A kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper and system
Technical field
The present invention relates to a kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper and systems.
Background technique
In recent years, intelligent transportation system ITS (Intelligent Traffic System) has become future transportation
Developing direction.As Internet of Things in the extension of intelligent transport system field, car networking is the core composition portion of intelligent transportation system
Point.Car networking is by carrying out complete perception to road and traffic, and a wide range of, large capacity data pass between realizing multiple traffic systems
Defeated and interaction, supports the real-time control to road vehicle, to promote traffic safety and traffic efficiency.
But since the network of car networking is communicated by wireless channel, inevitably face many threats
And attack, such as: attacker injects information, modification or the pervious information of playback of false error etc. in car networking network system
Deng.For transmitting the car networking of information relevant with the privacies such as position, identity, these threaten and after attack will cause seriously
Fruit.
Communication in car networking between vehicle node uses DSRC (Dedicated Short Range
Communication) dedicated short-range communication standard (is based on DSRC traffic intersection referring to document [1] Wu Zhihong, Hu Lixing, Zhu Yuan
Car networking the wireless interconnected science and technology of research [J], 2015 (5): 39-42.).But in communication process, provider server
(Services Provider, SP) be not it is completely believable, the data so as to cause storage vehicle node beyond the clouds exist
Security risk.Such as: the data of vehicle node may be supplied to privately without vehicle node authorization by SP
Tripartite, third party knows the position of vehicle node and the daily routines range of vehicle node possibly also with data, to make
The behavior of vehicle node is endangered, such as: it kidnaps and betrays privacy information to advertising company etc..Therefore in this case, lead to
The privacy informations such as the sensitive data position to user, vehicle ID, user identity and trip habit are often needed to carry out encryption guarantor
Shield.
It is directed to the research of car networking safety problem at present, many scholars propose the solution of oneself.Document [2] Zhao
User anonymity identity authentication protocol [D] Xian Electronics Science and Technology University of the Jing based on k- assumed name set, 2014. propose that one kind is based on
The assumed name change programme of society's point and the anonymous password of anonymous analysis model and document [3] Huafei Zhu. Universal-Composability
Authentication key exchanges [J] .Science China Information Sciences, 2017,60 (5): 52109. and document [4]
Debiao He, Ding Wang, Qi Xie waits the anonymous switching in mobile wireless network with condition privacy protection function to recognize
Agreement [J] .Science China Information Sciences is demonstrate,proved, 2017,60 (5): 052104. anonymous authentication proposed
Key agreement protocol solves the protection of location privacy in vehicle driving, but program assumed name need to constantly change, and increase vehicle
Expense;Document [5] Duan Ran, Gu Chunxiang, Zhu Yuefei waits the full homomorphic cryptography system of efficient identity-based on .NTRU lattice
[J] communicates journal, and 2017 (1): 66-75. and document [6] Zhou Kai, Peng Changgen, Zhu Yijie waits based on Markov model
Homomorphic cryptography location privacy protection scheme [J] Networks and information security journal, 2017,3 (1) are hidden for identity in car networking
Private, data-privacy, the location privacy in location privacy three classes secret protection propose effective location privacy protection model, still
Corresponding solution is not proposed to the data-privacy being related in vehicle node communication;Document [7] Wu Libing, Xie Yong,
Message authentication scheme [J] of the space wave towards car networking highly effective and safe communicates journal, 2016,37 (11): 1-10. is directed to car networking
In secret protection and non repudiation authentication question propose the new frame based on common key cryptosystem and assumed name
ACPN, the non repudiation of vehicle identification, protects the privacy of identities of vehicle node user in effective solution car networking, but
It is that the frame lacks fine-grained access control, user does not have flexible access control right;Document [8] Pei Yu, Jing Tao, suddenly
Inflammation, waits message authentication scheme [J] Information and Communication Technology under car networking environment based on filter algorithm, and 2017 (1) are based on key
The technologies such as negotiation, symmetric cryptography, message authentication propose the car networking communication protocol and document [9] Wang Jingxin of a safety, king
Battle-axe used in ancient China, Geng Junwei, car networking security and privacy protection mechanism [J] the Tsinghua University journal (natural science for waiting to exchange based on anonymity
Version), 2012 (5): one kind that 592-597. is proposed is based on centralized architecture case, and the identity solved in car networking secret protection is hidden
Private and data-privacy, but without solving the problems, such as to prevent Content of Communication from being distorted by attacker in vehicle node communication process.
Summary of the invention
The invention proposes a kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper and system, mesh
Be, overcome the problems, such as that vehicle node Content of Communication in communication process is easy to be tampered in the prior art, be based on ciphertext plan
Slightly attribute base encrypts (Ciphertext Policy Attribute-Based Encryption, CP-ABE) mechanism, and transmission disappears
The vehicle node of breath independently formulates access strategy according to the attribute for the vehicle node for receiving message, and access strategy is deployed in ciphertext
In, when the vehicle node attribute of only received message meets could successful decryption, have very strong flexibility.
In the inventive solutions, the vehicle node for receiving request message is by the sender of plaintext encryption;
A kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper the following steps are included:
Step 1: being centrally generated the anti-tamper system public key of ciphertext, system master key and public ginseng using trusted authorization
Number;
Step 2: receiving the vehicle node of request message according to self attributes and formulate access strategy, by access strategy and pending
Message, system public key and the common parameter sent generates anti-tamper ciphertext jointly, and anti-tamper ciphertext and access strategy are stored
Into cloud server;
Step 3: self attributes are sent to trusted authorization center by the vehicle node for sending request message, and utilize itself
Attribute is matched with each access strategy, if successful match, trusted authorization centre junction collaboration system master key and public ginseng
Number generates the own private key for sending the vehicle node of request message, and otherwise, return step 2 waits next reception request message
Vehicle node;
Step 4: the vehicle node for sending request message is downloaded and the matched reception of self attributes from cloud server
The anti-tamper ciphertext of the vehicle node of request message carries out anti-tamper verifying to anti-tamper ciphertext, if anti-tamper ciphertext is not usurped
Change, then anti-tamper ciphertext is decrypted using the own private key for the vehicle node for sending request message, obtains to receive and request to disappear
The message that the vehicle node of breath is sent;Otherwise, the anti-tamper ciphertext of downloading is abandoned, is unable to complete decryption.
The secret protection in car networking is realized in processing through the above steps.
Further, the expression formula of the anti-tamper ciphertext is as follows:
Wherein, Ψ indicates that the vehicle node for receiving request message formulates access strategy according to self attributes;C1It indicates to receive
The vehicle node of request message utilizes bilinearity number e (g, g) to sent message plaintext mαλEncrypt obtained ciphertext;C2It indicates
One arbitrary cryptographic Hash;C3Indicate self attributes set S, the ciphertext C to the vehicle node for sending request message1And Hash
Value C2Carry out the result of Hash union operation;
Λ indicates the set of all nodes of access strategy tree Ψ, and γ indicates any one node of access strategy tree Ψ, qγ
(0) value of node γ is indicated, α and λ are random integers;H indicates any cryptographic Hash, and g indicates to generate member;Att (γ) indicates section
The attribute value of point γ, CγAnd C'γIndicate intermediate variable;H () indicates hash function.
Further, judge whether the anti-tamper ciphertext of downloading is tampered, detailed process is as follows:
Firstly, extracting H'=H (S, C according to the data storage location of agreement is corresponding from the anti-tamper ciphertext of downloading1,C2)、
h、C2And C3;
Secondly, verifying e (h, C3)=e (H', C2) it is whether true:
Wherein, e () indicates bilinear map handling function;
If e (h, H (S, C1,C2))λWith e (H (S, C1,C2),h)λIt is equal, indicate that the anti-tamper ciphertext of downloading is not tampered with,
Otherwise, the anti-tamper ciphertext of downloading may have been tampered with.
To the ciphertext being not tampered with, next step decryption work will be carried out, to the ciphertext for being possible to be tampered, then under not entering
The decryption work of one step.
The data of each section are stored in memory headroom according to the storage format of agreement in anti-tamper ciphertext, therefore, hair
Send the vehicle node of request message that can be clear that out of, the anti-tamper ciphertext downloaded in memory headroom each section data
Hold;
Further, judge whether the self attributes for sending the vehicle node of request message meet the anti-tamper ciphertext of downloading
In access strategy, and send vehicle node anti-tamper ciphertext is decrypted using own private key the process of request message
It is as follows:
For the arbitrary node x of Ψ in anti-tamper ciphertext access strategy, if the vehicle node itself for sending solicited message belongs to
Property set S is unsatisfactory for access strategy, then sends the vehicle node access control policy tree Tree of request messagex(S) null value is returned,
Otherwise, the nonempty set S comprising subset label is returnedx, then call decryption function DecryptNode (CT, SK, x) right
Each node on access strategy in anti-tamper ciphertext is decrypted;
If node x is leaf node, j=att (x), att (x) indicate the attribute of node x, and H (j) is G0The Hash of attribute
Value, enables H (j)=gη;
As j ∈ S, decrypting process are as follows:
WhenWhen, decrypting process are as follows: DecryptNode (CT, SK, x)=⊥;
If node x is n omicronn-leaf child node, the value of DecryptNode (CT, SK, x) is all child nodes to node x
The decryption return value F of zzCarry out Lagrange's interpolation operation acquisition, FzReturning of obtaining of decryption function is called for the child node z of node x
Return value;
The decryption return value for successively having traversed all nodes obtains the decryption return value F at root nodeR, at root node
Decryption return value and the ciphertext C that is extracted from anti-tamper ciphertext1Operation is decrypted, the clear-text message m sent.
A kind of car networking intimacy protection system that the ciphertext based on CP-ABE is anti-tamper, comprising:
System initialization module, for generating the public key, master key and common parameter of system;
Trusted authorization center, for oneself of the public key of storage system, master key and common parameter and data requester
Body private key;
Data sender's plaintext encrypting module, data sender formulates access strategy according to self attributes, by access strategy
Anti-tamper ciphertext is generated jointly with clear-text message to be sent, system public key and common parameter, and by anti-tamper ciphertext and visit
Ask policy store into cloud server;
Self attributes are sent to trusted authorization center, and benefit by data requester private key generation module, data requester
It is matched with self attributes with access strategy each in cloud server, after successful match, trusted authorization centre junction collaboration system
Master key and common parameter generate the own private key of data requester;
The anti-tamper verifying of ciphertext and deciphering module carry out anti-tamper verifying to anti-tamper ciphertext, if anti-tamper ciphertext not by
It distorts, then anti-tamper ciphertext is decrypted using the own private key for the vehicle node for sending request message, obtain and receive request
The message that the vehicle node of message is sent;Otherwise, the anti-tamper ciphertext of downloading is abandoned, is unable to complete decryption.
Reach secret protection using the matching of attribute and encrypted access strategy.
Further, the anti-tamper verification process is as follows:
Firstly, extracting H'=H (S, C according to the data storage location of agreement is corresponding from the anti-tamper ciphertext of downloading1,C2)、
h、C2And C3;
Secondly, verifying e (h, C3)=e (H', C2) it is whether true:
Wherein, e () indicates bilinear map handling function;
If e (h, H (S, C1,C2))λWith e (H (S, C1,C2),h)λIt is equal, indicate that the anti-tamper ciphertext of downloading is not tampered with,
Otherwise, the anti-tamper ciphertext of downloading may have been tampered with.
To the ciphertext being not tampered with, next step decryption work will be carried out, to the ciphertext for being possible to be tampered, then under not entering
The decryption work of one step.
Beneficial effect
The present invention provides a kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper and system, the party
Method proposes to encrypt (Ciphertext Policy Attribute-Based Encryption, CP- based on ciphertext policy ABE base
ABE) mechanism, the vehicle node for sending message can independently formulate access strategy according to the attribute for the vehicle node for receiving message,
Access strategy is deployed in ciphertext, when the vehicle node attribute of only received message meets could successful decryption, have very
Strong flexibility.Meanwhile the message sent in order to prevent is trapped and distorts, trusted authorization center hash function is by ciphertext and phase
It closes parameter and is mapped to a random number, message recipient first verifies message either with or without being tampered, if do not usurped when decryption
Change and decrypts message again.Too many complicated calculations are not introduced in scheme, scheme ensure that in car networking and communicate between vehicle node
It is safe while, improve between vehicle node the efficiency of interaction.
Detailed description of the invention
Fig. 1 is the flow diagram of the method for the invention;
Fig. 2 is the theory structure schematic diagram of system of the present invention.
Specific embodiment
Below in conjunction with drawings and examples, the present invention is described further.
As shown in Figure 1, a kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper the following steps are included:
Step 1: being centrally generated the anti-tamper system public key of ciphertext, system master key and public ginseng using trusted authorization
Number;
Trusted authorization center TA selects rank for prime number p, generates the Bilinear Groups that member is g.G0On bilinear map e:G0×
G0→G1, define hash function H:{ 0,1 }*→G0, the function can user property described in the character string by random length turn
Change Bilinear Groups G into0On random number.Randomly choose α, β ∈ Zp, generate system public key:
PK=(G0, g, h, h=gβ,e(g,g)α)
System master key:
MK=(β, gα)
Step 2: receiving the vehicle node of request message according to self attributes and formulate access strategy, by access strategy and pending
Message, system public key and the common parameter sent generates anti-tamper ciphertext jointly, and anti-tamper ciphertext and access strategy are stored
Into cloud server;
Local vehicle node OBU2, it may be assumed that informant, message m to be sent are uploaded to before server first
M is encrypted.OBU2 sets a group access control strategy, such as access strategy Ψ first, is with what authorized organization generated
System public key PK is encrypted together, generates ciphertext.
Wherein, there are leaf node and non-leaf nodes in access strategy, leaf node represents attribute, such as: hotel and room
Between price, parking lot and remaining vacancy etc.;And non-leaf nodes then represents threshold value.At this point, when ciphertext is sent to cloud by OBU
When end, a malicious attacker if it exists, he intercepts and captures the ciphertext C of OBU2 transmission1=me (g, g)αλAfterwards, although cannot decrypt close
Text, but he can distort ciphertext, ciphertext is changed to: C1=me (g, g)αλm1, and it is close after pretending to be OBU2 that will distort
Text is sent.When legal user OBU1 receives ciphertext, and after successful decryption ciphertext, the message of acquisition is exactly m', without
It is m, and OBU1 will be considered that m' is exactly message transmitted by OBU, in this way, malicious attacker just achievees the purpose that distort ciphertext
?.Therefore, OBU2 is by attribute set S and C1,C2It is mapped to a random number by hash function, final and ciphertext adds together
It is close to be sent to cloud.
The expression formula of the anti-tamper ciphertext is as follows:
Wherein, Ψ indicates that the vehicle node for receiving request message formulates access strategy according to self attributes;C1It indicates to receive
The vehicle node of request message utilizes bilinearity number e (g, g) to sent message plaintext mαλEncrypt obtained ciphertext;C2It indicates
One arbitrary cryptographic Hash;C3Indicate self attributes set S, the ciphertext C to the vehicle node for sending request message1And Hash
Value C2Carry out the result of Hash union operation;
Λ indicates the set of all nodes of access strategy tree Ψ, and γ indicates any one node of access strategy tree Ψ, qγ
(0) value of node γ is indicated, α and λ are random integers;H indicates any cryptographic Hash, and g indicates to generate member;Att (γ) indicates section
The attribute value of point γ, CγAnd C'γIndicate intermediate variable;H () indicates hash function.
Step 3: self attributes are sent to trusted authorization center by the vehicle node for sending request message, and utilize itself
Attribute is matched with each access strategy, if successful match, trusted authorization centre junction collaboration system master key and public ginseng
Number generates the own private key for sending the vehicle node of request message, and otherwise, return step 2 waits next reception request message
Vehicle node;
Suppose there is that OBU2 in OBU1 request car networking system grasped about vacancy of parking lots information.OBU1 will be certainly
The attribute set of body submits to trusted authorization center TA.TA goes the matching self-ordained access plan of OBU2 with the attribute set of OBU1
Slightly, when attribute meets the node in access strategy, it may be assumed that when successful match, trusted authorization center TA is close according to the master that oneself is saved
Key MK and system public key PK are calculated, and the private key SK of OBU1 is ultimately generated, and are sent to OBU1.Wherein, private key is by asking
The vehicle node oneself of private key is asked to take care of.
It is input with the attribute set S of user, master key MK, system public key PK, then selects random number ru ∈ for OBU1
ZpS is represented,Select random number rui∈Zp, ultimately produce the private key of OBU1 are as follows:
Step 4: the vehicle node for sending request message is downloaded and the matched reception of self attributes from cloud server
The anti-tamper ciphertext of the vehicle node of request message carries out anti-tamper verifying to anti-tamper ciphertext, if anti-tamper ciphertext is not usurped
Change, then anti-tamper ciphertext is decrypted using the own private key for the vehicle node for sending request message, obtains to receive and request to disappear
The message that the vehicle node of breath is sent;Otherwise, the anti-tamper ciphertext of downloading is abandoned, is unable to complete decryption;To realize that vehicle joins
Secret protection in net.
When OBU1 requests access to message, the anti-tamper ciphertext CT that SP is uploaded after encrypting OBU2 is sent to OBU1, when and
Only when the attribute of OBU1 meets the access strategy on TA, the private key generated before OBU1 ability use correctly solves it
It is close.
Judge whether the anti-tamper ciphertext of downloading is tampered, detailed process is as follows:
Firstly, extracting H'=H (S, C according to the data storage location of agreement is corresponding from the anti-tamper ciphertext of downloading1,C2)、
h、C2And C3;
Secondly, verifying e (h, C3)=e (H', C2) it is whether true:
Wherein, e () indicates bilinear map handling function;
If e (h, H (S, C1,C2))λWith e (H (S, C1,C2),h)λIt is equal, indicate that the anti-tamper ciphertext of downloading is not tampered with,
Otherwise, the anti-tamper ciphertext of downloading has been tampered with.
The data of each section are stored in memory headroom according to the storage format of agreement in anti-tamper ciphertext, therefore, hair
Send the vehicle node of request message that can be clear that out of, the anti-tamper ciphertext downloaded in memory headroom each section data
Hold;
Judge whether the self attributes for sending the vehicle node of request message meet the access in the anti-tamper ciphertext of downloading
Strategy, and send request message vehicle node anti-tamper ciphertext is decrypted using own private key process it is as follows:
For the arbitrary node x of Ψ in anti-tamper ciphertext access strategy, if the vehicle node itself for sending solicited message belongs to
Property set S is unsatisfactory for access strategy, then sends the vehicle node access control policy tree Tree of request messagex(S) null value is returned,
Otherwise, the nonempty set S comprising subset label is returnedx, then call decryption function DecryptNode (CT, SK, x) right
Each node on access strategy in anti-tamper ciphertext is decrypted;
If node x is leaf node, j=att (x), att (x) indicate the attribute of node x, and H (j) is G0On element, enable
H (j)=gη;
As j ∈ S, decrypting process are as follows:
WhenWhen, decrypting process are as follows: DecryptNode (CT, SK, x)=⊥;
If node x is n omicronn-leaf child node, the value of DecryptNode (CT, SK, x) is all child nodes to node x
The decryption return value F of zzCarry out Lagrange's interpolation operation acquisition, FzReturning of obtaining of decryption function is called for the child node z of node x
Return value;
The decryption return value for successively having traversed all nodes obtains the decryption return value F at root nodeR, at root node
Decryption return value and the ciphertext C that is extracted from anti-tamper ciphertext1Operation is decrypted, the clear-text message m sent.
As shown in Fig. 2, a kind of car networking intimacy protection system that the ciphertext based on CP-ABE is anti-tamper, comprising:
System initialization module, for generating the public key, master key and common parameter of system;
Trusted authorization center, for oneself of the public key of storage system, master key and common parameter and data requester
Body private key;
Data sender's plaintext encrypting module, data sender formulates access strategy according to self attributes, by access strategy
Anti-tamper ciphertext is generated jointly with clear-text message to be sent, system public key and common parameter, and by anti-tamper ciphertext and visit
Ask policy store into cloud server;
Self attributes are sent to trusted authorization center, and benefit by data requester private key generation module, data requester
It is matched with self attributes with access strategy each in cloud server, after successful match, trusted authorization centre junction collaboration system
Master key and common parameter generate the own private key of data requester;
The anti-tamper verifying of ciphertext and deciphering module carry out anti-tamper verifying to anti-tamper ciphertext, if anti-tamper ciphertext not by
It distorts, then anti-tamper ciphertext is decrypted using the own private key for the vehicle node for sending request message, obtain and receive request
The message that the vehicle node of message is sent;Otherwise, the anti-tamper ciphertext of downloading is abandoned, is unable to complete decryption;Realize car networking
In secret protection.
In this paper scheme, it is stored on SP after message encryption, thus ensure that the safety of message, the vehicle section in scheme
Point OBU2 formulates access control policy and by message encryption, and anti-tamper ciphertext CT is uploaded to cloud, either SP itself still
Illegal OBU can not decrypt encrypted message by any approach, thus can not obtain OBU2 location information or its
His any relevant information.Due to using CP-ABE mechanism proposed by the present invention, in communication process, even if it is internal occur it is illegal
OBU or other attackers can not be decrypted if it is unable to satisfy access control policy, i.e., can not obtain message in plain text.
This programme uses CP-ABE mechanism, is provided with access control right, only meets the vehicle node of attribute specification
OBU can access anti-tamper ciphertext.
It can be seen from the above, carrying out encrypted anti-tamper ciphertext form to message m are as follows:
Wherein, H'=H (S, C are enabled1,C2).From ciphertext form it is found that the ciphertext being not tampered with is necessarily satisfying for following relationship:
e(h,C3)=e (H', C2).C in ciphertext1,C2All may forge successfully, but due to attacker do not know in advance encipherer with
Machine choose λ, cannot puppet produce C3.In conclusion decryption person can centainly examine if attacker distorts m
Feel and refuse to decrypt, resists ciphertext Tampering attack to just can reach.
The above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof, although referring to above-described embodiment pair
The present invention is described in detail, it should be understood by those ordinary skilled in the art that: still can be to of the invention specific
Embodiment is modified or replaced equivalently, and without departing from any modification of spirit and scope of the invention or equivalent replacement,
It is intended to be within the scope of the claims of the invention.