CN114944953A - Certificateless anonymous authentication method for road condition monitoring in Internet of vehicles environment - Google Patents
Certificateless anonymous authentication method for road condition monitoring in Internet of vehicles environment Download PDFInfo
- Publication number
- CN114944953A CN114944953A CN202210558627.3A CN202210558627A CN114944953A CN 114944953 A CN114944953 A CN 114944953A CN 202210558627 A CN202210558627 A CN 202210558627A CN 114944953 A CN114944953 A CN 114944953A
- Authority
- CN
- China
- Prior art keywords
- transaction
- vehicle
- rta
- vpk
- registration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000012544 monitoring process Methods 0.000 title claims abstract description 19
- 238000012795 verification Methods 0.000 claims description 15
- 238000004891 communication Methods 0.000 claims description 4
- 241000486463 Eugraphe sigma Species 0.000 claims description 2
- 239000004793 Polystyrene Substances 0.000 claims description 2
- 229920002223 polystyrene Polymers 0.000 claims description 2
- 230000035945 sensitivity Effects 0.000 claims description 2
- 230000008520 organization Effects 0.000 claims 2
- 241000402754 Erythranthe moschata Species 0.000 claims 1
- 230000006855 networking Effects 0.000 claims 1
- 238000005516 engineering process Methods 0.000 abstract description 5
- 238000001514 detection method Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 3
- 238000002474 experimental method Methods 0.000 description 2
- 239000004744 fabric Substances 0.000 description 2
- 239000003999 initiator Substances 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000001902 propagating effect Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Physics (AREA)
- Mathematical Optimization (AREA)
- Mathematical Analysis (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a certificateless anonymous authentication method for road condition monitoring in an internet of vehicles environment, which comprises system initialization, an identity authentication module and transaction updating. The method realizes certificateless anonymous authentication of vehicle identity legality by the regional trusted authority RTA in the road condition detection process based on the block chain technology; an uneconomical transaction output UTXO model is constructed on the basis of a blockchain architecture, so that a trusted authority can finish efficient identity authentication on a monitored vehicle by using transactions without issuing and maintaining a digital certificate; providing a transaction updating mechanism, keeping the transaction quantity in the system transaction pool constant, and further ensuring the expandability of the authentication system; the anonymity and unlinkability of the message body in the authentication process are provided, malicious tracking of an attacker based on a vehicle dynamic track is prevented, and traceability of the vehicle identity can be realized when disputes occur. The invention provides a safe, efficient and privacy protection protocol for identity authentication in the Internet of vehicles.
Description
Technical Field
The invention relates to the technology of internet of vehicles authentication, in particular to a certificateless anonymous authentication method for road condition monitoring in an internet of vehicles environment.
Background
The Internet of vehicles is used as an important field of informatization and industrialization deep fusion, and has great potential in the aspects of improving road safety and traffic efficiency, optimizing congestion control, traffic management and the like. In the context of the internet of vehicles, vehicles can submit information to trusted authorities relating to vehicle speed, location, direction, and road conditions. The credible institution can monitor and optimize the traffic condition in real time through the road condition monitoring system. However, due to the openness of the internet of vehicles communication, malicious vehicles in the network can threaten the security of the internet of vehicles ecosystem by propagating fake messages or creating traffic scenes. In addition, the centralized architecture of the traditional monitoring system is easy to have the problems of single-point failure and low computing efficiency. Thus, security, privacy, and computational efficiency are important issues facing the internet of vehicles.
Considering the increasing problems of information security and robustness of the road condition monitoring system, the following aspects must be considered in the design of the monitoring system. First, the source of the traffic reports should be verifiable. A malicious vehicle may impersonate other vehicles to disseminate the forged traffic information and fool a trusted authority into accepting false or meaningless reports without being exposed. Therefore, to defend against such attacks, the source of the uploaded traffic report must be authenticated. Furthermore, it is worth noting that privacy protection and anti-tracking must be taken care of during the authentication process. Second, given the real-time nature of the uploaded traffic reports, authentication must be provided with low latency. Therefore, the authentication algorithm must have excellent execution efficiency while guaranteeing privacy and security. Thirdly, the scalability of the system is also considered.
However, the existing authentication schemes, especially those based on distributed systems, cannot combine high authentication efficiency with good system scalability. Therefore, a perfect information management mechanism is required in the monitoring system, which can not only ensure the stable performance of the scheme, but also provide better expandability for the system.
Disclosure of Invention
The invention aims to: the invention aims to solve the defects in the prior art, and provides a certificateless anonymous authentication method for road condition monitoring in an Internet of vehicles environment, which realizes a transaction update mechanism by using an uneconomical transaction output (UTXO) model on the basis of a block chain, keeps the constant transaction quantity in a system transaction pool, and further ensures the expandability of an authentication system; in addition, based on the elliptic curve asymmetric encryption technology, the invention provides anonymity and unlinkability of the message body in the identity authentication process, and prevents an attacker from maliciously tracking based on the dynamic track of the vehicle.
The technical scheme is as follows: the invention discloses a certificateless anonymous authentication method for road condition monitoring in an Internet of vehicles environment, which comprises the following steps:
step S1, system initialization
A root authority RA generation system generates a key pair (mpk, msk), wherein msk is a master key, mpk is a public key, and the root authority RA generation system registers the vehicle; when a vehicle is registered, the vehicle sends a registration application R to RA through a roadside unit RSU, and when the RA receives the registration application, the current state and the identity of the vehicle are confirmed and verified in sequence; then, RA encrypts the vehicle's true ID, which is the encrypted information E id The public key mpk and the signature are stored in an On Board Unit (OBU); after the vehicle registration is finished, RA forwards the registration result to the regional credible institution RTA of the region where the vehicle is located, the regional credible institution RTA sends a registration transaction containing n license coins to the vehicle, and the registration transaction is stored in the block chain state database and is used as the source transaction of the vehicle; the vehicle stores the registration transaction in an On Board Unit (OBU), and generates a temporary transaction for identity authentication based on the registration transaction;
step S2, identity authentication
The vehicle sends a verification request and a temporary transaction to the RTA to complete the verification between the vehicle and the RTA; the RTA stores the temporary transaction into a block chain state database as a new source transaction and deletes the previous source transaction; then, RTA sends the license currency to the vehicle passing the verification by creating an incentive transaction, and stores the incentive transaction in the block chain state database;
step S3, transaction update
The vehicle generates a new temporary transaction based on the latest source transaction and incentive transaction, namely: the vehicle submits the temporary transaction to the RTA, and after the RTA confirms the validity of the temporary transaction, the RTA stores the temporary transaction into the block chain state database as a new source transaction and deletes the previous source transaction and incentive transaction; then, the vehicle regenerates a temporary transaction for identity authentication based on the latest source transaction and stores it in the on board unit OBU.
Further, the detailed step of step S1 is:
s1.1, RA selects and publishes an elliptic curve E: y is 2 =x 3 +Ax+B(modp),P>5 and is a prime number 4a 3 +27b 2 ≠0;E(Z p ) Points on the elliptic curve are represented: e (Z) p )=(x,y)|x,y∈E(Z p )andy 2 =x 3 + Ax + Bmodp ≧ O; wherein O is an infinite point; RA selects and discloses a group generator P ∈ E (Z) p );
Based on the above parameters, generation of RA secret generates a master key msk ∈ E (Z) p ) And calculating a public key mpk ═ msk × P; all RTAs in each area in the network generate a key pair (rsk, rpk) by using the curve and the parameters disclosed by the RA;
s1.2, the vehicle generates a private key vsk and a public key vpk of the vehicle based on a curve E and a group generator P which are disclosed by RA, and signs an ID; the vehicle then sets the tuple R of the certificate registration application to (ID, registration, vpk, I, σ) nsk ) Sending the request to RA through the road side unit RSU, registering representing registration application, I representing vehicle real identity information, sigma vsk Being signatures, i.e. sigma vsk =sig(ID,vsk);
S1.3, RA receives certificate of vehicleAfter registering the application R, it is necessary to confirm whether the vehicle has a legal identity and to confirm the equation Check (vpk, σ) vsk If the ID) is 1, namely the Check function return value is 1, the vehicle is represented to have a legal identity;
RA encrypts ID of vehicle by using master key msk to obtain E id Encrypt (ID, msk), then pair E id Signing to obtain sigma msk Sig (ID, msk); finally, RA will E id And R is stored in the local database in the form of key-value pairs, and E is stored in the local database id Public key mpk and base E id Signature σ of (2) msk Sending to the vehicle, which stores it in the OBU;
s1.4, the RA grants the vehicle the right to generate and update the transaction, and forwards the inclusion to the RTA of the area where the vehicle is located in a safe communication mode (E) id ID, vpk, issue); the RTA sends a Registration transaction (Registration transaction) containing n license coins to the vehicle and stores the Registration transaction in a block chain state database as a source transaction (origin transaction) of the vehicle; the vehicle stores the registration transaction in the on board unit OBU.
Further, the registration transaction in step S1.4 includes: transaction Pseudonym (PS) trans ) Transaction type, Expiration time (Expiration time, t) e ) Input set, Output set, Timestamp, transaction sequence number, Nonce, η; the transaction pseudonym is generated by a transaction initiator, and the transaction types comprise registration transaction, temporary transaction, incentive transaction and the like; the input and output set is mainly used for explaining the source and the transaction object of the license currency and the number of the license currency; in a registration transaction, the input set is nulled; the output set stores the hash value of the public key of the vehicle (H (vpk) o ) And the number of license coins n.
Wherein the pseudonym PS is traded trans Is an index of a transaction, and when a transaction is stored in the blockchain database, the RTA and the RA can search the transaction through a transaction pseudonym; the transaction pseudonym is the transaction initiator's use of the system public key mpk to E id Time when transaction is generatedThe stamp t and the region code R of the location of the vehicle being generated cryptographically, i.e. PS trans =E fpk (E id ||t||RC)。
The Transaction type includes a temporary Transaction, a registration Transaction, an incentive Transaction, and a source Transaction. The initial transactions generated locally by the transaction generator (vehicle or RTA) are all temporary transactions. Depending on the application, the temporary transaction is redefined as another type of transaction. Specifically, during the registration process of the vehicle, the RTA generates a temporary transaction and the transaction is used for the RTA to send n license coins to the vehicle, at which time the temporary transaction will be redefined as a registration transaction. When the vehicle is normally authenticated, the RTA generates a temporary transaction to the RTA, and the transaction is used for the RTA to send m license coins to the vehicle as incentive, and at the moment, the temporary transaction is redefined as incentive transaction. When a transaction is stored in the blockchain state database, the transaction is redefined as a source transaction.
Time to failure (t) e ): the expiration time of a transaction, when a transaction expires, the transaction loses its validity.
Input set and output set: the input set of the transaction is used for explaining the source of the license currency related to the transaction; the output set is used for explaining the transaction object and the transaction license currency amount of the transaction. In a registration transaction, the input set is nulled.
The timestamp t is used to record the time when the transaction was generated.
The transaction sequence number η is used to record the number of transactions generated by the transaction generator.
Further, the authentication in step S2 specifically includes:
s2.1, the vehicle generates a new group of key pairs (vsk ', vpk') and generates a temporary transaction (Instant transaction) for identity authentication based on the source transaction (i.e. the registration transaction in S1.4) obtained in step S1; wherein the transaction pseudonym is based on the encrypted identity E using the master key fpk id Time stamp t and region code RC generation, namely: PS (polystyrene) with high sensitivity trans =E fpk (E id ||t||RC);
The transaction pseudonym of the active transaction is stored in the input set and the vehicle public key hash value (H (vpk) in the output set of the active transaction O ) The allowed coin number n; the output set stores RTA public key hash value (H (rpk)) and the number of allowed coins n 1 And a vehicle public key hash value (H (vpk') o ) Number of allowed coins n 2 And satisfy n 1 +n 2 =n;
S2.2, the vehicle sends a message tuple applying for authentication to the RTA through the road side unit RSU
Wherein, Trans au Is a transaction; t is a timestamp; m is traffic information;
is a signature generated based on (t M) using private key vsk, i.e.
S2.3, after receiving the verification request, RTA checks transaction Trans first au Whether it already exists in the blockchain state database; if not, the RTA will continue to retrieve transaction Trans au Inputting whether a source transaction corresponding to a transaction pseudonym in the set exists in a block chain state database; if so, performing step S2.4;
s2.4, RTA will check the equation
And equation H (vpk) O Whether or not h (vpk) holds; wherein H (vpk) O A hash value of a public key in an output set of the source transaction; h (vpk) hash value of the public key provided for the vehicle in message tuple V; if the two equations are both true, the identity authentication is successful; RTA Trans transactions provided by vehicle in authentication process au Store it in database as new source transaction and delete block chain state databaseA previous source transaction;
s2.5, the RTA sends m license coins to the vehicle by constructing an incentive transaction, and stores the transaction in a block chain state database; in an incentive trade, the input set is nulled; the output set stores a hash value of the vehicle public key (H (vpk') O ) And the number of authorized coins m; the vehicle stores the registration transaction in the on board unit OBU.
Further, the specific process of transaction update in step S3 is:
s3.1, generating a temporary transaction Trans by the vehicle up The input set of which stores transaction pseudonyms PS for active transactions trans And vehicle public key hash value in source transaction output set (H (vpk') O ) Number of allowed coins n 2 (ii) a In addition, the output set also stores transaction pseudonyms PS of incentive transactions trans And a vehicle public key hash value (H (vpk') O ) The allowed coin number m; the output set stores a vehicle public key hash value (H (vpk')), the number of license coins n 3 And satisfy m + n 2 =n 3 ;
S3.2, the vehicle sends a message tuple for applying for transaction update to the RTA
Wherein,
is a signature generated based on a time stamp t using a private key vsk', i.e.
S3.3, after receiving the verification request, RTA checks transaction Trans first up Whether already present in the block chain state database; if not, the RTA will continue to retrieve transaction Trans up Inputting whether source transactions corresponding to all transaction pseudonyms in the set exist in a block chain state database or not; if so, executing step S3.4;
s3.4, RTA will check the equation
And equation H (vpk') O Whether or not H (vpk') holds; wherein H (vpk') O A hash value of a public key in an output set of the source transaction; h (vpk') is the hash value of the public key provided by the vehicle in the message tuple U; if the above equation is true, the transaction update is successful; transaction Trans provided by RTA in transaction updating process of vehicle up Storing the data into a database as a new source transaction, and deleting the previous source transaction and incentive transaction in the block chain state database; then, the vehicle regenerates a provisional transaction for the authentication based on the latest source transaction and stores it in the on-board unit OBU.
Has the advantages that: compared with the prior art, the invention has the following advantages:
(1) the invention provides a certificateless anonymous authentication method for road condition monitoring based on a block chain and a modern cryptography technology, provides certificateless anonymous high-efficiency identity authentication of a regional trusted authority on a vehicle in a road condition detection process, and provides a log and a historical record related to the vehicle based on an intelligent contract of the block chain in the authentication process.
(2) Compared with the traditional identity authentication scheme based on the digital certificate, the identity authentication method based on the digital certificate does not need a verifier to retrieve the certificate revocation list in the authentication process, so that the identity authentication efficiency is effectively improved; in addition, based on the certificateless identity authentication scheme, the RA and the RTA do not need to consume additional storage and computing resources to maintain the digital certificates in the network.
(3) The invention can realize anonymity and unlinkability of the message body, eliminate the relevance between transaction and identity information, prevent an attacker from maliciously tracking based on the dynamic track of the vehicle, and realize the traceability of the identity of the vehicle when disputes occur.
(4) The invention provides a new transaction updating mechanism, keeps the transaction quantity in the system transaction pool constant, and further optimizes the expandability of the authentication system on the premise of ensuring high-efficiency identity authentication.
(5) The invention is in HyperridgeA prototype machine is built on r Fabric, and more than 10 are added in a block chain state database for verifying the reliability, the technology and the communication overhead of a scheme 5 The transaction of (2).
Drawings
FIG. 1 is a flow chart of an implementation of the present invention;
FIG. 2 is a system framework diagram of the present invention;
FIG. 3 is a diagram of a temporary transaction structure in accordance with one embodiment of the present invention;
FIG. 4 is a flow chart of transaction update according to an embodiment of the present invention;
fig. 5 is a diagram illustrating an authentication protocol according to an embodiment of the invention.
Detailed Description
The technical solution of the present invention is described in detail below, but the scope of the present invention is not limited to the embodiments.
As shown in fig. 1, the certificateless anonymous authentication method for road condition monitoring in the internet of vehicles environment of the present invention includes the following steps:
step S1, system initialization
A root authority RA generates a system master key (mpk, msk) and registers the vehicle; when a vehicle is registered, the vehicle sends a registration application R to the RA through the roadside unit RSU, and after the RA receives the registration application, the current state and the identity of the vehicle are confirmed and verified in sequence; then, the RA encrypts the vehicle's true ID, and the vehicle encrypts the encrypted information E id The public key mpk and the signature are stored in an On Board Unit (OBU); after the vehicle registration is finished, the RA forwards the registration result to a regional credible institution RTA of the region where the vehicle is located, the regional credible institution RTA sends a registration transaction containing n license coins to the vehicle, and the registration transaction is stored in a block chain state database and is used as a source transaction of the vehicle; the vehicle stores the registration transaction in an On Board Unit (OBU), and generates a temporary transaction for identity authentication based on the registration transaction;
step S2, identity authentication
The vehicle sends a verification request and a temporary transaction to the RTA to complete the verification between the vehicle and the RTA; the RTA stores the temporary transaction into a block chain state database as a new source transaction and deletes the previous source transaction; then, RTA sends the license currency to the vehicle passing the verification by creating an incentive transaction, and stores the incentive transaction in the block chain state database;
step S3, transaction update
The vehicle generates a new temporary transaction based on the latest source transaction and incentive transaction, namely: the vehicle submits the temporary transaction to the RTA, and after the RTA confirms the validity of the temporary transaction, the RTA stores the temporary transaction into the block chain state database as a new source transaction and deletes the previous source transaction and incentive transaction; then, the vehicle regenerates a temporary transaction for identity authentication based on the latest source transaction and stores it in the on board unit OBU.
In terms of authentication efficiency, the invention constructs a non-expendable transaction output (UTXO) model on the basis of a blockchain architecture, so that a trusted authority can finish efficient identity authentication on a monitored vehicle by using transactions without issuing and maintaining a digital certificate.
In the aspect of optimizing the expandability of the system, the invention provides a transaction updating mechanism, keeps the transaction quantity in the transaction pool of the system constant, and further ensures the expandability of the authentication system.
In the aspect of privacy protection, the invention provides anonymity and unlinkability of a message body in an authentication process, prevents an attacker from maliciously tracking based on a vehicle dynamic track, and can realize traceability of vehicle identity when disputes occur. Theoretical analysis and simulation experiments verify the high efficiency and safety of the method.
As shown in fig. 1 to 5, the certificateless anonymous authentication method of the present embodiment includes the following steps: system initialization, identity authentication and transaction updating.
Example 1:
the embodiment comprises a vehicle Alice (A) and a regional trusted authority RTA, and the specific links are as follows.
Link i (system initialization):
a public curve and related parameters are selected by a root authority RA to generate a system master key msk and a public keympk, and registers for vehicle a. RTAs generate key pairs (rsk, rpk) using the curve and parameters disclosed by RA. In the vehicle registration phase, the vehicle generates a key pair (vsk, vpk) and sends a registration application R ═ ID (registration, vpk, I, σ) to the RA via the road side unit RSU nsk ). After the RA receives the registration application, the current state and the identity of the vehicle are confirmed and verified in sequence; then, the RA encrypts the true ID of the vehicle to generate E id Then to E id Signing to obtain sigma msk Sig (ID, msk). Finally, RA will E id And R is stored in the local database in the form of key-value pairs, and E is stored in the local database id Public key mpk and base E id Signature σ of (2) msk Sent to the vehicle, which stores it in the OBU. After the vehicle registration is finished, the RA forwards the registration result to the RTA of the area where the vehicle is located. The RTA sends a registration transaction containing n license tokens to the vehicle and stores the transaction in a blockchain state database as the source transaction for the vehicle. The vehicle stores the registration transaction in the on board unit OBU and generates a temporary transaction for identity authentication based on the registration transaction.
Link ii (authentication):
the vehicle generates a new set of key pairs (vsk' ) and generates a provisional transaction for identity verification based on the source transaction. The vehicle sends the message tuple applying for authentication to RTA through the road side unit RSU
Completing the verification between the vehicle and the RTA; the RTA stores the temporary transaction in the blockchain state database as a new source transaction and deletes the previous source transaction. The RTA then constructs an incentive transaction to send a number m of license tokens to the vehicle based on the public key vpk' and stores the transaction in the block chain state database. The vehicle stores the registration transaction in the on board unit OBU.
Link iii (transaction update):
the vehicle generates a new temporary transaction Trans based on the latest source transaction and incentive transaction up . Vehicle sends message tuple applying for transaction update to RTA
Wherein,
is a signature generated based on t using private key vsk'. After the RTA confirms the validity of the transaction, the transaction is stored in the blockchain state database as a new source transaction and the previous source transaction and incentive transaction are deleted. Then, the vehicle regenerates a provisional transaction for the authentication based on the latest source transaction and stores it in the on-board unit OBU.
Experiments show that the experiment of building a prototype machine on Hyperridge Fabric shows that the identity authentication of a regional trusted authority to a message main body needs only 0.822ms on average after one time. Meanwhile, the invention is compared with other existing authentication schemes correspondingly, and the result shows that the technical scheme of the invention is at least 35.7% better than the authentication scheme of the same type.
In conclusion, the invention provides a safe, efficient and privacy protection protocol for the road condition monitoring system in the Internet of vehicles environment.
Claims (5)
1. A certificateless anonymous authentication method for road condition monitoring in a vehicle networking environment is characterized in that: the method comprises the following steps:
step S1, system initialization
A root authority RA generates a system key pair (mpk, msk), msk is a master key, mpk is a public key, and the vehicle is registered; when a vehicle is registered, the vehicle sends a registration application R to RA through a roadside unit RSU, and when the RA receives the registration application, the current state and the identity of the vehicle are confirmed and verified in sequence; then, RA encrypts the vehicle's true ID, which is the encrypted information E id The public key mpk and the signature are stored in an OBU; after the vehicle registration is finished, RA forwards the registration result to the regional credible organization RTA of the region where the vehicle is located, the regional credible organization RTA sends a registration transaction containing n license coins to the vehicle, and the registration transaction is stored in the block chain state numberDatabase and as a source transaction for the vehicle; the vehicle stores the registration transaction in an On Board Unit (OBU), and generates a temporary transaction for identity authentication based on the registration transaction;
step S2, identity authentication
The vehicle sends a verification request and a temporary transaction to the RTA to complete the verification between the vehicle and the RTA; the RTA stores the temporary transaction into a block chain state database as a new source transaction and deletes the previous source transaction; then, RTA sends the license currency to the vehicle passing the verification by creating an incentive transaction, and stores the incentive transaction in the block chain state database;
step S3, transaction update
The vehicle generates a new temporary transaction based on the latest source transaction and incentive transaction, namely: the vehicle submits the temporary transaction to the RTA, the RTA stores the new temporary transaction into the block chain state database as a new source transaction after confirming the validity of the new temporary transaction, and simultaneously deletes the previous source transaction and incentive transaction; then, the vehicle regenerates a temporary transaction for identity authentication based on the latest source transaction and stores it in the on board unit OBU.
2. The certificateless anonymous authentication method for road condition monitoring in the internet of vehicles environment according to claim 1, wherein: the detailed steps of step S1 are:
s1.1, RA selects and publishes an elliptic curve E: y is 2 =x 3 + Ax + B (modp), P > 5 and is a prime number 4a 3 +27b 2 ≠0;E(Z p ) Points on the elliptic curve are represented: e (Z) p )=(x,y)|x,y∈E(Z p )andy 2 =x 3 + Ax + B mod p U O; wherein O is an infinite point; RA selects and discloses a group generator P ∈ E (Z) p );
Based on the above parameters, the generation of RA secret generates a master key musk E (Z) p ) And calculating a public key mpk ═ msk × P; all RTAs in each area in the network generate a key pair (rsk, rpk) by using the curve and the parameters disclosed by the RA;
s1.2, vehicle baseGenerating a private key vsk and a public key vpk of the curve E and the group generator P disclosed by RA, and signing the ID; the vehicle then sets the tuple R of the certificate registration application to (ID, registration, vpk, I, σ) vsk ) Sending the request to RA through the road side unit RSU, registering representing registration application, I representing vehicle real identity information, sigma vsk Is a signature, i.e. sigma vsk =sig(ID,vsk);
S1.3, after the certificate registration application R of the vehicle is received by RA, whether the vehicle has a legal identity needs to be confirmed, namely, the equation Check (vpk, sigma) is confirmed vsk If the ID) is 1, namely the Check function return value is 1, the vehicle is represented to have a legal identity;
RA encrypts ID of the vehicle by using master key msk to obtain E id Encrypt (ID, msk), then pair E id Signing to obtain sigma msk Sig (ID, msk); finally, RA will E id And R is stored in the local database in the form of key-value pairs, and E is stored in the local database id Public key mpk and base E id Signature σ of (2) msk Sending to the vehicle, which stores it in the OBU;
s1.4, the RA grants the vehicle the right to generate and update the transaction, and forwards the inclusion to the RTA of the area where the vehicle is located in a safe communication mode (E) id ID, vpk, issue); the RTA sends a registration transaction containing n license coins to the vehicle and stores the registration transaction into a block chain state database to serve as a source transaction of the vehicle; the vehicle stores the registration transaction in the on board unit OBU.
3. The certificateless anonymous authentication method for road condition monitoring in the internet of vehicles environment as claimed in claim 1, wherein: the registration transaction in step S1.4 includes: transaction Pseudonym (PS) trans ) Transaction type, Expiration time (t) e ) Input set, Output set, Timestamp, and transaction sequence number, Nonce, η;
trade pseudonym PS trans By transactionInitiator utilizes system public key mpk pair E id Time stamp t when transaction is generated and area code RC of vehicle location is encrypted to generate PS trans =E fpk (E id ||t||RC);
The transaction types comprise temporary transactions, registration transactions, incentive transactions and source transactions; the initial transactions generated locally by the vehicle and the RTA are both temporary transactions; then, in the registration process of the vehicle, the temporary transaction generated by the RTA is used for sending n license coins to the vehicle by the RTA, namely the registration transaction; when the vehicle normally carries out authentication once, the temporary transaction generated by the RTA to the RTA is used for the RTA to send m license coins to the vehicle as an incentive, namely as an incentive transaction; if a transaction is stored in the blockchain state database, the transaction is redefined as a source transaction;
the timestamp t is used for recording the time when the transaction is generated; the transaction sequence number η is used to record the number of transactions generated by the transaction generator.
4. The certificateless anonymous authentication method for road condition monitoring in the internet of vehicles environment according to claim 1, wherein: the authentication in step S2 specifically includes:
s2.1, assuming that the vehicle is a new registered vehicle, namely the number of the license coins owned by the vehicle at the moment is n; the vehicle generates a new set of key pairs (vsk ', vpk') and generates a provisional transaction for identity authentication based on the source transaction obtained in step S1; wherein the transaction pseudonym is based on the encryption identity E using the master key mpk id And generating a timestamp t and an area code RC when the transaction is generated, namely: PS (polystyrene) with high sensitivity trans =E fpk (E id ||t||RC);
The transaction pseudonym of the active transaction is stored in the input set and the vehicle public key hash value (H (vpk) in the output set of the active transaction O ) The allowed coin number n; two transaction objects are stored in the output set, wherein one transaction object is RTA, and the corresponding storage contents are RTA public key hash value (H (rpk)) and the number n of allowed coins 1 (ii) a The other is local to the vehicle, and the corresponding storage content is vehicle public key hash value (H (vpk') O ) Number of allowed coins n 2 And satisfy n 1 +n 2 =n;
S2.2, the vehicle sends a message tuple applying for authentication to the RTA through the road side unit RSU
Wherein, Trans au A temporary transaction generated locally for the vehicle; t is a timestamp; m is traffic information;
is a signature generated based on (t M) using private key vsk, i.e.
S2.3, after receiving the verification request, RTA first checks transaction Trans au Whether it already exists in the blockchain state database; if not, the RTA will continue to retrieve transaction Trans au Inputting whether a source transaction corresponding to a transaction pseudonym in the set exists in a block chain state database; if so, executing step S2.4;
s2.4, RTA will check the equation
And equation H (vpk) O Whether or not h (vpk) holds; wherein H (vpk) O A hash value of a public key in an output set of the source transaction; h (vpk) hash value of the public key provided for the vehicle in message tuple V; if the two equations are both true, the identity authentication is successful; RTA Trans transactions provided by vehicle in authentication process au Storing the source transaction into a database as a new source transaction, and deleting the previous source transaction in the block chain state database;
s2.5, the RTA sends m license coins to the vehicle by constructing an incentive transaction, and stores the transaction in a block chain state database; in incentive trade, losePutting the collection into the empty; the output set has stored therein the vehicle public key hash value (H (vpk') O ) And the number of authorized coins m; the vehicle stores the registration transaction in the on board unit OBU.
5. The certificateless anonymous authentication method for road condition monitoring in the internet of vehicles environment according to claim 1, wherein: the specific process of transaction update in step S3 is as follows:
s3.1, generating a temporary transaction Trans by the vehicle up The input set of which stores transaction pseudonyms PS for active transactions trans And vehicle public key hash value in source transaction output set (H (vpk') O ) Number of allowed coins n 2 (ii) a In addition, the transaction pseudonym PS of the incentive transaction is stored in the output set trans And a vehicle public key hash value (H (vpk') O ) The allowed coin number m; the output set stores a vehicle public key hash value (H (vpk')), the number of license coins n 3 And satisfy m + n 2 =n 3 ;
S3.2, the vehicle sends a message tuple for applying for transaction update to the RTA
Wherein,
is a signature generated based on a time stamp t using a private key vsk', i.e.
S3.3, after receiving the verification request, RTA checks transaction Trans first up Whether it already exists in the blockchain state database; if not, the RTA will continue to retrieve transaction Trans up Inputting whether source transactions corresponding to all transaction pseudonyms in the set exist in a block chain state database or not; if so, executing step S3.4;
s3.4, RTA will check the equation
And equation H (vpk') O Whether or not H (vpk') holds; wherein H (vpk') O A hash value of a public key in an output set of the source transaction; h (vpk') is the hash value of the public key provided by the vehicle in the message tuple U; if the above equation is true, the transaction update is successful; transaction Trans provided by RTA in transaction updating process of vehicle up Storing the data into a database as a new source transaction, and deleting the previous source transaction and the previous incentive transaction in the block chain state database; then, the vehicle regenerates a temporary transaction for identity authentication based on the latest source transaction and stores it in the on board unit OBU.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210558627.3A CN114944953B (en) | 2022-05-20 | 2022-05-20 | Certificate-free anonymous authentication method for road condition monitoring in Internet of vehicles environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210558627.3A CN114944953B (en) | 2022-05-20 | 2022-05-20 | Certificate-free anonymous authentication method for road condition monitoring in Internet of vehicles environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114944953A true CN114944953A (en) | 2022-08-26 |
| CN114944953B CN114944953B (en) | 2024-04-09 |
Family
ID=82908491
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210558627.3A Active CN114944953B (en) | 2022-05-20 | 2022-05-20 | Certificate-free anonymous authentication method for road condition monitoring in Internet of vehicles environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114944953B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116827584A (en) * | 2023-03-01 | 2023-09-29 | 电子科技大学 | Method for certificateless anonymous cross-domain authentication of Internet of things equipment based on blockchain |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109391631A (en) * | 2018-11-28 | 2019-02-26 | 重庆邮电大学 | It is a kind of with the car networking anonymous authentication system and method controllably linked |
| CN110446183A (en) * | 2019-06-01 | 2019-11-12 | 西安邮电大学 | Car networking system and working method based on block chain |
| CN111372248A (en) * | 2020-02-27 | 2020-07-03 | 南通大学 | Efficient anonymous identity authentication method in Internet of vehicles environment |
| CN112134698A (en) * | 2020-09-10 | 2020-12-25 | 江苏大学 | Block chain-based vehicle-to-vehicle rapid communication authentication method and system for Internet of vehicles |
| CN112153608A (en) * | 2020-09-24 | 2020-12-29 | 南通大学 | Vehicle networking cross-domain authentication method based on side chain technology trust model |
| CN112543106A (en) * | 2020-12-07 | 2021-03-23 | 昆明理工大学 | Vehicle privacy anonymous protection method based on block chain and group signature |
| CN113596778A (en) * | 2021-07-28 | 2021-11-02 | 国家电网有限公司 | Vehicle networking node anonymous authentication method based on block chain |
| WO2022082893A1 (en) * | 2020-10-22 | 2022-04-28 | 香港中文大学(深圳) | Privacy blockchain-based internet of vehicles protection method, and mobile terminal |
-
2022
- 2022-05-20 CN CN202210558627.3A patent/CN114944953B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109391631A (en) * | 2018-11-28 | 2019-02-26 | 重庆邮电大学 | It is a kind of with the car networking anonymous authentication system and method controllably linked |
| CN110446183A (en) * | 2019-06-01 | 2019-11-12 | 西安邮电大学 | Car networking system and working method based on block chain |
| CN111372248A (en) * | 2020-02-27 | 2020-07-03 | 南通大学 | Efficient anonymous identity authentication method in Internet of vehicles environment |
| CN112134698A (en) * | 2020-09-10 | 2020-12-25 | 江苏大学 | Block chain-based vehicle-to-vehicle rapid communication authentication method and system for Internet of vehicles |
| CN112153608A (en) * | 2020-09-24 | 2020-12-29 | 南通大学 | Vehicle networking cross-domain authentication method based on side chain technology trust model |
| WO2022082893A1 (en) * | 2020-10-22 | 2022-04-28 | 香港中文大学(深圳) | Privacy blockchain-based internet of vehicles protection method, and mobile terminal |
| CN112543106A (en) * | 2020-12-07 | 2021-03-23 | 昆明理工大学 | Vehicle privacy anonymous protection method based on block chain and group signature |
| CN113596778A (en) * | 2021-07-28 | 2021-11-02 | 国家电网有限公司 | Vehicle networking node anonymous authentication method based on block chain |
Non-Patent Citations (3)
| Title |
|---|
| 关振宇;陈永江;李大伟;刘玮;余丹;: "一种基于区块链的车联网跨域认证方案", 网络空间安全, no. 09, 16 September 2020 (2020-09-16) * |
| 张新运;许艳;崔杰;: "车载网中基于无证书签名的匿名认证协议", 计算机工程, no. 03, 15 March 2016 (2016-03-15) * |
| 李少卓;王娜;杜学绘;: "按需披露的区块链隐私保护机制", 网络与信息安全学报, no. 03, 15 June 2020 (2020-06-15) * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116827584A (en) * | 2023-03-01 | 2023-09-29 | 电子科技大学 | Method for certificateless anonymous cross-domain authentication of Internet of things equipment based on blockchain |
| CN116827584B (en) * | 2023-03-01 | 2024-05-31 | 电子科技大学 | Method for certificateless anonymous cross-domain authentication of Internet of things equipment based on blockchain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114944953B (en) | 2024-04-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Lu et al. | A blockchain-based privacy-preserving authentication scheme for VANETs | |
| CN109451467B (en) | Vehicle-mounted self-organizing network data secure sharing and storage system based on block chain technology | |
| Lo et al. | An efficient conditional privacy-preserving authentication scheme for vehicular sensor networks without pairings | |
| Dua et al. | Secure message communication protocol among vehicles in smart city | |
| Tzeng et al. | Enhancing security and privacy for identity-based batch verification scheme in VANETs | |
| CN109698754B (en) | Fleet safety management system and method based on ring signature and vehicle management platform | |
| Chattaraj et al. | Block-CLAP: Blockchain-assisted certificateless key agreement protocol for internet of vehicles in smart transportation | |
| CN106789090A (en) | Public key infrastructure system and semi-random participating certificate endorsement method based on block chain | |
| Feng et al. | An efficient privacy-preserving authentication model based on blockchain for VANETs | |
| CN111884815A (en) | Block chain-based distributed digital certificate authentication system | |
| CN112134698A (en) | Block chain-based vehicle-to-vehicle rapid communication authentication method and system for Internet of vehicles | |
| CN114125773A (en) | Vehicle networking identity management system and management method based on block chain and identification password | |
| Kumar et al. | VChain: efficient blockchain based vehicular communication protocol | |
| CN115515127A (en) | Vehicle networking communication privacy protection method based on block chain | |
| CN115442048A (en) | VANET-oriented block chain-based anonymous authentication method | |
| Zhang et al. | A privacy-preserving authentication scheme for VANETs based on consortium blockchain | |
| CN109981637B (en) | Multi-source cross composite authentication method for Internet of things based on block chain | |
| CN115102695A (en) | Vehicle networking certificate authentication method based on block chain | |
| Subramani et al. | Blockchain-based physically secure and privacy-aware anonymous authentication scheme for fog-based vanets | |
| Javed et al. | Secure message handling in vehicular energy networks using blockchain and artificially intelligent IPFS | |
| Akhter et al. | Blockchain in vehicular ad hoc networks: Applications, challenges and solutions | |
| CN114944953B (en) | Certificate-free anonymous authentication method for road condition monitoring in Internet of vehicles environment | |
| AlMarshoud et al. | Security, privacy, and decentralized trust management in VANETs: a review of current research and future directions | |
| Hegde et al. | Hash based integrity verification for vehicular cloud environment | |
| Feng et al. | PBAG: A Privacy-Preserving Blockchain-Based Authentication Protocol With Global-Updated Commitment in IoVs |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |