CN104753680A - Privacy protection and authentication method in vehicle-mounted self-organizing network - Google Patents

Abstract

The invention relates to a privacy protection and authentication method in a vehicle-mounted self-organizing network. The privacy protection and authentication method mainly comprises five stages, which are initial stage, blinding stage, signature stage, blind-removing stage and verification stage. The particular process of the scheme is: public and private key pairs are arranged at a system initialization parameter consisting of a vehicle and a road side unit; the vehicle sends a signal to the road side unit to negotiate; during the period, the vehicle blinds its identity, fake name and other information; the road side unit signs the blinded information, and the vehicle performs the blind-removing treatment on the blinded signature and obtains its identity and the signature of the fake name, and then verifies the signature. The method adopted by the invention is good in safety, high in efficiency, and small in system cost; the privacy protection and authentication method has wide application prospect in the technical field of a vehicle-mounted network.

Description

Secret protection in a kind of vehicular ad hoc network and authentication method

Technical field

The present invention relates to the secret protection in a kind of vehicular ad hoc network and authentication method; it is a kind of at vehicular ad hoc network (Vehicular Ad hoc Networks; VANETs) randomization Proxy Signature is used to protect the method for privacy and authentication in; particularly relate to a kind of randomization blind signature scheme based on Bilinear map, belong to In-vehicle networking technical field.

Background technology

Vehicular ad hoc network is by carrying out exchanges data between vehicle and vehicle, between vehicle and road periphery infrastructure and between vehicle and base station, vehicle is assisted better to travel, improve road traffic condition, vehicle is travelled on road safer, and some other purposes are provided: such as paying service (expense need be paid in vehicle pass-through somewhere), localization convenient (finding nearest gas station), amusement behavior (being listened to the music by linking Internet) etc.

Demand for security in vehicular ad hoc network comprises a lot of content, and privacy is one of them importance.When communicating between vehicle with road periphery infrastructure, the present invention, in order to ensure the privacy of vehicle self, refer to the randomization blind signature scheme based on Bilinear map of the people such as the Chun-I Fan in Taiwan in one section of article delivering on periodicals and magazines " Computer and Mathematics with Applications " for 2010.Program typical case is suitable for the systems such as electronic voting, not traceable electronic cash.

Bilinearity group and bilinear map

A given security parameter k, the prime number p (this prime number has k position) that random selecting one is large.G ₁, G ₂and G _tbe three cyclic groups, wherein these three groups have identical order p.P, Q are crowd G respectively ₁, G ₂generator.If there is a bilinear map e:G ₁× G ₂→ G _tmeet following character:

1. bilinearity: to all (S, T) ∈ G ₁× G ₂, and arbitrary a, b ∈ Z (Z represents set of integers), there is e (aS, bT)=e (S, T) ^ab.

2. non-degeneracy: known S ∈ G ₁, T ∈ G ₂, to arbitrarily/all T ∈ G ₂, and if only if time, there is e (S, T)=1.In other words, P is crowd G ₁generator, Q is crowd G ₂generator, there is e (P, Q) ≠ 1.

3. computability: to all/(S, T) ∈ G arbitrarily ₁× G ₂, e (S, T) is computable in efficiency.

4. there is computable (but not necessarily reversible) Homomorphic Mapping ψ: G in an efficiency ₂→ G ₁, make ψ (Q)=P.So (G ₁, G ₂, G _t) be bilinearity group.

Known G ₁be cyclic group, P is crowd G ₁generator, group G ₁order be prime number p, calculate Diffie-Hellman problem, be called for short CDH problem: for given P, aP, bP ∈ G ₁, calculate abP, wherein ( represent the unit group/finite field of Prime Modulus p) be unknown integer.Judge Diffie-Hellman problem, be called for short DDH problem: for given P, aP, bP, cP ∈ G ₁if c=ab, then export 1, otherwise export 0, wherein ( represent the unit group/finite field of Prime Modulus p) be unknown integer.

If the algorithm that there is a polynomial time solves DDH problem, but in polynomial time, there is not algorithm solution CDH problem, so we just say group G ₁be a Gap Diffie-Hellman group, be called for short GDH group.

Randomization blind signature scheme

The program comprises user in group and signer, forms primarily of following algorithm:

1. secret generating: given a security parameter k, probabilistic algorithm KeyGen (k) export a public and private key to (SK, PK).

(SK,PK)←KeyGen(k)

2. random parameter generates: by inputting two random numbers (u, y), algorithm RandMix (u, y) exports a randomization parameter c.

c←RandMix(u,y)

3. message blinds: message is represented by m, and the secret of user's Stochastic choice is represented by (r, u), by message blind algorithm Blind (m, r, u) output message m blind after message α.R and u is blinding factor and randomization factor respectively.

α←Blind(m,r,u)

4. information signature: input one blind after message α, the secret y of a signer Stochastic choice, and signature key SK, signature algorithm Sign (α, y, SK) exports a Proxy Signature t.

t←Sign(α,y,SK)

5. message goes to blind: using a Proxy Signature t and blinding factor r as input, goes to blind algorithm Unblind (t, r) and exports a signature s.

s←Unblind(t,r)

6. information authentication: a given signature-message tuple σ, if σ is an effective signature-message tuple, deterministic algorithm Verify (σ, PK) exports 1, otherwise exports 0.

{0,1}←Verify(σ,PK)

Summary of the invention

(1) goal of the invention

The object of the invention is to provide secret protection in a kind of vehicular ad hoc network and authentication method; it is in vehicular ad hoc network, provide a kind of secret protection and the authentication method that use Proxy Signature technology; by carrying out communication negotiation between vehicle and road infrastructure; protection vehicle privacy; certification is carried out to testing vehicle register, and avoids too much overhead as far as possible.

(2) technical scheme

In order to achieve the above object, technical scheme of the present invention is as follows:

Between vehicle (Vehicle) and roadside unit (Road Side Unit, RSU), use Proxy Signature technical scheme to hold consultation, ensure vehicle privacy, and certification is carried out to its identity.RSU is equivalent to signer, and vehicle is then equivalent to signature request person, i.e. user.RSU carries out Proxy Signature to the true identity (Real ID) of vehicle and assumed name (Pseudonym).

Secret protection in a kind of vehicular ad hoc network of the present invention and authentication method, it comprises following content:

1) initial phase

Step 1:RSU selects a large prime number q, and known two have the cyclic group G that identical order is q ₁and G ₂, wherein G ₁generator be P, there is a bilinear map e:G ₁× G ₁→ G ₂.

Step 2: input a security parameter k, RSU calls key schedule KeyGen (k) twice, generates two private key x ₁, x ₂, wherein ( represent the unit group/finite field of Prime Modulus q), and corresponding PKI PK ₁=x ₁p, PK ₂=x ₂p.The whole system that vehicle and RSU are formed accesses to your password the one-way Hash function learned (q, H, G ₁, G ₂, e, P, PK ₁, PK ₂) be the common parameter of system.

2) stage is blinded

Step 3: vehicle sends the request of ID signature to RSU, after RSU receives this request, random selecting calculate ρ=yP, and ρ is sent to vehicle.

Step 4: vehicle after receiving ρ, random selecting calculate C=u ρ, obtain random parameter C, therefore, vehicle and RSU coact, and achieve random parameter generating algorithm RandMix (u, y).Afterwards, vehicle random selecting message call blinds algorithm Blind (m, r, u), to ID _realand ID _pseudoblind, obtain α and β: α=r afterwards as calculated ₁h (ID _real|| ID _pseudo|| C)+r ₂p, β=r ₁u (mod q), wherein, ID _realrepresent the true identity of vehicle, ID _pseudorepresent the assumed name of vehicle, || represent and link.Finally, (α, β) is sent to RSU by vehicle.

3) sign the stage

Step 5:RSU, after receiving (α, β), calls signature algorithm Sign (α, y, SK), uses the private key of self (α, β) is signed, obtains signature T:T=x ₁α+x ₂y β P.Signature T is sent to vehicle by RSU.

4) go to blind the stage

Step 6: vehicle, after receiving the Proxy Signature T that RSU sends, calls and blinds algorithm Unblind (t, r), obtain RSU to ID from T _real|| ID _pseudosignature S:

So far, vehicle has obtained the signature sigma of RSU to this vehicle ID: σ=(S, ID _real|| ID _pseudo, C).

5) Qualify Phase

Step 7:RSU according to following formula, the validity of certifying signature,

e(S,P)＝e(H(ID _real||ID _pseudo||C),PK ₁)e(C,PK ₂)。

(3) advantage and effect

The present invention solves in vehicular ad hoc network about demands for security such as the confirmability of information and anonymities; large according to In-vehicle networking scale, variation is fast and postpone low feature; on the basis of the randomization blind signature scheme based on Bilinear map, devise a kind of secret protection and the identity identifying method that are applied to use Proxy Signature technology between vehicle and roadside unit.The method by pseudonymity, the privacy of identities adopting randomization Proxy Signature technical protection vehicle, by going to blind the authentication realized with signature verification vehicle.

This method can be anonymous the signature and authentication carrying out information; alleviate the burden of key and certificate management; ensure that the reliability of authentification of message and realize fast; improve the communication efficiency of In-vehicle networking; protect vehicle privacy; alleviate the burden of center infrastructures, add the fail safe of In-vehicle networking.

Accompanying drawing explanation

Fig. 1 technical scheme of the present invention and call algorithm flow chart

Fig. 2 concrete scheme implementing procedure of the present invention figure

Embodiment

Because the present invention mainly sets forth the method for realization, and actual In-vehicle networking environment is depended in concrete realization.Below in conjunction with accompanying drawing, reciprocal process concrete between vehicle and roadside unit is described.Fig. 1 is technical scheme and calls algorithm flow chart; Fig. 2 is the implementing procedure figure of technical scheme; Embodiment is as follows:

1. initialization

A given security parameter k, signer (roadside unit, i.e. RSU) selects a Big prime q (prime number q has k position), and two have the cyclic group G that identical order is q ₁and G ₂, wherein G ₁generator be P, an and bilinear map e:G ₁× G ₁→ G ₂.

RSU is in the unit group/finite field of Prime Modulus q two private key x of middle generation self ₁, x ₂, the PKI PK of its correspondence ₁=x ₁p, PK ₂=x ₂p.Access to your password the one-way Hash function learned in the system that vehicle and RSU are formed $H:{\left\{\mathrm{0,1}\right\}}^{*}\→G_1^{*}.$

System common parameter is (q, H, G ₁, G ₂, e, P, PK ₁, PK ₂).

2. blind

First, vehicle user sends to signer RSU the signal that starts negotiations process.Signer RSU chooses and calculate ρ=yP, ρ is sent to vehicle user.

After vehicle user receives ρ, choose randomization parameter C=u ρ is set, and the true identity ID to user _realwith the assumed name ID of user _pseudoblind, calculate α=r ₁h (ID _real|| ID _pseudo|| C)+r ₂p, β=r ₁u (mod q), (α, β) is sent to signer RSU by vehicle user.

3. sign

Signer RSU after receiving (α, β), compute signature T:T=x ₁α+x ₂y β P, and this signature T is returned to vehicle user.

4. go to blind

When after the signature T blinded that vehicle user acquisition signer RSU sends, to its operation of casting off illiteracy, namely go to blind process to signature T, calculate signature S: final acquisition signer RSU is to the true identity ID of vehicle user _realwith assumed name ID _pseudosignature tlv triple σ: σ=(S, ID _real|| ID _pseudo, C).

5. verify

In order to carry out the checking of validity to the signature of vehicle user ID, according to following formula:

e(S,P)＝e(H(ID _real||ID _pseudo||C),PK ₁)e(C,PK ₂)。

In sum, above-mentioned implementation process achieves the communication between vehicle and roadside unit, protects vehicle privacy, has carried out certification to testing vehicle register.

Be that vehicle user and signer RSU reciprocal process are illustrated below.

||: represent and link; H: represent one-way Hash function; [request]: represent request; Q: represent Big prime;

represent the unit group/finite field of Prime Modulus p; G ₁, G ₂: be two cyclic groups with identical order q;

E: be crowd G ₁to group G ₂bilinear map; P: be crowd G ₁generator; PK ₁, PK ₂: be two PKIs; x ₁, x ₂: be two private keys; ID _real: the true identity representing vehicle; ID _pseudo: the assumed name representing vehicle; Y, u, r ₁, r ₂: be in element; C: be random parameter.

Claims (1)

1. the secret protection in vehicular ad hoc network and an authentication method, is characterized in that: it comprises following content:

1) initial phase

Step 1:RSU selects a large prime number q, and known two have the cyclic group G that identical order is q ₁and G ₂, wherein G ₁generator be P, there is a bilinear map e:G ₁× G ₁→ G ₂;

Step 2: input a security parameter k, RSU calls key schedule KeyGen (k) twice, generates two private key x ₁, x ₂, wherein represent the unit group/finite field of Prime Modulus q, and corresponding PKI PK ₁=x ₁p, PK ₂=x ₂p; The whole system that vehicle and RSU are formed accesses to your password the one-way Hash function learned (q, H, G ₁, G ₂, e, P, PK ₁, PK ₂) be the common parameter of system;

2) stage is blinded

Step 3: vehicle sends the request of ID signature to RSU, after RSU receives this request, random selecting calculate ρ=yP, and ρ is sent to vehicle;

Step 4: vehicle after receiving ρ, random selecting calculate C=u ρ, obtain random parameter C, therefore, vehicle and RSU coact, and achieve random parameter generating algorithm RandMix (u, y); Afterwards, vehicle random selecting message call blinds algorithm Blind (m, r, u), to ID _realand ID _pseudoblind, obtain α and β: α=r afterwards as calculated ₁h (ID _real|| ID _pseudo|| C)+r ₂p, β=r ₁u (mod q), wherein, ID _realrepresent the true identity of vehicle, ID _pseudorepresent the assumed name of vehicle, || represent and link, finally, (α, β) is sent to RSU by vehicle;

3) sign the stage

Step 5:RSU, after receiving (α, β), calls signature algorithm Sign (α, y, SK), uses the private key of self (α, β) is signed, obtains signature T:T=x ₁α+x ₂y β P, signature T is sent to vehicle by RSU;

4) go to blind the stage

Step 6: vehicle, after receiving the Proxy Signature T that RSU sends, calls and blinds algorithm Unblind (t, r), obtain RSU to ID from T _real|| ID _pseudosignature S: $S={r_1}^{-1}(T-r_2{\mathrm{PK}}_1);$

So far, vehicle has obtained the signature sigma of RSU to this vehicle ID: σ=(S, ID _real|| ID _pseudo, C);

5) Qualify Phase

Step 7:RSU according to following formula, the validity of certifying signature,

e(S,P)＝e(H(ID _real||ID _pseudo||C),PK ₁)e(C,PK ₂)。