Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a method for negotiating an intra-group authentication key in a vehicle-mounted ad hoc network, which comprises the following steps: .
Establishing a dynamic vehicle group according to the Chinese remainder theorem;
information sender V in vehicle groupiSigning information using private key information, information receiver VjInformation sender V through public key information in signature informationiThe identity of (2) is authenticated; information sender ViAnd an information receiver VjAfter the identities are authenticated mutually, the two communication parties carry out key agreement according to the semigroup of Chebyshev chaotic mapping;
respectively updating the corresponding pseudonyms and private keys of the vehicles by adopting a pseudonym updating mechanism and a private key updating mechanism;
the identity of the malicious vehicle is traced through the signature message, and the legal identity of the malicious vehicle is revoked by modifying the public key information corresponding to the malicious vehicle.
Preferably, the establishing of the dynamic vehicle group according to the Chinese remainder theorem includes: initializing a trusted center TA; registering a vehicle-mounted unit OBU and a roadside unit RSU on the TA; and the TA constructs a dynamic vehicle group by adopting the Chinese remainder theorem according to the registered OBU and the registered RSU.
Further, the process of constructing the dynamic vehicle group comprises: the credible center constructs a congruence equation set according to the public key of the vehicle node i and the public key of the roadside unit, wherein the congruence equation set is expressed as follows:
where c denotes the system public key, yi(i ═ 1,2, …, k) denotes the public key of vehicle node i, yk+1Public key representing roadside unit, pi(i-1, 2, …, k) represents the prime number issued by the trust center to vehicle i, pk+1Representing the prime number sent by the trusted center to the roadside unit.
Preferably, the process of performing key agreement by both communication parties according to the semigroup of the chebyshev chaotic mapping includes:
S1:Viselecting a timestamp TviCalculating B from the selected time stampviAnd AIDV; will request message Bvi,Tvi,AIDVi,SIDVjSending to roadside units RSUi(ii) a Wherein, SIDVjRepresents VjPseudonym of (B)viRepresenting a first pseudonym-verification-assistance parameter, AIDViRepresenting a second pseudonym-verification-assistance parameter;
S2:RSUiverifying the received request message, and if the verification fails, rejecting the request message; if the verification is successful, the RSUiWill { pj,TRiIs sent to Vi(ii) a Wherein p isjRepresents VjPrime number of, TRiRepresenting the RSUiTo ViA timestamp of (d);
S3:V
iauthentication from RSU
iIf the verification is passed, sending a key negotiation request message to V
j(ii) a If the authentication fails, the authentication process is executed,refusing to receive the RSU
iThe message of (2); wherein, the key negotiation request message includes: v
iFirst signature of
V
iSecond signature of
Time slice t
vi,V
iTo V
jTime stamp T of
ijKey agreement information xi
1;
S4:VjVerifying the time stamp in the key negotiation request message, and if the verification is successful, sending the time stamp to the RSUiSending prime number request message, if verification fails, refusing to receive key negotiation request message;
S5:RSUiverifying the received key negotiation request message, and if the verification fails, rejecting the request message; if the verification is successful, the RSUiWill { pi,TRjIs sent to Vj(ii) a Wherein p isiRepresents ViPrime number of, TRjIndicating a current timestamp of the system;
S6:Vjauthentication from RSUiAfter passing the verification, VjTo ViAfter the authentication is successful, the key negotiation message is sent to the Vi(ii) a Otherwise refusing to send the key negotiation message;
S7:Viinspection VjIf the verification fails, the establishment of the session key fails, and if the verification succeeds, the establishment of the session key succeeds.
Further, RSUiAuthenticating the received request message comprises: judging whether the freshness condition is satisfied, if not, rejecting the request message, if so, rejecting the request message according to ViPrime number p ofiTime stamp TviAnd AIDVi' calculation Bvi'; judgment Bvi' and BviAnd whether the two are equal or not is judged, if so, the verification is successful, and if not, the verification fails.
Go toOf step (V)
jTo V
iThe authenticating the identity information comprises: according to V
iPrime number p of
iComputing public key y of vehicle node i
iAccording to the public key y of the vehicle node i
iCalculation equation
If it is not true, V
jRefuse V
iThe key agreement request is received, the identity authentication fails, and if the key agreement request is received, the identity authentication is successful.
Preferably, the pseudonym update mechanism is as follows: the trust center TA assigns a pseudonym update seed delta ID to each registered vehicle
j(ii) a When the vehicle node V
iAccess V
jCurrent pseudonym
After the corresponding prime number, the road side unit RSU sends a pseudonym updating request to the TA; TA calculation of V
jCorresponding next pseudonym
And publishing; record the corresponding prime number p
jAnd l, corresponding pseudonym prime numbers to lists
Sent to the RSU.
Preferably, the private key update mechanism is as follows: v
iAt the t th
viA private key of a time slice of
Then at t
viV in +1 time slices
iThe private key of
When t is
viAfter the private key corresponding to +1 time slice is generated, the OBU
iImmediately will t
viDeleting the private key of each time slice; if t
viVehicle node V ═ L
iT th of output
viThe key of +1 time slice is an empty string; when V is
iTime ofWhen the fragment is used up, V
iReselecting private key x'
i,0And recalculates the corresponding public key y
iTA from the recalculated public key y
iThe system public key c is updated.
Preferably, the process of revoking the legal identity of the malicious vehicle by modifying the public key information corresponding to the malicious vehicle comprises: viIn the RSUiWhen a malicious message is issued in a coverage area, the RSUiObtaining ViP used in sending malicious messagesi(ii) a In the list of pseudonyms and prime numbers λSIDV,pFinding a trusted center TA of ViThe generated current pseudonym is obtained as ViCurrent pseudonym SIDVi(ii) a Sending pseudonyms SIDViAnd piTo TA, TA is given by equation H0(IDVi||δsk)=SIDVi、piCorresponding l and pseudonym update seed delta IDiJudging the real identity of the vehicle corresponding to the pseudonym; TA will pair V according to the real identity of the vehicle to which the pseudonym correspondsiThe revocation is performed with a legitimate identity within the group.
Further, the modifying the public key information corresponding to the malicious vehicle includes: will ViCorresponding public key information yiModified to another random number y'iAnd the other vehicle node information is kept unchanged, and the system public key c is updated.
The invention has the beneficial effects that: the invention considers the problems of rapid movement of vehicles and rapid change of vehicle topology in the VANET system, establishes a dynamic vehicle group by utilizing the Chinese remainder theorem and adapts to the rapid change of the VANET network topology; aiming at the problem that communication on a network which is disclosed again by vehicles in VANET is easy to be attacked by eavesdropping, tampering, counterfeiting and the like, the key agreement is carried out by utilizing the semigroup of Chebyshev chaotic mapping, and the communication message is encrypted by using the agreed key to complete the safe communication on the public network; a pseudonym updater and a private key updating scheme are adopted to update the pseudonym and the private key corresponding to the vehicle, so that the identity privacy safety of the vehicle is effectively protected; for the problem of the malicious vehicles in the vehicle group, the identity of the malicious vehicles is traced by using signature messages of the malicious vehicles, and the legal identity of the malicious vehicles is revoked by modifying public key information corresponding to the malicious vehicles; the BAN logic model is used for formalized proving of the semantic security of the authentication key agreement scheme, so that the secure communication can be ensured under the condition of malicious attack, and the method has good economic benefit.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a method for negotiating an intra-group authentication key in a vehicle-mounted ad hoc network, which comprises the following steps of: establishing a dynamic vehicle group according to the Chinese remainder theorem; information sender V in vehicle groupiSigning information using private key information, information receiver VjInformation sender V through public key information in signature informationiThe identity of (2) is authenticated; information sender ViAnd an information receiver VjAfter the identities are authenticated mutually, the two communication parties carry out key agreement according to the semigroup of Chebyshev chaotic mapping; using a pseudonym update mechanismThe private key updating mechanism updates the corresponding pseudonyms and private keys of the vehicles respectively; the identity of the malicious vehicle is traced through the signature message, and the legal identity of the malicious vehicle is revoked by modifying the public key information corresponding to the malicious vehicle.
As shown in fig. 2, the vehicle ad hoc network system includes: the system comprises a roadside unit RSU, a mobile automobile TV and a trusted authority TA, wherein wired communication is adopted between the TA and the RSU, and wireless communication is adopted between the TV and the RSU.
The TA (trusted center) will establish a dynamic group of vehicle sessions with registered vehicles and RSUs (road side units) using the chinese remainder theorem. The specific process is as follows:
and (3) TA initialization phase:
TA is responsible for system initialization, defining two one-way hash functions
l
iThe bit width output for the hash function. For Chebyshev chaotic mapping, TA selects a public parameter x, a large prime number n and a system private key delta
sk。
RSU and OBU (on board unit) registration phase:
1)OBUiis registered with
As shown in FIG. 3, assume that there is a group of vehicles, where there are now k members of the vehicle { V }
1,V
2,…,V
k}. Vehicle node V
iIn identity registration, V
iOn OBU
iWill vehicle V
iTrue identity IDV of
iSent to the TA over the secure channel. After TA receives the message, calculate V
iIs the pseudonym SIDV of
i=H
0(IDV
i||δ
sk) And published in the whole system. TA selects a large prime number p
i(i-1, 2, …, k) satisfying the condition that when i-j, p
i≠p
jAnd is in (0-p)
iTwo large prime numbers in-1). TA selection System common parameter g, g is the primitive root of the exponential operation, and is also all multiplications
The generator of (1). TA will { SIDV
i,p
iIs sent to V through a safety channel
i。
V
iReceiving SIDV from TA
i,p
iAfter the code is multiplied, the initial code of the user is randomly selected
Calculating V
iOf (2) a public key
V
iWill { y
iIt is sent to the TA over the secure channel. The TA divides the effective time of the public key of the vehicles in the vehicle group into L time segments, and the public key y of the vehicle node in the L time segments
iRemain unchanged. When L time slices are exhausted, V
iWill reselect private key x'
i,0And recalculates the public key y
iThe TA will also update the system public key c.
2)RSUiIs registered with
As shown in fig. 4, RSU
iRegistration procedure and OBU
iSimilar to the registration process of the prior art, the true identity IDR is obtained
iSent to TA via secure channel, TA calculates RSU
iIs a pseudonym SIDR
i=H
0(IDR
i||δ
sk) And is allocated to RSU
iA large prime number p
k+1。RSU
iSelecting a private key
And calculates the corresponding public key y
k+1And returns to TA.
TA building groups
TA based on receiving y from k vehicle nodesi(i ═ 1,2, …, k) and (ii) from RSUiY of (A) to (B)k+1Constructing a congruence equation set:
wherein c is a system public key, and the congruence equation set can be calculated by utilizing the Chinese remainder theorem to be
Wherein P ═ P
1p
2…p
k+1,
To represent
To p
iTaking the inverse of the modulus; TA calculation SP
i=H
1(SIDV
i||p
i) And will { SIDV
i,p
iIs sent to the registered RSU
i。RSU
iAccording to received { SIDV
i,p
i} generation of a V
iList lambda with corresponding pseudonyms and prime numbers
SIDV,p。
The two communication parties utilize the signature information to quickly authenticate the identity of the message sender and carry out key agreement through the semigroup of Chebyshev chaotic mapping. The algorithm flow is shown in fig. 5, and the specific process of the algorithm is as follows:
S1:Viselecting a timestamp TviCalculating B from the selected time stampviAnd AIDV; will request message Bvi,Tvi,AIDVi,SIDVjSending to roadside units RSUi(ii) a Wherein, SIDVjRepresents VjPseudonym of (B)viAnd AIDViThe calculation formulas of (A) and (B) are respectively as follows:
Bvi=H1(SIDVi||pi||Tvi)
wherein, BviRepresenting a first pseudonym-verification-assistance parameter, AIDViDenotes a second pseudonym verification auxiliary parameter, H1() Representing a hash function, | | | represents a connector;
S2:RSU
iverifying the received request message, wherein the verification process comprises the following steps: RSU
iAfter receiving the message, first pass (T)
iR-T
vi) < Δ T check T
viWhere Δ T represents the effective time difference between the two timestamps specified by the system, T
iRRepresents V
iA timestamp issued to the RSU; if the verification fails, rejecting the request message; if the verification is successful, calculating
By judging equation B'
vi=H
1(SIDV’
i||p
i||T
vi)=B
viWhether the identity of the message requester is valid or not is judged, and only members in the group can pass the verification. If the equality is not true, rejecting the request message; if the equation is true, the RSU
iWill { p
j,T
RiIs sent to V
i。
S3:V
iAuthentication from RSU
iAnd sends a key agreement request message to V
j(ii) a The verification process comprises the following steps: v
iReceive { p
j,T
RiAfter that, first by (T)
vRi-T
Ri) < Δ T check timestamp T
RiFreshness of (T)
vRiIs the system current timestamp; by the equation SP
j=H
1(SIDV
j||p
j) Whether it is true or not to determine whether it is true from the RSU
iCorrectness of the message. If not, rejecting the message, if true, V
iSelecting a current timestamp T
ijSelecting random number alpha and calculating xi
1≡T
α(x)modn;V
iSigning the key agreement request, randomly selecting
Represents less than V
iPrime number p of
iDetermining the time segment t
viCalculating V
iFirst signature of
And V
iSecond signature of
V
iKey agreement request message
Is sent to V
j。
S4:VjFor time stamp T in key agreement request messageijCarrying out verification; the verification process comprises the following steps: vjAfter receiving the message, pass (T)rj-Tij) < Δ T test TijFreshness of (T)rjIs the system current timestamp. If the verification fails, refusing to receive the key negotiation request message, if the verification succeeds, generating a time stamp Tvj;VjSending prime number request message Bvj,Tvj,AIDVj,SIDViTo RSUi;BvjAnd AIDVjThe calculation formulas of (A) and (B) are respectively as follows:
Bvj=H1(SIDVj||pj||Tvj)
S5:RSU
iverifying the received key negotiation request message; the verification process comprises the following steps: RSU
iAfter receiving the message, first pass (T)
jR-T
vj) < Δ T check timestamp T
vjFreshness of (T)
jRIs the system current timestamp. If the verification fails, rejecting the request message; if the verification is successful, calculating
By calculating equation B'
vj=H
1(SIDV’
j||p
j||T
vj)=B
vjAnd whether the identity of the sender of the message is valid or not is judged. If the equality is not true, rejecting the request message; if the equation is true, the RSU
iWill { p
i,T
RjIs sent to V
j。
S6:V
jAuthentication from RSU
iAfter passing the verification, V
jTo V
iAfter the authentication is successful, the key negotiation message is sent to the V
i(ii) a Otherwise refusing to send the key negotiation message; the verification process comprises the following steps: v
jBy (T)
vRj-T
Rj) < Δ T decision timestamp T
RjFreshness of (T)
RjIs the system current timestamp. By calculating the equation SP
i=H
1(SIDV
i||p
i) Judging whether the signal is from RSU
iCorrectness of prime numbers. After the verification is passed, the pair V
iThe identity information of the user is authenticated, and the authentication process comprises the following steps: calculating y
i≡c(modp
i) Judgment equation
(modp
i) Whether or not this is true. If the equality is not true, reject from V
iThe authentication fails; if the equation holds, authentication succeeds, V
jRandomly selecting beta and timestamp T
jiCalculating xi
2≡T
β(x)modn,sk≡T
β(ξ
1)modn,M
ij=H
1(sk||ξ
1||ξ
2),
V
jSigning the key agreement message, randomly selecting
Represents less than V
jPrime number p of
jDetermining the time segment t
vjCalculating
And
V
jsending a key agreement message
For V
i。
S7:V
iInspection V
jIf the verification fails, the establishment of the session key fails, and if the verification succeeds, the establishment of the session key succeeds; the inspection process comprises the following steps: v
iFirst pass through (T)
ri-T
ji)<Δ T vs. timestamp T
jiCarrying out an inspection of T
riIs the system current timestamp. After the time stamp passes the verification, V is authenticated again
jIs determined by the identity of
Whether or not this is true. If the result is false, the authentication fails, and if the result is true, the sk' ≡ T is calculated
α(ξ
2) modn and M'
ij=H
1(sk’||ξ
1||ξ
2) Judgment equation
Whether the result is true or not; if not, the session key negotiation fails; if true, V
i,V
jThe session key negotiation between the two is successful, and the session key is the sk ≡ T
α(T
β(x))modn=T
β(T
α(x))modn。
By adopting a pseudonym updating mechanism and a private key updating mechanism, the identity privacy safety of the vehicle can be effectively protected, and if the same pseudonym and the same private key are used all the time, an attacker can threaten the privacy safety of the vehicle by collecting signature information corresponding to the pseudonym; the process of respectively updating the corresponding pseudonym and the private key of the vehicle by adopting the pseudonym updating mechanism and the private key updating mechanism is as follows:
private key update mechanism: v
iAt the t th
viA private key of a time slice of
Then at t
viV in +1 time slices
iThe private key of
When t is
viAfter the private key corresponding to +1 time slice is generated, the OBU
iWill immediately send t
viThe private key of each time slice is deleted. If t
viVehicle node V ═ L
iT th of output
viThe key for the +1 time segment is an empty string. When V is
iWhen the time segment of (V) is exhausted
iReselecting private key x'
i,0And recalculates the corresponding public key y
iThe TA will also update the system public key c.
Pseudonym update mechanism: TA assigns a pseudonym update seed delta ID to each registered vehicle
iOr delta ID
jWhen the vehicle node V
iAccess V
jCurrent pseudonym
After the corresponding prime number, the RSU sends a pseudonym update request to the TA, and the TA calculates V
jCorresponding next pseudonym
And publishes and records the corresponding prime number p
jAnd l. Then the pseudonym prime numbers are correspondingly listed
Sent to the RSU.
When the system finds that the malicious vehicle carries out malicious behaviors in the vehicle group, the TA carries out identity tracing on the identity of the malicious vehicle according to the signature message in the message issued by the malicious vehicle, and the malicious vehicle does not have the legal identity in the vehicle group by modifying the large prime number distributed to the malicious vehicle. The algorithm flow is shown in fig. 6, and the specific process is as follows:
when passing the registered vehicle node ViWhen a malicious message is issued in a vehicle group, the TA traces and revokes the legal identity of the TA. ViIn the RSUiWhen a malicious message is issued in a coverage area, the RSUiFirst obtain ViP used in sending malicious messagesiThen tabulated λ in pseudonym and prime numbersSIDV,pIs found inTA is ViThe current pseudonym generated. To obtain ViCurrent pseudonym SIDViAfter that, the pseudonym SIDV is transmittediAnd piTo TA. TA by equation H0(IDVi||δsk)=SIDVi、piCorresponding l and pseudonym update seed delta IDiAnd judging the real identity of the vehicle corresponding to the pseudonym. Obtaining ViAfter the true identity of TA, TA will be paired with ViThe revocation is performed with a legitimate identity within the group. In addition, when registered legal vehicle node VjWhen leaving the vehicle node group established by the TA, the TA can also withdraw VjThe identity of (c). TA revocation group Member ViLegal identity within a group, only V needs to be assignediCorresponding public key information yiModified to another random number y'iThe other vehicle node information remains unchanged and then the system public key c is updated. At this time ViIt is revoked and its key will not be able to generate valid key agreement information.
The invention uses BAN logic model to prove the semantic security of the scheme, the flow chart of the model is shown in figure 7, and the concrete model is described as follows:
1) BAN logical notation
In the process of secure attestation of the protocol herein, the following BAN logical notation is used:
p | ≡ X: p believes that message X is authentic.
②
P finds a message containing X.
P | -X: p has sent a message containing X for a certain period of time.
④
P owns the jurisdiction of message X.
Fifth # (X): message X is fresh.
Sixthly, (X, Y): x and Y are part of a message (X, Y).
⑦〈X〉Y: message X is encrypted using key Y.
⑧
K is a key shared by P and Q.
2) BAN logic rules
The protocol security is formalized proof herein using 4 BAN logic rules R1-R4:
information-meaning (Message-meaning) rule:
R1:
r1 represents that if P believes the key K shared between entities P and Q and finds that K encrypts the message X, P will believe that Q sent X once.
Nonce-verification (Nonce-verification) rule:
R2:
r2 indicates that if P believes that X is fresh, and P believes that Q has ever sent X, then P believes that Q is believing X.
(iii) jurisdictional (jurisdictional) rules:
R3:
r3 indicates that if P believes Q has jurisdiction over X, and P believes Q is believing X, then P will believe X.
Freshness (Freshness) rule:
R4:
r4 indicates that if P believes that a portion (X) of the message (X, Y) is fresh, then P believes that (X, Y) is also fresh.
3) Establishing two schema proof targets
To indicate that the vehicle node mutual authentication key scheme within the cluster is secure, two security goals, Goal1 and Goal2, need to be implemented.
Goal1:Vj|≡ξ1。VjIt is believed that ViThe sent key agreement information.
Goal2:Vi|≡ξ2。ViIt is believed that VjThe sent key agreement information.
4) Idealized protocol form
The general form of the 3.3 authenticated key agreement protocol flow is converted into an idealized form:
5) hypothesis of the premises
Prior to the security attestation of the protocol, the following assumptions need to be made for the BAN logic:
6) proof of scheme security
By analyzing the safety of the idealized scheme form, two safety certification targets, Goal1 and Goal2, were obtained.
①
According to P1:
and Message-serving rule R1:
RSU can be obtained
i|≡V
i|~{B
vi,AIDV
i}. When the time stamp T
viAfter passing the test, there is RSU
i|≡#(T
vi). And according to the Freshness rule R4:
and Nonce-verification rule R3:
to obtain the RSU
i|≡V
i|≡{B
vi,AIDV
i}. And finally, according to the Jurisdiction rule R2:
and P7:
RSU can be obtained
i|≡{B
vi,AIDV
i}。B
viAnd AIDV
iAfter passing the test, RSU
iWill SIDV
jCorresponding prime number p
jIs sent to V
i。
②
The same applies to P2:
and R1, V can be obtained
i|≡RSU
i|~p
j. When the time stamp T
RiAfter passing the test, there is V
i|≡#(T
Ri). From R4 and R3, V can be derived
i|≡RSU
i|≡p
j. Finally according to R2 and P8:
can obtain V
i|≡p
j. When V is
iTo obtain V
jAfter the corresponding prime number, sending a signature authentication key agreement message to V
j。
③
According to P5:
and R1, RSU can be obtained
i|≡V
j|~{B
vj,AIDV
j}. When the time stamp T
vjAfter customs clearance inspection, RSU is available
i|≡#(T
vj). RSU can be obtained from R4 and R3
i|≡V
j|≡{B
vj,AIDV
j}. Finally according to R2 and P10:
RSU can be obtained
i|≡{B
vj,AIDV
j}。B
vjAnd AIDV
jAfter passing the test, RSU
iWill SIDV
iCorresponding prime number p
iIs sent to V
j。
④
According to P6:
and R1, V can be obtained
j|≡RSU
i|~p
i. When the time stamp T
RjAfter passing the test, there is V
j|≡#(T
Rj). From R4 and R3, V can be derived
j|≡RSU
i|≡p
i. Finally according to R2 and P11:
can obtain V
i|≡p
j. When V is
jTo obtain V
iAfter the corresponding prime number, it is paired with the prime number from V
iThe signature information is verified, and after the verification is passed, a signature key negotiation message is sent to the V
i。
⑤
According to P4:
and R1, can give
When the time stamp T
ijAfter passing the test, there is V
j|≡#(T
ij). From R4 and R3, one can obtain
Then according to R2 and P9:
to obtain
When coming from V
iSigned message of
And
after passing the check, the protocol completes V
jTo V
iAuthentication of (V)
jIt is believed that V
iKey agreement message xi of
1I.e. V
j|≡ξ
1. This completes the
target Goal 1. V
jSelecting random number beta, calculating xi
2=T
β(x) modn and session key sk ≡ T
β(ξ
1)modn≡T
β·α(x) mod n. Finally, sending a signature authentication key negotiation message to V
i。
⑥
According to P3:
and R1, can give
When the time stamp T
jiVerified as fresh, i.e. V
i|#(T
ji). From R4 and R3, one can obtain
Then according to R2 and P12:
to obtain
When coming from V
jSignature information of
And
by inspection, δ also passes verification, V
iIs believed to come from V
jOf session key message xi
2I.e. V
i|≡ξ
2. The target Goal2 is completed here. Last V
iComputing the session key sk ≡ T
α(ξ
2)modn≡T
α·β(x)modn。
As can be seen from the certification process of Goal1 and Goal2, the scheme provided by the invention can effectively realize the security certification of mutual authentication key agreement of members in a group. All messages involved in the scheme are simulated by utilizing a BAN logic model, two targets of completing scheme safety certification are established, and verification of message sources, verification of message freshness and verification of message source reliability are completed on the premise of reasonable assumption. And finally, proving two preset targets according to the model rule, and finishing formalized proving of the scheme.
The invention considers the problems of rapid movement of vehicles and rapid change of vehicle topology in the VANET system, establishes a dynamic vehicle group by utilizing the Chinese remainder theorem and adapts to the rapid change of the VANET network topology; aiming at the problem that communication on a network which is disclosed again by vehicles in VANET is easy to be attacked by eavesdropping, tampering, counterfeiting and the like, the key agreement is carried out by utilizing the semigroup of Chebyshev chaotic mapping, and the communication message is encrypted by using the agreed key to complete the safe communication on the public network; a pseudonym updater and a private key updating scheme are adopted to update the pseudonym and the private key corresponding to the vehicle, so that the identity privacy safety of the vehicle is effectively protected; for the problem of the malicious vehicles in the vehicle group, the identity of the malicious vehicles is traced by using signature messages of the malicious vehicles, and the legal identity of the malicious vehicles is revoked by modifying public key information corresponding to the malicious vehicles; the BAN logic model is used for formalized proving of the semantic security of the authentication key agreement scheme, so that the secure communication can be ensured under the condition of malicious attack, and the method has good economic benefit.
The above-mentioned embodiments, which further illustrate the objects, technical solutions and advantages of the present invention, should be understood that the above-mentioned embodiments are only preferred embodiments of the present invention, and should not be construed as limiting the present invention, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.