CN107070652B - A kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper and system - Google Patents
A kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper and system Download PDFInfo
- Publication number
- CN107070652B CN107070652B CN201710269494.7A CN201710269494A CN107070652B CN 107070652 B CN107070652 B CN 107070652B CN 201710269494 A CN201710269494 A CN 201710269494A CN 107070652 B CN107070652 B CN 107070652B
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- tamper
- node
- message
- vehicle node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000006855 networking Effects 0.000 title claims abstract description 34
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000008569 process Effects 0.000 claims description 14
- 230000006854 communication Effects 0.000 claims description 13
- 238000013475 authorization Methods 0.000 claims description 10
- 238000004891 communication Methods 0.000 claims description 9
- 238000013500 data storage Methods 0.000 claims description 5
- 230000008901 benefit Effects 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 claims description 2
- 238000012795 verification Methods 0.000 claims description 2
- 238000011161 development Methods 0.000 claims 1
- 230000007246 mechanism Effects 0.000 abstract description 6
- 230000003993 interaction Effects 0.000 abstract description 3
- 238000004364 calculation method Methods 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 14
- 230000008859 change Effects 0.000 description 6
- 241000208340 Araliaceae Species 0.000 description 4
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 4
- 235000003140 Panax quinquefolius Nutrition 0.000 description 4
- 235000008434 ginseng Nutrition 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 206010061218 Inflammation Diseases 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 230000004054 inflammatory process Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
Abstract
The invention discloses a kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper and systems; this method proposes to be based on ciphertext policy ABE base encryption mechanism; the vehicle node for sending message can independently formulate access strategy according to the attribute for the vehicle node for receiving message; access strategy is deployed in ciphertext; the vehicle node attribute of only received message when meet could successful decryption, there is very strong flexibility.Meanwhile the message sent in order to prevent is trapped and distorts, ciphertext and relevant parameter are mapped to a random number with hash function by trusted authorization center, and message recipient first verifies message either with or without being tampered when decryption, decrypts message again if be not tampered.Do not introduce too many complicated calculations in scheme, scheme ensure that communicated between vehicle node in car networking it is safe while, improve the efficiency of interaction between vehicle node.
Description
Technical field
The present invention relates to a kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper and systems.
Background technique
In recent years, intelligent transportation system ITS (Intelligent Traffic System) has become future transportation
Developing direction.As Internet of Things in the extension of intelligent transport system field, car networking is the core composition portion of intelligent transportation system
Point.Car networking is by carrying out complete perception to road and traffic, and a wide range of, large capacity data pass between realizing multiple traffic systems
Defeated and interaction, supports the real-time control to road vehicle, to promote traffic safety and traffic efficiency.
But since the network of car networking is communicated by wireless channel, inevitably face many threats
And attack, such as: attacker injects information, modification or the pervious information of playback of false error etc. in car networking network system
Deng.For transmitting the car networking of information relevant with the privacies such as position, identity, these threaten and after attack will cause seriously
Fruit.
Communication in car networking between vehicle node uses DSRC (Dedicated Short Range
Communication) dedicated short-range communication standard (is based on DSRC traffic intersection referring to document [1] Wu Zhihong, Hu Lixing, Zhu Yuan
Car networking the wireless interconnected science and technology of research [J], 2015 (5): 39-42.).But in communication process, provider server
(Services Provider, SP) be not it is completely believable, the data so as to cause storage vehicle node beyond the clouds exist
Security risk.Such as: the data of vehicle node may be supplied to privately without vehicle node authorization by SP
Tripartite, third party knows the position of vehicle node and the daily routines range of vehicle node possibly also with data, to make
The behavior of vehicle node is endangered, such as: it kidnaps and betrays privacy information to advertising company etc..Therefore in this case, lead to
The privacy informations such as the sensitive data position to user, vehicle ID, user identity and trip habit are often needed to carry out encryption guarantor
Shield.
It is directed to the research of car networking safety problem at present, many scholars propose the solution of oneself.Document [2] Zhao
User anonymity identity authentication protocol [D] Xian Electronics Science and Technology University of the Jing based on k- assumed name set, 2014. propose that one kind is based on
The assumed name change programme of society's point and the anonymous password of anonymous analysis model and document [3] Huafei Zhu. Universal-Composability
Authentication key exchanges [J] .Science China Information Sciences, 2017,60 (5): 52109. and document [4]
Debiao He, Ding Wang, Qi Xie waits the anonymous switching in mobile wireless network with condition privacy protection function to recognize
Agreement [J] .Science China Information Sciences is demonstrate,proved, 2017,60 (5): 052104. anonymous authentication proposed
Key agreement protocol solves the protection of location privacy in vehicle driving, but program assumed name need to constantly change, and increase vehicle
Expense;Document [5] Duan Ran, Gu Chunxiang, Zhu Yuefei waits the full homomorphic cryptography system of efficient identity-based on .NTRU lattice
[J] communicates journal, and 2017 (1): 66-75. and document [6] Zhou Kai, Peng Changgen, Zhu Yijie waits based on Markov model
Homomorphic cryptography location privacy protection scheme [J] Networks and information security journal, 2017,3 (1) are hidden for identity in car networking
Private, data-privacy, the location privacy in location privacy three classes secret protection propose effective location privacy protection model, still
Corresponding solution is not proposed to the data-privacy being related in vehicle node communication;Document [7] Wu Libing, Xie Yong,
Message authentication scheme [J] of the space wave towards car networking highly effective and safe communicates journal, 2016,37 (11): 1-10. is directed to car networking
In secret protection and non repudiation authentication question propose the new frame based on common key cryptosystem and assumed name
ACPN, the non repudiation of vehicle identification, protects the privacy of identities of vehicle node user in effective solution car networking, but
It is that the frame lacks fine-grained access control, user does not have flexible access control right;Document [8] Pei Yu, Jing Tao, suddenly
Inflammation, waits message authentication scheme [J] Information and Communication Technology under car networking environment based on filter algorithm, and 2017 (1) are based on key
The technologies such as negotiation, symmetric cryptography, message authentication propose the car networking communication protocol and document [9] Wang Jingxin of a safety, king
Battle-axe used in ancient China, Geng Junwei, car networking security and privacy protection mechanism [J] the Tsinghua University journal (natural science for waiting to exchange based on anonymity
Version), 2012 (5): one kind that 592-597. is proposed is based on centralized architecture case, and the identity solved in car networking secret protection is hidden
Private and data-privacy, but without solving the problems, such as to prevent Content of Communication from being distorted by attacker in vehicle node communication process.
Summary of the invention
The invention proposes a kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper and system, mesh
Be, overcome the problems, such as that vehicle node Content of Communication in communication process is easy to be tampered in the prior art, be based on ciphertext plan
Slightly attribute base encrypts (Ciphertext Policy Attribute-Based Encryption, CP-ABE) mechanism, and transmission disappears
The vehicle node of breath independently formulates access strategy according to the attribute for the vehicle node for receiving message, and access strategy is deployed in ciphertext
In, when the vehicle node attribute of only received message meets could successful decryption, have very strong flexibility.
In the inventive solutions, the vehicle node for receiving request message is by the sender of plaintext encryption;
A kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper the following steps are included:
Step 1: being centrally generated the anti-tamper system public key of ciphertext, system master key and public ginseng using trusted authorization
Number;
Step 2: receiving the vehicle node of request message according to self attributes and formulate access strategy, by access strategy and pending
Message, system public key and the common parameter sent generates anti-tamper ciphertext jointly, and anti-tamper ciphertext and access strategy are stored
Into cloud server;
Step 3: self attributes are sent to trusted authorization center by the vehicle node for sending request message, and utilize itself
Attribute is matched with each access strategy, if successful match, trusted authorization centre junction collaboration system master key and public ginseng
Number generates the own private key for sending the vehicle node of request message, and otherwise, return step 2 waits next reception request message
Vehicle node;
Step 4: the vehicle node for sending request message is downloaded and the matched reception of self attributes from cloud server
The anti-tamper ciphertext of the vehicle node of request message carries out anti-tamper verifying to anti-tamper ciphertext, if anti-tamper ciphertext is not usurped
Change, then anti-tamper ciphertext is decrypted using the own private key for the vehicle node for sending request message, obtains to receive and request to disappear
The message that the vehicle node of breath is sent;Otherwise, the anti-tamper ciphertext of downloading is abandoned, is unable to complete decryption.
The secret protection in car networking is realized in processing through the above steps.
Further, the expression formula of the anti-tamper ciphertext is as follows:
Wherein, Ψ indicates that the vehicle node for receiving request message formulates access strategy according to self attributes;C1It indicates to receive
The vehicle node of request message utilizes bilinearity number e (g, g) to sent message plaintext mαλEncrypt obtained ciphertext;C2It indicates
One arbitrary cryptographic Hash;C3Indicate self attributes set S, the ciphertext C to the vehicle node for sending request message1And Hash
Value C2Carry out the result of Hash union operation;
Λ indicates the set of all nodes of access strategy tree Ψ, and γ indicates any one node of access strategy tree Ψ, qγ
(0) value of node γ is indicated, α and λ are random integers;H indicates any cryptographic Hash, and g indicates to generate member;Att (γ) indicates section
The attribute value of point γ, CγAnd C'γIndicate intermediate variable;H () indicates hash function.
Further, judge whether the anti-tamper ciphertext of downloading is tampered, detailed process is as follows:
Firstly, extracting H'=H (S, C according to the data storage location of agreement is corresponding from the anti-tamper ciphertext of downloading1,C2)、
h、C2And C3;
Secondly, verifying e (h, C3)=e (H', C2) it is whether true:
Wherein, e () indicates bilinear map handling function;
If e (h, H (S, C1,C2))λWith e (H (S, C1,C2),h)λIt is equal, indicate that the anti-tamper ciphertext of downloading is not tampered with,
Otherwise, the anti-tamper ciphertext of downloading may have been tampered with.
To the ciphertext being not tampered with, next step decryption work will be carried out, to the ciphertext for being possible to be tampered, then under not entering
The decryption work of one step.
The data of each section are stored in memory headroom according to the storage format of agreement in anti-tamper ciphertext, therefore, hair
Send the vehicle node of request message that can be clear that out of, the anti-tamper ciphertext downloaded in memory headroom each section data
Hold;
Further, judge whether the self attributes for sending the vehicle node of request message meet the anti-tamper ciphertext of downloading
In access strategy, and send vehicle node anti-tamper ciphertext is decrypted using own private key the process of request message
It is as follows:
For the arbitrary node x of Ψ in anti-tamper ciphertext access strategy, if the vehicle node itself for sending solicited message belongs to
Property set S is unsatisfactory for access strategy, then sends the vehicle node access control policy tree Tree of request messagex(S) null value is returned,
Otherwise, the nonempty set S comprising subset label is returnedx, then call decryption function DecryptNode (CT, SK, x) right
Each node on access strategy in anti-tamper ciphertext is decrypted;
If node x is leaf node, j=att (x), att (x) indicate the attribute of node x, and H (j) is G0The Hash of attribute
Value, enables H (j)=gη;
As j ∈ S, decrypting process are as follows:
WhenWhen, decrypting process are as follows: DecryptNode (CT, SK, x)=⊥;
If node x is n omicronn-leaf child node, the value of DecryptNode (CT, SK, x) is all child nodes to node x
The decryption return value F of zzCarry out Lagrange's interpolation operation acquisition, FzReturning of obtaining of decryption function is called for the child node z of node x
Return value;
The decryption return value for successively having traversed all nodes obtains the decryption return value F at root nodeR, at root node
Decryption return value and the ciphertext C that is extracted from anti-tamper ciphertext1Operation is decrypted, the clear-text message m sent.
A kind of car networking intimacy protection system that the ciphertext based on CP-ABE is anti-tamper, comprising:
System initialization module, for generating the public key, master key and common parameter of system;
Trusted authorization center, for oneself of the public key of storage system, master key and common parameter and data requester
Body private key;
Data sender's plaintext encrypting module, data sender formulates access strategy according to self attributes, by access strategy
Anti-tamper ciphertext is generated jointly with clear-text message to be sent, system public key and common parameter, and by anti-tamper ciphertext and visit
Ask policy store into cloud server;
Self attributes are sent to trusted authorization center, and benefit by data requester private key generation module, data requester
It is matched with self attributes with access strategy each in cloud server, after successful match, trusted authorization centre junction collaboration system
Master key and common parameter generate the own private key of data requester;
The anti-tamper verifying of ciphertext and deciphering module carry out anti-tamper verifying to anti-tamper ciphertext, if anti-tamper ciphertext not by
It distorts, then anti-tamper ciphertext is decrypted using the own private key for the vehicle node for sending request message, obtain and receive request
The message that the vehicle node of message is sent;Otherwise, the anti-tamper ciphertext of downloading is abandoned, is unable to complete decryption.
Reach secret protection using the matching of attribute and encrypted access strategy.
Further, the anti-tamper verification process is as follows:
Firstly, extracting H'=H (S, C according to the data storage location of agreement is corresponding from the anti-tamper ciphertext of downloading1,C2)、
h、C2And C3;
Secondly, verifying e (h, C3)=e (H', C2) it is whether true:
Wherein, e () indicates bilinear map handling function;
If e (h, H (S, C1,C2))λWith e (H (S, C1,C2),h)λIt is equal, indicate that the anti-tamper ciphertext of downloading is not tampered with,
Otherwise, the anti-tamper ciphertext of downloading may have been tampered with.
To the ciphertext being not tampered with, next step decryption work will be carried out, to the ciphertext for being possible to be tampered, then under not entering
The decryption work of one step.
Beneficial effect
The present invention provides a kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper and system, the party
Method proposes to encrypt (Ciphertext Policy Attribute-Based Encryption, CP- based on ciphertext policy ABE base
ABE) mechanism, the vehicle node for sending message can independently formulate access strategy according to the attribute for the vehicle node for receiving message,
Access strategy is deployed in ciphertext, when the vehicle node attribute of only received message meets could successful decryption, have very
Strong flexibility.Meanwhile the message sent in order to prevent is trapped and distorts, trusted authorization center hash function is by ciphertext and phase
It closes parameter and is mapped to a random number, message recipient first verifies message either with or without being tampered, if do not usurped when decryption
Change and decrypts message again.Too many complicated calculations are not introduced in scheme, scheme ensure that in car networking and communicate between vehicle node
It is safe while, improve between vehicle node the efficiency of interaction.
Detailed description of the invention
Fig. 1 is the flow diagram of the method for the invention;
Fig. 2 is the theory structure schematic diagram of system of the present invention.
Specific embodiment
Below in conjunction with drawings and examples, the present invention is described further.
As shown in Figure 1, a kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper the following steps are included:
Step 1: being centrally generated the anti-tamper system public key of ciphertext, system master key and public ginseng using trusted authorization
Number;
Trusted authorization center TA selects rank for prime number p, generates the Bilinear Groups that member is g.G0On bilinear map e:G0×
G0→G1, define hash function H:{ 0,1 }*→G0, the function can user property described in the character string by random length turn
Change Bilinear Groups G into0On random number.Randomly choose α, β ∈ Zp, generate system public key:
PK=(G0, g, h, h=gβ,e(g,g)α)
System master key:
MK=(β, gα)
Step 2: receiving the vehicle node of request message according to self attributes and formulate access strategy, by access strategy and pending
Message, system public key and the common parameter sent generates anti-tamper ciphertext jointly, and anti-tamper ciphertext and access strategy are stored
Into cloud server;
Local vehicle node OBU2, it may be assumed that informant, message m to be sent are uploaded to before server first
M is encrypted.OBU2 sets a group access control strategy, such as access strategy Ψ first, is with what authorized organization generated
System public key PK is encrypted together, generates ciphertext.
Wherein, there are leaf node and non-leaf nodes in access strategy, leaf node represents attribute, such as: hotel and room
Between price, parking lot and remaining vacancy etc.;And non-leaf nodes then represents threshold value.At this point, when ciphertext is sent to cloud by OBU
When end, a malicious attacker if it exists, he intercepts and captures the ciphertext C of OBU2 transmission1=me (g, g)αλAfterwards, although cannot decrypt close
Text, but he can distort ciphertext, ciphertext is changed to: C1=me (g, g)αλm1, and it is close after pretending to be OBU2 that will distort
Text is sent.When legal user OBU1 receives ciphertext, and after successful decryption ciphertext, the message of acquisition is exactly m', without
It is m, and OBU1 will be considered that m' is exactly message transmitted by OBU, in this way, malicious attacker just achievees the purpose that distort ciphertext
?.Therefore, OBU2 is by attribute set S and C1,C2It is mapped to a random number by hash function, final and ciphertext adds together
It is close to be sent to cloud.
The expression formula of the anti-tamper ciphertext is as follows:
Wherein, Ψ indicates that the vehicle node for receiving request message formulates access strategy according to self attributes;C1It indicates to receive
The vehicle node of request message utilizes bilinearity number e (g, g) to sent message plaintext mαλEncrypt obtained ciphertext;C2It indicates
One arbitrary cryptographic Hash;C3Indicate self attributes set S, the ciphertext C to the vehicle node for sending request message1And Hash
Value C2Carry out the result of Hash union operation;
Λ indicates the set of all nodes of access strategy tree Ψ, and γ indicates any one node of access strategy tree Ψ, qγ
(0) value of node γ is indicated, α and λ are random integers;H indicates any cryptographic Hash, and g indicates to generate member;Att (γ) indicates section
The attribute value of point γ, CγAnd C'γIndicate intermediate variable;H () indicates hash function.
Step 3: self attributes are sent to trusted authorization center by the vehicle node for sending request message, and utilize itself
Attribute is matched with each access strategy, if successful match, trusted authorization centre junction collaboration system master key and public ginseng
Number generates the own private key for sending the vehicle node of request message, and otherwise, return step 2 waits next reception request message
Vehicle node;
Suppose there is that OBU2 in OBU1 request car networking system grasped about vacancy of parking lots information.OBU1 will be certainly
The attribute set of body submits to trusted authorization center TA.TA goes the matching self-ordained access plan of OBU2 with the attribute set of OBU1
Slightly, when attribute meets the node in access strategy, it may be assumed that when successful match, trusted authorization center TA is close according to the master that oneself is saved
Key MK and system public key PK are calculated, and the private key SK of OBU1 is ultimately generated, and are sent to OBU1.Wherein, private key is by asking
The vehicle node oneself of private key is asked to take care of.
It is input with the attribute set S of user, master key MK, system public key PK, then selects random number ru ∈ for OBU1
ZpS is represented,Select random number rui∈Zp, ultimately produce the private key of OBU1 are as follows:
Step 4: the vehicle node for sending request message is downloaded and the matched reception of self attributes from cloud server
The anti-tamper ciphertext of the vehicle node of request message carries out anti-tamper verifying to anti-tamper ciphertext, if anti-tamper ciphertext is not usurped
Change, then anti-tamper ciphertext is decrypted using the own private key for the vehicle node for sending request message, obtains to receive and request to disappear
The message that the vehicle node of breath is sent;Otherwise, the anti-tamper ciphertext of downloading is abandoned, is unable to complete decryption;To realize that vehicle joins
Secret protection in net.
When OBU1 requests access to message, the anti-tamper ciphertext CT that SP is uploaded after encrypting OBU2 is sent to OBU1, when and
Only when the attribute of OBU1 meets the access strategy on TA, the private key generated before OBU1 ability use correctly solves it
It is close.
Judge whether the anti-tamper ciphertext of downloading is tampered, detailed process is as follows:
Firstly, extracting H'=H (S, C according to the data storage location of agreement is corresponding from the anti-tamper ciphertext of downloading1,C2)、
h、C2And C3;
Secondly, verifying e (h, C3)=e (H', C2) it is whether true:
Wherein, e () indicates bilinear map handling function;
If e (h, H (S, C1,C2))λWith e (H (S, C1,C2),h)λIt is equal, indicate that the anti-tamper ciphertext of downloading is not tampered with,
Otherwise, the anti-tamper ciphertext of downloading has been tampered with.
The data of each section are stored in memory headroom according to the storage format of agreement in anti-tamper ciphertext, therefore, hair
Send the vehicle node of request message that can be clear that out of, the anti-tamper ciphertext downloaded in memory headroom each section data
Hold;
Judge whether the self attributes for sending the vehicle node of request message meet the access in the anti-tamper ciphertext of downloading
Strategy, and send request message vehicle node anti-tamper ciphertext is decrypted using own private key process it is as follows:
For the arbitrary node x of Ψ in anti-tamper ciphertext access strategy, if the vehicle node itself for sending solicited message belongs to
Property set S is unsatisfactory for access strategy, then sends the vehicle node access control policy tree Tree of request messagex(S) null value is returned,
Otherwise, the nonempty set S comprising subset label is returnedx, then call decryption function DecryptNode (CT, SK, x) right
Each node on access strategy in anti-tamper ciphertext is decrypted;
If node x is leaf node, j=att (x), att (x) indicate the attribute of node x, and H (j) is G0On element, enable
H (j)=gη;
As j ∈ S, decrypting process are as follows:
WhenWhen, decrypting process are as follows: DecryptNode (CT, SK, x)=⊥;
If node x is n omicronn-leaf child node, the value of DecryptNode (CT, SK, x) is all child nodes to node x
The decryption return value F of zzCarry out Lagrange's interpolation operation acquisition, FzReturning of obtaining of decryption function is called for the child node z of node x
Return value;
The decryption return value for successively having traversed all nodes obtains the decryption return value F at root nodeR, at root node
Decryption return value and the ciphertext C that is extracted from anti-tamper ciphertext1Operation is decrypted, the clear-text message m sent.
As shown in Fig. 2, a kind of car networking intimacy protection system that the ciphertext based on CP-ABE is anti-tamper, comprising:
System initialization module, for generating the public key, master key and common parameter of system;
Trusted authorization center, for oneself of the public key of storage system, master key and common parameter and data requester
Body private key;
Data sender's plaintext encrypting module, data sender formulates access strategy according to self attributes, by access strategy
Anti-tamper ciphertext is generated jointly with clear-text message to be sent, system public key and common parameter, and by anti-tamper ciphertext and visit
Ask policy store into cloud server;
Self attributes are sent to trusted authorization center, and benefit by data requester private key generation module, data requester
It is matched with self attributes with access strategy each in cloud server, after successful match, trusted authorization centre junction collaboration system
Master key and common parameter generate the own private key of data requester;
The anti-tamper verifying of ciphertext and deciphering module carry out anti-tamper verifying to anti-tamper ciphertext, if anti-tamper ciphertext not by
It distorts, then anti-tamper ciphertext is decrypted using the own private key for the vehicle node for sending request message, obtain and receive request
The message that the vehicle node of message is sent;Otherwise, the anti-tamper ciphertext of downloading is abandoned, is unable to complete decryption;Realize car networking
In secret protection.
In this paper scheme, it is stored on SP after message encryption, thus ensure that the safety of message, the vehicle section in scheme
Point OBU2 formulates access control policy and by message encryption, and anti-tamper ciphertext CT is uploaded to cloud, either SP itself still
Illegal OBU can not decrypt encrypted message by any approach, thus can not obtain OBU2 location information or its
His any relevant information.Due to using CP-ABE mechanism proposed by the present invention, in communication process, even if it is internal occur it is illegal
OBU or other attackers can not be decrypted if it is unable to satisfy access control policy, i.e., can not obtain message in plain text.
This programme uses CP-ABE mechanism, is provided with access control right, only meets the vehicle node of attribute specification
OBU can access anti-tamper ciphertext.
It can be seen from the above, carrying out encrypted anti-tamper ciphertext form to message m are as follows:
Wherein, H'=H (S, C are enabled1,C2).From ciphertext form it is found that the ciphertext being not tampered with is necessarily satisfying for following relationship:
e(h,C3)=e (H', C2).C in ciphertext1,C2All may forge successfully, but due to attacker do not know in advance encipherer with
Machine choose λ, cannot puppet produce C3.In conclusion decryption person can centainly examine if attacker distorts m
Feel and refuse to decrypt, resists ciphertext Tampering attack to just can reach.
The above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof, although referring to above-described embodiment pair
The present invention is described in detail, it should be understood by those ordinary skilled in the art that: still can be to of the invention specific
Embodiment is modified or replaced equivalently, and without departing from any modification of spirit and scope of the invention or equivalent replacement,
It is intended to be within the scope of the claims of the invention.
Claims (4)
1. a kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper, which comprises the following steps:
Step 1: being centrally generated the anti-tamper system public key of ciphertext, system master key and common parameter using trusted authorization;
Step 2: receiving the vehicle node of request message according to self attributes and formulate access strategy, by access strategy and to be sent
Message, system public key and common parameter generate anti-tamper ciphertext jointly, and anti-tamper ciphertext and access strategy are stored to cloud
It holds in server;
Step 3: self attributes are sent to trusted authorization center by the vehicle node for sending request message, and utilize self attributes
It is matched with each access strategy, if successful match, trusted authorization centre junction collaboration system master key and common parameter are raw
At the own private key for the vehicle node for sending request message, otherwise, return step 2 waits next vehicle for receiving request message
Node;
Step 4: the vehicle node for sending request message is downloaded from cloud server requests with the matched reception of self attributes
The anti-tamper ciphertext of the vehicle node of message carries out anti-tamper verifying to anti-tamper ciphertext, if anti-tamper ciphertext is not tampered with,
Anti-tamper ciphertext is decrypted using the own private key for the vehicle node for sending request message, obtains the vehicle for receiving request message
The message that node is sent;Otherwise, the anti-tamper ciphertext of downloading is abandoned, is unable to complete decryption;
The expression formula of the anti-tamper ciphertext is as follows:
Wherein, Ψ indicates that the vehicle node for receiving request message formulates access strategy according to self attributes;C1Indicate that receiving request disappears
The vehicle node of breath utilizes bilinearity number e (g, g) to sent message plaintext mαλEncrypt obtained ciphertext;C2Indicate that one is appointed
The cryptographic Hash of meaning;C3Indicate self attributes set S, the ciphertext C to the vehicle node for sending request message1And cryptographic Hash C2Into
The result of row Hash union operation;
Λ indicates the set of all nodes of access strategy tree Ψ, and γ indicates any one node of access strategy tree Ψ, qγ(0) table
Show the value of node γ, α and λ are random integers;H indicates any cryptographic Hash, and g indicates to generate member;Att (γ) indicates node γ's
Attribute value, CγAnd C'γIndicate intermediate variable;H () indicates hash function.
2. the method according to claim 1, wherein sentencing to whether the anti-tamper ciphertext of downloading is tampered
Disconnected, detailed process is as follows:
Firstly, extracting H'=H (S, C according to the data storage location of agreement is corresponding from the anti-tamper ciphertext of downloading1,C2)、h、C2
And C3;
Secondly, verifying e (h, C3)=e (H', C2) it is whether true:
Wherein, e () indicates bilinear map handling function;
If e (h, H (S, C1,C2))λWith e (H (S, C1,C2),h)λIt is equal, indicate that the anti-tamper ciphertext of downloading is not tampered with, otherwise,
The anti-tamper ciphertext of downloading has been tampered with.
3. according to the method described in claim 2, it is characterized in that, judgement sends the self attributes of the vehicle node of request message
Whether satisfaction downloading anti-tamper ciphertext in access strategy, and send request message vehicle node utilize own private key pair
The process that anti-tamper ciphertext is decrypted is as follows:
For the arbitrary node x of Ψ in anti-tamper ciphertext access strategy, if sending the vehicle node self attributes collection of solicited message
It closes S and is unsatisfactory for access strategy, then send the vehicle node access control policy tree Tree of request messagex(S) null value is returned, it is no
Then, the nonempty set S comprising subset label is returnedx, then call decryption function DecryptNode (CT, SK, x) to anti-
The each node distorted on the access strategy in ciphertext is decrypted;
If node x is leaf node, j=att (x), att (x) indicate the attribute of node x, and H (j) is G0On a certain attribute Kazakhstan
Uncommon value, enables H (j)=gη;G0Indicate Bilinear Groups;
As j ∈ S, decrypting process are as follows:
WhenWhen, decrypting process are as follows: DecryptNode (CT, SK, x)=⊥;
If node x is n omicronn-leaf child node, the value of DecryptNode (CT, SK, x) is to all child node z's of node x
Decrypt return value FzCarry out Lagrange's interpolation operation acquisition, FzThe return for calling decryption function to obtain for the child node z of node x
Value;
The decryption return value for successively having traversed all child nodes obtains the decryption return value F at root nodeR, at root node
Decryption return value and the ciphertext C extracted from anti-tamper ciphertext1Operation is decrypted, the clear-text message m sent, thus suitable
The development car networking communication service work of benefit.
4. a kind of car networking intimacy protection system that the ciphertext based on CP-ABE is anti-tamper characterized by comprising
System initialization module, for generating the public key, master key and common parameter of system;
Trusted authorization center, for itself of the public key of storage system, master key and common parameter and data requester private
Key;
Data sender's plaintext encrypting module, data senders formulate access strategy according to self attributes, by access strategy and to
Clear-text message, system public key and the common parameter of transmission generate anti-tamper ciphertext jointly, and by anti-tamper ciphertext and access plan
Slightly store into cloud server;
Self attributes are sent to trusted authorization center by data requester private key generation module, data requester, and using certainly
Body attribute is matched with access strategy each in cloud server, and after successful match, trusted authorization centre junction collaboration system master is close
Key and common parameter generate the own private key of data requester;
The anti-tamper verifying of ciphertext and deciphering module carry out anti-tamper verifying to anti-tamper ciphertext, if anti-tamper ciphertext is not tampered with,
Then anti-tamper ciphertext is decrypted using the own private key for the vehicle node for sending request message, obtains and receives request message
The message that vehicle node is sent;Otherwise, the anti-tamper ciphertext of downloading is abandoned, is unable to complete decryption;
The anti-tamper verification process is as follows:
Firstly, extracting H'=H (S, C according to the data storage location of agreement is corresponding from the anti-tamper ciphertext of downloading1,C2)、h、C2
And C3;
Secondly, verifying e (h, C3)=e (H', C2) it is whether true:
Wherein, e () indicates bilinear map handling function;
If e (h, H (S, C1,C2))λWith e (H (S, C1,C2),h)λIt is equal, indicate that the anti-tamper ciphertext of downloading is not tampered with, it will be into
The further decryption work of row, otherwise, the anti-tamper ciphertext of downloading is possible to be tampered, then next step decryption work can not continue
It carries out.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710269494.7A CN107070652B (en) | 2017-04-24 | 2017-04-24 | A kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710269494.7A CN107070652B (en) | 2017-04-24 | 2017-04-24 | A kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107070652A CN107070652A (en) | 2017-08-18 |
| CN107070652B true CN107070652B (en) | 2019-07-23 |
Family
ID=59605194
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710269494.7A Active CN107070652B (en) | 2017-04-24 | 2017-04-24 | A kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107070652B (en) |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108632030B (en) * | 2018-03-22 | 2020-11-27 | 中山大学 | CP-ABE-based fine-grained access control method |
| CN108833074B (en) * | 2018-04-28 | 2021-02-26 | 西安电子科技大学 | Vehicle self-organizing network authentication system and method based on homomorphic encryption |
| CN109150840B (en) * | 2018-07-25 | 2021-04-20 | 重庆邮电大学 | Self-adaptive tamper-proof data structure and method for update package in Internet of vehicles |
| CN109543439B (en) * | 2018-12-04 | 2021-07-13 | 北京锐安科技有限公司 | Service request method and device for Internet of vehicles |
| CN110008746B (en) * | 2019-04-01 | 2020-11-03 | 大连理工大学 | Block chain-based medical record storage, sharing and safety claim settlement model and method |
| CN110086804B (en) * | 2019-04-25 | 2021-08-31 | 广州大学 | Internet of things data privacy protection method based on block chain and trusted hardware |
| CN110099367A (en) * | 2019-04-26 | 2019-08-06 | 河南工学院 | Car networking secure data sharing method based on edge calculations |
| CN110308691B (en) * | 2019-07-26 | 2021-07-02 | 湘潭大学 | Multidimensional data aggregation and access control method for ubiquitous power Internet of things |
| CN110519345B (en) * | 2019-08-14 | 2022-04-08 | 杭州师范大学 | Internet of vehicles information safety cooperation downloading method based on multi-assistance vehicle autonomous selection |
| GB2588107B (en) | 2019-10-07 | 2022-11-02 | British Telecomm | Secure publish-subscribe communication methods and apparatus |
| CN111092715B (en) * | 2019-12-27 | 2023-06-16 | 山东师范大学 | Network about car information security processing method, system and equipment |
| CN111404665A (en) * | 2020-03-10 | 2020-07-10 | 南京工业大学 | Ciphertext access control method based on CP-ABE |
| CN111586685B (en) * | 2020-04-26 | 2022-05-03 | 重庆邮电大学 | Anonymous roaming authentication method based on lattices |
| CN111654591B (en) * | 2020-04-29 | 2023-08-08 | 中国平安财产保险股份有限公司 | Picture tamper-proof method, computer device and storage medium |
| CN111756762A (en) * | 2020-06-29 | 2020-10-09 | 北京百度网讯科技有限公司 | Vehicle safety analysis method and device, electronic equipment and storage medium |
| CN113329021B (en) * | 2021-05-31 | 2022-04-29 | 湖北工业大学 | Automobile depreciation model parameter privacy protection system and method based on industrial Internet |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104580205A (en) * | 2015-01-05 | 2015-04-29 | 南京邮电大学 | CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing |
| CN104993929A (en) * | 2015-05-15 | 2015-10-21 | 西安邮电大学 | Attribute-based encryption system and method supporting system attribute expansion |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101593165B1 (en) * | 2014-08-19 | 2016-02-15 | 한국전자통신연구원 | Data access control method |
-
2017
- 2017-04-24 CN CN201710269494.7A patent/CN107070652B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104580205A (en) * | 2015-01-05 | 2015-04-29 | 南京邮电大学 | CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing |
| CN104993929A (en) * | 2015-05-15 | 2015-10-21 | 西安邮电大学 | Attribute-based encryption system and method supporting system attribute expansion |
Non-Patent Citations (2)
| Title |
|---|
| 基于CP_ABE的车联网云端数据安全访问控制方案;庞立君;《电视技术》;20150930;正文"2.1 系统模型" |
| 基于CP_ABE算法的云存储数据访问控制方案设计;程思嘉;《信息网络安全》;20160229;摘要、"4 云计算下访问控制方案设计",图2-5 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107070652A (en) | 2017-08-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107070652B (en) | A kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper and system | |
| CN103281377B (en) | A kind of encrypt data storage and querying method of facing cloud | |
| CN105743646B (en) | A kind of Identity based encryption method and system | |
| CN101789865B (en) | Dedicated server used for encryption and encryption method | |
| CN106302406B (en) | Close car networking condition method for secret protection and system are signed based on the polymerization of no certificate | |
| CN104253694B (en) | A kind of time slot scrambling for network data transmission | |
| CN110536259A (en) | A kind of lightweight secret protection data multilevel polymerization calculated based on mist | |
| CN109981641A (en) | A kind of safe distribution subscription system and distribution subscription method based on block chain technology | |
| CN111385306B (en) | Anonymous authentication method and system based on anti-tampering device in smart power grid | |
| CN101867472B (en) | Asymmetrical group encryption/decryption method based on user identity identification | |
| CN109194523A (en) | The multi-party diagnostic model fusion method and system, cloud server of secret protection | |
| CN112187798B (en) | Bidirectional access control method and system applied to cloud-side data sharing | |
| CN109818749A (en) | The point-to-point method for message transmission of anti-quantum calculation and system based on pool of symmetric keys | |
| CN101977197B (en) | Multi-receiver encryption method based on biological characteristics | |
| CN102594551B (en) | Method for reliable statistics of privacy data on radio frequency identification (RFID) tag | |
| CN101465725A (en) | Key distribution method for public key system based on identification | |
| CN107172043B (en) | A kind of smart power grid user sale of electricity method based on homomorphic cryptography | |
| CN109243020A (en) | A kind of smart lock identity identifying method based on no certificate | |
| CN109951279A (en) | A kind of anonymous data storage method based on block chain and edge device | |
| CN110932854A (en) | Block chain key distribution system and method for Internet of things | |
| CN110535626A (en) | The quantum communications service station secret communication method and system of identity-based | |
| CN104301327B (en) | The intimacy protection system and method for the P2P social networks based on broadcast enciphering | |
| CN106357397A (en) | Sender-authenticated asymmetric group key negotiation method | |
| CN114531680B (en) | Light-weight IBC bidirectional identity authentication system and method based on quantum key | |
| CN101984626B (en) | Method and system for safely exchanging files |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240112 Address after: Room 212, 2nd Floor, No. 390, Lane 1555, Jinsha Jiangxi Road, Jiading District, Shanghai, 200000 Patentee after: Shanghai Zhiming Information Technology Co.,Ltd. Address before: 230000 floor 1, building 2, phase I, e-commerce Park, Jinggang Road, Shushan Economic Development Zone, Hefei City, Anhui Province Patentee before: Dragon totem Technology (Hefei) Co.,Ltd. Effective date of registration: 20240112 Address after: 230000 floor 1, building 2, phase I, e-commerce Park, Jinggang Road, Shushan Economic Development Zone, Hefei City, Anhui Province Patentee after: Dragon totem Technology (Hefei) Co.,Ltd. Address before: 425199 130 Yang Zi Tang Road, Lingling District, Yongzhou, Hunan. Patentee before: HUNAN University OF SCIENCE AND ENGINEERING |
|
| TR01 | Transfer of patent right |