CN104363586A - Lightweight-class roaming access authentication method for Internet of Vehicles - Google Patents

Abstract

The invention discloses a lightweight-class roaming access authentication method for the Internet of Vehicles. The lightweight-class roaming access authentication method for the Internet of Vehicles comprises the steps of system initialization and roaming access authentication based on a roaming access authentication protocol, wherein when a vehicle is within the margin critical RSU range under the coverage of a local region server, a real-time cross-domain roaming judgment is made by the vehicle according to the real-time positional information, the current driving strategy and the coverage of the local region server, whether the local server is asked for roaming authentication materials is judged by the vehicle according to a judgment result, and when the vehicle travels in a roaming area, identity authentication of the vehicle is achieved through a roaming area server according to the roaming authentication materials provided by the vehicle. According to the lightweight-class roaming access authentication method for the Internet of Vehicles, safe anonymous authentication can be ensured, only Hash operation needs to be conducted when FS vehicle authentication is conducted through the roaming area server, and system overhead can be reduced greatly.

Description

The roaming access authentication method of lightweight in a kind of car networking

Technical field

The present invention relates to wireless communication field, be specifically related to the roaming access authentication method of a kind of car networking lightweight.

Background technology

Vehicle self-organizing network (VANETs) is traditional mobile ad-hoc network (MANETs) application on traffic route, is a kind of special mobile ad-hoc network.In VANET, each vehicle is equipped with a board units OBU, Main Function communicates with other vehicles or roadside unit RSU.The application of car networking can improve sharing of transport information significantly, effectively can alleviate the generation of the phenomenon such as road traffic congestion and traffic accident.Car networking provides the public service platform of an opening, to meet the demand of different user for vehicle.But car networking is also faced with the problem that data security and privacy of user are protected while providing these services.Wherein, roaming technology allows the random zone of vehicle outside its registration area still can use network service.The roaming service on basis relates to home server, roaming domain server and roaming vehicle.In order to realize secure roaming service, roaming domain server needs to carry out certification to external roaming vehicle.Therefore, one safely and efficiently authentication mechanism be system for vehicle provide roaming service institute in the urgent need to.

Roaming agreement can be divided into two types: verification process comprises the tripartite agreement of home server and do not comprise two side's agreements of home server.Clearly, the verification process of tripartite agreement is easy to the impact being subject to home server state and roaming network communication status between domain server and home server, and this is the bottleneck of the obvious defect of tripartite agreement and development.Although two side's agreements can avoid these problems, often face the problem of anonymity certification and high cost.

In car networking, vehicle is as mobile node, and it is very limited that its resource uses, and no matter be information transmission or authentication, in vehicle net, the great number cost problem of vehicle is subject to people's attention always.And in information transmission or the process of authentication, no matter adopt asymmetric encryption mechanisms or asymmetric encryption mechanism, and when the high efficiency security initialization of needs, the selection that Hash chain is best beyond doubt.But, there are two defects in the application of Hash chain, limits safety and the efficiency of Hash chain, if the Hash chain used is long, can increase computing cost and the storage overhead of system, if the Hash chain used is too short, the safety time that provides for system can be caused short, can the stability of a system be reduced.Renewable short hash chain in conjunction with long and short hash chain advantage for system provides the authentication protocol of more stable and low cost.

The people such as C.Chen propose a kind of anonymous authentication agreement of lightweight provable security, in this agreement, roamer only needs to use symmetric encipherment algorithm and hash algorithm to complete roaming authentication in the process of roaming authentication, but, although this agreement reaches the object of efficient certification by the algorithm of some lightweights, but this agreement is tripartite agreement, the participation of home server is needed in the process of certification, each user needs to depend on the current state of home server in the process of roaming authentication, if namely communication broke down is roamed domain server and is in off-line state relative to home server between roaming domain server and home server, so roamer can not carry out roaming authentication.

The people such as Q.Han propose the efficient of a kind of identity-based in the wireless network and the switching certificate scheme of high stability, this scheme belongs to two side's agreements, the participation of home server is not needed in roaming authentication process, roamer sends authentication information to roaming domain server in the process of roaming, in the process of certification, roamer needs to carry out elliptic curve encryption algorithm and Bilinear map algorithm operating, roaming domain server needs to carry out chameleon hash operation, the scheme proposed relative to people such as C.Chen adds expense, and this agreement can not ensure anonymous authentication.

Summary of the invention

Goal of the invention: the object of the invention is to solve the deficiencies in the prior art, the roaming access authentication method of lightweight in providing a kind of car to network.

Technical scheme: in a kind of car networking of the present invention, the roaming access authentication method of lightweight comprises following two steps:

(1) system initialization:

(1.1) trust center TA initialization system time T, Hash chain element interval T service time _c;

(1.2) each region server creates initial Hash chain, and sends the identity sign number ID of home server HS relative to the off-site server FS of home server HS in system _hS, be about to use Hash chain and corresponding Hash chain bring into use time Ts;

(2) access authentication is roamed:

(2.1) vehicle carries out real-time trans-region roaming judgement by real-time position information, current driving strategy and home server HS coverage parameter, if judged result is true, then trans-region roaming judges successfully, and oneself current judged result is sent to home server HS and asks roaming authentication material by vehicle;

(2.2), when home server HS receives the request of vehicle, it is that vehicle produces message authentication codes that constipation closes current system information, and deletes the log-on message of Current vehicle in this locality;

(2.3) after vehicle travels random zone, just authentication information is sent by roadside infrastructure RSU to roaming domain server FS; After off-site server receives the authentication information of vehicle, first the Hash chain that current roaming vehicle home server HS is corresponding is inquired about, the time ruler that thered is provided by trust center detects the ageing of the authentication material that Current vehicle provides, if ageing in threshold time, then continue to carry out certification to testing vehicle register, roaming domain server FS verifies testing vehicle register by the seed of the hash chain inquired, if the result of message authentication codes is consistent, then prove the reliability of Current vehicle identity;

Wherein, the authentication information that vehicle sends to roaming domain server FS, comprises vehicle home server identity and indicates number ID _hS, vehicle in territory, local last used pseudonym identity PID _j, vehicle store its Hash chain element of using when asking roaming authentication material and vehicle home server HS is the message authentication codes that vehicle produces

(2.4) the Hash chain of domain server FS by inquiring is roamed, find out the last Hash element of the hash value that Current vehicle provides, then the Hash element found and confirmation are sent to vehicle, after vehicle receiver to Hash element, Hash operation is carried out to it, if Hash result is equal with the hash value that oneself is preserved, then vehicle can confirm the identity roaming domain server FS;

(2.5) after vehicle carries out both sides' authentication with roaming domain server FS, vehicle sends registration material to roaming domain server FS, completes the identity registration in roaming domain server FS, and roaming domain server FS changes the home server of vehicle into.

Further, the process that the real-time trans-region roaming in described step (2.1) judges is as follows:

The border RSU of home server HS sends trans-region roaming to the vehicle entering its coverage and judges material, vehicle carries out trans-region roaming condition judgment according to current driving strategy and current location information in conjunction with trans-region roaming authentication material, if judged result is true, then carry out trans-region roaming judgement, vehicle sends the application of trans-region roaming authentication material to home server.

Trans-region roaming authentication material in described step (2.1) comprises trans-region roaming vector, interval service time of Hash chain element, trans-region roaming reference distance and roaming territory reference coordinate;

Described roaming territory reference coordinate is in the roaming domain server FS coverage of bordering on home server HS, the position coordinates of the adjacent roaming territory edge critical RSU corresponding with the critical RSU of this destination edge;

Described trans-region roaming vector is the vector of this destination edge critical RSU location point to the roaming territory edge critical RSU location point corresponding with local RSU;

Described trans-region roaming reference distance is: wherein, k is constant, for trans-region roaming vector.

Trans-region roaming condition judgment process in described step (2.2) is as follows:

Vehicle current driving direction vector and trans-region roaming vector are done dot product operations, if result is just, then calculates the distance between vehicle and roaming territory RSU, if this distance is less than trans-region roaming vector field homoemorphism according to vehicle changing coordinates and roaming territory reference coordinate and the difference between roaming reference distance, then roaming conditions is judged as very.

The process that described step (2.1) trans-region roaming judges is as follows:

First, vehicle calculates distance s between the two according to current position coordinates and local RSU position coordinates; Secondly, vehicle makes the following judgment according to current driving speed v and Hash chain element interval service time: wherein, n is constant; If judged result is true, then trans-region roaming judges successfully; Then car two can carry out trans-region roaming application of materials to home server HS.

Further, the use procedure of described Hash chain comprises: the pre-distribution phase of Hash chain, Hash chain operational phase and Hash chain are from regeneration stage;

Wherein, the pre-distribution phase of Hash chain is the Hash chain pre-distributed process of home server HS for car two and off-site server FS: initial Hash chain to vehicle, is distributed to off-site server FS by trust center TA by initial Hash chain afterbody Elemental partition by home server HS;

Hash chain from the process of regeneration is: first, a home server HS optional time cycle and produce a novel species subvalue at random for next Hash chain, produce new Hash chain, wherein 1≤i≤n _j-2; Then home server HS is by 3 time cycles of Stochastic choice, and corresponding three time cycles send to vehicle the message that three bindings have new Hash chain information, so realize new Hash chain certainly regenerate deployment.

Further, described home server HS is by 3 time cycles of Stochastic choice, and corresponding three time cycles send three bindings to vehicle has the message of new Hash chain information as follows to the process realizing certification:

1) 3 time cycles of home server HS Stochastic choice, be respectively and wherein, i≤f≤n _j-1, f+1≤s≤n _j, s+1≤t≤n _j+ 1; I represents that home server HS produces the time cycle of new hash chain subscript, represent new Hash chain K ^j+1first time cycle

2) home server HS is in the time cycle namely send before Article 1 binding has the message of next Hash chain information, next the Hash chain being about to use according to the current Hash chain that using and generation carries out associated information calculation, namely before and wherein, h is Hash function, with K ^tfor the authentication information be associated with new Hash chain, home server regenerates deployment certainly by what send that binding has the message of authentication information to realize Hash chain;

3) home server HS is in the time cycle sending Article 1 binding to vehicle and off-site server FS has the message content of new Hash chain deployment information as follows:

$T_f^j\left|f\right|K^t\left|\mathrm{MAC}(K_{f+1}^j,\mathrm{Ms}{g}_f^j)\right|K_f^j$

Wherein, for the message authentication code of this message, vehicle and off-site server FS utilize message authentication code to compare checking to the message that home server HS sends, if vehicle and off-site server FS are verified message, then preserve K ^t;

4) home server HS is in the time cycle sending Article 2 binding to vehicle and off-site server FS has the message content of new Hash chain deployment information as follows:

$T_s^j\left|s\right|\mathrm{MAC}(K_{s+1}^j,\mathrm{Ms}{g}_s^j)|K_s^j$

Wherein, for the message authentication code of this message, vehicle and off-site server FS utilize message authentication code to compare checking to the message that home server HS sends;

If vehicle and off-site server FS are verified message, then preserve then, vehicle and off-site server FS are by having preserved and K ^tcalculate now, vehicle and off-site server FS have preserved the hash value of new Hash chain afterbody

5) home server HS is in the time cycle namely sending Article 3 binding to vehicle and off-site server FS has the message content of new Hash chain deployment information as follows:

$T_1^{j+1}\left|1\right|\mathrm{MAC}(K_2^{j+1},\mathrm{Ms}{g}_1^{j+1})|K_1^{j+1}$

Wherein, for the message authentication code of this message, vehicle and off-site server FS utilize message authentication code to compare checking to the message that home server HS sends;

If vehicle and off-site server FS are verified message, then vehicle and off-site server FS utilize the hash value of the new Hash chain afterbody stored to the new Hash chain tail value received verify, if then be verified, vehicle and off-site server FS store new Hash chain tail value so far, home server HS application solutions has carried out the deployment of new Hash chain self-regenerative process to vehicle and off-site server FS.

Further, the process of the off-site server FS deployment Hash chain of described home server HS relative to home server HS in system is as follows:

If never outwards server FS disposed Hash chain before home server HS, then Hash chain and Hash chain brought into use time Ts together to send to off-site server FS by TA by home server HS; If not initialization is disposed, then home server HS by Hash chain afterbody element by Hash chain after regeneration techniques is disposed to off-site server FS safely, according to the time reference t that surplus element x and the current trust center TA of current Hash provide, what calculate next Hash chain brings into use time Ts=t+x*T _c, bring into use time Ts together to send to off-site server FS by TA on Hash chain and Hash chain.

Further, in described step (2.2), home server HS is that the process of the message authentication codes that vehicle produces is as follows:

Home server HS obtains the seed of currently used Hash chain then the presently used assumed name PID of vehicle of request roaming authentication material is combined _j, home server identification presentation number ID _hSand the Hash chain currentElement used information generated identifying code

Further, in described step (2.4), the verification process of roaming domain server FS to vehicle roaming authentication information is as follows:

First roam domain server FS and indicate number ID according to the vehicle home server identity in the information received _hSthe current use Hash chain of the local vehicle home server HS stored of retrieval and time Ts corresponding to Hash;

Then the element interval of delta t between Hash element and Hash chain afterbody that the vehicle that receives uses i.e. time interval is between the two added up, calculate | t|=t-Δ t-Ts, wherein t is the time reference in current TA, if | t| in threshold time, then proves the ageing of vehicle roaming authentication information;

Then domain server is roamed according to the seed of the Hash chain retrieved bring message authentication codes into checking testing vehicle register, if authorization information is correct, then roaming domain server completes the certification to vehicle identity information.

Beneficial effect: compared with prior art, the present invention has the following advantages:

(1) vehicle of the present invention carries out real-time trans-region roaming judgement by real-time position information, current driving strategy and home server HS coverage parameter, efficiently and realize deterministic process accurately.

(2) the present invention propose a kind of flexibly, can to regenerate at random from the short Hash chain method of regeneration, and it is applied in car networking roaming agreement, both combine, and achieve a kind ofly to be applicable to the high stable of car networked environment, low cost and the roaming access authentication agreement of safety.

(3) the present invention compared with prior art, adopt two side's agreements, the participation of home server is not needed in verification process, ensure that the stability of verification process, and the present invention only needs Hash arithmetic operation in the process of roaming domain server FS certification vehicle, cost is relatively lower, and in verification process, use the pseudonym identity that vehicle home server issues, and can guarantee secure anonymous certification.

Accompanying drawing explanation

Fig. 1 is system configuration schematic diagram of the present invention;

Fig. 2 is roaming authentication process flow diagram of the present invention;

Fig. 3 is roaming authentication protocol interaction procedure chart of the present invention;

Fig. 4 is vehicle of the present invention roaming deterministic process schematic diagram;

Fig. 5 is of the present invention from regeneration hash chain new chain deployment reciprocal process schematic diagram;

Fig. 6 is computing cost figure when home server adopts single Hash chain in embodiment;

Fig. 7 is that in embodiment, home server adopts the computing cost figure using the Hash chain of different length when regeneration Hash chain scheme.

Embodiment

Below technical solution of the present invention is described in detail, but protection scope of the present invention is not limited to described embodiment.

As shown in Figure 1, in the present invention, car networking certification architecture is divided into 3 grades: most top layer connect each region server for national trust center TA, TA, the roadside infrastructure RSU of region server again respectively in join domain.Whole nation trust center TA is trust authority, except providing system time reference, specification Hash chain element interval service time, also provides the trust passage disposing Hash chain between each region server.Region server is trust authority, can provide random roam authentication material in generation system for the Hash chain of authentication and for vehicle.RSU is roadside unit, is responsible for vehicle and provides access point.

When vehicle will carry out trans-region roaming, real-time trans-region roaming judgement is carried out by real-time position information, current driving strategy and home server HS coverage parameter, if judged result is true, then trans-region roaming judges successfully, and oneself current judged result is sent to home server HS and asks roaming authentication material by vehicle.When home server HS receives the request of vehicle, it is that vehicle produces message authentication codes MAC that constipation closes current system information, and deletes the log-on message of Current vehicle in this locality.After vehicle travels random zone, just send authentication information by roadside infrastructure RSU to roaming domain server FS; After roaming domain server receives the authentication material of vehicle, first the Hash chain that the home server of current roaming vehicle is corresponding is inquired about, the time ruler that thered is provided by trust center detects the ageing of the authentication material that Current vehicle provides, if ageing in threshold time, then continue to carry out certification to testing vehicle register, roaming domain server FS verifies testing vehicle register by the seed of the hash chain inquired, if mac authentication result is consistent, then proves the reliability of Current vehicle identity.The Hash chain of roaming domain server FS by inquiring, find out the last Hash element of the hash value that Current vehicle provides, then the Hash element found and confirmation are sent to vehicle, after vehicle receiver to Hash element, Hash operation is carried out to it, if Hash result is equal with the hash value that oneself is preserved, then vehicle can confirm the identity roaming domain server FS.After vehicle and roam server carry out both sides' authentication, vehicle outwards server FS sends registration material, completes the identity registration in roaming domain server, and roaming domain server FS changes the home server of vehicle into.

As shown in Figure 2, in the present invention, the concrete steps of roaming agreement certification are as follows:

1. the deployment in system between TA and each region server:

1) trust center TA initialization system time T, Hash chain element interval T service time _c;

2) each region server creates initial Hash chain, and sends the identity sign number ID of home server HS relative to the off-site server FS of home server HS in system _hS, be about to use Hash chain and corresponding Hash chain bring into use time Ts, if initialization is disposed, namely before home server, never outwards server disposition crosses Hash chain, then Hash chain and Hash chain bring into use time Ts together to send to off-site server FS by TA by home server HS, dispose if not initialization, then home server HS by Hash chain afterbody element by Hash chain after regeneration techniques is disposed to off-site server FS safely, according to the time reference t that surplus element x and the current trust center TA of current Hash provide, what calculate next Hash chain brings into use time Ts=t+x*T _c, bring into use time Ts together to send to off-site server FS by TA on Hash chain and Hash chain,

2. roam access authentication protocol information mutual, its detailed process as shown in Figure 3:

1) the border RSU of home server HS judges material to the vehicle transmission trans-region roaming entered in its coverage, and wherein trans-region roaming judges that material comprises trans-region roaming vector hash chain element interval T service time _c, trans-region roaming reference distance x, roaming territory reference coordinate (x _f, y _f).Vehicle is according to current driving strategy and current location information (x _c, y _c) carry out trans-region roaming condition judgment in conjunction with trans-region roaming authentication material, deterministic process is as follows:

$\sqrt{{(x_c-x_f)}^2+{(y_c-y_f)}^2}<\left|\stackrel{\&RightArrow;}{v}\right|-\left(\right|\stackrel{\&RightArrow;}{v}|/2-k*T_c),$ Wherein, k is constant

If judged result is true, then carry out trans-region roaming judgement, deterministic process is as follows:

$\left(\right|\stackrel{\&RightArrow;}{v}|/2-s)/v\&le;n*T_c,$ Wherein, n is constant, if judged result is true, vehicle sends the application of trans-region roaming authentication material to home server.

2), when home server HS receives the request of vehicle, it is that vehicle produces message authentication codes that constipation closes current system information and delete the log-on message of Current vehicle in this locality.

3) after vehicle travels random zone, just authentication information is sent by roadside infrastructure RSU to roaming domain server FS:

${\mathrm{ID}}_{\mathrm{HS}},{\mathrm{PID}}_j,K_s^j,\mathrm{MAC}(K_{n_j}^j,K_{n_j}^j|\left|K_s^j\right|\left|{\mathrm{ID}}_{\mathrm{HS}}\right|\left|{\mathrm{PID}}_j\right)$

Wherein, ID _hSfor vehicle home server identity indicates number, PID _jfor vehicle in territory, local last used pseudonym identity, store by vehicle its Hash chain element of using when asking roaming authentication material, for vehicle home server HS is the message authentication codes that vehicle produces.

After roaming domain server FS receives the authentication information of vehicle, first indicate number ID according to the vehicle home server identity in the information received _hSthe current use Hash chain of the local vehicle home server HS stored of retrieval and time Ts corresponding to Hash; Then the element interval of delta t between Hash element and Hash chain afterbody that the vehicle that receives uses i.e. time interval is between the two added up, calculate | t|=t-Δ t-Ts, wherein t is the time reference in current TA, if | t| in threshold time, then proves the ageing of vehicle roaming authentication information; Then domain server is roamed according to the seed of the Hash chain retrieved bring message authentication codes into checking testing vehicle register, if authorization information is correct, then roaming domain server completes the certification to vehicle identity information.

4) the Hash chain of domain server FS by inquiring is roamed, find out the last Hash element of the hash value that Current vehicle provides, then the Hash element found and confirmation are sent to vehicle, after vehicle receiver to Hash element, Hash operation is carried out to it, if Hash result is equal with the hash value that oneself is preserved, then vehicle can confirm the identity roaming domain server FS.

5) after vehicle carries out both sides' authentication with roaming domain server FS, vehicle sends registration material to roaming domain server FS, completes the identity registration in roaming domain server FS, and roaming domain server FS changes the home server of vehicle into.

Wherein, the use procedure of involved in such scheme implementation process Hash chain is as follows:

1) home server HS is for the pre-distributed process of Hash chain of vehicle and off-site server FS.Home server HS is by initial Hash chain afterbody element distribute to vehicle, initial Hash chain is distributed to off-site server FS by trust center TA.

2) Hash chain self-regenerative process and deployment as follows:

An A home server HS optional time cycle wherein the span of i is 1≤i≤n _j-2; For next Hash chain produces a novel species subvalue at random, and produce new Hash chain.

B home server HS is by 3 time cycles of Stochastic choice, and corresponding three time cycles send three bindings to vehicle has the message of new Hash chain information certainly to regenerate deployment to what realize new Hash chain, dispose reciprocal process as shown in Figure 5 from the new chain of regeneration hash chain, detailed process is as follows:

2 ₁) 3 time cycles of home server Stochastic choice, be respectively and wherein the span of f is i≤f≤n _j-1, wherein the span of s is f+1≤s≤n _j, wherein the span of t is s+1≤t≤n _j+ 1.

Wherein, i represents that home server HS produces the time cycle of new hash chain subscript,

represent again new Hash chain K ^j+1first time cycle

2 ₂) home server HS is in the time cycle namely send before Article 1 binding has the message of next Hash chain information, next the Hash chain being about to use according to the current Hash chain that using and generation carries out associated information calculation, namely before $K_0^{j+1}=h\left(K_1^{j+1}\right)$ And $K^t=K_s^j\&CirclePlus;K_0^{j+1}.$

Wherein, h is Hash function,

with K ^tfor the authentication information be associated with new Hash chain, home server regenerates deployment certainly by what send that binding has the message of authentication information to realize Hash chain.

2 ₃) home server HS is in the time cycle sending Article 1 binding to vehicle and off-site server FS has the message content of new Hash chain deployment information as follows:

$T_f^j\left|f\right|K^t\left|\mathrm{MAC}(K_{f+1}^j,\mathrm{Ms}{g}_f^j)\right|K_f^j$

Wherein, for the message authentication code of this message, vehicle and off-site server FS utilize message authentication code to compare checking to the message that home server HS sends.

If vehicle and off-site server FS are verified message, then preserve K ^t.

2 ₄) home server HS is in the time cycle sending Article 2 binding to vehicle and off-site server FS has the message content of new Hash chain deployment information as follows:

$T_s^j\left|s\right|\mathrm{MAC}(K_{s+1}^j,\mathrm{Ms}{g}_s^j)|K_s^j$

Wherein, for the message authentication code of this message, vehicle and off-site server FS utilize message authentication code to compare checking to the message that home server HS sends.

If vehicle and off-site server FS are verified message, then preserve then, vehicle and off-site server FS are by having preserved and K ^tcalculate now, vehicle and off-site server FS have preserved the hash value of new Hash chain afterbody

2 ₅) home server HS is in the time cycle namely sending Article 3 binding to vehicle and off-site server FS has the message content of new Hash chain deployment information as follows:

$T_1^{j+1}\left|1\right|\mathrm{MAC}(K_2^{j+1},\mathrm{Ms}{g}_1^{j+1})|K_1^{j+1}$

Wherein, for the message authentication code of this message, vehicle and off-site server FS utilize message authentication code to compare checking to the message that home server HS sends.

If vehicle and off-site server FS are verified message, then vehicle and off-site server FS utilize the hash value of the new Hash chain afterbody stored to the new Hash chain tail value received verify, if then be verified, vehicle and off-site server FS store new Hash chain tail value so far, achieving of home server HS safety has carried out the deployment of new Hash chain self-regenerative process to vehicle and off-site server FS.

Computing cost analysis below by the Hash of the regeneration certainly chain scheme in embodiment describes the present invention in detail.

Embodiment:

Suppose that Hash chain total length is N, when adopting strand, the computing cost of Hash chain as shown in Figure 6.If the length of the Hash chain used in the protocol is N, and in Hash chain, the length of short chain is x _i, the number of short Hash chain is n.In addition, suppose that the single calculation expense of Hash function is a, the communication overhead of transmission corresponding secret key is b.So broadcast node is in the use procedure of whole Hash chain, and required computing cost and communication overhead sum are:

$E=a\underset{i=1}{\overset{n}{\mathrm{\&Sigma;}}}\frac{x_i(x_i-1)}{2}+(3a+2b)(n-1)$

Wherein, if x _ivalue identical and be x, when N can be divided exactly by x simultaneously, above-mentioned formula becomes:

$E=a\&CenterDot;\frac{x(x+1)}{2}\&CenterDot;\frac{N}{x}+(3a+2b)(\frac{N}{x}-1)=\frac{\mathrm{aNx}}{2}+\frac{(3a+2b)N}{x}+\frac{\mathrm{aN}-4b-6a}{2}$

Known by above-mentioned formula, when

$\frac{\mathrm{aNx}}{2}=\frac{(3a+2b)N}{x}$

Namely when time, expense E has minimum value, and can find, the value based on the optimization method expense minimum value of Hash chain is only relevant with the ratio of computing cost to the communication overhead of adopted Hash function simultaneously, and has nothing to do with the length of Hash chain.

If the Hash function that the present embodiment adopts is based on RC5, the computing cost of known RC5 is equivalent to the expense of transmission 1 byte data, so the key length of each transmission is 8 bytes, thus b/a=8.Now, we can calculate it can thus be appreciated that if adopted based on RC5Hash function, when the length of Hash chain is 6, the computing cost that home server HS disposes Hash chain is minimum.

In units of the energy of a Hash calculating, so, total computing cost of the short Hash chain of different length is adopted as shown in Figure 7; As can be seen from Figure 7, along with the increase of Hash chain length, the energy expense that home server HS disposes Hash chain can increase gradually.And when adopting single Hash chain, the gathering way of energy expense of home server HS can increase along with the increase of Hash chain length, and speed goes is large, and adopts based on the method for short Hash chain from regeneration, the energy expense of node is linear substantially, and maintains lower level.

In sum, the present invention can guarantee the secure anonymous certification in vehicle roam procedure, and because only need Hash arithmetic operation in the process of roaming domain server FS certification vehicle, so significantly reduce overhead, achieve the roaming access authentication procedure of lightweight in car networking.

Claims (10)

1. the roaming access authentication method of lightweight in car networking, is characterized in that: comprise following two steps:

(1) system initialization:

(1.1) trust center TA initialization system time T, Hash chain element interval T service time _c;

(1.2) each region server creates initial Hash chain, and sends the identity sign number ID of home server HS relative to the off-site server FS of home server HS in system _hS, be about to use Hash chain and corresponding Hash chain bring into use time Ts;

(2) access authentication is roamed:

(2.1) vehicle carries out real-time trans-region roaming judgement by real-time position information, current driving strategy and home server HS coverage parameter, if judged result is true, then trans-region roaming judges successfully, and oneself current judged result is sent to home server HS and asks roaming authentication material by vehicle;

(2.2), when home server HS receives the request of vehicle, it is that vehicle produces message authentication codes that constipation closes current system information, and deletes the log-on message of Current vehicle in this locality;

(2.3) after vehicle travels random zone, just authentication information is sent by roadside infrastructure RSU to roaming domain server FS; After off-site server receives the authentication information of vehicle, first the Hash chain that current roaming vehicle home server HS is corresponding is inquired about, the time ruler that thered is provided by trust center detects the ageing of the authentication material that Current vehicle provides, if ageing in threshold time, then continue to carry out certification to testing vehicle register, roaming domain server FS verifies testing vehicle register by the seed of the hash chain inquired, if the result of message authentication codes is consistent, then prove the reliability of Current vehicle identity;

Wherein, the authentication information that vehicle sends to roaming domain server FS, comprises vehicle home server identity and indicates number ID _hS, vehicle in territory, local last used pseudonym identity PID _j, vehicle store its Hash chain element of using when asking roaming authentication material and vehicle home server HS is the message authentication codes that vehicle produces

(2.4) the Hash chain of domain server FS by inquiring is roamed, find out the last Hash element of the hash value that Current vehicle provides, then the Hash element found and confirmation are sent to vehicle, after vehicle receiver to Hash element, Hash operation is carried out to it, if Hash result is equal with the hash value that oneself is preserved, then vehicle can confirm the identity roaming domain server FS;

(2.5) after vehicle carries out both sides' authentication with roaming domain server FS, vehicle sends registration material to roaming domain server FS, completes the identity registration in roaming domain server FS, and roaming domain server FS changes the home server of vehicle into.

2. the roaming access authentication method of lightweight in car according to claim 1 networking, is characterized in that: the process that the real-time trans-region roaming in described step (2.1) judges is as follows:

The border RSU of home server HS sends trans-region roaming to the vehicle entering its coverage and judges material, vehicle carries out trans-region roaming condition judgment according to current driving strategy and current location information in conjunction with trans-region roaming authentication material, if judged result is true, then carry out trans-region roaming judgement, vehicle sends the application of trans-region roaming authentication material to home server.

3. the roaming access authentication method of lightweight in car according to claim 1 networking, is characterized in that: the trans-region roaming authentication material in described step (2.1) comprises trans-region roaming vector, interval service time of Hash chain element, trans-region roaming reference distance and roaming territory reference coordinate;

Described roaming territory reference coordinate is in the roaming domain server FS coverage of bordering on home server HS, the position coordinates of the adjacent roaming territory edge critical RSU corresponding with the critical RSU of this destination edge;

Described trans-region roaming vector is the vector of this destination edge critical RSU location point to the roaming territory edge critical RSU location point corresponding with local RSU;

Described trans-region roaming reference distance is: wherein, k is constant, for trans-region roaming vector.

4. the roaming access authentication method of lightweight in car according to claim 2 networking, is characterized in that: the trans-region roaming condition judgment process in described step (2.2) is as follows:

Vehicle current driving direction vector and trans-region roaming vector are done dot product operations, if result is just, then calculates the distance between vehicle and roaming territory RSU, if this distance is less than trans-region roaming vector field homoemorphism according to vehicle changing coordinates and roaming territory reference coordinate and the difference between roaming reference distance, then roaming conditions is judged as very.

5. the roaming access authentication method of lightweight in car according to claim 2 networking, is characterized in that: the process that described step (2.1) trans-region roaming judges is as follows:

First, vehicle calculates distance s between the two according to current position coordinates and local RSU position coordinates; Secondly, vehicle makes the following judgment according to current driving speed v and Hash chain element interval service time: wherein, n is constant; If judged result is true, then trans-region roaming judges successfully; Then car two can carry out trans-region roaming application of materials to home server HS.

6. the roaming access authentication method of lightweight in car according to claim 1 networking, is characterized in that: the use procedure of described Hash chain comprises: the pre-distribution phase of Hash chain, Hash chain operational phase and Hash chain are from regeneration stage;

Wherein, the pre-distribution phase of Hash chain is the Hash chain pre-distributed process of home server HS for car two and off-site server FS: initial Hash chain to vehicle, is distributed to off-site server FS by trust center TA by initial Hash chain afterbody Elemental partition by home server HS;

Hash chain from the process of regeneration is: first, a home server HS optional time cycle and produce a novel species subvalue at random for next Hash chain, produce new Hash chain, wherein 1≤i≤n _j-2; Then home server HS is by 3 time cycles of Stochastic choice, and corresponding three time cycles send to vehicle the message that three bindings have new Hash chain information, so realize new Hash chain certainly regenerate deployment.

7. the roaming access authentication method of lightweight in car according to claim 6 networking, it is characterized in that: described home server HS is by 3 time cycles of Stochastic choice, and corresponding three time cycles send three bindings to vehicle has the message of new Hash chain information as follows from regeneration deployment:

1) 3 time cycles of home server HS Stochastic choice, be respectively and wherein, i≤f≤n _j-1, f+1≤s≤n _j, s+1≤t≤n _j+ 1; I represents that home server HS produces the time cycle of new hash chain subscript, represent new Hash chain K ^j+1first time cycle

2) home server HS is in the time cycle namely send before Article 1 binding has the message of next Hash chain information, next the Hash chain being about to use according to the current Hash chain that using and generation carries out associated information calculation, namely before and wherein, h is Hash function, be the authentication information be associated with new Hash chain with K ', home server regenerates deployment certainly by what send that binding has the message of authentication information to realize Hash chain;

3) home server HS is in the time cycle sending Article 1 binding to vehicle and off-site server FS has the message content of new Hash chain deployment information as follows:

$T_f^j\left|f\right|K^{\&prime;}\left|\mathrm{MAC}(K_{f+1}^j,{\mathrm{Msg}}_f^j)\right|K_f^j$

Wherein, for the message authentication code of this message, vehicle and off-site server FS utilize message authentication code to compare checking to the message that home server HS sends, if vehicle and off-site server FS are verified message, then preserve K ';

4) home server HS is in the time cycle sending Article 2 binding to vehicle and off-site server FS has the message content of new Hash chain deployment information as follows:

$T_s^j\left|s\right|\mathrm{MAC}(K_{s+1}^j,{\mathrm{Msg}}_s^j)|K_s^j$

Wherein, for the message authentication code of this message, vehicle and off-site server FS utilize message authentication code to compare checking to the message that home server HS sends;

If vehicle and off-site server FS are verified message, then preserve then, vehicle and off-site server FS are by having preserved and K ' calculating now, vehicle and off-site server FS have preserved the hash value of new Hash chain afterbody

5) home server HS is in the time cycle namely sending Article 3 binding to vehicle and off-site server FS has the message content of new Hash chain deployment information as follows:

$T_1^{j+1}\left|1\right|\mathrm{MAC}(K_2^{j+1},{\mathrm{Msg}}_1^{j+1})|K_1^{j+1}$

Wherein, for the message authentication code of this message, vehicle and off-site server FS utilize message authentication code to compare checking to the message that home server HS sends;

If vehicle and off-site server FS are verified message, then vehicle and off-site server FS utilize the hash value of the new Hash chain afterbody stored to the new Hash chain tail value received verify, if then be verified, vehicle and off-site server FS store new Hash chain tail value so far, home server HS application solutions has carried out the deployment of new Hash chain self-regenerative process to vehicle and off-site server FS.

8. the roaming access authentication method of lightweight in car according to claim 7 networking, is characterized in that: the process that described home server HS disposes Hash chain relative to the off-site server FS of home server HS in system is as follows:

If never outwards server FS disposed Hash chain before home server HS, then Hash chain and Hash chain brought into use time Ts together to send to off-site server FS by TA by home server HS; If not initialization is disposed, then home server HS by Hash chain afterbody element by Hash chain after regeneration techniques is disposed to off-site server FS safely, according to the time reference t that surplus element x and the current trust center TA of current Hash provide, what calculate next Hash chain brings into use time Ts=t+x*T _c, bring into use time Ts together to send to off-site server FS by TA on Hash chain and Hash chain.

9. the roaming access authentication method of lightweight in car according to claim 1 networking, it is characterized in that: in described step (2.2), home server HS is that the process of the message authentication codes that vehicle produces is as follows: home server HS obtains the seed of currently used Hash chain then the presently used assumed name PID of vehicle of request roaming authentication material is combined _j, home server identification presentation number ID _hSand the Hash chain currentElement used information generated identifying code

10. the roaming access authentication method of lightweight in car according to claim 1 networking, it is characterized in that: in described step (2.4), the verification process of roaming domain server FS to vehicle roaming authentication information is as follows:

First roam domain server FS and indicate number ID according to the vehicle home server identity in the information received _hSthe current use Hash chain of the local vehicle home server HS stored of retrieval and time Ts corresponding to Hash;

Then the element interval of delta t between Hash element and Hash chain afterbody that the vehicle that receives uses i.e. time interval is between the two added up, calculate | t|=t-Δ t-Ts, wherein t is the time reference in current TA, if | t| in threshold time, then proves the ageing of vehicle roaming authentication information;

Then domain server is roamed according to the seed of the Hash chain retrieved bring message authentication codes into checking testing vehicle register, if authorization information is correct, then roaming domain server completes the certification to vehicle identity information.