CN112910928B - DoS attack defense method based on vehicle authentication - Google Patents

DoS attack defense method based on vehicle authentication Download PDF

Info

Publication number
CN112910928B
CN112910928B CN202110310091.9A CN202110310091A CN112910928B CN 112910928 B CN112910928 B CN 112910928B CN 202110310091 A CN202110310091 A CN 202110310091A CN 112910928 B CN112910928 B CN 112910928B
Authority
CN
China
Prior art keywords
vehicle
authentication
rsu
side unit
road side
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110310091.9A
Other languages
Chinese (zh)
Other versions
CN112910928A (en
Inventor
介银娟
王文庆
毕玉冰
高原英
邓楠轶
董夏昕
崔逸群
刘超飞
朱博迪
杨新民
杨东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Thermal Power Research Institute Co Ltd
Original Assignee
Xian Thermal Power Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Thermal Power Research Institute Co Ltd filed Critical Xian Thermal Power Research Institute Co Ltd
Priority to CN202110310091.9A priority Critical patent/CN112910928B/en
Publication of CN112910928A publication Critical patent/CN112910928A/en
Application granted granted Critical
Publication of CN112910928B publication Critical patent/CN112910928B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/48Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for in-vehicle communication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Traffic Control Systems (AREA)

Abstract

DoS attack defense method based on vehicle authentication, and vehicle V v Receiving Road Side Unit (RSU) R Comparing the sent messages, if the messages are consistent, the RSU R Identity legal, vehicle V v By legal identity ID R Calculating and generating its own pseudonym PS v Signed, generate SIG sprkv (PS V | T), PS (p) v 、ID R T, request to join, SIG sprkv (PS V | T), pre-authentication value K i And random number nonce R Road side unit RSU R Road side unit RSU R Receiving a vehicle V v After the message is sent, vehicle V is known by join v Request to join, using an initial value of K 0 Calculating to generate K i And a vehicle V v Transmitted K i Comparing, if the two are consistent, the RSU R Using vehicles V v Of (2) the public key spuk V Decryption signature SIG sprkv (PS V | T), comparison vehicle V v Direct transmission PS v And T, if they are identical, vehicle V v And Road Side Unit (RSU) R The mutual authentication is successful, and the authentication is finished; in the authentication process of the road side unit to the vehicle, the invention adopts the pre-authentication, terminates the authentication of the vehicle which fails to be authenticated in advance, adopts the Hash algorithm to calculate the pre-authentication value, can judge the attacker which intentionally attacks the road side unit in advance, effectively defends against the DoS attack and ensures the security of the authentication.

Description

DoS attack defense method based on vehicle authentication
Technical Field
The invention belongs to the technical field of information security of vehicle authentication, and particularly relates to a DoS attack defense method based on vehicle authentication.
Background
In recent years, the traffic industry of China is rapidly developed, and an intelligent traffic system also plays an important role. In particular, the vehicle ad hoc network is concerned about and a large number of researchers are invested in the network. The vehicle self-organizing network consists of three different main bodies, namely a vehicle V, a road side unit RSU and a credible institution TA. The trusted authority TA is a certification authority and may be assumed by a third party authority such as a traffic control authority. In the vehicle self-organizing network, vehicles exchange state information mutually, and functions of driving safety early warning, driving assistance, distributed traffic information publishing and the like are realized. While providing services, the ad hoc network of the vehicle faces many security threats, such as DoS (Denial of Service) attacks, and in the authentication process of the vehicle and the road side unit, an attacker uses a brute force approach to exhaust the resource of the road side unit, so that the road side unit cannot provide normal authentication requirements for the vehicle, and the authentication system is broken down.
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to provide a vehicle authentication-based DoS attack defense method, which adopts a Hash algorithm to calculate a pre-authentication value in the authentication process of a road side unit to a vehicle, terminates the authentication of the vehicle which fails in the pre-authentication, effectively defends the DoS attack occurring in the authentication process of the vehicle and the road side unit, and realizes the safety authentication of the vehicle.
In order to achieve the purpose, the invention provides the following technical scheme:
a DoS attack defense method based on vehicle authentication comprises the following steps:
(1) Road Side Unit (RSU) R Using a private key sprk R For self identity ID R Signing with the time stamp T to generate
Figure BDA0002989284680000021
Identify itself by ID R Timestamp T, random number nonce R Public key puk of trusted authority TA T And
Figure BDA0002989284680000022
sending to all vehicles;
(2) Vehicle V v Receiving Road Side Unit (RSU) R Using the RSU after the transmitted message R Of (2) the public key spuk R Decrypting signatures
Figure BDA0002989284680000023
Comparison Road Side Unit (RSU) R Directly transmitted self-identity ID R Timestamp T and public key puk T If the authentication is inconsistent, the authentication fails, and the authentication is quitted; if they are consistent, the RSU R If the identity is legal, executing the step (3);
(3) Vehicle V v By legal self-identity ID R Calculating and generating its own pseudonym PS v Using a private key sprk v For pseudonym PS v Signing with the time stamp T to generate
Figure BDA0002989284680000024
PS pseudonym v Self-identity ID R Time stamp T, request to join,
Figure BDA0002989284680000025
Pre-authentication value K i And random number nonce R Road side unit RSU R Wherein, pseudonym PS v And a pre-authentication value K i The calculation formula of (2) is:
Figure BDA0002989284680000026
K i =HASH(K i+1 ),0≤i≤n-1
(4) Road Side Unit (RSU) R Receiving a vehicle V v After the message is sent, vehicle V is known by join v Request to join, using an initial value of K 0 Calculating to generate K i And a vehicle V v Transmitted K i Comparing, if not, failing to authenticate, quitting authentication; if yes, executing the step (5);
(5) Road Side Unit (RSU) R Using vehicles V v Of (2) a public key spuk V Decrypting signatures
Figure BDA0002989284680000027
Comparison vehicle V v Directly transmitted pseudonym PS v If the time stamp T is inconsistent with the time stamp T, the authentication fails, and the authentication is quitted; if they are consistent, the vehicle pseudonym PS v Authentication passed, vehicle V v And Road Side Unit (RSU) R And the mutual authentication is successful, and the authentication is finished.
The invention has the technical effects and advantages that:
1. in the authentication process of the road side unit to the vehicle, the invention adopts the pre-authentication to terminate the authentication of the vehicle which fails to be authenticated in advance, thereby effectively saving bandwidth resources and greatly improving the efficiency of vehicle authentication.
2. The invention adopts the Hash algorithm to calculate the pre-authentication value, can judge the attacker which intentionally attacks the road side unit in advance, effectively defends DoS attack and ensures the security of authentication.
Drawings
Fig. 1 is an overall flowchart of the authentication method of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention is based on an intelligent transportation vehicle self-organizing network, and the vehicle self-organizing network consists of three different main bodies, namely a vehicle V, a road side unit RSU and a trusted authority TA. The trusted authority TA is a certification authority and may be assumed by a third party authority such as a traffic control authority. In the vehicle self-organizing network, vehicles exchange state information mutually, and functions of driving safety early warning, driving assistance, distributed traffic information publishing and the like are realized.
Referring to fig. 1, the invention is a DoS attack defense method based on vehicle authentication, comprising the following steps:
(1) Road Side Unit (RSU) R Using a private key sprk R For self identity ID R Signing with the time stamp T to generate
Figure BDA0002989284680000031
Identify itself by ID R Time stamp T, random number nonce R Public key puk of trusted authority TA T And
Figure BDA0002989284680000032
sending to all vehicles;
(2) Vehicle V v Receiving Road Side Unit (RSU) R Using the RSU after the transmitted message R Of (2) the public key spuk R Decrypting signatures
Figure BDA0002989284680000041
Comparison Road Side Unit (RSU) R Directly transmitted self-identity ID R Timestamp T and public key puk T If the authentication is inconsistent with the verification result, the verification fails and the verification is quitted; if they are consistent, the RSU R If the identity is legal, executing the step (3);
(3) Vehicle V v By legal self-identity ID R Calculating and generating its own pseudonym PS v Using a private key sprk v For pseudonym PS v Signing with the time stamp T to generate
Figure BDA0002989284680000042
PS pseudonym v Self-identity ID R Time stamp T, request to join,
Figure BDA0002989284680000043
Pre-authentication value K i And random number nonce R Road side unit RSU R Wherein, pseudonym PS v And a pre-authentication value K i The calculation formula of (2) is:
Figure BDA0002989284680000044
K i =HASH(K i+1 ),0≤i≤n-1
(4) Road Side Unit (RSU) R Receiving a vehicle V v After the message is sent, vehicle V is known by join v Request to join, using an initial value of K 0 Calculating to generate K i And a vehicle V v Transmitted K i Comparing, if not, failing to authenticate, and quitting authentication; if yes, executing the step (5);
(5) Road Side Unit (RSU) R Using vehicles V v Of (2) the public key spuk V Decrypting signatures
Figure BDA0002989284680000045
Comparison vehicle V v Directly transmitted pseudonym PS v If the time stamp T is inconsistent with the time stamp T, the authentication fails, and the authentication is quitted; if they are consistent, the vehicle pseudonym PS v The authentication is passed through, and the authentication is passed,vehicle V v And Road Side Unit (RSU) R And the mutual authentication is successful, and the authentication is finished.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described above, or that certain features may be substituted for those skilled in the art, and all changes, equivalents, and improvements that fall within the spirit and scope of the invention are therefore intended to be embraced by the appended claims.

Claims (1)

1. A DoS attack defense method based on vehicle authentication is characterized by comprising the following steps:
(1) Road Side Unit (RSU) R Using the private key sprk R For self identity ID R Public key puk of trusted authority TA T Signing with the time stamp T to generate
Figure FDA0003948003790000011
Identify itself by ID R Timestamp T, random number nonce R Public key puk of trusted authority TA T And
Figure FDA0003948003790000012
sending to all vehicles;
(2) Vehicle V v Receiving Road Side Unit (RSU) R Using the RSU after the transmitted message R Of (2) the public key spuk R Decrypting signatures
Figure FDA0003948003790000013
Comparison Road Side Unit (RSU) R Directly transmitted self-identity ID R Timestamp T and public key puk T If the authentication is inconsistent with the verification result, the verification fails and the verification is quitted; if the two are consistent, the road side unit RSU R If the identity is legal, executing the step (3);
(3) Vehicle V v By legal selfIdentity ID V Calculating and generating its own pseudonym PS v Using a private key sprk v For pseudonym PS v Signing with the time stamp T to generate
Figure FDA0003948003790000014
PS pseudonym v Self identity ID V Time stamp T, request to join,
Figure FDA0003948003790000015
Pre-authentication value K i And a random number nonce R Road side unit RSU R Wherein, pseudonym PS v And a pre-authentication value K i The calculation formula of (2) is:
Figure FDA0003948003790000016
K i+1 =HASH(K i ),0≤i≤n-1
(4) Road Side Unit (RSU) R Receiving a vehicle V v After the message is sent, vehicle V is known by join v Request to join, using an initial value of K 0 Calculating to generate K i And a vehicle V v Transmitted K i Comparing, if not, failing to authenticate, and quitting authentication; if yes, executing step (5);
(5) Road Side Unit (RSU) R Using vehicles V v Of (2) the public key spuk V Decrypting signatures
Figure FDA0003948003790000017
Comparison vehicle V v Directly transmitted pseudonym PS v If the time stamp T is inconsistent with the time stamp T, the authentication fails, and the authentication is quitted; if they are consistent, the vehicle pseudonym PS v Authentication passed, vehicle V v And Road Side Unit (RSU) R And the mutual authentication is successful, and the authentication is finished.
CN202110310091.9A 2021-03-23 2021-03-23 DoS attack defense method based on vehicle authentication Active CN112910928B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110310091.9A CN112910928B (en) 2021-03-23 2021-03-23 DoS attack defense method based on vehicle authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110310091.9A CN112910928B (en) 2021-03-23 2021-03-23 DoS attack defense method based on vehicle authentication

Publications (2)

Publication Number Publication Date
CN112910928A CN112910928A (en) 2021-06-04
CN112910928B true CN112910928B (en) 2023-02-07

Family

ID=76106139

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110310091.9A Active CN112910928B (en) 2021-03-23 2021-03-23 DoS attack defense method based on vehicle authentication

Country Status (1)

Country Link
CN (1) CN112910928B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115378602A (en) * 2022-07-28 2022-11-22 中国第一汽车股份有限公司 Vehicle identity authentication method and device, vehicle and vehicle identity authentication system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833074A (en) * 2018-04-28 2018-11-16 西安电子科技大学 The Verification System and method of vehicle self-organizing network based on homomorphic cryptography
WO2019041896A1 (en) * 2017-09-04 2019-03-07 东北大学 Virtual mix-zone-based vanet position privacy protection system and method
CN109788482A (en) * 2019-02-26 2019-05-21 武汉大学 Message anonymous authentication method and system under a kind of car networking environment between vehicle
CN110022542A (en) * 2019-05-23 2019-07-16 桂林电子科技大学 A kind of anonymous authentication method of the modified based on condition secret protection

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019041896A1 (en) * 2017-09-04 2019-03-07 东北大学 Virtual mix-zone-based vanet position privacy protection system and method
CN108833074A (en) * 2018-04-28 2018-11-16 西安电子科技大学 The Verification System and method of vehicle self-organizing network based on homomorphic cryptography
CN109788482A (en) * 2019-02-26 2019-05-21 武汉大学 Message anonymous authentication method and system under a kind of car networking environment between vehicle
CN110022542A (en) * 2019-05-23 2019-07-16 桂林电子科技大学 A kind of anonymous authentication method of the modified based on condition secret protection

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
WSN中一种防御广播认证中的DoS攻击策略;游林等;《传感技术学报》;20111130(第11期);全文 *
基于可信计算的车载网认证方案;文松等;《湖北文理学院学报》;20170815(第08期);全文 *
车联网匿名认证方案研究;宋成等;《小型微型计算机系统》;20180515(第05期);全文 *

Also Published As

Publication number Publication date
CN112910928A (en) 2021-06-04

Similar Documents

Publication Publication Date Title
CN108964919B (en) Lightweight anonymous authentication method with privacy protection based on Internet of vehicles
CN109412816B (en) Anonymous communication system and method for vehicle-mounted network based on ring signature
CN107947932B (en) Vehicle ad hoc network authentication method based on non-bilinear mapping certificateless signature
CN109005542B (en) 5G Internet of vehicles rapid message authentication method based on reputation system
CN114584976B (en) Internet of vehicles identity authentication system and method based on certificate-free aggregation signature
CN110071797B (en) Method for changing privacy protection authentication of internet of vehicles based on pseudonymous names of mixed contexts
CN114867014B (en) Internet of vehicles access control method, system, medium, equipment and terminal
WO2023236551A1 (en) Decentralized trusted access method for cellular base station
CN112437108A (en) Decentralized identity authentication device and method for privacy protection of Internet of vehicles
CN110677256B (en) VPKI-based VANETs pseudonym revocation system and method
CN114430552B (en) Vehicle networking v2v efficient communication method based on message pre-authentication technology
CN112910928B (en) DoS attack defense method based on vehicle authentication
CN113364598B (en) Batch authentication method for privacy protection in Internet of vehicles environment
Agustina et al. Secure VANET protocol using hierarchical pseudonyms with blind signature
CN116032495B (en) Vehicle-cloud cooperative safety transmission data anomaly detection method based on intelligent traffic system
CN110493748B (en) Fog-based road condition detection and authentication method
CN101674576B (en) Key exchange authentication method with no need of hometown network participation when in roaming
CN114071463B (en) Batch authentication method of vehicle-mounted self-organizing network based on bilinear mapping
CN115379418A (en) Method suitable for vehicle-mounted ad hoc network secure communication and conditional privacy protection authentication
Vasudev et al. Secure lightweight data transmission scheme for vehicular Ad hoc networks
CN101931952A (en) Wireless metropolitan area network system and identification and verification method thereof
Hathal et al. Token-based lightweight authentication scheme for vehicle to infrastructure communications
Vasudev et al. A lightweight authentication and communication protocol in vehicular cloud computing
CN113660662A (en) Authentication method based on trusted connection architecture in Internet of vehicles environment
CN112654042A (en) Bidirectional identity authentication method based on lightweight CA, computer program and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant