, rejecting the request message; if the verification is successful, calculating
By judging equation B'vi=H1(SIDV’i||pi||Tvi)=BviWhether the identity of the message requester is valid or not is judged, and only members in the group can pass the verification. If the equality is not true, rejecting the request message; if the equation is true, the RSUiWill { pj,TRiIs sent to Vi。
S3:ViAuthentication from RSUiAnd sends a key agreement request message to Vj(ii) a The verification process comprises the following steps: viReceive { pj,TRiAfter that, first by (T)vRi-TRi) < Δ T check timestamp TRiFreshness of (T)vRiIs the system current timestamp; by the equation SPj=H1(SIDVj||pj) Whether it is true or not to determine whether it is true from the RSUiCorrectness of the message. If not, rejecting the message, if true, ViSelecting a current timestamp TijSelecting random number alpha and calculating xi1≡Tα(x)modn;ViSigning the key agreement request, randomly selecting
Represents less than ViPrime number p ofiDetermining the time segment tviCalculating ViFirst signature of
And ViSecond signature of
ViKey agreement request message
Is sent to Vj。
S4:VjFor time stamp T in key agreement request messageijCarrying out verification; the verification process comprises the following steps: vjAfter receiving the message, pass (T)rj-Tij) < Δ T test TijFreshness of (T)rjIs the system current timestamp. If the verification fails, refusing to receive the key negotiation request message, if the verification succeeds, generating a time stamp Tvj;VjSending prime number request message Bvj,Tvj,AIDVj,SIDViTo RSUi;BvjAnd AIDVjThe calculation formulas of (A) and (B) are respectively as follows:
Bvj=H1(SIDVj||pj||Tvj)
S5:RSUiverifying the received key negotiation request message; the verification process comprises the following steps: RSUiAfter receiving the message, first pass (T)jR-Tvj) < Δ T check timestamp TvjFreshness of (T)jRIs the system current timestamp. If the verification fails, rejecting the request message; if the verification is successful, calculating
By calculating equation B'vj=H1(SIDV’j||pj||Tvj)=BvjAnd whether the identity of the sender of the message is valid or not is judged. If the equality is not true, rejecting the request message; if the equation is true, the RSUiWill { pi,TRjIs sent to Vj。
S6:VjAuthentication from RSUiAfter passing the verification, VjTo ViAfter the authentication is successful, the key negotiation message is sent to the Vi(ii) a Otherwise refusing to send the key negotiation message; the verification process comprises the following steps: vjBy (T)vRj-TRj) < Δ T decision timestamp TRjFreshness of (T)RjIs the system current timestamp. By calculating the equation SPi=H1(SIDVi||pi) Judging whether the signal is from RSUiCorrectness of prime numbers. After the verification is passed, the pair ViThe identity information of the user is authenticated, and the authentication process comprises the following steps: calculating yi≡c(modpi) Judgment equation
(modpi) Whether or not this is true. If the equality is not true, reject from ViThe authentication fails; if the equation holds, authentication succeeds, VjRandomly selecting beta and timestamp TjiCalculating xi2≡Tβ(x)modn,sk≡Tβ(ξ1)modn,Mij=H1(sk||ξ1||ξ2),
VjSigning the key agreement message, randomly selecting
Represents less than VjPrime number p ofjDetermining the time segment tvjCalculating
And
Vjsending a key agreement message
For Vi。
S7:ViInspection VjIf the verification fails, the establishment of the session key fails, and if the verification succeeds, the establishment of the session key succeeds; the inspection process comprises the following steps: viFirst pass through (T)ri-Tji)<Δ T vs. timestamp TjiCarrying out an inspection of TriIs the system current timestamp. After the time stamp passes the verification, V is authenticated againjIs determined by the identity of
Whether or not this is true. If the result is false, the authentication fails, and if the result is true, the sk' ≡ T is calculatedα(ξ2) modn and M'ij=H1(sk’||ξ1||ξ2) Judgment equation
Whether the result is true or not; if not, the session key negotiation fails; if true, Vi,VjThe session key negotiation between the two is successful, and the session key is the sk ≡ Tα(Tβ(x))modn=Tβ(Tα(x))modn。
By adopting a pseudonym updating mechanism and a private key updating mechanism, the identity privacy safety of the vehicle can be effectively protected, and if the same pseudonym and the same private key are used all the time, an attacker can threaten the privacy safety of the vehicle by collecting signature information corresponding to the pseudonym; the process of respectively updating the corresponding pseudonym and the private key of the vehicle by adopting the pseudonym updating mechanism and the private key updating mechanism is as follows:
private key update mechanism: viAt the t thviA private key of a time slice of
Then at tviV in +1 time slicesiThe private key of
When t isviAfter the private key corresponding to +1 time slice is generated, the OBUiWill immediately send tviThe private key of each time slice is deleted. If tviVehicle node V ═ LiT th of outputviThe key for the +1 time segment is an empty string. When V isiWhen the time segment of (V) is exhaustediReselecting private key x'i,0And recalculates the corresponding public key yiThe TA will also update the system public key c.
Pseudonym update mechanism: TA assigns a pseudonym update seed delta ID to each registered vehicleiOr delta IDjWhen the vehicle node ViAccess VjCurrent pseudonym
After the corresponding prime number, the RSU sends a pseudonym update request to the TA, and the TA calculates VjCorresponding next pseudonym
And publishes and records the corresponding prime number pjAnd l. Then the pseudonym prime numbers are correspondingly listed
Sent to the RSU.
When the system finds that the malicious vehicle carries out malicious behaviors in the vehicle group, the TA carries out identity tracing on the identity of the malicious vehicle according to the signature message in the message issued by the malicious vehicle, and the malicious vehicle does not have the legal identity in the vehicle group by modifying the large prime number distributed to the malicious vehicle. The algorithm flow is shown in fig. 6, and the specific process is as follows:
when passing the registered vehicle node ViWhen a malicious message is issued in a vehicle group, the TA traces and revokes the legal identity of the TA. ViIn the RSUiWhen a malicious message is issued in a coverage area, the RSUiFirst obtain ViP used in sending malicious messagesiThen tabulated λ in pseudonym and prime numbersSIDV,pIs found inTA is ViThe current pseudonym generated. To obtain ViCurrent pseudonym SIDViAfter that, the pseudonym SIDV is transmittediAnd piTo TA. TA by equation H0(IDVi||δsk)=SIDVi、piCorresponding l and pseudonym update seed delta IDiAnd judging the real identity of the vehicle corresponding to the pseudonym. Obtaining ViAfter the true identity of TA, TA will be paired with ViThe revocation is performed with a legitimate identity within the group. In addition, when registered legal vehicle node VjWhen leaving the vehicle node group established by the TA, the TA can also withdraw VjThe identity of (c). TA revocation group Member ViLegal identity within a group, only V needs to be assignediCorresponding public key information yiModified to another random number y'iThe other vehicle node information remains unchanged and then the system public key c is updated. At this time ViIt is revoked and its key will not be able to generate valid key agreement information.
The invention uses BAN logic model to prove the semantic security of the scheme, the flow chart of the model is shown in figure 7, and the concrete model is described as follows:
1) BAN logical notation
In the process of secure attestation of the protocol herein, the following BAN logical notation is used:
p | ≡ X: p believes that message X is authentic.
②
P finds a message containing X.
P | -X: p has sent a message containing X for a certain period of time.
④
P owns the jurisdiction of message X.
Fifth # (X): message X is fresh.
Sixthly, (X, Y): x and Y are part of a message (X, Y).
⑦〈X〉Y: message X is encrypted using key Y.
⑧
K is a key shared by P and Q.
2) BAN logic rules
The protocol security is formalized proof herein using 4 BAN logic rules R1-R4:
information-meaning (Message-meaning) rule:
R1:
r1 represents that if P believes the key K shared between entities P and Q and finds that K encrypts the message X, P will believe that Q sent X once.
Nonce-verification (Nonce-verification) rule:
R2:
r2 indicates that if P believes that X is fresh, and P believes that Q has ever sent X, then P believes that Q is believing X.
(iii) jurisdictional (jurisdictional) rules:
R3:
r3 indicates that if P believes Q has jurisdiction over X, and P believes Q is believing X, then P will believe X.
Freshness (Freshness) rule:
R4:
r4 indicates that if P believes that a portion (X) of the message (X, Y) is fresh, then P believes that (X, Y) is also fresh.
3) Establishing two schema proof targets
To indicate that the vehicle node mutual authentication key scheme within the cluster is secure, two security goals, Goal1 and Goal2, need to be implemented.
Goal1:Vj|≡ξ1。VjIt is believed that ViThe sent key agreement information.
Goal2:Vi|≡ξ2。ViIt is believed that VjThe sent key agreement information.
4) Idealized protocol form
The general form of the 3.3 authenticated key agreement protocol flow is converted into an idealized form:
①
②
③
④
⑤
⑥
5) hypothesis of the premises
Prior to the security attestation of the protocol, the following assumptions need to be made for the BAN logic:
P1:
P2:
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:
P11:
P12:
6) proof of scheme security
By analyzing the safety of the idealized scheme form, two safety certification targets, Goal1 and Goal2, were obtained.
①
According to P1:
and Message-serving rule R1:
RSU can be obtainedi|≡Vi|~{Bvi,AIDVi}. When the time stamp TviAfter passing the test, there is RSUi|≡#(Tvi). And according to the Freshness rule R4:
and Nonce-verification rule R3:
to obtain the RSUi|≡Vi|≡{Bvi,AIDVi}. And finally, according to the Jurisdiction rule R2:
and P7:
RSU can be obtainedi|≡{Bvi,AIDVi}。BviAnd AIDViAfter passing the test, RSUiWill SIDVjCorresponding prime number pjIs sent to Vi。
②
The same applies to P2:
and R1, V can be obtainedi|≡RSUi|~pj. When the time stamp TRiAfter passing the test, there is Vi|≡#(TRi). From R4 and R3, V can be derivedi|≡RSUi|≡pj. Finally according to R2 and P8:
can obtain Vi|≡pj. When V isiTo obtain VjAfter the corresponding prime number, sending a signature authentication key agreement message to Vj。
③
According to P5:
and R1, RSU can be obtainedi|≡Vj|~{Bvj,AIDVj}. When the time stamp TvjAfter customs clearance inspection, RSU is availablei|≡#(Tvj). RSU can be obtained from R4 and R3i|≡Vj|≡{Bvj,AIDVj}. Finally according to R2 and P10:
RSU can be obtainedi|≡{Bvj,AIDVj}。BvjAnd AIDVjAfter passing the test, RSUiWill SIDViCorresponding prime number piIs sent to Vj。
④
According to P6:
and R1, V can be obtainedj|≡RSUi|~pi. When the time stamp TRjAfter passing the test, there is Vj|≡#(TRj). From R4 and R3, V can be derivedj|≡RSUi|≡pi. Finally according to R2 and P11:
can obtain Vi|≡pj. When V isjTo obtain ViAfter the corresponding prime number, it is paired with the prime number from ViThe signature information is verified, and after the verification is passed, a signature key negotiation message is sent to the Vi。
⑤
According to P4:
and R1, can give
When the time stamp TijAfter passing the test, there is Vj|≡#(Tij). From R4 and R3, one can obtain
Then according to R2 and P9:
to obtain
When coming from ViSigned message of
And
after passing the check, the protocol completes VjTo ViAuthentication of (V)jIt is believed that ViKey agreement message xi of1I.e. Vj|≡ξ1. This completes the target Goal 1. VjSelecting random number beta, calculating xi2=Tβ(x) modn and session key sk ≡ Tβ(ξ1)modn≡Tβ·α(x) mod n. Finally, sending a signature authentication key negotiation message to Vi。
⑥
According to P3:
and R1, can give
When the time stamp TjiVerified as fresh, i.e. Vi|#(Tji). From R4 and R3, one can obtain
Then according to R2 and P12:
to obtain
When coming from VjSignature information of
And
by inspection, δ also passes verification, ViIs believed to come from VjOf session key message xi2I.e. Vi|≡ξ2. The target Goal2 is completed here. Last ViComputing the session key sk ≡ Tα(ξ2)modn≡Tα·β(x)modn。
As can be seen from the certification process of Goal1 and Goal2, the scheme provided by the invention can effectively realize the security certification of mutual authentication key agreement of members in a group. All messages involved in the scheme are simulated by utilizing a BAN logic model, two targets of completing scheme safety certification are established, and verification of message sources, verification of message freshness and verification of message source reliability are completed on the premise of reasonable assumption. And finally, proving two preset targets according to the model rule, and finishing formalized proving of the scheme.
The invention considers the problems of rapid movement of vehicles and rapid change of vehicle topology in the VANET system, establishes a dynamic vehicle group by utilizing the Chinese remainder theorem and adapts to the rapid change of the VANET network topology; aiming at the problem that communication on a network which is disclosed again by vehicles in VANET is easy to be attacked by eavesdropping, tampering, counterfeiting and the like, the key agreement is carried out by utilizing the semigroup of Chebyshev chaotic mapping, and the communication message is encrypted by using the agreed key to complete the safe communication on the public network; a pseudonym updater and a private key updating scheme are adopted to update the pseudonym and the private key corresponding to the vehicle, so that the identity privacy safety of the vehicle is effectively protected; for the problem of the malicious vehicles in the vehicle group, the identity of the malicious vehicles is traced by using signature messages of the malicious vehicles, and the legal identity of the malicious vehicles is revoked by modifying public key information corresponding to the malicious vehicles; the BAN logic model is used for formalized proving of the semantic security of the authentication key agreement scheme, so that the secure communication can be ensured under the condition of malicious attack, and the method has good economic benefit.
The above-mentioned embodiments, which further illustrate the objects, technical solutions and advantages of the present invention, should be understood that the above-mentioned embodiments are only preferred embodiments of the present invention, and should not be construed as limiting the present invention, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method for negotiating a group authentication key in a vehicle-mounted ad hoc network is characterized by comprising the following steps:
establishing a dynamic vehicle group according to the Chinese remainder theorem;
information sender V in vehicle groupiSigning information using private key information, information receiver VjInformation sender V through public key information in signature informationiThe identity of (2) is authenticated; information sender ViAnd an information receiver VjAfter the identities are authenticated mutually, the two communication parties carry out key agreement according to the semigroup of Chebyshev chaotic mapping;
respectively updating the corresponding pseudonyms and private keys of the vehicles by adopting a pseudonym updating mechanism and a private key updating mechanism;
the identity of the malicious vehicle is traced through the signature message, and the legal identity of the malicious vehicle is revoked by modifying the public key information corresponding to the malicious vehicle.
2. The method of claim 1, wherein establishing a dynamic vehicle group according to the Chinese remainder theorem comprises: initializing a trusted center TA; registering a vehicle-mounted unit OBU and a roadside unit RSU on the TA; and the TA constructs a dynamic vehicle group by adopting the Chinese remainder theorem according to the registered OBU and the registered RSU.
3. The method of claim 2, wherein the process of constructing the dynamic vehicle group comprises: the credible center constructs a congruence equation set according to the public key of the vehicle node i and the public key of the roadside unit, wherein the congruence equation set is expressed as follows:
where c denotes the system public key, yi(i ═ 1,2, …, k) denotes the public key of vehicle node i, yk+1Public key representing roadside unit, pi(i-1, 2, …, k) represents the prime number issued by the trust center to vehicle i, pk+1Representing the prime number sent by the trusted center to the roadside unit.
4. The method for intra-group authenticated key agreement in the vehicle-mounted ad hoc network according to claim 1, wherein the process of key agreement between two communication parties according to the half-group of chebyshev chaotic mapping comprises:
S1:Viselecting a timestamp TviCalculating B from the selected time stampviAnd AIDV; will request message Bvi,Tvi,AIDVi,SIDVjSending to roadside units RSUi(ii) a Wherein, SIDVjRepresents VjPseudonym of (B)viIndicates first falseFirst name verification auxiliary parameter, AIDViRepresenting a second pseudonym-verification-assistance parameter;
S2:RSUiverifying the received request message, and if the verification fails, rejecting the request message; if the verification is successful, the RSUiWill { pj,TRiIs sent to Vi(ii) a Wherein p isjRepresents VjPrime number of, TRiRepresenting the RSUiTo ViA timestamp of (d);
S3:Viauthentication from RSUiIf the verification is passed, sending a key negotiation request message to Vj(ii) a If the verification fails, the RSU is refused to be receivediThe message of (2); wherein, the key negotiation request message includes: viFirst signature of
ViSecond signature of
Time slice tvi,ViTo VjTime stamp T ofijKey agreement information xi1;
S4:VjVerifying the time stamp in the key negotiation request message, and if the verification is successful, sending the time stamp to the RSUiSending prime number request message, if verification fails, refusing to receive key negotiation request message;
S5:RSUiverifying the received key negotiation request message, and if the verification fails, rejecting the request message; if the verification is successful, the RSUiWill { pi,TRjIs sent to Vj(ii) a Wherein p isiRepresents ViPrime number of, TRjIndicating a current timestamp of the system;
S6:Vjauthentication from RSUiAfter passing the verification, VjTo ViAfter the authentication is successful, the key negotiation message is sent to the Vi(ii) a Otherwise refusing to send the key negotiation message;
S7:Viinspection VjIf the verification fails, the establishment of the session key fails, and if the verification succeeds, the establishment of the session key succeeds.
5. The method of claim 4, wherein the RSU performs the negotiation of the authentication key in the group in the Ad hoc networkiAuthenticating the received request message comprises: judging whether the freshness condition is satisfied, if not, rejecting the request message, if so, rejecting the request message according to ViPrime number p ofiTime stamp TviAnd AIDVi' calculation Bvi'; judgment Bvi' and BviAnd whether the two are equal or not is judged, if so, the verification is successful, and if not, the verification fails.
6. The method of claim 4, wherein V is a group authentication key agreement method in a vehicle ad hoc networkjTo ViThe authenticating the identity information comprises: according to ViPrime number p ofiComputing public key y of vehicle node iiAccording to the public key y of the vehicle node iiCalculation equation
If it is not true, VjRefuse ViThe key agreement request is received, the identity authentication fails, and if the key agreement request is received, the identity authentication is successful.
7. The method of claim 1, wherein the pseudonym update mechanism is: the trust center TA assigns a pseudonym update seed delta ID to each registered vehiclej(ii) a When the vehicle node ViAccess VjCurrent pseudonym
After the corresponding prime number, the road side unit RSU sends a pseudonym updating request to the TA; TA calculation of VjCorresponding next pseudonym
And publishing; record the corresponding prime number pjAnd l, corresponding pseudonym prime numbers to lists
Sent to the RSU.
8. The method for negotiating the authentication key in the group in the vehicle ad hoc network according to claim 1, wherein the private key updating mechanism is: viAt the t thviA private key of a time slice of
Then at tviV in +1 time slicesiThe private key of
When t isviAfter the private key corresponding to +1 time slice is generated, the OBUiImmediately will tviDeleting the private key of each time slice; if tviVehicle node V ═ LiT th of outputviThe key of +1 time slice is an empty string; when V isiWhen the time segment of (V) is exhaustediReselecting private key xi',0And recalculates the corresponding public key yiTA from the recalculated public key yiThe system public key c is updated.
9. The method for negotiating the authentication key in the cluster in the vehicular ad hoc network as claimed in claim 1, wherein the process of revoking the legal identity by modifying the public key information corresponding to the malicious vehicle comprises: viIn the RSUiWhen a malicious message is issued in a coverage area, the RSUiObtaining ViP used in sending malicious messagesi(ii) a In the list of pseudonyms and prime numbers λSIDV,pFinding a trusted center TA of ViThe generated current pseudonym is obtained as ViCurrent pseudonym SIDVi(ii) a Hair-like deviceSIDV sending kanaiAnd piTo TA, TA is given by equation H0(IDVi||δsk)=SIDVi、piCorresponding l and pseudonym update seed delta IDiJudging the real identity of the vehicle corresponding to the pseudonym; TA will pair V according to the real identity of the vehicle to which the pseudonym correspondsiThe revocation is performed with a legitimate identity within the group.
10. The method of claim 9, wherein the negotiating the authentication key in the group in the vehicle ad hoc network by modifying the public key information corresponding to the malicious vehicle comprises: will ViCorresponding public key information yiModified to another random number yi' the other vehicle node information remains unchanged and the system public key c is updated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111510554.2A CN114302390B (en) | 2021-12-10 | 2021-12-10 | Intra-group authentication key negotiation method in vehicle-mounted ad hoc network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111510554.2A CN114302390B (en) | 2021-12-10 | 2021-12-10 | Intra-group authentication key negotiation method in vehicle-mounted ad hoc network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114302390A true CN114302390A (en) | 2022-04-08 |
| CN114302390B CN114302390B (en) | 2024-05-17 |
Family
ID=80966887
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111510554.2A Active CN114302390B (en) | 2021-12-10 | 2021-12-10 | Intra-group authentication key negotiation method in vehicle-mounted ad hoc network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114302390B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116528235A (en) * | 2023-06-30 | 2023-08-01 | 华侨大学 | Vehicle-ground wireless communication authentication method and system based on extended chebyshev polynomial |
| CN117978537A (en) * | 2024-03-18 | 2024-05-03 | 暨南大学 | Condition privacy protection authentication method based on internet of vehicles |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110016058A1 (en) * | 2009-07-14 | 2011-01-20 | Pinchuk Steven G | Method of predicting a plurality of behavioral events and method of displaying information |
| CN106027233A (en) * | 2016-04-28 | 2016-10-12 | 江苏大学 | Method for designing vehicle network group negotiation communication protocol |
| CN109756893A (en) * | 2019-01-25 | 2019-05-14 | 黑龙江大学 | A kind of intelligent perception Internet of Things anonymous authentication method based on chaotic maps |
| CN110417541A (en) * | 2019-09-03 | 2019-11-05 | 北京宏思电子技术有限责任公司 | Attack encryption key method, device, electronic equipment and computer readable storage medium |
| CN111092732A (en) * | 2019-12-06 | 2020-05-01 | 郑州轻工业大学 | Anonymous authentication method based on certificateless group signature in Internet of vehicles |
-
2021
- 2021-12-10 CN CN202111510554.2A patent/CN114302390B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110016058A1 (en) * | 2009-07-14 | 2011-01-20 | Pinchuk Steven G | Method of predicting a plurality of behavioral events and method of displaying information |
| CN106027233A (en) * | 2016-04-28 | 2016-10-12 | 江苏大学 | Method for designing vehicle network group negotiation communication protocol |
| CN109756893A (en) * | 2019-01-25 | 2019-05-14 | 黑龙江大学 | A kind of intelligent perception Internet of Things anonymous authentication method based on chaotic maps |
| CN110417541A (en) * | 2019-09-03 | 2019-11-05 | 北京宏思电子技术有限责任公司 | Attack encryption key method, device, electronic equipment and computer readable storage medium |
| CN111092732A (en) * | 2019-12-06 | 2020-05-01 | 郑州轻工业大学 | Anonymous authentication method based on certificateless group signature in Internet of vehicles |
Non-Patent Citations (3)
| Title |
|---|
| "VANET ***中基于中国剩余定理的群内相互认证密钥协商协议", 《通信学报》 * |
| JIYUN YANG: "A Chebyshev polynomial-based conditional privacy-preserving authentication and group-key agreement scheme for VANET", 《SPRINGER》 * |
| 韩牟;华蕾;王良民;江浩斌;马世典;: "车载自组网中高效的群组协商通信协议", 通信学报, no. 01 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116528235A (en) * | 2023-06-30 | 2023-08-01 | 华侨大学 | Vehicle-ground wireless communication authentication method and system based on extended chebyshev polynomial |
| CN116528235B (en) * | 2023-06-30 | 2023-10-20 | 华侨大学 | Vehicle-ground wireless communication authentication method and system based on extended chebyshev polynomial |
| CN117978537A (en) * | 2024-03-18 | 2024-05-03 | 暨南大学 | Condition privacy protection authentication method based on internet of vehicles |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114302390B (en) | 2024-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | Enhanced security identity-based privacy-preserving authentication scheme supporting revocation for VANETs | |
| Tzeng et al. | Enhancing security and privacy for identity-based batch verification scheme in VANETs | |
| CN109698754B (en) | Fleet safety management system and method based on ring signature and vehicle management platform | |
| Ma et al. | Redactable blockchain in decentralized setting | |
| CN112543106B (en) | Vehicle privacy anonymous protection method based on block chain and group signature | |
| KR101479973B1 (en) | Method for a public-key infrastructure providing communication integrity and anonymity while detecting malicious communication | |
| Bouakkaz et al. | A certificateless ring signature scheme with batch verification for applications in VANET | |
| CN111756547A (en) | Vehicle privacy protection method based on block chain and blind signature | |
| CN114302390B (en) | Intra-group authentication key negotiation method in vehicle-mounted ad hoc network | |
| CN113761582A (en) | Group signature based method and system for protecting privacy of block chain transaction under supervision | |
| CN114286332B (en) | Dynamic efficient vehicle-mounted cloud management method with privacy protection function | |
| Guehguih et al. | Blockchain-based privacy-preserving authentication and message dissemination scheme for vanet | |
| CN112243234A (en) | Identity-based privacy security protection method for Internet of vehicles | |
| CN115442048A (en) | VANET-oriented block chain-based anonymous authentication method | |
| CN115515127A (en) | Vehicle networking communication privacy protection method based on block chain | |
| CN113364598B (en) | Batch authentication method for privacy protection in Internet of vehicles environment | |
| CN117793670A (en) | Internet of vehicles secure communication method under block chain architecture | |
| Agustina et al. | Secure VANET protocol using hierarchical pseudonyms with blind signature | |
| Hegde et al. | Hash based integrity verification for vehicular cloud environment | |
| Squicciarini et al. | Paim: Peer-based automobile identity management in vehicular ad-hoc network | |
| CN113556730B (en) | Method and system for protecting identity privacy of Internet of vehicles and storage medium | |
| Chen et al. | SAVE: Efficient privacy-preserving location-based service bundle authentication in self-organizing vehicular social networks | |
| Aftab et al. | Towards a distributed ledger based verifiable trusted protocol for VANET | |
| Xu et al. | DPB-MA: Low-Latency Message Authentication Scheme Based on Distributed Verification and Priority in Vehicular Ad Hoc Network | |
| Behera et al. | A secure and efficient message authentication protocol for vehicular Ad hoc Networks with privacy preservation (MAPWPP) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20240204 Address after: 1003, Building A, Zhiyun Industrial Park, No. 13 Huaxing Road, Henglang Community, Dalang Street, Longhua District, Shenzhen City, Guangdong Province, 518000 Applicant after: Shenzhen Wanzhida Technology Transfer Center Co.,Ltd. Country or region after: China Address before: 400065 Chongwen Road, Nanshan Street, Nanan District, Chongqing Applicant before: CHONGQING University OF POSTS AND TELECOMMUNICATIONS Country or region before: China |
|
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20240422 Address after: Room 2062, No. 422 East Xingye Avenue, Nancun Town, Panyu District, Guangzhou City, Guangdong Province, 510000 Applicant after: Guangzhou Zhuohang Information Technology Co.,Ltd. Country or region after: China Address before: 1003, Building A, Zhiyun Industrial Park, No. 13 Huaxing Road, Henglang Community, Dalang Street, Longhua District, Shenzhen City, Guangdong Province, 518000 Applicant before: Shenzhen Wanzhida Technology Transfer Center Co.,Ltd. Country or region before: China |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |