CN113992388B - Method for realizing privacy protection of vehicle identity condition based on RSU - Google Patents
Method for realizing privacy protection of vehicle identity condition based on RSU Download PDFInfo
- Publication number
- CN113992388B CN113992388B CN202111244232.8A CN202111244232A CN113992388B CN 113992388 B CN113992388 B CN 113992388B CN 202111244232 A CN202111244232 A CN 202111244232A CN 113992388 B CN113992388 B CN 113992388B
- Authority
- CN
- China
- Prior art keywords
- vehicle
- rsu
- pseudonym
- vid
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 230000006854 communication Effects 0.000 claims abstract description 40
- 238000004891 communication Methods 0.000 claims abstract description 37
- 238000012795 verification Methods 0.000 claims abstract description 14
- 239000000284 extract Substances 0.000 claims description 6
- 238000012797 qualification Methods 0.000 claims description 3
- 230000006855 networking Effects 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 9
- 235000016496 Panda oleosa Nutrition 0.000 description 4
- 240000000220 Panda oleosa Species 0.000 description 4
- 241000497429 Obus Species 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000003211 malignant effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Traffic Control Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method for realizing privacy protection of vehicle identity conditions based on an RSU. Firstly, completing system initialization and registration of vehicles and RSU in a preparation stage before the vehicle is networked, and issuing a public key certificate for the RSU; then, when the vehicle is connected to the network, providing a pseudonym for the vehicle based on the RSU to realize an identity privacy protection function in the vehicle communication process; finally, when the illegal vehicle is found, the TA and the RSU realize the tracing and legal revocation of the identity of the illegal vehicle through the pseudonym and the vehicle revocation list, thereby realizing the conditional privacy protection function of the identity of the vehicle. Compared with the prior art, the method can reduce the calculation verification cost of the TA side and the communication cost between the TA and the RSU. In addition, the method improves the communication times and improves the communication efficiency compared with the prior method.
Description
Technical Field
The invention belongs to the technical field of internet of vehicles communication, and particularly relates to a method for realizing privacy protection of vehicle identity conditions based on an RSU.
Background
In a vehicular ad hoc network (vehicular ad-hoc network, VANET), vehicles perform vehicle-to-vehicle (V2V) communication and vehicle-to-Infrastructure (V2I) communication through dedicated short-range communication channels, and these two communication methods are hereinafter simply referred to as V2X communication. In V2X communication, the communication message does not contain personal privacy data about the owner of the vehicle, but contains sensitive information such as the identity and the position of the vehicle, so that V2X communication should consider the identity privacy protection of the user vehicle, and for different information sent by the same vehicle, any entity except the trusted authority TA cannot distinguish that some different information originates from the same vehicle, so as to prevent malicious users in the VANET from tracking, monitoring a legal vehicle driving route, and generating malignant events such as kidnapping. However, when a legal vehicle performs illegal operations, such as when the legal vehicle tries to send false traffic messages to obtain personal benefits, the TA institution should trace back the true identity information of the illegal vehicle and conduct responsibility tracking on the true identity information, that is, the V2X communication should consider that the conditional privacy protection function is implemented on the identity of the vehicle.
V2X communication generally uses pseudonyms to achieve privacy protection of vehicle identity, however, in order to avoid the security problem that an attacker identifies and tracks the track of a certain vehicle based on a static pseudonym and a time sequence of messages during driving of the vehicle, the vehicle needs to dynamically switch pseudonyms, and most of the current schemes adopt a mode that a group of communication pseudonyms are stored in advance during online registration and annual inspection of the vehicle or the vehicle is subjected to identity authentication by TA and is allocated with a group of communication pseudonyms during each driving, which clearly increases the pseudonym storage cost of the vehicle and the verification cost of TA side and the communication cost between TA and RSU during issuing and replacing each group of pseudonyms.
In summary, the invention provides a method for realizing the privacy protection of the vehicle identity condition based on the RSU, which is applicable to the VANET scene, and the method can meet the requirement of the privacy protection of the condition in the Internet of vehicles and trace and cancel the illegal vehicle identity.
Disclosure of Invention
The invention provides a method for realizing privacy protection of vehicle identity conditions based on an RSU. Firstly, the method completes the TA system initialization and the registration process of vehicles and RSU in the early communication stage of the Internet of vehicles, and issues a public key certificate for the RSU. Secondly, a pseudonym is provided for the vehicle based on the RSU to realize the privacy protection function of the vehicle identity in the V2X communication process. Finally, when the TA finds that the vehicle has illegal operation, the TA can trace and cancel the identity according to the pseudonym, so that the TA can not continue V2X communication, and the function of protecting the conditional privacy of the vehicle is realized.
When the vehicle acquires the pseudonym to realize identity privacy protection, the process of acquiring the pseudonym by the vehicle is divided into two cases of entering the RSU area for the first time and entering the RSU area again, the vehicle only needs to acquire the pseudonym after the remote TA performs identity authentication when entering a certain RSU area for the first time, and the identity authentication can be directly completed and the pseudonym can be acquired at the RSU side when entering the RSU area again, so that concentrated dependence on the TA side and calculation communication overhead between the TA and the RSU are reduced.
When the identity of the vehicle user needs to be traced, the RSU can only extract VID generated by vehicle initialization registration from the pseudonym PID, and only TA can trace the true identity of the vehicle user from the vehicle registry VInfo, so that the privacy protection of the vehicle identity is fully ensured on the basis of tracing. When the vehicle user revocation occurs, the TA issues a vehicle revocation list VRL to the RSU, and the RSU checks the validity of the vehicle identity through the VRL before performing the pseudonym dispatch, so that the legal revocation of the vehicle identity is realized. Because the VRL is lighter than the conventional certificate revocation list CRL, storage overhead and communication overhead in the internet of vehicles are also reduced.
Compared with the prior art, the method for realizing the privacy protection of the vehicle identity condition based on the RSU can reduce the calculation verification cost of the TA side and the communication cost between the TA and the RSU. In addition, the method improves the communication times and improves the communication efficiency compared with the prior method.
Drawings
FIG. 1 is a schematic diagram of a system model of the present invention.
Fig. 2 is a general flow diagram of the present invention.
FIG. 3 is a schematic diagram showing a specific flow of the preparation stage in the present invention.
Fig. 4 is a schematic diagram of a specific process of acquiring a pseudonym based on an RSU in a vehicle according to the present invention.
Fig. 5 is a schematic diagram of a specific process of the vehicle identity tracing and revocation procedure in the present invention.
Detailed Description
The present invention will be described in detail below with reference to specific embodiments shown in the drawings.
Fig. 1 is a schematic diagram of a system model of the present invention, as shown in fig. 1, the VANET system comprises 3 participants: trust Authorities (TAs), vehicle computing units (OBUs), roadside infrastructure (RSUs). The TA is a trusted authority in the VANET that is responsible for initializing system parameters, including system public and private keys. And provides initial parameters to the registration entity. Each vehicle should be registered with the TA before joining the network. The TA has strong computing power and storage power, and is also the only entity that can track the true identity of the vehicle. The RSU is a roadside infrastructure that communicates with the OBU wirelessly, or with the TA by wire. The computation and storage power of the RSU is between TA and OBU. In the present invention, the RSU can help the TA to make efficient revocation. An OBU is an internal processing unit of the vehicle that can be used to store private keys and network public information. The OBU has low computing power and storage power, and when the vehicle is running, it will periodically broadcast traffic information to other vehicles and RSUs, i.e. the vehicles communicate V2X with other vehicles or RSUs.
Fig. 2 is a general flow diagram of the method for implementing privacy protection of vehicle identity conditions based on RSU according to the present invention, as shown in fig. 2, V2X communication can be divided into four phases according to characteristics of V2X communication of internet of vehicles: the system comprises a pre-stage preparation stage, a vehicle pseudonym request stage, a vehicle V2X communication stage by using pseudonym and a vehicle identity tracing and revocation stage. In the early preparation stage, the TA performs system initialization and offline registration of the vehicle and the RSU, the vehicle stores the real identity information of the vehicle in VInfo tables and acquires the registration identity VID, and the RSU acquires the latest public key certificate of the vehicle and broadcasts the latest public key certificate in the area. In the pseudonym request stage of the vehicle, the vehicle will verify and keep its public key certificate after entering the RSU area, and based on the RSU acquiring the pseudonym used by its communication, the situation that the OBU acquires the pseudonym will be divided into two cases of acquiring the pseudonym for the first time and acquiring the pseudonym again, and then the vehicle can use the acquired pseudonym to perform V2X communication. In the vehicle identity tracing and canceling stage, the RSU calculates the VID of the vehicle through the pseudonym and sends the VID to the TA, and then the TA finds out all information of the vehicle user according to the VID query VInfo table, so that the vehicle identity tracing is realized. The TA then places the VID in the vehicle revocation list VRL and sends the VRL to all RSUs, which contain the identity VID R=(VID1,VID2,……,VIDu of all revoked vehicles), the current timestamp t R and the signature of the TA to VRL R=(VIDR,tR), the RSUs check t R and verify the signature after receiving it, update and save this latest VRL R after verification passed. When a kana request is made by an offending vehicle, the RSU calculates that its VID is contained in VRL R, and will refuse to assign a kana to it, thereby revoking its V2X communication qualification.
Fig. 3 is a schematic flow chart of the preparation stage in the early stage of the invention, as shown in fig. 3.
Initializing a system: TA generating system public parameter param= { G, P, P, PK ta,H0-4 }, wherein P is a prime number, G is an elliptic subgroup of the order P, P is a generator of G, and 5 secure hash functions are as follows: h 0-4; and TA generates a master key s ta, and the master key generation range is an integer of order qInterior, i.e./>(Hereinafter/>The meaning of the marks is the same). And calculating the public key of TA as PK ta=sta.P, and storing the public parameter param of the system into RSU and OBU.
Vehicle registration: before entering the network, the vehicle V i needs to register vehicle information and personal information to the TA in an offline mode, and records the information as info and TA registration related information, and generates a user registration code UID, a registration validity period T reg, and a vehicle identification identifier VID i stored in the TPD of the vehicle, where the vehicle identification identifier is composed of three parts: VID i=UID||Treg | UValue, wherein UValue is a hash value of UID and T reg, that is, UValue =h Sta(UID,Treg), UValue is used as a unique identity of each vehicle, and userID and pwd are user names and passwords that need to be input when a user starts a TPD; vehicle information (userID, pwd, VID i, info) is stored in the TA's vehicle registry VInfo, and the owner information is queried when responsibility is left to be pursued.
RSU registration: before accessing to the network, the RSU needs to register the RSU identity to the TA in an offline mode, wherein the identity is denoted as RID j (the angle sign j represents the j-th RSU related information), and the TA selectsAs master key for RSU and store (RID j,SRSU) in RSU registry RInfo of TA and then store S RSU in TPD of RSU.
The TA generates RSU certificates: firstly, the RSU generates a random number lambda j according to a formula 1, calculates two public keys L j and PK RSU of the RSU, and sends RID j、Lj、PKRsu and a current time stamp ts j of the RSU to the TA through a wired channel; then, after the TA checks the validity of ts j and RID j, selects the validity period rt j of the RID j public key certificate, generates a random number R j according to formula 2 and calculates part of public keys R 1j and C j, thereby generating a certificate Cert j corresponding to the RSU, verifies whether equation C j*P=Rj+PKta*H0(RIDj,Lj,PKRSU,rtj) is satisfied after the RSU receives the public key certificate, saves the latest public key certificate after the verification is passed, and broadcasts the certificate in its area.
Lj=λj*P
PK RSU=SKRSU. Times. P (equation 1)
Rj=rj*P
C j=rj+SKta*H0(RIDj,Lj,PKRSU,rtj) (equation 2)
Fig. 4 is a schematic diagram of a specific process of acquiring a pseudonym based on an RSU in a vehicle according to the present invention, as shown in fig. 4.
Step 1, after the vehicle enters a certain RSU area for the first time, it will receive the public key certificate Cert j broadcasted by the RSU in the present area, the vehicle first receives the certificate and verifies the certificate through formula 3, after verification, it stores the certificate and calculates the authentication pseudonym PID auth,PIDauth through formula 4, where T i is the pseudonym validity period.
C j*P=R1j+PKta*H0(RIDj,Lj,rtj) (equation 3)
Step 2, the vehicle sends a first get pseudonym request M auth={Firstpseudonym request,PIDauth,tsi to the RSU, where ts i is a time stamp.
Step 3, after checking the timestamp, the rsu extracts VID i from PID auth according to formula 5, then checks the validity period T reg of VID i and the vehicle revocation list VRL table, checks whether the vehicle is in a revoked state, and if the VID i is not in the VRL table, sends { VID i,PIDi,tsj } to the TA, ts j is the timestamp.
Step 4, the ta checks the timestamp ts j, calculates UValue '=h sta(UID,Treg) and verifies if equation UValue' = UValue is true, if so, verifies that the vehicle identity passes, and sends a success message { authenticatedsuccess, VID i,PIDauth } to the RSU.
Step 5, the RSU calculates the private key of the pseudonymous request of the vehicle in the area according to the formula 6And generating a pseudonym PID i for the V2X communication for the vehicle according to equation 7, and computing a symmetrically encrypted shared key X i-j according to equation 8, then symmetrically encrypting the pseudonym request private key and the pseudonym, and then carrying out/>To the vehicle OBU, where tv i is a time stamp. The vehicle, after receiving it, calculates the shared key according to equation 9 and decrypts the pseudonym request private key and pseudonym.
X i,j=H3(RIDj||Lj||λj*pIDi 1||Ti) (equation 8)
X' i,j=H3(RIDj||Lj||r1i*Lj||Ti) (equation 9)
So far, the process of the vehicle first acquiring the pseudonym is ended.
Step 6, after the vehicle reenters a certain RSU area entered before, it will receive the latest public key certificate Cert j broadcasted by the RSU in the area, the vehicle first receives the latest certificate and verifies, after the verification is passed, it stores the certificate and calculates the authentication pseudonym PID auth, where the calculation mode is the same as that of step 1.
Step 7, when the vehicle sends a reacquire pseudonym request M auth={Renewal authentication request,PIDauth,σi to the RSU, wherein σ i is the signature the vehicle generates for the reacquire pseudonym request message using the pseudonym request privacy key according to equation 10.
Step 8, the RSU first extracts VID i from PID auth according to equation 5 and checks if it is in the vehicle revocation list VRL and checks if VID i has passed the validity period, if VID i is valid, the RSU calculates the signature public key according to equation 11And verifies the pseudonym request message according to equation 12. After the verification is passed, the RSU calculates a new pseudonym for the V2X communication of the present zone according to equation 7.
And 9, the RSU safely transmits the new pseudonym to the requesting vehicle through a symmetrical encryption mode. The symmetric encryption and decryption modes are the same as those in the step 5.
To this end, the process of the vehicle acquiring the pseudonym again ends.
Fig. 5 is a schematic diagram of a specific process of tracing and revoking the identity of a vehicle according to the present invention, as shown in fig. 5.
When the real identity of the user vehicle needs to be traced, the RSU utilizes a formulaAnd the calculated VID of the vehicle is sent to the TA, and then the TA searches VInfo tables according to the VID to find out all information of the vehicle user.
When the TA needs to revoke the identity of the vehicle, the TA sends a vehicle revocation list VRL to all RSUs, which contains the identities VID R=(VID1,VID2,……,VIDu of all revoked vehicles, the current timestamp t R and the signature of the TA pair (VID R,tR) (R 1r,CR), the RSU checks t R after receipt and verifies the signature, updates and saves this latest VRL R after verification passes. When a kana request is made by an offending vehicle, the RSU calculates that its VID is contained in VRL R, and will refuse to assign a kana to it, thereby revoking its V2X communication qualification.
The above list of detailed descriptions is only specific to practical embodiments of the present invention, and they are not intended to limit the scope of the present invention, and all equivalent embodiments or modifications that do not depart from the spirit of the present invention should be included in the scope of the present invention.
Claims (4)
1. A method for realizing privacy protection of vehicle identity conditions based on RSU is characterized in that: firstly, completing system initialization and registration of a vehicle and an RSU in a preparation stage of the early stage of vehicle networking, and issuing a public key certificate for the RSU; then, when the vehicle is connected to the network, providing a pseudonym for the vehicle based on the RSU to realize the privacy protection function of the vehicle identity condition in the vehicle communication process; finally, when the illegal vehicle is found, the TA and the RSU realize the tracing and legal revocation of the identity of the illegal vehicle through the pseudonym and the vehicle revocation list, so that the privacy protection function of the identity condition of the vehicle is realized;
2. The method comprises the following specific processes of the early preparation stage:
Initializing a system: TA generating system public parameter param= { G, P, P, PK ta,H0-4 }, wherein P is a prime number, G is an elliptic subgroup of the order P, P is a generator of G, and 5 secure hash functions are as follows: h 0-4; and TA generates a master key s ta, and the master key generation range is an integer of order q Interior, i.e./>Calculating the public key of TA as PK ta=sta.P, and storing the public parameter param of the system into RSU and OBU;
Vehicle registration: before entering the network, the vehicle V i needs to register vehicle information and personal information to the TA in an offline mode, and records the information as info and TA registration related information, and generates a user registration code UID, a registration validity period T reg, and a vehicle identification identifier VID i stored in the TPD of the vehicle, where the vehicle identification identifier is composed of three parts: VID i=UID||Treg | UValue, wherein UValue is a hash value of UID and T reg, that is, UValue =h SKta(UID,Treg), userID and pwd are user names and passwords that need to be input when the user starts the TPD; storing vehicle information (userID, pwd, VID i, info) in a vehicle registry VInfo of the TA, and querying the owner information when the responsibility is left;
RSU registration: before accessing to the network, the RSU needs to register the RSU identity to the TA in an offline mode, the identity is recorded as RID j, the angle sign j represents the related information of the jth RSU, and the TA selects As master key for RSU and store (RID j,SKRSU) in TA's RSU registry RInfo, then SK RSU in RSU's TPD;
The TA generates RSU certificates: firstly, the RSU generates a random number lambda j according to a formula 1, calculates two public keys L j and PK RSU of the RSU, and sends RID j、Lj、PKRSU and a current time stamp ts j of the RSU to the TA through a wired channel; then, after the validity of ts j and RID j is checked by TA, selecting validity period rt j of RID j public key certificate, generating random number R j according to formula 2 and calculating partial public keys R 1j and C j, so as to generate certificate Cert j corresponding to RSU, verifying equation C j*P=R1j+PKta*H0(RIDj,Lj,PKRSU,rtj) after the RSU receives the public key certificate, and storing the latest public key certificate after verification is passed, and broadcasting the certificate in the region;
the specific steps of the vehicle for acquiring the pseudonym based on the RSU are as follows:
Step 1, after a vehicle enters an RSU area for the first time, a public key certificate Cert j broadcasted by the RSU in the area is received, the vehicle firstly receives the certificate and verifies the certificate through a formula 3, after the verification is passed, the certificate is saved, and an authentication pseudonym PID auth,PIDauth is calculated through a formula 4 and consists of three parts, wherein T i is a pseudonym validity period;
Cj*P=R1j+PKta*H0(RIDj,Lj,rtj) (3)
Step 2, the vehicle sends a request M auth={First pseudonym request,PIDauth,tsi for acquiring the pseudonym for the first time to the RSU, wherein ts i is a time stamp for acquiring the pseudonym request message for the first time;
Step 3, after checking the timestamp, the RSU extracts the VID i from the PID auth according to formula 5, then checks the validity period T reg of the VID i and the VRL vehicle revocation list, checks whether the vehicle is in a revoked state, if the VID i is not in the VRL list, sends { VID i,PIDi,tsj } to the TA, and ts j is the timestamp when the RSU sends the message { VID i,PIDi,tsj };
Step 4, the ta checks the timestamp ts j, calculates UValue '=h SKta(UID,Treg) and verifies whether the equation UValue' = UValue is true, if so, verifies that the vehicle identity passes, and sends a success message { authenticatedsuccess, VID i,PIDauth } to the RSU;
Step 5, the RSU calculates the private key of the pseudonymous request of the vehicle in the area according to the formula 6 And generating a pseudonym PID i for the V2X communication for the vehicle according to equation 7, and computing a symmetrically encrypted shared key X i-j according to equation 8, then symmetrically encrypting the pseudonym request private key and the pseudonym, and then carrying out/>To the vehicle OBU, where tv i is the send messageIs a time stamp of (2); after the vehicle receives the shared secret key, the vehicle calculates the shared secret key according to the formula 9 and decrypts the shared secret key to obtain a pseudonym request private key and a pseudonym;
xi-j=H3(RIDj||Lj||λj*pIDi 1||Ti) (8)
x'i-j=H3(RIDj||Lj||r1i*Lj||Ti) (9)
so far, the process of the vehicle for acquiring the pseudonym for the first time is ended;
Step 6, after the vehicle reenters the RSU area which has entered before, it will receive the latest public key certificate Cert j broadcast by RSU in this area, the vehicle will accept the latest certificate and verify first, after the verification, save the certificate and calculate the authentication pseudonym PID auth, the calculation mode is the same as step 1 here;
Step 7, when the vehicle sends a reacquiring pseudonym request M reauth={Renewal authentication request,PIDauth,σi to the RSU, wherein σ i is a signature generated by the vehicle according to formula 10 for the reacquiring pseudonym request message using the pseudonym request private key;
Step 8, the RSU first extracts VID i from PID auth according to equation 5 and checks if it is in the VRL vehicle revocation list and checks if VID i has passed the validity period, if VID i is valid, the RSU calculates the signature public key according to equation 11 And validating the pseudonym request message according to equation 12; after the verification is passed, the RSU calculates a new pseudonym of the V2X communication of the area according to a formula 7;
step 9, the RSU safely transmits the new pseudonym to the requesting vehicle in a symmetrical encryption mode; the symmetric encryption and decryption modes are the same as those of the step 5;
To this end, the process of the vehicle acquiring the pseudonym again ends.
2. The method for realizing privacy protection of vehicle identity conditions based on the RSU according to claim 1, wherein the method comprises the following steps: in the stage of acquiring the pseudonym by the vehicle to realize privacy protection of the identity condition of the vehicle, the process of acquiring the pseudonym by the vehicle is divided into two cases of entering the RSU area for the first time and entering the RSU area again, the vehicle only needs to carry out identity authentication by a far-end TA when entering the RSU area for the first time, and the identity authentication is directly completed on the RSU side to acquire the pseudonym when entering the RSU area again, so that concentrated dependence on the TA side and calculation communication expenditure between the TA and the RSU are reduced.
3. The method for realizing privacy protection of vehicle identity conditions based on the RSU according to claim 1, wherein the method comprises the following steps: when the identity of the vehicle user needs to be traced, the RSU can only extract VID i generated by the vehicle initialization registration from the pseudonym PID i, and only TA traces the true identity of the vehicle user from the vehicle registry VInfo, so that the privacy protection of the vehicle identity condition is fully ensured on the basis of tracing; when the vehicle user revocation occurs, the TA issues a VRL vehicle revocation list to the RSU, and the RSU checks the validity of the vehicle identity through the VRL before performing the pseudonym dispatch, so that the validity revocation of the vehicle identity is realized.
4. The method for realizing privacy protection of vehicle identity conditions based on the RSU according to claim 1, wherein the method comprises the following steps: the specific steps of vehicle identity tracing and revocation of the method are as follows:
When the real identity of the user vehicle needs to be traced, the RSU utilizes a formula The calculated VID of the vehicle is sent to the TA, and then the TA searches VInfo tables according to the VID to find out all information of the vehicle user;
When the TA needs to revoke the identity legitimacy of the vehicle, the TA sends a VID R vehicle revocation list to all RSUs, wherein VID R contains the identities of all revoked vehicles, specifically denoted as VID R=(VID1,VID2,……,VIDi), a timestamp t R when the message of VID R is sent and a signature (R 1r,CR) of the TA pair (VID R,tR), and the specific calculation mode is shown as 13; the RSU checks t R after receiving the signature and verifies the signature, updates and saves the latest VID R after verification is passed; when the offending vehicle VID 2 makes a pseudonym request, the RSU calculates that its VID 2 is contained in VID R, will refuse to assign a pseudonym to it, and thus revoke its V2X communication qualification;
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111244232.8A CN113992388B (en) | 2021-10-26 | 2021-10-26 | Method for realizing privacy protection of vehicle identity condition based on RSU |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111244232.8A CN113992388B (en) | 2021-10-26 | 2021-10-26 | Method for realizing privacy protection of vehicle identity condition based on RSU |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113992388A CN113992388A (en) | 2022-01-28 |
CN113992388B true CN113992388B (en) | 2024-06-07 |
Family
ID=79741269
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111244232.8A Active CN113992388B (en) | 2021-10-26 | 2021-10-26 | Method for realizing privacy protection of vehicle identity condition based on RSU |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113992388B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114599028A (en) * | 2022-03-21 | 2022-06-07 | 南通大学 | Vehicle networking pseudonym management method based on homomorphic encryption mechanism |
CN115412264B (en) * | 2022-10-31 | 2022-12-27 | 北京金睛云华科技有限公司 | Vehicle-mounted self-organizing network pseudonym revocation method based on Morton filter |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104853351A (en) * | 2015-03-20 | 2015-08-19 | 江苏大学 | Internet of Vehicles distributed authentication method based on controllable privacy |
CN107995262A (en) * | 2017-11-16 | 2018-05-04 | 北京交通大学 | Based on the vehicle-mounted cloud system to park cars and application method |
CN110071797A (en) * | 2019-02-01 | 2019-07-30 | 湖州师范学院 | The method of assumed name change car networking privacy-protection certification based on mixing context |
-
2021
- 2021-10-26 CN CN202111244232.8A patent/CN113992388B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104853351A (en) * | 2015-03-20 | 2015-08-19 | 江苏大学 | Internet of Vehicles distributed authentication method based on controllable privacy |
CN107995262A (en) * | 2017-11-16 | 2018-05-04 | 北京交通大学 | Based on the vehicle-mounted cloud system to park cars and application method |
CN110071797A (en) * | 2019-02-01 | 2019-07-30 | 湖州师范学院 | The method of assumed name change car networking privacy-protection certification based on mixing context |
Non-Patent Citations (2)
Title |
---|
FBSS:一种基于公平盲签名和秘密共享的车载网隐私保护方案;王晓亮;黎水凡;;计算机应用研究(12);全文 * |
VANET 中一种可撤销的车辆群组批认证方法;王良民;李晓君;仲红;;中国科学:信息科学;20131015(10);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN113992388A (en) | 2022-01-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111372248B (en) | Efficient anonymous identity authentication method in Internet of vehicles environment | |
CN108964919B (en) | Lightweight anonymous authentication method with privacy protection based on Internet of vehicles | |
Petit et al. | Pseudonym schemes in vehicular networks: A survey | |
Guo et al. | Chameleon hashing for secure and privacy-preserving vehicular communications | |
Förster et al. | PUCA: A pseudonym scheme with user-controlled anonymity for vehicular ad-hoc networks (VANET) | |
Sharma et al. | BlockAPP: Using blockchain for authentication and privacy preservation in IoV | |
CN107580006B (en) | Vehicular ad hoc network conditionity method for secret protection based on register list | |
Qi et al. | A privacy-preserving authentication and pseudonym revocation scheme for VANETs | |
CN107888377B (en) | VANETs position privacy protection method based on random encryption period | |
CN109831296A (en) | A kind of car networking privacy-protection certification method based on group ranking | |
CN110022542A (en) | A kind of anonymous authentication method of the modified based on condition secret protection | |
CN109362062B (en) | ID-based group signature-based VANETs anonymous authentication system and method | |
Wang et al. | A practical authentication framework for VANETs | |
Chim et al. | MLAS: Multiple level authentication scheme for VANETs | |
CN113992388B (en) | Method for realizing privacy protection of vehicle identity condition based on RSU | |
CN114286332B (en) | Dynamic efficient vehicle-mounted cloud management method with privacy protection function | |
CN112437108A (en) | Decentralized identity authentication device and method for privacy protection of Internet of vehicles | |
CN112243234A (en) | Identity-based privacy security protection method for Internet of vehicles | |
CN108933665B (en) | Method for applying lightweight V2I group communication authentication protocol in VANETs | |
CN111885545B (en) | Method for tracking selfish node based on V2V cooperative transmission authentication | |
Almazroi et al. | FC-LSR: Fog computing-based lightweight Sybil resistant scheme in 5G-enabled vehicular networks | |
CN110677256B (en) | VPKI-based VANETs pseudonym revocation system and method | |
CN116321154A (en) | Efficient message authentication method based on zero knowledge proof in Internet of vehicles environment | |
CN116390092A (en) | Internet of vehicles fine-granularity access control method based on multi-strategy access tree | |
Tiwari et al. | A novel secure authentication scheme for VANETs |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant |