CN108234445B - Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud - Google Patents

Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud Download PDF

Info

Publication number
CN108234445B
CN108234445B CN201711245829.8A CN201711245829A CN108234445B CN 108234445 B CN108234445 B CN 108234445B CN 201711245829 A CN201711245829 A CN 201711245829A CN 108234445 B CN108234445 B CN 108234445B
Authority
CN
China
Prior art keywords
cloud
vehicle
key
message
manager
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711245829.8A
Other languages
Chinese (zh)
Other versions
CN108234445A (en
Inventor
张磊
戴菲菲
孟欣宇
张元飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Qusu Technology Co ltd
Original Assignee
East China Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by East China Normal University filed Critical East China Normal University
Priority to CN201711245829.8A priority Critical patent/CN108234445B/en
Publication of CN108234445A publication Critical patent/CN108234445A/en
Application granted granted Critical
Publication of CN108234445B publication Critical patent/CN108234445B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Traffic Control Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a cloud establishment and data security transmission method for privacy protection in a vehicle-mounted cloud. The invention provides a method for safely and anonymously establishing the vehicle-mounted cloud, and a cloud user can efficiently join and leave the vehicle-mounted cloud. After the vehicle cloud is established, the cloud user can securely and anonymously send messages to the vehicles in the vehicle cloud through three different modes. The invention has the following characteristics: the method meets the certifications and privacy of the sender, the confidentiality of the message and ensures that the sensitive position of the sender is not disclosed.

Description

Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud
Technical Field
The invention belongs to the field of information security and vehicle-mounted cloud, and particularly relates to a cloud establishment and data security transmission method for privacy protection in the vehicle-mounted cloud.
Background
An on-board ad hoc network (on-board network) is an ad hoc network for communication between vehicles, and the vehicles in the on-board network have certain computing and storage resources. In order to fully utilize computing and storage resources which are not fully utilized by vehicles in the vehicle-mounted network, the vehicle-mounted network is combined with a cloud computing technology, so that the vehicles in the vehicle-mounted network form a vehicle-mounted cloud, cloud service is provided for other vehicles, and traffic safety and efficiency are ensured; meanwhile, the vehicle-mounted cloud is a dynamic real-time system, and the privacy of vehicle users and the safety of data transmission in the vehicle-mounted cloud are still required to be met when vehicles join and leave the vehicle-mounted cloud.
In order to achieve the above-mentioned object of the vehicle cloud, it is important that the vehicle cloud is safely established and the transmission data is safely received. In the vehicle-mounted cloud establishment and maintenance process, the joining and leaving of the vehicle bring safety problems, and the vehicle cloud is required to update the encryption key and the decryption key in time. Meanwhile, the privacy of the vehicle in the vehicle cloud is also considered, and the information of the vehicle comprises the identity, the position and the like of the vehicle, and the information relates to the privacy of the vehicle owner. Privacy in the vehicle cloud should be conditional. Malicious vehicles may send false information misleading other vehicles to an accident. Conditional privacy requires that the generator of spurious information be traceable when it is compromised.
The prior scholars propose solutions for solving privacy and security problems of data transmission of the vehicle-mounted cloud, but some scholars do not fully define the data transmission type in the vehicle-mounted cloud, and some scholars do not consider privacy protection based on positions.
Disclosure of Invention
The invention aims to: aiming at the defects of the existing vehicle-mounted cloud establishment and data security transmission method, the cloud establishment and data security transmission method with privacy protection in the vehicle-mounted cloud is provided, and the method meets the requirements of certifiability and privacy of a sender and confidentiality of information and ensures that a sensitive position of the sender is not disclosed.
The specific technical scheme for realizing the purpose of the invention is as follows:
a cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud comprises the following entities: a Trusted Authority (TA), a roadside unit (RSU), a vehicle (cloud member, cloud user, cloud manager), and a cloud management center (CCM); the method comprises the following steps:
step 1: TA settings
TA selects a system master key to generate a system global parameter lambda ═ q, GT,g,gpub,H1~H5,EK(.)/DK(.), IDS), and publishes global parameters; wherein, GTIs a cyclic group, q is the order of the cyclic group, G is the generator of G, GpubIs the public key of TA, H1~H5Is a hash function, EK(.)/DK(.), K being a secret key, IDS being a secure identity-based signature;
step 2: vehicle and RSU arrangement
The TA calculates a plurality of pseudonyms of the vehicle through the vehicle identity identification and the validity period, and generates a corresponding private key through the pseudonyms;
the TA takes the real identity of the RSU as a public key of the RSU and generates a corresponding private key;
and step 3: vehicle cloud setting
Firstly, vehicle-mounted cloud is initialized: when a group of vehicles form a vehicle-mounted cloud to share resources, selecting one vehicle as a cloud manager and determining the scale of a group, and then sequentially broadcasting messages by the vehicles in the group to determine a group encryption key and a different decryption key of each vehicle; membership in the vehicle-mounted cloud is dynamic, each vehicle can join or leave the vehicle-mounted cloud, and the group encryption key and the decryption key of each vehicle need to be changed every time the vehicle changes;
and 4, step 4: secure messaging
The cloud user finds the vehicle-mounted cloud through the cloud management center CCM to send the message, and the process is divided into three modes:
1) internal use mode: the cloud user is a member of the vehicle-mounted cloud to be sent, the cloud user encrypts a message by using a group public encryption key and broadcasts the message to the vehicle-mounted cloud, and vehicles in the group use respective group decryption keys to obtain the message;
2) short-range usage mode: the cloud user sends a message to vehicles in nearby vehicle-mounted clouds, and the process is the same as that of 1);
3) remote use mode: the cloud user sends a message to a vehicle in a remote vehicle-mounted cloud, and the position of the message is hidden by adopting a position encryption technology;
and 5: tracing of false messages
When a malicious vehicle sends a false message, the TA finds out a producer of the false message;
step 6: enhancement of vehicle privacy
Since the vehicle cloud is a dynamic environment, in order to protect the privacy of the vehicle, when a vehicle joins or leaves the vehicle cloud, the group encryption key is changed by re-randomization.
Step 3, the initialization process of the vehicle-mounted cloud specifically comprises the following steps:
1) the cloud manager is the t-th vehicle in the group, the group scale is n, and the cloud manager selects a unique identifier sid;
2) for other vehicles v without cloud manager in vehicle cloudiI denotes the number of the vehicle, v at presentiIs (p) as the pseudonymization private key pairi1,(si1,0,si1,1) Wherein p) isi1Is v isiIs a name ofi1,0,si1,1Is a ViThe private key of (1); for j ≦ 1 ≦ n, n signatures are computed
Figure GDA0002833128500000021
In which ξiTo hash the identity sid, alias, timestamp and random number, θiAnd ηiIs a random value, v is a hash value over the identity sid, fjPublishing the entire signature σ for the session ID and the hash value of ji=(pi1,tpi,ai,bi,{yi,j}j∈{1,...,n},j≠i) Wherein tpiIs a time stamp, ai,biIs a random value;
3) for cloud manager VtThe current pseudonymous private key pair is (p)t1,(st1,0,st1,1) E.g., 2), for 1 ≦ i ≦ n, a signature is generated
Figure GDA0002833128500000031
Wherein p istiIs a VtIth alias of (tp)iIn the form of a time stamp,
Figure GDA0002833128500000032
is a random value and is used as a reference,
Figure GDA0002833128500000033
for signing, publishing
Figure GDA0002833128500000034
Wherein
Figure GDA0002833128500000035
The number of vehicles actually added to the vehicle-mounted cloud;
4) for each vehicle V in the vehicle-mounted cloudiCalculating a group encryption key (E, Θ),
Figure GDA0002833128500000036
wherein a isiAnd biIs a random value, pi,0And pi,1Hash value for alias, gpubIs the master public key, v is the hash value of the identity sid;
5) for each vehicle v in the vehicle-mounted cloudiCalculating their respective decryption keys
Figure GDA0002833128500000037
Wherein l is more than or equal to 1 and less than or equal to n, yl,iIs v isiThe signature of (2);
6) cloud manager generating cloud information
Figure GDA0002833128500000038
And broadcast to cloud members, where info includes information of the vehicle cloud such as location, time of vehicle cloud creation, available computing and storage resources,
Figure GDA0002833128500000039
is a signature, p, for E, Θ, sid, infot(n+1)The name is the name of a cloud manager; after the cloud manager sends the cloud information, the cloud member needs to verify the validity of the signature.
Step 3, the process of the vehicle joining and leaving the vehicle cloud specifically comprises the following steps:
1) after the vehicle cloud is formed, there is a vehicle VIPrepare to join the vehicle cloud as the I-th cloud member, and the current name-changing private key pair is (p)I,(sI,0,sI,1) Calculates and publishes its signature σI=(pItpIaI,bI,{yI,j}j∈{1,...,n},j≠l) Wherein p isIIs a VIIs named, tpIIs a time stamp, aI,bIIs a random value, { yI,j}j∈{1,...,n},j≠lSign it;
2) when other cloud members in the vehicle-mounted cloud receive VIThe public encryption key and the respective decryption key need to be updated after the message, wherein the cloud manager needs to generate and broadcast new cloud information
Figure GDA00028331285000000310
3) When there is a cloud member V in the vehicle-mounted cloudlWhen leaving, two cases are distinguished: first, when l ≠ t, i.e. VlThe non-cloud manager updates the cloud information, verifies the validity of the cloud information for each cloud member, and updates the public encryption key and the decryption key if the cloud information is valid; second, when l ═ t, i.e. VlAnd if the cloud manager is the cloud manager, selecting a new cloud manager according to the vehicle-mounted cloud initialization process in the step 3, and generating a public encryption key and a decryption key of each cloud member.
Step 4, the internal usage mode in the process of secure message transmission specifically includes:
1) the cloud user selects a random session key zeta belongs to K, and zeta is an encryption scheme EK(.)/DK(.);
2) signing the message m by using an identity-based signature scheme IDS to obtain a signature gamma, and calculating a ciphertext C1=Eζ(m||γ);
3) Selecting a random value
Figure GDA00028331285000000311
Figure GDA00028331285000000312
For a set of positive integers, an encrypted session key C is calculated2=(A1,A2,A3) Wherein A is1=gρ
Figure GDA00028331285000000313
A1,A2,A3Is an intermediate value, and the ciphertext C is equal to C1||C2Send to the vehicle-mounted cloud VCi
4) Vehicle cloud VCiCloud member V in (1)lThe decryption key of (a) is dl,VlComputing session keys
Figure GDA0002833128500000041
flIs a hash value, H5Is a hash function;
5) decrypting plaintext m | | | γ ═ Dζ(C1),DζFor the decryption algorithm, assuming that γ is validated, the message m is accepted.
The invention provides a method for safely and anonymously establishing the vehicle-mounted cloud, and a cloud user can efficiently join and leave the vehicle-mounted cloud. After the vehicle cloud is established, the cloud user can securely and anonymously send messages to the vehicles in the vehicle cloud through three different modes.
Drawings
FIG. 1 is a flow chart of the present invention.
Detailed Description
A cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud comprises the following entities: a Trusted Authority (TA), a roadside unit (RSU), a vehicle (cloud member, cloud user, cloud manager), and a cloud management center (CCM); the method comprises the following steps:
(1) TA settings
Taking the safety parameter lambda as input, generating a global parameter by the TA and issuing the global parameter to the vehicle by the TA, and specifically implementing the following steps:
1) selecting two cyclic multiplicative groups G, GTWith order q, there is an effective bilinear mapping:
Figure GDA0002833128500000042
selecting G epsilon G.
2) Selecting a symmetric encryption scheme EK(.)/DK(.)。
3) Selecting a symmetric key xi, selecting a random number
Figure GDA0002833128500000043
Figure GDA0002833128500000044
For a positive integer set, set (xi, pi) as the system master key and set the public key as gpub=gπ
4) 5 hash functions were selected: h1,H2,H3:{0,1}*→G,H4
Figure GDA0002833128500000045
H5:GT→ K. Where K is the key space.
5) Setting global system parameter lambda ═ (q, G)T,g,gpub,H1~H5,EK(.)/DK(.), IDS), and publishes global parameters; wherein, GTIs a cyclic group, q is the order of the cyclic group, G is the generator of G, GpubIs the public key of TA, H1~H5Is a hash function, EK(.)/DK(.), K being a secret key, is a secure identity-based signature scheme.
(2) Vehicle and RSU arrangement
For vehicle ViIs set to have the true identity of
Figure GDA0002833128500000047
Suppose it requires mu anonymous private key pairs, ViWill be provided with
Figure GDA0002833128500000046
Sending to TA, the specific process is as follows:
1) setting a pseudonym for j is more than or equal to 1 and less than or equal to mu
Figure GDA00028331285000000514
Where τ is the time stamp, vpjThe validity period is.
2) For j is more than or equal to 1 and less than or equal to mu, calculating hash value p of the pseudonymij,0=H1(pij,0),pij,1=H1(pij,1)。
3) Signing the pseudonym
Figure GDA0002833128500000051
4) TA alias μ and its signature (p)ij,sij) And transmitting to the vehicle through the safety channel.
For RSURiIs set to have the true identity of
Figure GDA0002833128500000052
The process of generating the private key is as follows:
1) computing hash values for RSU identities
Figure GDA0002833128500000053
2) Computing signatures for 1) intermediate High values
Figure GDA0002833128500000054
3) TA private key
Figure GDA0002833128500000055
Sent to R over a secure channeli
(3) Vehicle cloud setting
Firstly, vehicle-mounted cloud is initialized, and the specific process is as follows:
1) assuming that the cloud manager is the t-th vehicle in the group, the group size is n, and the cloud manager selects a unique session ID as sid.
2) For other vehicles (not including cloud manager) V in vehicle cloudiSuppose that V is presentiIs (p) as the pseudonymization private key pairi1,(si1,0,si1,1) Wherein p) isi1Is a ViIs a name ofi1,0,si1,1Is a ViThe private key pair of (1). For j ≦ 1 ≦ n, n signatures are computed
Figure GDA0002833128500000056
In which ξiAs hash values of session ID, alias, timestamp, and random number, θiAnd ηiIs a random value, v is a hash value over the session ID, fjPublishing the entire signature σ for the hash value of the session ID and ji=(pi1,tpi,ai,bi,{yi,j}j∈{1,...,n},j≠i) Wherein tpiIs a time stamp, ai,biIs a random value.
3) For cloud manager VtAssume that the current pseudonym private key pair is (p)t1,(st1,0,st1,1) E.g., 2)) for 1 ≦ i ≦ n, a signature is generated
Figure GDA0002833128500000057
Wherein p istiIs a VtIth alias of (tp)iIn the form of a time stamp,
Figure GDA0002833128500000058
is a random value and is used as a reference,
Figure GDA0002833128500000059
for signing, publishing
Figure GDA00028331285000000510
Wherein
Figure GDA00028331285000000511
The number of vehicles actually added to the vehicle-mounted cloud.
4) For each vehicle V in the vehicle-mounted cloudiCalculating a common encryption key (E, Θ),
Figure GDA00028331285000000512
wherein a isiAnd biIs a random value, pi,0And pi,1Hash value for alias, gpubIs the master public key and v is the hash value of the session ID.
5) For each vehicle V in the vehicle-mounted cloudiCalculating their respective decryptionsSecret key
Figure GDA00028331285000000513
Wherein l is more than or equal to 1 and less than or equal to n, yl,iIs a ViThe signature of (2).
6) Cloud manager generating cloud information
Figure GDA0002833128500000061
And broadcast to cloud members, where info includes information of the vehicle cloud (such as location, time of vehicle cloud creation, available computing and storage resources),
Figure GDA0002833128500000062
is a signature, p, for E, Θ, sid, infot(n+1)The name is the name of a cloud manager; after the cloud manager sends the cloud information, the cloud member needs to verify the validity of the signature.
The process of joining and leaving the vehicle cloud specifically includes:
1) after the vehicle cloud is formed, there is a vehicle VIPrepare to join the vehicle cloud as the ith cloud member, and the current name-changing private key pair is (p)I,(sI,0,sI,1) Calculates and publishes its signature σI=(pItpIaI,bI,{yI,j}j∈{1,...,n},j≠l) Wherein p isIIs a VIIs named, tpIIs a time stamp, aI,bIIs a random value, { yI,j}j∈{1,...,n},j≠lIt is signed.
2) When other cloud members in the vehicle-mounted cloud receive VIAfter the message they need to update the public encryption key and the respective decryption key, wherein the cloud manager needs to generate and broadcast new cloud information
Figure GDA0002833128500000063
3) When there is a cloud member V in the vehicle-mounted cloudlWhen leaving, two cases are distinguished: first, when l ≠ t, i.e. VlNon-cloud manager, at which time the cloud manager updates the cloudThe information is used for verifying the validity of the cloud information for each cloud member, and if the validity is confirmed, the public encryption key and the respective decryption key are updated; second, when l ═ t, i.e. VlAnd selecting a new cloud manager according to the vehicle-mounted cloud initialization process, and generating a public encryption key and respective decryption keys of cloud members.
(4) Secure messaging step
The method of message delivery is divided into three modes according to different usage modes.
The first mode is an internal use mode, and the specific process is as follows:
1) one random session key zeta belongs to K of the cloud user, and zeta is an encryption scheme EK(.)/DK(.).
2) Signing the message m by using an identity-based signature scheme IDS to obtain a signature gamma, and calculating a ciphertext C1=Eζ(m||γ)。
3) Selecting
Figure GDA0002833128500000064
Computing an encrypted session key C2=(A1,A2,A3) Wherein A is1=gρ
Figure GDA0002833128500000065
Figure GDA0002833128500000066
And changing C to C1||C2Send to the vehicle-mounted cloud VCi
4) Vehicle cloud VCiCloud member V in (1)lThe decryption key of (a) is dl,VlComputing session keys
Figure GDA0002833128500000067
flIs a hash value, H5Is a hash function.
5) Calculating m | | | γ ═ Dζ(C1) D ζ is the decryption algorithm, and assuming γ is validated, the message m is accepted.
The second mode is a short-range use mode, which is specific to the procedure as the first.
The third mode is a remote use mode, and the specific process is as follows:
1) assuming that the location of the message sent by the sender is not sensitive, the process is like mode one.
2) Assuming that the location of the message transmission needs to be kept secret, a location-based encryption technique (GeoLock) is used to generate the key κ.
3) A random session key ζ ∈ K is selected.
4) Signing the message m by using the signature IDS based on the identity to obtain a signature gamma, and calculating a ciphertext C1=Eζ(m||γ)。
5) Selecting
Figure GDA0002833128500000071
Computing an encrypted session key C2=(A1,A2,A3) Wherein A is1=gρ
Figure GDA0002833128500000072
Figure GDA0002833128500000073
And changing C to C1||C2Send to the vehicle-mounted cloud VCi
6) Vehicle cloud VCiCloud member V in (1)lThe decryption key of (a) is dl,VlUsing a location-based encryption technique (GeoLock), k is obtained and a session key is calculated
Figure GDA0002833128500000074
flIs a hash value, H5Is a hash function.
7) Calculating m | | | γ ═ Dζ(C1),DζFor the decryption algorithm, assuming that γ is validated, the message m is accepted.
(5) Tracing of false messages
Suppose that the vehicle sending the dummy message has the name pi,jThe specific tracking process is as follows:
1) due to the name of the product
Figure GDA0002833128500000075
TA calculation
Figure GDA0002833128500000076
Can obtain real identity
Figure GDA0002833128500000077
(6) Enhancement of vehicle privacy
The enhancement of the vehicle privacy is realized by re-randomization in the stage, and the specific process is as follows:
1) suppose the l-th vehicle leaves the onboard cloud.
2) The cloud manager generates and publishes a new signature using a new pseudonymization private key pair
Figure GDA0002833128500000078

Claims (4)

1. A cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud comprises the following entities: the vehicle, namely a cloud member, a cloud user, a cloud manager, a roadside unit RSU, a trusted mechanism TA which is a mechanism for generating global parameters and is trusted by the vehicle and the roadside unit, and a cloud management center CCM; the method is characterized by comprising the following steps:
step 1: TA settings
TA selects a system master key to generate a system global parameter lambda ═ q, GT,g,gpub,H1~H5,EK(.)/DK(.), IDS), and publishes global parameters; wherein, GTIs a cyclic group, q is the order of the cyclic group, G is the generator of G, GpubIs the public key of TA, H1~H5Is a hash function, EK(.)/DK(.), K being a secret key, IDS being a secure identity-based signature;
step 2: vehicle and RSU arrangement
The TA calculates a plurality of pseudonyms of the vehicle through the vehicle identity identification and the validity period, and generates a corresponding private key through the pseudonyms; the TA takes the real identity of the RSU as a public key of the RSU and generates a corresponding private key;
and step 3: vehicle cloud setting
Firstly, vehicle-mounted cloud is initialized: when a group of vehicles form a vehicle-mounted cloud to share resources, selecting one vehicle as a cloud manager and determining the scale of a group, and then sequentially broadcasting messages by the vehicles in the group to determine a group encryption key and a different decryption key of each vehicle; membership in the vehicle-mounted cloud is dynamic, each vehicle can join or leave the vehicle-mounted cloud, and the group encryption key and the decryption key of each vehicle need to be changed every time the vehicle changes;
and 4, step 4: secure messaging
The cloud user finds the vehicle-mounted cloud through the cloud management center CCM to send the message, and the process is divided into three modes:
1) internal use mode: the cloud user is a member of the vehicle-mounted cloud to be sent, the cloud user encrypts a message by using a group public encryption key and broadcasts the message to the vehicle-mounted cloud, and vehicles in the group use respective group decryption keys to obtain the message;
2) short-range usage mode: the cloud user sends a message to vehicles in nearby vehicle-mounted clouds, and the process is the same as that of 1);
3) remote use mode: the cloud user sends a message to a vehicle in a remote vehicle-mounted cloud, and the position of the message is hidden by adopting a position encryption technology;
and 5: tracing of false messages
When a malicious vehicle sends a false message, the TA finds out a producer of the false message;
step 6: enhancement of vehicle privacy
Since the vehicle cloud is a dynamic environment, in order to protect the privacy of the vehicle, when a vehicle joins or leaves the vehicle cloud, the group encryption key is changed by re-randomization.
2. The method according to claim 1, wherein the initialization process of the vehicle-mounted cloud in step 3 specifically includes:
1) the cloud manager is the t-th vehicle in the group, the group scale is n, and the cloud manager selects a unique identifier sid;
2) for other vehicles V not including cloud manager in vehicle cloudiI denotes the number of the vehicle, V at presentiIs (p) as the pseudonymization private key pairi1,(si1,0,si1,1) Wherein p) isi1Is a ViIs a name ofi1,0,si1,1Is a ViThe private key of (1); for 1 ═ j ═ n, n signatures are computed
Figure FDA0002920760510000021
In which ξiTo hash the identity sid, alias, timestamp and random number, θiAnd ηiIs a random value, v is a hash value over the identity sid, fjPublishing the entire signature σ for the session ID and the hash value of ji=(pi1,tpi,ai,bi,{yi,j}j∈{1,...,n},j≠i) Wherein tpiIs a time stamp, ai,biIs a random value;
3) for cloud manager VtThe current pseudonymous private key pair is (p)t1,(st1,0,st1,1) For 1 ═ i ═ n, a signature is generated
Figure FDA0002920760510000022
Wherein p istiIs a VtIth alias of (tp)iIn the form of a time stamp,
Figure FDA0002920760510000023
is a random value and is used as a reference,
Figure FDA0002920760510000024
for signing, publishing
Figure FDA0002920760510000025
Wherein
Figure FDA0002920760510000026
The number of vehicles actually added to the vehicle-mounted cloud;
4) for each vehicle V in the vehicle-mounted cloudiCalculating a group encryption key (E, Θ),
Figure FDA0002920760510000027
wherein a isiAnd biIs a random value, pi,0And pi,1Hash value for alias, gpubIs the master public key, v is the hash value of the identity sid;
5) for each vehicle V in the vehicle-mounted cloudiCalculating their respective decryption keys
Figure FDA0002920760510000028
Wherein 1 ═ l ═ n, yl,iIs a ViThe signature of (2);
6) cloud manager generating cloud information
Figure FDA0002920760510000029
And broadcast to cloud members, wherein info includes information of the vehicle cloud, which is location, time of vehicle cloud creation, available computing and storage resources,
Figure FDA00029207605100000210
is a signature, p, for E, Θ, sid, infot(n+1)The name is the name of a cloud manager; after the cloud manager sends the cloud information, the cloud member needs to verify the validity of the signature.
3. The method according to claim 2, wherein the process of joining and leaving the vehicle cloud in step 3 specifically includes:
1) after the vehicle cloud is formed, there is a vehicle VIPrepare to join the vehicle cloud as the I-th cloud member, and the current name-changing private key pair is (p)I,(sI,0,sI,1) Calculates and publishes its signature σI=(pI,tpI,aI,bI,{yI,j}j∈{1,...,n},j≠l) Wherein p isIIs a VIIs named, tpIIs a time stamp, aI,bIIs a random value, { yI,j}j∈{1,...,n},j≠lSign it;
2) when other cloud members in the vehicle-mounted cloud receive VIThe public encryption key and the respective decryption key need to be updated after the message, wherein the cloud manager needs to generate and broadcast new cloud information
Figure FDA00029207605100000211
3) When there is a cloud member V in the vehicle-mounted cloudlWhen leaving, two cases are distinguished: first, when l ≠ t, i.e. VlThe non-cloud manager updates the cloud information, verifies the validity of the cloud information for each cloud member, and updates the public encryption key and the decryption key if the cloud information is valid; second, when l ═ t, i.e. VlAnd if the cloud manager is the cloud manager, selecting a new cloud manager according to the vehicle-mounted cloud initialization process in the step 3, and generating a public encryption key and a decryption key of each cloud member.
4. The method according to claim 1, wherein the internal usage pattern in the process of secure messaging in step 4 specifically includes:
1) the cloud user selects a random session key zeta belongs to K, and zeta is an encryption scheme EK(.)/DK(.);
2) signing the message m by using an identity-based signature scheme IDS to obtain a signature y, and calculating a ciphertext C1=Eζ(m||Υ);
3) Selecting a random value
Figure FDA0002920760510000031
Figure FDA0002920760510000032
For a set of positive integers, an encrypted session key C is calculated2=(A1,A2,A3) Wherein A is1=gρ
Figure FDA0002920760510000033
A1,A2,A3Is an intermediate value, and the ciphertext C is equal to C1||C2Send to the vehicle-mounted cloud VCi
4) Vehicle cloud VCiCloud member V in (1)lThe decryption key of (a) is dl,VlComputing session keys
Figure FDA0002920760510000034
flIs a hash value, H5Is a hash function;
5) decrypted plaintext m | | γ ═ Dζ(C1),DζTo decrypt the algorithm, assuming y is validated, message m is accepted.
CN201711245829.8A 2017-12-01 2017-12-01 Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud Active CN108234445B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711245829.8A CN108234445B (en) 2017-12-01 2017-12-01 Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711245829.8A CN108234445B (en) 2017-12-01 2017-12-01 Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud

Publications (2)

Publication Number Publication Date
CN108234445A CN108234445A (en) 2018-06-29
CN108234445B true CN108234445B (en) 2021-05-07

Family

ID=62653149

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711245829.8A Active CN108234445B (en) 2017-12-01 2017-12-01 Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud

Country Status (1)

Country Link
CN (1) CN108234445B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965313B (en) * 2018-07-31 2021-04-06 安徽大学 Vehicle violation information publishing method, system and storage medium
CN109118775B (en) * 2018-10-08 2020-07-24 北京理工大学 Traffic monitoring method and system for privacy protection and error data packet filtering
CN110008752B (en) * 2019-04-12 2020-10-09 北京理工大学 Vehicle formation evaluation method based on privacy protection
CN113407956A (en) * 2021-05-31 2021-09-17 江铃汽车股份有限公司 Data control method and system, readable storage medium and vehicle
CN114389836B (en) * 2021-12-06 2023-12-15 山东格仑特电动科技有限公司 SDN-based vehicle-mounted cloud computing method with privacy protection function
CN114286332B (en) * 2021-12-08 2023-10-20 重庆邮电大学 Dynamic efficient vehicle-mounted cloud management method with privacy protection function

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102740286A (en) * 2012-05-23 2012-10-17 杨涛 Floating vehicle-based traceability vehicle self-networking communication privacy protection method
CN104333596A (en) * 2014-11-11 2015-02-04 安徽大学 Information reliability evaluation method in Internet-of-vehicles environment
CN105763558A (en) * 2016-01-20 2016-07-13 华东师范大学 Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network
CN106060148A (en) * 2016-06-24 2016-10-26 华东师范大学 Vehicle information secure collection method applicable to fog computing in intelligent traffic light system
CN106911471A (en) * 2017-02-22 2017-06-30 华东师范大学 The method that vehicle-mounted Wang Zhong code obfuscations area sets up
CN107071010A (en) * 2017-03-29 2017-08-18 常熟理工学院 A kind of network data communication method based on vehicle-mounted cloud
US9769658B2 (en) * 2013-06-23 2017-09-19 Shlomi Dolev Certificating vehicle public key with vehicle attributes

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7991525B2 (en) * 2008-08-08 2011-08-02 GM Global Technology Operations LLC In-vehicle alert of cloud point in engine diesel fuel

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102740286A (en) * 2012-05-23 2012-10-17 杨涛 Floating vehicle-based traceability vehicle self-networking communication privacy protection method
US9769658B2 (en) * 2013-06-23 2017-09-19 Shlomi Dolev Certificating vehicle public key with vehicle attributes
CN104333596A (en) * 2014-11-11 2015-02-04 安徽大学 Information reliability evaluation method in Internet-of-vehicles environment
CN105763558A (en) * 2016-01-20 2016-07-13 华东师范大学 Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network
CN106060148A (en) * 2016-06-24 2016-10-26 华东师范大学 Vehicle information secure collection method applicable to fog computing in intelligent traffic light system
CN106911471A (en) * 2017-02-22 2017-06-30 华东师范大学 The method that vehicle-mounted Wang Zhong code obfuscations area sets up
CN107071010A (en) * 2017-03-29 2017-08-18 常熟理工学院 A kind of network data communication method based on vehicle-mounted cloud

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"可信车联网云关键问题研究";张文博;《中国博士学位论文全文数据库-工程科技Ⅱ辑》;20160315;全文 *

Also Published As

Publication number Publication date
CN108234445A (en) 2018-06-29

Similar Documents

Publication Publication Date Title
CN108234445B (en) Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud
Vijayakumar et al. Computationally efficient privacy preserving anonymous mutual and batch authentication schemes for vehicular ad hoc networks
Islam et al. A robust and efficient password-based conditional privacy preserving authentication and group-key agreement protocol for VANETs
Basudan et al. A privacy-preserving vehicular crowdsensing-based road surface condition monitoring system using fog computing
Wang et al. LIAP: A local identity-based anonymous message authentication protocol in VANETs
Jiang et al. An efficient anonymous batch authentication scheme based on HMAC for VANETs
Vijayakumar et al. Dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks
Jo et al. Reliable cooperative authentication for vehicular networks
Kong et al. Achieving privacy-preserving and verifiable data sharing in vehicular fog with blockchain
Cai et al. A conditional privacy protection scheme based on ring signcryption for vehicular ad hoc networks
Zeng et al. Privacy-preserving communication for VANETs with conditionally anonymous ring signature
CN105429941A (en) Multi-receiver identity anonymity signcryption method
CN104767612A (en) Signcryption method from certificateless environment to public key infrastructure environment
Nkenyereye et al. A Fine-Grained Privacy Preserving Protocol over Attribute Based Access Control for VANETs.
Wang et al. A practical authentication framework for VANETs
CN114286332B (en) Dynamic efficient vehicle-mounted cloud management method with privacy protection function
Liu et al. An efficient message access quality model in vehicular communication networks
EP2792098A1 (en) Group encryption methods and devices
CN105763528A (en) Multi-recipient anonymous encryption apparatus under hybrid mechanism
Azees et al. CEKD: Computationally efficient key distribution scheme for vehicular ad-hoc networks
CN111656728B (en) Device, system and method for secure data communication
Zhang et al. Cooperative downloading with privacy preservation and access control for value-added services in VANETs
CN116318739B (en) Electronic data exchange method and system
CN112350820A (en) Multi-receiver signcryption method, sending end, receiving end, system and storage medium
Sun et al. Ridra: A rigorous decentralized randomized authentication in VANETs

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20221222

Address after: 311800 17th floor, Jiyang Fortune Building, 28 Wenzhong South Road, Taozhu street, Zhuji City, Shaoxing City, Zhejiang Province

Patentee after: Zhejiang qusu Technology Co.,Ltd.

Address before: 200241 No. 500, Dongchuan Road, Shanghai, Minhang District

Patentee before: EAST CHINA NORMAL University

TR01 Transfer of patent right