Access authentication method of electric automobile
The technical field is as follows:
the invention relates to an access authentication method of an electric automobile, in particular to an access authentication method of an electric automobile based on identity aggregation signature.
Background art:
as an important component of the smart grid, the electric automobile is greatly concerned due to the characteristics of mobile energy storage, energy conservation, environmental protection, cost reduction and the like, and is predicted to be the future of the development of the automobile industry in the world. However, a severe security challenge is also followed, and especially, an electric vehicle faces a more complex network environment and is easily attacked by various enemies, such as information tampering, message stealing, replay attack, counterfeiting attack and the like, by means of an operation service platform based on the internet of things technology, so that immeasurable economic loss is caused, and long-term development and application of the electric vehicle technology are severely restricted.
The access authentication is an important safety link of an Electric Vehicle (EV), and a core problem of the access authentication is to ensure that the Electric Vehicle is safely accessed to a service network, so as to perform activities such as charging and battery replacement, data acquisition, user identification and the like. Therefore, the access authentication is of great importance to the interaction safety between the electric vehicle and the charging station, and subsequent safety services depend on the access authentication to a certain extent, so that basic technical support is provided for reasonable and reliable system operation management. At present, due to the factors of simple management, low calculation cost and the like, the access authentication method based on the symmetric cryptosystem is widely applied to the authentication of the electric vehicle. However, it is known that this method has the inherent disadvantage of poor scalability, and is not suitable for large-scale application systems, and especially for transportation systems with tens of thousands of terminals, the method has obvious short boards. In order to overcome the defects, a method based on a traditional public key cryptosystem is introduced into the access authentication of the electric automobile, the legality of the electric automobile is mainly checked by using a digital certificate, and the method has good expandability. However, this method cannot avoid the problem of certificate overhead, and complex certificate operations (such as generation, issuance, storage, revocation, deletion, etc.) become bottlenecks in its development, especially the interactive query requires high signaling overhead and computation cost. The access authentication method based on identity cryptography adopts the user identity as a public key, thereby solving the problem of certificate management. However, most of the methods need bilinear pairing operation, the signatures must be verified one by one, the calculation cost is high, and efficient access authentication cannot be supported.
Therefore, the method is a safe, efficient and feasible scheme, realizes legal access of the electric automobile, and can provide long-term economic benefits for ensuring the operation of the electric automobile.
The invention content is as follows:
the invention aims to provide an access authentication method for an electric automobile, which ensures reasonable use of information resources in a station and guarantees the safety of the whole network system on the basis.
In order to achieve the purpose, the invention adopts the following technical scheme: an access authentication method of an electric vehicle, the method comprising the steps of:
(1) establishing an access authentication system of the electric automobile;
(2) access authentication between the electric vehicle and the charging station;
(3) and the charging station performs batch signature authentication on the electric vehicles.
The invention provides an access authentication method of an electric vehicle, wherein a system in the step (1) is used for initializing and registering an electric vehicle EV and a Charging Station (CS) in a Data center.
The invention provides an access authentication party of an electric automobileThe data center DC generates the system parameters params and a master key msk and secretly stores the msk; the data center DC publishes params and identifies with itDCAnd (6) binding.
In another preferred access authentication method for an electric vehicle provided by the present invention, the initialization registration process of the electric vehicle EV in the data center DC is as follows:
the electric vehicle EV submits self identity information ID to the data center DCEV;
The data center DC inspection IDEVThe data center DC operates a private key generation algorithm in the identity aggregation signature to generate a private key PR for the electric vehicle EVEVAnd in its database with IDEVBinding;
the data center DC sends PR through a secure channelEVParams and IDDCSending the data to the electric vehicle EV;
after the electric vehicle EV receives the information, PR is kept secretlyEV。
In another preferred access authentication method for an electric vehicle provided by the present invention, in an initialization registration process of the charging station CS in the data center DC:
the charging station CS submits self identity information ID to the data center DCCS;
The data center DC inspection IDCSRun a private key generation algorithm in the identity aggregation signature to generate a private key PR for the charging station CSCSAnd in its database with IDCSBinding;
the data center DC issues a symmetric session key K for the charging station CSDC-CSFor ensuring data confidentiality;
the data center DC sends PR through a secure channelCS、params、IDDCAnd KDC-CSSend to the charging station CS;
The PR is kept secretly after the charging station CS receives the PRCSAnd KDC-CSLocally.
In another preferred embodiment of the present invention, when the electric vehicle EV receives the broadcast packet of the charging station CS and needs to be charged, the charging station CS and the electric vehicle EV must perform the access authentication in the step (2) before charging is performed;
the access authentication procedure comprises the steps of:
(2-1) the electric vehicle EV determines the existence of the charging station CS through the broadcast message of the charging station CS, and initiates an access request to the charging station CS;
(2-2) the charging station CS checking the validity of the electric vehicle EV and establishing a session key with the electric vehicle EV;
(2-3) the electric vehicle EV checking the legitimacy of the charging station CS and establishing a session key with the charging station CS;
(2-4) the charging station CS completes access authentication by checking a session key.
The invention provides another preferable access authentication method for an electric vehicle, wherein the process of the step (2-1) is as follows:
the electric vehicle EV selects a random valueComputing exchange itemsWherein p is a prime number and G is a p-order cyclic group G1Is randomly generated from the one of the elements,a cyclic group modulo p;
the EV running signature algorithm of the electric vehicle is used for messageGenerating a signature σEV(ii) a Wherein T is1The timestamp of the electric vehicle EV is, | | | represents a character string connector;
the electric vehicle EV sends a request message to the charging station CS
The invention provides another preferable access authentication method for an electric vehicle, wherein the process of the step (2-2) is as follows:
the charging station CS verifies the IDCSAnd IDDCCorrectness;
the charging station CS verifies T1Correctness, preventing replay attacks;
the charging station CS executes a verification algorithm in the identity aggregation signature to verify the EV signature sigmaEVThe legitimacy of (c):
the charging station CS selects a random valueSetting exchange itemComputing session keysErasing r in a databaseCS(ii) a Wherein p is a prime number,is a cyclic group modulo p, G is a cyclic group of order p G1Is randomly generated from the one of the elements,is the calculated session key;
the charging station CS runs a signature algorithm in an identity aggregation signature on a messageGenerating a signature σCS(ii) a Wherein G is a p-order cyclic group G1Is randomly generated from the one of the elements,an exchange item for the EV is an exchange item,an exchange entry for the AP;
the charging station CS sends response informationAnd (5) giving the electric vehicle EV.
The invention provides another preferable access authentication method for an electric vehicle, wherein the process of the step (2-3) is as follows:
the EV inspection ID of the electric vehicleCS、IDEVAndif not, the access is refused, otherwise, the next step is continued;
the EV operation of the electric vehicle executes a verification algorithm in the identity aggregation signature, and the identity validity of the charging station CS is detected as follows:
the EV calculation session keyErasing r in a databaseEV;
The EV of the electric vehicle passes through KEV-CSEncrypting messagesAn authentication code MAC is generated.
The invention provides another preferable access authentication method for an electric vehicle, wherein the process of the step (2-4) is as follows:
the charging station CS generating a messageUsing stored KEV-CSEncrypt AutM ', generate MAC';
the charging station CS compares the MAC with the MAC' and checks the session key KEV-APThe correctness of (2): if the MAC is not equal to the MAC ', the EV access of the electric vehicle is refused if the verification fails, and if the MAC is equal to the MAC', the EV access is allowed and the next step is continued;
the charging station CS stores signature information of the electric vehicle EV; while the subsequent communication of the electric vehicle EV and the charging station CS will pass through KEV-CSEncryption is carried out, and confidentiality protection of sensitive data is achieved.
In another preferred access authentication method for an electric vehicle provided by the present invention, when the charging station CS receives n access requests of different electric vehicles EV within a certain time interval Δ T, the charging station CS performs batch verification of validity of n signatures of the electric vehicles EV in step (3), where n is greater than or equal to 2; the process of the step (3) comprises the following steps:
(3-1) the charging station CS determines the timeliness of the n requests according to the time stamp:
(3-2) ID in the charging station CS check request messageCSAnd IDDCValidity, if the validity is illegal, access to the electric automobile is refused, otherwise, the next step is executed;
(3-3) according to the timeliness and the identity detection result, the charging station CSRunning an aggregation algorithm for the input, generating an aggregated signature σagg;
(3-4) the charging station CS performs an aggregation verification algorithm, checking σaggThe effectiveness of (2): if the verification is passed, the n electric vehicles EV will be successfully authenticated.
In another preferred access authentication method for an electric vehicle provided by the present invention, the timeliness determination process in the step (3-1) is:
if | TCS-TiIf | ≦ Δ T (1 ≦ i ≦ n), the corresponding request is time-sensitive, otherwise, the access of the corresponding electric vehicle is denied for a replay attack, where T isCSBeing a time stamp of the charging station, TiIs an electric vehicle timestamp.
Compared with the closest prior art, the technical scheme provided by the invention has the following excellent effects
1. The technical scheme of the invention realizes the mutual authentication and session key agreement between the electric automobile and the charging station, ensures the reasonable use of information resources in the station and ensures the safety of the whole network system on the basis;
2. the technical scheme of the invention supports batch signature verification technology, enables the charging station to aggregate and verify the signatures of a plurality of electric vehicles, and improves performance;
3. in the technical scheme of the invention, only two entities (namely the electric vehicle and the charging station) are involved in the actual authentication interaction process, and all authentication signaling is only transmitted locally between the two entities, so that the extra time delay overhead caused by remote interaction is reduced;
4. in the technical scheme of the invention, the electric vehicle and the charging station use an identity aggregation signature system to sign the message, so that the method has the characteristic of uniformity, and from the perspective of authentication, the method has no strict difference;
5. according to the technical scheme, aiming at access requests of a plurality of electric vehicles in a short time period, the charging station can play the role of an aggregated signature generator, and the signatures of the vehicles are compressed into an aggregated signature for aggregated verification, so that resource waste of one-by-one verification is avoided, and the calculation cost is effectively reduced;
6. the technical scheme of the invention carries out system establishment work according to an identity aggregation signature system, so that a data center acts as a trusted third party to issue identity private keys for the electric automobile and the charging station, and adopts corresponding identity information as a public key for realizing the bidirectional authentication of the electric automobile or the charging station,
7. the technical scheme of the invention has the advantage of better expandability of the public key cryptography mechanism, and can support a large-scale application system.
Drawings
FIG. 1 is a schematic diagram of the system setup of the present invention;
FIG. 2 is a diagram illustrating an access authentication process according to the present invention;
FIG. 3 is a schematic diagram of a batch signature verification process of the present invention;
FIG. 4 is a flowchart of an EV initiating an access request to a CS in accordance with the present invention;
FIG. 5 is a flow chart of EV authentication CS of the present invention;
FIG. 6 is a flow chart of the present invention for CS authentication of EV and establishment of session key;
fig. 7 is a flowchart of the CS authentication session key of the present invention.
Detailed Description
The present invention will be described in further detail with reference to examples.
Example 1:
the invention relates to an access authentication method of an electric automobile, which comprises the following steps:
an initial registration process, namely system establishment, of an Electric Vehicle (EV) and a Charging Station (CS) in a Data Center (DC) is given, as shown in FIG. 1:
(1) the DC is a trusted third party, plays the role of a private key generation center and runs the identity aggregation signature
The initialization algorithm in the name is responsible for the management work of the private key:
DC generates system parameters params and master key msk;
DC secret saving msk;
DC publishes params and ID with its identity informationDCAnd (6) binding.
(2) The EV needs to perform initial registration with the data center, and the process is as follows:
EV submits self-identity information ID to DCEV;
DC check IDEVThe DC runs a private key generation algorithm in the identity aggregation signature to generate a private key PR for the EVEVAnd in the database with the IDEVBinding;
DC will PR over a secure channelEV,params,IDDCSending the information to the EV;
after EV receives, secret keeping PREV。
(3) Before being put into use, each charging station (embedded wireless access module) needs to initially register with the DC:
CS submitting self-identity information ID to DCCS;
DC check IDCSThe validity of the signature is determined by running a private key generation algorithm in the identity aggregation signature to generate a private key PR for the CSCSAnd in the database with the IDCSBinding;
DC runs the relevant function block (DES, AES, etc.) issuing a symmetric session key K for CSDC-CSFor ensuring data confidentiality;
DC will PR over a secure channelCS,params,IDDC,KDC-CSSending the data to the CS;
after CS receives, PR is secretly storedCSAnd KDC-CSLocally.
The CS periodically transmits broadcast information wirelessly to inform its identity and location information so that nearby EVs can know in advance, thereby enabling charging operations. Note that: the wireless technology is mature, there are many ways, such as RFID, etc., and the authentication process only considers the interaction process here, so the patent of the present invention is not limited to wireless.
Access authentication implementation flow
Based on the above system establishment results, the EV possesses private key PREVAnd use its identity IDEVAs a public key; CS is similar. When the EV receives a broadcast packet of the CS and needs to be charged, the CS and the EV must perform an access authentication procedure before access to charging, as shown in fig. 2:
(1) EV determines the existence of CS through its broadcast message, and initiates access request to CS, and the process
As shown in fig. 4:
EV choice random valueComputing exchange items
EV run signature Algorithm on messagesGenerating a signature σEV(wherein T is1A timestamp representing EV, | | represents a string connector);
EV sends request message to CS
(2) Upon request from the EV, the CS checks the validity of the EV and establishes a session key with it, as shown in fig. 6:
CS authentication IDCS,IDDCCorrectness;
CS verification T1Correctness, preventing replay attacks;
the CS performs a verification algorithm in the identity aggregation signature, verifying the EV signature σEVThe legitimacy of (c): 1 indicates success and 0 indicates failure;
CS selection of random valuesSetting exchange itemComputing session keysErasing r in a databaseCS;
CS running signature Algorithm in identity aggregation signature on messagesGenerating a signature σCS;
CS Transmission response informationAnd (5) feeding the EV.
(3) After receiving the response message, the EV performs the following operations, as shown in fig. 5:
EV testIf not, the access is refused, otherwise, the next step is continued;
the EV runs a verification algorithm in the execution of the identity aggregation signature, detecting the identity legitimacy of the CS: 1 succeeded, 0 failed;
EV compute session keyErasing r in a databaseEV;
EV use KEV-CSEncrypting messagesAn authentication code MAC is generated.
(4) The CS performs the following operations, as shown in fig. 7:
CS Generation of messagesUsing stored KEV-CSEncrypt AutM ', generate MAC';
CS compares MAC and MAC', checks the session key KEV-APThe correctness of (2): if the MAC is not equal to the MAC ', the EV access is refused, and if the MAC is equal to the MAC', the verification is passed, and the EV access is allowed;
the CS stores signature information of the EV as credential information for operations such as charging and accountability. Subsequent communication of simultaneous EV and CS will use KEV-CSEncryption is carried out, and confidentiality protection of sensitive data is achieved.
Batch signature verification mechanism
According to the access authentication procedure, if the CS receives n (n ≧ 2) differences within a certain small time interval Δ TAn access request of EV, the corresponding request message is For validity verification of these n EV signatures, the CS will perform batch verification, as shown in fig. 3:
(1) the CS determines the timeliness of these requests according to the timestamp: if | TCS-TiDelta T is less than or equal to | and less than or equal to 1 and less than or equal to n, the corresponding request has timeliness, otherwise, the request is determined as a replay attack, and the access of the related electric automobile is refused, wherein T is less than or equal toCSA timestamp for the charging station;
(2) CS checking ID in request messageCS,IDDCValidity, if the validity is illegal, the access of the related electric automobile is refused, otherwise, the next step is executed;
(3) based on the timeliness and the identity detection results (let n electric vehicles pass the above steps), the CS plays the role of an aggregated signature generator toRunning an aggregation algorithm for the input, generating an aggregated signature σagg;
(4) CS performs an aggregate verification algorithm, checking sigmaaggThe effectiveness of (2): if the verification passes, the n EVs will be authenticated successfully.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and those skilled in the art should understand that although the above embodiments are referred to: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is set forth in the claims below.