CN114389836A - Vehicle-mounted cloud computing method with privacy protection based on SDN - Google Patents

Vehicle-mounted cloud computing method with privacy protection based on SDN Download PDF

Info

Publication number
CN114389836A
CN114389836A CN202111476104.6A CN202111476104A CN114389836A CN 114389836 A CN114389836 A CN 114389836A CN 202111476104 A CN202111476104 A CN 202111476104A CN 114389836 A CN114389836 A CN 114389836A
Authority
CN
China
Prior art keywords
vehicle
cloud
key
mounted cloud
sdn
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111476104.6A
Other languages
Chinese (zh)
Other versions
CN114389836B (en
Inventor
肖敏
肖艳霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong GreenTec Electric Technology Co ltd
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN202111476104.6A priority Critical patent/CN114389836B/en
Publication of CN114389836A publication Critical patent/CN114389836A/en
Application granted granted Critical
Publication of CN114389836B publication Critical patent/CN114389836B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to the technical field of vehicle-mounted network communication safety, in particular to a vehicle-mounted cloud computing method with privacy protection based on an SDN (software defined network). the method comprises the steps of constructing a vehicle-mounted cloud computing system based on the SDN, and applying for registration of a new vehicle in the system and obtaining a resource certificate; the vehicle-mounted cloud initiator selects the vehicles passing the verification from the vehicles to form a vehicle-mounted cloud, and numbers the selected vehicles and the vehicle-mounted cloud initiator, and all the vehicles in the vehicle-mounted cloud negotiate a vehicle-mounted cloud key; when other new vehicles want to join the vehicle-mounted cloud, the vehicle-mounted cloud initiator numbers the vehicle after verifying the validity of the resource certificate of the new user, and renegotiates a vehicle-mounted cloud key; when a member leaves the vehicle-mounted cloud, the leaving member sends a leaving message to a neighbor vehicle of the member, and renegotiates a vehicle-mounted cloud key; the invention ensures that all vehicle nodes cannot confirm the real identity of the sender through the message and cannot track the position information of the vehicle through the link message.

Description

Vehicle-mounted cloud computing method with privacy protection based on SDN
Technical Field
The invention relates to the technical field of vehicle-mounted network communication safety, in particular to a vehicle-mounted cloud computing method with privacy protection based on an SDN.
Background
In a car networking environment, vehicles may acquire useful data and efficient applications through vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I) interactions. However, the complexity of the road environment poses challenges to the computing and storage capabilities of individual vehicles, which cannot process massive and highly time-efficient data in a timely manner. Vehicle-mounted cloud computing (VCC) combines vehicle networking and cloud computing technologies to aggregate underutilized vehicle resources into a temporary "cloud" and dynamically allocate available resources to authorized vehicles. VCC can provide efficient technical support for the research of automatic driving and intelligent traffic.
At present, vehicle-mounted cloud architectures are divided into two types, one type is established by a trusted third party, and the other type is established by vehicle self-organization. The former is where a trusted authority selects a group of vehicles as members of an onboard cloud, and selects a lead vehicle and a following vehicle. In the latter, the vehicle self-organizes to build the vehicle-mounted cloud, and usually the first vehicle initiating the vehicle-mounted cloud building message is the leading vehicle, and the other vehicles are the following vehicles. Research shows that the safety and privacy of VCC are not effectively solved due to the fusion of Internet of vehicles and cloud computing technology. The VCC may allow a malicious vehicle to falsely report its own resources or masquerade to build a vehicle cloud, thereby attacking the vehicle of the vehicle cloud, or initiating an attack against the privacy of the cloud, or sending a false message to interfere with the channel.
As a technology for decoupling a control plane and a data plane, a Software Defined Network (SDN) controller may periodically collect vehicle state information of the data plane by using control layer and plane layer related protocols, and control the whole network behavior by using the SDN controller with global network knowledge. The SDN controller maintains vehicle related information, can predict traffic state, track malicious vehicles, and provide high-quality safety guarantee for city traffic services such as automatic driving, intelligent safety and the like.
Disclosure of Invention
In order to protect privacy of vehicle-mounted cloud key negotiation in a self-organizing vehicle-mounted cloud building process, the invention provides a vehicle-mounted cloud computing method with privacy protection based on an SDN (software defined network), a vehicle-mounted cloud computing system based on the SDN is built, the system comprises an SDN controller, and the vehicle-mounted cloud computing method after the vehicle-mounted cloud computing system based on the SDN is initialized comprises the following steps:
s1, the vehicle in the vehicle-mounted cloud computing system based on the SDN sends the vehicle identity information to apply for registration to the SDN controller;
s2, the vehicle which completes the registration sends a resource certificate request to the SDN controller;
s3, after receiving the resource certificate request, the SDN controller judges the validity of the request and judges whether the quantity of the resources requested by the vehicle is not more than the quantity of the available resources of the vehicle, if so, the SDN controller sends the resource certificate to the vehicle;
s4, the vehicle which wants to join the vehicle-mounted cloud sends the information with the resource certificate to the vehicle-mounted cloud initiator, the vehicle-mounted cloud initiator verifies the resource certificate of the application vehicle, and n-1 members are randomly selected from the verified application vehicles;
s5, the vehicle-mounted cloud initiator numbers each member including the vehicle-mounted cloud initiator, broadcasts member information and a signature user set;
s6, the vehicle-mounted cloud initiator and n users selected by the vehicle-mounted cloud initiator in the number of n-1 members negotiate a vehicle-mounted cloud key;
s7, when other new vehicles want to join the vehicle-mounted cloud formed by the n members, the vehicle-mounted cloud initiator numbers the vehicle after verifying the validity of the resource certificate of the new user, and renegotiates a vehicle-mounted cloud secret key;
and S8, when the member leaves the vehicle-mounted cloud, the leaving member sends the leaving message to the neighbor vehicle of the member, and the vehicle-mounted cloud key is renegotiated.
Further, the vehicle applies for registration to the SDN controller, that is, the vehicle sends a request ciphertext obtained by encrypting a message including the information of the vehicle to the SDN controller for registration, and a process of generating the request ciphertext obtained by encrypting the message including the information of the vehicle includes:
vehicle viRandomly selecting a secret value
Figure RE-RE-GDA0003554575790000021
And calculates a corresponding temporary public key
Figure RE-RE-GDA0003554575790000022
Generating a signature according to the idle resource description, the temporary public key and the identity ID which the vehicle is willing to contribute;
the method comprises the following steps of encrypting a free resource description, a temporary public key, an identity ID and a generated signature which are willing to be contributed by a vehicle by using a long-term private key distributed to an SDN controller during initialization of a system to obtain a request ciphertext, wherein the request ciphertext is represented as:
Figure RE-RE-GDA0003554575790000031
wherein the content of the first and second substances,
Figure RE-RE-GDA0003554575790000032
for vehicles viThe request ciphertext of (1);
Figure RE-RE-GDA0003554575790000033
public key encryption using SDN controller C;
Figure RE-RE-GDA0003554575790000034
for vehicles viThe identity ID of (1);
Figure RE-RE-GDA0003554575790000035
for vehicles viThe temporary public key of (2);
Figure RE-RE-GDA0003554575790000036
for vehicles viFree resource descriptions willing to contribute; t is t0A presentation time stamp; σ is a signature generated according to the free resource description, the temporary public key and the identity ID which the vehicle is willing to contribute, and is represented as:
Figure RE-RE-GDA0003554575790000037
Figure RE-RE-GDA0003554575790000038
indicating a vehicle viSignatures made using a long-term private key.
Further, the vehicle that completes registration initiates a resource certificate request to the SDN controller, that is, the SDN controller verifies a registration application message sent by the vehicle, and the process includes:
the SDN controller confirms the number of available resources of a request vehicle according to information sent by the request vehicle application registration, and judges whether the number of the resources is not larger than the number of the available resources of the request vehicle in a resource view maintained by the SDN controller;
if yes, the SDN controller uses the private key skCSigning resource descriptions of vehicles
Figure RE-RE-GDA0003554575790000039
And use the temporary public key
Figure RE-RE-GDA00035545757900000310
Obtaining a resource certificate, the resource certificate being expressed as:
Figure RE-RE-GDA00035545757900000311
long-term public key assigned to requesting vehicle upon system initialization
Figure RE-RE-GDA00035545757900000312
Encrypted transmission to requesting vehicle vi
The SDN controller stores the mapping relation between the resource certificate and the identity ID of the requesting vehicle;
wherein the content of the first and second substances,
Figure RE-RE-GDA00035545757900000313
issuing SDN controllers to vehicles viThe resource certificate of (2); t isexpIndicating a validity period of the certificate;
Figure RE-RE-GDA00035545757900000314
representing SDN controller to utilize its private key skCThe signature made;
Figure RE-RE-GDA00035545757900000315
indicating a vehicle viThe temporary public key of (2).
Further, the vehicle which wants to join the vehicle-mounted cloud sends the information with the resource certificate to the vehicle-mounted cloud initiator, and the sent information is represented as
Figure RE-RE-GDA00035545757900000316
Wherein
Figure RE-RE-GDA00035545757900000317
Indicating use of vehicle viEncrypting the resource certificate and the signature on the resource certificate by the temporary public key;
Figure RE-RE-GDA00035545757900000318
indicating a vehicle viThe resource certificate of (2);
Figure RE-RE-GDA00035545757900000319
according to vehicle viPrivate key of
Figure RE-RE-GDA00035545757900000320
For vehicle viThe resource certificate of (a) is signed.
Further, the process that the vehicle-mounted cloud initiator numbers each member, broadcasts the member information and signs the user set comprises the following steps:
the vehicle-mounted cloud initiator verifies the validity of the received information with the resource certificate according to the public key verification signature of the SDN controller;
the vehicle-mounted cloud initiator carries out ring type numbering on n-1 members, namely the numbering is from 1 to n;
the number of the vehicle-mounted cloud members from 1 to n is v in sequence1,v2,v3,...,vn
Figure RE-RE-GDA0003554575790000041
Indicating a vehicle viThe vehicle-mounted cloud initiator issues the vehicle-mounted cloud member set and the signature thereof according to the serial number sequence, and the vehicle-mounted cloud member set and the signature thereof are represented as follows:
Figure RE-RE-GDA0003554575790000042
the VCmember represents a member set of the vehicle-mounted cloud initiated by a vehicle-mounted cloud initiator and a signature thereof;
Figure RE-RE-GDA0003554575790000043
a signature representing an onboard cloud initiated by an onboard cloud initiator;
Figure RE-RE-GDA0003554575790000044
representing the signature of the vehicle cloud originator V on the member set using the ephemeral private key.
Further, the process of negotiating the key of the vehicle cloud by the user in the member set of the vehicle cloud includes:
vehicle viUsing temporary private keys
Figure RE-RE-GDA0003554575790000045
Generating two authentication messages
Figure RE-RE-GDA0003554575790000046
Figure RE-RE-GDA0003554575790000047
Respectively sent to adjacent vehicles vi-1,vi+1
Member viWill receive member vi+1Transmitted message
Figure RE-RE-GDA0003554575790000048
And member vi-1Transmitted message
Figure RE-RE-GDA0003554575790000049
Calculating a key parameter B from a transmitted messagei+1、Bi-1Respectively using vi+1And vi-1Temporary public key verification signature
Figure RE-RE-GDA00035545757900000410
And
Figure RE-RE-GDA00035545757900000411
the effectiveness of (a); if all the verification is successful, calculating and broadcasting a key parameter value Xi
Each vehicle in the vehicle-mounted cloud receives n-1XiAnd calculating the vehicle-mounted cloud key according to a formula, wherein the calculation process comprises the following steps:
Figure RE-RE-GDA00035545757900000412
the vehicle-mounted cloud key confirms that the vehicle-mounted cloud initiator encrypts the vehicle-mounted cloud member set VCmember by using the temporary key calculated by the vehicle-mounted cloud initiator, and signs the ciphertext by using the temporary private key to obtain the message
Figure RE-RE-GDA00035545757900000413
Broadcasting to a vehicle-mounted cloud, wherein each member carries out signature verification on the received message and carries out decryption verification by using a key calculated by the member, if the decrypted plaintext is the same as the broadcasted user set, a confirmation message is broadcasted, and after all other cloud members send the confirmation message, key negotiation is successful;
wherein D isi,i-1Indicating a vehicle viRandomly selecting a secret value siAnd use of vi-1Temporary public key of
Figure RE-RE-GDA00035545757900000414
Hidden secret value siIs sent to vi-1
Figure RE-RE-GDA0003554575790000051
Indicating a vehicle viAccording to
Figure RE-RE-GDA0003554575790000052
Calculating a Key parameter Bi-1N denotes the number of vehicles in the vehicle cloud, siIndicating a vehicle viThe selected secret value.
Further, the key parameter value XiExpressed as:
Figure RE-RE-GDA0003554575790000053
where g is a common parameter of the system, siIndicating a vehicle viThe selected secret value.
Further, when a new vehicle joins the vehicle-mounted cloud, the vehicle-mounted cloud initiator numbers the vehicle after verifying the validity of the resource certificate of the new user, and renegotiates a vehicle-mounted cloud key, including:
when a vehicle w outside the vehicle cloud joins the vehicle cloud initiated by the vehicle V, the vehicle w sends a request
Figure RE-RE-GDA0003554575790000054
pkVRepresenting the temporary public key of vehicle V.
The vehicle-mounted cloud initiator verifies the validity of the new member resource certificate and numbers a new vehiclen+1And signing the member set by using a long-term private key and broadcasting, wherein the long-term private key signature member set is expressed as:
Figure RE-RE-GDA0003554575790000055
new vehicle vn+1Using temporary private keys in resource certificates
Figure RE-RE-GDA0003554575790000056
Computing two authentication messages
Figure RE-RE-GDA0003554575790000057
And
Figure RE-RE-GDA0003554575790000058
message sending
Figure RE-RE-GDA0003554575790000059
Are sent to member v separately1And vn
Vehicle v1Use v firstn+1Temporary public key verification signature
Figure RE-RE-GDA00035545757900000510
The effectiveness of (a); if the verification is successful, calculating
Figure RE-RE-GDA00035545757900000511
Calculating Key parameter X'1=B2/Bn+1Prepared from X'1Broadcast to the vehicle cloud, will
Figure RE-RE-GDA00035545757900000512
For vehicle vn+1
Vehicle vnFirst verifying the signature
Figure RE-RE-GDA00035545757900000513
The effectiveness of (a); if the verification is successful, calculating
Figure RE-RE-GDA00035545757900000514
Calculating X'n=Bn+1/Bn-1Prepared from X'nBroadcast to the vehicle cloud, will
Figure RE-RE-GDA00035545757900000515
For vehicle vn+1
Vehicle vn+1First, the signatures are verified separately
Figure RE-RE-GDA00035545757900000516
And
Figure RE-RE-GDA00035545757900000517
the effectiveness of (a); if the verification is successful, calculating
Figure RE-RE-GDA00035545757900000518
And
Figure RE-RE-GDA00035545757900000519
compute and broadcast Xn+1=B1/Bn
All vehicles in the vehicle-mounted cloud can receive X'1,X'n,Xn+1At the moment, the vehicle-mounted cloud has N +1 members in total, N is equal to N +1, and the vehicle in the vehicle-mounted cloud is according to a formula
Figure RE-RE-GDA00035545757900000520
And { X'1,X2,X3,...,X'n,Xn+1Updating the vehicle-mounted cloud key;
the vehicle-mounted cloud initiator issues a vehicle-mounted cloud member set, and the set is expressed as:
Figure RE-RE-GDA0003554575790000061
wherein, ReqwA request ciphertext for vehicle w;
Figure RE-RE-GDA0003554575790000062
the temporary public key of the vehicle-mounted cloud initiator V is used for encryption; certwA resource certificate for vehicle w;
Figure RE-RE-GDA0003554575790000063
temporary key sk indicating utilization of vehicle wwSigning the resource certificate; VCmember is a member set;
Figure RE-RE-GDA0003554575790000064
indicating a vehicle viThe temporary key of (2); siFor vehicles viA randomly selected secret value;
Figure RE-RE-GDA0003554575790000065
a signature representing the vehicle V for the user set VCmember; g is a common parameter of the system.
Further, when a member leaves the vehicle-mounted cloud, the leaving member sends a leaving message to a neighboring vehicle of the member, and renegotiates a vehicle-mounted cloud key, including:
vehicle V in vehicle cloud initiated by vehicle VjWhen the vehicle-mounted cloud exits, a leaving message is initiated and broadcasted to the vehicle-mounted cloud, and the leaving message is represented as
Figure RE-RE-GDA0003554575790000066
Vehicle vj+1Receiving vjAfter exiting the broadcast message, calculating
Figure RE-RE-GDA0003554575790000067
Will be provided with
Figure RE-RE-GDA0003554575790000068
Send to member vj-1
Vehicle vj-1First verifying the signature
Figure RE-RE-GDA0003554575790000069
The effectiveness of (a); if the verification is successful, calculating
Figure RE-RE-GDA00035545757900000610
Broadcasting a message D;
all vehicles in the vehicle cloud are according to
Figure RE-RE-GDA00035545757900000611
Updating the vehicle cloud key, expressed as:
Figure RE-RE-GDA00035545757900000612
wherein the content of the first and second substances,
Figure RE-RE-GDA00035545757900000613
indicating a vehicle vjThe temporary public key of (2);
Figure RE-RE-GDA00035545757900000614
indicating a vehicle vjA parameter of the leaving-vehicle cloud broadcast,
Figure RE-RE-GDA00035545757900000615
indicating a vehicle vjA signature on the broadcast; sjIndicating a vehicle vjA selected secret value; dj+1,j-1Indicating a vehicle vj+1Sent to vehicle vj-1Parameter of (a), rj+1Indicating a vehicle vj+1The temporary private key of (a); d represents a vehicle vjOf adjacent vehicles, rj-1Indicating a vehicle vj-1The temporary private key of (a); knewIs an updated key; koldIs the pre-update key.
Further, when the system is initialized, the SDN controller and each vehicle in the system are allocated with a long-term public and private key pair (pk) for the SDN controller and all vehicles v in the system to have a pair of long-term public and private key pairsC,skC) And
Figure RE-RE-GDA00035545757900000616
two large prime numbers p and q are randomly selected during system initialization, wherein q is (p-1), and G is
Figure RE-RE-GDA00035545757900000617
A cycle subgroup of (a) and order q, a common parameter G of the system is a generator on the group G, and the system common parameter is represented as PP ═ { p, q, G }; wherein the content of the first and second substances,
Figure RE-RE-GDA0003554575790000071
is a temporary key value field.
The invention achieves the following beneficial effects:
1. the building of the vehicle-mounted cloud is completed by vehicle self-organization, and meanwhile, the privacy security of interaction between vehicles can be guaranteed.
2. The method comprises the steps of designing SDN-based vehicle resource authentication, maintaining the resource state of a vehicle and issuing an anonymous resource certificate by an SDN controller, wherein the SDN controller is used for participating in the anonymous authentication of the VCC vehicle, preventing malicious vehicles from falsely reporting own resources and disturbing the normal execution of VCC.
3. The existing VC key agreement protocol is improved, anonymous authentication and member dynamic joining/quitting are realized, man-in-the-middle attack is resisted, the forward security of the VC key is ensured, and safe, reliable and privacy-protected dynamic VCC management is provided.
4. It is guaranteed that all vehicle nodes cannot confirm the true identity of the sender through the message, and cannot track the position information of the vehicle through the link message.
Drawings
Fig. 1 is a schematic diagram of a vehicle-mounted cloud computing system model based on an SDN according to the present invention;
fig. 2 is a flowchart of a vehicle-mounted cloud computing method with privacy protection based on an SDN according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a vehicle-mounted cloud computing method with privacy protection based on an SDN (software defined network), which is used for constructing a vehicle-mounted cloud computing system based on the SDN, wherein the system comprises an SDN controller, and the vehicle-mounted cloud computing method after the vehicle-mounted cloud computing system based on the SDN is initialized comprises the following steps:
s1, the vehicle in the vehicle-mounted cloud computing system based on the SDN sends the vehicle identity information to apply for registration to the SDN controller;
s2, the vehicle which completes the registration sends a resource certificate request to the SDN controller;
s3, after receiving the resource certificate request, the SDN controller judges the validity of the request and judges whether the quantity of the resources requested by the vehicle is not more than the quantity of the available resources of the vehicle, if so, the SDN controller sends the resource certificate to the vehicle;
s4, the vehicle which wants to join the vehicle-mounted cloud sends the information with the resource certificate to the vehicle-mounted cloud initiator, the vehicle-mounted cloud initiator verifies the resource certificate of the application vehicle, and n-1 members are randomly selected from the verified application vehicles;
s5, the vehicle-mounted cloud initiator numbers each member including the vehicle-mounted cloud initiator, broadcasts member information and a signature user set;
s6, the vehicle-mounted cloud initiator and n users selected by the vehicle-mounted cloud initiator in the number of n-1 members negotiate a vehicle-mounted cloud key;
s7, when other new vehicles want to join the vehicle cloud formed by the n members, the vehicle cloud initiator numbers the vehicle after verifying the validity of the resource certificate of the new user, and renegotiates a vehicle cloud key;
and S8, when the member leaves the vehicle-mounted cloud, the leaving member sends the leaving message to the neighbor vehicle of the member, and the vehicle-mounted cloud key is renegotiated.
The invention constructs a vehicle-mounted cloud computing system based on an SDN, as shown in figure 1, the system is divided into a control layer and a service layer; the SDN controller and the RSU are located in a control layer and manage vehicle resources and cloud services, and the vehicles and the VCs are located in a service layer and execute service requests and supply. In fig. 1, the SDN controllers communicate with each other through long-connection wires, the long-connection wires and the RSUs use an OpenFlow communication protocol, and the RSUs and the vehicle-mounted cloud use short-range wireless communication dedicated to the vehicle-mounted network.
The invention comprises four entities of an SDN controller, an RSU, a vehicle and a vehicle-mounted cloud, wherein:
an SDN controller: each SDN controller communicates with a plurality of RSUs in a certain range (called a domain) by adopting a long-distance communication protocol, manages all vehicles in the domain, and comprises vehicle resource management, vehicle registration, anonymous resource certificate issuing and vehicle-mounted cloud anonymous access management;
RSU: directly communicating with vehicles within range through a short-range communication protocol (DSRC), and collecting and sending VC related information to an SDN controller;
vehicle: the system is provided with certain vehicle-mounted resources such as communication, calculation, storage, sensors and the like. The vehicle provided by the invention is divided into a vehicle cloud initiator and a request vehicle. The vehicle carries out information interaction with an external entity through an On Board Unit (OBU) and carries out resource sharing with other vehicles;
vehicle-mounted cloud: the vehicle key agreement is a dynamic entity and is formed by self-organizing a group of vehicles by running a VC key agreement protocol, so that the vehicles share resources and information.
The invention relates to a vehicle-mounted cloud computing method with privacy protection based on an SDN (software defined network), which is shown in a figure 2 and comprises the following steps:
s1: initializing and setting a system;
s11: system initialization settings are performed by an SDN controller, which has the characteristics of a global knowledge view. The SDN controller initializes system parameters, randomly selects two large prime numbers p and q, wherein q is (p-1), and G is
Figure RE-RE-GDA0003554575790000091
With the order q, G is a primitive on the group G. And releasing a system common parameter PP (p, q, g).
S2: a new vehicle wants to join the vehicle-mounted cloud, signs and encrypts a temporary public key, an identity and a resource description, and initiates a resource certificate request to the SDN controller;
s21: vehicle viRandomly selecting a secret value
Figure RE-RE-GDA0003554575790000092
And calculates a corresponding temporary public key
Figure RE-RE-GDA0003554575790000093
S22: will vehicle viFree resource description willing to contribute
Figure RE-RE-GDA0003554575790000094
Temporary public key
Figure RE-RE-GDA0003554575790000095
Identity ID, with public key pk of controller CCEncrypting to obtain request ciphertext
Figure RE-RE-GDA0003554575790000096
Wherein
Figure RE-RE-GDA0003554575790000037
Is a long-term private key for vehicles
Figure RE-RE-GDA0003554575790000098
Signature made, t0A time stamp is represented. Will request the ciphertext
Figure RE-RE-GDA0003554575790000099
And sending the data to the controller C for registration.
S3: SDN controller receiving vehicle viAnd the sent request ciphertext firstly verifies the validity of the signature and judges that the quantity of the resources in the resource description submitted by the request vehicle is not more than the quantity of the available resources of the vehicle in the resource view maintained by the controller. If both the resource description and the temporary public key signature certificate of the vehicle are established, the SDN controller utilizes the private key of the SDN controller to sign the certificate for the resource description and the temporary public key of the vehicle, encrypts the resource certificate by using the long-term public key of the vehicle and sends the encrypted resource certificate to the requesting vehicle;
s31: SDN controller C decryption request ciphertext
Figure RE-RE-GDA00035545757900000910
Verify signature and determine
Figure RE-RE-GDA00035545757900000911
The number of resources described in (1) is not greater than the number of available resources for the vehicle in the resource view maintained by the SDN controller C. If the SDN controller C meets the requirements, using the private key skCSigning resource descriptions
Figure RE-RE-GDA00035545757900000912
And a temporary public key
Figure RE-RE-GDA00035545757900000913
Obtaining a resource certificate
Figure RE-RE-GDA00035545757900000914
And use the long-term public key of the vehicle
Figure RE-RE-GDA00035545757900000915
Encrypted transmission to requesting vehicle vi
S32: the SDN controller stores the mapping relation between the resource certificate and the identity ID of the vehicle.
S4: a vehicle which wants to join the VC signs a resource certificate by using a temporary private key and encrypts the resource certificate by using a long-term public key of a vehicle-mounted cloud initiator to send the resource certificate to the vehicle-mounted cloud initiator V;
s41: vehicle v intended to participate in an onboard cloudiSigning a resource certificate with a temporary private key and encrypting with a temporary public key of an onboard cloud initiator V
Figure RE-RE-GDA0003554575790000101
And sending the data to the vehicle-mounted cloud initiator V.
S5: the vehicle initiator V successfully verifies the resource certificate and selects n-1 members, numbers each member, and broadcasts the information of the participating members and a signature user set;
s51: vehicle-mounted cloud initiator V decrypts and verifies resource certificate
Figure RE-RE-GDA0003554575790000102
Verifying signatures with a public key of an SDN controller
Figure RE-RE-GDA0003554575790000103
Thereby verifying the validity of the vehicle resource and the temporary public key;
s52: the vehicle-mounted cloud initiator V selects n-1 vehicles which pass through the resource certificate verification;
s53: for convenience of description, the vehicle cloud initiator performs ring numbering for n-1 members, i.e., numbering from 1 to n. Suppose that vehicle-mounted cloud members numbered 1 to n are v in sequence1,v2,v3,...,vn
Figure RE-RE-GDA0003554575790000104
Indicating a vehicle viThe vehicle V issues a VC member set (V is also one of them) and its signature in the order of numbering:
Figure RE-RE-GDA0003554575790000105
s6: after n members are selected, VC key negotiation is started, and each member vi(i ═ 1,2, 3.., n) takes a random value
Figure RE-RE-GDA0003554575790000106
Respectively calculating two authentication messages and sending the authentication messages to front and rear adjacent vehicles;
s61: each VC member vi(i ═ 1,2, 3.., n) takes a random value
Figure RE-RE-GDA0003554575790000107
Figure RE-RE-GDA0003554575790000108
For value range of temporary private key, calculating
Figure RE-RE-GDA0003554575790000109
And separately compute signatures
Figure RE-RE-GDA00035545757900001010
Will generate two authentication messages
Figure RE-RE-GDA00035545757900001011
Respectively sent to adjacent vehicles vi-1,vi+1
S7: vehicle v receiving anonymous authentication messageiThe validity of the message is verified and verified with its own temporary private key. The successful message of verification calculates and broadcasts VC key parameter value Xi
S71: each VC member viWill receive member vi+1Transmitted message
Figure RE-RE-GDA00035545757900001012
And member vi-1Transmitted message
Figure RE-RE-GDA00035545757900001013
First, the signatures are verified separately
Figure RE-RE-GDA00035545757900001014
The effectiveness of (a); if all the verification succeeds, calculating key parameters
Figure RE-RE-GDA00035545757900001015
Compute and broadcast
Figure RE-RE-GDA0003554575790000111
S8: each member in the vehicle cloud receives n-1 xsiRespectively calculating VC keys;
s81: the vehicle receives n-1XiCalculating VC key according to formula
Figure RE-RE-GDA0003554575790000112
S82: VC key confirmation, VC initiator V utilizes self-calculated key to encrypt VC member set VCmember, and uses self-temporary private key to sign cipher text to obtain message
Figure RE-RE-GDA0003554575790000113
And broadcasting to the VC, each member carries out signature verification on the received message and carries out decryption verification by using the key calculated by the member, if the decryption is correct, the confirmation message is broadcasted, and after all other cloud members send the confirmation message, the key negotiation is successful. I.e. VC key K ═ K1=K2=…=KnThe key can establish basic trust in the VC, and the security of VCC is guaranteed.
S9: the new vehicle joins the vehicle-mounted cloud, the vehicle-mounted cloud initiator can verify the validity of the resource certificate of the new vehicle, number the new vehicle, and number X of n-2 vehiclesiSending the information to a new vehicle, calculating the authentication information by the new vehicle by using the temporary private key of the new vehicle, and sending the authentication information to a serial number v1,vnIs a member of (1). Vehicle v1,vnRespectively calculating new VC key parameter value X'1,X'nAnd broadcasts and simultaneously sends the authentication information of itself to vn+1,vn+1Verifying and calculating own VC key parameter value Xn+1. Updating and confirming the VC key by all vehicles in the vehicle-mounted cloud according to the new parameter value;
s91: when a vehicle w outside VC joins VC (pk)V 0,Ivc) When the vehicle w sends a request
Figure RE-RE-GDA0003554575790000114
S92: the vehicle-mounted cloud initiator verifies the validity of the new member resource certificate and numbers v for the new membern+1Signing the new member set with the long-term private key and broadcasting:
Figure RE-RE-GDA0003554575790000115
s93: new Member vn+1Taking random values
Figure RE-RE-GDA0003554575790000116
Computing
Figure RE-RE-GDA0003554575790000117
And
Figure RE-RE-GDA0003554575790000118
and separately compute signatures
Figure RE-RE-GDA0003554575790000119
And
Figure RE-RE-GDA00035545757900001110
message sending
Figure RE-RE-GDA00035545757900001111
Figure RE-RE-GDA00035545757900001112
Are sent to member v separately1And vn
S94: vehicle v1Use v firstn+1Temporary public key verification signature
Figure RE-RE-GDA00035545757900001113
The effectiveness of (a); if the verification is successful, calculating
Figure RE-RE-GDA00035545757900001114
Calculating Key parameter X'1=B2/Bn+1Prepared from X'1Broadcast to the vehicle cloud, will
Figure RE-RE-GDA0003554575790000121
For vehicle vn+1(ii) a Vehicle vnFirst verifying the signature
Figure RE-RE-GDA0003554575790000122
The effectiveness of (a); if the verification is successful, calculating
Figure RE-RE-GDA0003554575790000123
Calculating X'n=Bn+1/Bn-1Prepared from X'nBroadcast to the vehicle cloud, will
Figure RE-RE-GDA0003554575790000124
For vehicle vn+1
S95: vehicle vn+1First, the signatures are verified separately
Figure RE-RE-GDA0003554575790000125
And
Figure RE-RE-GDA0003554575790000126
the effectiveness of (a); if the verification is successful, calculating
Figure RE-RE-GDA0003554575790000127
And
Figure RE-RE-GDA0003554575790000128
compute and broadcast Xn+1=B1/Bn
S96: all members in VC will receive three new X'1,X'n,Xn+1In this case, VC has N +1 members, N is N +1, and VC members are calculated according to the formula
Figure RE-RE-GDA0003554575790000129
And { X'1,X2,X3,...,X'n,Xn+1Updating VC key;
s97: a key validation is performed.
S98: VC initiator V issues new VC member set
Figure RE-RE-GDA00035545757900001210
S10: when the member in the vehicle-mounted cloud leaves the vehicle-mounted cloud, a leaving message is constructed. And according to the leaving message, the adjacent vehicle leaving the vehicle can calculate and broadcast a VC key updating parameter value, and the members in the vehicle-mounted cloud update and confirm the VC key according to the leaving message broadcast by the vehicle and the parameter value broadcast by the adjacent vehicle.
S101: vehicle-mounted cloud member vjQuit the vehicle cloud (pk)V,Ivc) Initiating a leave message
Figure RE-RE-GDA00035545757900001211
And broadcast into the VC, wherein
Figure RE-RE-GDA00035545757900001212
S102: member vj+1Receiving vjAfter exiting the broadcast message, calculating
Figure RE-RE-GDA00035545757900001213
Will be provided with
Figure RE-RE-GDA00035545757900001214
Send to member vj-1
S103: vehicle vj-1First verifying the signature
Figure RE-RE-GDA00035545757900001215
The effectiveness of (a); if the verification is successful, calculating
Figure RE-RE-GDA00035545757900001216
Broadcasting a message D;
s104: all VC members update the VC key:
Figure RE-RE-GDA00035545757900001217
s105: VC key validation is performed.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (10)

1. The vehicle-mounted cloud computing method with privacy protection based on the SDN is characterized in that a vehicle-mounted cloud computing system based on the SDN is constructed, the system comprises an SDN controller, and the vehicle-mounted cloud computing method after the vehicle-mounted cloud computing system based on the SDN is initialized comprises the following steps:
s1, the vehicle in the vehicle-mounted cloud computing system based on the SDN sends the vehicle identity information to apply for registration to the SDN controller;
s2, the vehicle which completes the registration sends a resource certificate request to the SDN controller;
s3, after receiving the resource certificate request, the SDN controller judges the validity of the request and judges whether the quantity of the resources requested by the vehicle is not more than the quantity of the available resources of the vehicle, if so, the SDN controller sends the resource certificate to the vehicle;
s4, the vehicle which wants to join the vehicle-mounted cloud sends the information with the resource certificate to the vehicle-mounted cloud initiator, the vehicle-mounted cloud initiator verifies the resource certificate of the application vehicle, and n-1 members are randomly selected from the verified application vehicles;
s5, the vehicle-mounted cloud initiator numbers each member including the vehicle-mounted cloud initiator, broadcasts member information and a signature user set;
s6, the vehicle-mounted cloud initiator and n users selected by the vehicle-mounted cloud initiator in the number of n-1 members negotiate a vehicle-mounted cloud key;
s7, when other new vehicles want to join the vehicle cloud formed by the n members, the vehicle cloud initiator numbers the vehicle after verifying the validity of the resource certificate of the new user, and renegotiates a vehicle cloud key;
and S8, when the member leaves the vehicle-mounted cloud, the leaving member sends the leaving message to the neighbor vehicle of the member, and the vehicle-mounted cloud key is renegotiated.
2. The SDN-based vehicle-mounted cloud computing method with privacy protection according to claim 1, wherein a vehicle applies for registration from an SDN controller, that is, the vehicle sends a request ciphertext obtained by encrypting a message containing information of the vehicle to the SDN controller for registration, and the generation process of the request ciphertext obtained by encrypting the message containing the information of the vehicle comprises:
vehicle viRandomly selecting a secret value
Figure FDA0003393592790000011
And calculates a corresponding temporary public key
Figure FDA0003393592790000012
Generating a signature according to the idle resource description, the temporary public key and the identity ID which the vehicle is willing to contribute;
the method comprises the following steps of encrypting a free resource description, a temporary public key, an identity ID and a generated signature which are willing to be contributed by a vehicle by using a long-term private key distributed to an SDN controller during initialization of a system to obtain a request ciphertext, wherein the request ciphertext is represented as:
Figure FDA0003393592790000021
wherein the content of the first and second substances,
Figure FDA0003393592790000022
for vehicles viThe request ciphertext of (1);
Figure FDA0003393592790000023
representing usage of SDN controlEncrypting the public key of the device C;
Figure FDA0003393592790000024
for vehicles viThe identity ID of (1);
Figure FDA0003393592790000025
for vehicles viThe temporary public key of (2);
Figure FDA0003393592790000026
for vehicles viFree resource descriptions willing to contribute; t is t0A presentation time stamp; σ is a signature generated according to the free resource description, the temporary public key and the identity ID which the vehicle is willing to contribute, and is represented as:
Figure FDA0003393592790000027
Figure FDA0003393592790000028
representing the signature of vehicle vi made using the long-term private key.
3. The SDN-based vehicle-mounted cloud computing method with privacy protection according to claim 2, wherein a vehicle completing registration initiates a resource certificate request to an SDN controller, namely the SDN controller verifies a message sent by the vehicle and applying for registration, and the process comprises the following steps:
the SDN controller confirms the number of available resources of a request vehicle according to information sent by the request vehicle application registration, and judges whether the number of the resources is not larger than the number of the available resources of the request vehicle in a resource view maintained by the SDN controller;
if yes, the SDN controller uses the private key skCSigning resource descriptions of vehicles
Figure FDA0003393592790000029
And use the temporary public key
Figure FDA00033935927900000210
Obtaining a resource certificate, the resource certificate being expressed as:
Figure FDA00033935927900000211
long-term public key assigned to requesting vehicle upon system initialization
Figure FDA00033935927900000212
Encrypted transmission to requesting vehicle vi
The SDN controller stores the mapping relation between the resource certificate and the identity ID of the requesting vehicle;
wherein the content of the first and second substances,
Figure FDA00033935927900000213
issuing SDN controllers to vehicles viThe resource certificate of (2); t isexpIndicating a validity period of the certificate;
Figure FDA00033935927900000214
representing SDN controller to utilize its private key skCThe signature made;
Figure FDA00033935927900000215
indicating a vehicle viThe temporary public key of (2).
4. The SDN-based vehicle cloud computing method with privacy protection function as claimed in claim 1, wherein a vehicle wishing to join a vehicle cloud sends information with a resource certificate to a vehicle cloud initiator, and the sent information is represented as
Figure FDA0003393592790000031
Wherein
Figure FDA0003393592790000032
Indicating use of vehicle viEncrypting the resource certificate and the signature on the resource certificate by the temporary public key;
Figure FDA0003393592790000033
indicating a vehicle viThe resource certificate of (2);
Figure FDA0003393592790000034
according to vehicle viPrivate key of
Figure FDA0003393592790000035
For vehicle viThe resource certificate of (a) is signed.
5. The SDN-based vehicle cloud computing method with privacy protection, according to claim 1, wherein the process that a vehicle cloud initiator numbers each member, broadcasts member information and signs a user set comprises:
the vehicle-mounted cloud initiator verifies the validity of the received information with the resource certificate according to the public key verification signature of the SDN controller;
the vehicle-mounted cloud initiator carries out ring type numbering on n-1 members, namely the numbering is from 1 to n;
the number of the vehicle-mounted cloud members from 1 to n is v in sequence1,v2,v3,...,vn
Figure FDA0003393592790000036
Indicating a vehicle viThe vehicle-mounted cloud initiator issues the vehicle-mounted cloud member set and the signature thereof according to the serial number sequence, and the vehicle-mounted cloud member set and the signature thereof are represented as follows:
Figure FDA0003393592790000037
the VCmember represents a member set of the vehicle-mounted cloud initiated by a vehicle-mounted cloud initiator and a signature thereof;
Figure FDA0003393592790000038
sign representing vehicle-mounted cloud initiated by vehicle-mounted cloud initiatorA name;
Figure FDA0003393592790000039
representing the signature of the vehicle cloud originator V on the member set using the ephemeral private key.
6. The SDN-based vehicle cloud computing method with privacy protection according to claim 1, wherein a process of negotiating vehicle cloud keys by users in a member set of a vehicle cloud comprises:
vehicle viUsing temporary private keys
Figure FDA00033935927900000310
Generating two authentication messages
Figure FDA00033935927900000311
Figure FDA00033935927900000312
Respectively sent to adjacent vehicles vi-1,vi+1
Member viWill receive member vi+1Transmitted message
Figure FDA00033935927900000313
And member vi-1Transmitted message
Figure FDA00033935927900000314
Calculating a key parameter B from a transmitted messagei+1、Bi-1Respectively using vi+1And vi-1Temporary public key verification signature
Figure FDA00033935927900000315
And
Figure FDA00033935927900000316
the effectiveness of (a); if all the verification is successful, calculating and broadcasting a key parameter value Xi
Each vehicle in the vehicle-mounted cloud receives n-1XiAnd calculating the vehicle-mounted cloud key according to a formula, wherein the calculation process comprises the following steps:
Figure FDA0003393592790000041
the vehicle-mounted cloud key confirms that the vehicle-mounted cloud initiator encrypts the vehicle-mounted cloud member set VCmember by using the temporary key calculated by the vehicle-mounted cloud initiator, and signs the ciphertext by using the temporary private key to obtain the message
Figure FDA0003393592790000042
Broadcasting to a vehicle-mounted cloud, wherein each member carries out signature verification on the received message and carries out decryption verification by using a key calculated by the member, if the decrypted plaintext is the same as the broadcasted user set, a confirmation message is broadcasted, and after all other cloud members send the confirmation message, key negotiation is successful;
wherein D isi,i-1Indicating a vehicle viRandomly selecting a secret value siAnd use of vi-1Temporary public key of
Figure FDA0003393592790000043
Hidden secret value siIs sent to vi-1
Figure FDA0003393592790000044
Indicating a vehicle viAccording to
Figure FDA0003393592790000045
Calculating a Key parameter Bi-1N denotes the number of vehicles in the vehicle cloud, siIndicating a vehicle viThe selected secret value.
7. The SDN-based privacy-preserving vehicle-mounted cloud computing method of claim 6, wherein a key parameter value X isiExpressed as:
Figure FDA0003393592790000046
where g is a common parameter of the system, siIndicating a vehicle viThe selected secret value.
8. The SDN-based vehicle-mounted cloud computing method with privacy protection, according to claim 1, wherein when a new vehicle joins the vehicle-mounted cloud, a vehicle-mounted cloud initiator verifies the validity of a resource certificate of the new user and then numbers the new user for the vehicle, and renegotiates a vehicle-mounted cloud key, including:
when a vehicle w outside the vehicle cloud joins the vehicle cloud initiated by the vehicle V, the vehicle w sends a request
Figure FDA0003393592790000047
pkVRepresenting the temporary public key of vehicle V.
The vehicle-mounted cloud initiator verifies the validity of the new member resource certificate and numbers a new vehiclen+1And signing the member set by using a long-term private key and broadcasting, wherein the long-term private key signature member set is expressed as:
Figure FDA0003393592790000048
new vehicle vn+1Using temporary private keys in resource certificates
Figure FDA0003393592790000049
Computing two authentication messages
Figure FDA00033935927900000410
And
Figure FDA00033935927900000411
message sending
Figure FDA00033935927900000412
Are respectively sent toPerson v1And vn
Vehicle v1Use v firstn+1Temporary public key verification signature
Figure FDA0003393592790000051
The effectiveness of (a); if the verification is successful, calculating
Figure FDA0003393592790000052
Calculating a key parameter X1'=B2/Bn+1Is mixing X1' broadcast into the vehicle cloud, will
Figure FDA0003393592790000053
For vehicle vn+1
Vehicle vnFirst verifying the signature
Figure FDA0003393592790000054
The effectiveness of (a); if the verification is successful, calculating
Figure FDA0003393592790000055
Calculating Xn'=Bn+1/Bn-1Prepared from X'nBroadcast to the vehicle cloud, will
Figure FDA0003393592790000056
For vehicle vn+1
Vehicle vn+1First, the signatures are verified separately
Figure FDA0003393592790000057
And
Figure FDA0003393592790000058
the effectiveness of (a); if the verification is successful, calculating
Figure FDA0003393592790000059
And
Figure FDA00033935927900000510
compute and broadcast Xn+1=B1/Bn
All vehicles in the vehicle cloud can receive X1',X'n,Xn+1At the moment, the vehicle-mounted cloud has N +1 members in total, N is equal to N +1, and the vehicle in the vehicle-mounted cloud is according to a formula
Figure FDA00033935927900000511
And { X1',X2,X3,...,X'n,Xn+1Updating the vehicle-mounted cloud key;
the vehicle-mounted cloud initiator issues a vehicle-mounted cloud member set, and the set is expressed as:
Figure FDA00033935927900000512
wherein, ReqwA request ciphertext for vehicle w;
Figure FDA00033935927900000513
the temporary public key of the vehicle-mounted cloud initiator V is used for encryption; certwA resource certificate for vehicle w;
Figure FDA00033935927900000514
temporary key sk indicating utilization of vehicle wwSigning the resource certificate; VCmember is a member set;
Figure FDA00033935927900000515
indicating a vehicle viThe temporary key of (2); siFor vehicles viA randomly selected secret value;
Figure FDA00033935927900000516
a signature representing the vehicle V for the user set VCmember; g is a common parameter of the system.
9. The SDN-based vehicle cloud computing method with privacy protection, according to claim 1, wherein when a member leaves the vehicle cloud, the leaving member sends a leaving message to its neighbor vehicle and renegotiates a vehicle cloud key, comprising:
vehicle V in vehicle cloud initiated by vehicle VjWhen the vehicle-mounted cloud exits, a leaving message is initiated and broadcasted to the vehicle-mounted cloud, and the leaving message is represented as
Figure FDA00033935927900000517
Vehicle vj+1Receiving vjAfter exiting the broadcast message, calculating
Figure FDA0003393592790000061
Will be provided with
Figure FDA0003393592790000062
Send to member vj-1
Vehicle vj-1First verifying the signature
Figure FDA0003393592790000063
The effectiveness of (a); if the verification is successful, calculating
Figure FDA0003393592790000064
Broadcasting a message D;
all vehicles in the vehicle cloud are according to
Figure FDA0003393592790000065
Updating the vehicle cloud key, expressed as:
Figure FDA0003393592790000066
wherein the content of the first and second substances,
Figure FDA0003393592790000067
indicating a vehicle vjThe temporary public key of (2);
Figure FDA0003393592790000068
indicating a vehicle vjA parameter of the leaving-vehicle cloud broadcast,
Figure FDA0003393592790000069
indicating a vehicle vjA signature on the broadcast; sjIndicating a vehicle vjA selected secret value; dj+1,j-1Indicating a vehicle vj+1Sent to vehicle vj-1Parameter of (a), rj+1Indicating a vehicle vj+1The temporary private key of (a); d represents a vehicle vjOf adjacent vehicles, rj-1Indicating a vehicle vj-1The temporary private key of (a); knewIs an updated key; koldIs a pre-update key; g is a common parameter of the system.
10. The SDN-based vehicle-mounted cloud computing method with privacy protection function according to any one of claims 1-9, wherein a long-term public and private key pair (pk) is assigned to each vehicle and an SDN controller in the system during system initialization, and the SDN controller in the system and all vehicles v have a pair of long-term public and private key pairs (pk)C,skC) And
Figure FDA00033935927900000610
two large prime numbers p and q are randomly selected during system initialization, wherein q is (p-1), and G is
Figure FDA00033935927900000611
A cycle subgroup of (a) and order q, a common parameter G of the system is a generator on the group G, and the system common parameter is represented as PP ═ { p, q, G }; wherein the content of the first and second substances,
Figure FDA00033935927900000612
is a temporary key value field.
CN202111476104.6A 2021-12-06 2021-12-06 SDN-based vehicle-mounted cloud computing method with privacy protection function Active CN114389836B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111476104.6A CN114389836B (en) 2021-12-06 2021-12-06 SDN-based vehicle-mounted cloud computing method with privacy protection function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111476104.6A CN114389836B (en) 2021-12-06 2021-12-06 SDN-based vehicle-mounted cloud computing method with privacy protection function

Publications (2)

Publication Number Publication Date
CN114389836A true CN114389836A (en) 2022-04-22
CN114389836B CN114389836B (en) 2023-12-15

Family

ID=81196477

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111476104.6A Active CN114389836B (en) 2021-12-06 2021-12-06 SDN-based vehicle-mounted cloud computing method with privacy protection function

Country Status (1)

Country Link
CN (1) CN114389836B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116471587A (en) * 2023-04-19 2023-07-21 合肥工业大学 Method for generating and updating intra-train communication key under V2V communication

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120179907A1 (en) * 2011-01-07 2012-07-12 Nathaniel David Byrd Methods and systems for providing a signed digital certificate in real time
CN108234445A (en) * 2017-12-01 2018-06-29 华东师范大学 The cloud of secret protection in vehicle-mounted cloud is established and data safe transmission method
CN108259573A (en) * 2017-12-26 2018-07-06 西安电子科技大学 A kind of vehicle self-organizing network system for mixing SDN and mist and calculating
CN108494581A (en) * 2018-02-09 2018-09-04 孔泽 The controller distributed information log generation method and device of SDN network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120179907A1 (en) * 2011-01-07 2012-07-12 Nathaniel David Byrd Methods and systems for providing a signed digital certificate in real time
CN108234445A (en) * 2017-12-01 2018-06-29 华东师范大学 The cloud of secret protection in vehicle-mounted cloud is established and data safe transmission method
CN108259573A (en) * 2017-12-26 2018-07-06 西安电子科技大学 A kind of vehicle self-organizing network system for mixing SDN and mist and calculating
CN108494581A (en) * 2018-02-09 2018-09-04 孔泽 The controller distributed information log generation method and device of SDN network

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
SEYED BAGHER HASHEMI NATANZI: "Secure distributed controllers in SDN based on ECC public key infrastructure", 《IEEEXPLORE》 *
唐国纯;: "SDN网络安全架构的研究", 软件, no. 08 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116471587A (en) * 2023-04-19 2023-07-21 合肥工业大学 Method for generating and updating intra-train communication key under V2V communication
CN116471587B (en) * 2023-04-19 2023-10-20 合肥工业大学 Method for generating and updating intra-train communication key under V2V communication

Also Published As

Publication number Publication date
CN114389836B (en) 2023-12-15

Similar Documents

Publication Publication Date Title
CN111372248B (en) Efficient anonymous identity authentication method in Internet of vehicles environment
CN109788482B (en) Method and system for anonymous authentication of messages between vehicles in Internet of vehicles environment
CN107919956B (en) End-to-end safety guarantee method in cloud environment facing to Internet of things
Chattaraj et al. Block-CLAP: Blockchain-assisted certificateless key agreement protocol for internet of vehicles in smart transportation
CN109412816B (en) Anonymous communication system and method for vehicle-mounted network based on ring signature
Lu et al. A dynamic privacy-preserving key management scheme for location-based services in VANETs
Kang et al. Highly efficient randomized authentication in VANETs
CN104683112A (en) Vehicle-vehicle security communication method based on RSU assisted authentication
CN113761582B (en) Group signature-based supervision blockchain transaction privacy protection method and system
Limbasiya et al. Secure message confirmation scheme based on batch verification in vehicular cloud computing
CN114286332B (en) Dynamic efficient vehicle-mounted cloud management method with privacy protection function
CN108933665B (en) Method for applying lightweight V2I group communication authentication protocol in VANETs
Choi et al. Secure and efficient protocol for vehicular ad hoc network with privacy preservation
Li et al. Blockchain-based group key agreement protocol for vehicular ad hoc networks
CN114389836B (en) SDN-based vehicle-mounted cloud computing method with privacy protection function
CN111885545B (en) Method for tracking selfish node based on V2V cooperative transmission authentication
Shen et al. An efficient conditional privacy-preserving authentication scheme with scalable revocation for VANETs
Wang et al. An efficient anonymous batch authenticated and key agreement scheme using self-certified public keys in VANETs
Yelure et al. SARP: secure routing protocol using anonymous authentication in vehicular Ad-hoc networks
Zhang et al. Secure Channel Establishment Scheme for Task Delivery in Vehicular Cloud Computing
CN116321154A (en) Efficient message authentication method based on zero knowledge proof in Internet of vehicles environment
CN116390092A (en) Internet of vehicles fine-granularity access control method based on multi-strategy access tree
Kumar et al. An anonymous and authenticated V2I communication with a simplified user revocation and re-registration strategy
Feng et al. Pbag: A privacy-preserving blockchain-based authentication protocol with global-updated commitment in iov
Zhang et al. CVAR: Distributed and Extensible Cross-Region Vehicle Authentication With Reputation for VANETs

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20230904

Address after: Room 801, 85 Kefeng Road, Huangpu District, Guangzhou City, Guangdong Province

Applicant after: Yami Technology (Guangzhou) Co.,Ltd.

Address before: 400065 Chongwen Road, Nanshan Street, Nanan District, Chongqing

Applicant before: CHONGQING University OF POSTS AND TELECOMMUNICATIONS

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20231127

Address after: 276300 No. 5, Xishou Danshan Road, Aucma Avenue, jiehu street, Yinan County, Linyi City, Shandong Province

Applicant after: SHANDONG GREEN.TEC ELECTRIC TECHNOLOGY Co.,Ltd.

Address before: Room 801, 85 Kefeng Road, Huangpu District, Guangzhou City, Guangdong Province

Applicant before: Yami Technology (Guangzhou) Co.,Ltd.

GR01 Patent grant
GR01 Patent grant