CN117041961B - SM2 certificate-free internet of vehicles terminal authentication method and system - Google Patents

SM2 certificate-free internet of vehicles terminal authentication method and system Download PDF

Info

Publication number
CN117041961B
CN117041961B CN202311138268.7A CN202311138268A CN117041961B CN 117041961 B CN117041961 B CN 117041961B CN 202311138268 A CN202311138268 A CN 202311138268A CN 117041961 B CN117041961 B CN 117041961B
Authority
CN
China
Prior art keywords
road side
side unit
internet
terminal
vehicles terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311138268.7A
Other languages
Chinese (zh)
Other versions
CN117041961A (en
Inventor
许盛伟
刘润生
刘家兴
刘浩然
郭锦城
杨皓清
田宇
邓烨
刘昌赫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING ELECTRONIC SCIENCE AND TECHNOLOGY INSTITUTE
Original Assignee
BEIJING ELECTRONIC SCIENCE AND TECHNOLOGY INSTITUTE
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING ELECTRONIC SCIENCE AND TECHNOLOGY INSTITUTE filed Critical BEIJING ELECTRONIC SCIENCE AND TECHNOLOGY INSTITUTE
Priority to CN202311138268.7A priority Critical patent/CN117041961B/en
Publication of CN117041961A publication Critical patent/CN117041961A/en
Application granted granted Critical
Publication of CN117041961B publication Critical patent/CN117041961B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • H04W12/0471Key exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/108Source integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/46Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for vehicle-to-vehicle communication [V2V]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to a method and a system for authenticating a vehicle networking terminal based on SM2 certification, wherein the method comprises the following steps: s1: generating a system public parameter and a pair of system public and private key pairs by a trusted center; s2: generating a first part of public and private key pair by the vehicle networking terminal or the road side unit, and sending the first part of public key and pseudonym identity information to a trusted center as registration information for registration; s3: the trusted center generates a second part of public-private key pair according to the registration information, sends the second part of public-private key pair to the vehicle networking terminal or the road side unit, and stores the registration information; s4: the vehicle networking terminal or the road side unit generates a public-private key pair of the vehicle networking terminal or the road side unit according to the first part public-private key pair and the second part public-private key pair; s5: and the vehicle networking terminal or the road side unit performs bidirectional identity authentication with other vehicle networking terminals or road side units according to public and private keys of the vehicle networking terminal or the road side unit. The method provided by the invention is safe and light, and is suitable for mass and limited computing resources of the terminals in the Internet of vehicles.

Description

SM2 certificate-free internet of vehicles terminal authentication method and system
Technical Field
The invention relates to the field of Internet of vehicles and information security, in particular to an SM2 certificate-free Internet of vehicles terminal authentication method and system.
Background
Authentication schemes in the internet of vehicles can be roughly classified into three types: an authentication scheme based on a traditional public key infrastructure (Public Key Infrastructure, PKI), an authentication scheme based on an Identity-based public key cryptography (Identity-based Public Key Cryptography, ID-PKC), and an authentication scheme based on a certificateless public key cryptography (CERTIFICATELESS PUBLIC KEY CRYPTOGRAPHY, CL-PKC).
PKI is widely used in various fields as a public key cryptography authentication technology that has emerged earliest. PKI is composed of digital certificates, certificate authorities (CERTIFICATE AUTHORITY, CA), certificate authorities (Register Authority, RA), etc., and can provide services such as certificate management, revocation, storage, etc. In the internet of vehicles, a traditional authentication scheme CA based on PKI will provide public and private key pairs for each internet of vehicles terminal, and bind the pseudonymous identity information of the terminal, the public key and the signature of the CA together by issuing a digital certificate for each terminal. Thus, when identity authentication is needed, the terminal can prove the validity of the identity through the owned legal certificate. However, this solution has a significant drawback in that the CA needs to issue and maintain digital certificates of all terminals, so that when a large number of terminals are accessed into the system, the authentication and management of the certificates become very complicated, and huge calculation, storage and communication overheads are brought to the system. Therefore, the conventional PKI-based authentication scheme is not perfect enough in the internet of vehicles.
In order to solve the problem of certificate authentication and management in the conventional PKI authentication scheme, shamir proposed an identity-based public key cryptography ID-PKC in 1984. In the ID-PKC, the user may use its own pseudonym identity information, such as a phone number, a mailbox address, an identity card, etc., as its own public key, and a third party trusted private key generating center (PRIVATE KEY Generator, PKG) calculates and generates a private key based on the identity public key for each user, and sends the private key to the user, so that the problem of management of digital certificates, etc. is avoided. Many scholars have applied it to the internet of vehicles. However, the ID-PKC based authentication scheme has a key escrow problem in that the PKG has private key information of all users, so that once the PKG is broken or encounters a malicious PKG, the signature of any user can be forged without being found.
In order to solve the problem of complex certificate management in the conventional PKI authentication scheme and the problem of key escrow in the ID-PKC based authentication scheme, al-Riyami et Al proposed a certificateless public key cryptography CL-PKC in 2003. In CL-PKC, the PKG calculates and generates a partial private key to send to the user, and then the user generates a secret value itself, and the two secret values combine to obtain the entire private key, thereby solving the problem of key escrow. Meanwhile, the identity and the public key of the user are not bound through the certificate, so that the problems of certificate management and the like are avoided. Therefore, it is of great significance to study and apply CL-PKC-based authentication schemes in the field of Internet of vehicles. Existing CL-PKC based authentication schemes in the internet of vehicles mostly employ bilinear pairing, which increases the computational complexity of the scheme, although these schemes prove to be safe in standard computational models.
Disclosure of Invention
In order to solve the technical problems, the invention provides a method and a system for authenticating a vehicle networking terminal based on SM2 certification.
The technical scheme of the invention is as follows: an SM2 certificate-free internet of vehicles terminal authentication method comprises the following steps:
Step S1: generating a system public parameter, a pair of system public keys and a system private key by a trusted center TA, disclosing the system public parameter and the system public key, and secretly storing the system private key;
step S2: generating a pair of first part public keys and first part private keys by a vehicle networking terminal or a road side unit, and sending the first part public keys and the pseudonymous identity information to the trusted center TA as registration information for registration;
step S3: after receiving the registration information, the trusted center TA generates a pair of a second part public key and a second part private key for the registration information, and forwards the second part public key and the second part private key to the Internet of vehicles terminal or the road side unit, and stores the registration information;
Step S4: the vehicle networking terminal or the road side unit generates a public-private key pair of the vehicle networking terminal or the road side unit according to the first part public key and the first part private key and the second part public key and the second part private key;
step S5: and the Internet of vehicles terminal or the road side unit performs bidirectional identity authentication with other Internet of vehicles terminals or road side units according to public and private keys of the Internet of vehicles terminal or the road side unit.
Compared with the prior art, the invention has the following advantages:
The invention discloses a vehicle networking terminal authentication method based on SM2 without certificates, which avoids the certificate authentication and management overhead in the traditional PKI authentication based on SM2 without certificates, and simultaneously, the generation of a user private key is jointly participated by a user and a trusted center TA, thereby avoiding the problem of key escrow. In addition, compared with the existing internet of vehicles certificate-free authentication method using bilinear pairing, the internet of vehicles certificate-free authentication method using bilinear pairing is free of bilinear pairing, reduces calculation cost, improves authentication efficiency, is easy to popularize based on a standard national secret SM2 digital signature algorithm, realizes safe and autonomous control of passwords, and is suitable for the characteristics of mass of terminals in an internet of vehicles scene and limited calculation resources.
Drawings
Fig. 1 is a flowchart of an authentication method of a vehicle networking terminal based on SM2 non-credentials in an embodiment of the present invention;
Fig. 2 is a schematic diagram of a system structure of an authentication method of a terminal of internet of vehicles in an embodiment of the present invention;
Fig. 3 is a schematic diagram of a registration flow of a terminal of the internet of vehicles in an embodiment of the present invention;
fig. 4 is a schematic diagram of a bidirectional identity authentication flow between terminals of the internet of vehicles in an embodiment of the present invention;
Fig. 5 is a block diagram of a system for authenticating a terminal of a vehicle networking based on SM2 without a certificate in an embodiment of the present invention.
Detailed Description
The invention provides an SM 2-based certificate-free internet-of-vehicles terminal authentication method which is safe and light and is suitable for mass and computing resource limitation of terminals in the internet of vehicles.
The present invention will be further described in detail below with reference to the accompanying drawings by way of specific embodiments in order to make the objects, technical solutions and advantages of the present invention more apparent.
Example 1
As shown in fig. 1, the method for authenticating the internet of vehicles terminal based on SM2 certification-free, provided by the embodiment of the invention, comprises the following steps:
Step S1: generating a system public parameter, a pair of system public keys and a system private key by a trusted center TA, disclosing the system public parameter and the system public key, and secretly storing the system private key;
Step S2: generating a pair of first part public key and first part private key by the vehicle networking terminal or the road side unit, and sending the first part public key and the pseudonym identity information to the trusted center TA as registration information for registration;
Step S3: after receiving the registration information, the trusted center TA generates a pair of second part public keys and second part private keys for the registration information, and forwards the second part public keys and the second part private keys to the Internet of vehicles terminal or the road side unit, and stores the registration information;
Step S4: the method comprises the steps that a public-private key pair of the vehicle networking terminal or the road side unit is generated according to a first part public key and a first part private key and a second part public key and a second part private key;
Step S5: and the vehicle networking terminal or the road side unit performs bidirectional identity authentication with other vehicle networking terminals or road side units according to public and private keys of the vehicle networking terminal or the road side unit.
The trusted center TA is a third party trusted mechanism and is responsible for initializing the Internet of vehicles system to generate system parameters; providing registration service for the vehicle networking terminal and the road side unit RSU; registration and authentication data in the internet of vehicles system is stored.
The road side unit RSU is responsible for providing identity authentication service and data communication service for the vehicle networking terminal.
The vehicle networking terminal sends a registration request to a trusted center TA; sending an identity authentication request and a data communication service request to a Road Side Unit (RSU); and realizing data sharing and identity authentication between the terminals of the Internet of vehicles.
Fig. 2 shows a system structure schematic diagram of an authentication method of a terminal of the internet of vehicles.
In one embodiment, step S1 described above: the trusted center TA generates a system public parameter, a pair of system public keys and a system private key, the system public parameter and the system public key are disclosed, and the system private key is stored in a secret mode, and the method specifically comprises the following steps:
Step S11: the trusted center TA generates a prime number p and an elliptic curve E (F p) defined over a finite field F p;
Wherein, the equation of the elliptic curve is y 2=x3 +ax+ bmodp, p is a prime number larger than 3, a and b are elements in F p, which are used for defining an elliptic curve E (F p) on F p, G is the base point of the elliptic curve, and the order is n;
step S12: trusted center TA generating random system private key Calculating a system public key P pub = [ s ] G according to s;
step S13: the system public parameter params= { E (F p),G,n,Ppub, H }, where H is the SM3 cryptographic hash algorithm is generated.
In one embodiment, step S2 above: the method comprises the steps that a pair of first part public keys and first part private keys are generated by a vehicle networking terminal or a road side unit, and the first part public keys and the pseudonym identity information are used as registration information to be sent to a trusted center TA for registration, and specifically comprises the following steps:
Step S21: random number selection for vehicle networking terminal or road side unit i As its first partial private key, wherein,Representing an integer, calculating a first partial public key X i=[xi G according to X i;
step S22: random number selection for vehicle networking terminal or road side unit i Generating a pseudonymous identity RID i=H(IDi||ci), wherein the ID i is identity information of a vehicle networking terminal or a road side unit i;
step S23: the registration information { X i,RIDi } is sent to the trusted center TA for registration.
In one embodiment, the step S3: after receiving the registration information, the trusted center TA generates a pair of a second part public key and a second part private key for the registration information, and forwards the second part public key and the second part private key to the internet of vehicles terminal or the road side unit, and stores the registration information, and specifically includes:
step S31: after receiving the registration information { X i,RIDi }, the trusted center TA calculates Wherein x G、yG,/>And/>Represents the abscissa and the ordinate of point G and point X i, respectively,/>Representing two bytes converted from the bit length of RID i, H representing the SM3 cryptographic hash algorithm;
step S32: selecting random numbers And calculating Y i=[yi]G、hi=H(Yi||Zi) mod n and d i=(yi+s·hi) mod n, respectively; wherein Y i is taken as a second partial public key and d i is taken as a second partial private key;
Step S33: and forwarding (Y i,di) to the vehicle networking terminal or the road side unit i.
In one embodiment, step S4 above: the method for generating the public and private key pair of the vehicle networking terminal or the road side unit by the vehicle networking terminal or the road side unit according to the first part public key and the first part private key and the second part public key and the second part private key specifically comprises the following steps:
The internet of vehicle terminal or road side unit i checks whether the received (Y i,di) is correct according to whether d i]G=Yi+PKTA·hi is true, if so, s i=xi+di mod n is calculated as its private key, and P i=Xi+Yi is calculated as its public key, namely the public-private key pair (P i,si) of the internet of vehicle terminal/road side unit i is formed.
Thus, the registration process of the internet of vehicles terminal/road side unit i is completed, and fig. 3 shows a schematic diagram of the registration process. The mutual identity authentication is realized between the terminals of the Internet of vehicles and the road side units through the following steps.
In one embodiment, the step S5 is as follows: the internet of vehicles terminal or road side unit carries out two-way identity authentication with other internet of vehicles terminal or road side unit according to public and private keys of the internet of vehicles terminal or road side unit, and specifically comprises the following steps:
Step S51: the internet of vehicles terminal or road side unit i sends the pseudonym identity information RID i, the public key P i, the first part public key X i and the second part public key Y i to other internet of vehicles terminals or road side units j to carry out an identity authentication request;
Step S52: the vehicle networking terminal or the road side unit j responds to the identity authentication request and sends the pseudonym identity information RID j, the public key P j, the first part public key X j and the second part public key Y j to the vehicle networking terminal or the road side unit i;
step S53: the vehicle networking terminal or the road side unit i generates a random number R 1 and sends the random number R 1 to the vehicle networking terminal or the road side unit j for challenge;
Step S54: after receiving R 1, the vehicle networking terminal or road side unit j signs the vehicle networking terminal or road side unit j by using a private key s j of the vehicle networking terminal or road side unit j, generates a signature value (c j,kj) of R 1 and returns the signature value to the vehicle networking terminal or road side unit i, wherein the calculation mode of (c j,kj) is as follows:
step S541: and calculating by the vehicle networking terminal or the road side unit j:
Put/> Calculation/>
Step S542: selecting random numbersCalculate l= [ L ] G, c j=(ej+xL) mod n and k j=(1+sj)-1(l-cjsj) mod n, resulting in a signature value of R 1 (c j,kj);
Step S55: after receiving the signature value (c j',kj') of R 1, the terminal or the road side unit i of the Internet of vehicles performs signature verification, wherein the verification process is as follows:
Step S551: the internet of vehicles terminal or road side unit i checks whether c j',kj' e [1, n-1] is established, if not, the verification is not passed, if so, the process goes to step S552;
Step S552: calculation of Put/>Calculation/>T j=Pj+PKTAH(Yj||Zj) and T j=cj'+kj' mod n, if T j =0, the verification is not passed, otherwise go to step S553;
step S553: calculating elliptic curve points L' = [ k j']G+[tj]Tj and N j=ej+xL' mod N; verifying whether the equations N j=cj' are equal, if so, passing the identity authentication of the vehicle networking terminal/road side unit i to the vehicle networking terminal/road side unit j, and if not, failing the verification;
Step S56: the vehicle networking terminal or the road side unit j generates a random number R 2 to initiate challenges to the vehicle networking terminal or the road side unit i;
Step S57: after receiving R 2, the vehicle networking terminal or road side unit i signs the R 2 to obtain a signature value (c i,ki) and returns the signature value to the vehicle networking terminal or road side unit j;
Step S58: and after receiving the signature value (c i',ki '), the vehicle networking terminal or the road side unit j performs signature verification, and verifies whether the equation N i=ci' is equal, if not, the verification fails, and if so, the vehicle networking terminal/road side unit j passes the identity authentication of the vehicle networking terminal/road side unit i, so that the two-way identity authentication of the two parties is realized.
Fig. 4 shows a schematic diagram of a bidirectional identity authentication flow between terminals of the internet of vehicles.
The invention discloses a vehicle networking terminal authentication method based on SM2 without certificates, which avoids the certificate authentication and management overhead in the traditional PKI authentication based on SM2 without certificates, and simultaneously, the generation of a user private key is jointly participated by a user and a trusted center TA, thereby avoiding the problem of key escrow. In addition, compared with the existing internet of vehicles certificate-free authentication method using bilinear pairing, the internet of vehicles certificate-free authentication method using bilinear pairing is free of bilinear pairing, reduces calculation cost, improves authentication efficiency, is easy to popularize based on a standard national secret SM2 digital signature algorithm, realizes safe and autonomous control of passwords, and is suitable for the characteristics of mass of terminals in an internet of vehicles scene and limited calculation resources.
Example two
As shown in fig. 5, an embodiment of the present invention provides an SM 2-based internet of vehicles terminal authentication system without credentials, which includes the following modules:
An initialization module 61, configured to generate, by a trusted center TA, a system public parameter, a pair of system public keys, and a system private key, and store, in secret, the system public parameter and the system public key;
The first public-private key pair generating module 62 is configured to generate a pair of a first public key and a first private key by using the internet of vehicles terminal or the road side unit, and send the first public key and the pseudonym identity information as registration information to the trusted center TA for registration;
The second public-private key pair generating module 63 is configured to generate a pair of a second public key and a second private key for the trusted center TA after receiving the registration information, and forward the second public key and the second private key to the internet of vehicles terminal or the road side unit, and store the registration information;
The public-private key pair generating module 64 of the internet of vehicles terminal or the road side unit is configured to generate a public-private key pair of the internet of vehicles terminal or the road side unit according to the first partial public key and the first partial private key and the second partial public key and the second partial private key;
The two-way identity authentication module 65 is configured to perform two-way identity authentication on the two-way identity authentication unit and the other two-way identity authentication unit according to public and private keys of the two-way identity authentication unit.
The above examples are provided for the purpose of describing the present invention only and are not intended to limit the scope of the present invention. The scope of the invention is defined by the appended claims. Various equivalents and modifications that do not depart from the spirit and principles of the invention are intended to be included within the scope of the invention.

Claims (2)

1. An SM2 certificate-free internet of vehicles terminal authentication method is characterized by comprising the following steps:
Step S1: generating a system public parameter, a pair of system public keys and a system private key by a trusted center TA, disclosing the system public parameter and the system public key, and secretly storing the system private key, wherein the method specifically comprises the following steps of:
Step S11: the trusted center TA generates prime numbers And defined in finite field/>Elliptic curve/>
Wherein the equation of the elliptic curve is,/>Is a prime number greater than 3,/>And/>Is thatFor defining/>An elliptic curve/>,/>Is the base point of the elliptic curve, its order is/>
Step S12: the trusted center TA generates a random private key of the systemAccording to/>Computing the system public key
Step S13: generating the system disclosure parametersWherein/>A hash algorithm for SM3 passwords;
step S2: the method comprises the steps that a pair of first part public keys and first part private keys are generated by a vehicle networking terminal or a road side unit, and the first part public keys and the pseudonymous identity information are used as registration information to be sent to the trusted center TA for registration, and specifically comprises the following steps:
Step S21: the Internet of vehicles terminal or road side unit Random number selection/>As its first partial private key, wherein,Represents an integer according to/>Calculate its first partial public key/>
Step S22: the Internet of vehicles terminal or road side unitRandom number selection/>Generating a pseudonymous identityWherein/>For the Internet of vehicles terminal or road side unit/>Identity information of (a);
Step S23: will register information Sending the message to the trusted center TA for registration;
step S3: after receiving the registration information, the trusted center TA generates a pair of a second part public key and a second part private key for the registration information, and forwards the second part public key and the second part private key to the internet of vehicles terminal or the road side unit, and stores the registration information, and specifically includes:
step S31: the trusted center TA receives the registration information After that, calculateWherein/>、/>、/>And/>Respectively represent point G and point/>Is the abscissa and ordinate of (1)/>Expressed by/>Converted into two bytes of bit length,/>Representing an SM3 cryptographic hash algorithm;
step S32: selecting random numbers And calculate/>, respectively、/>And; Wherein/>As a second partial public key,/>As a second partial private key;
Step S33: will be Forwarding to the internet of vehicles terminal or road side unit/>
Step S4: the internet of vehicles terminal or road side unit generates a public-private key pair of the internet of vehicles terminal or road side unit according to the first part public key and the first part private key and the second part public key and the second part private key, and specifically comprises:
the Internet of vehicles terminal or road side unit According to/>Whether or not it is true to check the received/>Whether or not it is correct, if so, calculate/>As its private key,/>As its public key, the Internet of vehicles terminal/road side unit/>, is formedPublic-private key pair/>
Step S5: the Internet of vehicles terminal or road side unit carries out two-way identity authentication with other Internet of vehicles terminals or road side units according to public and private keys of the Internet of vehicles terminal or road side unit, and specifically comprises the following steps:
step S51: the Internet of vehicles terminal or road side unit Its pseudonymous identity information/>Public key/>First part public keyAnd second partial public key/>Send to other car networking terminals or road side units/>Carrying out an identity authentication request;
Step S52: the Internet of vehicles terminal or road side unit Responding to the identity authentication request and pseudonymizing the identity informationPublic key/>First part public key/>And second partial public key/>And sending the information to the Internet of vehicles terminal or road side unit/>
Step S53: the Internet of vehicles terminal or road side unitGenerating random number/>And send to the internet of vehicles terminal or road side unit/>Performing a challenge;
Step S54: the Internet of vehicles terminal or road side unit Receive/>The private key of the key is used later/>Signing it, generating/>Signature value/>And returns to the Internet of vehicles terminal or road side unit/>Wherein/>The calculation mode of (2) is as follows:
Step S541: the Internet of vehicles terminal or road side unit And (3) calculating:
Put/> Calculation/>
Step S542: selecting random numbersCalculation/>、/>AndThereby obtaining/>Signature value/>
Step S55: the Internet of vehicles terminal or road side unitReceive/>Signature value/>And then carrying out signature verification, wherein the verification process is as follows:
Step S551: the Internet of vehicles terminal or road side unit Inspection/>Whether or not the verification is established, if not, the verification is not passed, and if established, the process goes to step S552;
Step S552: calculation of Put/>Calculation of,/>And/>If/>The verification is not passed, otherwise it goes to step S553;
step S553: calculating elliptic curve points And/>; Verify equation/>Whether the vehicle networking terminal and the road side unit are equal, if so, the vehicle networking terminal and the road side unit are equalFor the Internet of vehicles terminal/road side unit/>If the identity authentication passes, the authentication fails;
Step S56: the Internet of vehicles terminal or road side unit Generating random number/>For the Internet of vehicles terminal or road side unit/>Initiating a challenge;
Step S57: the Internet of vehicles terminal or road side unit Receive/>Then signs it to obtain the signature value/>And returns to the Internet of vehicles terminal or road side unit/>
Step S58: the Internet of vehicles terminal or road side unitReceipt of the signature value/>Then, signature verification is carried out, and the verification equation/>If the vehicle networking terminal and the road side unit are equal, if the vehicle networking terminal and the road side unit are not equal, verification fails, and if the vehicle networking terminal and the road side unit are equal, the vehicle networking terminal and the road side unit are equalFor the Internet of vehicles terminal/road side unit/>The identity authentication of the two parties is passed, thereby realizing the bidirectional identity authentication of the two parties.
2. The system for authenticating the vehicle networking terminal based on SM2 certificate-free is characterized by comprising the following modules:
the initialization module is configured to generate, by a trusted center TA, a system public parameter, a pair of system public keys, and a system private key, disclose the system public parameter and the system public key, and secret-store the system private key, and specifically includes:
Step S11: the trusted center TA generates prime numbers And defined in finite field/>Elliptic curve/>
Wherein the equation of the elliptic curve is,/>Is a prime number greater than 3,/>And/>Is thatFor defining/>An elliptic curve/>,/>Is the base point of the elliptic curve, its order is/>
Step S12: the trusted center TA generates a random private key of the systemAccording to/>Computing the system public key
Step S13: generating the system disclosure parametersWherein/>A hash algorithm for SM3 passwords;
the first part public-private key pair generating module is used for generating a pair of a first part public key and a first part private key by the vehicle networking terminal or the road side unit, and sending the first part public key and the pseudonymous identity information as registration information to the trusted center TA for registration, and specifically comprises the following steps:
Step S21: the Internet of vehicles terminal or road side unit Random number selection/>As its first partial private key, wherein,Represents an integer according to/>Calculate its first partial public key/>
Step S22: the Internet of vehicles terminal or road side unitRandom number selection/>Generating a pseudonymous identityWherein/>For the Internet of vehicles terminal or road side unit/>Identity information of (a);
Step S23: will register information Sending the message to the trusted center TA for registration;
The second part public-private key pair generating module is configured to generate a pair of a second part public key and a second part private key for the trusted center TA after receiving the registration information, and forward the second part public key and the second part private key to the internet of vehicles terminal or the road side unit, and store the registration information, and specifically includes:
step S31: the trusted center TA receives the registration information After that, calculateWherein/>、/>、/>And/>Respectively represent point G and point/>Is the abscissa and ordinate of (1)/>Expressed by/>Converted into two bytes of bit length,/>Representing an SM3 cryptographic hash algorithm;
step S32: selecting random numbers And calculate/>, respectively、/>And; Wherein/>As a second partial public key,/>As a second partial private key;
Step S33: will be Forwarding to the internet of vehicles terminal or road side unit/>
The public-private key pair generation module of the internet of vehicles terminal or the road side unit is used for the internet of vehicles terminal or the road side unit to generate the public-private key pair of the internet of vehicles terminal or the road side unit according to the first part public key and the first part private key and the second part public key and the second part private key, and specifically comprises the following steps:
the Internet of vehicles terminal or road side unit According to/>Whether or not it is true to check the received/>Whether or not it is correct, if so, calculate/>As its private key,/>As its public key, the Internet of vehicles terminal/road side unit/>, is formedPublic-private key pair/>
The two-way identity authentication module is used for the two-way identity authentication of the vehicle networking terminal or the road side unit and other vehicle networking terminals or road side units according to public and private keys of the vehicle networking terminal or the road side unit, and specifically comprises the following steps:
step S51: the Internet of vehicles terminal or road side unit Its pseudonymous identity information/>Public key/>First part public keyAnd second partial public key/>Send to other car networking terminals or road side units/>Carrying out an identity authentication request;
Step S52: the Internet of vehicles terminal or road side unit Responding to the identity authentication request and pseudonymizing the identity informationPublic key/>First part public key/>And second partial public key/>And sending the information to the Internet of vehicles terminal or road side unit/>
Step S53: the Internet of vehicles terminal or road side unitGenerating random number/>And send to the internet of vehicles terminal or road side unit/>Performing a challenge;
Step S54: the Internet of vehicles terminal or road side unit Receive/>The private key of the key is used later/>Signing it, generating/>Signature value/>And returns to the Internet of vehicles terminal or road side unit/>Wherein/>The calculation mode of (2) is as follows:
Step S541: the Internet of vehicles terminal or road side unit And (3) calculating:
Put/> Calculation/>
Step S542: selecting random numbersCalculation/>、/>And/>Thereby obtaining/>Signature value/>
Step S55: the Internet of vehicles terminal or road side unitReceive/>Signature value/>And then carrying out signature verification, wherein the verification process is as follows:
Step S551: the Internet of vehicles terminal or road side unit Inspection/>Whether or not the verification is established, if not, the verification is not passed, and if established, the process goes to step S552;
Step S552: calculation of Put/>Calculation of,/>And/>If/>The verification is not passed, otherwise it goes to step S553;
step S553: calculating elliptic curve points And/>; Verify equation/>Whether the vehicle networking terminal and the road side unit are equal, if so, the vehicle networking terminal and the road side unit are equalFor the Internet of vehicles terminal/road side unit/>If the identity authentication passes, the authentication fails;
Step S56: the Internet of vehicles terminal or road side unit Generating random number/>For the Internet of vehicles terminal or road side unit/>Initiating a challenge;
Step S57: the Internet of vehicles terminal or road side unit Receive/>Then signs it to obtain the signature value/>And returns to the Internet of vehicles terminal or road side unit/>
Step S58: the Internet of vehicles terminal or road side unitReceipt of the signature value/>Then, signature verification is carried out, and the verification equation/>If the vehicle networking terminal and the road side unit are equal, if the vehicle networking terminal and the road side unit are not equal, verification fails, and if the vehicle networking terminal and the road side unit are equal, the vehicle networking terminal and the road side unit are equalFor the Internet of vehicles terminal/road side unit/>The identity authentication of the two parties is passed, thereby realizing the bidirectional identity authentication of the two parties.
CN202311138268.7A 2023-09-05 2023-09-05 SM2 certificate-free internet of vehicles terminal authentication method and system Active CN117041961B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311138268.7A CN117041961B (en) 2023-09-05 2023-09-05 SM2 certificate-free internet of vehicles terminal authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311138268.7A CN117041961B (en) 2023-09-05 2023-09-05 SM2 certificate-free internet of vehicles terminal authentication method and system

Publications (2)

Publication Number Publication Date
CN117041961A CN117041961A (en) 2023-11-10
CN117041961B true CN117041961B (en) 2024-06-11

Family

ID=88631810

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311138268.7A Active CN117041961B (en) 2023-09-05 2023-09-05 SM2 certificate-free internet of vehicles terminal authentication method and system

Country Status (1)

Country Link
CN (1) CN117041961B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117614624A (en) * 2023-12-21 2024-02-27 长春大学 Identity authentication security trust method based on key agreement in Internet of vehicles

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2951949A1 (en) * 2013-01-29 2015-12-09 Certicom Corp. Modified sm2 elliptic curve signature algorithm supporting message recovery
CN109600224A (en) * 2018-11-06 2019-04-09 卓望数码技术(深圳)有限公司 A kind of SM2 key generation, endorsement method, terminal, server and storage medium
CN109922475A (en) * 2019-04-19 2019-06-21 郑州轻工业学院 Vehicle authentication and message verification method under In-vehicle networking environment
CN114154135A (en) * 2022-02-07 2022-03-08 南京理工大学 Internet of vehicles communication security authentication method, system and equipment based on state cryptographic algorithm
CN114584976A (en) * 2022-03-29 2022-06-03 东北大学 Internet of vehicles identity authentication system and method based on certificateless aggregated signature
WO2022133949A1 (en) * 2020-12-24 2022-06-30 华为技术有限公司 Secure access method and device
CN115002759A (en) * 2022-06-14 2022-09-02 北京电子科技学院 Cloud collaborative signature system and method based on cryptographic algorithm

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102412971B (en) * 2011-11-30 2015-04-29 西安西电捷通无线网络通信股份有限公司 SM2 key exchange protocol based key agreement method and device
CN103427997B (en) * 2013-08-16 2016-06-22 西安西电捷通无线网络通信股份有限公司 A kind of method generating digital signature and device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2951949A1 (en) * 2013-01-29 2015-12-09 Certicom Corp. Modified sm2 elliptic curve signature algorithm supporting message recovery
CN109600224A (en) * 2018-11-06 2019-04-09 卓望数码技术(深圳)有限公司 A kind of SM2 key generation, endorsement method, terminal, server and storage medium
CN109922475A (en) * 2019-04-19 2019-06-21 郑州轻工业学院 Vehicle authentication and message verification method under In-vehicle networking environment
WO2022133949A1 (en) * 2020-12-24 2022-06-30 华为技术有限公司 Secure access method and device
CN114154135A (en) * 2022-02-07 2022-03-08 南京理工大学 Internet of vehicles communication security authentication method, system and equipment based on state cryptographic algorithm
WO2023147785A1 (en) * 2022-02-07 2023-08-10 南京理工大学 Internet-of-vehicles communication security authentication method, system and device based on national cryptographic algorithm
CN114584976A (en) * 2022-03-29 2022-06-03 东北大学 Internet of vehicles identity authentication system and method based on certificateless aggregated signature
CN115002759A (en) * 2022-06-14 2022-09-02 北京电子科技学院 Cloud collaborative signature system and method based on cryptographic algorithm

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
A Secure And High Concurrency SM2 Cooperative Signature Algorithm For Mobile Network;Wenfei Qian,Pingjian Wang,etc.;《2021 17th International Conference on Mobility, Sensing and Networking (MSN)》;20220413;818-824 *
Design and Implementation of a Cloud-based Collaborative Signature System for Two Parties Based on SM2;Shengwei Xu,Ye Deng,etc.;《2023 3rd International Symposium on Computer Technology and Information Science (ISCTIS)》;20230816;889-895 *
Fan Ding ; Yihong Long ; Peili Wu.Study on Secret Sharing for SM2 Digital Signature and Its Application.《2018 14th International Conference on Computational Intelligence and Security (CIS)》.2018,205-209. *
V2X通信中基于椭圆曲线加密算法的身份认证研究;章嘉彦;李飞;李如翔;李亚林;宋佳琦;周启扬;;汽车工程;20200121(01);全文 *
丘敬云 ; 吴祥晨,等.国密SM2、SM4混合算法在车联网中的应用研究.《CNKI-仪器仪表用户》.2023,9-12. *
许盛伟 ; 邓烨 ; 田宇.基于SM2的云端双方协同签名方案设计与应用.《CNKI-北京电子科技学院学报》.2023,1-8. *

Also Published As

Publication number Publication date
CN117041961A (en) 2023-11-10

Similar Documents

Publication Publication Date Title
CN109687976B (en) Motorcade building and managing method and system based on block chain and PKI authentication mechanism
WO2022105565A1 (en) Cross-chain blockchain communication method and apparatus
CN110912708B (en) Ring signature generation method based on SM9 digital signature algorithm
CN110247757B (en) Block chain processing method, device and system based on cryptographic algorithm
CN108551392B (en) Blind signature generation method and system based on SM9 digital signature
Toorani et al. LPKI-a lightweight public key infrastructure for the mobile environments
CN108989054B (en) Cipher system and digital signature method
Han et al. eCLAS: An efficient pairing-free certificateless aggregate signature for secure VANET communication
CN108989050A (en) A kind of certificateless digital signature method
CN110601859B (en) Certificateless public key cryptographic signature method based on 25519 elliptic curve
US20210152370A1 (en) Digital signature method, device, and system
TWI608722B (en) Public key certificate method
CN113300836B (en) Vehicle-mounted network message authentication method and system based on block chain and ECC
CN102546173B (en) Digital signature system and signature method based on certificate
CN117041961B (en) SM2 certificate-free internet of vehicles terminal authentication method and system
Li et al. Practical deniable authentication for pervasive computing environments
CN115834056A (en) Certificateless ordered aggregation signature method, certificateless ordered aggregation signature system and related devices
CN115484033A (en) PMU power system communication method based on state cryptographic algorithm
CN112564923B (en) Certificateless-based secure network connection handshake method
CN111669275B (en) Master-slave cooperative signature method capable of selecting slave nodes in wireless network environment
CN104579661A (en) Identity-based electronic signature implementation method and device
CN114285576B (en) Non-opposite online and offline signcryption method
Bindel et al. The need for being explicit: Failed attempts to construct implicit certificates from lattices
CN115001673A (en) Key processing method, device and system based on unified multi-domain identifier
Kiyomoto et al. Anonymous attribute authentication scheme using self-blindable certificates

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant