CN112910928B - DoS attack defense method based on vehicle authentication - Google Patents
DoS attack defense method based on vehicle authentication Download PDFInfo
- Publication number
- CN112910928B CN112910928B CN202110310091.9A CN202110310091A CN112910928B CN 112910928 B CN112910928 B CN 112910928B CN 202110310091 A CN202110310091 A CN 202110310091A CN 112910928 B CN112910928 B CN 112910928B
- Authority
- CN
- China
- Prior art keywords
- vehicle
- authentication
- rsu
- side unit
- road side
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
- H04W4/44—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
- H04W4/48—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for in-vehicle communication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Traffic Control Systems (AREA)
Abstract
DoS attack defense method based on vehicle authentication, and vehicle V v Receiving Road Side Unit (RSU) R Comparing the sent messages, if the messages are consistent, the RSU R Identity legal, vehicle V v By legal identity ID R Calculating and generating its own pseudonym PS v Signed, generate SIG sprkv (PS V | T), PS (p) v 、ID R T, request to join, SIG sprkv (PS V | T), pre-authentication value K i And random number nonce R Road side unit RSU R Road side unit RSU R Receiving a vehicle V v After the message is sent, vehicle V is known by join v Request to join, using an initial value of K 0 Calculating to generate K i And a vehicle V v Transmitted K i Comparing, if the two are consistent, the RSU R Using vehicles V v Of (2) the public key spuk V Decryption signature SIG sprkv (PS V | T), comparison vehicle V v Direct transmission PS v And T, if they are identical, vehicle V v And Road Side Unit (RSU) R The mutual authentication is successful, and the authentication is finished; in the authentication process of the road side unit to the vehicle, the invention adopts the pre-authentication, terminates the authentication of the vehicle which fails to be authenticated in advance, adopts the Hash algorithm to calculate the pre-authentication value, can judge the attacker which intentionally attacks the road side unit in advance, effectively defends against the DoS attack and ensures the security of the authentication.
Description
Technical Field
The invention belongs to the technical field of information security of vehicle authentication, and particularly relates to a DoS attack defense method based on vehicle authentication.
Background
In recent years, the traffic industry of China is rapidly developed, and an intelligent traffic system also plays an important role. In particular, the vehicle ad hoc network is concerned about and a large number of researchers are invested in the network. The vehicle self-organizing network consists of three different main bodies, namely a vehicle V, a road side unit RSU and a credible institution TA. The trusted authority TA is a certification authority and may be assumed by a third party authority such as a traffic control authority. In the vehicle self-organizing network, vehicles exchange state information mutually, and functions of driving safety early warning, driving assistance, distributed traffic information publishing and the like are realized. While providing services, the ad hoc network of the vehicle faces many security threats, such as DoS (Denial of Service) attacks, and in the authentication process of the vehicle and the road side unit, an attacker uses a brute force approach to exhaust the resource of the road side unit, so that the road side unit cannot provide normal authentication requirements for the vehicle, and the authentication system is broken down.
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to provide a vehicle authentication-based DoS attack defense method, which adopts a Hash algorithm to calculate a pre-authentication value in the authentication process of a road side unit to a vehicle, terminates the authentication of the vehicle which fails in the pre-authentication, effectively defends the DoS attack occurring in the authentication process of the vehicle and the road side unit, and realizes the safety authentication of the vehicle.
In order to achieve the purpose, the invention provides the following technical scheme:
a DoS attack defense method based on vehicle authentication comprises the following steps:
(1) Road Side Unit (RSU) R Using a private key sprk R For self identity ID R Signing with the time stamp T to generateIdentify itself by ID R Timestamp T, random number nonce R Public key puk of trusted authority TA T Andsending to all vehicles;
(2) Vehicle V v Receiving Road Side Unit (RSU) R Using the RSU after the transmitted message R Of (2) the public key spuk R Decrypting signaturesComparison Road Side Unit (RSU) R Directly transmitted self-identity ID R Timestamp T and public key puk T If the authentication is inconsistent, the authentication fails, and the authentication is quitted; if they are consistent, the RSU R If the identity is legal, executing the step (3);
(3) Vehicle V v By legal self-identity ID R Calculating and generating its own pseudonym PS v Using a private key sprk v For pseudonym PS v Signing with the time stamp T to generatePS pseudonym v Self-identity ID R Time stamp T, request to join,Pre-authentication value K i And random number nonce R Road side unit RSU R Wherein, pseudonym PS v And a pre-authentication value K i The calculation formula of (2) is:
K i =HASH(K i+1 ),0≤i≤n-1
(4) Road Side Unit (RSU) R Receiving a vehicle V v After the message is sent, vehicle V is known by join v Request to join, using an initial value of K 0 Calculating to generate K i And a vehicle V v Transmitted K i Comparing, if not, failing to authenticate, quitting authentication; if yes, executing the step (5);
(5) Road Side Unit (RSU) R Using vehicles V v Of (2) a public key spuk V Decrypting signaturesComparison vehicle V v Directly transmitted pseudonym PS v If the time stamp T is inconsistent with the time stamp T, the authentication fails, and the authentication is quitted; if they are consistent, the vehicle pseudonym PS v Authentication passed, vehicle V v And Road Side Unit (RSU) R And the mutual authentication is successful, and the authentication is finished.
The invention has the technical effects and advantages that:
1. in the authentication process of the road side unit to the vehicle, the invention adopts the pre-authentication to terminate the authentication of the vehicle which fails to be authenticated in advance, thereby effectively saving bandwidth resources and greatly improving the efficiency of vehicle authentication.
2. The invention adopts the Hash algorithm to calculate the pre-authentication value, can judge the attacker which intentionally attacks the road side unit in advance, effectively defends DoS attack and ensures the security of authentication.
Drawings
Fig. 1 is an overall flowchart of the authentication method of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention is based on an intelligent transportation vehicle self-organizing network, and the vehicle self-organizing network consists of three different main bodies, namely a vehicle V, a road side unit RSU and a trusted authority TA. The trusted authority TA is a certification authority and may be assumed by a third party authority such as a traffic control authority. In the vehicle self-organizing network, vehicles exchange state information mutually, and functions of driving safety early warning, driving assistance, distributed traffic information publishing and the like are realized.
Referring to fig. 1, the invention is a DoS attack defense method based on vehicle authentication, comprising the following steps:
(1) Road Side Unit (RSU) R Using a private key sprk R For self identity ID R Signing with the time stamp T to generateIdentify itself by ID R Time stamp T, random number nonce R Public key puk of trusted authority TA T Andsending to all vehicles;
(2) Vehicle V v Receiving Road Side Unit (RSU) R Using the RSU after the transmitted message R Of (2) the public key spuk R Decrypting signaturesComparison Road Side Unit (RSU) R Directly transmitted self-identity ID R Timestamp T and public key puk T If the authentication is inconsistent with the verification result, the verification fails and the verification is quitted; if they are consistent, the RSU R If the identity is legal, executing the step (3);
(3) Vehicle V v By legal self-identity ID R Calculating and generating its own pseudonym PS v Using a private key sprk v For pseudonym PS v Signing with the time stamp T to generatePS pseudonym v Self-identity ID R Time stamp T, request to join,Pre-authentication value K i And random number nonce R Road side unit RSU R Wherein, pseudonym PS v And a pre-authentication value K i The calculation formula of (2) is:
K i =HASH(K i+1 ),0≤i≤n-1
(4) Road Side Unit (RSU) R Receiving a vehicle V v After the message is sent, vehicle V is known by join v Request to join, using an initial value of K 0 Calculating to generate K i And a vehicle V v Transmitted K i Comparing, if not, failing to authenticate, and quitting authentication; if yes, executing the step (5);
(5) Road Side Unit (RSU) R Using vehicles V v Of (2) the public key spuk V Decrypting signaturesComparison vehicle V v Directly transmitted pseudonym PS v If the time stamp T is inconsistent with the time stamp T, the authentication fails, and the authentication is quitted; if they are consistent, the vehicle pseudonym PS v The authentication is passed through, and the authentication is passed,vehicle V v And Road Side Unit (RSU) R And the mutual authentication is successful, and the authentication is finished.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described above, or that certain features may be substituted for those skilled in the art, and all changes, equivalents, and improvements that fall within the spirit and scope of the invention are therefore intended to be embraced by the appended claims.
Claims (1)
1. A DoS attack defense method based on vehicle authentication is characterized by comprising the following steps:
(1) Road Side Unit (RSU) R Using the private key sprk R For self identity ID R Public key puk of trusted authority TA T Signing with the time stamp T to generateIdentify itself by ID R Timestamp T, random number nonce R Public key puk of trusted authority TA T Andsending to all vehicles;
(2) Vehicle V v Receiving Road Side Unit (RSU) R Using the RSU after the transmitted message R Of (2) the public key spuk R Decrypting signaturesComparison Road Side Unit (RSU) R Directly transmitted self-identity ID R Timestamp T and public key puk T If the authentication is inconsistent with the verification result, the verification fails and the verification is quitted; if the two are consistent, the road side unit RSU R If the identity is legal, executing the step (3);
(3) Vehicle V v By legal selfIdentity ID V Calculating and generating its own pseudonym PS v Using a private key sprk v For pseudonym PS v Signing with the time stamp T to generatePS pseudonym v Self identity ID V Time stamp T, request to join,Pre-authentication value K i And a random number nonce R Road side unit RSU R Wherein, pseudonym PS v And a pre-authentication value K i The calculation formula of (2) is:
K i+1 =HASH(K i ),0≤i≤n-1
(4) Road Side Unit (RSU) R Receiving a vehicle V v After the message is sent, vehicle V is known by join v Request to join, using an initial value of K 0 Calculating to generate K i And a vehicle V v Transmitted K i Comparing, if not, failing to authenticate, and quitting authentication; if yes, executing step (5);
(5) Road Side Unit (RSU) R Using vehicles V v Of (2) the public key spuk V Decrypting signaturesComparison vehicle V v Directly transmitted pseudonym PS v If the time stamp T is inconsistent with the time stamp T, the authentication fails, and the authentication is quitted; if they are consistent, the vehicle pseudonym PS v Authentication passed, vehicle V v And Road Side Unit (RSU) R And the mutual authentication is successful, and the authentication is finished.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110310091.9A CN112910928B (en) | 2021-03-23 | 2021-03-23 | DoS attack defense method based on vehicle authentication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110310091.9A CN112910928B (en) | 2021-03-23 | 2021-03-23 | DoS attack defense method based on vehicle authentication |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112910928A CN112910928A (en) | 2021-06-04 |
CN112910928B true CN112910928B (en) | 2023-02-07 |
Family
ID=76106139
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110310091.9A Active CN112910928B (en) | 2021-03-23 | 2021-03-23 | DoS attack defense method based on vehicle authentication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112910928B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115378602A (en) * | 2022-07-28 | 2022-11-22 | 中国第一汽车股份有限公司 | Vehicle identity authentication method and device, vehicle and vehicle identity authentication system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108833074A (en) * | 2018-04-28 | 2018-11-16 | 西安电子科技大学 | The Verification System and method of vehicle self-organizing network based on homomorphic cryptography |
WO2019041896A1 (en) * | 2017-09-04 | 2019-03-07 | 东北大学 | Virtual mix-zone-based vanet position privacy protection system and method |
CN109788482A (en) * | 2019-02-26 | 2019-05-21 | 武汉大学 | Message anonymous authentication method and system under a kind of car networking environment between vehicle |
CN110022542A (en) * | 2019-05-23 | 2019-07-16 | 桂林电子科技大学 | A kind of anonymous authentication method of the modified based on condition secret protection |
-
2021
- 2021-03-23 CN CN202110310091.9A patent/CN112910928B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019041896A1 (en) * | 2017-09-04 | 2019-03-07 | 东北大学 | Virtual mix-zone-based vanet position privacy protection system and method |
CN108833074A (en) * | 2018-04-28 | 2018-11-16 | 西安电子科技大学 | The Verification System and method of vehicle self-organizing network based on homomorphic cryptography |
CN109788482A (en) * | 2019-02-26 | 2019-05-21 | 武汉大学 | Message anonymous authentication method and system under a kind of car networking environment between vehicle |
CN110022542A (en) * | 2019-05-23 | 2019-07-16 | 桂林电子科技大学 | A kind of anonymous authentication method of the modified based on condition secret protection |
Non-Patent Citations (3)
Title |
---|
WSN中一种防御广播认证中的DoS攻击策略;游林等;《传感技术学报》;20111130(第11期);全文 * |
基于可信计算的车载网认证方案;文松等;《湖北文理学院学报》;20170815(第08期);全文 * |
车联网匿名认证方案研究;宋成等;《小型微型计算机系统》;20180515(第05期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN112910928A (en) | 2021-06-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108964919B (en) | Lightweight anonymous authentication method with privacy protection based on Internet of vehicles | |
CN109412816B (en) | Anonymous communication system and method for vehicle-mounted network based on ring signature | |
CN107947932B (en) | Vehicle ad hoc network authentication method based on non-bilinear mapping certificateless signature | |
CN109005542B (en) | 5G Internet of vehicles rapid message authentication method based on reputation system | |
CN114584976B (en) | Internet of vehicles identity authentication system and method based on certificate-free aggregation signature | |
CN110071797B (en) | Method for changing privacy protection authentication of internet of vehicles based on pseudonymous names of mixed contexts | |
CN114867014B (en) | Internet of vehicles access control method, system, medium, equipment and terminal | |
WO2023236551A1 (en) | Decentralized trusted access method for cellular base station | |
CN112437108A (en) | Decentralized identity authentication device and method for privacy protection of Internet of vehicles | |
CN110677256B (en) | VPKI-based VANETs pseudonym revocation system and method | |
CN114430552B (en) | Vehicle networking v2v efficient communication method based on message pre-authentication technology | |
CN112910928B (en) | DoS attack defense method based on vehicle authentication | |
CN113364598B (en) | Batch authentication method for privacy protection in Internet of vehicles environment | |
Agustina et al. | Secure VANET protocol using hierarchical pseudonyms with blind signature | |
CN116032495B (en) | Vehicle-cloud cooperative safety transmission data anomaly detection method based on intelligent traffic system | |
CN110493748B (en) | Fog-based road condition detection and authentication method | |
CN101674576B (en) | Key exchange authentication method with no need of hometown network participation when in roaming | |
CN114071463B (en) | Batch authentication method of vehicle-mounted self-organizing network based on bilinear mapping | |
CN115379418A (en) | Method suitable for vehicle-mounted ad hoc network secure communication and conditional privacy protection authentication | |
Vasudev et al. | Secure lightweight data transmission scheme for vehicular Ad hoc networks | |
CN101931952A (en) | Wireless metropolitan area network system and identification and verification method thereof | |
Hathal et al. | Token-based lightweight authentication scheme for vehicle to infrastructure communications | |
Vasudev et al. | A lightweight authentication and communication protocol in vehicular cloud computing | |
CN113660662A (en) | Authentication method based on trusted connection architecture in Internet of vehicles environment | |
CN112654042A (en) | Bidirectional identity authentication method based on lightweight CA, computer program and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |