CN105871831A - Data fragmenting and downloading service method in vehicular network - Google Patents
Data fragmenting and downloading service method in vehicular network Download PDFInfo
- Publication number
- CN105871831A CN105871831A CN201610184747.6A CN201610184747A CN105871831A CN 105871831 A CN105871831 A CN 105871831A CN 201610184747 A CN201610184747 A CN 201610184747A CN 105871831 A CN105871831 A CN 105871831A
- Authority
- CN
- China
- Prior art keywords
- vehicle
- rsu
- nsp
- service
- navigation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 80
- 238000013467 fragmentation Methods 0.000 claims abstract description 16
- 238000006062 fragmentation reaction Methods 0.000 claims abstract description 16
- 230000008569 process Effects 0.000 claims description 54
- 230000008859 change Effects 0.000 claims description 8
- 125000004122 cyclic group Chemical group 0.000 claims description 3
- 230000006870 function Effects 0.000 claims description 3
- 238000013507 mapping Methods 0.000 claims description 3
- 230000006399 behavior Effects 0.000 claims 3
- 230000006854 communication Effects 0.000 abstract description 8
- 238000004891 communication Methods 0.000 abstract description 7
- FFBHFFJDDLITSX-UHFFFAOYSA-N benzyl N-[2-hydroxy-4-(3-oxomorpholin-4-yl)phenyl]carbamate Chemical compound OC1=C(NC(=O)OCC2=CC=CC=C2)C=CC(=C1)N1CCOCC1=O FFBHFFJDDLITSX-UHFFFAOYSA-N 0.000 description 7
- 239000012634 fragment Substances 0.000 description 7
- 230000004913 activation Effects 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 5
- 230000008520 organization Effects 0.000 description 3
- 238000011160 research Methods 0.000 description 3
- 229940047127 fiore Drugs 0.000 description 2
- 101000916489 Homo sapiens Chondroitin sulfate proteoglycan 4 Proteins 0.000 description 1
- 101000829725 Homo sapiens Phospholipid hydroperoxide glutathione peroxidase Proteins 0.000 description 1
- 101001056234 Homo sapiens Sperm mitochondrial-associated cysteine-rich protein Proteins 0.000 description 1
- 102100023410 Phospholipid hydroperoxide glutathione peroxidase Human genes 0.000 description 1
- 206010039203 Road traffic accident Diseases 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Traffic Control Systems (AREA)
- Navigation (AREA)
Abstract
本发明公开了一种车载网中数据分片下载服务方法,涉及车载网络通信安全领域,特别是一种车载网中基于RSU的安全和隐私保护的数据分片下载服务方法,具体包括以下步骤:系统初始化;请求匿名导航证书;获取导航路径;请求匿名云服务证书;车辆请求云分片服务;导航服务和云服务获取;路径拥塞通知和重新请求服务;真实身份的追踪八个步骤。本发明匿名导航证书和匿名云服务证书,使得车辆的真实身份与请求服务的证书无关;并且通过匿名导航证书获取行驶路径信息,根据行驶路径将下载服务进行分片,使得车辆能够在行驶过程中下载大文件,并且能够对攻击者隐藏自己的身份和行驶轨迹。本发具有较高的安全性、下载效率和较低的开销,适用于节点高速移动、拓扑结构易变和规模庞大的VANET网络。
The invention discloses a data segment download service method in a vehicle network, relates to the field of vehicle network communication security, in particular to a data segment download service method based on RSU security and privacy protection in a vehicle network, specifically comprising the following steps: System initialization; request for anonymous navigation certificate; obtain navigation path; request for anonymous cloud service certificate; vehicle requests cloud fragmentation service; navigation service and cloud service acquisition; route congestion notification and re-request service; real identity tracking eight steps. The anonymous navigation certificate and the anonymous cloud service certificate of the present invention make the real identity of the vehicle irrelevant to the certificate requesting the service; and the driving path information is obtained through the anonymous navigation certificate, and the download service is segmented according to the driving path, so that the vehicle can Download large files and be able to hide your identity and travel from attackers. The invention has high security, download efficiency and low overhead, and is suitable for VANET networks with high-speed movement of nodes, changeable topological structure and large scale.
Description
技术领域technical field
本发明涉及车载网络通信安全领域,特别是一种车载网中基于RSU的安全和隐私保护的数据分片下载服务方法。The invention relates to the field of vehicle network communication security, in particular to an RSU-based security and privacy protection data segment download service method in the vehicle network.
背景技术Background technique
目前车载娱乐及导航系统的市场已比较成熟。美国市场的车载信息娱乐系统主要包括远程信息娱乐系统和基于电子地图的导航系统;在日本,电子地图导航系统已经变成标准配置,例如,使用具有3D效果的地图和其他信息服务;在欧洲,有越来越多的导航仪和蓝牙无线电话生产厂商加入到这个产业链中来,并因此给后装市场带来了新的活力。Currently, the market for in-vehicle entertainment and navigation systems is relatively mature. In-vehicle infotainment systems in the US market mainly include remote infotainment systems and electronic map-based navigation systems; in Japan, electronic map navigation systems have become standard configurations, for example, using maps with 3D effects and other information services; in Europe, More and more manufacturers of navigators and bluetooth wireless phones have joined the industrial chain, which has brought new vitality to the aftermarket.
车载网(VANET)除在行驶安全,导航和智能交通方面表现良好,而且在娱乐、新闻、视频会议等在内的其它信息服务有更好的发展前景,已经成为一个研究热点。VANET的特点是自身移动速度快,连接断断续续,拓扑快速变化,但是相比于其它无线网分支,其供电能力、处理能力以及存储能力都不受太大的限制。汽车作为一个节点,在享受娱乐、新闻、文件下载等在内的信息服务时,下载和上传是运用比较频繁的一种技术,目前较为典型的方案算法如:VADD方案Delay-bounded算法、D&S方案、SADV方案、SPAWN方案等,但也只专注于车辆之间的小文件传输,对于大文件并不适用,也没有涉及到路边基础设施RSU的设置,以及RSU到车辆的文件传输,但是随着近些年路边基础设施(RSU接入点)的大规模部署,Trullols-Cruces等人对高速公路场景下的协助下载方法进行了研究,主要是利用同向行驶的车辆作为协助传输,来解决信息传输过程中的丢包问题,并利用相向行驶的车辆来传输,以增加传输的吞吐量。Fiore等人提出的协助下载方法主要考虑城市下载场景,是研究移动节点相遇机会来提高其数据传输率,车辆的速度和行驶路线等是其主要考虑的因素。该协助下载方法是通过分析交通流数据信息,部署合适的AP站点位置,再利用空闲AP预测车辆的行驶路线与请求车辆相遇的时刻,并且Fiore等人分析了不同协助车辆选择算法和数据分块方案。上述方案提供了下载方式,但并没有涉及下载时如何保护车辆的隐私。Vehicle Network (VANET) not only performs well in driving safety, navigation and intelligent transportation, but also has better development prospects in other information services including entertainment, news, video conferencing, etc., and has become a research hotspot. VANET is characterized by its fast moving speed, intermittent connection, and rapid topology changes. However, compared with other wireless network branches, its power supply capacity, processing capacity, and storage capacity are not too limited. As a node, when enjoying information services such as entertainment, news, and file downloads, downloading and uploading are frequently used technologies. At present, the typical scheme algorithms are: VADD scheme Delay-bounded algorithm, D&S scheme , SADV scheme, SPAWN scheme, etc., but they only focus on the transmission of small files between vehicles, and are not suitable for large files. With the large-scale deployment of roadside infrastructure (RSU access points) in recent years, Trullols-Cruces et al. conducted research on the assisted download method in the highway scene, mainly using vehicles traveling in the same direction as assisted transmission, to Solve the problem of packet loss in the process of information transmission, and use vehicles traveling in opposite directions to transmit to increase the throughput of transmission. The assisted downloading method proposed by Fiore et al. mainly considers the urban downloading scenario, and studies the encounter opportunities of mobile nodes to improve its data transmission rate. The speed and driving route of the vehicle are the main considerations. The assisted download method is to analyze the traffic flow data information, deploy the appropriate AP site location, and then use the idle AP to predict the vehicle's driving route and the moment when the requesting vehicle meets, and Fiore et al. analyzed different assisted vehicle selection algorithms and data block Program. The above solution provides a downloading method, but does not involve how to protect the privacy of the vehicle during downloading.
事实上,VANET的安全问题一直是一个研究的热点。Richard[11]总结了近年来VANET的安全问题和挑战。C.Zhang等人提出一个RSU辅助通信的方案,车辆可以依赖RSU验证其他车辆发送的消息。A.Wasef等人考虑了一个群通信方案,并提出了群密钥更新协议,但是秘要更新的代价相当的昂贵。在2009年,T.W Chim等人提出了一个新的方案SPECS(增加隐私保护和安全的交流方案),该方案定义了一个群交流协议。通过与RSU简单的握手协议,车辆在不需要RSU辅助的情况下,可以在群中其他任意的车辆。但是该方案却不能很好的抵制伪装攻击。R.J.Hwang等人提出基于身份加密的自我更新假名的方案,但是该方案的车辆撤销计算开销较大。上述的所有方法,都是强调如何在通信过程中如何保护隐私。本发明能够在下载数据的同时保护车辆的隐私,满足车载网的安全需求。In fact, the security of VANET has always been a research hotspot. Richard [11] summarizes the security issues and challenges of VANET in recent years. C. Zhang et al. proposed a RSU-assisted communication scheme, and vehicles can rely on RSU to verify messages sent by other vehicles. A.Wasef et al considered a group communication scheme and proposed a group key update protocol, but the cost of key update is quite expensive. In 2009, T.W Chim et al. proposed a new scheme SPECS (Communication Scheme for Enhanced Privacy Protection and Security), which defines a group communication protocol. Through a simple handshake protocol with the RSU, the vehicle can join any other vehicle in the group without the assistance of the RSU. However, this scheme cannot resist masquerading attacks very well. R.J.Hwang et al. proposed a self-updating pseudonym scheme based on identity encryption, but the vehicle revocation calculation cost of this scheme is relatively large. All the methods mentioned above emphasize how to protect privacy in the communication process. The invention can protect the privacy of the vehicle while downloading the data, and meets the safety requirement of the vehicle network.
本发明提出了一种车载网中数据分片下载服务方法,该发明能够通过RSU搜集有用的信息,对车辆进行导航服务,还能沿途进行大文件的下载服务。基于该发明,能够使车辆在行驶的途中进行大文件的下载,由于文件是预先根据行驶路径和时间,分段发送到到各个RSU,能够解决因为在某个RSU下载未完成,进入下个RSU下载,导致RSU重复下载备份而造成的存储空间浪费,并且在下载时使用匿名服务证书和假名,能够隐藏车辆的真实身份和车辆的行驶轨迹,但在出现有争议的消息时,却能够追踪到车辆的真实身份。The invention proposes a method for downloading data slices in a vehicle network. The invention can collect useful information through the RSU, provide navigation services for vehicles, and also provide download services for large files along the way. Based on this invention, it is possible to download large files while the vehicle is driving. Since the files are sent to each RSU segmented in advance according to the driving route and time, it can solve the problem of entering the next RSU because the download of a certain RSU is not completed. Downloading, which leads to waste of storage space caused by RSU repeatedly downloading backups, and using anonymous service certificates and pseudonyms when downloading, can hide the real identity of the vehicle and the vehicle's driving track, but it can be traced when there is a controversial message The true identity of the vehicle.
发明内容Contents of the invention
本发明的目的在于提供一种车载网中数据分片下载服务方法,以实现能够在网络受限的环境下进行大文件的下载,并且能够保护车辆的真实身份和行驶轨迹不被泄露,实现有条件的隐私保护。The purpose of the present invention is to provide a data segment download service method in the vehicle network, so as to realize the download of large files in a network-limited environment, and to protect the real identity and driving track of the vehicle from being leaked, so as to realize effective Conditional privacy protection.
为了解决以上技术问题,本发明采用匿名导航服务证书获取行驶路径,隐藏自己的真实身份,根据行驶路径对数据进行分片,车辆能够沿途下载文件,根据服务号获取服务,但发送消息时使用假名,从而隐藏了行驶轨迹。本发明提出的车载网中基于RSU的安全和隐私保护的数据分片下载服务方法具体技术方案如下步骤一,初始化系统:权威机构TA选取公共参数,为路边单元RSU,导航服务提供商NSP,云服务提供商CSP和车辆进行登记注册;In order to solve the above technical problems, the present invention uses an anonymous navigation service certificate to obtain the driving route, hides its true identity, divides the data according to the driving route, and the vehicle can download files along the way and obtain services according to the service number, but use pseudonyms when sending messages , thus hiding the driving trajectory. The specific technical scheme of the RSU-based security and privacy protection data segment download service method in the vehicle network proposed by the present invention is as follows: step 1, initializing the system: the authority TA selects public parameters for the roadside unit RSU, the navigation service provider NSP, Cloud service provider CSP and vehicle registration;
步骤二,请求匿名导航证书:车辆向TA请求匿名导航证书,TA认证车辆的身份,TA为车辆发放匿名导航证书,所述证书包含导航服务号,用于后期获取导航服务;Step 2, requesting an anonymous navigation certificate: the vehicle requests an anonymous navigation certificate from the TA, and the TA authenticates the identity of the vehicle, and the TA issues an anonymous navigation certificate to the vehicle, and the certificate includes a navigation service number, which is used to obtain the navigation service later;
步骤三,获取导航路径:NSP验证请求导航服务车辆的消息签名和匿名导航证书,然后NSP为车辆生成导航路径,所述生成导航路径特征在于路径可以根据车辆需求,计算时间优先的路径或者计算路程优先的路径;Step 3: Acquire the navigation route: NSP verifies the message signature and anonymous navigation certificate of the vehicle requesting the navigation service, and then the NSP generates a navigation route for the vehicle. The characteristic of the generated navigation route is that the route can calculate a time-prioritized route or a calculated distance according to the needs of the vehicle preferred path;
步骤四,请求匿名云服务证书:车辆向TA请求匿名云服务证书,TA认证车辆的身份,TA为车辆发放匿名云服务证书,所述证书包含云服务号,用于后期获取云服务;Step 4, requesting an anonymous cloud service certificate: the vehicle requests an anonymous cloud service certificate from TA, TA authenticates the identity of the vehicle, and TA issues an anonymous cloud service certificate to the vehicle, and the certificate contains a cloud service number, which is used to obtain cloud services later;
步骤五,车辆请求云分片服务:CSP验证请求云服务车辆的消息签名和匿名导航证书,然后CSP根据车辆的行驶路径,CSP对车辆请求的服务进行分片;Step 5, the vehicle requests cloud fragmentation service: CSP verifies the message signature and anonymous navigation certificate of the vehicle requesting cloud service, and then the CSP fragments the service requested by the vehicle according to the driving path of the vehicle;
步骤六,导航服务和云服务获取:车辆在行驶过程中根据服务号,获取所需的服务,所述服务特征在于车辆需要与RSU进行密钥协商,防止窃听攻击;Step 6, acquisition of navigation service and cloud service: the vehicle obtains the required service according to the service number during driving, and the service feature is that the vehicle needs to negotiate a key with the RSU to prevent eavesdropping attacks;
步骤七,路径拥塞通知和重新请求服务:路面状况发生变化时,RSU通知NSP路面发生的状况,NSP通过RSU通知车辆改变路径,车辆重新申请导航服务和云服务;Step 7, route congestion notification and re-request service: when the road condition changes, the RSU notifies the NSP of the road condition, and the NSP notifies the vehicle to change the route through the RSU, and the vehicle re-applies for the navigation service and cloud service;
步骤八,真实身份的追踪:出现消息争议时,权威机构根据消息追踪到车辆的真实身份,并将所述车辆身份撤销。Step 8, tracking of the real identity: when there is a message dispute, the authoritative organization will track the real identity of the vehicle according to the message and revoke the identity of the vehicle.
所述步骤一进一步具体为:Described step one is further specifically:
过程一,TA选择两个循环群G1和G2,一个Tate对映射e:G1×G1→G2;P是群G1的一个生成元;TA再选择3个安全的Hash函数H1,H3:{0,1}*→G1和和一个安全的加密算法Enck();Process 1, TA selects two cyclic groups G 1 and G 2 , a Tate pair mapping e:G 1 ×G 1 →G 2 ; P is a generator of group G 1 ; TA then selects three secure Hash functions H 1 ,H 3 :{0,1} * →G 1 and And a secure encryption algorithm Enck ();
过程二,TA选择一个随机参数s作为自己的主密钥和一对传统的公私钥对(SKTA,PKTA),并且TA计算出系统的公钥Ppub=sP,其中PKTA=SKTAP;TA公布系统参数(G1,G2,P,Ppub,H1,H2,H3,PKTA,Enck());Process 2, TA chooses a random parameter s as its own master key and a pair of traditional public-private key pair (SK TA , PK TA ), and TA calculates the public key P pub =sP of the system, where PK TA =SK TA P; TA publishes system parameters (G 1 , G 2 , P, P pub ,H 1 ,H 2 ,H 3 ,PK TA , Enck ());
过程三,在车辆注册时,TA给车辆Vi分配一个真实的身份RIDi∈G1和防篡改装置的激活码PWDi;TA也给车辆Vi分配一对传统公私钥其中 Process three, when the vehicle is registered, TA assigns a real identity RID i ∈ G 1 and the activation code PWD i of the anti-tampering device to the vehicle V i ; TA also assigns a pair of traditional public-private keys to the vehicle V i in
过程四,TA为每个RSUi选择一个随机数作为RSUi的私钥,并计算 作为RSUi的公钥,最后TA将私钥和RSUi的证书 安全的发送给RSUi,其中Ri=(RSUi‖Li),Li是RSUi的位置信息;Process 4, TA selects a random number for each RSU i as the private key of RSU i , and calculate As the public key of RSU i , finally TA sends the private key and certificates from RSU i Securely send to RSU i , where R i = (RSU i ∥ L i ), L i is the location information of RSU i ;
过程五,TA为NSP和CSP分别分发一对公私钥(SKNSP,PKNSP)、(SKCSP,PKCSP),其中PKNSP=SKNSPP,PKCSP=SKCSPP。Step 5: TA distributes a pair of public and private keys (SK NSP , PK NSP ) and (SK CSP , PK CSP ) to NSP and CSP respectively, where PK NSP =SK NSP P and PK CSP =SK CSP P.
3.根据权利要求1所述的一种车载网中数据分片下载服务方法,其特征在于所述步骤二进一步具体为:3. The data segment download service method in a kind of vehicle-mounted network according to claim 1, wherein said step 2 is further specifically:
过程一,车辆Vi进入RSUi时,Vi选择一个随机数r′,然后Vi通过RSUi将 发送给TA;其中,NAV是导航服务的标志,r′是用来防止攻击者收集信息,从而得到车辆经过的RSU;Process 1, when vehicle V i enters RSU i , V i selects a random number r′, and then V i passes RSU i Send it to TA; among them, NAV is the sign of the navigation service, and r′ is used to prevent the attacker from collecting information, so as to obtain the RSU of the vehicle passing by;
过程二,TA解密消息X,检查RIDi是否在撤销列表中。如果不在撤销列表中,TA为车辆发放匿名导航证书;TA为车辆Vi计算匿名导航证书 其中,T代表一个时间段,证书只有在该时间段中才有效,NumNAV是导航服务号,车辆只有根据导航服务号才能从RSU处获得导航;然后,TA通过RSUi发送给车辆Vi;Process 2: TA decrypts message X and checks whether RID i is in the revocation list. If not in the revocation list, TA issues an anonymous navigation certificate for the vehicle; TA calculates an anonymous navigation certificate for the vehicle V i Among them, T represents a period of time, the certificate is only valid during this period of time, Num NAV is the navigation service number, and the vehicle can obtain navigation from RSU only according to the navigation service number; then, TA sends it through RSU i to vehicle V i ;
根据上述步骤,能知该导航证书中不包含车辆Vi的任何信息,所以证书是匿名的。According to the above steps, it can be known that the navigation certificate does not contain any information of the vehicle V i , so the certificate is anonymous.
所述步骤三进一步具体为:The third step is further specifically:
过程一,当启动车辆时,驾驶员需要输入RIDi和PWDi激活防篡改装置,如果身份没有被撤销,并且激活码是正确的,那么防篡改装置激活成功,否则防篡改装置将停止进一步的操作;Process one, when starting the vehicle, the driver needs to input RID i and PWD i to activate the anti-tampering device, if the identity has not been revoked and the activation code is correct, then the activation of the anti-tampering device is successful, otherwise the anti-tampering device will stop further operate;
过程二,防篡改装置为车辆Vi生成假名和签名私钥;假名IDi包含两个部分其中r是一个随机数,签名私钥 Process 2, the anti-tampering device generates a pseudonym and signature private key for the vehicle V i ; the pseudonym ID i consists of two parts in r is a random number, the signature private key
过程三,车辆Vi生成导航路径请求消息:首先,车辆Vi生成起点和终点消息MNAV=(Start,Dest),其中Start是出发地,Dest是目的地;然后Vi对该消息进行签名,计算hi=H2(MNAV)和T=H3(Ppub),那么生成签名接着,Vi选择一个随机数计算和ψNSP=aPKNSP。最后,车辆Vi通过RSUi发送导航路径请求消息 EncψNSP(MNAV,IDi,δi,CN)>给NSP;Process three, the vehicle V i generates a navigation route request message: first, the vehicle V i generates a start and end point message M NAV = (Start, Dest), where Start is the starting point and Dest is the destination; then V i signs the message , calculate h i =H 2 (M NAV ) and T=H 3 (P pub ), then generate the signature Next, V i chooses a random number calculate and ψ NSP = aPK NSP . Finally, vehicle V i sends a navigation route request message through RSU i Enc ψNSP (M NAV ,ID i ,δ i ,C N )> to NSP;
假设RSU每隔一段时间向NSP报告路面状况,包括路面的拥塞程度、车辆行驶速度和车辆密度;Assume that RSU reports road conditions to NSP at regular intervals, including road congestion, vehicle speed and vehicle density;
过程四,当NSP接收到请求消息Y时,NSP计算然后NSP根据ψ'NSP解密消息Y,分别得到MNAV,IDi,δi和CN;首先,NSP验证CN的有效性,如果有效,再验证签名的正确性:Process 4, when NSP receives request message Y, NSP calculates Then NSP decrypts the message Y according to ψ' NSP , and obtains M NAV , ID i , δ i and C N respectively; first, NSP verifies the validity of C N , and if it is valid, then verifies the correctness of the signature:
证明正确性:计算hi=H2(MNAV),T=H3(Ppub)和 Proof of correctness: Compute h i =H 2 (M NAV ), T = H 3 (P pub ) and
当消息比较多时,我们也可以执行批量认证:计算 T=H3(Ppub)和 When there are many messages, we can also perform batch authentication: calculate T=H 3 (P pub ) and
过程五,如果签名是有效的,NSP为车辆Vi生成导航路径;根据MNAV可知出发地和目的地,NSP能得到从出发地到目的地的各种路径;对每一段公路进行赋值,每一段路的权值Wi=α*l+(1-α)*t,其中l是公路的长度,假设设置单位为千米;t是经过这段公路需要的时间,是根据公路长度l和公路上车辆行驶速度得出,假设设置单位是分钟;α是路程所占比重,如果α越小说明权值中时间所占比例越大;Process 5, if the signature is valid, NSP generates a navigation path for vehicle V i ; the origin and destination can be known according to M NAV , and NSP can obtain various paths from the origin to the destination; The weight W i of a section of road = α*l+(1-α)*t, where l is the length of the road, assuming that the setting unit is kilometers; t is the time required to pass through this section of road, based on the length of the road l and the road It is obtained from the driving speed of the vehicle on board, assuming that the setting unit is minutes; α is the proportion of the distance, if α is smaller, the proportion of time in the weight is greater;
接下来,NSP给α设置几个不同的值,根据Dijkstra算法,得到相应的路径;当α设置为0时,所得路径就是耗时最短的,当α为1时,所得路径就是路程最短的;Next, NSP sets several different values for α, and obtains the corresponding path according to the Dijkstra algorithm; when α is set to 0, the obtained path is the shortest time-consuming path; when α is 1, the obtained path is the shortest distance;
最后,NSP将这几条路径签名加上随机数NNSP并通过ψ′NSP加密返还给车辆Vi,路径信息中包括<(Li,ti)(1≤i≤n),ls,ts>,Li是需要经过RSU的位置,ti是经过该RSU需要的时间,n是需要经过RSU的数量,ls是总的行驶路程,ts是总的行驶时间;Finally, the NSP adds the random number N NSP to these path signatures and returns them to the vehicle V i through ψ′ NSP encryption. The path information includes <(L i ,t i )(1≤i≤n),l s , t s >, L i is the location that needs to pass through the RSU, t i is the time required to pass through the RSU, n is the number of RSUs that need to pass through, l s is the total travel distance, and t s is the total travel time;
过程六,车辆Vi接受到导航路径消息后,Vi用ψNSP进行解密,Vi得到相应的几条导航路径,Vi选择其中一条作为自己的行驶路径后加上随机数NNSP,并通过ψNSP加密返回给NSP;Process 6: After the vehicle V i receives the navigation route message, V i decrypts it with ψ NSP , and Vi obtains several corresponding navigation routes, and V i selects one of them as its driving route, adds a random number N NSP , and Encrypted by ψ NSP and returned to NSP;
过程七,NSP接收到消息后解密,获得车辆Vi选择的行驶路径后;NSP通过安全的网络发送给途径的每个RSU一个导航信息,导航信息包括<Route,RSUnext,NumNAV>,其中Route是经过每个RSU道路信息,RSUnext是到达的下一个RSU信息。Process 7: NSP decrypts the message after receiving the message, and obtains the driving route selected by vehicle V i ; NSP sends a navigation information to each RSU on the route through a secure network, and the navigation information includes <Route,RSU next ,Num NAV >, where Route is the road information of each RSU, and RSU next is the information of the next RSU to arrive.
所述步骤四进一步具体为:The fourth step is further specifically:
与请求匿名导航证书相似,执行以下协议步骤:Similar to requesting an anonymous navigation certificate, the following protocol steps are performed:
过程一,车辆Vi选择一个随机数r"通过RSUi将发送给TA;CSTO是云服务的标志;r"是用来防止攻击者收集信息,从而得到车辆经过的RSU;Process 1, the vehicle V i selects a random number r" through the RSU i to Send it to TA; CSTO is the symbol of cloud service; r" is used to prevent attackers from collecting information, so as to obtain the RSU of vehicles passing by;
过程二,TA为该服务选取一个云服务号NumCSTO,并为车辆Vi计算匿名云服务证书然后,TA通过RSUi发送给车辆Vi。Process 2: TA selects a cloud service number Num CSTO for the service, and calculates an anonymous cloud service certificate for vehicle V i Then, TA sends through RSU i Give the vehicle V i .
所述步骤五进一步具体为:The fifth step is further specifically:
当车辆行驶在道路上时,车辆临时需要下载大数据,我们执行如下步骤,进行数据下载:When the vehicle is driving on the road, the vehicle needs to download big data temporarily. We perform the following steps to download the data:
过程一,防篡改装置为车辆Vi生成假名和签名私钥;假名IDi包含两个部分其中r是一个随机数,签名私钥 Process 1, the anti-tampering device generates a pseudonym and signature private key for the vehicle V i ; the pseudonym ID i consists of two parts in r is a random number, the signature private key
过程二,车辆生成云服务请求:首先,车辆Vi生成请求数据消息MCSP,然后Vi对该消息进行签名,计算hi=H2(MCSP)和T=H3(Ppub),那么生成签名接着,Vi选择一个随机数计算和ψCSP=bPKCSP;最后,车辆Vi通过RSUi发送导航路径请求消息给CSP; Stop是指车辆在途中可能停留的信息;Process 2, the vehicle generates a cloud service request: first, the vehicle V i generates a request data message MCSP , then V i signs the message, and calculates h i =H 2 (M CSP ) and T=H 3 (P pub ), Then generate the signature Next, V i chooses a random number calculate and ψ CSP = bPK CSP ; finally, vehicle V i sends a navigation path request message through RSU i to CSP; Stop refers to the information that the vehicle may stop on the way;
过程三,当NSP接收到请求消息Z时,CSP计算然后CSP根据ψ′NSP解密消息Z,分别得到MCSP,IDi,δi,CCSTO;首先,CSP验证CCSTO的有效性,如果有效,再验证签名的正确性;Process three, when the NSP receives the request message Z, the CSP calculates Then the CSP decrypts the message Z according to ψ′ NSP , and obtains M CSP , ID i , δ i , C CSTO ; First, CSP verifies the validity of C CSTO , and if it is valid, then verifies the correctness of the signature;
过程四,如果签名是有效的,CSP为车辆Vi进行分片服务;首先,CSP查看车辆Vi的当前位置,由转发消息的RSU可知,然后,根据可知车辆经过哪些RSU以及在RSU内行驶的时间和停留时间,因此,CSP将Vi请求的数据进行分片,保证在正常情况下每个分片在每个RSU内能够发送给Vi;CSP将每个分片进行加密,然后将加密数据和云服务号通过安全的网络传递给每个RSU;Process 4, if the signature is valid, the CSP provides fragmentation services for the vehicle V i ; first, the CSP checks the current location of the vehicle V i , which can be known from the RSU that forwards the message, and then, according to It can be known which RSUs the vehicle has passed and the time and stay time in the RSU. Therefore, the CSP fragments the data requested by V i to ensure that each fragment can be sent to V i in each RSU under normal circumstances; CSP Encrypt each shard, and then pass the encrypted data and cloud service number to each RSU through a secure network;
过程五,CSP同时也将加密分片的密钥k发送给车辆Vi。In process five, the CSP also sends the key k of the encrypted segment to the vehicle V i .
所述步骤六进一步具体为:Said step six is further specifically:
获得导航路径和云分片服务后,车辆在RSU处获取导航和下载服务:After obtaining the navigation path and cloud slice service, the vehicle obtains the navigation and download service at the RSU:
过程一,RSUi每隔一段时间进行一次证书广播,例如5s一次;Process 1, RSU i conducts a certificate every once in a while Broadcast, for example, once every 5s;
过程二,Vi选择一个随机数计算和车辆Vi向RSUi发送导航请求消息rNAV是个随机数;同样Vi也可以向RSUi发送下载请求消息 Process 2, V i chooses a random number calculate and Vehicle V i sends a navigation request message to RSU i r NAV is a random number; similarly, V i can also send a download request message to RSU i
过程三,RSUi接收到请求消息,计算进行解密,获取请求内容;然后,RSUi根据导航服务号,将到达下一个RSU的前进路线发送给Vi,内容用进行加密;同样,根据云服务号,将下载数据发送给Vi并附带上随机数rCSTO;Process three, RSU i receives the request message, and calculates Decrypt to obtain the request content; then, RSU i sends the forward route to the next RSU to V i according to the navigation service number, and the content is in Encrypt; similarly, according to the cloud service number, send the downloaded data to V i with the random number r CSTO attached;
其他车辆获得消息后不能解密该消息,所以这些消息对于其他车辆是没有任何作用的,根据附带的随机数,车辆可以获知该消息是否是自己的请求消息。After other vehicles obtain the message, they cannot decrypt the message, so these messages have no effect on other vehicles. According to the attached random number, the vehicle can know whether the message is its own request message.
所述步骤七进一步具体为:Said step seven is further specifically:
当路面发生重大的变化时,即路面突然堵塞或发生交通事故,需要通知车辆,对行驶路径做出改动;When there is a major change in the road surface, that is, the road surface is suddenly blocked or a traffic accident occurs, the vehicle needs to be notified to make changes to the driving route;
过程一,发生状况的RSU通知NSP,NSP通知路径中含有该RSU的其他所有RSU,然后NSP发送路径导航服务号给RSU;Process 1, the RSU that has a situation notifies the NSP, and the NSP notifies all other RSUs that include the RSU in the path, and then the NSP sends the route navigation service number to the RSU;
过程二,RSU检测到使用该导航服务号进行导航的车辆,并通知该车辆路面发生的状况;Process 2: RSU detects the vehicle using the navigation service number for navigation, and notifies the vehicle of the road conditions;
过程三,车辆验证该消息是否来自于RSU,如果来自RSU,车辆重新申请导航服务,寻找新的路径;Process 3, the vehicle verifies whether the message comes from RSU, if it comes from RSU, the vehicle re-applies for navigation service and finds a new path;
过程四,车辆通过RSU通知云服务提供商,云服务提供商根据云服务号查找出服务的RSU,等待一定时间后通知RSU,可以删除该存储,回收存储空间,车辆需要根据新的导航路径重新申请云服务。Process 4. The vehicle notifies the cloud service provider through the RSU. The cloud service provider finds out the service RSU according to the cloud service number, and notifies the RSU after waiting for a certain period of time. The storage can be deleted, and the storage space can be recovered. The vehicle needs to restart according to the new navigation path. Apply for cloud services.
所述步骤八进一步具体为:The eighth step is further specifically:
过程一,根据车辆的假名和系统主密钥s,TA可以计算出车辆的真实身份从此,车辆不能获取任何服务;正确性证明如下: Process 1, according to the pseudonym of the vehicle and the system master key s, TA can calculate the real identity of the vehicle From then on, the vehicle cannot access any services; the proof of correctness is as follows:
附图说明Description of drawings
图1为本发明实施例提供的车载网中基于RSU的安全和隐私保护的数据分片下载服务方法的流程图。FIG. 1 is a flow chart of a data segment download service method based on RSU security and privacy protection in a vehicle network provided by an embodiment of the present invention.
图2为本发明实施例提供的请求匿名导航证书的流程图。Fig. 2 is a flow chart of requesting an anonymous navigation certificate provided by an embodiment of the present invention.
图3为本发明实施例提供的获取导航路径的流程图。FIG. 3 is a flow chart of obtaining a navigation route provided by an embodiment of the present invention.
图4为本发明实施例提供的获取导航和云服务的流程图。Fig. 4 is a flow chart of obtaining navigation and cloud services provided by an embodiment of the present invention.
图5为本发明实施例提供的路径拥塞通知和重新请求服务的流程图。FIG. 5 is a flowchart of path congestion notification and re-request services provided by an embodiment of the present invention.
具体实施方式detailed description
如图1所示,本发明的通信方法共有8个步骤,分别为:As shown in Figure 1, the communication method of the present invention has 8 steps in total, which are respectively:
1)初始化系统:TA选取公共参数,为RSU,NSP,CSP和车辆进行登记注册;1) Initialization system: TA selects public parameters and registers RSU, NSP, CSP and vehicles;
2)请求匿名导航证书:车辆向TA请求匿名导航证书,TA认证车辆的身份,TA为车辆发放匿名导航证书;2) Request an anonymous navigation certificate: the vehicle requests an anonymous navigation certificate from TA, TA authenticates the identity of the vehicle, and TA issues an anonymous navigation certificate to the vehicle;
3)获取导航路径:NSP验证请求导航服务车辆的消息签名和匿名导航证书,然后NSP为车辆生成导航路径;3) Get the navigation path: NSP verifies the message signature and anonymous navigation certificate of the vehicle requesting the navigation service, and then NSP generates the navigation path for the vehicle;
4)请求匿名云服务证书:车辆向TA请求匿名云服务证书,TA认证车辆的身份,TA为车辆发放匿名云服务证书;4) Request an anonymous cloud service certificate: the vehicle requests an anonymous cloud service certificate from TA, TA authenticates the identity of the vehicle, and TA issues an anonymous cloud service certificate to the vehicle;
5)车辆请求云分片服务:CSP验证请求云服务车辆的消息签名和匿名导航证书,然后CSP根据车辆的行驶路径,CSP对车辆请求的服务进行分片;5) The vehicle requests cloud fragmentation service: CSP verifies the message signature and anonymous navigation certificate of the vehicle requesting cloud service, and then the CSP fragments the service requested by the vehicle according to the driving path of the vehicle;
6)导航服务和云服务获取:车辆在行驶过程中根据服务号,获取所需的服务;6) Acquisition of navigation service and cloud service: the vehicle obtains the required service according to the service number during driving;
7)路径拥塞通知和重新请求服务:路面状况发生变化时,RSU通知NSP路面发生的状况,NSP通过RSU通知车辆改变路径,车辆重新申请导航服务和云服务;7) Path congestion notification and re-request service: When the road conditions change, the RSU notifies the NSP of the road conditions, and the NSP notifies the vehicle to change the route through the RSU, and the vehicle re-applies for navigation services and cloud services;
8)真实身份的追踪:出现消息争议时,权威机构根据消息追踪到车辆的真实身份,并将所述车辆身份撤销。8) Tracking of the real identity: when there is a message dispute, the authoritative organization will track the real identity of the vehicle according to the message and revoke the identity of the vehicle.
下面结合具体实施例和附图对本发明进行进一步说明。The present invention will be further described below in combination with specific embodiments and accompanying drawings.
1)初始化系统:TA选取公共参数,为RSU,NSP,CSP和车辆进行登记注册;1) Initialization system: TA selects public parameters and registers RSU, NSP, CSP and vehicles;
步骤1.1,TA选择两个循环群G1和G2,一个Tate对映射e:G1×G1→G2。P是群G1的一个生成元。TA再选择3个安全的Hash函数H1,H3:{0,1}*→G1和和一个安全的加密算法Enck()。Step 1.1, TA selects two cyclic groups G 1 and G 2 , and a Tate pair mapping e: G 1 ×G 1 →G 2 . P is a generator of the group G1 . TA then selects three safe Hash functions H 1 , H 3 : {0,1} * → G 1 and And a secure encryption algorithm Enck ().
步骤1.2,TA选择一个随机参数s作为自己的主密钥和一对传统的公私钥对(SKTA,PKTA),并且TA计算出系统的公钥Ppub=sP,其中PKTA=SKTAP。TA公布系统参数(G1,G2,P,Ppub,H1,H2,H3,PKTA,Enck())。Step 1.2, TA chooses a random parameter s as its master key and a traditional public-private key pair (SK TA , PK TA ), and TA calculates the system's public key P pub =sP, where PK TA =SK TA P. TA publishes system parameters (G 1 , G 2 , P, P pub , H 1 , H 2 , H 3 , PK TA , Enck ()).
步骤1.3,在车辆注册时,TA给车辆Vi分配一个真实的身份RIDi∈G1和防篡改装置的激活码PWDi。TA也给车辆Vi分配一对传统公私钥其中 Step 1.3, when the vehicle is registered, TA assigns a real identity RID i ∈ G 1 and an activation code PWD i of the anti-tampering device to the vehicle V i . TA also assigns a pair of traditional public-private keys to vehicle V i in
步骤1.4,TA为每个RSUi选择一个随机数作为RSUi的私钥,并计算作为RSUi的公钥,最后TA将私钥和RSUi的证书 安全的发送给RSUi,其中Ri=(RSUi‖Li),Li是RSUi的位置信息。Step 1.4, TA chooses a random number for each RSU i as the private key of RSU i , and calculate As the public key of RSU i , finally TA sends the private key and certificates from RSU i Securely send to RSU i , where R i =(RSU i ∥ L i ), and L i is the location information of RSU i .
步骤1.5,TA为NSP和CSP分别分发一对公私钥(SKNSP,PKNSP)、(SKCSP,PKCSP),其中PKNSP=SKNSPP,PKCSP=SKCSPP。Step 1.5, TA distributes a pair of public and private keys (SK NSP , PK NSP ) and (SK CSP , PK CSP ) to NSP and CSP respectively, where PK NSP =SK NSP P, PK CSP =SK CSP P.
2)请求匿名导航证书:如图2所示,车辆向TA请求匿名导航证书,TA认2) Request an anonymous navigation certificate: As shown in Figure 2, the vehicle requests an anonymous navigation certificate from TA, and TA authenticates
证车辆的身份,TA为车辆发放匿名导航证书;To verify the identity of the vehicle, TA issues an anonymous navigation certificate for the vehicle;
步骤2.1,车辆Vi进入RSUi时,Vi选择一个随机数r′,然后Vi通过RSUi将 发送给TA。Step 2.1, when vehicle V i enters RSU i , V i selects a random number r′, and then V i passes RSU i Send it to TA.
步骤2.2,TA解密消息X,检查RIDi是否在撤销列表中。如果不在撤销列表中,至步骤2.3,否则至步骤2.4。Step 2.2, TA decrypts message X, and checks whether RID i is in the revocation list. If not in the revocation list, go to step 2.3, otherwise go to step 2.4.
步骤2.3,TA为车辆发放匿名导航证书,TA为车辆Vi计算匿名导航证书 TA通过RSUi发送给车辆Vi。Step 2.3, TA issues an anonymous navigation certificate for the vehicle, and TA calculates an anonymous navigation certificate for the vehicle V i TA sent via RSU i Give the vehicle V i .
步骤2.4,车辆身份已经被撤销,请求匿名导航证书失败。In step 2.4, the vehicle identity has been revoked, and the request for an anonymous navigation certificate fails.
根据上述步骤,可知该导航证书中不包含车辆Vi的任何信息,所以说证书是匿名的。According to the above steps, it can be seen that the navigation certificate does not contain any information of the vehicle Vi , so the certificate is anonymous.
3)获取导航路径:如图3所示,NSP验证请求导航服务车辆的消息签名和匿名导航证书,然后NSP为车辆生成导航路径;3) Obtaining the navigation path: as shown in Figure 3, the NSP verifies the message signature and the anonymous navigation certificate of the vehicle requesting the navigation service, and then the NSP generates a navigation path for the vehicle;
步骤3.1,当启动车辆时,驾驶员输入RIDi和PWDi激活防篡改装置,如果身份没有被撤销,并且激活码是正确的,那么防篡改装置激活成功,至步骤3.2,否则防篡改装置将停止进一步的操作,至步骤3.10。Step 3.1, when starting the vehicle, the driver inputs RID i and PWD i to activate the anti-tampering device, if the identity has not been revoked and the activation code is correct, then the activation of the anti-tampering device is successful, go to step 3.2, otherwise the anti-tampering device will Stop further manipulation, go to step 3.10.
步骤3.2,防篡改装置为车辆Vi生成假名和签名私钥。假名IDi包含两个部分其中r是一个随机数。签名私钥 Step 3.2, the anti-tampering device generates a pseudonym and a signature private key for the vehicle V i . The pseudonym ID i consists of two parts in r is a random number. signature private key
步骤3.3,车辆Vi生成导航路径请求消息:首先,车辆Vi生成起点和终点消息MNAV=(Start,Dest),其中Start是出发地,Dest是目的地。然后Vi对该消息进行签名,计算hi=H2(MNAV)和T=H3(Ppub),那么生成签名 Step 3.3, vehicle V i generates a navigation route request message: First, vehicle V i generates a start and end point message M NAV =(Start, Dest), where Start is the starting point and Dest is the destination. Then V i signs the message, calculates h i =H 2 (M NAV ) and T=H 3 (P pub ), then generates the signature
步骤3.4,Vi选择一个随机数计算和ψNSP=aPKNSP。车辆Vi通过RSUi发送导航路径请求消息给NSP。Step 3.4, V i chooses a random number calculate and ψ NSP = aPK NSP . Vehicle Vi sends a navigation route request message through RSU i to NSP.
步骤3.5,当NSP接收到请求消息Y时,NSP计算然后NSP根据ψ'NSP解密消息Y,分别得到MNAV,IDi,δi和CN。首先,NSP验证CN的有效性,如果有效,至步骤3.6,否则至步骤3.11。Step 3.5, when NSP receives request message Y, NSP calculates Then NSP decrypts the message Y according to ψ' NSP , and obtains M NAV , ID i , δ i and C N respectively. First, NSP verifies the validity of CN , if valid, go to step 3.6, otherwise go to step 3.11.
步骤3.6,验证签名的正确性:计算hi=H2(MNAV),T=H3(Ppub)和当消息比较多时,我们也可以执行批量认证:计算T=H3(Ppub)和 Step 3.6, verify the correctness of the signature: calculate h i =H 2 (M NAV ), T=H 3 (P pub ) and When there are many messages, we can also perform batch authentication: calculate T=H 3 (P pub ) and
如果式(1)成立,至步骤3.7,否则至步骤3.11。If formula (1) is established, go to step 3.7, otherwise go to step 3.11.
步骤3.7,签名有效,NSP为车辆Vi生成导航路径。根据MNAV可知出发地和目的地,NSP可以得到从出发地到目的地的各种路径。我们对每一段公路进行赋值,每一段路的权值Wi=α*l+(1-α)*t,其中l是公路的长度,假设设置单位为千米,t是经过这段公路需要的时间(根据公路长度l和公路上车辆行驶速度得出),假设设置单位是分钟。α是路程所占比重,如果α越小说明权值中时间所占比例越大。接下来,NSP给α设置几个不同的值,根据Dijkstra算法,得到相应的路径。当α设置为0时,所得路径就是耗时最短的,当α为1时,所得路径就是路程最短的。最后,NSP将这几条路径签名加上随机数NNSP并通过ψ′NSP加密返还给车辆Vi。Step 3.7, the signature is valid, and the NSP generates a navigation path for the vehicle V i . According to the M NAV , the origin and destination can be known, and the NSP can obtain various paths from the origin to the destination. We assign a value to each section of road, and the weight of each section of road W i = α*l+(1-α)*t, where l is the length of the road, assuming that the setting unit is kilometers, and t is required to pass through this section of road Time (according to the road length l and the speed of vehicles on the road), assuming that the setting unit is minutes. α is the proportion of distance. If α is smaller, it means that the proportion of time in the weight is greater. Next, NSP sets several different values for α, and obtains the corresponding path according to the Dijkstra algorithm. When α is set to 0, the resulting path is the shortest time-consuming path, and when α is 1, the resulting path is the shortest distance. Finally, NSP adds these path signatures to the random number N NSP and returns it to the vehicle V i through ψ′ NSP encryption.
步骤3.8,车辆Vi接受到导航路径消息后,Vi用ψNSP进行解密,Vi得到相应的几条导航路径,Vi选择其中一条作为自己的行驶路径后加上随机数NNSP,并通过ψNSP加密返回给NSP。Step 3.8: After the vehicle V i receives the navigation route message, V i decrypts it with ψ NSP , and V i obtains several corresponding navigation routes. V i selects one of them as its driving route, adds a random number N NSP , and Encrypted by ψ NSP and returned to NSP.
步骤3.9,NSP接收到消息后解密,获得车辆Vi选择的行驶路径后。NSP通过安全的网络发送给途径的每个RSU一个导航信息,导航信息包括<Route,RSUnext,NumNAV>,其中Route是经过每个RSU道路信息,RSUnext是到达的下一个RSU信息。Step 3.9, NSP decrypts the message after receiving it, and obtains the driving route selected by the vehicle V i . NSP sends a navigation message to each RSU passing by through a secure network. The navigation message includes <Route, RSU next , Num NAV >, where Route is the road information passing through each RSU, and RSU next is the next RSU arriving.
步骤3.10,车辆被撤销或者RIDi和PWDi输入有误,重新输入。Step 3.10, if the vehicle is revoked or the input of RID i and PWD i is wrong, input it again.
步骤3.11,认证失败,协议终止。In step 3.11, the authentication fails and the protocol is terminated.
至此,车辆获取到导航路径,车辆可以根据导航服务号,获取服务。So far, the vehicle has obtained the navigation route, and the vehicle can obtain services according to the navigation service number.
4)请求匿名云服务证书:车辆向TA请求匿名云服务证书,TA认证车辆的身份,TA为车辆发放匿名云服务证书;4) Request an anonymous cloud service certificate: the vehicle requests an anonymous cloud service certificate from TA, TA authenticates the identity of the vehicle, and TA issues an anonymous cloud service certificate to the vehicle;
步骤4.1,车辆Vi选择一个随机数r"通过RSUi将发送给TA。Step 4.1, vehicle V i selects a random number r" through RSU i to Send it to TA.
步骤4.2,TA解密消息X′,检查RIDi是否在撤销列表中。如果不在撤销列表中,至步骤4.3,否则至步骤4.4。Step 4.2, TA decrypts message X', and checks whether RID i is in the revocation list. If not in the revocation list, go to step 4.3, otherwise go to step 4.4.
步骤4.3,TA为该服务选取一个云服务号NumCSTO,并为车辆Vi计算匿名云服务证书然后,TA通过RSUi发送给车辆Vi。Step 4.3, TA selects a cloud service number Num CSTO for this service, and calculates an anonymous cloud service certificate for vehicle V i Then, TA sends through RSU i Give the vehicle V i .
步骤4.4,车辆身份已经被撤销,请求匿名云服务证书失败。In step 4.4, the vehicle identity has been revoked, and the request for the anonymous cloud service certificate fails.
根据上述步骤,可知该云服务证书中不包含车辆Vi的任何信息,所以说证书是匿名的。According to the above steps, it can be seen that the cloud service certificate does not contain any information of the vehicle Vi , so the certificate is anonymous.
5)车辆请求云分片服务:如图4所示,CSP验证请求云服务车辆的消息签名和匿名导航证书,然后CSP根据车辆的行驶路径,CSP对车辆请求的服务进行分片;5) The vehicle requests cloud fragmentation service: as shown in Figure 4, the CSP verifies the message signature and anonymous navigation certificate of the vehicle requesting cloud service, and then the CSP fragments the service requested by the vehicle according to the driving path of the vehicle;
步骤5.1,防篡改装置为车辆Vi生成假名和签名私钥。假名IDi包含两个部分其中r是一个随机数。签名私钥 Step 5.1, the anti-tampering device generates a pseudonym and a signature private key for the vehicle V i . The pseudonym ID i consists of two parts in r is a random number. signature private key
步骤5.2,车辆生成云服务请求:首先,车辆Vi生成请求数据消息MCSP,然后Vi对该消息进行签名,计算hi=H2(MCSP)和T=H3(Ppub),那么生成签名 Step 5.2, the vehicle generates a cloud service request: first, the vehicle V i generates a request data message M CSP , then V i signs the message, and calculates h i =H 2 (M CSP ) and T=H 3 (P pub ), Then generate the signature
步骤5.3,Vi选择一个随机数计算和ψCSP=bPKCSP。最后,车辆Vi通过RSUi发送导航路径请求消息给CSP。其中Stop是指车辆在途中可能停留的信息。Step 5.3, V i chooses a random number calculate and ψ CSP = bPK CSP . Finally, vehicle V i sends a navigation route request message through RSU i to the CSP. in Stop refers to the information that the vehicle may stop on the way.
步骤5.4,当NSP接收到请求消息Z时,CSP计算然后CSP根据ψ′NSP解密消息Z,分别得到MCSP,IDi,δi,CCSTO。首先,CSP验证CCSTO的有效性,如果有效,至步骤5.5,否则至步骤5.8。Step 5.4, when the NSP receives the request message Z, the CSP calculates Then the CSP decrypts the message Z according to ψ′ NSP , and obtains M CSP , ID i , δ i , C CSTO . First, CSP verifies the validity of C CSTO , if valid, go to step 5.5, otherwise go to step 5.8.
步骤5.5,验证签名的正确性。计算hi=H2(MCSP),T=H3(Ppub)和当消息比较多时,我们也可以执行批量认证:计算T=H3(Ppub)和 Step 5.5, verify the correctness of the signature. Calculate hi = H 2 (M CSP ), T = H 3 (P pub ) and When there are many messages, we can also perform batch authentication: calculate T=H 3 (P pub ) and
如果式(2)成立,至步骤5.6,否则至步骤5.8。If formula (2) is established, go to step 5.6, otherwise go to step 5.8.
步骤5.6,签名有效,CSP为车辆Vi进行分片服务。首先,CSP查看车辆Vi的当前位置,由转发消息的RSU可知,然后,根据可知车辆经过哪些RSU以及在RSU内行驶的时间和停留时间,因此,CSP将Vi请求的数据进行分片,保证在正常情况下每个分片在每个RSU内能够发送给Vi。CSP将每个分片进行加密,然后将加密数据和云服务号通过安全的网络传递给每个RSU。In step 5.6, the signature is valid, and the CSP performs fragmentation service for the vehicle V i . First, the CSP checks the current location of the vehicle Vi , which can be known from the RSU that forwards the message, and then, according to It is known which RSUs the vehicle has passed and the travel time and residence time in the RSUs. Therefore, the CSP divides the data requested by V i into fragments to ensure that each fragment can be sent to V i in each RSU under normal circumstances. CSP encrypts each shard, and then transmits the encrypted data and cloud service number to each RSU through a secure network.
步骤5.7,CSP同时也将加密分片的密钥k发送给车辆Vi。In step 5.7, the CSP also sends the key k of the encrypted segment to the vehicle V i at the same time.
步骤5.8,认证失败,协议终止。In step 5.8, the authentication fails and the protocol is terminated.
至此,车辆获取到云分片服务,车辆可以根据云服务号,获取服务。So far, the vehicle has obtained the cloud fragmentation service, and the vehicle can obtain the service according to the cloud service number.
6)导航服务和云服务获取:车辆在行驶过程中根据服务号,获取所需的服务;6) Acquisition of navigation service and cloud service: the vehicle obtains the required service according to the service number during driving;
步骤6.1,RSUi每隔一段时间进行一次证书广播,例如5s一次。Step 6.1, RSU i certificates every once in a while Broadcast, for example once every 5s.
步骤6.2,Vi选择一个随机数计算和车辆Vi向RSUi发送导航请求消息rNAV是个随机数和下载请求消息 Step 6.2, V i chooses a random number calculate and Vehicle V i sends a navigation request message to RSU i r NAV is a random number and download request message
步骤6.3,RSUi接收到请求消息,计算进行解密,获取请求内容。然后,RSUi根据导航服务号,将到达下一个RSU的前进路线发送给Vi,内容用进行加密;同样,根据云服务号,将下载数据发送给Vi并附带上随机数rCSTO。Step 6.3, RSU i receives the request message and calculates Decrypt to obtain the request content. Then, RSU i sends the forward route to the next RSU to V i according to the navigation service number, and the content is in Encrypt; similarly, according to the cloud service number, send the downloaded data to V i with the random number r CSTO attached.
其他车辆获得消息后不能解密该消息,所以这些消息对于其他车辆是没有任何作用的,根据附带的随机数,车辆可以获知该消息是否是自己的请求消息。After other vehicles obtain the message, they cannot decrypt the message, so these messages have no effect on other vehicles. According to the attached random number, the vehicle can know whether the message is its own request message.
7)路径拥塞通知和重新请求服务:如图5所示,路面状况发生变化时,RSU通知NSP路面发生的状况,NSP通过RSU通知车辆改变路径,车辆重新申请导航服务和云服务;7) Route congestion notification and re-request service: As shown in Figure 5, when the road conditions change, the RSU notifies the NSP of the road conditions, and the NSP notifies the vehicle to change the route through the RSU, and the vehicle re-applies for navigation services and cloud services;
步骤7.1,发生状况的RSU通知NSP,NSP通知路径中含有该RSU的其他所有RSU,然后NSP发送路径导航服务号给RSU。Step 7.1, the RSU that has a situation notifies the NSP, and the NSP notifies all other RSUs that include the RSU in the route, and then the NSP sends the route navigation service number to the RSU.
步骤7.2,RSU检测到使用该导航服务号进行导航的车辆,并通知该车辆路面发生的状况。Step 7.2, RSU detects the vehicle using the navigation service number for navigation, and notifies the vehicle of the road conditions.
步骤7.3,车辆验证该消息是否来自于RSU,如果来自RSU,至步骤7.4,否则至步骤7.6.Step 7.3, the vehicle verifies whether the message is from RSU, if it is from RSU, go to step 7.4, otherwise go to step 7.6.
步骤7.4,车辆重新申请导航服务,寻找新的路径。In step 7.4, the vehicle re-applies for the navigation service to find a new path.
步骤7.5,车辆通过RSU通知云服务提供商,云服务提供商根据云服务号查找出服务的RSU,等待一定时间后通知RSU,可以删除该存储,回收存储空间。车辆需要根据新的导航路径重新申请云服务。In step 7.5, the vehicle notifies the cloud service provider through the RSU, and the cloud service provider finds out the service RSU according to the cloud service number, and notifies the RSU after waiting for a certain period of time to delete the storage and reclaim the storage space. The vehicle needs to re-apply for cloud services based on the new navigation path.
步骤7.6,车辆继续按原路径行驶。In step 7.6, the vehicle continues to drive along the original path.
8)真实身份的追踪:出现消息争议时,权威机构根据消息追踪到车辆的真实身份,并将所述车辆身份撤销。8) Tracking of the real identity: when there is a message dispute, the authoritative organization will track the real identity of the vehicle according to the message and revoke the identity of the vehicle.
步骤8.1,根据车辆的假名和系统主密钥s,TA可以计算出车辆的真实身份从此,车辆不能获取任何服务。Step 8.1, according to the pseudonym of the vehicle and the system master key s, TA can calculate the real identity of the vehicle From then on, the vehicle cannot access any services.
Claims (9)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610184747.6A CN105871831A (en) | 2016-03-28 | 2016-03-28 | Data fragmenting and downloading service method in vehicular network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610184747.6A CN105871831A (en) | 2016-03-28 | 2016-03-28 | Data fragmenting and downloading service method in vehicular network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105871831A true CN105871831A (en) | 2016-08-17 |
Family
ID=56626155
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610184747.6A Pending CN105871831A (en) | 2016-03-28 | 2016-03-28 | Data fragmenting and downloading service method in vehicular network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105871831A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107786941A (en) * | 2017-09-29 | 2018-03-09 | 西安电子科技大学 | It is a kind of to be cooperated method for down loading based on the file that prefetches |
| CN107979605A (en) * | 2017-12-06 | 2018-05-01 | 常熟理工学院 | A kind of safe big data network communication method |
| CN109005035A (en) * | 2018-07-12 | 2018-12-14 | 同济大学 | Verifying communication system and method are signed and issued in a kind of connection vehicle remote anonymity of net |
| CN110166445A (en) * | 2019-05-06 | 2019-08-23 | 武汉大学 | A kind of the secret protection anonymous authentication and cryptographic key negotiation method of identity-based |
| CN111291035A (en) * | 2020-03-23 | 2020-06-16 | 东软睿驰汽车技术(沈阳)有限公司 | Method and device for slicing data and related product |
| US10862970B2 (en) | 2017-06-16 | 2020-12-08 | Ford Global Technologies, Llc | Call-ahead downloading to vehicles |
| CN113994397A (en) * | 2019-06-26 | 2022-01-28 | 大众汽车股份公司 | Method, computer program and apparatus for processing data detected by a motor vehicle |
| CN114008694A (en) * | 2019-06-28 | 2022-02-01 | 大众汽车股份公司 | Method, computer program and device for processing data detected by a motor vehicle |
| US12026282B2 (en) | 2019-07-02 | 2024-07-02 | Volkswagen Aktiengesellschaft | Method, computer program, and device for processing data recorded by a motor vehicle, and for providing parameters for such processing |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104601667A (en) * | 2014-12-23 | 2015-05-06 | 武汉大学 | Gapless vehicle networking assist downloading method |
| CN104853351A (en) * | 2015-03-20 | 2015-08-19 | 江苏大学 | Internet of Vehicles distributed authentication method based on controllable privacy |
| CN105430616A (en) * | 2015-12-04 | 2016-03-23 | 深圳北航新兴产业技术研究院 | Data scheduling method based on vehicle collaboration in urban scene |
-
2016
- 2016-03-28 CN CN201610184747.6A patent/CN105871831A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104601667A (en) * | 2014-12-23 | 2015-05-06 | 武汉大学 | Gapless vehicle networking assist downloading method |
| CN104853351A (en) * | 2015-03-20 | 2015-08-19 | 江苏大学 | Internet of Vehicles distributed authentication method based on controllable privacy |
| CN105430616A (en) * | 2015-12-04 | 2016-03-23 | 深圳北航新兴产业技术研究院 | Data scheduling method based on vehicle collaboration in urban scene |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10862970B2 (en) | 2017-06-16 | 2020-12-08 | Ford Global Technologies, Llc | Call-ahead downloading to vehicles |
| CN107786941B (en) * | 2017-09-29 | 2020-03-31 | 西安电子科技大学 | File cooperation downloading method based on prefetching |
| CN107786941A (en) * | 2017-09-29 | 2018-03-09 | 西安电子科技大学 | It is a kind of to be cooperated method for down loading based on the file that prefetches |
| CN107979605A (en) * | 2017-12-06 | 2018-05-01 | 常熟理工学院 | A kind of safe big data network communication method |
| CN107979605B (en) * | 2017-12-06 | 2020-05-26 | 常熟理工学院 | Safe big data network communication method |
| CN109005035A (en) * | 2018-07-12 | 2018-12-14 | 同济大学 | Verifying communication system and method are signed and issued in a kind of connection vehicle remote anonymity of net |
| CN109005035B (en) * | 2018-07-12 | 2020-07-28 | 同济大学 | A remote anonymous issuance and verification communication system for connected vehicles |
| CN110166445A (en) * | 2019-05-06 | 2019-08-23 | 武汉大学 | A kind of the secret protection anonymous authentication and cryptographic key negotiation method of identity-based |
| CN113994397A (en) * | 2019-06-26 | 2022-01-28 | 大众汽车股份公司 | Method, computer program and apparatus for processing data detected by a motor vehicle |
| CN113994397B (en) * | 2019-06-26 | 2024-04-02 | 大众汽车股份公司 | Method, computer-readable medium and device for processing data detected by a motor vehicle |
| CN114008694A (en) * | 2019-06-28 | 2022-02-01 | 大众汽车股份公司 | Method, computer program and device for processing data detected by a motor vehicle |
| US12131553B2 (en) | 2019-06-28 | 2024-10-29 | Volkswagen Aktiengesellschaft | Method, computer program, and device for processing data recorded by a motor vehicle |
| US12026282B2 (en) | 2019-07-02 | 2024-07-02 | Volkswagen Aktiengesellschaft | Method, computer program, and device for processing data recorded by a motor vehicle, and for providing parameters for such processing |
| CN111291035A (en) * | 2020-03-23 | 2020-06-16 | 东软睿驰汽车技术(沈阳)有限公司 | Method and device for slicing data and related product |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105871831A (en) | Data fragmenting and downloading service method in vehicular network | |
| JP7568678B2 (en) | Encryption method and system for managing digital certificates | |
| Guo et al. | Independent mix zone for location privacy in vehicular networks | |
| Lu et al. | A dynamic privacy-preserving key management scheme for location-based services in VANETs | |
| Chim et al. | VSPN: VANET-based secure and privacy-preserving navigation | |
| JP7074863B2 (en) | Encryption method and system using activation code for withdrawal of digital certificate | |
| CN110166228B (en) | Privacy protection method based on certificate-free ring signcryption in vehicle-mounted self-organizing network | |
| CN104853351A (en) | Internet of Vehicles distributed authentication method based on controllable privacy | |
| CN112437108A (en) | Decentralized identity authentication device and method for privacy protection of Internet of vehicles | |
| CN106027233A (en) | Method for designing vehicle network group negotiation communication protocol | |
| Wagan et al. | Security framework for low latency VANET applications | |
| CN109362062B (en) | Anonymous authentication system and method for VANETs based on ID-based group signature | |
| CN109561383A (en) | A kind of location privacy protection method based on dynamic assumed name exchange area | |
| CN104394000A (en) | Batched certification method based on pseudonym verification public key in vehicle-mounted network | |
| CN118042464A (en) | IoV identity authentication and privacy protection method based on federated learning and drones | |
| CN116015601B (en) | A Blockchain-Based Method for Privacy-Preserving Traffic Route Management in the Internet of Vehicles | |
| Muthumeenakshi et al. | An Efficient and Secure Authentication Approach in VANET using Location and Signature-Based Services. | |
| CN110493748B (en) | Fog-based road condition detection and authentication method | |
| CN108933665B (en) | Approach of Lightweight V2I Group Communication Authentication Protocol in VANETs | |
| Piramuthu et al. | VANET authentication protocols: security analysis and a proposal: OB Piramuthu, M. Caesar | |
| CN116994423B (en) | Lightweight, privacy-protected lead vehicle selection system and method in vehicle formation | |
| CN116032495B (en) | Vehicle-cloud cooperative safety transmission data anomaly detection method based on intelligent traffic system | |
| Yelure et al. | SARP: secure routing protocol using anonymous authentication in vehicular Ad-hoc networks | |
| Malhi et al. | An efficient privacy preserving authentication scheme for vehicular communications | |
| CN118870352B (en) | Vehicle network security communication method, user terminal, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160817 |