CN108234445B - Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud - Google Patents
Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud Download PDFInfo
- Publication number
- CN108234445B CN108234445B CN201711245829.8A CN201711245829A CN108234445B CN 108234445 B CN108234445 B CN 108234445B CN 201711245829 A CN201711245829 A CN 201711245829A CN 108234445 B CN108234445 B CN 108234445B
- Authority
- CN
- China
- Prior art keywords
- cloud
- vehicle
- key
- message
- manager
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/067—Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Mobile Radio Communication Systems (AREA)
- Traffic Control Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a cloud establishment and data security transmission method for privacy protection in a vehicle-mounted cloud. The invention provides a method for safely and anonymously establishing the vehicle-mounted cloud, and a cloud user can efficiently join and leave the vehicle-mounted cloud. After the vehicle cloud is established, the cloud user can securely and anonymously send messages to the vehicles in the vehicle cloud through three different modes. The invention has the following characteristics: the method meets the certifications and privacy of the sender, the confidentiality of the message and ensures that the sensitive position of the sender is not disclosed.
Description
Technical Field
The invention belongs to the field of information security and vehicle-mounted cloud, and particularly relates to a cloud establishment and data security transmission method for privacy protection in the vehicle-mounted cloud.
Background
An on-board ad hoc network (on-board network) is an ad hoc network for communication between vehicles, and the vehicles in the on-board network have certain computing and storage resources. In order to fully utilize computing and storage resources which are not fully utilized by vehicles in the vehicle-mounted network, the vehicle-mounted network is combined with a cloud computing technology, so that the vehicles in the vehicle-mounted network form a vehicle-mounted cloud, cloud service is provided for other vehicles, and traffic safety and efficiency are ensured; meanwhile, the vehicle-mounted cloud is a dynamic real-time system, and the privacy of vehicle users and the safety of data transmission in the vehicle-mounted cloud are still required to be met when vehicles join and leave the vehicle-mounted cloud.
In order to achieve the above-mentioned object of the vehicle cloud, it is important that the vehicle cloud is safely established and the transmission data is safely received. In the vehicle-mounted cloud establishment and maintenance process, the joining and leaving of the vehicle bring safety problems, and the vehicle cloud is required to update the encryption key and the decryption key in time. Meanwhile, the privacy of the vehicle in the vehicle cloud is also considered, and the information of the vehicle comprises the identity, the position and the like of the vehicle, and the information relates to the privacy of the vehicle owner. Privacy in the vehicle cloud should be conditional. Malicious vehicles may send false information misleading other vehicles to an accident. Conditional privacy requires that the generator of spurious information be traceable when it is compromised.
The prior scholars propose solutions for solving privacy and security problems of data transmission of the vehicle-mounted cloud, but some scholars do not fully define the data transmission type in the vehicle-mounted cloud, and some scholars do not consider privacy protection based on positions.
Disclosure of Invention
The invention aims to: aiming at the defects of the existing vehicle-mounted cloud establishment and data security transmission method, the cloud establishment and data security transmission method with privacy protection in the vehicle-mounted cloud is provided, and the method meets the requirements of certifiability and privacy of a sender and confidentiality of information and ensures that a sensitive position of the sender is not disclosed.
The specific technical scheme for realizing the purpose of the invention is as follows:
a cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud comprises the following entities: a Trusted Authority (TA), a roadside unit (RSU), a vehicle (cloud member, cloud user, cloud manager), and a cloud management center (CCM); the method comprises the following steps:
step 1: TA settings
TA selects a system master key to generate a system global parameter lambda ═ q, GT,g,gpub,H1~H5,EK(.)/DK(.), IDS), and publishes global parameters; wherein, GTIs a cyclic group, q is the order of the cyclic group, G is the generator of G, GpubIs the public key of TA, H1~H5Is a hash function, EK(.)/DK(.), K being a secret key, IDS being a secure identity-based signature;
step 2: vehicle and RSU arrangement
The TA calculates a plurality of pseudonyms of the vehicle through the vehicle identity identification and the validity period, and generates a corresponding private key through the pseudonyms;
the TA takes the real identity of the RSU as a public key of the RSU and generates a corresponding private key;
and step 3: vehicle cloud setting
Firstly, vehicle-mounted cloud is initialized: when a group of vehicles form a vehicle-mounted cloud to share resources, selecting one vehicle as a cloud manager and determining the scale of a group, and then sequentially broadcasting messages by the vehicles in the group to determine a group encryption key and a different decryption key of each vehicle; membership in the vehicle-mounted cloud is dynamic, each vehicle can join or leave the vehicle-mounted cloud, and the group encryption key and the decryption key of each vehicle need to be changed every time the vehicle changes;
and 4, step 4: secure messaging
The cloud user finds the vehicle-mounted cloud through the cloud management center CCM to send the message, and the process is divided into three modes:
1) internal use mode: the cloud user is a member of the vehicle-mounted cloud to be sent, the cloud user encrypts a message by using a group public encryption key and broadcasts the message to the vehicle-mounted cloud, and vehicles in the group use respective group decryption keys to obtain the message;
2) short-range usage mode: the cloud user sends a message to vehicles in nearby vehicle-mounted clouds, and the process is the same as that of 1);
3) remote use mode: the cloud user sends a message to a vehicle in a remote vehicle-mounted cloud, and the position of the message is hidden by adopting a position encryption technology;
and 5: tracing of false messages
When a malicious vehicle sends a false message, the TA finds out a producer of the false message;
step 6: enhancement of vehicle privacy
Since the vehicle cloud is a dynamic environment, in order to protect the privacy of the vehicle, when a vehicle joins or leaves the vehicle cloud, the group encryption key is changed by re-randomization.
Step 3, the initialization process of the vehicle-mounted cloud specifically comprises the following steps:
1) the cloud manager is the t-th vehicle in the group, the group scale is n, and the cloud manager selects a unique identifier sid;
2) for other vehicles v without cloud manager in vehicle cloudiI denotes the number of the vehicle, v at presentiIs (p) as the pseudonymization private key pairi1,(si1,0,si1,1) Wherein p) isi1Is v isiIs a name ofi1,0,si1,1Is a ViThe private key of (1); for j ≦ 1 ≦ n, n signatures are computedIn which ξiTo hash the identity sid, alias, timestamp and random number, θiAnd ηiIs a random value, v is a hash value over the identity sid, fjPublishing the entire signature σ for the session ID and the hash value of ji=(pi1,tpi,ai,bi,{yi,j}j∈{1,...,n},j≠i) Wherein tpiIs a time stamp, ai,biIs a random value;
3) for cloud manager VtThe current pseudonymous private key pair is (p)t1,(st1,0,st1,1) E.g., 2), for 1 ≦ i ≦ n, a signature is generatedWherein p istiIs a VtIth alias of (tp)iIn the form of a time stamp,is a random value and is used as a reference,for signing, publishingWhereinThe number of vehicles actually added to the vehicle-mounted cloud;
4) for each vehicle V in the vehicle-mounted cloudiCalculating a group encryption key (E, Θ),wherein a isiAnd biIs a random value, pi,0And pi,1Hash value for alias, gpubIs the master public key, v is the hash value of the identity sid;
5) for each vehicle v in the vehicle-mounted cloudiCalculating their respective decryption keysWherein l is more than or equal to 1 and less than or equal to n, yl,iIs v isiThe signature of (2);
6) cloud manager generating cloud informationAnd broadcast to cloud members, where info includes information of the vehicle cloud such as location, time of vehicle cloud creation, available computing and storage resources,is a signature, p, for E, Θ, sid, infot(n+1)The name is the name of a cloud manager; after the cloud manager sends the cloud information, the cloud member needs to verify the validity of the signature.
Step 3, the process of the vehicle joining and leaving the vehicle cloud specifically comprises the following steps:
1) after the vehicle cloud is formed, there is a vehicle VIPrepare to join the vehicle cloud as the I-th cloud member, and the current name-changing private key pair is (p)I,(sI,0,sI,1) Calculates and publishes its signature σI=(pItpIaI,bI,{yI,j}j∈{1,...,n},j≠l) Wherein p isIIs a VIIs named, tpIIs a time stamp, aI,bIIs a random value, { yI,j}j∈{1,...,n},j≠lSign it;
2) when other cloud members in the vehicle-mounted cloud receive VIThe public encryption key and the respective decryption key need to be updated after the message, wherein the cloud manager needs to generate and broadcast new cloud information
3) When there is a cloud member V in the vehicle-mounted cloudlWhen leaving, two cases are distinguished: first, when l ≠ t, i.e. VlThe non-cloud manager updates the cloud information, verifies the validity of the cloud information for each cloud member, and updates the public encryption key and the decryption key if the cloud information is valid; second, when l ═ t, i.e. VlAnd if the cloud manager is the cloud manager, selecting a new cloud manager according to the vehicle-mounted cloud initialization process in the step 3, and generating a public encryption key and a decryption key of each cloud member.
Step 4, the internal usage mode in the process of secure message transmission specifically includes:
1) the cloud user selects a random session key zeta belongs to K, and zeta is an encryption scheme EK(.)/DK(.);
2) signing the message m by using an identity-based signature scheme IDS to obtain a signature gamma, and calculating a ciphertext C1=Eζ(m||γ);
3) Selecting a random value For a set of positive integers, an encrypted session key C is calculated2=(A1,A2,A3) Wherein A is1=gρ,A1,A2,A3Is an intermediate value, and the ciphertext C is equal to C1||C2Send to the vehicle-mounted cloud VCi;
4) Vehicle cloud VCiCloud member V in (1)lThe decryption key of (a) is dl,VlComputing session keysflIs a hash value, H5Is a hash function;
5) decrypting plaintext m | | | γ ═ Dζ(C1),DζFor the decryption algorithm, assuming that γ is validated, the message m is accepted.
The invention provides a method for safely and anonymously establishing the vehicle-mounted cloud, and a cloud user can efficiently join and leave the vehicle-mounted cloud. After the vehicle cloud is established, the cloud user can securely and anonymously send messages to the vehicles in the vehicle cloud through three different modes.
Drawings
FIG. 1 is a flow chart of the present invention.
Detailed Description
A cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud comprises the following entities: a Trusted Authority (TA), a roadside unit (RSU), a vehicle (cloud member, cloud user, cloud manager), and a cloud management center (CCM); the method comprises the following steps:
(1) TA settings
Taking the safety parameter lambda as input, generating a global parameter by the TA and issuing the global parameter to the vehicle by the TA, and specifically implementing the following steps:
1) selecting two cyclic multiplicative groups G, GTWith order q, there is an effective bilinear mapping:selecting G epsilon G.
2) Selecting a symmetric encryption scheme EK(.)/DK(.)。
3) Selecting a symmetric key xi, selecting a random number For a positive integer set, set (xi, pi) as the system master key and set the public key as gpub=gπ。
5) Setting global system parameter lambda ═ (q, G)T,g,gpub,H1~H5,EK(.)/DK(.), IDS), and publishes global parameters; wherein, GTIs a cyclic group, q is the order of the cyclic group, G is the generator of G, GpubIs the public key of TA, H1~H5Is a hash function, EK(.)/DK(.), K being a secret key, is a secure identity-based signature scheme.
(2) Vehicle and RSU arrangement
For vehicle ViIs set to have the true identity ofSuppose it requires mu anonymous private key pairs, ViWill be provided withSending to TA, the specific process is as follows:
1) setting a pseudonym for j is more than or equal to 1 and less than or equal to muWhere τ is the time stamp, vpjThe validity period is.
2) For j is more than or equal to 1 and less than or equal to mu, calculating hash value p of the pseudonymij,0=H1(pij,0),pij,1=H1(pij,1)。
4) TA alias μ and its signature (p)ij,sij) And transmitting to the vehicle through the safety channel.
For RSURiIs set to have the true identity ofThe process of generating the private key is as follows:
(3) Vehicle cloud setting
Firstly, vehicle-mounted cloud is initialized, and the specific process is as follows:
1) assuming that the cloud manager is the t-th vehicle in the group, the group size is n, and the cloud manager selects a unique session ID as sid.
2) For other vehicles (not including cloud manager) V in vehicle cloudiSuppose that V is presentiIs (p) as the pseudonymization private key pairi1,(si1,0,si1,1) Wherein p) isi1Is a ViIs a name ofi1,0,si1,1Is a ViThe private key pair of (1). For j ≦ 1 ≦ n, n signatures are computedIn which ξiAs hash values of session ID, alias, timestamp, and random number, θiAnd ηiIs a random value, v is a hash value over the session ID, fjPublishing the entire signature σ for the hash value of the session ID and ji=(pi1,tpi,ai,bi,{yi,j}j∈{1,...,n},j≠i) Wherein tpiIs a time stamp, ai,biIs a random value.
3) For cloud manager VtAssume that the current pseudonym private key pair is (p)t1,(st1,0,st1,1) E.g., 2)) for 1 ≦ i ≦ n, a signature is generatedWherein p istiIs a VtIth alias of (tp)iIn the form of a time stamp,is a random value and is used as a reference,for signing, publishingWhereinThe number of vehicles actually added to the vehicle-mounted cloud.
4) For each vehicle V in the vehicle-mounted cloudiCalculating a common encryption key (E, Θ),wherein a isiAnd biIs a random value, pi,0And pi,1Hash value for alias, gpubIs the master public key and v is the hash value of the session ID.
5) For each vehicle V in the vehicle-mounted cloudiCalculating their respective decryptionsSecret keyWherein l is more than or equal to 1 and less than or equal to n, yl,iIs a ViThe signature of (2).
6) Cloud manager generating cloud informationAnd broadcast to cloud members, where info includes information of the vehicle cloud (such as location, time of vehicle cloud creation, available computing and storage resources),is a signature, p, for E, Θ, sid, infot(n+1)The name is the name of a cloud manager; after the cloud manager sends the cloud information, the cloud member needs to verify the validity of the signature.
The process of joining and leaving the vehicle cloud specifically includes:
1) after the vehicle cloud is formed, there is a vehicle VIPrepare to join the vehicle cloud as the ith cloud member, and the current name-changing private key pair is (p)I,(sI,0,sI,1) Calculates and publishes its signature σI=(pItpIaI,bI,{yI,j}j∈{1,...,n},j≠l) Wherein p isIIs a VIIs named, tpIIs a time stamp, aI,bIIs a random value, { yI,j}j∈{1,...,n},j≠lIt is signed.
2) When other cloud members in the vehicle-mounted cloud receive VIAfter the message they need to update the public encryption key and the respective decryption key, wherein the cloud manager needs to generate and broadcast new cloud information
3) When there is a cloud member V in the vehicle-mounted cloudlWhen leaving, two cases are distinguished: first, when l ≠ t, i.e. VlNon-cloud manager, at which time the cloud manager updates the cloudThe information is used for verifying the validity of the cloud information for each cloud member, and if the validity is confirmed, the public encryption key and the respective decryption key are updated; second, when l ═ t, i.e. VlAnd selecting a new cloud manager according to the vehicle-mounted cloud initialization process, and generating a public encryption key and respective decryption keys of cloud members.
(4) Secure messaging step
The method of message delivery is divided into three modes according to different usage modes.
The first mode is an internal use mode, and the specific process is as follows:
1) one random session key zeta belongs to K of the cloud user, and zeta is an encryption scheme EK(.)/DK(.).
2) Signing the message m by using an identity-based signature scheme IDS to obtain a signature gamma, and calculating a ciphertext C1=Eζ(m||γ)。
3) SelectingComputing an encrypted session key C2=(A1,A2,A3) Wherein A is1=gρ, And changing C to C1||C2Send to the vehicle-mounted cloud VCi。
4) Vehicle cloud VCiCloud member V in (1)lThe decryption key of (a) is dl,VlComputing session keysflIs a hash value, H5Is a hash function.
5) Calculating m | | | γ ═ Dζ(C1) D ζ is the decryption algorithm, and assuming γ is validated, the message m is accepted.
The second mode is a short-range use mode, which is specific to the procedure as the first.
The third mode is a remote use mode, and the specific process is as follows:
1) assuming that the location of the message sent by the sender is not sensitive, the process is like mode one.
2) Assuming that the location of the message transmission needs to be kept secret, a location-based encryption technique (GeoLock) is used to generate the key κ.
3) A random session key ζ ∈ K is selected.
4) Signing the message m by using the signature IDS based on the identity to obtain a signature gamma, and calculating a ciphertext C1=Eζ(m||γ)。
5) SelectingComputing an encrypted session key C2=(A1,A2,A3) Wherein A is1=gρ, And changing C to C1||C2Send to the vehicle-mounted cloud VCi。
6) Vehicle cloud VCiCloud member V in (1)lThe decryption key of (a) is dl,VlUsing a location-based encryption technique (GeoLock), k is obtained and a session key is calculatedflIs a hash value, H5Is a hash function.
7) Calculating m | | | γ ═ Dζ(C1),DζFor the decryption algorithm, assuming that γ is validated, the message m is accepted.
(5) Tracing of false messages
Suppose that the vehicle sending the dummy message has the name pi,jThe specific tracking process is as follows:
(6) Enhancement of vehicle privacy
The enhancement of the vehicle privacy is realized by re-randomization in the stage, and the specific process is as follows:
1) suppose the l-th vehicle leaves the onboard cloud.
Claims (4)
1. A cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud comprises the following entities: the vehicle, namely a cloud member, a cloud user, a cloud manager, a roadside unit RSU, a trusted mechanism TA which is a mechanism for generating global parameters and is trusted by the vehicle and the roadside unit, and a cloud management center CCM; the method is characterized by comprising the following steps:
step 1: TA settings
TA selects a system master key to generate a system global parameter lambda ═ q, GT,g,gpub,H1~H5,EK(.)/DK(.), IDS), and publishes global parameters; wherein, GTIs a cyclic group, q is the order of the cyclic group, G is the generator of G, GpubIs the public key of TA, H1~H5Is a hash function, EK(.)/DK(.), K being a secret key, IDS being a secure identity-based signature;
step 2: vehicle and RSU arrangement
The TA calculates a plurality of pseudonyms of the vehicle through the vehicle identity identification and the validity period, and generates a corresponding private key through the pseudonyms; the TA takes the real identity of the RSU as a public key of the RSU and generates a corresponding private key;
and step 3: vehicle cloud setting
Firstly, vehicle-mounted cloud is initialized: when a group of vehicles form a vehicle-mounted cloud to share resources, selecting one vehicle as a cloud manager and determining the scale of a group, and then sequentially broadcasting messages by the vehicles in the group to determine a group encryption key and a different decryption key of each vehicle; membership in the vehicle-mounted cloud is dynamic, each vehicle can join or leave the vehicle-mounted cloud, and the group encryption key and the decryption key of each vehicle need to be changed every time the vehicle changes;
and 4, step 4: secure messaging
The cloud user finds the vehicle-mounted cloud through the cloud management center CCM to send the message, and the process is divided into three modes:
1) internal use mode: the cloud user is a member of the vehicle-mounted cloud to be sent, the cloud user encrypts a message by using a group public encryption key and broadcasts the message to the vehicle-mounted cloud, and vehicles in the group use respective group decryption keys to obtain the message;
2) short-range usage mode: the cloud user sends a message to vehicles in nearby vehicle-mounted clouds, and the process is the same as that of 1);
3) remote use mode: the cloud user sends a message to a vehicle in a remote vehicle-mounted cloud, and the position of the message is hidden by adopting a position encryption technology;
and 5: tracing of false messages
When a malicious vehicle sends a false message, the TA finds out a producer of the false message;
step 6: enhancement of vehicle privacy
Since the vehicle cloud is a dynamic environment, in order to protect the privacy of the vehicle, when a vehicle joins or leaves the vehicle cloud, the group encryption key is changed by re-randomization.
2. The method according to claim 1, wherein the initialization process of the vehicle-mounted cloud in step 3 specifically includes:
1) the cloud manager is the t-th vehicle in the group, the group scale is n, and the cloud manager selects a unique identifier sid;
2) for other vehicles V not including cloud manager in vehicle cloudiI denotes the number of the vehicle, V at presentiIs (p) as the pseudonymization private key pairi1,(si1,0,si1,1) Wherein p) isi1Is a ViIs a name ofi1,0,si1,1Is a ViThe private key of (1); for 1 ═ j ═ n, n signatures are computedIn which ξiTo hash the identity sid, alias, timestamp and random number, θiAnd ηiIs a random value, v is a hash value over the identity sid, fjPublishing the entire signature σ for the session ID and the hash value of ji=(pi1,tpi,ai,bi,{yi,j}j∈{1,...,n},j≠i) Wherein tpiIs a time stamp, ai,biIs a random value;
3) for cloud manager VtThe current pseudonymous private key pair is (p)t1,(st1,0,st1,1) For 1 ═ i ═ n, a signature is generatedWherein p istiIs a VtIth alias of (tp)iIn the form of a time stamp,is a random value and is used as a reference,for signing, publishingWhereinThe number of vehicles actually added to the vehicle-mounted cloud;
4) for each vehicle V in the vehicle-mounted cloudiCalculating a group encryption key (E, Θ),wherein a isiAnd biIs a random value, pi,0And pi,1Hash value for alias, gpubIs the master public key, v is the hash value of the identity sid;
5) for each vehicle V in the vehicle-mounted cloudiCalculating their respective decryption keysWherein 1 ═ l ═ n, yl,iIs a ViThe signature of (2);
6) cloud manager generating cloud informationAnd broadcast to cloud members, wherein info includes information of the vehicle cloud, which is location, time of vehicle cloud creation, available computing and storage resources,is a signature, p, for E, Θ, sid, infot(n+1)The name is the name of a cloud manager; after the cloud manager sends the cloud information, the cloud member needs to verify the validity of the signature.
3. The method according to claim 2, wherein the process of joining and leaving the vehicle cloud in step 3 specifically includes:
1) after the vehicle cloud is formed, there is a vehicle VIPrepare to join the vehicle cloud as the I-th cloud member, and the current name-changing private key pair is (p)I,(sI,0,sI,1) Calculates and publishes its signature σI=(pI,tpI,aI,bI,{yI,j}j∈{1,...,n},j≠l) Wherein p isIIs a VIIs named, tpIIs a time stamp, aI,bIIs a random value, { yI,j}j∈{1,...,n},j≠lSign it;
2) when other cloud members in the vehicle-mounted cloud receive VIThe public encryption key and the respective decryption key need to be updated after the message, wherein the cloud manager needs to generate and broadcast new cloud information
3) When there is a cloud member V in the vehicle-mounted cloudlWhen leaving, two cases are distinguished: first, when l ≠ t, i.e. VlThe non-cloud manager updates the cloud information, verifies the validity of the cloud information for each cloud member, and updates the public encryption key and the decryption key if the cloud information is valid; second, when l ═ t, i.e. VlAnd if the cloud manager is the cloud manager, selecting a new cloud manager according to the vehicle-mounted cloud initialization process in the step 3, and generating a public encryption key and a decryption key of each cloud member.
4. The method according to claim 1, wherein the internal usage pattern in the process of secure messaging in step 4 specifically includes:
1) the cloud user selects a random session key zeta belongs to K, and zeta is an encryption scheme EK(.)/DK(.);
2) signing the message m by using an identity-based signature scheme IDS to obtain a signature y, and calculating a ciphertext C1=Eζ(m||Υ);
3) Selecting a random value For a set of positive integers, an encrypted session key C is calculated2=(A1,A2,A3) Wherein A is1=gρ,A1,A2,A3Is an intermediate value, and the ciphertext C is equal to C1||C2Send to the vehicle-mounted cloud VCi;
4) Vehicle cloud VCiCloud member V in (1)lThe decryption key of (a) is dl,VlComputing session keysflIs a hash value, H5Is a hash function;
5) decrypted plaintext m | | γ ═ Dζ(C1),DζTo decrypt the algorithm, assuming y is validated, message m is accepted.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711245829.8A CN108234445B (en) | 2017-12-01 | 2017-12-01 | Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711245829.8A CN108234445B (en) | 2017-12-01 | 2017-12-01 | Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108234445A CN108234445A (en) | 2018-06-29 |
CN108234445B true CN108234445B (en) | 2021-05-07 |
Family
ID=62653149
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711245829.8A Active CN108234445B (en) | 2017-12-01 | 2017-12-01 | Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108234445B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108965313B (en) * | 2018-07-31 | 2021-04-06 | 安徽大学 | Vehicle violation information publishing method, system and storage medium |
CN109118775B (en) * | 2018-10-08 | 2020-07-24 | 北京理工大学 | Traffic monitoring method and system for privacy protection and error data packet filtering |
CN110008752B (en) * | 2019-04-12 | 2020-10-09 | 北京理工大学 | Vehicle formation evaluation method based on privacy protection |
CN113407956A (en) * | 2021-05-31 | 2021-09-17 | 江铃汽车股份有限公司 | Data control method and system, readable storage medium and vehicle |
CN114389836B (en) * | 2021-12-06 | 2023-12-15 | 山东格仑特电动科技有限公司 | SDN-based vehicle-mounted cloud computing method with privacy protection function |
CN114286332B (en) * | 2021-12-08 | 2023-10-20 | 重庆邮电大学 | Dynamic efficient vehicle-mounted cloud management method with privacy protection function |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102740286A (en) * | 2012-05-23 | 2012-10-17 | 杨涛 | Floating vehicle-based traceability vehicle self-networking communication privacy protection method |
CN104333596A (en) * | 2014-11-11 | 2015-02-04 | 安徽大学 | Information reliability evaluation method in Internet-of-vehicles environment |
CN105763558A (en) * | 2016-01-20 | 2016-07-13 | 华东师范大学 | Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network |
CN106060148A (en) * | 2016-06-24 | 2016-10-26 | 华东师范大学 | Vehicle information secure collection method applicable to fog computing in intelligent traffic light system |
CN106911471A (en) * | 2017-02-22 | 2017-06-30 | 华东师范大学 | The method that vehicle-mounted Wang Zhong code obfuscations area sets up |
CN107071010A (en) * | 2017-03-29 | 2017-08-18 | 常熟理工学院 | A kind of network data communication method based on vehicle-mounted cloud |
US9769658B2 (en) * | 2013-06-23 | 2017-09-19 | Shlomi Dolev | Certificating vehicle public key with vehicle attributes |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7991525B2 (en) * | 2008-08-08 | 2011-08-02 | GM Global Technology Operations LLC | In-vehicle alert of cloud point in engine diesel fuel |
-
2017
- 2017-12-01 CN CN201711245829.8A patent/CN108234445B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102740286A (en) * | 2012-05-23 | 2012-10-17 | 杨涛 | Floating vehicle-based traceability vehicle self-networking communication privacy protection method |
US9769658B2 (en) * | 2013-06-23 | 2017-09-19 | Shlomi Dolev | Certificating vehicle public key with vehicle attributes |
CN104333596A (en) * | 2014-11-11 | 2015-02-04 | 安徽大学 | Information reliability evaluation method in Internet-of-vehicles environment |
CN105763558A (en) * | 2016-01-20 | 2016-07-13 | 华东师范大学 | Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network |
CN106060148A (en) * | 2016-06-24 | 2016-10-26 | 华东师范大学 | Vehicle information secure collection method applicable to fog computing in intelligent traffic light system |
CN106911471A (en) * | 2017-02-22 | 2017-06-30 | 华东师范大学 | The method that vehicle-mounted Wang Zhong code obfuscations area sets up |
CN107071010A (en) * | 2017-03-29 | 2017-08-18 | 常熟理工学院 | A kind of network data communication method based on vehicle-mounted cloud |
Non-Patent Citations (1)
Title |
---|
"可信车联网云关键问题研究";张文博;《中国博士学位论文全文数据库-工程科技Ⅱ辑》;20160315;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN108234445A (en) | 2018-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108234445B (en) | Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud | |
Vijayakumar et al. | Computationally efficient privacy preserving anonymous mutual and batch authentication schemes for vehicular ad hoc networks | |
Islam et al. | A robust and efficient password-based conditional privacy preserving authentication and group-key agreement protocol for VANETs | |
Basudan et al. | A privacy-preserving vehicular crowdsensing-based road surface condition monitoring system using fog computing | |
Wang et al. | LIAP: A local identity-based anonymous message authentication protocol in VANETs | |
Jiang et al. | An efficient anonymous batch authentication scheme based on HMAC for VANETs | |
Vijayakumar et al. | Dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks | |
Jo et al. | Reliable cooperative authentication for vehicular networks | |
Kong et al. | Achieving privacy-preserving and verifiable data sharing in vehicular fog with blockchain | |
Cai et al. | A conditional privacy protection scheme based on ring signcryption for vehicular ad hoc networks | |
Zeng et al. | Privacy-preserving communication for VANETs with conditionally anonymous ring signature | |
CN105429941A (en) | Multi-receiver identity anonymity signcryption method | |
CN104767612A (en) | Signcryption method from certificateless environment to public key infrastructure environment | |
Nkenyereye et al. | A Fine-Grained Privacy Preserving Protocol over Attribute Based Access Control for VANETs. | |
Wang et al. | A practical authentication framework for VANETs | |
CN114286332B (en) | Dynamic efficient vehicle-mounted cloud management method with privacy protection function | |
Liu et al. | An efficient message access quality model in vehicular communication networks | |
EP2792098A1 (en) | Group encryption methods and devices | |
CN105763528A (en) | Multi-recipient anonymous encryption apparatus under hybrid mechanism | |
Azees et al. | CEKD: Computationally efficient key distribution scheme for vehicular ad-hoc networks | |
CN111656728B (en) | Device, system and method for secure data communication | |
Zhang et al. | Cooperative downloading with privacy preservation and access control for value-added services in VANETs | |
CN116318739B (en) | Electronic data exchange method and system | |
CN112350820A (en) | Multi-receiver signcryption method, sending end, receiving end, system and storage medium | |
Sun et al. | Ridra: A rigorous decentralized randomized authentication in VANETs |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20221222 Address after: 311800 17th floor, Jiyang Fortune Building, 28 Wenzhong South Road, Taozhu street, Zhuji City, Shaoxing City, Zhejiang Province Patentee after: Zhejiang qusu Technology Co.,Ltd. Address before: 200241 No. 500, Dongchuan Road, Shanghai, Minhang District Patentee before: EAST CHINA NORMAL University |
|
TR01 | Transfer of patent right |