CN115190485A - Behavior feature-based Internet of vehicles Sybil attack detection method - Google Patents
Behavior feature-based Internet of vehicles Sybil attack detection method Download PDFInfo
- Publication number
- CN115190485A CN115190485A CN202210672131.9A CN202210672131A CN115190485A CN 115190485 A CN115190485 A CN 115190485A CN 202210672131 A CN202210672131 A CN 202210672131A CN 115190485 A CN115190485 A CN 115190485A
- Authority
- CN
- China
- Prior art keywords
- vehicle
- rsu
- vehicles
- identity
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/029—Location-based management or tracking services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
- H04W4/44—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a behavior feature-based Internet of vehicles Sybil attack detection method, belongs to the technical field of Internet of vehicles application, and solves the technical problems that a driving track and a position are easy to forge and detection is difficult for a malicious vehicle. The technical scheme is as follows: the method comprises the following steps: s1, initializing a system; s2, discovering the Sybil attack; and S3, detecting the Sybil malicious node. The invention has the beneficial effects that: the vehicle identity authentication is realized by utilizing the distributed consensus of the block chains and the characteristic of incapability of being tampered, combining the PKI technology, and increasing the difficulty of malicious vehicle identity counterfeiting through a pseudonymous mechanism; meanwhile, affinity analysis is carried out on the nodes with similar running tracks, detection of Sybil nodes is achieved, malicious vehicles are prevented from invading the network, and compared with other detection schemes, the method and the device increase difficulty of the malicious vehicles in counterfeiting the running tracks and positions, and have higher detection efficiency and safer transmission.
Description
Technical Field
The invention relates to the technical field of Internet of vehicles application, in particular to an Internet of vehicles Sybil attack detection method based on behavior characteristics.
Background
The Internet of vehicles provides a new idea for intelligent traffic management, combines wireless communication and cloud computing technologies, and provides convenience for traffic management and public travel. The vehicle nodes can be information generators and transmitters, can be collection nodes for collecting information such as roads and vehicle states, are associated with infrastructure, user equipment and the like, and are combined to form visual data, or vehicle data are processed by utilizing technologies such as artificial intelligence and the like, so that the purpose of unmanned driving is achieved. But with the development of the internet of vehicles industry, the security threat faced by the internet of vehicles is increasingly significant. An attacker tries to obtain private benefits, illegally steals information such as the identity and the position of a legal vehicle node, cheats other vehicles, obtains the privacy of a user, issues false road information, disturbs the traffic order and even causes traffic accidents. Therefore, the research on the safety of the Internet of vehicles has very important significance.
In addition to the characteristics of changeable topological structure, openness, strict delay requirement and the like of the internet of vehicles, the internet of vehicles can face various serious security attacks in an actual communication scene due to the vulnerability and openness of a wireless communication environment. Sybil attacks, among others, are the source of other attacks. The Sybil attack attacks the identity of a legal node, and by forging or stealing the identity identification of a vehicle, the Sybil attack can claim the identity of a plurality of nodes, and uses the illegally obtained identity to issue false traffic information, destroy network routes and intercept important road condition information, so that the vehicle selects wrong driving routes, and even causes traffic accidents. The common attack behaviors launched by the Sybil attack are as follows:
(1) False information attack: nodes in the internet of vehicles are in an open shared channel, so that an attacker can easily acquire the public information channel and the carried information. The data of identity, position and the like in the channel are disguised as legal Internet of vehicles nodes, various false information is scattered in the network, and network attack is carried out.
(2) Denial of service attacks: the attack node initiates various service requests in the network by forging the identities of other users, sends a large amount of false messages to other normal nodes, uses useless data, applies for occupying the channel resources of the Internet of vehicles, causes network congestion or server breakdown, and disturbs the normal operation of the Internet of vehicles.
(3) And (3) tunnel attack: the attackers construct a hidden channel through the mutual cooperation, and the redirection of the network route is realized. And then, the routing of normal vehicles is induced by utilizing own tunnel resources, so that the hidden channel can absorb normal node flow, surrounding nodes are ignored, the network topology structure is damaged, and the speaking right of the nodes in the network is increased.
(4) Black hole attack: the attack node firstly claims that the attack node has the shortest path to the destination address in the network and obtains a certain speaking right in the network, so that the honest routing node is deceived, the network routing of the attack node is changed, a network forwarding mechanism is damaged, and even important data of the attacked node can be maliciously intercepted and discarded.
(5) Replay attacks: the method is also called replay attack, an attacker illegally obtains communication messages of other normal users in a wiretapping and intercepting mode, and then repeatedly sends the same information to other users in the internet of vehicles in the same mode, so that a receiver mistakenly regards the message as the communication message of the normal user, and the original user cannot receive the message and misleads the normal communication of other vehicles.
Therefore, under the background of high-speed development of the internet of vehicles, sybil attacks and related safety problems need to be solved, and the scheme researches the Sybil attack detection in the internet of vehicles environment.
With the rapid development of the internet of vehicles, the safety problem thereof is also receiving high attention. Sybil attack is the root of various security problems and is the research target of scholars at home and abroad. In order to resist Sybil attack, the prior art mostly adopts a mechanism of malicious node detection for prevention. The current detection technology can be divided into four methods based on social relationship, resource test, mobile characteristic and identity authentication.
(1) A social relationship based detection scheme. The method establishes a social relationship model according to the communication condition between the nodes, and detects whether the nodes in the network are attacked by Sybil. Because the Sybil node can frequently communicate with the false node in the network to improve the credibility of the Sybil node to influence the normal driving of the vehicle, the suspicious node with Sybil attack can be detected by analyzing the social behavior characteristics in the network. However, in the car networking, the vehicles move rapidly in real time, and persistent communication relations are rarely established, so that the detection mode based on the social relations is not suitable for the car networking scene.
(2) A detection method based on resource testing. In the Internet of vehicles, the calculation and storage capacity of vehicle-mounted equipment is extremely limited, and the resource testing scheme detects Sybil attack nodes by comparing the resource amount consumed by tasks completed among the nodes. However, with the development of various technologies, when the Sybil node can possess sufficient resources to forge an extremely real vehicle node, the success rate of the detection mode for judging the Sybil attack by comparing the computing power of the node is greatly reduced.
(3) An identity authentication based detection scheme. In the Internet of vehicles, in order to ensure the legality of vehicle identity and the non-repudiation of transmitted information, PKI public key infrastructure and symmetric key technology are introduced in a background. However, when the attacking node steals the identity information of other legal nodes, the attacker can mutually collude through a plurality of vehicles, and can successfully avoid the attack. Lifengxiang proposes an identity authentication scheme based on a digital signature and a legal public key table in a thesis, namely key technical research on identity authentication and trust management in Internet of vehicles, proposes a mode of storing a trusted public key verified by an RSU (remote subscriber Unit) by using the legal public key table, solves the efficiency problem of the identity authentication method based on a certificate, designs a block chain system based on position certification, and effectively solves Sybil attack by a mode of applying a position certificate to the RSU by a vehicle; an identity authentication method based on a certificate is proposed in a paper 'certificate-based vehicle identity authentication scheme in Internet of vehicles' of Wang Wen Jun et al, anonymous identity authentication of a vehicle is realized by registering and distributing the certificate through a regional server, and the purpose of detecting Sybil attack is achieved through relevant signature detection of a malicious vehicle, but the problem of position deception cannot be solved by the scheme.
(4) Detection schemes based on moving features. The nodes of the internet of vehicles are always in a high-speed moving state, the driving routes of vehicles are random under general conditions, and the same moving characteristics do not exist between the vehicles. Even if the Sybil attacking node can forge a number of different identities, these identities still belong to the same physical vehicle. According to the detection scheme, the moving behaviors of the nodes are detected, but the malicious vehicles are counterfeited by using a position disturbance technology or a power control technology, so that the similarity degree of the behaviors and the positions among the vehicles is reduced to avoid detection. The detection scheme based on a time stamp chain and RSSI is provided by Sunnyju in the thesis Sybil attack and false message detection technology research in the Internet of vehicles, the authenticity of a vehicle is judged by calculating the difference value rationality of the distance and the nominal distance through the RSSI, and then the RSU achieves the purpose of judging whether the Sybil attack exists by comparing the similarity of the time stamp chain, namely the node driving path, generated in the driving process of the vehicle, but the RSU does not consider the hijacked condition of the RSU.
Disclosure of Invention
The invention aims to provide a behavior feature-based Internet of vehicles Sybil attack detection method, which utilizes the characteristics of block chain distributed consensus and non-falsification, combines PKI technology to realize vehicle identity authentication, increases the difficulty of forging malicious vehicle identities through a pseudonymous mechanism, realizes detection of Sybil nodes based on intimacy analysis of nodes with similar driving tracks, prevents malicious vehicles from invading a network, and increases the difficulty of forging driving tracks and positions by the malicious vehicles.
The invention idea of the invention is as follows: the invention provides a behavior feature-based detection method for Sybil attacks, which is used for realizing detection of Sybil attacks, realizing vehicle identity authentication by utilizing the characteristics of block chain distributed consensus and non-falsification and combining with a PKI technology, and increasing the difficulty of forging malicious vehicle identities through a pseudonymous mechanism; meanwhile, carrying out intimacy analysis on the nodes with similar driving tracks, realizing detection of Sybil nodes and preventing malicious vehicles from invading the network; compared with other detection schemes, the method effectively increases the difficulty of the malicious vehicle in forging the driving track and position, and has higher detection efficiency and higher transmission safety.
The parameters used in the present invention are shown in the following table:
the invention is realized by the following measures: a car networking Sybil attack detection method based on behavior characteristics comprises the following steps:
s1, respectively completing under-line registration by a trusted authority TA, an RSU and a vehicle, carrying out bidirectional identity authentication on the RSU and the vehicle, and storing vehicle related information to a block chain;
s2, the RSU preliminarily verifies the credibility of the driving data uploaded by the requested vehicle by using an RSSI technology;
and S3, the RSU further judges the Sybil node and cancels the network access qualification.
Further, the S1 step includes:
s11, TA offline registration, TA system parameter initialization: TA selects two prime numbers P and q, and P ≠ q, calculates n = P × q, calculates φ (n) = (P-1) (q-1), selects an integer e satisfying gcd (φ (n), e) =1 and 1 < e < φ (n), generates a public and private key pair { P ≠ q ta {e,n},S ta { d, n } }, where d = e -1 (modφ(n))。
S12, RSU offline registration, TA using RSA algorithm to generate public and private key pair for RSU
Issue it with certificate Cert r . The certificate includes: public key of RSU
Timestamp, signature of TA, etc. RSU store certificate Cert r And a private key
And S13, registering the vehicle offline. 1) The TA carries out Hash operation on the information submitted by the vehicle to generate the unique identification VID of the vehicle i :VID i =hash(id||WID i ||TIME i ) Wherein, id is license plate information; WID i Numbering the regions; TIME i The time of the vehicle on the card. 2) TA also uses the RSA algorithm to generate public and private key pairs for vehicles
TA identify vehicle identity VID i And the public and private keys are stored in an OBU module of the vehicle. 3) TA maps the identity of the vehicle with the public and private key pair
And storing the data in a local database for identity authentication and tracing.
And S14, registering on line. And finishing the vehicle registered under the line to drive into the RSU coverage range, and performing bidirectional identity authentication between the RSU and the vehicle. The RSU distributes a temporary public and private key and a pseudonym for the vehicle passing the authentication. Meanwhile, the RSU negotiates a session key with the vehicle in the communication process, so that the safety and the efficiency of communication are improved.
S141、RSU→V i :{hello||sign r Continuously broadcasting hello messages and signatures thereof by RSU at fixed frequency in communication coverage range
Certificate Cert containing RSU in message r And position coordinates (x) r ,y r )。
S142、
The vehicle receives the hello data packet broadcasted by the RSU and verifies the signature
If hash (hello)' = hash (Cert) r ,(x r ,y r ) The identity of the RSU is authenticated through the certificate, and the public key of the RSU is obtained. Subsequently, the vehicle initiates an identity authentication request to the RSU: the identity information, the time stamp and the signature of the user are added
Encrypted with the public key of the RSU.
S143, the RSU verifies the legality of the vehicle identity. The RSU calculates the valid time of the verification message | T-TS | and if the valid time does not exceed the time delay range, the RSU verifies the integrity of the message by using a private key:
and judging whether the calculation result is consistent with the hash value of the data in the message. And if the message is not tampered, requesting the TA to authenticate the identity information of the vehicle. If the TA can inquire the identity information of the vehicle in the local database, the TA indicates that the vehicle finishes the identity registration under the line, and the step 4 is executed; otherwise, the identity authentication fails, and the communication connection is disconnected.
S144、
RSU uses RSA algorithm to generate temporary public and private key pair for vehicle
The RSU assigns pseudonyms to vehicles: selecting random number r, calculating pseudonym
Meanwhile, triggering an intelligent contract, storing the mapping of the unique identity of the vehicle and the pseudonym into a block chain, and synchronizing identity information among the RSUs through a consensus algorithm. R isThe SU generates a temporary certificate used by the vehicle in the RSU range by combining a pseudonym, a temporary public and private key and the like:
RSU is V i Generates a prime number f with itself, and an integer α (α < f) where α is the primitive root of f. Selecting a random number X r (X r < f), calculating
RSU temporary identity certificate
Temporary private key S Temp Key agreement parameter, timestamp ts and signature sign r The information is transmitted to the vehicle V by using the vehicle public key encryption i 。
S145、V i →RSU:{E(P r ,Y v ||ts||sign v ) V vehicle i Selecting a random number X v ,X v F, calculating
And adding a design stamp ts and sending the design stamp ts to the RSU by using RSU public key encryption.
RSU and V i Exchange Y v And Y r RSU calculation
Vehicle computing
K r I.e. the session key of the vehicle and the RSU.
Further, the S2 step includes:
s21, primarily screening Sybil nodes by the RSU. 1) The vehicle sends the position information to the RSU:
wherein, PID i Is the pseudonym of the vehicle; RSU i Identity of the RSU at the vehicle; ts is i Is the uploading time; seat is the purported position coordinate (x) of the vehicle v ,y v );
The average speed of the vehicle in the current time period; sign v Is the signature of the message. 2) The RSU receives the position information of the vehicle, and calculates the RSU and the vehicle V according to the RSSI formula i A distance d between r :
Then according to the vehicle V in the message i Purported position coordinate (x) v ,y v ) And the current position coordinates (x) of the RSU r ,y r ) Calculating the distance d between the vehicle and the RSU vr :
And calculating the error between the RSSI measured distance and the calculated distance for the purported position of the vehicle: α = | d r -d vr |
If the error value α < γ (γ being the maximum tolerable value for the error), then the RSU verifies the plausibility of the information parameter: (1) and if the vehicle enters the RSU range for the first time, reading the running track of the vehicle. The RSU passed by the vehicle is continuous, so that whether the RSU passed by the vehicle last time is a neighbor of the RSU or not is detected, and if not, the identity authentication is initiated again; otherwise, executing (2); (2) the RSU judges the alleged position, finds the position coordinate and the speed of the vehicle in a time period by searching the block chain LC, and calculates the driving range of the vehicle. The calculation formula is as follows:
if h < the threshold value q (q is the tolerable error of the estimated distance and the measured distance of the vehicle and approaches to 0), the position information is reasonable and is uploaded to a block chain LC; otherwise, the vehicle is judged as a suspected malicious node, and the communication connection is disconnected.
And S22, screening suspected Sybil nodes by the vehicle. In order to ensure the safety of the vehicle in communication with other vehicles, the claimed distance of the vehicle needs to be verified during the passing process of the vehicle. Provided with a vehicle V 1 And V 2 While carrying out communication, V 2 Estimating the distance between two vehicles according to the RSSI value of the received message, and estimating the distance
Sent to the RSU. The RSU triggers an intelligent contract, inquires the claimed position coordinate seat uploaded on the vehicle in a period and the vehicle speed v i And calculating the distance beta between the two vehicles at the time. Calculating out
And judging whether the communication vehicle is a suspicious node or not by comparing the difference epsilon between the measured distance and the distance calculated by the vehicle coordinate.
S221、
When the vehicle V 1 To surrounding vehicles V 2 Initiating a communication request including vehicle V in the message 1 Pseudonym PID at this time v1 ,V 1 The communication application request, timestamp ts, the vehicle signs the message with its own temporary private key:
S222、
V 2 and receiving a communication request, and estimating the RSSI distance of the two vehicles according to the received message. Vehicle pseudonyms to be communicated
Estimated distance value
Timestamp ts' Using the Session Key with the RSUK r Encrypting and attaching a signature
Sent to the RSU to apply for verification of vehicle pseudonyms and location authenticity.
S223, the RSU verifies the legality of the identity and the position of the vehicle, the RSU uses the session key to decrypt to obtain the time stamp ts', and the integrity of the message is verified by using the signature after the message is not overtime. RSU triggers intelligent contract, inputting kana
And inquiring the mapping information of the vehicle pseudonym and the unique identity in the block chain AC, and verifying the legality of the vehicle pseudonym. If the pseudonym is not found in the block chain AC, disconnecting the communication connection; otherwise, the vehicle V is inquired in the block chain LC 1 、V 2 Purported position coordinate of (x) 1 ,y 1 ) And (x) 2 ,y 2 ) And (3) calculating:
a difference value epsilon is obtained representing the difference between the distance measured using RSSI and the distance at the moment on the vehicle. Subsequently, the following is calculated:
j=(v 1 *t+v 2 *t)
wherein v is 1 ,v 2 Is the speed of two vehicles at a time, j represents the vehicle V 1 、V 2 The distance that may be traveled at this speed during the t time period, i.e., the maximum travel range of the two vehicles during this time period. If the difference epsilon is larger than or equal to j, judging that the vehicle V is 1 Is a suspected Sybil node and informs V 2 With which communication is ended. V 1 Listing the nodes in a suspected node set, executing a subsequent node detection algorithm, and further judging V 1 Whether the node is a Sybil attack node; otherwise, storing the node coordinate in the block chain LC.
Further, the S3 step includes:
s31, triggering an intelligent contract search function, extracting running data of each suspected node, and generating a vehicle running track, wherein the data format is as follows:
which comprises the following steps:
①RSU i : representing the RSU identity;
②n*t i : n is the direction of the vehicle RSU i Number of times of uploading position coordinates, t i =ts i '-ts i Time taken for each message upload, n x t i Represents the time length of the vehicle running in the RSU range;
⑤
representing the average speed of the vehicle over the time period t.
And S32, judging the similarity of all suspected nodes passing through the RSU. Suppose that vehicle V is a suspected node x And V y Through p same RSUs, the driving routes of the two vehicles are very similar, and the intimacy of the vehicles is further calculated:
time=n*t
Sim xy =diff t +diff v
(1) t is the time interval of uploading information;
(2) v is the average vehicle speed of the vehicle in the RSU range;
③diff t the Euclidean distance calculated for the stay time of the two vehicles in the same range;
④diff v calculating the Euclidean distance for the speeds of the two vehicles;
⑤Sim xy is the intimacy of the two vehicles.
Because the vehicle needs to send the position information of the vehicle at a certain frequency when running in the RSU, and the normal vehicle always moves at a high speed, the running route of the vehicle is random under general conditions, the same moving characteristics do not exist between the vehicles, and even though the Sybil attack node can forge a plurality of different identities, the identities still belong to the same physical vehicle. The number of times a normal vehicle transmits position information within a certain RSU should be different.
And S33, if the intimacy of the two vehicles exceeds a preset threshold value, judging the two vehicles to be malicious nodes, calling a search function by the RSU, inquiring the real identity corresponding to the pseudonym of the vehicle, and reporting to the TA. The TA adds the node into a revocation list, informs the whole network that the node is a Sybil attack node, and cancels the network access qualification.
Compared with the prior art, the invention has the following beneficial effects:
(1) The invention discloses a behavior feature-based vehicle networking Sybil attack detection method, which is a vehicle position credibility judgment algorithm based on an RSSI (received signal strength indicator) technology.
(2) The invention discloses a behavior characteristic-based Internet of vehicles Sybil attack detection method, which combines a block chain technology and an Internet of vehicles application technology, utilizes the distributed consensus and non-falsification characteristic of the block chain to store reasonable nodes and ensure the credibility of data, adopts RSU nodes distributed on two sides of a road of the Internet of vehicles as network nodes in the block chain, adopts blocks composed of vehicle form data, is connected in front of and behind the blocks through Hash pointers and cannot be falsified, realizes vehicle identity authentication by combining a PKI technology, and utilizes a pseudonymous mechanism to increase the difficulty of malicious vehicle identity falsification.
(3) The invention relates to a Sybil detection method based on behavior characteristics, wherein an algorithm is combined with factors such as the driving time length and the driving speed of a vehicle to carry out intimacy analysis on nodes with similar driving tracks, so that the detection of Sybil nodes is realized, and malicious vehicles are prevented from invading a network.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
Fig. 1 is a flow chart of a method for detecting internet of vehicles witch attack based on behavior characteristics in an embodiment of the invention.
Fig. 2 is a diagram of a medium-chain data structure according to an embodiment of the present invention.
Fig. 3 is a block chain data structure diagram according to an embodiment of the invention.
FIG. 4 is a schematic diagram of a schematic model architecture of an embodiment of the present invention.
FIG. 5 is a diagram of the architecture of the Authentication Chain (AC) data according to an embodiment of the present invention.
Fig. 6 is a diagram showing a structure of a travel data storage according to an embodiment of the present invention.
FIG. 7 is a diagram illustrating a Location Chain (LC) data structure according to an embodiment of the present invention.
Fig. 8 is an intelligent contract algorithm diagram according to an embodiment of the invention.
Fig. 9 is a flow chart of Sybil attack detection according to an embodiment of the present invention.
Fig. 10 is a flowchart of vehicle information storage according to the embodiment of the invention.
Fig. 11 is a flow chart of RSU detection according to an embodiment of the present invention.
Fig. 12 is a flow chart of vehicle detection according to an embodiment of the present invention.
Fig. 13 is a flow chart of Sybil node detection according to an embodiment of the present invention.
FIG. 14 is a simulation environment test chart of the embodiment of the present invention.
Fig. 15 is a diagram of algorithm detection efficiency of a single attacker at different maximum speeds according to an embodiment of the present invention.
Fig. 16 is a diagram of algorithm detection efficiency when maximum speeds of a plurality of attackers are different according to the embodiment of the present invention.
Fig. 17 is a graph of algorithm detection efficiency of a single attacker under different traffic flows according to the embodiment of the present invention.
Fig. 18 is a graph of algorithm detection efficiency of multiple attackers under different traffic flows according to the embodiment of the present invention.
Fig. 19 is a comparison graph of the detection capability of the algorithm and the comparison algorithm according to the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. Of course, the specific embodiments described herein are merely illustrative of the invention and are not intended to be limiting.
Examples
The embodiment provides a car networking witch attack detection method based on behavior characteristics, as shown in fig. 1, the method comprises the following steps:
s1, respectively completing under-line registration by a trusted authority TA, an RSU and a vehicle, carrying out bidirectional identity authentication on the RSU and the vehicle, and storing vehicle related information to a block chain;
s2, the RSU preliminarily verifies the credibility of the driving data uploaded by the requested vehicle by using an RSSI technology;
and S3, the RSU further judges the Sybil node and cancels the network access qualification.
As shown in fig. 2, the car networking network structure in the car networking witch attack detection method based on the behavior characteristics includes:
first layer, acquisition layer: the vehicle-mounted unit OBU and the positioning system are used for cooperatively sensing the vehicle and the environment, acquiring intelligent signals of the vehicle, knowing the self condition of the vehicle, the running state of the vehicle and the surrounding road environment, uploading the collected data to the RSU, performing unified management and analysis, and providing a safe communication guarantee for the internet of vehicles;
second layer, network layer: the Vehicle-to-Vehicle transparent information transmission system is mainly responsible for data transmission in the internet of vehicles, and provides transparent information transmission services of vehicles, vehicles V2V (Vehicle to Vehicle), vehicles, infrastructure V2I (Vehicle to Infrastructure), vehicles and a Network V2N (Vehicle to Network) in modes of DSRC, C-V2X and the like. The communication and roaming between the automobile ad hoc network and various heterogeneous networks are realized, corresponding information service is provided for the automobile, and the routing of the network is selected and the data transmission work is completed at the same time;
third layer, application layer: the intelligent traffic system is a resource center which provides data storage and processing functions, safety certification and other functions in the Internet of vehicles, and provides various services such as multimedia service, traffic accident broadcasting, road navigation, cooperative anti-collision, identity authentication and the like for the intelligent traffic system so as to meet the intelligent traffic safety and application requirements of users in the network.
As shown in fig. 3, the block chain data structure in the car networking witch attack detection method based on behavior features includes:
each data block of the block chain mainly comprises a block head and a block body: the block head is used for recording the metadata of the current block, and mainly packages the current version number, the address of the previous block, the target hash value of the current block, the Merkle root and the like; the block body records specific transaction data in a Merkel tree structure, leaf nodes record specific data information, values of non-leaf nodes are hash values of all leaf node data, when leaf node records are modified, merkle tree path hash values can also be changed, and further root hash values in the block head can also be changed, so that malicious tampering difficulty is increased, and the block capacity is reduced. In addition, the timestamp of each chunk ensures non-tampering and traceability of the transaction data in the blockchain.
As shown in fig. 4, the scheme model architecture in the car networking witch attack detection method based on behavior features is composed of three parts, namely, a trusted authentication center TA, a roadside unit RSU and a vehicle-mounted unit OBU.
1) Trusted Authority TA (Trusted-Authority): the TA is a completely trusted authority responsible for booting the system, deploying the roadside units, and initializing the data for the RSU and the vehicle, and responsible for generating initial partial parameters.
2) RoadSide base Unit RSU (RoadSide-Unit): the RSU is deployed within a specific range, communicating wirelessly with the vehicle within a fixed range. Assisting the vehicle user OBU to update the temporary private key. Meanwhile, the RSU is used as a credible common identification node in the block chain network and is responsible for collecting data and maintaining consistent block chain data.
3) On board Unit OBU (OnBoard-Unit): the OBU is a hardware unit that is mounted on a vehicle and can perform V2X communication with the RSU, and can perform communication with the RSU and the vehicle, and is vulnerable to an unauthorized attack by an attacker. The vehicle places the private key and security parameters accepted from the TA in a non-tamperproof secure environment. When a vehicle is added into the system, the identity registration is carried out at TA, system parameters are downloaded, and data such as public and private key pairs are generated and stored. The vehicle node may be stolen by an attacker with identity information of the vehicle, forged false nodes, and a Sybil attack may be initiated by forging the vehicle location using location perturbation or power control techniques.
As shown in fig. 5, the data structure of the Authentication Chain (AC) in the behavior feature-based detection method for the internet of vehicles witch attack includes: the block in the AC records the mapping relation between the unique identity of the vehicle and the vehicle pseudonym timestamp in a key-value form, and the structure is shown in the figure. Where key is defined as the unique identity of the vehicle and value is defined as the pseudonym of the vehicle over a certain time period.
As shown in fig. 6, the driving data storage structure in the method for detecting internet of vehicles witch attack based on behavior characteristics includes: PID i Representing a vehicle pseudonym; t represents a timestamp of the vehicle upload data; RSUi represents the ID of the RSU where the vehicle is located; heat represents the purported location coordinates of the vehicle; vi denotes the current speed of the vehicle.
As shown in fig. 7, a Location Chain (LC) data structure in the car networking witch attack detection method based on behavior features includes:
key is used as a path of Merkle tree and stores pseudonym identity PID of vehicle i Value stores, for the leaf node, a summary of the travel data (vehicle pseudonym, time, RSUID, purported position coordinates, vehicle speed) when the vehicle uses this pseudonym.
As shown in fig. 8, the implementation of the intelligent contract algorithm in the car networking witch attack detection method based on the behavior characteristics includes:
1) After the new vehicle enters the RSU range, an intelligent contract x in the AC is triggered, and the identity entering function is realized: and searching vehicle information on the block chain, and if the vehicle is accessed to the system for the first time, realizing that the mapping between the unique identifier of the vehicle and the temporary identity generated by the RSU for the vehicle is stored in the block chain AC.
2) And continuously generating vehicle data in the vehicle running process, calling an intelligent contract registered _ b to check the registration information of the vehicle pseudonym, and storing the data into the LC in a mapping manner when the identity data exists in the mapping manner.
3) The driving data retrieval function: when Sybil attack detection is executed, the triggered intelligent contract search _ b realizes the retrieval of the vehicle driving data.
As shown in fig. 9, the S1 step includes:
s11, TA offline registration, TA system parameter initialization: TA selects two prime numbers P and q, and P ≠ q, calculates n = P × q, calculates φ (n) = (P-1) (q-1), selects an integer e satisfying gcd (φ (n), e) =1 and 1 < e < φ (n), generates a public and private key pair { P ≠ q ta {e,n},S ta { d, n } }, where d = e -1 (modφ(n))。
S12, RSU offline registration, TA using RSA algorithm to generate public and private key pair for RSU
Issue it with certificate Cert r . The certificate includes: public key of RSU
Timestamp, signature of TA, etc. RSU stores certificate Cert r And a private key
And S13, registering the vehicle offline.
1) The TA carries out Hash operation on the information submitted by the vehicle to generate the unique identification VID of the vehicle i : VID i =hash(id||WID i ||TIME i ) Wherein, id is license plate information; WID i Numbering the regions; TIME i The time of the vehicle on the card.
2) TA also uses the RSA algorithm to generate public and private key pairs for vehicles
TA identify vehicle identity VID i And OBU module for storing public and private keys into vehicle. 3) TA maps the identity of the vehicle with the public and private key pair
And storing the data in a local database for identity authentication and tracing.
And S14, registering on line. And finishing the running of the vehicle registered under the line into the RSU coverage range, and performing bidirectional identity authentication between the RSU and the vehicle. The RSU distributes a temporary public and private key and a pseudonym for the vehicle passing the authentication. Meanwhile, the RSU negotiates a session key with the vehicle in the communication process, so that the safety and the efficiency of communication are improved.
S141、RSU→V i :{hello||sign r }
RSU continuously broadcasts hello message and signature thereof at fixed frequency in communication coverage range thereof
Certificate Cert containing RSU in message r And position coordinates (x) r ,y r )。
S142、
The vehicle receives the hello data packet broadcasted by the RSU and verifies the signature
If hash (hello)' = hash (Cert) r ,(x r ,y r ) The identity of the RSU is authenticated through the certificate, and the public key of the RSU is obtained. Subsequently, the vehicle initiates an identity authentication request to the RSU: the identity information, the time stamp and the signature of the user are added
Encrypted with the public key of the RSU.
S143, the RSU verifies the legality of the vehicle identity. The RSU calculates | T-TS | to verify the effective time of the message, if the effective time does not exceed the time delay range, the RSU verifies the integrity of the message by using a private key:
and judging whether the calculation result is consistent with the hash value of the data in the message. And if the message is not tampered, requesting the TA to authenticate the identity information of the vehicle. If the TA can inquire the identity information of the vehicle in the local database, the TA indicates that the vehicle finishes the identity registration under the line, and the step 4 is executed; otherwise, the identity authentication fails, and the communication connection is disconnected.
S144、
RSU uses RSA algorithm to generate temporary public and private key pair for vehicle
The RSU assigns a pseudonym to the vehicle: selecting random number r, calculating pseudonym
Meanwhile, an intelligent contract is triggered, the mapping of the unique identity of the vehicle and the pseudonym is stored in a block chain, and identity information is synchronized among RSUs through a consensus algorithm. The RSU combines a pseudonym, a temporary public and private key and the like to generate a temporary certificate used by the vehicle in the range of the RSU:
RSU is V i Generates a prime number f with itself, and an integer α (α < f) where α is the primitive root of f. Selecting a random number X r (X r < f), calculating
RSU temporary identity certificate
Temporary private key S Temp Key agreement parameter, timestamp ts and signature sign r The information is transmitted to the vehicle V by using the vehicle public key encryption i 。
S145、V i →RSU:{E(P r ,Y v ||ts||sign v ) }, vehicleVehicle V i Selecting a random number X v ,X v < f, calculate
And adding the design stamp ts, and sending the design stamp ts to the RSU by using the RSU public key encryption.
RSU and V i Exchange Y v And Y r RSU calculation
Vehicle computing
K r I.e. the session key of the vehicle and the RSU.
As shown in fig. 10 to 12, the S2 step includes:
s21, RSU primary screening Sybil node
1) The vehicle sends the position information to the RSU:
wherein, PID i Is the pseudonym of the vehicle; RSU i Identity of the RSU at the vehicle; ts is i Is the uploading time; seat is the purported position coordinate (x) of the vehicle v ,y v );
The average speed of the vehicle in the current time period; sign v Is the signature of the message.
2) The RSU receives the position information of the vehicle, and calculates the RSU and the vehicle V according to the RSSI formula i A distance d between r :
Then according to the vehicle V in the message i Purported position coordinate (x) v ,y v ) And the current location coordinates (x) of the RSU r ,y r ) Calculating the distance d between the vehicle and the RSU vr :
And calculating the error between the RSSI measured distance and the calculated distance for the purported position of the vehicle: α = | d r -d vr |。
If the error value α < γ (γ being the maximum tolerable value for the error), then the RSU verifies the plausibility of the information parameter:
(1) and if the vehicle enters the RSU range for the first time, reading the running track of the vehicle. The RSUs passed by the vehicle are continuous, so that whether the RSU passed by the vehicle last time is a neighbor of the RSU or not is detected, and if not, the identity authentication is initiated again; otherwise, executing (2);
(2) the RSU judges the alleged position, finds the position coordinate and the speed of the vehicle in a time period by searching the block chain LC, and calculates the driving range of the vehicle. The calculation formula is as follows:
if h < the threshold value q (q is the tolerable error of the estimated distance and the measured distance of the vehicle and approaches to 0), the position information is reasonable and is uploaded to a block chain LC; otherwise, the vehicle is judged to be a suspected malicious node, and the communication connection is disconnected.
And S22, screening suspected Sybil nodes by the vehicle. In order to ensure the safety of the vehicle in communication with other vehicles, the claimed distance of the vehicle needs to be verified in the vehicle passing process. Provided with a vehicle V 1 And V 2 While performing communication, V 2 Estimating the distance between two vehicles according to the RSSI value of the received message, and estimating the distance
Sent to the RSU. The RSU triggers an intelligent contract, inquires the claimed position coordinate seat uploaded on the vehicle in a period and the vehicle speed v i And calculating the distance beta between the two vehicles at the time. Computing
And judging whether the communication vehicle is a suspicious node or not by comparing the difference epsilon between the measured distance and the distance calculated by the vehicle coordinate.
S221、
When the vehicle V 1 To surrounding vehicles V 2 Initiating a communication request including vehicle V in the message 1 Pseudonym PID at this time v1 ,V 1 The vehicle signs the message with its own temporary private key:
S222、
V 2 and receiving the communication request, and estimating the RSSI distance of the two vehicles according to the received message. Vehicle pseudonyms to be communicated with
Estimated distance value
Timestamp ts' Using Session Key K with RSU r Encrypting and attaching signatures
Sent to the RSU to apply for verification of vehicle pseudonyms and location authenticity.
S223, the RSU verifies the legality of the identity and the position of the vehicle
The RSU decrypts the ts' using the session key, ensures that the message does not time out, and verifies the message with the signature
And the integrity of the message. RSU triggers intelligent contract, inputs kana
And inquiring the mapping information of the vehicle pseudonym and the unique identity in the block chain AC, and verifying the legality of the vehicle pseudonym. If the pseudonym is not found in the block chain AC, disconnecting the communication connection; otherwise, the vehicle V is inquired in the block chain LC 1 、V 2 Purported position coordinate (x) of 1 ,y 1 ) And (x) 2 ,y 2 ) And (3) calculating:
a difference value epsilon is obtained representing the difference between the distance measured using RSSI and the distance at the moment on the vehicle. Subsequently, the following is calculated:
j=(v 1 *t+v 2 *t)
wherein v is 1 ,v 2 Speed at a moment on two vehicles, j representing vehicle V 1 、V 2 The distance that may be traveled at this speed during the t time period, i.e., the maximum travel range of the two vehicles during this time period.
If the difference epsilon is larger than or equal to j, judging that the vehicle V is 1 Is a suspected Sybil node and informs V 2 With which communication is ended. V 1 Listing in a suspected node set, executing a subsequent node detection algorithm, and further judging V 1 Whether the node is a Sybil attack node; otherwise, storing the node coordinate in the block chain LC.
As shown in fig. 13, the S3 step includes:
s31, triggering an intelligent contract search function, extracting running data of each suspected node, and generating a vehicle running track, wherein the data format is as follows:
which comprises the following steps:
①RSU i : representing the RSU identity;
③n*t i : n is the direction of the vehicle to the RSU i Number of times of uploading position coordinatesCounting;
④t i =ts i '-ts i time for each message upload;
⑤n*t i represents the time length of the vehicle running in the RSU range;
⑥
representing the average speed of the vehicle over the time period t.
And S32, judging the similarity of all suspected nodes passing through the RSU. Suppose that vehicle V is a suspected node x And V y Through p same RSUs, the driving routes of the two vehicles are very similar, and the intimacy of the vehicles is further calculated:
time=n*t
Sim xy =diff t +diff v
(1) t is the time interval of uploading information;
②
is the average vehicle speed of the vehicle within the RSU range;
③diff t the Euclidean distance calculated for the stay time of the two vehicles in the same range;
④diff v calculating the Euclidean distance for the speeds of the two vehicles;
⑤Sim xy is the intimacy of the two vehicles.
Because the vehicle needs to send the position information of the vehicle at a certain frequency when running in the RSU, and the normal vehicle always moves at a high speed, the running route of the vehicle is random under general conditions, the same moving characteristics do not exist between the vehicles, and even though the Sybil attack node can forge a plurality of different identities, the identities still belong to the same physical vehicle. The number of times a normal vehicle transmits position information within a certain RSU should be different.
And S33, if the intimacy of the two vehicles exceeds a preset threshold value, judging the two vehicles as malicious nodes, calling a search function by the RSU, inquiring the real identity corresponding to the pseudonym of the vehicle, and reporting the real identity to the TA. The TA adds the node into a revocation list, informs the whole network that the node is a Sybil attack node, and cancels the network access qualification.
In order to verify the feasibility of the present embodiment, the correctness and feasibility of the method of the present invention were analyzed.
1. Simulation experiment and result analysis
In order to verify the feasibility of the scheme, a vehicle networking environment is built by using Veins to carry out a simulation experiment, the setting of road parameters, a vehicle communication mode and an attack mode of a Sybil node is completed, data generated in the experiment process is finally exported, and the Sybil attack is detected by using the algorithm designed by the scheme.
1) Simulated environment setup
In the present embodiment, instant-veins are used for simulation experiments, and fig. 14 is a simulation environment test illustration.
This scheme uses self-defined road to experiment, configures the application layer of OBU node and RSU node in the configuration file, and concrete parameter is shown like experiment road and vehicle parameter table:
then, the wireless communication parameters used for V2V communication are configured in the configuration file as shown in the experimental usage communication parameters table:
2) Analysis of results
In this document, the results of simulation are studied intensively using two indexes, detection and false detection rate. The detection rate is the percentage of the detected Sybil nodes in all the Sybil nodes, and the false detection rate is the percentage of the normal nodes which are misjudged by the RSU.
In the scheme, 200 vehicles are shared, and the speed change range of the vehicles is set to be 5-35 m/s. First, an experiment is performed on the situation that a single malicious node attacks the network, and it is assumed that each malicious node can generate 10 Sybil nodes. As can be seen from fig. 15, as the vehicle speed increases, the fluctuation of the vehicle speed also increases, which results in that the limitation of the algorithm on the node travel range is relaxed, and the recognition of the vehicle is increased. Therefore, the detection rate of the algorithm is reduced to a certain degree, and the false detection rate is also reduced.
Then, the scheme performs an experiment on the condition that a plurality of malicious nodes initiate network attacks, and the number of the malicious nodes is 10% of the total number of the vehicle nodes. As can be seen from fig. 16, when Sybil nodes in the network increase, the detection rate fluctuates slightly compared to a single attacker, but the detection effect and the false detection effect are not influenced too much, which shows that the algorithm has strong stability in the face of multiple attackers.
And then, adjusting the total number of the vehicles, and detecting the detection rate and the false detection rate of the system when a single malicious node attacks the network under the condition of different vehicle density. In the experiment, the total number of vehicles is controlled within 1-160, and the vehicle speed is 25m/s. As can be seen from fig. 17, when there are few vehicle nodes in the network, the detection rate of the algorithm is always kept at a relatively excellent level. With the increase of the vehicle density, the number of the suspected nodes is judged to be continuously increased, so that the detection rate is reduced, and the false detection rate is increased.
And finally, detecting a plurality of existing malicious nodes under the condition that the total number of vehicles is changed continuously. Let the number of malicious nodes be 10% of the total number. As can be seen from fig. 18, the detection rate of the algorithm of the present solution is still at a better level in the case of multiple attackers than in the case of a single attacker. However, in an environment with a plurality of attackers, the false detection rate of the algorithm is reduced to a certain extent.
Fig. 19 is a comparison between the algorithm of the present invention and the detection algorithm in "study and implementation of swort attack detection in VANET", where the total number of vehicles is controlled within 1-160, the vehicle speed is controlled to 25m/s, and the algorithm of the present invention can maintain an excellent detection capability when the vehicle nodes are sparse under the condition that a single malicious node attacks a network in which the total number of vehicles is constantly changing. Although the detection rate and the comparison algorithm are reduced to a certain extent along with the increase of the vehicle nodes, the overall effect is better, and a lower false detection rate can be maintained under a certain traffic flow.
2. Security analysis
1) Sybil attack resistance
The scheme designs a vehicle networking Sybil detection scheme based on behavior characteristics for resisting Sybil attack. The algorithm firstly initializes TA and RSU, registers the identity of the vehicle and performs initial safe deployment of the system. The RSU assigns a temporary certificate to the vehicle for protecting the identity privacy of the vehicle.
On the premise of ensuring the identity reliability of the vehicle, the RSSI technology is utilized to verify the position information uploaded by the vehicle from the two dimensions of the vehicle and the RSU, and the position information passing the verification is uploaded to a block chain network; otherwise, the node is judged to be a suspected node, other nodes are disconnected from the node in communication, and meanwhile the node is added into the suspected node set to be further detected. And finally, the RSU detects the node identity of the suspicious vehicle, extracts the running track of the suspected node, judges the similarity of the running path of the node and judges the node identity according to the intimacy among the nodes.
According to the scheme, the characteristics of block chain distributed consensus and non-tampering are utilized, vehicle identity authentication is achieved by combining a PKI technology, compared with a traditional authentication mode, resources consumed by an RSU during subsequent vehicle communication authentication are reduced, meanwhile, the requirements of distributed storage and rapid query of vehicle driving data of the vehicle networking are met, a pseudonym mechanism is used in the subsequent communication, the difficulty of malicious vehicle identity counterfeiting is increased, and the requirement of privacy of the vehicle networking is guaranteed.
2) Feasibility of identity authentication
In consideration of the security requirement of the internet of vehicles, the scheme firstly adopts a PKI mechanism to generate public and private keys for vehicles and RSUs by adopting an RSA algorithm through enabling a TA to serve as a third-party trusted authority, and meanwhile, different temporary public and private keys are used for communication in different RSUs, and the RSA algorithm is used for generating the temporary public and private keys for identity authentication.
As can be seen from the above section 3.3, the pseudonym PID of the vehicle and the unique identification VID of the vehicle have mapping in the blockchain Authentication Chain, and the RSU can quickly retrieve the real information of the vehicle through the intelligent contract to obtain the unique identification of the vehicle, that is, obtain the real identity of the vehicle, and complete the Authentication of the identity
The security of the identity authentication depends on the security of an asymmetric key generation algorithm, and the security analysis is as follows:
1) Selecting two prime numbers p and q, wherein p is not equal to q;
2) Calculating n = p × q;
3) Calculating phi (n) = (p-1) (q-1);
4) Selecting an integer e satisfying gcd (phi (n), e) =1 and 1 < e < phi (n);
5) Generating public and private key pair P ta {e,n},S ta { d, n } }, where d = e -1 (modφ(n))。
RSA is an encryption algorithm that operates using a power of one, and encrypts in units of packets, each packet having a binary value smaller than n, i.e. the packet size must be smaller than or equal to log 2 (n) +1 bits, packet size is typically i bits, 2 i <n≤2 i+1 . The process of encryption and decryption operations of the plaintext M and the ciphertext C is as follows:
C=M e mod n
M=C d mod n=(M e ) d mod n=M ed mod n
where n is known to both senders, e is known to the sender, and d is known only to the receiver.
With respect to the security of the present algorithm,based on the difficulty in determining d from e and n, when an attacker wants to attack the algorithm, there are several ways in which the attacker can break n down into two prime factors, the most probable being. Thus, φ (n) = (p-1) (q-1) can be calculated, and d ≡ e can be determined -1 (mod φ (n)), φ (n) may be determined directly without first determining p and q. Thus d ≡ e can also be determined -1 (mod φ (n)), d can also be determined directly. In the present day case, however, the algorithm for determining d from e, n is as time-consuming as the factoring problem, the cracker takes a lot of time to decrypt,
other methods determine d or phi (n) with the same difficulty, thereby ensuring the security of the algorithm, i.e. the asymmetric key.
3) Message security
Under the condition that the vehicle and the RSU pass identity authentication, the two parties use the session key negotiated by the algorithm to carry out communication, and resource and time occupation caused by communication by using public and private keys for encryption and decryption is avoided.
The secure transmission of the message relies on the security of the session key generation algorithm, which is analyzed as follows:
1) RSU is V and self generates a prime number f and an integer alpha (alpha < f), wherein alpha is the primitive root of f;
2) RSU selects a random number X for itself r ,X r < f, calculate
3) V selects a random number X for itself v ,X v F, calculating
4) RSU exchanges Y with V v And Y r ;
5) RSU calculation
6) V calculation
The RSU and V calculations are the same:
the effectiveness of the present algorithm is based on the fact that the computation of discrete logarithms is very difficult, i.e. we define a prime number f, and an integer α (α < f) where α is the primitive root of f, and the power of α can yield all integers between 1 and f-1, then:
αmod f,α 2 mod f,...,α f-1 mod f
all have different values, and the unique index can be found for any primitive root alpha of an integer k and a prime number f, and is obtained by calculation: k ≡ alpha i mod f, wherein i is more than or equal to 0 and less than or equal to (f-1); it is therefore easy to exponentiate a prime number, but it is very difficult to compute a discrete logarithm, and it is generally accepted that discrete logarithm of large prime numbers is not possible, now assuming that an attacker wants to attack, he has to compute a discrete logarithm, such as attacker Q, and to attack the RSU's key, X has to be computed r =dlog α,f (Y r ). But an attacker is extremely difficult because of the difficulty of computing discrete logarithms, thereby ensuring the security of the session key.
4) Identity privacy
According to the scheme, a pseudonym mechanism is used for protecting the privacy of the vehicle, the pseudonym which is periodically replaced is used as the identity identification in the communication process of the vehicle, after the vehicle is subjected to identity Authentication at the RSU in the scheme, the RSU stores the mapping of the pseudonym and the unique identity of the vehicle into the block Chain Authentication Chain, then the vehicle is subjected to communication in a network by using the pseudonym, only the RSU can know the real identity of the vehicle, and the privacy problem of the vehicle is solved.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (6)
1. A method for detecting Internet of vehicles Sybil attacks based on behavior characteristics is characterized by comprising the following steps:
s1, a system initialization stage consists of an offline registration part and an online registration part, wherein the offline registration part comprises TA system initialization, RSU and vehicle identity initialization, vehicles registered offline are driven into an RSU coverage range through the offline, then temporary identities are applied, the RSU distributes pseudonyms and temporary public and private keys for the vehicles passing authentication and stores the pseudonyms and the temporary public and private keys in a block chain AC, and the online registration is completed;
s2, under normal conditions, the positions of the vehicles are randomly distributed in the RSU coverage range, the RSU and each vehicle node have different signal strengths, the possibility that the signal strengths from a plurality of nodes to the RSU are the same is extremely low, in the driving process, the vehicles periodically send driving data, position coordinates and driving speed to the RSU, the RSU preliminarily verifies the credibility of the driving data uploaded by the vehicles by using an RSSI technology, and if the credibility is, the driving data are uploaded to a block chain network; otherwise, judging the node as a suspected node and carrying out further detection;
s3, when the RSU collects n suspected Sybil nodes, the similarity of all suspected nodes passing through the RSU is judged, and when the suspected nodes are vehicles V x And V y And if the intimacy of the two vehicles exceeds a preset threshold value, the two vehicles are judged to be malicious nodes, the RSU calls a search function, inquires the real identity corresponding to the vehicle pseudonym, reports the real identity to the TA, the TA adds the real identity into a revocation list, informs the node of the whole network that the node is a Sybil attack node, and cancels the networking qualification of the node.
2. The method for detecting Sybil attacks on Internet of vehicles based on behavioral characteristics according to claim 1, wherein the S1 step includes:
s11, TA offline registration, TA system parameter initialization: the TA selects two prime numbers p and q,and P ≠ q, n = P × q, phi (n) = (P-1) (q-1) is calculated, an integer e is selected to satisfy gcd (phi (n), e) =1 and 1 < e < phi (n), and a public and private key pair { P (P) ≠ q is generated ta {e,n},S ta { d, n } }, where d = e -1 (modφ(n));
S12, RSU off-line registration, TA using RSA algorithm to generate public and private key pair for RSU
Issue it with certificate Cert r The certificate includes: public key of RSU
Timestamp, signature information of TA, RSU storage certificate Cert r And a private key
S13, vehicle offline registration
1) The TA carries out Hash operation on the information submitted by the vehicle to generate the unique identification VID of the vehicle i :
VID i =hash(id||WID i ||TIME i )
Wherein, the id is the license plate information; WID i Numbering the regions; TIME i Time to sign a vehicle;
2) TA also uses the RSA algorithm to generate public and private key pairs for vehicles
TA identify the vehicle identity VID i The public and private keys are stored in an OBU module of the vehicle;
3) TA maps the identity of the vehicle with the public and private key pair
The identity authentication and tracing module is stored in a local database and used for identity authentication and tracing;
s14, registering on line
Completing the driving of vehicles registered under the line into the coverage range of the RSU, performing bidirectional identity authentication between the RSU and the vehicles, and allocating temporary public and private keys and pseudonyms for the vehicles passing the authentication by the RSU; meanwhile, the RSU negotiates a session key with the vehicle during communication.
3. The method of detecting a Sybil attack in Internet of vehicles based on behavioral characteristics according to claim 2, wherein the online registration step includes:
S141、RSU→V i :{hello||sign r }
RSU continuously broadcasts hello message and signature thereof at fixed frequency in communication coverage range thereof
Certificate Cert containing RSU in message r And position coordinates (x) r ,y r );
S142、
The vehicle receives the hello data packet broadcasted by the RSU, and verifies the signature:
if hash (hello)' = hash (Cert) r ,(x r ,y r ) The identity of the RSU is authenticated through the certificate to obtain a public key of the RSU; subsequently, the vehicle initiates an identity authentication request to the RSU: the identity information, the time stamp and the signature of the user are added
Encrypting by using a public key of the RSU;
s143, the RSU verifies the legality of the vehicle identity
The RSU calculates | T-TS | to verify the effective time of the message, if the effective time does not exceed the time delay range, the RSU verifies the integrity of the message by using a private key:
judging whether the calculation result is consistent with the hash value of the data in the message, if the message is not tampered, requesting the identity information of the vehicle to be authenticated from the TA, and if the TA inquires the identity information of the vehicle in the local database, indicating that the vehicle has finished under-line identity registration, and executing 4; otherwise, the identity authentication fails, and the communication connection is disconnected;
S144、
RSU uses RSA algorithm to generate temporary public and private key pair for vehicle
The RSU assigns pseudonyms to vehicles: selecting random number r, calculating pseudonym
Meanwhile, triggering an intelligent contract, storing the mapping of the unique identity and the pseudonym of the vehicle into a block chain, synchronizing identity information among RSUs through a consensus algorithm, and generating a temporary certificate in the range of the RSUs by the RSUs in combination with the pseudonym, the temporary public and private keys and the like:
RSU is V i Selecting a random number X with the self-generated prime number f and an integer alpha (alpha < f) and alpha being the primitive root of f r (X r < f), calculating
RSU temporary identity certificate
Temporary private key S Temp Key agreement parameter, timestamp ts and signature sign r Information encrypted for transmission to vehicle V using vehicle public key i ;
S145、V i →RSU:{E(P r ,Y v ||ts||sign v )}
Vehicle V i Selecting a random number X v ,X v F, calculating
Adding a design stamp ts, encrypting and sending the design stamp ts to the RSU by using the RSU public key;
RSU and V i Exchange Y v And Y r RSU calculation
Vehicle computing
K r I.e. the session key of the vehicle and the RSU.
4. The method of detecting Sybil attacks on Internet of vehicles based on behavioral characteristics according to claim 3, wherein the S2 step includes:
s21, RSU primary screening Sybil node
1) The vehicle sends the position information to the RSU:
wherein, PID i Is the pseudonym of the vehicle; RSU i Identity of the RSU at the vehicle; ts is i Is the uploading time; seat is the purported position coordinate (x) of the vehicle v ,y v );
The average vehicle speed of the vehicle in the current time period; sign v A signature for the message;
2) The RSU receives the position information of the vehicle, and calculates the RSU and the vehicle V according to the RSSI formula i A distance d between r :
Then according to the vehicle V in the message i Purported position coordinate (x) v ,y v ) And the current location coordinates (x) of the RSU r ,y r ) Calculating the distance d between the vehicle and the RSU vr :
And calculating the error between the RSSI measured distance and the calculated distance for the purported position of the vehicle: α = | d r -d vr |
If the error value α < γ (γ being the maximum tolerable value for the error), then the RSU verifies the plausibility of the information parameter:
(1) if the vehicle enters the RSU range for the first time, reading the running track of the vehicle, detecting whether the RSU passed by the vehicle last time is a neighbor of the RSU because the RSU passed by the vehicle is necessarily continuous, and if not, re-initiating identity authentication; otherwise, executing (2);
(2) the RSU judges the declared position, finds the position coordinates and the speed of the vehicle in a time period through searching the block chain LC, and calculates the driving range of the vehicle, wherein the calculation formula is as follows:
if h is less than the threshold q, and q is the tolerable error of the estimated distance and the measured distance of the vehicle and approaches to 0, the position information is reasonable and is uploaded to a block chain LC; otherwise, judging the vehicle as a suspected malicious node, and disconnecting the communication connection;
s22, screening suspected Sybil nodes by the vehicle, and setting a vehicle V to ensure the safety of the communication between the vehicle and other vehicles and verify the claimed distance of the vehicle in the vehicle passing process 1 And V 2 While performing communication, V 2 Estimating the distance between two vehicles according to the RSSI value of the received message, and estimating the distance
Sending the position coordinates to the RSU, triggering the intelligent contract by the RSU, and inquiring the declared position coordinates seat and the vehicle speed v uploaded in the last period of the vehicle i Calculating the distance beta between the two vehicles at the time; computing
And judging whether the communication vehicle is a suspicious node or not by comparing the difference epsilon between the measured distance and the distance obtained by calculating the coordinates of the vehicle.
5. The behavior signature-based Sybil attack detection method of claim 4, wherein the vehicle screening suspected Sybil nodes comprises:
S221、
when the vehicle V 1 To surrounding vehicles V 2 Initiating a communication request including a vehicle V in a message 1 Pseudonym PID at this time v1 ,V 1 The communication application request, timestamp ts, the vehicle signs the message with its own temporary private key:
S222、
V 2 receiving the communication request, estimating the RSSI distance of two vehicles according to the received message, and giving the vehicle pseudonym to be communicated
Estimated distance value
Timestamp ts' Using Session cipher with RSUKey K r Encrypting and attaching signatures
Sending the vehicle pseudonym to the RSU to apply for verification of the authenticity of the vehicle pseudonym and the position;
s223, the RSU verifies the legality of the identity and the position of the vehicle
RSU decrypts time stamp ts' by using session key, verifies integrity of message by using signature after message is not overtime, and triggers intelligent contract to input pseudonym
Inquiring mapping information of the vehicle pseudonym and the unique identity in the block chain AC, verifying the legality of the vehicle pseudonym, and disconnecting communication connection if the pseudonym is not found in the block chain AC; otherwise, inquiring the vehicle V in the block chain LC 1 、V 2 Purported position coordinate of (x) 1 ,y 1 ) And (x) 2 ,y 2 ) And (3) calculating:
a difference value epsilon is obtained, representing the difference between the distance measured using RSSI and the distance at the moment on the vehicle, and then:
j=(v 1 *t+v 2 *t)
wherein v is 1 ,v 2 Is the speed of two vehicles at a time, j represents the vehicle V 1 、V 2 The distance that can be traveled at the speed during the time period t, i.e., the maximum travel range of the two vehicles during the time period;
if the difference epsilon is larger than or equal to j, judging that the vehicle V is 1 Is a suspected Sybil node and informs V 2 With which communication is ended, V 1 Listing the nodes in a suspected node set, executing a subsequent node detection algorithm, and further judging V 1 Whether the node is a Sybil attack node; otherwise, storing the node coordinate in the block chain LC.
6. The method of detecting Sybil attacks on Internet of vehicles based on behavioral characteristics according to claim 5, wherein the S3 step includes:
s31, triggering an intelligent contract search function, extracting driving data of each suspected node, and generating a vehicle driving track, wherein the data format is as follows:
which comprises the following steps:
①RSU i : representing the RSU identity;
②n*t i : n is the direction of the vehicle RSU i Number of times of uploading position coordinates, t i =ts i '-ts i Time taken for each message upload, n x t i Represents the time length of the vehicle running in the RSU range;
③
represents the average speed of the vehicle over a time period t;
s32, judging the similarity of all suspected nodes passing through the RSU, and supposing that the vehicle V is the suspected node x And V y Through p same RSUs, the driving routes of the two vehicles are very similar, and the intimacy of the vehicles is further calculated:
time=n*t
Sim xy =diff t +diff v
(1) t is the time interval of uploading information;
②
is the average vehicle speed of the vehicle in the RSU range;
③diff t the Euclidean distance calculated for the stay time of the two vehicles in the same range;
④diff v calculating the Euclidean distance for the speeds of the two vehicles;
④Sim xy is the intimacy of the two vehicles;
when a vehicle runs in an RSU, the vehicle needs to send own position information at a certain frequency, a normal vehicle always moves at a high speed, generally, the running route of the vehicle is random, the same moving characteristics do not exist between the vehicles, even though a Sybil attack node can forge a plurality of different identities, the identities still belong to the same physical vehicle, and therefore the times of sending the position information by the normal vehicle in a certain RSU are different;
s33, if the intimacy of the two vehicles exceeds a preset threshold value, the two vehicles are judged to be malicious nodes, the RSU calls a search function, the real identity corresponding to the pseudonym of the vehicle is inquired and reported to the TA, the TA adds the real identity into a revocation list, informs the whole network that the node is a Sybil attack node, and cancels the access qualification of the node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210672131.9A CN115190485A (en) | 2022-06-14 | 2022-06-14 | Behavior feature-based Internet of vehicles Sybil attack detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210672131.9A CN115190485A (en) | 2022-06-14 | 2022-06-14 | Behavior feature-based Internet of vehicles Sybil attack detection method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115190485A true CN115190485A (en) | 2022-10-14 |
Family
ID=83513726
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210672131.9A Pending CN115190485A (en) | 2022-06-14 | 2022-06-14 | Behavior feature-based Internet of vehicles Sybil attack detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115190485A (en) |
-
2022
- 2022-06-14 CN CN202210672131.9A patent/CN115190485A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sheikh et al. | A comprehensive survey on VANET security services in traffic management system | |
| CN108964919B (en) | Lightweight anonymous authentication method with privacy protection based on Internet of vehicles | |
| Feng et al. | A method for defensing against multi-source Sybil attacks in VANET | |
| Tzeng et al. | Enhancing security and privacy for identity-based batch verification scheme in VANETs | |
| CN111149324B (en) | Cryptography method and system for managing digital certificates with linked values | |
| Ming et al. | Efficient certificateless conditional privacy-preserving authentication scheme in VANETs | |
| Chim et al. | SPECS: Secure and privacy enhancing communications schemes for VANETs | |
| Horng et al. | b-SPECS+: Batch verification for secure pseudonymous authentication in VANET | |
| Zhang et al. | On batch verification with group testing for vehicular communications | |
| Farouk et al. | Efficient privacy-preserving scheme for location based services in VANET system | |
| Guo et al. | Chameleon hashing for secure and privacy-preserving vehicular communications | |
| Park et al. | Defense against Sybil attack in the initial deployment stage of vehicular ad hoc network based on roadside unit support | |
| Soleymani et al. | A security and privacy scheme based on node and message authentication and trust in fog-enabled VANET | |
| CN109362062B (en) | ID-based group signature-based VANETs anonymous authentication system and method | |
| Rezazadeh Baee et al. | Authentication strategies in vehicular communications: a taxonomy and framework | |
| Pouyan et al. | Sybil attack detection in vehicular networks | |
| Jiang et al. | FVC-dedup: A secure report deduplication scheme in a fog-assisted vehicular crowdsensing system | |
| Zhang et al. | Privacy‐preserving authentication protocols with efficient verification in VANETs | |
| Weimerskirch et al. | Data security in vehicular communication networks | |
| CN115442048A (en) | VANET-oriented block chain-based anonymous authentication method | |
| Shen et al. | An efficient conditional privacy-preserving authentication scheme with scalable revocation for VANETs | |
| Zhong et al. | Connecting things to things in physical-world: Security and privacy issues in vehicular ad-hoc networks | |
| Anwar et al. | Cloud-based Sybil attack detection scheme for connected vehicles | |
| Squicciarini et al. | Paim: Peer-based automobile identity management in vehicular ad-hoc network | |
| Guo et al. | A privacy-preserving and efficient information sharing scheme for VANET secure communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |