CN114567473A - Zero-trust mechanism-based Internet of vehicles access control method - Google Patents

Zero-trust mechanism-based Internet of vehicles access control method Download PDF

Info

Publication number
CN114567473A
CN114567473A CN202210166731.8A CN202210166731A CN114567473A CN 114567473 A CN114567473 A CN 114567473A CN 202210166731 A CN202210166731 A CN 202210166731A CN 114567473 A CN114567473 A CN 114567473A
Authority
CN
China
Prior art keywords
vehicle
rsu
trust
role
resource
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210166731.8A
Other languages
Chinese (zh)
Other versions
CN114567473B (en
Inventor
曹利
陈葳葳
张迪
朱李辰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nantong University
Original Assignee
Nantong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nantong University filed Critical Nantong University
Priority to CN202210166731.8A priority Critical patent/CN114567473B/en
Publication of CN114567473A publication Critical patent/CN114567473A/en
Application granted granted Critical
Publication of CN114567473B publication Critical patent/CN114567473B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a zero trust mechanism-based Internet of vehicles access control method, which belongs to the technical field of Internet of vehicles application and solves the problem of safety control of resource access in the Internet of vehicles environment; the technical scheme is as follows: the method comprises the following steps: s1, the trusted authority registers the identity of the vehicle and the RSU, sets an initial trust value for the registered vehicle, and initializes the access control strategy; s2, the registered vehicle and RSU carry out bidirectional identity authentication and negotiate a session key; and S3, the decision server issues a resource access authorization token for the resource request vehicle according to the credibility level of the resource request vehicle, and performs access control. The invention has the beneficial effects that: a dynamic trust value evaluation algorithm is established, a vehicle networking access control model which is continuously evaluated and authorized according to needs is designed based on a zero trust thought, resource owners allocate resource authorities according to the needs of the resource owners, and flexible and fine-grained access control is achieved.

Description

Zero-trust mechanism-based Internet of vehicles access control method
Technical Field
The invention relates to the technical field of Internet of vehicles application, in particular to an Internet of vehicles access control method based on a zero trust mechanism.
Background
The Internet of vehicles is an important branch of the Internet of Things (Internet of Things) in the transportation field, and vehicles are used as basic communication units, and information sharing between vehicles, between vehicle and roadside units (RSUs), between vehicles and people is realized through networking communication between vehicle nodes and roadside infrastructure, so that convenience is provided for traffic management and mass travel. Under the environment of the Internet of vehicles, the complex network formed by the interweaving of the networking nodes not only can realize the interconnection and intercommunication between vehicles, roads and people, but also derives a large amount of rich sharable resources. For example, when the vehicle is traveling in a new environment, necessary information can be obtained in advance by using the service site shared information of the surrounding vehicles; in an emergency, the vehicle can utilize shared road condition early warning information triggered by emergency braking shared by other vehicles; in addition, the vehicles can realize cooperative work by controlling vehicle groups in the task execution process in a resource sharing mode. Furthermore, hardware sharing of redundant computing power, storage resources and the like provided by the vehicle can be realized. The sharing of information resources, control authority and hardware resources among nodes in the Internet of vehicles effectively solves the problem of pain points in the development of the vehicle transportation industry, reduces the frequency of accidents, facilitates the traveling burden of people, and can realize efficient intelligent traffic control. But resource sharing is a double-edged sword, and the network security threat faced by the double-edged sword also becomes more complicated. If the vehicle resources are illegally accessed, information eavesdropped and even tampered by an unauthorized person, privacy of a vehicle owner can be leaked, the vehicle can be unlocked, opened and started remotely in a severe condition, even a steering system, a power system and the like are illegally controlled, the vehicle is stolen, even the vehicle runs, and safety accidents are caused, so that life and property safety of people are threatened. Therefore, how to ensure the safety of the vehicle networking limited equipment and the safety of private data becomes a key problem to be solved urgently.
As one of the basic technologies of security protection, access control can ensure that the usage right of an authorized user to a resource corresponds to the access right owned by the authorized user according to a set policy rule, so as to prevent unauthorized access to other resources. However, in a complex multi-node, high-real-time and high-dynamic car networking environment, the traditional access control model is not completely competent for controlling access rights by factors such as the environmental state, the access from the environment, the communication network and the like in the car networking. Therefore, efficient access control to the car networking devices and resources becomes a great challenge for car networking security research work. The invention mainly researches on preventing unauthorized access control of equipment and data resources in a specific network environment of the Internet of vehicles, and designs an access control model based on the environmental characteristics of the Internet of vehicles to resist illegal access of malicious attackers to the resources.
The Internet of things is one of the technologies of the Internet of things. At present, scholars at home and abroad make a lot of research on the network Access Control technology of the internet of things, and Access Control (AC) methods and solutions based on different targets are also provided. Because general applications of the internet of things are mostly resource sharing among static nodes, the Access Control models used in the prior art, namely an Attribute-Based Access Control model (ABAC) and a Role-Based Access Control model (RBAC), cannot adapt to a sudden, temporary and self-organized resource sharing environment of the internet of vehicles. Aiming at an access control model characterized by flexibility, safety and dynamics in the Internet of vehicles environment, some scholars are researching, such as: the Yeqing and the like design an attribute-based access control model in the article of 'research on safety access control strategy of Internet of vehicles', the model converts multiple access attributes into a disjunctive normal form structure, and the access strategy formulated based on the disjunctive normal form realizes dynamic extensible access control in a specific scene. Zeng philosophy and the like propose a multi-level security access control method based on attributes in the article of 'vehicle-mounted communication system-oriented access control model research', and the security level is used as an attribute factor to control access requests from different subjects. Even Jing and so on in the information security distribution technology research based on access control strategy dynamic adjustment in the Internet of vehicles, propose a strategy optimization scheme based on a dynamic feedback mechanism, and optimize the access control strategy by utilizing the probability distribution of the optimal strategy adjustment attribute. WEI LUO et al, in "efficiency and Secure Access Control Scheme in the Standard Model for vehicle Cloud Computing", designed a Secure and revocable Access Control Model under vehicle Cloud Computing based on multi-entity attribute authentication for requesters, and improved an encryption and decryption Scheme based on attributes, to achieve Secure and lightweight Access Control. Although the above researches implement access control in the car networking environment through the ABAC model, huge access requests of the car networking are not considered, and the operation efficiency of the system is reduced due to the sudden increase of the attribute information. In addition, the biggest defects of the schemes are that the temporary performance of the vehicle self-organization network and the fluctuation of the trust value of the vehicle node caused by the behavior variability of the individual vehicle node are not fully considered, and continuous evaluation and on-demand authorization cannot be carried out on the establishment of the access control authority.
Zero trust is a security mode for continuous authentication and dynamic authorization of all users based on as many trust elements as possible such as access subject identity, network environment, terminal state, etc.
Disclosure of Invention
The invention aims to provide a vehicle networking resource access control method based on a zero trust mechanism, which is characterized in that a vehicle networking access control model capable of carrying out continuous evaluation and authorization as required is provided based on a zero trust thought, a dynamic trust value evaluation algorithm is established by tracking the access behavior of a vehicle, continuous verification and dynamic authorization are carried out on each resource access request of the vehicle according to a dynamically adjusted trust value, a resource owner divides the authority of resources by taking roles as units and distributes the divided authority to corresponding roles, flexible and fine-grained access control is realized, and in order to ensure the continuity and safety of trust value calculation, the history value of the vehicle networking resource access control model is stored by utilizing the non-tampering characteristic of a block chain distributed database.
The invention idea of the invention is as follows: the invention provides an internet of vehicles access control model capable of carrying out continuous evaluation and authorization as required based on a zero trust thought. In the invention, in order to ensure the continuity and the safety of trust value calculation, the history value of the block chain distributed database is stored by utilizing the non-falsifiable characteristic of the block chain distributed database.
The invention is realized by the following measures: a zero trust mechanism-based Internet of vehicles access control method comprises the following steps:
s1, identity registration is carried out on the vehicle and the RSU by a PKI mechanism of the trusted authority, an initial trust value is set for the registered vehicle, and a decision server of the trusted authority initializes an access control strategy;
s2, the registered vehicle and the RSU realize bidirectional identity authentication based on a PKI system, and negotiate a session key;
and S3, the decision server issues a resource access authorization token for the resource request vehicle through the RSU according to the credibility level of the resource request vehicle, and access control is performed.
Further, the step of S1 includes:
s11, RSU identity registration, TC distributing unique ID for RSURSelecting two prime numbers p and q, and calculating n ═ p × q, phi (n) ═ p-1 (q-1); selecting e so as to satisfy gcd (phi (n), e) ═ 1, and determining d so that d ≡ e-1(mod φ (n)); computing public and private keys PR={e,n},SRD, n, in combination with a public key, timestamp, IDRWait for the element to generate a public key certificate CertR
S12, registering vehicle identity, TC generating public and private key pair for vehicle by RSA algorithmv,SvAnd issuing an identity certificate CertvTC setting an initial Trust value TVxForming a trust value record and recording the trust value record into a block chain network;
and S13, initializing the decision server. The decision server generates a trust value interval and a trust level TL ═ TL1,TL2,...,TLnTogether with Role set Role ═ c{Role1,Role2,...,RolenEstablishing a role linked list simultaneously according to the mapping relation, distributing corresponding resource authority for each role, wherein the head node of the role linked list is a role corresponding to different trust levels, and a linked list tail pointer points to a decision node uploaded by a vehicle;
s14 and vehicle VxUploading own shared resources and authority sets thereof to a decision server, VxThe role requirement of accessing certain types of resources is determined according to the type of the resources opened and shared by the vehicle, different resource sets of the same vehicle can require different role authorities, and thus the vehicle can form a plurality of decision nodes and link different decision nodes to the tail parts of different role chains; the meaning of each field of the decision node is as follows:
1) the hash value of the shared resource is used as an index for retrieving the corresponding authority; the Hash value and the resource are in a corresponding relation, so the identity of the resource owner is not stored in the decision node to protect the identity privacy of the resource owner, and the authorized vehicle is retrieved by the Hash field during indexing;
2) allowing a set of permissions of the role for the resource;
3) the time of uploading the resource is used for verifying the timeliness of the resource;
4) the node tail field is a pointer, and the initial value of the field is Null (Null); if the new node is accessed after the node, the field value is Next, which is the address pointing to the Next node.
And S15, the decision server accesses the decision node to the tail part of the corresponding role linked list according to the decision node information uploaded by the vehicle. The chain table structure of trust level, Role and decision node has the following characteristics that the nodes with H1 as index appear in different levels of the chain table because the same vehicle divides different authority sets according to the access control requirement and assigns the authority sets to the roles of different levels, so different decision nodes belonging to the same vehicle can appear in different level chains, and in addition, because the roles are layered in levels, the authority sets (A1, A2) owned by the nodes in the lower level chain table (Role1) are subsets of the authority sets (A1, A2, …, A4) contained in the upper level chain table (Role 2).
Further, the step of S2 includes:
s21, RSU broadcasts its own certificate periodically:
R:{CertR||Sign(SR,CertR)}
waiting for the vehicle to be accessed. The broadcast message is signed by using a private key, and the integrity of the broadcast message is ensured:
s22 and vehicle ViDriving into the coverage area of RSU R, receiving its broadcast message, using certificate CertRDecrypting the signature with the public key of (1), and verifying Sign (S)R,CertR)]d(modn)=CertRWhether or not this is true. If yes, generating a large prime number q and an integer a (a)<q and a is the primitive root of q), yielding one Xv(Xv<q) calculating
Figure BDA0003516491180000041
The networking application is encrypted using the public key of the RSU:
Vi→R:{E(PR,Certv||Yi||a||q||T1)}
wherein T is1The freshness of the message is proved for the time stamp, so that replay attack is prevented;
s23, the RSU uses the private key to decrypt the received network access application message and calculates the time difference | T-T1If the difference is less than or equal to delta t, the legality of the vehicle identity is further authenticated through the certificate; otherwise, defining it as time-out message and refusing to receive. After the identity authentication is passed, the RSU generates an integer XR(XR<q) according to the parameter YiI | a | q, calculate
Figure BDA0003516491180000042
Generating shared session keys
Figure BDA0003516491180000043
RSU generates pseudonym ID for vehicle'iEncryption with the public key of the vehicle: { Success | | ID'1||K||T2And returning a message of successful authentication:
R→Vi:{E(Pv,Success||ID'i||K||T2)}
s24 and vehicle ViDecrypt feedback messages from RSU: d (V)s,Success||ID'i||K||T2). And (3) verifying the timeliness of the message: i T-T2If the result is less than the maximum tolerance of time delay delta t, a consistent shared session key is generated
Figure BDA0003516491180000044
And accepts pseudonym ID'i
Further, the step of S3 is:
s31 and vehicle VjRequest resource access to RSU:
Vj→R:{Request||T3||HMAC(Kj,Request||T3))}
wherein Request ═ ID'j||ID'i||Hi-wherein: pseudonym ID 'of vehicle j'jResource owner pseudonym ID'iHash value H of the requested access resourcei=Hash(Resourcei). Using HMAC algorithm and shared secret key KjComputing a message authentication code HMAC (K) for a requestj,Request||T3),T3The timestamp is the current time to ensure the timeliness of the message;
s32, RSU first verifies whether the message freshness-timestamp satisfies | T-T3|<At. If yes, further searching V in the identity listjOf pseudonym ID'j. If the pseudonym exists, using the locally stored session key kjCalculate HMAC' (K)j,Request||T3) And judging whether the HMAC' is consistent with the received HMAC or not, and checking the integrity of the message. If the message is not tampered, calling TrustValue Research () function and inputting vehicle identification IDvFinding out ID 'of vehicle'jCorresponding latest trust value TVj. RSU uses public key PSEncryption parameter { Request | | TVj||T4Sending a decision request to a decision server S:
R→S:{E(PS,Request||TVj||T4)};
and S33, the decision server receives the decision request, decrypts and verifies timeliness, and then makes a decision. According to the decision result, the server S generates an access control token warrantjEncrypting the token by using the RSU public key, and sending the encrypted token to the RSU:
S→R:{E(PR,warrantj)}。
and S34, after the RSU decrypts and takes out the token, the public key of S is used for verifying the integrity of the token. Using session keys K, respectivelyi,KjGenerating a message authentication code HMAC (K)i/j,warrantj) Distributing the token to the vehicle ViAnd a vehicle Vj
R→Vi:{warrantj||HMAC(Ki,warrantj)}
R→Vj:{warrantj||HMAC(Kj,warrantj)};
S35 and vehicle Vi、VjThe authenticity of the message is verified using the respective session key and the token is checked for timeliness. If all the tests are passed, the vehicle VjAccess to vehicle V using access rights specified in tokeniThe resource of (2).
S36 and vehicle ViTo VjAnd performing trust evaluation: at VjAfter the behavior of resource access is finished, the vehicle ViInvoking a trust evaluation algorithm for VjAnd carrying out a new round of evaluation on the trust value, and calculating a direct trust value. If the vehicle j tries to perform unauthorized or illegal operation, the trust value is reduced; and if the vehicle j has legal access to the resource, increasing the trust value of the vehicle j. The trust evaluation algorithm here functions as:
1) if the vehicle VjAttempting unauthorized or illegal operation, ViCalculating a direct trust value:
DTj=TVj-f*TVi
2) if the vehicle VjLegal access to a resource, ViCalculating a direct trust value:
DTj=TVj+p*TVi
wherein ViTrust value TV ofiThe larger the reward and punishment amplitude is. Vehicle ViMixing DTjAttaching a time stamp T5And a message authentication code HMAC (K)i,DTj||T5) Sending the data to the RSU:
Vi→R:{DTj||T5,HMAC(Ki,DTj||T5)};
s37, RSU utilizes HMAC algorithm to check ViThe reliability of the feedback message. And the RSU receives the direct trust value passing the authentication, calls a trust evaluation algorithm and further calculates a recommended trust value.
Further, the decision server performs the decision process as follows:
s331, the server uses the piecewise function F defined as:
Figure BDA0003516491180000061
calculating trust level according to trust value: f (TV)j)→TLjMapping to the corresponding role according to the trust level to obtain a role value;
s332, the server searches the role linked list, specifically: and positioning to a corresponding role linked list according to the role value, inputting the role linked list and the resource index as actual parameters, and calling a decision algorithm function to obtain a corresponding decision node. The decision algorithm was analyzed as follows:
1) traversing the linked list in the role linked list of the layer, matching the Hash field of each decision node, if a matching item exists, obtaining the node, and obtaining the permission set field of the node; otherwise execute 2)
2) If the corresponding decision node does not exist in the layer, traversing the role linked list of the previous layer until the decision node is found, and acquiring the authority set of the decision node.
3) Generating an access token warrant according to the permission allowed in the nodej. The token field is:
guard resource requester pseudonym ID'j
② resource owner IDi
Time T of token creationq
Decision server awarding vehicle VjAccess authority operation ofj
Signature Sign of token by decision server S using private keySOther vehicles can verify the authenticity of the token by using the public key of S; meanwhile, an attacker cannot forge the access token because of the absence of the private key of S.
Further, the indirect trust value calculation is specifically implemented as follows:
s371, RSU calls block chain Read () search function to retrieve n V in block chainjA historical trust value of;
s372, extracting trust value evaluators in the records, and calculating VjAnd evaluator VkSimilarity of (2):
1) the search is within a time period Δ t and the evaluator fields are each Vk,VjThe trust value of (2) is recorded.
2) For the evaluator is VjScreening out the records of (1) in which the genes belong to [0.5,1 ]]Confidence values within the range, and calculate the average:
Figure BDA0003516491180000071
3) for the evaluator is VkThe average value is calculated by the same method as the above:
Figure BDA0003516491180000072
4) calculating Vk,VjSimilarity between them:
Figure BDA0003516491180000073
Vk,Vjdifference between results of evaluation of legitimate vehicles
Figure BDA0003516491180000074
Indicating the degree of similarity between the two, the smaller the difference, the higher the degree of similarity.
S373, calculating a recommended trust value
Figure BDA0003516491180000081
qkRepresenting the impact of time on the recommended confidence value, with older ratings being less in the proportion of the recommended confidence value; in addition, the similarity S between the two vehicleskHistorical trust value TVkjAnd is also a key index for measuring the reliability of the recommended trust value.
S374, calculating comprehensive trust value
TVj=W*DTj+(1-W)*Rj
Finally, according to a certain weight W, the direct trust value DT is obtainedjAnd a recommended trust value RjCombined to calculate the vehicle VjIntegrated trust value TV ofjThe RSU generates trust value record data: { VjID,ViID,TVj,TiAnd f, identifying and recording the block chains.
Compared with the prior art, the invention has the beneficial effects that:
(1) the invention discloses a zero trust mechanism-based Internet of vehicles access control method, which innovatively designs a trust value evaluation algorithm, wherein the evaluation of a trust value is divided into two parts of calculation of a direct trust value and calculation of a recommended trust value: the calculation of the direct trust value is based on the direct behavior of the vehicle to access the resource, and whether the access behavior is legal or not determines the fluctuation adjustment of the direct trust value of the vehicle; the calculation of the recommended trust value is determined according to the trust degree of other vehicles to the vehicle, the reliability of recommendation is measured by factors such as similarity between the two vehicles, and finally, the current trust of the vehicle is comprehensively evaluated through the direct trust value and the recommended trust value, and the accuracy and reasonability of the evaluation of the vehicle trust degree are ensured by combining an algorithm with a reward-penalty mechanism and the indirect trust degree of the vehicle.
(2) The invention relates to a zero trust mechanism-based access control method for Internet of vehicles, which creatively designs decision nodes, wherein a node data structure comprises the following steps: the Hash value of the resource, the permission set, the timestamp and the next node pointer correspond to the resource one by one, so that the decision node does not need to be bound with the identity of a resource owner to protect the identity privacy of the resource owner.
(3) The invention discloses a zero trust mechanism-based Internet of vehicles access control method, which creatively designs a role linked list for resource authority distribution, wherein the head node of the role linked list is a role corresponding to different trust levels, the tail pointer of the linked list points to a decision node uploaded by a vehicle, a decision server accesses the decision node to the tail of the corresponding role linked list according to decision node information uploaded by the vehicle, and the dynamic trust value of a requesting vehicle is utilized to match the corresponding role and resource access authority in the decision process, so that fine-grained access control is realized.
(4) The invention discloses a zero trust mechanism-based internet of vehicles access control method, which creatively designs a trust value record data structure, wherein the structure consists of an evaluated vehicle identity, an evaluator identity, a trust value and a timestamp, exists in a block chain network, and is convenient for retrieving the trust value of the latest vehicle, so that the reliability of the vehicle is judged, and the access control of resources is carried out according to the trust level of the vehicle.
(5) According to the zero trust mechanism-based Internet of vehicles access control method, the zero trust mechanism and the Internet of vehicles access control are innovatively combined, the trust level of a vehicle is continuously evaluated and authorized as required based on the zero trust thought, the communication scene that the Internet of vehicles is frequently connected and switched and the topology is highly dynamic is met, the uncertainty of resource access is reduced, and unauthorized transverse attack in the network is effectively prevented.
(6) The invention relates to a zero trust mechanism-based vehicle networking access control method, which creatively combines a block chain technology with a vehicle networking access control technology, and utilizes characteristics of decentralization, non-tampering, non-repudiation and the like of a block chain to store dynamically adjusted trust values.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
FIG. 1 is a flow chart of a vehicle networking access control scheme based on a zero trust mechanism according to an embodiment of the present invention;
FIG. 2 is a diagram of a vehicle networking architecture according to an embodiment of the present invention;
FIG. 3 is a diagram of the logical architecture of an embodiment of the present invention;
FIG. 4 is a schematic diagram of a system initialization process according to an embodiment of the present invention;
FIG. 5 is a diagram of a trust value record data structure according to an embodiment of the present invention;
FIG. 6 is a chain table structure diagram of trust values, roles and decision nodes in an embodiment of the present invention;
FIG. 7 is a diagram of a role node structure according to an embodiment of the present invention;
FIG. 8 is a diagram of a two-way authentication and session key generation process according to an embodiment of the present invention;
FIG. 9 is a flowchart of resource access control according to an embodiment of the present invention;
FIG. 10 is a diagram of a trust value query algorithm according to an embodiment of the present invention;
FIG. 11 is a diagram of a decision algorithm according to an embodiment of the present invention;
FIG. 12 is a diagram of a token format according to an embodiment of the present invention;
FIG. 13 is a graph of penalty factor calculations for an embodiment of the present invention;
FIG. 14 is a graph of determined reward factor calculation for an embodiment of the present invention;
FIG. 15 is a graph of a change in a value of an integrated confidence value for an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. Of course, the specific embodiments described herein are merely illustrative of the invention and are not intended to be limiting.
Example 1
Referring to fig. 1 to 3, the present invention provides a technical solution that, in this embodiment, a method for controlling access to a vehicle networking based on a zero trust mechanism is provided, as shown in fig. 1, the method includes the following steps:
s1, identity registration is carried out on the vehicle and the RSU by a PKI mechanism of the trusted authority, an initial trust value is set for the registered vehicle, and a decision server of the trusted authority initializes an access control strategy;
s2, the registered vehicle and the RSU realize bidirectional identity authentication based on a PKI system, and negotiate a session key;
and S3, the decision server issues a resource access authorization token for the resource request vehicle through the RSU according to the credibility level of the resource request vehicle, and access control is performed.
As shown in fig. 2, the car networking architecture in the car networking access control method based on the zero trust mechanism includes:
1) trusted certificate authority (TC): the credible authentication center is an unconditional trust mechanism in the network and is connected with the roadside units RSU through a safe and fixed wired network, so that the related initialization work, authentication and supervision of the vehicles and the RSU are realized.
2) Roadside unit (Road Side unit, RSU): roadside units are base stations deployed on both sides of a road. The vehicle internet of things system provides services such as message forwarding and broadcasting for vehicles, is interconnected with a background trusted center, and cooperatively processes data generated by the vehicle internet of things.
3) On-board Unit (On the Broad Unit, OBU): and the vehicle-mounted unit arranged in the vehicle carries out networking communication with the RSU and other OBUs by using a DSRC vehicle-mounted short-distance wireless communication protocol. Both the generator of the message and the forwarder and recipient of the message.
As shown in fig. 3, the car networking access control model of the car networking access control method based on the zero trust mechanism is logically divided into three levels, the top trust center includes a PKI system and a decision server to implement functions such as identity registration and access decision, the middle RSU node forms a block chain network to store trust value records of vehicles, and the bottom layer is a self-organized vehicle node:
1) the credible center: in the invention, the credible center comprises two parts of a PKI mechanism and a decision server. The PKI mechanism provides PKI service for the vehicle and the RSU, and assists the RSU to realize reliable access of a network boundary; the decision server is responsible for making access control decisions: and maintaining the mapping relation between the trust level and the role, and distributing the authority to the corresponding role according to the requirement of the resource owner.
2) The RSU node: because of the strong computing power and storage capacity, in the present invention, the RSUs constitute a blockchain network as decision execution points. Meanwhile, the RSU is responsible for vehicle access control and dynamic evaluation of credibility level, and issues an access token for a credible vehicle.
3) A vehicle node: the vehicle serves as a border access point of the internet of vehicles and is also an owner and requester of the internet of vehicles resource. In the invention, when the vehicle requests to access the resource, access control is realized through a zero-trust mode of RSU one-time access token.
A PKI mechanism of a trusted authority TC adopts an RSA algorithm to generate a public key and an identity certificate for an RSU and an OBU; the decision server initializes the access control policy: and establishing a mapping relation between the trust level and the role, receiving the resource uploaded by the vehicle and the authority set thereof, and allocating the authority set to the corresponding role.
As shown in fig. 4, the S1 step includes:
and S11, registering the RSU identity. TC assigns unique ID to RSURSelecting two prime numbers p and q, and calculating n ═ p × q, phi (n) ═ p-1 (q-1); selecting e so as to satisfy gcd (phi (n), e) ═ 1, and determiningd is such that d ≡ e-1(mod φ (n)); computing public and private keys PR={e,n},SRD, n. Incorporating public keys, timestamps, IDsRWait for the element to generate a public key certificate CertR
And S12, registering the vehicle identity. TC generates a public and private key pair { P } for a vehicle using an RSA algorithmv,Sv}, and issues an identity certificate Certv. TC sets an initial trust value TVxForming a trust value record logging blockchain network as shown in FIG. 5;
and S13, initializing the decision server. The decision server generates a trust value interval, and the trust level TL ═ TL1,TL2,...,TLnThe method and the Role set Role ═ Role } [ { Role } ═ Role1,Role2,...,RolenAnd (4) establishing a role linked list at the same time, and distributing corresponding resource authority for each role. The head node of the role linked list is the role corresponding to different trust levels, and the tail pointer of the linked list points to the decision node uploaded by the vehicle. The structure of the chain table of the trust value, the role and the decision node is shown in FIG. 6;
S14、Vxdetermining role requirements for accessing certain types of resources according to the types of the resources opened and shared by the user, forming a plurality of decision nodes shown in fig. 7, and linking different decision nodes to the tail parts of different role chains; the meaning of each field of the decision node is as follows:
1)Hxthe hash value representing the shared resource of the class is used as an index for retrieving the corresponding authority; since the Hash value and the resource are in a corresponding relationship, the identity of the resource owner is not stored in the decision node, so that the identity privacy of the resource owner is protected. Retrieving the authorized vehicles with the Hash field at the time of indexing;
2){A1,A2,...,Axrepresents the set of permissions that allow the role to the resource;
3)Txrepresenting the time of uploading the resource, and verifying the timeliness of the resource;
4) the end of node field is a pointer. The initial value of this field is Null (Null); if the new node is accessed after the node, the field value is Next, which is the address pointing to the Next node.
And S15, the decision server accesses the decision node to the tail part of the corresponding role linked list according to the decision node information uploaded by the vehicle. The structure of the trust level, role and decision node is shown in figure 6. The nodes indexed by H1 in fig. 6 appear at different levels of the linked list because the same vehicle divides different sets of permissions according to access control requirements and assigns the sets of permissions to different levels of roles, and therefore different decision nodes belonging to the same vehicle may appear on different levels of the linked list. Furthermore, since roles are hierarchically layered, the set of permissions (a1, a2) that a node owns at the lower-level linked list (Role1) is a subset of the set of permissions (a1, a2, …, a4) that it contains at the higher-level linked list (Role 2).
And the registered vehicles and the RSU realize bidirectional identity authentication based on a PKI system and negotiate a session key.
As shown in fig. 8, the specific content of step S2 includes the following steps:
s21, RSU broadcasts its own certificate periodically:
R:{CertR||Sign(SR,CertR)}
waiting for the vehicle to be accessed. The broadcast message is signed by using a private key, and the integrity of the broadcast message is ensured:
s22 and vehicle ViDriving into the coverage area of RSU R, receiving its broadcast message, using certificate CertRDecrypting the signature with the public key of (1), and verifying Sign (S)R,CertR)]d(modn)=CertRWhether or not this is true. If yes, generating a large prime number q and an integer a (a)<q and a is the primitive root of q), yielding one Xv(Xv<q) calculating
Figure BDA0003516491180000121
The networking application is encrypted using the public key of the RSU:
Vi→R:{E(PR,Certv||Yi||a||q||T1)}
wherein T is1The freshness of the message is proved for the time stamp, so that replay attack is prevented;
s23, RSU uses private key to decipher the received network access application message, and calculatesTime difference | T-T1If the difference is less than or equal to delta t, the legality of the vehicle identity is further authenticated through the certificate; otherwise, defining it as time-out message and refusing to receive. After the identity authentication is passed, the RSU generates an integer XR(XR<q) according to the parameter YiI | a | q, calculate
Figure BDA0003516491180000122
Generating shared session keys
Figure BDA0003516491180000123
RSU generates pseudonym ID for vehicle'iEncryption with the public key of the vehicle: { Success | | ID'1||K||T2And returning a message of successful authentication:
R→Vi:{E(Pv,Success||ID'i||K||T2)}
s24 and vehicle ViDecrypt feedback messages from RSU: d (V)s,Success||ID'i||K||T2). And (3) verifying the timeliness of the message: i T-T2If the result is less than the maximum tolerance of time delay delta t, a consistent shared session key is generated
Figure BDA0003516491180000124
And accepts pseudonym ID'i
Provided with a vehicle VjDrive-in RSU coverage and complete authentication, which wishes to access vehicle ViResource ofiFirst, the vehicle VjAn access request needs to be made to the RSU to obtain access to the vehicle ViResource ofiAn access authorization token; the RSU retrieves V from the blockchainjThe trust value stored at last (the trust value is in dynamic adjustment) and the trust value and the request information are sent to the decision server; the decision server obtains the role corresponding to the trust value and selects matched decision nodes from the role linked list; finally, the set of permissions in the node is VjThe decision server generates an access token according to the permitted access authority and sends the token to the RSU. RSU distributes tokens to vehicles ViAnd a vehicle Vj。VjThe requested resource is accessed using the rights granted in the token.
As shown in fig. 9, the specific content of step S3 includes the following steps:
s31 and vehicle VjRequesting resource access from the RSU:
Vj→R:{Request||T3||HMAC(Kj,Request||T3))}
wherein Request ═ ID'j||ID'i||Hi-wherein are included: pseudonym ID of vehicle j'jResource owner pseudonym ID'iHash value of H for the requested access resourcei=Hash(Resourcei). Using HMAC algorithm and shared secret key KjComputing a message authentication code HMAC (K) for a requestj,Request||T3),T3The timestamp of the current moment is used for ensuring the timeliness of the message;
s32, RSU first verifies whether the message freshness-timestamp satisfies | T-T3|<At. If yes, further searching V in the identity listjOf pseudonym ID'j. If the pseudonym exists, using the locally stored session key kjCalculate HMAC' (K)j,Request||T3) And judging whether the HMAC' is consistent with the received HMAC or not, and checking the integrity of the message. If the message is not tampered, calling TrustValue Research () function (figure 10) and inputting vehicle IDvFinding out ID 'of vehicle'jCorresponding latest trust value TVj. RSU uses public key PSEncryption parameter { Request | | TVj||T4Sending a decision request to a decision server S:
R→S:{E(PS,Request||TVj||T4)};
s33, the decision server receives the decision request, decrypts and verifies timeliness, and then makes a decision:
s331, the server divides roles of the vehicle and the cooperative vehicle into 10 levels by using a piecewise function F defined as follows, and realizes the mapping relation between each level trust value interval and the role:
Figure BDA0003516491180000131
Figure BDA0003516491180000141
since 0.5 is the initial trust value, 0.5 is taken as the individual trust level to assign the base privilege. In order to prevent vehicles with high reputation level from illegally accessing resources, the invention divides the high trust value interval into more levels, and further refines the roles and the authorities corresponding to different levels. Setting the trust level of the evaluated vehicle as an initial value of 0.5, and calculating the trust level according to the trust value: f (0.5) → TL5Obtaining Role value Role4
S332, the server searches the role linked list, positions the role linked list to the corresponding role linked list according to the role value, inputs the role linked list and the resource index as actual parameters, calls a decision algorithm function (figure 11) and obtains the corresponding decision node. The decision algorithm was analyzed as follows:
1) traversing the linked list in the role linked list of the layer, matching the Hash field of each decision node, if a matching item exists, obtaining the node, and obtaining the permission set field of the node; otherwise execute 2)
2) If the corresponding decision node does not exist in the layer, traversing the role linked list of the previous layer until the decision node is found, and acquiring the authority set of the decision node.
3) Generating an access token warrant according to the rights allowed in the node, as in figure 11j. The token field is:
('resource requestor pseudonym ID'j
② resource owner IDi
Time T of token creationq
Decision server awarding vehicle VjAccess authority operation ofj
Using private key to Sign token by decision server SSOther vehicles can use the public key of S to verify the authenticity of the token(ii) a Meanwhile, an attacker cannot forge the access token because of the absence of the private key of S.
The server S will token warantjAnd (3) encrypting by using the RSU public key, and sending to the RSU:
S→R:{E(PR,warrantj)};
and S34, after the RSU decrypts and takes out the token, the public key of S is used for verifying the integrity of the token. Using session keys K, respectivelyi,KjGenerating a message authentication code HMAC (K)i/j,warrantj) Distributing the token to the vehicle ViAnd vehicle Vj
R→Vi:{warrantj||HMAC(Ki,warrantj)}
R→Vj:{warrantj||HMAC(Kj,warrantj)};
S35 and vehicle Vi、VjThe authenticity of the message is verified using the respective session key and the token is checked for timeliness. If all the tests are passed, the vehicle VjAccess to vehicle V using access rights specified in tokeniThe resource of (2).
S36 and vehicle ViTo VjAnd (3) performing trust evaluation: at VjAfter the resource access action is completed, the vehicle ViInvoking a trust evaluation algorithm for VjAnd carrying out a new round of evaluation on the trust value, and calculating a direct trust value. If the vehicle j tries to perform unauthorized or illegal operation, the trust value is reduced; and if the vehicle j has legal access to the resource, increasing the trust value of the vehicle j. The trust value of the vehicle to be evaluated is set to be 0.75, 5 times of direct trust value evaluation of the vehicle is carried out, the result is shown in fig. 12 and 13, when the penalty factor f is determined to be 0.05 and the reward factor p is determined to be 0.02, the trust value is decreased and the growth trend is reasonable, and the method is substituted into the formula:
1) if the vehicle VjAttempting unauthorized or illegal operation, ViCalculating a direct trust value:
DTj=TVj-f*TVi=0.475
2) if the vehicle VjLegal access to a resource, ViDirect calculationTrust value:
DTj=TVj+p*TVi=0.51
vehicle ViMixing DTjAttaching a time stamp T5And a message authentication code HMAC (K)i,DTj||T5) And sending to the RSU:
Vi→R:{DTj||T5,HMAC(Ki,DTj||T5)};
s37, RSU utilizes HMAC algorithm to check ViThe reliability of the feedback message. The RSU receives the direct trust value passing the authentication, calls a trust evaluation algorithm, and further calculates a recommended trust value:
s371, RSU calls block chain Read () search function to retrieve 6V in block chainjA historical trust value of;
s372, extracting trust value evaluators in the records, and calculating VjAnd evaluator VkSimilarity of (2):
1) the search is within a time period Δ t and the evaluator fields are each Vk,VjThe trust value of (2) is recorded.
2) For the evaluator is VjScreening out the records of (1) in which the genes belong to [0.5,1 ]]Confidence values within the range, and calculate the average:
Figure BDA0003516491180000161
3) for the evaluator is VkThe average value is calculated by the same method as that of (1):
Figure BDA0003516491180000162
4) calculating Vk,VjSimilarity between them:
Figure BDA0003516491180000163
the similarity results are shown in the table:
Figure BDA0003516491180000164
s373, calculating a recommended trust value
Figure BDA0003516491180000165
Calculating indirect trust values of the punishment condition and the reward condition as follows respectively: 0.3721,0.5057.
S374, finally, taking 0.5 as a trust value change starting point, and using a formula
TVj=W*DTj+(1-W)*Rj
And calculating the comprehensive trust value to obtain the trust value change result of the figure 14. Fig. 14 depicts the change in the integrated trust value for 6 times the vehicle performs normal access control and illegal access. As can be seen from fig. 14, the trust value changes to a trend of slow increase and fast decrease, and meets the trust value evaluation requirement. RSU generates trust value record data: { VjID,ViID,TVj,TiAnd f, identifying and recording the block chains.
In order to verify the feasibility of the present embodiment, the correctness and feasibility of the method of the present invention were analyzed.
1. Trust value reliability
The invention adopts the block chain technology to store the historical trust value record of the vehicle, and the block chain is combined with the cryptographic principles of Hash function, asymmetric key and the like, thereby having the characteristics of non-falsification and permanent storage and ensuring the sustainable evaluation of the vehicle trust value. The trust value and elements such as vehicle pseudonyms, timestamps and the like form a mapping relation as a record in a block structure, and endorsement signature is carried out by a distributed block chain network node RSU, so that the block chain network node RSU cannot be denied or forged. The RSU nodes synchronize the whole network trust value records through a PBFT consensus algorithm, the PBFT algorithm can resist 1/3 node faults, and the fault tolerance capability is proved as follows:
there are 4 RSU nodes in the blockchain network, where node 1 is a malicious node. When a new trust value record is issued to the block chain network, the main node firstly sends a record v to the other nodes; the remaining nodes forward the records to the other two nodes. The malicious node 1 is arranged to send the tampered record x to the nodes 2 and 3. The message received by the node 2 is: (v, v, x), wherein the result after decision is v; the message received by the node 3 is (v, v, x), and the decision result is v. Therefore, even if the attack node 1 wants to tamper with the records, the honest nodes 2 and 3 achieve consensus, and consistency and reliability of trust value records are guaranteed.
2. Identity privacy
The invention protects the identity privacy of the vehicle by using a pseudonymous mechanism. If a single identity mark is used in the vehicle communication process, an attacker can track the identity mark and the privacy of the identity mark and the track mark is threatened. In the method, after the vehicle and the RSU finish the bidirectional identity authentication, the RSU distributes a pseudonym for the vehicle and stores the pseudonym in an identity list, the vehicle communicates through the pseudonym, and the identity privacy of the vehicle is protected by the periodic replacement of the pseudonym.
Due to the collision resistance and the compression function of the Hash function, the Hash values of the resources are in one-to-one correspondence with the resources as indexes, the identity of a resource owner does not need to be bound, and an attacker cannot restore the resource information:
1) pre-image attack and second pre-image attack: an attacker tries to find that x satisfies Hash (x) h for a given Hash value h. The attacker uses an exhaustive attack, randomly chooses x, and tries to compute its Hash value until a collision occurs. For a Hash value of n bits, the exhaustive scale is 2nAn order of magnitude. The attacker needs to try 2 on averagen-1Can x be found to be satisfied.
2) Birthday attack: the attacker exploits the birthday paradox (if a random integer variable is chosen in the evenly distributed range 0 to N-1,
Figure BDA0003516491180000171
the probability of repetition after the sub-selection is over 50%), the collision resistance for the Hash function is challenged to find two messages M ═ M', their Hash codes: h (M) ═ H (M'). For a Hash value of m bits, expected at 2m/2This attempt is followed by finding the same data block. But if the Hash code is160 bits, 4000 years are required to find a collision even with a special collision finder.
Therefore, the decision server only needs to store the Hash value and the authority set of the resource, and can retrieve the required resource through the Hash value to perform access control decision. The invention not only hides the identity and the whereabouts of the resource accessor, but also protects the identity privacy of the resource owner.
3. Message security
The invention firstly uses a PKI mechanism to issue identity certificates for the vehicle and the RSU through a third-party trusted authority TC, realizes the bidirectional identity authentication and the session key negotiation of the vehicle and the RSU, and constructs a first defense line for the access control of the Internet of vehicles. Secondly, under the condition of ensuring the identity of the two parties to be legal, the negotiated session key is used for calculating the message authentication code HMAC, and the HMAC has the characteristics of irreversibly, small operation overhead, high cracking difficulty and the like, so that the integrity of the message is verified, and the calculation burden of encryption and decryption by using the asymmetric key is reduced.
The secure transmission of messages relies on the security of the session key, which is analyzed as follows:
1) vehicle random generation of Xv(Xv<q), RSU randomly generates XR(XR<q)。
2) Vehicle computing
Figure BDA0003516491180000181
RSU calculation
Figure BDA0003516491180000182
3) RSU receiving YVCalculating
Figure BDA0003516491180000183
Vehicle receiving YRCalculating
Figure BDA0003516491180000184
The calculation results of the two methods are the same:
Figure BDA0003516491180000185
from the above analysis, the algorithm effectiveness is based on the difficulty of calculating discrete logarithms: taking a prime number p, the integer a being the primitive root of p, whose power can yield all integers between 1 and p-1, a mod p, a2 mod p,…,ap-1mod p are different. For any integer b and prime p primitive root a, only a unique index i can be found out
b≡aimodp, where 0. ltoreq. i.ltoreq (p-1)
Therefore, the prime number is easy to operate by power, and the discrete logarithm is very difficult to calculate; for large prime numbers, discrete logarithm is considered infeasible, and the session key can ensure confidentiality and integrity of the session between two communication parties.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (6)

1. A zero trust mechanism-based Internet of vehicles access control method is characterized by comprising the following steps:
s1, adopting RSA algorithm to generate public and private keys and identity certificates for RSU and vehicle by PKI mechanism of trusted authority TC; the decision server initializes the access control policy: establishing a mapping relation between a trust level and a role, receiving resources uploaded by a vehicle and a permission set thereof, and allocating the permission set to the corresponding role;
s2, the registered vehicle and the RSU realize bidirectional identity authentication based on a PKI system, and negotiate a session key, in the process, after the vehicle enters a certain RSU coverage range, firstly, bidirectional identity authentication is carried out, then, the two parties negotiate to generate the session key, and in order to protect the identity privacy of the vehicle, the RSU generates a pseudonym for the vehicle and stores the pseudonym in a local identity list;
s3, setting a vehicle VjDrive into RSU coverage and complete authentication, which wishes to access vehicle ViResource ofiHead ofFirstly, vehicle VjAn access request needs to be made to the RSU to obtain access to the vehicle ViResource of (2)iAn access authorization token; the RSU retrieves V from the blockchainjThe trust value is stored finally, and the trust value and the request information are sent to a decision server; the decision server obtains the role corresponding to the trust value and selects matched decision nodes from the role linked list; finally, the set of permissions in the node is VjThe decision server generates an access token according to the permission and sends the token to the RSU which distributes the token to the vehicle ViAnd a vehicle Vj,VjThe requested resource is accessed using the rights granted in the token.
2. The Internet of vehicles access control method based on zero trust mechanism of claim 1, wherein the step of S1 includes:
s11, RSU identity registration, TC distributing unique ID for RSURSelecting two prime numbers p and q, and calculating n ═ p × q, phi (n) ═ p-1 (q-1); selecting e so as to satisfy gcd (phi (n), e) ═ 1, and determining d so that d ≡ e-1(mod φ (n)); computing public and private keys PR={e,n},SRD, n, in combination with a public key, timestamp, IDRWait for the element to generate a public key certificate CertR
S12, registering vehicle identity, TC generating public and private key pair for vehicle by RSA algorithmv,SvAnd issuing an identity certificate CertvTC setting an initial Trust value TVxForming a trust value record and recording the trust value record into a block chain network;
s13, initializing the decision server, and generating a trust value interval and a trust level TL { TL ═ TL } by the decision server1,TL2,...,TLnAnd Role set Role ═ Role } ═ Role1,Role2,...,RolenEstablishing a role linked list simultaneously according to the mapping relation, distributing corresponding resource authority for each role, wherein the head node of the role linked list is a role corresponding to different trust levels, and a linked list tail pointer points to a decision node uploaded by a vehicle;
s14 and vehicle VxUpload itself togetherThe shared resources and their permissions are aggregated to a decision server, VxDetermining role requirements for accessing certain types of resources according to the types of the resources opened and shared by the vehicles, wherein different resource sets of the same vehicle require different role authorities, the vehicles form a plurality of decision nodes, and different decision nodes are linked to the tail parts of different role chains; the meaning of each field of the decision node is as follows:
1) the Hash value of the shared resource is used as an index for retrieving corresponding authority, and because the Hash value and the resource are in a corresponding relation, the identity of the resource owner is not stored in the decision node so as to protect the identity privacy of the resource owner, and an authorized vehicle is retrieved by a Hash field during indexing;
2) allowing a set of permissions of the role for the resource;
3) the time of uploading the resource is used for verifying the timeliness of the resource;
4) the node tail field is a pointer, and the initial value of the field is Null (Null); if the new node is accessed after the node, the field value is Next, which is the address pointing to the Next node;
s15, the decision server accesses the decision node to the tail of the corresponding Role linked list according to the decision node information uploaded by the vehicle, the link list structure of the trust level, the Role and the decision node has the following characteristics, the node with H1 as the index appears in different levels of the linked list, because the same vehicle divides different authority sets according to the access control requirement, and the authority sets are distributed to the roles with different levels, different decision nodes belonging to the same vehicle can appear on the links with different levels, in addition, because the Role is layered with levels, the authority sets (A1, A2) owned by the node in the low-level linked list (Role1) are subsets of the authority sets (A1, A2, …, A4) contained in the high-level linked list (Role 2).
3. The Internet of vehicles access control method based on zero trust mechanism of claim 2, wherein the step of S2 comprises:
s21, RSU broadcasts its own certificate periodically:
R:{CertR||Sign(SR,CertR)}
waiting for the access of the vehicle, and signing the broadcast message by using a private key to ensure the integrity of the broadcast message;
s22 and vehicle ViDriving into the coverage area of RSU R, receiving its broadcast message, using certificate CertRDecrypting the signature with the public key of (1), and verifying Sign (S)R,CertR)]d(modn)=CertRIf yes, generating a large prime number q and an integer a (a)<q and a is the primitive root of q), yielding one Xv(Xv<q) calculating
Figure FDA0003516491170000021
The networking application is encrypted using the public key of the RSU:
Vi→R:{E(PR,Certv||Yi||a||q||T1)}
wherein T is1The freshness of the message is proved for the time stamp, so that replay attack is prevented;
s23, RSU uses private key to decipher received network access application message, and calculates time difference | T-T1If the difference is less than or equal to delta t, the legality of the vehicle identity is further authenticated through the certificate; otherwise, defining it as overtime message, refusing to receive, after passing identity authentication, RSU producing integer XR(XR<q) according to the parameter YiI | a | q, calculate
Figure FDA0003516491170000022
Generating shared session keys
Figure FDA0003516491170000031
RSU generates pseudonym ID for vehicle'iEncryption with the public key of the vehicle: { Success | | ID'1||K||T2And returning a message of successful authentication:
R→Vi:{E(Pv,Success||ID'i||K||T2)}
s24 and vehicle ViDecrypt feedback messages from RSU: d (V)s,Success||ID'i||K||T2) And verifying the timeliness of the message: i T-T2If the result is less than the maximum tolerance of time delay delta t, a consistent shared session key is generated
Figure FDA0003516491170000032
And accepts pseudonym ID'i
4. The Internet of vehicles access control method based on zero trust mechanism of claim 3, wherein the step of S3 comprises:
s31 and vehicle VjRequesting resource access from the RSU:
Vj→R:{Request||T3||HMAC(Kj,Request||T3))}
wherein Request ═ ID'j||ID'i||Hi-comprising: pseudonym ID of vehicle j'jResource owner pseudonym ID'iHash value H of the requested access resourcei=Hash(Resourcei) Using HMAC algorithm and shared secret key KjComputing a message authentication code HMAC (K) for a requestj,Request||T3),T3The timestamp is the current time to ensure the timeliness of the message;
s32, RSU first verifies whether the message freshness-timestamp satisfies | T-T3|<Δ t, if satisfied, further retrieve V in the identity listjOf pseudonym ID'jIf the pseudonym exists, then use the locally stored session key kjCalculate HMAC' (K)j,Request||T3) Judging whether the HMAC' is consistent with the received HMAC, checking the integrity of the message, calling a TrustValue Research () function if the message is not tampered, and inputting the ID of the vehicle identityvFinding out the vehicle according to ID'jCorresponding latest trust value TVjRSU using public key PSEncryption parameter { Request | | TVj||T4Sending a decision request to a decision server S:
R→S:{E(PS,Request||TVj||T4)};
s33, the decision server receives the decision request, decrypts and verifies the timeliness, then makes a decision, and according to the decision result,
server S generates access control token warntjAnd encrypting the token by using the RSU public key, and sending the token to the RSU:
S→R:{E(PR,warrantj)}
s34, RSU deciphers and takes out token, uses S public key to verify token integrity, and uses session key K respectivelyi,KjGenerating a message authentication code HMAC (K)i/j,warrantj) Distributing the token to the vehicle ViAnd a vehicle Vj
R→Vi:{warrantj||HMAC(Ki,warrantj)}
R→Vj:{warrantj||HMAC(Kj,warrantj)};
S35 and vehicle Vi、VjUsing respective session key to verify message reliability, and checking token timeliness, if all the checks pass, vehicle VjAccess to vehicle V using access rights specified in tokeniThe resource of (2);
s36 and vehicle ViTo VjAnd performing trust evaluation: at VjAfter the behavior of resource access is finished, the vehicle ViInvoking a trust evaluation algorithm for VjCarrying out a new round of evaluation on the trust value, calculating a direct trust value, and reducing the trust value if the vehicle j tries to carry out unauthorized or illegal operation; if the vehicle j has legal access to the resource, the trust value is increased, and the trust evaluation algorithm plays a role in the following steps:
1) if the vehicle VjAttempting unauthorized or illegal operation, ViCalculating a direct trust value:
DTj=TVj-f*TVi
2) if the vehicle VjLegal access to a resource, ViCalculating a direct trust value:
DTj=TVj+p*TVi
wherein ViTrust value TV ofiThe larger the reward and punishment is, the larger the increase and decrease amplitude is, and the vehicle ViMixing DTjAttaching a time stamp T5And a message authentication code HMAC (K)i,DTj||T5) And sending to the RSU:
Vi→R:{DTj||T5,HMAC(Ki,DTj||T5)};
s37, RSU utilizes HMAC algorithm to check ViAnd (4) feeding back the reliability of the message, receiving the direct trust value passing the authentication by the RSU, calling a trust evaluation algorithm, and further calculating a recommended trust value.
5. The zero-trust mechanism-based Internet of vehicles access control method of claim 4, wherein the decision server performs the following decision process:
s331, the server uses the piecewise function F defined as:
Figure FDA0003516491170000051
calculating trust level according to trust value: f (TV)j)→TLjMapping to the corresponding role according to the trust level to obtain a role value;
s332, the server searches the role linked list, specifically: positioning to a corresponding role linked list according to the role value, taking the role linked list and resource index input as actual parameters, calling a decision algorithm function to obtain a corresponding decision node, and analyzing the decision algorithm as follows:
1) traversing the linked list in the role linked list of the layer, matching the Hash field of each decision node, if a matching item exists, obtaining the node, and obtaining the permission set field of the node; otherwise execute 2)
2) If the corresponding decision node does not exist in the layer, traversing the role linked list of the previous layer until the decision node is found, and acquiring the authority set of the decision node;
3) generating an access token warnat according to the permissions allowed in the nodejThe token field is:
('resource requestor pseudonym ID'j
② resource owner IDi
Time T for token creationq
Decision server awarding vehicle VjAccess authority operation ofj
Using private key to Sign token by decision server SSOther vehicles can verify the authenticity of the token by using the public key of S; meanwhile, an attacker cannot forge the access token because of the absence of the private key of S.
6. The zero-trust mechanism-based Internet of vehicles access control method of claim 4, wherein the indirect trust value calculation is specifically realized as follows:
s371, RSU calls block chain Read () query function to retrieve n pieces of V in block chainjA historical trust value of;
s372, extracting trust value evaluators in the records, and calculating VjAnd evaluator VkThe similarity of (2):
1) the search is within a time period Δ t and the evaluator fields are each Vk,VjA trust value record of;
2) for the evaluator is VjScreening out the records of (1) in which the genes belong to [0.5,1 ]]Confidence values within the range, and calculate the average:
Figure FDA0003516491170000061
3) for the evaluator is VkThe average value is calculated by the same method as the above:
Figure FDA0003516491170000062
4) calculating Vk,VjSimilarity between them:
Figure FDA0003516491170000063
Vk,Vjdifference between results of evaluation on legitimate vehicles
Figure FDA0003516491170000064
Representing the similarity degree between the two, the smaller the difference value is, the higher the similarity degree is;
s373, calculating a recommended trust value
Figure FDA0003516491170000065
qkRepresenting the impact of time on the recommended confidence value, with older ratings being less in the proportion of the recommended confidence value; in addition, the similarity S between the two vehicleskHistorical trust value TVkjThe reliability of the recommended trust value is also a key index for measuring the reliability of the recommended trust value;
s374, calculating comprehensive trust value
TVj=W*DTj+(1-W)*Rj
Finally, according to a certain weight W, the direct trust value DT is obtainedjAnd a recommended trust value RjCombined to calculate the vehicle VjIntegrated trust value TV ofjRSU generates trust value record data: { VjID,ViID,TVj,TiAnd f, identifying and recording the block chains.
CN202210166731.8A 2022-02-23 2022-02-23 Internet of vehicles access control method based on zero trust mechanism Active CN114567473B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210166731.8A CN114567473B (en) 2022-02-23 2022-02-23 Internet of vehicles access control method based on zero trust mechanism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210166731.8A CN114567473B (en) 2022-02-23 2022-02-23 Internet of vehicles access control method based on zero trust mechanism

Publications (2)

Publication Number Publication Date
CN114567473A true CN114567473A (en) 2022-05-31
CN114567473B CN114567473B (en) 2024-01-09

Family

ID=81713841

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210166731.8A Active CN114567473B (en) 2022-02-23 2022-02-23 Internet of vehicles access control method based on zero trust mechanism

Country Status (1)

Country Link
CN (1) CN114567473B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114928499A (en) * 2022-06-21 2022-08-19 重庆邮电大学 Access control method based on block chain and trust system
CN115333755A (en) * 2022-10-17 2022-11-11 四川中电启明星信息技术有限公司 Multi-attribute identity authentication method based on continuous trust evaluation
CN115623471A (en) * 2022-12-21 2023-01-17 北京金睛云华科技有限公司 Trust management method and device for privacy protection of vehicle-mounted network
CN117956451A (en) * 2024-03-27 2024-04-30 广州铭创通讯科技有限公司 Data security transmission method and system based on OBU storage key

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039322A (en) * 2007-04-20 2007-09-19 华中师范大学 Dynamic access control method of pervasive computing
CN101257386A (en) * 2008-03-11 2008-09-03 南京邮电大学 Dynamic accesses control method based on trust model
CN101729321A (en) * 2009-12-22 2010-06-09 北京理工大学 Dynamic cross-domain access control method based on trust valuation mechanism
CN101888341A (en) * 2010-07-20 2010-11-17 上海交通大学 Calculable creditworthiness-based access control method under distributed environment of multiple trusting domains
CN102664888A (en) * 2012-04-19 2012-09-12 中国科学院软件研究所 Trust-based access control method and system thereof
CN104935590A (en) * 2015-06-10 2015-09-23 南京航空航天大学 HDFS access control method based on role and user trust value
CN106330910A (en) * 2016-08-25 2017-01-11 重庆邮电大学 Strong privacy protection dual authentication method based on node identities and reputations in Internet of vehicles
CN110446204A (en) * 2019-09-11 2019-11-12 南通大学 A kind of trust value computing method suitable for car networking network vehicle node
CN110830998A (en) * 2019-05-28 2020-02-21 南通大学 Vehicle networking malicious node identification method based on trust mechanism
CN112055029A (en) * 2020-09-16 2020-12-08 全球能源互联网研究院有限公司 Zero-trust power Internet of things equipment and user real-time trust degree evaluation method
CN112153608A (en) * 2020-09-24 2020-12-29 南通大学 Vehicle networking cross-domain authentication method based on side chain technology trust model
WO2020258060A2 (en) * 2019-06-25 2020-12-30 南京邮电大学 Blockchain-based privacy protection trust model for internet of vehicles
CN113055363A (en) * 2021-03-02 2021-06-29 南通大学 Identification analysis system implementation method based on block chain trust mechanism
CN113727282A (en) * 2021-08-18 2021-11-30 暨南大学 Similarity-based trust evaluation method for privacy protection in Internet of vehicles

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039322A (en) * 2007-04-20 2007-09-19 华中师范大学 Dynamic access control method of pervasive computing
CN101257386A (en) * 2008-03-11 2008-09-03 南京邮电大学 Dynamic accesses control method based on trust model
CN101729321A (en) * 2009-12-22 2010-06-09 北京理工大学 Dynamic cross-domain access control method based on trust valuation mechanism
CN101888341A (en) * 2010-07-20 2010-11-17 上海交通大学 Calculable creditworthiness-based access control method under distributed environment of multiple trusting domains
CN102664888A (en) * 2012-04-19 2012-09-12 中国科学院软件研究所 Trust-based access control method and system thereof
CN104935590A (en) * 2015-06-10 2015-09-23 南京航空航天大学 HDFS access control method based on role and user trust value
CN106330910A (en) * 2016-08-25 2017-01-11 重庆邮电大学 Strong privacy protection dual authentication method based on node identities and reputations in Internet of vehicles
CN110830998A (en) * 2019-05-28 2020-02-21 南通大学 Vehicle networking malicious node identification method based on trust mechanism
WO2020258060A2 (en) * 2019-06-25 2020-12-30 南京邮电大学 Blockchain-based privacy protection trust model for internet of vehicles
CN110446204A (en) * 2019-09-11 2019-11-12 南通大学 A kind of trust value computing method suitable for car networking network vehicle node
CN112055029A (en) * 2020-09-16 2020-12-08 全球能源互联网研究院有限公司 Zero-trust power Internet of things equipment and user real-time trust degree evaluation method
CN112153608A (en) * 2020-09-24 2020-12-29 南通大学 Vehicle networking cross-domain authentication method based on side chain technology trust model
CN113055363A (en) * 2021-03-02 2021-06-29 南通大学 Identification analysis system implementation method based on block chain trust mechanism
CN113727282A (en) * 2021-08-18 2021-11-30 暨南大学 Similarity-based trust evaluation method for privacy protection in Internet of vehicles

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
张文博;包振山;李健;: "基于可信计算的车联网云安全模型", 武汉大学学报(理学版), no. 05 *
王进;张永慧;顾翔;: "车载自组网中信任感知的隐私保护策略", 计算机工程与应用, no. 06 *
范运东;吴晓平;石雄;: "基于信任值评估的云计算访问控制模型研究", 信息网络安全, no. 07 *
邓勇;张琳;王汝传;张梅;: "网格计算中基于信任度的动态角色访问控制的研究", 计算机科学, no. 01 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114928499A (en) * 2022-06-21 2022-08-19 重庆邮电大学 Access control method based on block chain and trust system
CN114928499B (en) * 2022-06-21 2023-09-19 深圳建科网络科技有限公司 Access control method based on block chain and trust system
CN115333755A (en) * 2022-10-17 2022-11-11 四川中电启明星信息技术有限公司 Multi-attribute identity authentication method based on continuous trust evaluation
CN115623471A (en) * 2022-12-21 2023-01-17 北京金睛云华科技有限公司 Trust management method and device for privacy protection of vehicle-mounted network
CN117956451A (en) * 2024-03-27 2024-04-30 广州铭创通讯科技有限公司 Data security transmission method and system based on OBU storage key
CN117956451B (en) * 2024-03-27 2024-06-18 广州铭创通讯科技有限公司 Data security transmission method and system based on OBU storage key

Also Published As

Publication number Publication date
CN114567473B (en) 2024-01-09

Similar Documents

Publication Publication Date Title
CN114567473B (en) Internet of vehicles access control method based on zero trust mechanism
CN113163366B (en) Privacy protection model aggregation system and method based on federal learning in Internet of vehicles
CN107888377B (en) VANETs position privacy protection method based on random encryption period
Ma et al. Blockchain-driven trusted data sharing with privacy protection in IoT sensor network
CN111147460B (en) Block chain-based cooperative fine-grained access control method
Alharthi et al. A privacy-preservation framework based on biometrics blockchain (BBC) to prevent attacks in VANET
CN111050317A (en) Intelligent traffic data safety sharing method based on alliance block chain
Feng et al. Blockchain-based data management and edge-assisted trusted cloaking area construction for location privacy protection in vehicular networks
Rasheed et al. Adaptive group-based zero knowledge proof-authentication protocol in vehicular ad hoc networks
CN112929333B (en) Vehicle networking data safe storage and sharing method based on hybrid architecture
CN106953839B (en) System and method for controlling propagation of untrusted resources in Internet of vehicles
Jolfaei et al. Secure data streaming to untrusted road side units in intelligent transportation system
Park et al. Pseudonymous authentication for secure V2I services in cloud-based vehicular networks
CN112437108A (en) Decentralized identity authentication device and method for privacy protection of Internet of vehicles
Guehguih et al. Blockchain-based privacy-preserving authentication and message dissemination scheme for vanet
Jamjoom et al. [Retracted] Lightweight Authenticated Privacy‐Preserving Secure Framework for the Internet of Vehicles
Alshehri et al. A blockchain-encryption-based approach to protect fog federations from rogue nodes
CN115834047A (en) Continuous trusted data sharing method based on block chain
Chen et al. A Summary of Security Techniques‐Based Blockchain in IoV
Wang et al. A blockchain-based privacy-preserving authentication scheme with anonymous identity in vehicular networks
Elavarasu et al. Block chain based secure data transmission among internet of vehicles
CN117793670A (en) Internet of vehicles secure communication method under block chain architecture
CN113747433A (en) Equipment authentication method based on block side chain structure in fog network
Xi et al. Probabilistic adaptive anonymous authentication in vehicular networks
Hegde et al. Hash based integrity verification for vehicular cloud environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant