CN117499925A - High-precision map drawing-oriented safety traceable data transmission method - Google Patents
High-precision map drawing-oriented safety traceable data transmission method Download PDFInfo
- Publication number
- CN117499925A CN117499925A CN202311257378.5A CN202311257378A CN117499925A CN 117499925 A CN117499925 A CN 117499925A CN 202311257378 A CN202311257378 A CN 202311257378A CN 117499925 A CN117499925 A CN 117499925A
- Authority
- CN
- China
- Prior art keywords
- data
- mmv
- hpms
- blockchain
- contract
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 69
- 230000005540 biological transmission Effects 0.000 title claims abstract description 51
- 238000004891 communication Methods 0.000 claims abstract description 13
- 238000004364 calculation method Methods 0.000 claims abstract description 5
- 230000002457 bidirectional effect Effects 0.000 claims abstract description 3
- 238000004422 calculation algorithm Methods 0.000 claims description 23
- 238000012546 transfer Methods 0.000 claims description 20
- 238000012795 verification Methods 0.000 claims description 10
- 238000010586 diagram Methods 0.000 claims description 7
- 238000012384 transportation and delivery Methods 0.000 claims description 7
- 238000005516 engineering process Methods 0.000 claims description 4
- 238000006467 substitution reaction Methods 0.000 claims 1
- 241000495102 Maize mosaic nucleorhabdovirus Species 0.000 description 89
- 238000013507 mapping Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 101000654674 Homo sapiens Semaphorin-6A Proteins 0.000 description 5
- 102100032795 Semaphorin-6A Human genes 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 206010039203 Road traffic accident Diseases 0.000 description 1
- 101100313150 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) TBS1 gene Proteins 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A high-precision map drawing-oriented safety traceable data transmission method belongs to the technical field of wireless communication and information safety. The certificate of the MMV is stored and disclosed in the blockchain, so that the privacy protection and authentication of the vehicle identity are realized, and the fake vehicle is prevented from uploading fake data; the certificate of the BS is stored in the block chain, so that the authentication of the MMV to the access point vehicle is realized, and the attack of the mobile pseudo base station is effectively resisted; establishing a password system and a blockchain network by establishing an MMV and BS bidirectional hybrid authentication architecture based on a alliance blockchain, and adopting an intelligent contract to realize the disclosure of authentication evidence and traceability of data loss; the symmetric key is distributed to the MMV through the HPMS, so that privacy leakage in the data transmission process is effectively resisted; and the MMV calculation burden is reduced based on a data protection strategy of symmetric encryption. The invention is suitable for the technical fields of wireless communication and information security, realizes high-efficiency data updating, and improves the security of the data transmission process.
Description
Technical Field
The invention discloses a high-precision map drawing-oriented safety traceable data transmission method, and belongs to the technical field of wireless communication and information safety.
Background
Drawing of high-precision maps requires map companies to deploy map data acquisition fleets, including lidar fleets: such a fleet is equipped with lidar equipment for collecting point cloud data. The laser radar obtains geometric information of the ground object by emitting a laser beam and measuring the time and intensity of the laser beam reflected back so as to be used for map drawing; photographic fleet: such a fleet is equipped with high resolution cameras and image acquisition devices. The shooting motorcade can run on the road, shoot images of the road, the building and other ground objects for subsequent ground object extraction and mapping; GNSS fleet: GNSS (global navigation satellite system) fleets use global positioning system devices (such as GPS) to obtain accurate location information of vehicles on the earth. The location information of these fleets can be registered with other sensor data, providing accurate location references for map data; registering the fleet: the registration fleet is primarily responsible for collecting auxiliary data such as ground control points, landmarks, and ground object markers. These data can be used for data registration and accuracy correction to ensure consistency of the drawn map with the actual scene; data processing fleet: the data processing vehicle team is equipped with professional data processing equipment and software for processing, registering, extracting features and the like on the collected original data. These fleets are responsible for converting the acquired data into a format and model that can be used for mapping. These fleets are typically equipped with specialized engineers and technicians responsible for the operation of the equipment, the collection and processing of data, and the control of data quality. Different map companies may configure different types and sizes of fleet vehicles according to specific technical and project requirements. After the data is collected, the data is transmitted to a remote data center of a map company for processing and is stored as a part of a map. After the map data is collected from the motorcade, the threat of multi-enemy can be faced until the map company receives the data and checks the data.
The prior secure data transfer technology has two defects: the attack of the mobile pseudo base station cannot be prevented; data packets which are maliciously deleted cannot be positioned and traced in an unordered data packet transmission scene.
Mobile pseudo base station attacks are a type of security attack against mobile communication networks, where an attacker spoofs mobile devices by emulating legitimate base stations, connecting them to them, and stealing the information of the devices. In the process of collecting the data transmitted by the motorcade through the high-precision map, if a mode of tracking the motorcade is adopted, a pseudo base station is set at the rear or near distance of the motorcade, and the data transmitted by the motorcade is controlled. If a pseudo base station attack occurs, the following consequences may result: (1) data leakage: the pseudo base station attacker can intercept the transmitted data including vehicle location information, image data, sensor data, etc. Such data may contain sensitive information such as vehicle travel paths, enterprise secrets, etc., resulting in data leakage and privacy concerns. (2) Position spoofing: through a pseudo base station attack, an attacker may send false location information to the vehicle, causing the vehicle to display the wrong location in the map. This may cause problems such as navigation deviation, route planning errors, etc., affecting the accuracy and safety of vehicle travel. (3) Communication interruption: a pseudo base station attack may interfere with normal communications between the vehicle and the base station, resulting in communication interruption or instability. This may result in a failure of the vehicle to transmit data in time, affecting the real-time and accuracy of the high-precision map acquisition. (4) Operational interference: by interfering with the communication of the vehicle with the base station, an attacker may interfere with the normal operation of the vehicle. For example, an attacker may send false instructions to a vehicle causing it to deviate from a predetermined route or perform other uncontrolled operations, increasing the risk of traffic accidents.
The malicious deleting of the data packet is to intercept the data packet by a malicious base station in the process of transferring the data packet between the base stations, and then maliciously delete the specific data packet. Frequent actuation will result in insufficient mapping, distorting the map with high accuracy. In addition, if the map data is tampered with by a malicious base station, the map is in error, and the vehicles of map users are endangered.
Disclosure of Invention
Aiming at the problems that the prior art cannot prevent the attack of a mobile pseudo base station and cannot locate and trace the data packet maliciously deleted in a disordered data packet sending scene, the main purpose of the invention is to provide a high-precision map drawing-oriented safe traceable data transfer method, which constructs a safe data transfer process through a hybrid authentication strategy based on a alliance block chain and a symmetric key distribution strategy aiming at a map acquisition vehicle. The method and the device have the advantages that the vehicle is guaranteed not to be attacked by the pseudo base station, meanwhile, efficient data updating, tamper resistance in the data transmission process and tracing of data loss are achieved, and the safety of the data transmission process is improved.
The invention aims at realizing the following technical scheme:
the invention discloses a high-precision map drawing-oriented safety traceable data transmission method, which comprises the following steps of:
step 1: alliance chain based map acquisition vehicle (Mobile Mapping Vehicle, MMV) authentication: before the MMV drives out of a High-precision map remote server (High-precision Map Remote Server, HPMS), a password system and a blockchain network are established, each MMV is firstly registered in the HPMS, a public-private key pair is obtained after the registration is successful, and identity information of the MMV is exported to an HPMS database.
The establishment of the cryptographic system and the blockchain network is to define two multiplication loop groups, obtain a variable domain by utilizing a collision-resistant hash function, then randomly take a value in the domain as a main private key by HPMS, and take the product of the main private key and the generator of the first multiplication loop group as a main public key. The source certificate is then published to the outside using the x509 protocol. Finally, HPMS establishes an independent alliance chain based on a block chain bottom technology open source platform, establishes an created block, and defines an intelligent contract: 1. map collecting vehicle registration contracts; 2. a base station registration contract; 3. a base station transmits a contract; 4. the high precision map remote server transmits the contract.
The map acquisition vehicle registration contract execution process comprises the steps of firstly defining a public pre-stored variable, then defining a contract function, assigning a value to the pre-defined variable through input parameters, finally calling an intelligent contract function, and storing three input parameters of an MMV private key pair, a random number and an MMV certificate in a blockchain in a public manner.
The execution process of the base station registration contract is that firstly, a public pre-stored variable is defined, then a contract function is defined, the predefined variable is assigned through the input parameter, and finally, the intelligent contract function is called to store the public key of the base station and the ID of the base station in the blockchain in a public way.
The execution process of the base station transmission contract is that firstly, a public pre-stored variable is defined, then a contract function is defined, the predefined variable is assigned through input parameters, and finally, different base stations call the base station transmission contract to store three input parameters of metadata, a time stamp of the received data of the base station and a link base station identity ID set transmitted by an authentication chain in a blockchain in a public manner.
The execution process of the high-precision map remote server transmission contract is to define a contract function first, and input parameters are time before an interval and time after the interval. Invoking the present contract may retrieve whether a timestamp of the base station received data stored in the blockchain using the base station transmission contract is included in a time interval range, and output a set of timestamps that meet the condition.
The step of registering the MMVs in the HPMS to obtain the public-private key pair is that the HPMS randomly selects an ID (identity) for each MMV in a variable domain, then each MMV calculates a pseudonym and a public key by using a collision-resistant hash function, and simultaneously obtains the private key pair by using a main private key simultaneous calculation. Then, HPMS generates a random number R in the variable domain, and calculates R using the product of the generator and the random number R. And then, the HPMS calculates a corresponding certificate by using the parameters, calls a map acquisition vehicle registration contract to deploy the pseudonym, R and the certificate on the blockchain, and sends R to the MMV as an MMV private key. Finally, the HPMS randomly selects a key pair in the variable domain as a symmetric key to be sent to the MMV.
Step 2: base Station (BS) authentication based on federation chain: and maintaining a blockchain among the BSs, initializing the blockchain by the HPMS, distributing a master key for the blockchain, and deploying an intelligent contract. After the block chain deployment is successful, the BS is firstly connected to the block chain network, then invokes an identity authentication request contract, obtains an authentication result through the consensus on the block chain, obtains an initialization key if the authentication result passes through the BS, and returns error information if the initialization key fails.
The system authenticates and assigns an initialization key for the BS, meaning that the HPMS first obtains the hash root of trust for each BS from the BS vendor. The BS then encrypts the hash root using elliptic curve cryptography and the master public key and then ID along with the BS ID BS ∈Z p * Sent to HPMS. The HPMS uses the master private key to decrypt, if the decryption and comparison are successful, the HPMS randomly selects one private key and the corresponding public key for the BS, sends the private key and the ID of the BS to the BS through a secret channel, and registers the public key and the ID of the BS in the blockchain.
Step 3: data generation and delivery based on BS and MMV mutual hybrid authentication. After each MMV collects data, communicating with a nearby BS, and if the BS and the MMV are successfully authenticated in a two-way mode, the connected BS is not a pseudo base station; if authentication fails, MMV refuses to establish communication with BS. The MMV then encrypts, signs, and time stamps the data to ensure that the data does not leak content during delivery, and is hacked by the adversary to generate metadata. When the MMV has processed, the data will be passed by the MMV to the nearest BS. Thereafter, the data is transferred between BSs until it is transferred to the HPMS. Each time a BS passes, the data is signed, and the previous signature is compressed to form data transfer trace evidence. Where inter-BS delivery requires mutual authentication in the blockchain to ensure that the connected BS is not a pseudo base station.
The MMV encrypts, signs and marks the data, and generates metadata, namely, after the MMV collects each group of point cloud data, the MMV encrypts the cloud data by using an advanced encryption standard (Advanced Encryption Standard, AES) and a piled key, calculates a private key pair of the MMV cloud data, simultaneously encrypts the current timestamp T by using an elliptic curve encryption algorithm (Elliptic curve cryptography, ECC) and a private key r, and calculates the signature. The signature of the MMV cloud data is then computed with the hash of the private key pair.
The MMV and the access point BS authenticate, then send data to the BS, mutual authentication is carried out between the BSs, and the final data arrives at the HPMS, namely, the MMV firstly acquires the ID of the access point BS, then encrypts the random number in the variable domain according to the public key of the BS in the blockchain by using an ECC algorithm to obtain the signature of the MMV, if the BS can decrypt to obtain the corresponding random number, the signature of the BS encrypted by using the public key of the MMV is sent to the MMV, the MMV and the BS successfully decrypt, the mutual authentication of the MMV and the BS is successful, if one of the two processes fails in decryption, the mixed authentication fails, and the MMV and the BS cannot establish connection. The MMV then sends the data to the BS, and after receiving the data, the BS forwards the data to one or more BSs until the data is sent to the HPMS, and in the process, the BS records the data, the time stamp of the received data by the BS, and the link BS ID set transmitted by the authentication chain on the blockchain by using a base station transmission contract.
Step 4: and verifying the transmitted data based on an ECC signature verification algorithm, and tracing the data based on an intelligent contract, so that the data is efficiently updated, the tamper resistance of the data transmission process and the tracing of the data loss are realized, and the safety of the data transmission process is improved.
When the HPMS receives data from the BS, the correctness and integrity of the data, including whether it has been tampered with and replaced, is first verified. And then sequencing the data according to the time stamps, tracing the data packets which are not received by using the block chain by using an intelligent contract, determining the interruption position of the data packets, and continuously transmitting by other base stations.
The HPMS verifies the correctness and the integrity of the data, namely, after the HPMS receives the user data, an ECC signature verification algorithm is used for calculating the relevance between the signature of the MMV cloud data and the private key pair. If the output is 1, the description data is correct; if the output is 0, a data error is indicated. Then, calculating the relevance between the time stamp signature and the time stamp by using an ECC signature verification function, and if the output is 1, indicating that the time stamp is correct; if the output is 0, a timestamp error is indicated.
The data are sequenced according to the time stamp, then the data packet which is not received is traced by using the intelligent contract through the blockchain, and the interrupt position of the data packet is determinedAnd the other base stations continue to transmit, that is, the HPMS calculates an average time interval according to the interval between each time stamp, but when the interval between two adjacent time stamps is found to be significantly more than the average interval, the HPMS starts a traceback function DataTraceBack (T) 1 ,T 2 ). Wherein T is 1 Representing the time before the interval, T 2 Indicating the time after the interval. HPMS first retrieves whether there is a timestamp T in the blockchain 1 <T<T 2 If the data transmission channel does not exist, the MMV is indicated to have a large-interval data transmission event, and the HPMS defaults to the data transmission channel without errors. If T exists, it is indicated that the data corresponding to the time stamp T is lost during the transfer process, and the HPMS retrieves the base station transmission contract record containing T in the blockchain. Establishing a data transfer path diagram locally at HPMS, e.g. { BS 1 →BS 2 →BS 3 →BS 5 ;BS 1 →BS 4 →BS 5 Location of BS node, e.g. BS in the example, to the final data loss 5 . BS 5 Events of data loss are disclosed in the blockchain, reminding other BSs not to get through the BS when forwarding data packets 5 . Then, the HPMS re-acquires the data corresponding to the T timestamp from the node before the breakpoint, and verifies the correctness and the integrity of the data again.
The beneficial effects are that:
1. according to the high-precision map drawing-oriented safety traceable data transmission method disclosed by the invention, based on the MMV authentication strategy of the BCOS alliance chain, the certificate of the MMV is stored and disclosed in the blockchain, the map drawing vehicle data acquisition scene is deeply attached, the vehicle identity privacy protection is realized, the vehicle identity authentication is realized, the vehicle certificate can be publicly verified, and the malicious adversary can be prevented from disguising into the map acquisition vehicle to upload false data;
2. the invention discloses a high-precision map drawing-oriented secure traceable data transfer method, which is based on a BS authentication strategy of a BCOS alliance chain, stores a certificate of a BS in a blockchain, realizes authentication of an MMV to an access point vehicle, and can effectively resist mobile pseudo base station attack. Meanwhile, as the certificate of the BS is disclosed, when data is transferred between the BSs, the BS at the outgoing point can directly verify the identity validity of the BS at the destination, so that the correctness of data transfer between the BSs is ensured;
3. the invention discloses a high-precision map drawing-oriented security traceable data transmission method, which is characterized in that a password system and a blockchain network are established by constructing an MMV and BS bidirectional hybrid authentication architecture based on a alliance blockchain, and intelligent contracts are adopted to realize the publicity of authentication evidence and the traceability of data loss;
4. according to the high-precision map drawing-oriented secure traceable data transmission method disclosed by the invention, symmetric keys are distributed to the MMV by the HPMS aiming at the key distribution strategy of the MMV, so that privacy leakage in the data transmission process can be effectively resisted, and the computation burden of the MMV can be lightened based on the symmetric encryption data protection strategy.
Drawings
Fig. 1 is a system model diagram of a security traceable data transfer method for high-precision mapping disclosed by the invention;
FIG. 2 is a flow chart of a high-precision map-oriented secure traceable data transfer method disclosed by the invention;
fig. 3 is an overall process diagram of a security traceable data transfer method for high-precision mapping disclosed in this embodiment;
FIG. 4 is a diagram showing the comparison of the initial time overhead of the different methods in the present embodiment;
fig. 5 is a schematic diagram showing comparison of the mutual authentication time overhead of different methods in the present embodiment.
Detailed Description
The present invention will be described in detail with reference to the accompanying drawings and examples. The technical problems and the beneficial effects solved by the technical proposal of the invention are also described, and the described embodiment is only used for facilitating the understanding of the invention and does not have any limiting effect.
The embodiment discloses a high-precision map drawing-oriented security traceable data transfer method, and a system model is shown in fig. 1, and mainly comprises 4 entities:
map acquisition vehicle (Mobile Mapping Vehicle, MMV): is a vehicle equipped with various sensors and measuring devices for capturing data of roads, buildings, and surrounding environment to generate highly accurate maps and geographic information. These vehicles typically incorporate Global Positioning Systems (GPS), inertial Measurement Units (IMUs), laser scanners, cameras, and other sensors to obtain accurate geographic location and environmental characteristic data.
Base Station (BS): they are wireless communication devices deployed either side of the road or near a junction for enabling communication and data exchange between the vehicle and the infrastructure. The base stations communicate with the intelligent vehicles through wireless communication technology (such as LTE, 5G and the like) to provide real-time traffic information, road conditions, navigation guidance and other services, and promote development of an intelligent traffic system and interconnection and intercommunication among the vehicles.
Blockchain (BC): maintained by the base station is a distributed ledger technique that is known for its decentralised, publicly transparent and non-tamperable nature. A blockchain may be considered a chain of a number of data blocks, each of which contains a number of transactions or information records.
High-precision map remote server (High-precision Map Remote Server, HPMS): is a server infrastructure intended to support high-precision map applications. It acts as a centralized platform for storing and processing high resolution map data, which is critical to various navigation and location-based services. HPMS enables efficient map information storage, retrieval and management, including road networks, landmarks, traffic patterns, and other related geospatial data. It provides a reliable and scalable solution for transmitting and distributing map data to connected devices such as autonomous vehicles, advanced driving assistance systems and mobile applications.
The safety traceable data transmission method for high-precision map drawing disclosed by the embodiment is applied to high-precision map drawing and improves data transmission efficiency and safety. As shown in fig. 2, the method comprises the following steps:
step 1: MMV authentication based on federation chain: before the MMV drives out of the HPMS, a password system and a blockchain network are established, each MMV is firstly registered in the HPMS, a public and private key pair is obtained after the registration is successful, and identity information of the MMV is exported to an HPMS database.
HPMS execution algorithm ParaInit (1 k ) K=256 is taken to establish a cryptosystem, blockchain network. Defining two multiplication cycle groups G 1 And G 2 Wherein G is 1 G (a special value of 256 bits). H and H are collision-resistant hash functions, where H: {0,1} * →G 1 (using the curved hash function mentioned in BLS signature), h: {0,1} * →{0,1} * (using the SHA-256 function). Let Z be p * ∈[1,p-1](p is a 256-bit random prime number), HPMS randomly takes a value msk ε Z p * As a master private key, mpk=msk×g is taken as a master public key. Then using x509 protocol to publish the source certificate Cert to the outside HPMS . Finally, HPMS establishes an independent BCOS alliance chain, creates an creation block, and defines an intelligent contract: SCMMVReg (); SCBSReg (); SCBSTrans (); SCHPMSTra ().
The HPMS performs the algorithm MMVAuth (mpk, msk, ID) assuming that there is one MMV in the system MMV ) Authenticating the MMV and assigning a key. HPMS randomly selects an ID for each MMV MMV ,∈Z p * Secondly, HPMS calculates pseudonym RID for MMV MMV =H(ID MMV ) Public key P MMV =H(R MMV ) Wherein R is MMV ∈Z p * . HPMS calculates private key pairs for MMVThen HPMS generates a random number r εZ p * R=r×g is calculated. Again, HPMS calculates certificate Cert MMV =msk+h(RID MMV ||P MMV ||r) R. HPMS then calls the contract SCMMVReg () will { RID MMV ,R,Cert MMV Deployed to the blockchain, r is sent to the MMV as the MMV private key. Finally, the HPMS randomly selects a key Syk MMV ∈Z p * Is sent to the MMV as a symmetric key.
Step 2: base Station (BS) authentication based on federation chain: and maintaining a blockchain among the BSs, initializing the blockchain by the HPMS, distributing a master key for the blockchain, and deploying an intelligent contract. After the block chain deployment is successful, the BS is firstly connected to the block chain network, then invokes an identity authentication request contract, obtains an authentication result through the consensus on the block chain, obtains an initialization key if the authentication result passes through the BS, and returns error information if the initialization key fails.
Assuming that there are 5 BSs in the system, HPMS invokes the algorithm BSAuth 5 times (T BS Mpk, msk) is bs= { BS1,..bs5 } authenticated, assigned keys, and acting as blockchain nodes. Each legitimate BS has a trusted root T from the vendor BS ∈Z p * . HPMS first obtains the root of trust hash HT for each BS from the BS vendor BS =h(T BS ) The BS then uses mpk to HT with elliptic curve cryptography algorithm, respectively BS Encrypted with ID BS ∈Z p * The data is sent to the HPMS, the HPMS uses the msk to decrypt, if the decryption and the comparison are successful, the HPMS randomly selects a private key sk for the BS BS ∈Z p * And the corresponding public key pk BS =sk BS * g, transmitting to BS through secret channel and pk BS And ID BS Is disclosed in the blockchain using the SCBSReg () contract.
Step 3: data generation and delivery based on BS and MMV mutual hybrid authentication. After each MMV collects data, the MMV communicates with a nearby BS, if the BS and the MMV are authenticated successfully, the connected BS is not a pseudo base station, and if the authentication is failed, the MMV refuses to establish communication with the BS. The MMV then encrypts, signs, and time stamps the data to ensure that the data does not leak content during delivery, and is hacked by the adversary to generate metadata. When the MMV has processed, the data will be passed by the MMV to the nearest BS. Thereafter, the data is transferred between BSs until it is transferred to the HPMS. Each time a BS passes, the data is signed, and the previous signature is compressed to form data transfer trace evidence. Where inter-BS delivery requires mutual authentication in the blockchain to ensure that the connected BS is not a pseudo base station.
MMV execution algorithm DataInit (m, syk MMV R) encrypting the data block and generating metadata. After the MMV collects each group of point cloud data m (256-bit data), syk is acquired MMV As a symmetric key, encryption was performed using AES encryption algorithm, and calculation was performedUsing ECC signature algorithm to the current time stamp T, signing with private key r, calculating SIG T =ECC r (T). Then use private key to SY m Hash computation signature SIG of (1) SY =ECC r (h(SY m )).
MMV calls algorithm DataTransmit (SY) m ,SIG T ,ID BS (ii) to authenticate MMV and access point BS1, then send data to BS1, bs= { BS1,., BS5} mutually authenticate and transfer data between, and finally data arrives at HPMS. MMV first obtains the ID of access point BS1 and then based on pk in the blockchain BS For random number rt E Z p * Encryption using ECC algorithmIf BS1 can decrypt to get rt and encrypt with MMV public key RAnd sending the information to the MMV, and if the MMV is successfully decrypted, the MMV and the BS1 are successfully authenticated. MMV then will d=sy m ||SIG SY ||T||SIG T To BS1. After receiving D, BS1 forwards D to BS2, and h (D), TBS1 and ID of accepting the forwarding BS The contract SCBSTrans () is used to record on the blockchain until data D is transferred to HPMS via BS1.
After HPMS receives user data, SIG is calculated by using ECC signature verification function SY And SY m Is related to:if the output is 1, the description data is correct; if the output is 0, a data error is indicated. The HPMS then calculates SIG using an ECC signature verification function T Correlation with T: />If the output is 1, the time stamp is described as correct; if the output is 0, a timestamp error is indicated.
Step 4: and verifying the transmitted data based on an ECC signature verification algorithm, and tracing the data based on an intelligent contract, so that the data is efficiently updated, the tamper resistance of the data transmission process and the tracing of the data loss are realized, and the safety of the data transmission process is improved.
If the data is found to be missing, the HPMS calculates an average time interval according to the interval between each time stamp, but when the interval between two adjacent time stamps T2 and T4 is found to be significantly more than the average interval, the HPMS starts a traceback algorithm (T2 and T4). HPMS first retrieves if there is a timestamp T2< T4 in the blockchain. By calling the intelligent contract SCHPMSTRA (T2, T4), the existence of T3 is searched, and the data corresponding to the time stamp T3 is lost in the transmission process, and the SCBSTRA () contract record containing T3 in the blockchain is output according to the contract SCHPMSTRA (T2, T4). A data transfer path diagram { BS1,.., BS5}, located to the BS node BS3 that eventually lost data, is established locally at the HPMS, exposing the event of BS3 data loss in the blockchain. Then, the HPMS retrieves the data corresponding to the T3 timestamp from the node before the breakpoint and executes the algorithm DataVerify (D, R).
This embodiment runs on a computer with a 1.60GHz Intel i5-10210U CPU, 16 GBRAM. The encryption algorithm is realized by adopting a password library JPBC (java package of the PBC library) based on pairing, the security parameter is set to 256 bits, the variable definition and the key generation time are removed, and the average value of the execution results of 20 times is calculated and obtained in the encryption operation time. The hash function is SHA-256, and the output bit number is 256 bits. The deployment of the BCOS alliance chain is simulated, and the number of virtual nodes is set to be 40. The point cloud map data set is selected as test data to verify the protocol provided by the invention. The execution flow is shown in fig. 3.
In order to verify the effectiveness and feasibility of the proposed efficient and safe high-precision map uploading updating method, a series of simulation-based comparison experiments are carried out, as shown in fig. 4 and 5. Wherein BAA refers to the method set forth in [1 ]; SEMA refers to the method set forth in [2 ].
[1]Wang J,Wu L,Choo K K R,et al.Blockchain-based anonymous authentication with key management for smart grid edge computing inffastructure[J].IEEE Transactions on Industrial Informatics,2019,16(3):1984-1992.
[2]Wang W,Huang H,Zhang L,et al.Secure and efficient mutual authentication protocol for smart gridunderblockchain[J].Peer-to-PeerNetworking andApplications,2021,14:2681-2693.
In fig. 4, the time overhead of the proposed method during initialization is compared with the BAA and SEMA methods for different data block sizes. Experimental results show that as the number of data blocks increases, the time overhead of the initialization phase of the three methods all show a trend of approximately linear growth. However, the time overhead of the proposed method is still lower than that of BAA and SEMA methods. This shows that the proposed method has good performance.
In fig. 5, the time overhead associated with the mutual authentication procedure in the proposed method and in the BAA and SEMA methods is compared and evaluated by checking for different data block sizes. Experimental results show that as the number of data blocks increases, a linear increase in time overhead during mutual authentication is observed in all three strategies. Notably, the time overhead generated by the proposed method is still significantly lower than the BAA and SEMA paradigms. Notably, the time overhead caused by the proposed method is still well controlled within 100 milliseconds in case the data block size does not exceed 500. This shows that the proposed authentication scheme ensures security while imposing minimal burden on MMV and BS.
When an adversary tries to launch a mobile pseudo-base station attack, the adversary cannot obtain the public/private key pair and cannot upload evidence to the blockchain because the adversary does not have t_ { BS } stored in the legitimate BS node.
When an adversary tries to steal the MMV identity, the real identity of the MMV is transmitted to the blockchain after hash operation, and the adversary cannot crack the hash function in limited calculation time, so that the adversary cannot steal the MMV identity.
When an adversary tries to steal MMV data, the adversary cannot steal MMV data because the adversary does not have a symmetric key of the MMV and the adversary cannot convert the AES ciphertext into plaintext without the key.
When an adversary tries to invade a legal BS and tamper data in the data transmission process, the HPMS can judge the data tampering attack by using an ECC signature verification algorithm and request to retransmit the data because the signature of the data and the timestamp cannot be forged.
When an adversary tries to invade a legal BS and maliciously delete data in the data transmission process, the HPMS can find errors through a traceability protocol, so that the adversary can be perceived by the HPMS and recover the deleted data when the adversary attacks the deleted data.
Therefore, the safety traceable data transmission method for high-precision map drawing has higher transmission safety.
The present invention has been described in detail above, but the present invention is not limited to the above-described embodiments, and various changes and modifications may be made without departing from the spirit and scope of the present invention, within the knowledge of those skilled in the art. It is to be understood that the invention is not to be limited to the specific embodiments, but only by the scope of the appended claims.
Claims (5)
1. A high-precision map drawing-oriented safety traceable data transmission method is characterized by comprising the following steps of: comprises the following steps of the method,
step 1: alliance chain-based map acquisition vehicle MMV authentication: before the MMV drives out of the high-precision map remote server HPMS, a password system and a blockchain network are established, each MMV is firstly registered in the HPMS, a public-private key pair is successfully obtained after registration, and identity information of the MMV is exported to an HPMS database;
step 2: base station BS authentication based on alliance chain: maintaining a blockchain among the BSs, initializing the blockchain by HPMS, distributing a master key for the blockchain, and deploying an intelligent contract; after the block chain deployment is successful, the BS is firstly connected to the block chain network, then an identity authentication request contract is called, the BS obtains an authentication result through the consensus on the block chain, if the authentication result passes, the BS obtains an initialization key, and if the initialization key fails, error information is returned;
step 3: data generation and delivery based on BS and MMV bidirectional hybrid authentication; after each MMV collects data, communicating with a nearby BS, and if the BS and the MMV are successfully authenticated in a two-way mode, the connected BS is not a pseudo base station; if authentication fails, the MMV refuses to establish communication with the BS; then, the MMV encrypts, signs and marks the time stamp on the data to ensure that the data cannot leak content in the transmission process, and the data is subjected to substitution and tampering attack by an adversary, and then metadata is generated; when the MMV has processed, the data will be passed by the MMV to the nearest BS; thereafter, data is transferred between BSs until it is transferred to the HPMS; each time a BS passes, signing data, and compressing the previous signature to form data transmission track evidence; wherein, during transfer between BSs, mutual authentication in the blockchain is required to ensure that the connected BS is not a pseudo base station;
step 4: and verifying the transmitted data based on an ECC signature verification algorithm, and tracing the data based on an intelligent contract, so that the data is efficiently updated, the tamper resistance of the data transmission process and the tracing of the data loss are realized, and the safety of the data transmission process is improved.
2. The high-precision map drawing-oriented safety traceable data transmission method as claimed in claim 1, wherein the method comprises the following steps: the implementation method of the step 1 is that,
the establishment of the password system and the blockchain network is to define two multiplication loop groups, obtain a variable domain by utilizing a collision-resistant hash function, then randomly take a value in the domain as a main private key by HPMS, and take the product of the main private key and the generator of the first multiplication loop group as a main public key; then using x509 protocol to publish source certificate; finally, HPMS establishes an independent alliance chain based on a block chain bottom technology open source platform, establishes an created block, and defines an intelligent contract: 1. map collecting vehicle registration contracts; 2. a base station registration contract; 3. a base station transmits a contract; 4. the high-precision map remote server transmits contracts;
the map acquisition vehicle registration contract executing process comprises the steps of firstly defining a public pre-stored variable, then defining a contract function, assigning a value to a pre-defined variable through input parameters, finally calling an intelligent contract function, and publicly storing three input parameters of an MMV private key pair, a random number and an MMV certificate on a blockchain;
the execution process of the base station registration contract is that firstly, a public pre-stored variable is defined, then a contract function is defined, a value is assigned to a pre-defined variable through an input parameter, and finally, an intelligent contract function is called to store two input parameters of a BS public key and an ID of the BS in a blockchain in a public way;
the execution process of the base station transmission contract is that firstly, a public pre-stored variable is defined, then a contract function is defined, the predefined variable is assigned through input parameters, and finally, different base stations call the base station transmission contract to store three input parameters of metadata, a time stamp of data received by the BS and a link BS identity ID set transmitted by an authentication chain in a blockchain in a public manner;
the execution process of the high-precision map remote server transmission contract is to define a contract function firstly, wherein input parameters are time before an interval and time after the interval; invoking the contract can search whether the time stamp of the BS received data stored by adopting the base station transmission contract in the blockchain is contained in the time interval range, and outputting a time stamp set meeting the condition;
the MMV registers in the HPMS to obtain a public-private key pair, namely the HPMS randomly selects an ID (identity) for each MMV in a variable domain, then each MMV calculates a pseudonym and a public key by using a collision-resistant hash function, and simultaneously obtains a private key pair by using main private key simultaneous calculation; then, HPMS generates a random number R in a variable domain, and R is calculated by using the product of the generator and the random number R; then, the HPMS calculates a corresponding certificate by using the parameters, calls a map acquisition vehicle registration contract to deploy a pseudonym, R and the certificate on a blockchain, and sends R as an MMV private key to the MMV; finally, the HPMS randomly selects a key pair in the variable domain as a symmetric key to be sent to the MMV.
3. The high-precision map drawing-oriented safety traceable data transmission method as claimed in claim 2, wherein the method comprises the following steps of: the implementation method of the step 2 is that,
the system authenticates for the BS and distributes an initialization key, namely HPMS firstly obtains a hash credible root of each BS from BS manufacturer; the BS then encrypts the hash root using elliptic curve cryptography and the master public key and then ID along with the BS ID BS ∈Z p * Sending to HPMS; the HPMS uses the master private key to decrypt, if the decryption and comparison are successful, the HPMS randomly selects one private key and the corresponding public key for the BS, sends the private key and the ID of the BS to the BS through a secret channel, and registers the public key and the ID of the BS in the blockchain.
4. A high-precision map-oriented security traceable data transfer method as claimed in claim 3, wherein: the implementation method of the step 3 is that,
the MMV encrypts, signs and marks the time stamp on the data and generates metadata, namely, after the MMV collects each group of point cloud data, the MMV encrypts the cloud data by using an advanced encryption standard, namely Advanced Encryption Standard, AES and a piled key, calculates a private key pair of the MMV cloud data, and simultaneously encrypts the current time stamp T by using an elliptic curve encryption algorithm, namely Elliptic curve cryptography, an ECC algorithm and a private key r, and calculates the signature; then, the signature of MMV cloud data is calculated by using the hash of the private key pair;
the MMV and the access point (BS) authenticate, then send data to the BS, mutually authenticate between the BSs and transfer the data, and finally the data arrives at the HPMS, namely the MMV firstly acquires the ID of the access point (BS), then encrypts the random number in the variable domain according to the public key of the BS in the blockchain by using an ECC algorithm to obtain the signature of the MMV, if the BS can decrypt to obtain the corresponding random number, and sends the signature of the BS encrypted by using the public key of the MMV to the MMV, the MMV and the BS authenticate in a mutual way is successful, if one of the two processes fails in decryption, the mixed authentication fails, and the MMV and the BS cannot establish connection; the MMV then sends the data to the BS, and after receiving the data, the BS forwards the data to one or more BSs until the data is sent to the HPMS, and in the process, the BS records the data, the time stamp of the received data by the BS, and the link BS ID set transmitted by the authentication chain on the blockchain by using a base station transmission contract.
5. The high-precision map drawing-oriented security traceable data transfer method as claimed in claim 4, wherein the method comprises the following steps: the implementation method of the step 4 is that,
when the HPMS receives the data from the BS, firstly verifying the correctness and the integrity of the data, including whether the data is tampered and replaced; then sorting the data according to the time stamps, tracing the data packet which is not received by using an intelligent contract through a block chain, determining the interruption position of the data packet, and continuously transmitting by other base stations;
the HPMS verifies the correctness and the integrity of the data, namely, after the HPMS receives the user data, the correlation between the signature of the MMV cloud data and the private key pair is calculated by using an ECC signature verification algorithm; if the output is 1, the description data is correct; if the output is 0, indicating that the data is wrong; then, calculating the relevance between the time stamp signature and the time stamp by using an ECC signature verification function, and if the output is 1, indicating that the time stamp is correct; if the output is 0, indicating that the time stamp is wrong;
the method comprises the steps of sorting data according to time stamps, tracing a data packet which is not received by using an intelligent contract through a blockchain, determining the interruption position of the data packet, and continuously transmitting the data packet by other base stations, wherein the HPMS calculates an average time interval according to the interval between each time stamp, and when the interval between two adjacent time stamps is found to be significantly more than the average interval, the HPMS starts a tracing function DataTraceBack (T) 1 ,T 2 ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein T is 1 Representing the time before the interval, T 2 Representing the time after the interval; HPMS first retrieves whether there is a timestamp T in the blockchain 1 <T<T 2 If the data transmission channel does not exist, the MMV is indicated to have a large-interval data transmission event, and the HPMS defaults to the data transmission channel without errors; if T exists, the data corresponding to the time stamp T is explained in the transmission processLost, HPMS retrieves base station transmission contract records containing T in the blockchain; establishing a data transfer path diagram locally at HPMS, e.g. { BS 1 →BS 2 →BS 3 →BS 5 ;BS 1 →BS 4 →BS 5 Location of BS node, e.g. BS in the example, to the final data loss 5 The method comprises the steps of carrying out a first treatment on the surface of the BS 5 Events of data loss are disclosed in the blockchain, reminding other BSs not to get through RS when forwarding data packets 5 The method comprises the steps of carrying out a first treatment on the surface of the Then, the HPMS re-acquires the data corresponding to the T timestamp from the node before the breakpoint, and verifies the correctness and the integrity of the data again.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311257378.5A CN117499925A (en) | 2023-09-26 | 2023-09-26 | High-precision map drawing-oriented safety traceable data transmission method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311257378.5A CN117499925A (en) | 2023-09-26 | 2023-09-26 | High-precision map drawing-oriented safety traceable data transmission method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117499925A true CN117499925A (en) | 2024-02-02 |
Family
ID=89671554
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311257378.5A Pending CN117499925A (en) | 2023-09-26 | 2023-09-26 | High-precision map drawing-oriented safety traceable data transmission method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117499925A (en) |
-
2023
- 2023-09-26 CN CN202311257378.5A patent/CN117499925A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Basudan et al. | A privacy-preserving vehicular crowdsensing-based road surface condition monitoring system using fog computing | |
| Liu et al. | Blockchain empowered cooperative authentication with data traceability in vehicular edge computing | |
| CN106330910B (en) | Strong secret protection double authentication method in car networking based on node identities and prestige | |
| CN110971415A (en) | Space-ground integrated space information network anonymous access authentication method and system | |
| CN109688107B (en) | Cloud data safety positioning method based on integrity audit and communication time delay | |
| US11804967B2 (en) | Systems and methods for verifying a route taken by a communication | |
| CN109510818B (en) | Data transmission system, method, device, equipment and storage medium of block chain | |
| CN112039870B (en) | Privacy protection-oriented vehicle-mounted network authentication method and system based on block chain | |
| CN112399382A (en) | Vehicle networking authentication method, device, equipment and medium based on block chain network | |
| CN109067525A (en) | Message authentication method based on half credible administrative center in car networking | |
| CN110830245B (en) | Anti-quantum-computation distributed Internet of vehicles method and system based on identity secret sharing and implicit certificate | |
| CN110717698B (en) | Goods position tracking method, goods position tracking device, logistics management system and storage medium | |
| CN105873031A (en) | Authentication and key negotiation method of distributed unmanned aerial vehicle based on trusted platform | |
| Park et al. | Pseudonymous authentication for secure V2I services in cloud-based vehicular networks | |
| CN112134892A (en) | Service migration method in mobile edge computing environment | |
| CN104010302A (en) | Vehicle-mounted self-organizing network traffic data trust evaluation method | |
| Dolev et al. | Optical PUF for non-forwardable vehicle authentication | |
| CN113946877A (en) | Data security calculation method, system, computer equipment, storage medium and terminal | |
| CN110808953B (en) | Cloud data verifiable backup method with position perception | |
| Badr et al. | Blockchain-based ride-sharing system with accurate matching and privacy-preservation | |
| Huang et al. | PTVC: Achieving privacy-preserving trust-based verifiable vehicular cloud computing | |
| CN114286332A (en) | Dynamic and efficient vehicle-mounted cloud management method with privacy protection function | |
| CN115580488A (en) | Vehicle-mounted network message authentication method based on block chain and physical unclonable function | |
| Wang et al. | ARPLR: An all-round and highly privacy-preserving location-based routing scheme for VANETs | |
| CN109309681A (en) | A kind of path sharing method and system of secret protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |