CN107634837B - Internet of vehicles message authentication method based on edge calculation - Google Patents

Internet of vehicles message authentication method based on edge calculation Download PDF

Info

Publication number
CN107634837B
CN107634837B CN201711057462.7A CN201711057462A CN107634837B CN 107634837 B CN107634837 B CN 107634837B CN 201711057462 A CN201711057462 A CN 201711057462A CN 107634837 B CN107634837 B CN 107634837B
Authority
CN
China
Prior art keywords
rsu
vehicle
message
ecv
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711057462.7A
Other languages
Chinese (zh)
Other versions
CN107634837A (en
Inventor
崔杰
魏璐
仲红
许艳
张静
陈志立
石润华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui University
Original Assignee
Anhui University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui University filed Critical Anhui University
Priority to CN201711057462.7A priority Critical patent/CN107634837B/en
Publication of CN107634837A publication Critical patent/CN107634837A/en
Application granted granted Critical
Publication of CN107634837B publication Critical patent/CN107634837B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a vehicle networking efficient message authentication method based on edge calculation, which comprises the following steps of (1) initializing a system of a vehicle networking participant entity, wherein the step comprises two processes of parameter generation, vehicle generation of a pseudonym and signature; (2) the method comprises the steps that the RSU elects an Edge Computing Vehicle (ECV), the ECV executes tasks, the RSU checks the authentication result of the ECV, and the vehicle message authentication is carried out. The signature part of the invention uses the operation based on elliptic curve cryptography, so that the calculation and transmission costs are lower; ECV is further elected through a fuzzy logic control theory to achieve local optimal election; the ECV is set to help the RSU to realize rapid and accurate message signature authentication; the RSU furthest reduces the redundant authentication of the whole system through broadcasting the authentication result, and improves the operation efficiency of the whole Internet of vehicles.

Description

Internet of vehicles message authentication method based on edge calculation
Technical Field
The invention relates to a vehicle network communication safety technology, in particular to a vehicle networking message authentication method based on edge computing.
Background
With the development of the automobile industry and the improvement of the economic level, the number of automobiles is continuously increased, and the requirements of people on automobile safety and driving comfort are more and more urgent. The internet of vehicles (VANET, Vehicular Ad Hoc Network) has been produced and has become a research focus of common attention of governments, research institutions and vehicle manufacturing enterprises. A typical internet of vehicles consists of three parts: trusted Authorities (TA), Roadside units (RSU), and On Boardreadunits (OBU). Wherein the vehicle's OBU is primarily responsible for two types of communication, inter-vehicle communication (V2V), inter-vehicle and RSU communication (V2R); the RSU acts as a bridge for the vehicle to communicate with the TA; the TA is used as a trusted management center in the Internet of vehicles and is responsible for registration and authentication of the RSU and the OBU.
Because the V2V and the V2R in the Internet of vehicles adopt wireless communication, if no reasonable safety scheme exists, a malicious attacker can modify the information of a legal vehicle and even disguise the information as the identity of the legal vehicle to send fake information, so that the traffic safety is damaged. Thus, a message recipient in the vehicle network must check the integrity and authenticity of a message after receiving it, and can only use it if it is guaranteed to be complete and authentic, otherwise it should be discarded. Besides, the privacy problem is a topic that has attracted much attention in the field of car networking in recent years. The drivers do not want personal privacy information such as own driving routes and real identities to be known by others, so the communication protocol between the internet of vehicles needs to be designed into a mode of anonymous communication, namely, vehicles use real identities of themselves but pseudonyms when communicating. But the anonymous protocol in the internet of vehicles should not be designed as an absolutely anonymous protocol because if there is a vehicle sending a forged message or tampering with a legitimate message, the identity of the vehicle should be traceable by a trusted authority. In the car networking, this privacy protection scheme is called a conditional privacy protection scheme. In order to solve the safety and privacy problems in the internet of vehicles, in recent years, many researchers have proposed various authentication schemes, but these schemes basically have redundant authentication, are not high enough in computational efficiency, and cannot meet the performance requirements in extreme cases.
In order to solve the problems of redundancy authentication and calculation efficiency in the field of Internet of vehicles message authentication, the scheme provides an efficient Internet of vehicles message authentication scheme based on edge calculation. The signature part of the scheme uses an operation based on Elliptic Curve Cryptography (ECC), so that the calculation and transmission overhead is low; ECV is elected through a fuzzy logic control theory to achieve local optimal election; the ECV is set to help the RSU to realize rapid and accurate message signature authentication, the authentication task of the RSU is outsourced to the ECV, and the RSU only needs to check the authentication result of the ECV; the RSU furthest reduces the redundant authentication of the whole system through broadcasting the authentication result, and improves the operation efficiency of the whole Internet of vehicles.
Disclosure of Invention
The purpose of the invention is as follows: the invention aims to solve the defects in the prior art and provides a vehicle networking message authentication method based on edge calculation.
The technical scheme is as follows: the invention discloses a vehicle networking message authentication method based on edge calculation, which comprises the following steps:
(1) the system initialization of the vehicle networking participant entity:
(1.1) parameter generation, namely, the TA is responsible for generating related parameters (including a system private key, a system public key, a private key of a roadside unit RSU, a public key of the roadside unit RSU, and real identity RID and password PWD distributed to each vehicle), the TA sends the private key of the RSU to the RSU through a safe wired network and sends the system private key to the vehicle at an ETC gateway, and the corresponding public key and the public parameters can be directly broadcast in any occasion without confidentiality;
(1.2) generating a pseudonym and a signature by the vehicle, namely generating the pseudonym by a TPD (tamper resistant device) module for the safety in the vehicle and signing an input message;
(2) message authentication of RSU and vehicle:
(2.1) the RSU elects an edge computing vehicle ECV, namely the vehicle broadcasts own position information and the value of the residual computing available resource, and the RSU elects the ECV according to the two metrics and distributes tasks to the ECV;
(2.2) the ECV executes the task, namely the ECV performs message authentication after receiving the task and informs the RSU of the authentication result;
(2.3) the RSU checks the authentication result of the ECV, namely the RSU broadcasts the authentication result through a Cuckoo filter after checking the authentication result of the ECV;
and (2.4) vehicle message authentication, namely after receiving the filter, the vehicles around the RSU perform inquiry work, namely, inquiry determines whether the message is legal and valid.
Further, the specific process of parameter generation in the step (1.1) is as follows:
(1.1.1) TA randomly selects two large prime numbers p, q, and one is defined as y2=x3A nonsingular elliptic curve E of + ax + b mod q, and in a group GqRandomly selecting a generating element P;
(1.1.2) TA random selection
Figure GDA0002596147930000031
As the system private key, a system public key P is calculatedpub=sP;
(1.1.3) TA random selection
Figure GDA0002596147930000032
As the private key of the RSU, the public key PK of the RSU is calculatedR=xP;
(1.1.4) TA selects a safe hash function: h: {0,1}*→Zq
(1.1.5) the TA distributes a real identity RID and a password PWD for each vehicle, and preloads { RID, PWD, s } into a TPD module of the vehicle through a safe channel;
(1.1.6) the TA sends the private key x of the RSU to the RSU through a secure channel;
(1.1.7) TA publishes System public parameters { P, q, a, b, P to RSU and all vehiclespub,PKRH } wherein a, b ∈ Fp
Further, the detailed process of the step (1.2) is as follows:
(1.2.1) vehicle ViSending the real identity RID and the password PWD of the user to the TPD module for identity validity check, if the two values are equal to the values pre-stored in the TPD, passing the authentication and performing the step (1.2.2), otherwise failing the authentication and refusing the service;
(1.2.2) random selection of a number for TPD
Figure GDA0002596147930000033
Calculate the pseudonym
Figure GDA0002596147930000034
Wherein the pseudonym comprises two sub-pseudonyms
Figure GDA0002596147930000035
And
Figure GDA0002596147930000036
the aim is to protect the identity privacy of the vehicle by conditional traceability of the pseudonym, these two sub-pseudonyms being defined as:
Figure GDA0002596147930000037
wherein, h: {0,1}*→Zq,PpubIs a system public key, P is in group GqSelecting randomly a generator;
(1.2.3) vehicle ViThe information M to be transmitted and the time stamp T at the moment are linked into MiTPD module input M | | TiGenerating a signature σi=sh(PIDi)+rih(Mi),
Figure GDA0002596147930000038
(1.2.4) vehicle broadcast message
Figure GDA0002596147930000039
Further, the specific method of the step (2.1) is as follows:
(2.1.1) vehicle ViAdding GPS position and residual available computing resource information in the BSM message;
(2.1.2) RSU according to ViRespectively calculating a distance metric DM and an available performance metric APM according to the GPS position and the residual available calculation resource information, performing fuzzification processing, then calculating corresponding membership degrees according to fuzzy rules defined by a expert method, finally performing defuzzification processing according to a gravity center method to obtain a fitness value, and selecting V if the fitness is greater than a preset valueiInto an ECVi
(2.1.3) for ECV-equipped vehicle ViThe RSU allocates one of them according to its remaining available computing resource sizeA specific message authentication task in the form of a pseudonym of the vehicle
Figure GDA0002596147930000041
Sent to vehicle ViWhere PID represents the set of pseudonyms to be authenticated { PID1.PID2…PIDn},
Figure GDA0002596147930000042
Indicating that the RSU uses its own private key SKRSignature on pseudonym set PID.
Further, the distance metric DM in step (2.1.2) is calculated by the following formula:
Figure GDA0002596147930000043
wherein R represents the maximum effective transmission distance of the RSU;
the calculation formula of the available performance metric value APM is as follows:
Figure GDA0002596147930000044
wherein UCR (x) represents a vehicle ViCalculated resource value, MCL (x) for vehicle ViA maximum calculated performance value;
the preset value is a constant k, the value of k depends on the traffic flow in the current time period, and the larger the value is, the higher the standard for selecting the edge calculation vehicles is. K is suitably a constant between 0.8 and 1.0 at higher traffic flows and a constant between 0.6 and 0.8 at lower traffic flows.
Further, the specific method of the step (2.2) is as follows:
(2.2.1)ECViperforming batch authentication on the messages contained in the task set, if all the messages pass, indicating that all the messages in the task queue are legal, and informing the result to the RSU; otherwise, at least one message in the task set is illegal, and the following steps are executed;
(2.2.2)ECVito the task queueAnd combining the binary search algorithm of batch authentication, storing the illegal messages searched in the algorithm execution process into an illegal message set, and sending the illegal message queue to the RSU after the algorithm execution is finished.
Further, the specific method of the step (2.3) is as follows:
(2.3.1) RSU according to ECViDeducing a legal message set from the sent illegal message set, performing batch authentication on the legal message set, and respectively authenticating all elements in the illegal message set;
(2.3.2) the RSU computes fingerprints for legitimate messages, illegitimate messages, respectively, and stores them in the positive filter and the negative filter, respectively, and then broadcasts them.
Further, the specific method of the step (2.4) is as follows: the vehicle calculates the fingerprint of the message to be authenticated, and performs inquiry operation in the positive filter and the negative filter sent by the RSU respectively aiming at the fingerprint to determine whether the message is legal and valid.
Has the advantages that: compared with the prior art, the invention has the following advantages:
(1) the invention adopts a signature scheme based on ECC (elliptic curve cryptography), so that the calculation and communication overhead is lower;
(2) the invention adopts the edge calculation vehicle election method based on the fuzzy logic control theory, thereby obtaining the local optimal solution;
(3) the invention concentrates the message authentication task on the RSU and the edge computing vehicle, on one hand, the message authentication burden of the RSU is not overlarge, on the other hand, the vehicle with low computing performance can perform the message authentication with little overhead, and the message authentication redundancy of the whole system is low, thereby ensuring that the operation efficiency of the whole system is higher.
Drawings
FIG. 1 is a diagram of a system model of the present invention;
FIG. 2 is a schematic diagram of the pseudonym and signature generation process of the present invention;
FIG. 3 is a schematic diagram of the process of the RSU electing the ECV;
fig. 4 is a schematic diagram of the process of the RSU determining the validity of the ECV authentication result.
Detailed Description
The technical solution of the present invention is described in detail below, but the scope of the present invention is not limited to the embodiments.
As shown in fig. 1, the system model of the vehicle networking message authentication scheme based on edge computing mainly includes three participants, namely, a trusted entity (TA), a roadside unit (RSU), and a vehicle unit (OBU). The TA is responsible for the functions of parameter initialization, key material generation and release and the like of the whole system, cannot be broken and is trusted by other entities in the Internet of vehicles; the RSU is used as an intermediary of the TA and the OBU and is responsible for authenticating the validity of the message signature of the surrounding vehicle and broadcasting the result to the surrounding vehicle as a service; the OBU is used as a vehicle networking module of the vehicle and is responsible for communication of the vehicle, wherein the vehicle is divided into a common vehicle and an Edge Computing Vehicle (ECV), the common vehicle only needs to inquire the service provided by the RSU to realize message authentication, and the edge computing vehicle also needs to complete the message authentication task distributed by the RSU while enjoying the right of the common vehicle.
Example 1:
the Internet of vehicles message authentication method based on edge computing comprises the following steps:
(1) the system initialization of the vehicle networking participant entity: generating parameters, and generating a pseudonym and a signature by a vehicle;
(2) message authentication of RSU and vehicle: the RSU elects an Edge Computing Vehicle (ECV), the ECV performs tasks, the RSU checks the authentication result of the ECV, and vehicle message authentication.
In the parameter generation stage of step (1), the TA generates necessary system parameters, and then the TA preloads the system parameters into the TPD (tamper-resistant device) of the vehicle and all RSUs through a secure communication channel. The method comprises the following specific steps:
1) TA randomly selects two large prime numbers p, q, and one is defined as y2=x3Nonsingular elliptic curves E of + ax + b mod q (where a, b ∈ Fp) And in group GqAnd randomly selecting a generator P.
2) TA random selection
Figure GDA0002596147930000061
As the system private key, a system public key P is calculatedpub=sP。
3) TA random selection
Figure GDA0002596147930000062
As the private key of the RSU, the public key PK of the RSU is calculatedR=xP。
4) TA selects a safe hash function: h: {0,1}*→Zq
5) TA assigns a real identity RID and a password PWD to each vehicle, and preloads { RID, PWD, s } into the TPD of the vehicle through a secure channel.
6) The TA sends the RSU's private key x to the RSU over a secure wired network.
7) TA publishes System public parameters { P, q, a, b, P to the RSU and all vehiclespub,PKR,h}。
In the pseudonym and signature generation stage of step (1), as shown in fig. 2, in order to ensure the verifiability of the message, the vehicle needs to provide a signature for the message, and the specific process is as follows:
1) the vehicle sends the real identity RID and the password PWD of the vehicle to the TPD for identity validity check, if the two values are equal to the values pre-stored in the TPD, the authentication is passed and the following steps are carried out, otherwise the authentication is failed and the service is refused.
2) Selecting a number at random for TPD
Figure GDA0002596147930000063
Calculate the pseudonym
Figure GDA0002596147930000064
Wherein the pseudonym comprises two sub-pseudonyms
Figure GDA0002596147930000065
And
Figure GDA0002596147930000066
the purpose is conditional traceability by pseudonymTo protect the identity privacy of the vehicle, the two sub-pseudonyms are defined as:
Figure GDA0002596147930000067
3) vehicle ViThe information M to be transmitted and the time stamp T at the moment are linked into MiTPD inputs M | | TiGenerating a signature σi=sh(PIDi)+rih(Mi)。
4) Vehicle broadcast message
Figure GDA0002596147930000071
The main process of the step (2) comprises the following steps: the vehicle broadcasts the position information of the vehicle and the remaining calculation available resource value, the RSU elects the ECV according to the two measurement values and distributes tasks to the ECV, the ECV performs message authentication after receiving the tasks and informs the RSU of the authentication result, the RSU broadcasts the result through a Cuckoo filter after checking the authentication result of the ECV, and vehicles around the RSU can perform message authentication only by inquiring after receiving the filter.
The vehicle broadcast location and computing resource information refers to: the vehicle adds the GPS position at the time of transmitting the message and the remaining calculation resource information in the BSM (basic safety message), and continuously updates and transmits it at a cycle of 300 ms.
The RSU in step (2) selects an ECV according to the position of the vehicle and the computing resource information and allocates a task phase, as shown in fig. 3, the specific process is described as follows:
1) RSU according to vehicle ViThe transmitted GPS position and its own position calculation itself (i.e., RSU itself) and ViD (x), calculating a Distance Metric (DM) according to the formula,
Figure GDA0002596147930000072
where R represents the maximum effective transmission distance of the RSU.
2) RSU according to vehicle ViCalculating Available Performance Metric (APM) based on the transmitted available resource information) The calculation method is as follows,
Figure GDA0002596147930000073
wherein UCR (x) represents a vehicle ViCalculated resource value, MCL (x) for vehicle ViMaximum calculated performance value.
3) The RSU substitutes DM and APM values according to Min-Max method and IF/Then rule to obtain fuzzy value, and obtains fitness according to gravity center method, IF the fitness is larger than preset constant k, Then vehicle V is selectediBecomes ECV. The output contains fuzzy sets { Verygood, Good, Unpseraberable, Bad, VeryBad }, and the fuzzy relations are shown in the following table:
Figure GDA0002596147930000081
4) for vehicle V becoming ECViThe RSU allocates certain message authentication tasks to the RSU according to the size of the residual available computing resources, and the tasks are in the form of vehicle pseudonyms
Figure GDA0002596147930000082
Sent to vehicle ViWherein PID ═ { PID ═ PID1,PID2,…,PIDn}。
The ECV of the step (2) executes the message authentication task stage, and the specific process is described as follows:
1) vehicle ECViFor received PID ═ PID1,PID2,…,PIDnFind the message signature Pair (PID) that needs authentication in its own message bufferi,Mi,σi) Wherein i is more than or equal to 1 and less than or equal to n, and then the following work is carried out:
2) vehicle ECViChecking the validity of the time stamps of all messages and if there are expired messages, sending a report to the RSU, which is slave to the ECViEliminating pseudonym PID corresponding to expired message in corresponding message owner list PIDx
3) To prevent fromEnemy attack bulk summation, vehicle ECViRandomly selecting a small integer t with the length of 10bits, and randomly generating a vector v ═ v { (v)1,v2,…,vn},vi∈[1,2t]. Batch authentication is then performed according to the following equation,
Figure GDA0002596147930000083
if the above formula holds, it indicates ECViThe authenticated batch of messages passes the identity of the message owner and the integrity check of the message itself; if the message is not true, the ECV indicates that the batch of messages at least contains an invalid message, and the ECV is used for judging whether the batch of messages contains the invalid message or notiThe following work is required. Therefore, the attack of a malicious attacker on the signature accumulation process in batch authentication can be avoided.
4) In order to quickly find invalid messages contained in the batch of messages, a method combining binary search and batch authentication can be adopted to quickly find the invalid messages. The algorithm is as follows:
Figure GDA0002596147930000091
5) by the above steps, ECViFinds invalid messages in the batch messages, finds the identity sequence of the message owners in the own message buffer pool
Figure GDA0002596147930000092
Followed by ECViAnd feeding back the authentication result to the RSU:
Figure GDA0002596147930000093
notably, to conserve network bandwidth, ECViOnly the pseudonym of the invalid message owner needs to be sent to the RSU. This reduces transmission overhead because most messages are available in the vehicle networking, and the RSU is slave ECViSubtracting from ECV the pseudonym set corresponding to the message requiring authenticationiThe received pseudonym set can obtain the identity corresponding to the legal message。
The RSU of step (2) checks the ECV authentication result phase, as shown in FIG. 4, for ECViAs a result of the transmission, the RSU needs to be checked, and only after the check is passed, will the RSU broadcast the ECViThe specific process of the authentication result of (1) is as follows:
1) RSU receiving ECViOf a message
Figure GDA0002596147930000101
Then, the signature is checked first
Figure GDA0002596147930000102
If the message is valid, rejecting the message if the message is invalid, and continuing the following steps if the message is valid;
2) searching for ECV in own memoryiThe pseudonym PID sequence corresponding to the message to be authenticated is marked as
Figure GDA0002596147930000103
The sequence minus ECViSequence of invalid message owner identities sent
Figure GDA0002596147930000104
Can obtain ECViPID sequence of authenticated message owners
Figure GDA0002596147930000105
3) To pair
Figure GDA0002596147930000106
The corresponding message signature carries out the batch authentication, and if the batch authentication passes, a is output as True; if not, the output a is False. For invalid message owner identity sequence
Figure GDA0002596147930000107
The message signatures corresponding to all the elements in the list are authenticated one by one according to the following formula, and if all the signatures fail to be authenticated, b is output as True; otherwise, output b is False.
Figure GDA0002596147930000108
In the process, the hash operation is carried out on the pseudonym, and then the signature is carried out, so that the unforgeability of the identity (namely the pseudonym) of the message and the message owner can be ensured at the same time.
4) If a is True, then ECViThe message authentication result is reliable, and the following steps are continued; otherwise, ECV is explainediAttempting to spoof the RSU, the RSU recognizes the ECViCancellation of ECV for malicious vehiclesiCalculates vehicle qualification and sends an ECV to the TAiIs a pseudonym of
Figure GDA0002596147930000109
Requesting TA to withdraw ECVi
5) The RSU confirms the ECV through the check of the step 4)iWhether the authentication result of (1) is reliable. The RSU initializes two Cuckoo filters, namely a positive filter posFilter and a negative filter negFilter. RSU separate calculation
Figure GDA00025961479300001010
Fingerprint of the message corresponding to all elements in the message, i.e. fingerprint (M)i) Storing the fingerprint in a positive filter; respectively calculate
Figure GDA00025961479300001011
The fingerprints of the messages corresponding to all the elements in the database are stored in the negative filter. After initialization is finished, the RSU broadcasts a positive filter posFilter, a negative filter negFilter and corresponding signatures to the vehicles in the jurisdiction
Figure GDA00025961479300001012
In the step (2), the authentication result stage of the vehicle authentication RSU broadcast comprises the following specific steps:
1) if the vehicle ViWant to authenticate message MiWhether it is legal or not, first calculate MiCorresponding fingerprint f ═ fingerprint (M)i) Respectively at the positive filter posFilter and the negative filter negFiAnd inquiring whether the fingerprint f value can be inquired in the filter.
2) The query results can be divided into four cases: { case 1: pos filter ═ True, negFilter ═ False }, { case 2: pos filter ═ False, negFilter ═ True }, { case 3: pos filter ═ True, negFilter ═ True }, { case 4: pos filter ═ False, negFilter ═ False }.
Either case 1 or 2 may specify message MiLegal or not, but with a certain probability, case 3 is encountered. Case 3, if present, indicates that the RSU has not yet authenticated message MiOr the verification result is not updated to the filter in time, the vehicle waits for the updating of the filter of the next round at the moment, if the number of rounds preset by the system is exceeded and the query still fails, the vehicle self-authenticates the message MiWhether it is legal or not. Case 4 occurs because the Cuckoo filter has a certain false positive rate, but the probability of case 4 occurring is negligible only by increasing the length of the fingerprint function finger print and increasing the Bucket Size according to actual needs.
The signature part of the invention uses the operation based on elliptic curve cryptography, so that the calculation and transmission costs are lower; ECV is further elected through a fuzzy logic control theory to achieve local optimal election; the ECV is set to help the RSU to realize rapid and accurate message signature authentication; the RSU furthest reduces the redundant authentication of the whole system through broadcasting the authentication result, and improves the operation efficiency of the whole Internet of vehicles.

Claims (8)

1. A vehicle networking message authentication method based on edge calculation is characterized in that: comprises the following steps:
(1) the system initialization of the vehicle networking participant entity:
(1.1) parameter generation, namely, a trust authority TA is responsible for generating a system private key, a system public key, a private key of a roadside unit RSU, a public key of the roadside unit RSU and a real identity RID and a password PWD distributed to each vehicle, the TA sends the private key of the RSU to the RSU through a safe wired network and sends the system private key to the vehicle at an ETC gateway, and the system public key and public parameters are broadcasted to the vehicle and the RSU at any time occasion;
(1.2) generating a pseudonym and a signature by the vehicle, namely generating the pseudonym by a TPD (tamper resistant device) module for the safety in the vehicle and signing an input message;
(2) message authentication of RSU and vehicle:
(2.1) the RSU elects an edge computing vehicle ECV, namely the vehicle broadcasts own position information and the value of the residual computing available resource, and the RSU elects the ECV according to the two metrics and distributes tasks to the ECV;
(2.2) the ECV executes the task, namely the ECV performs message authentication after receiving the task and informs the RSU of the authentication result;
(2.3) the RSU checks the authentication result of the ECV, namely the RSU broadcasts the authentication result through a Cuckoo filter after checking the authentication result of the ECV;
and (2.4) vehicle message authentication, namely after receiving the filter, the vehicles around the RSU perform inquiry work, namely, inquiry determines whether the message is legal and valid.
2. The edge computing-based internet of vehicles message authentication method of claim 1, wherein: the specific process of parameter generation in the step (1.1) is as follows:
(1.1.1) TA randomly selects two large prime numbers p, q, and one is defined as y2=x3A nonsingular elliptic curve E of + ax + b mod q, and in a group GqRandomly selecting a generating element P;
(1.1.2) TA random selection
Figure FDA0002572240260000011
As the system private key, a system public key P is calculatedpub=sP;
(1.1.3) TA random selection
Figure FDA0002572240260000012
As the private key of the RSU, the public key PK of the RSU is calculatedR=xP;
(1.1.4) TA selects a safe hash function: h: {0,1}*→Zq
(1.1.5) the TA distributes a real identity RID and a password PWD for each vehicle, and preloads { RID, PWD, s } into a TPD module of the vehicle through a safe channel;
(1.1.6) the TA sends the private key x of the RSU to the RSU through a secure channel;
(1.1.7) the TA publishes public parameters { P, q, a, b, P to the RSU and all vehiclespub,PKRH } wherein a, b ∈ Fp
3. The edge computing-based internet of vehicles message authentication method of claim 1, wherein: the detailed process of the step (1.2) is as follows:
(1.2.1) vehicle ViSending the real identity RID and the password PWD of the user to the TPD module for identity validity check, if the two values are equal to the values pre-stored in the TPD, passing the authentication and performing the step (1.2.2), otherwise failing the authentication and refusing the service;
(1.2.2) random selection of a number for TPD
Figure FDA0002572240260000021
Calculate the pseudonym
Figure FDA0002572240260000022
Wherein the pseudonym PIDiComprising two sub-pseudonyms
Figure FDA0002572240260000023
And
Figure FDA0002572240260000024
wherein, h: {0,1}*→Zq,PpubIs a system public key, P is in group GqSelecting randomly a generator;
(1.2.3) vehicle ViThe information M to be transmitted and the time stamp T at the moment are linked into MiTPD module input M | | TiGenerating a signature σi=sh(PIDi)+rih(Mi),
Figure FDA0002572240260000025
(1.2.4) vehicle broadcast message
Figure FDA0002572240260000026
4. The edge computing-based internet of vehicles message authentication method of claim 1, wherein: the specific method of the step (2.1) comprises the following steps:
(2.1.1) vehicle ViAdding GPS position and residual available computing resource information in the BSM message;
(2.1.2) RSU according to ViRespectively calculating a distance metric DM and an available performance metric APM according to the GPS position and the residual available calculation resource information, performing fuzzification processing, then calculating corresponding membership degrees according to a fuzzy rule, finally performing defuzzification processing according to a gravity center method to obtain a fitness value, and electing V if the fitness is greater than a preset valueiTo become ECV;
(2.1.3) for ECV-equipped vehicle ViThe RSU allocates its message authentication tasks in the form of vehicle pseudonyms according to its remaining available computing resource size
Figure FDA0002572240260000027
Sent to vehicle ViWhere PID represents the set of pseudonyms to be authenticated { PID1.PID2...PIDn},
Figure FDA0002572240260000028
Indicating that the RSU uses its own private key SKRSignature on pseudonym set PID.
5. The edge computing-based internet of vehicles message authentication method of claim 4, wherein: the calculation formula of the distance metric DM in the step (2.1.2) is as follows:
Figure FDA0002572240260000031
wherein R represents the maximum effective transmission distance of the RSU;
the calculation formula of the available performance metric value APM is as follows:
Figure FDA0002572240260000032
wherein UCR (x) represents a vehicle ViCalculated resource value, MCL (x) for vehicle ViA maximum calculated performance value;
the preset value is a constant k, when the traffic flow is high, the constant k is between 0.8 and 1.0, and when the traffic flow is low, the constant k is between 0.6 and 0.8.
6. The edge computing-based internet of vehicles message authentication method of claim 1, wherein: the specific method of the step (2.2) is as follows:
(2.2.1)ECVithe batch authentication is carried out on the messages contained in the task set through the batch authentication formula, if the batch authentication formula equation is established, namely all the messages pass, all the messages in the task set are legal, the authentication result is informed to the RSU, and a random small factor technology, namely ECV (equal cost vector) is usediRandomly selecting an integer t with the length of 10bits, and randomly generating a vector v ═ v1,v2,…,vnIn which v isi∈[1,2t](ii) a The batch authentication formula is as follows:
Figure FDA0002572240260000033
if the batch authentication formula equation is not satisfied, that is, all the batch authentication formula equations are not passed, indicating that at least one message in the task set is illegal, and executing the step (2.2.2);
(2.2.2)ECViand performing a binary search algorithm combined with batch authentication on the task queue, storing the illegal messages searched in the algorithm execution process into an illegal message set, and sending the illegal message set to the RSU after the algorithm execution is finished.
7. The edge computing-based internet of vehicles message authentication method of claim 1, wherein: the specific method of the step (2.3) is as follows:
(2.3.1) RSU according to ECViDeducing a legal message set from the sent illegal message set, and executing the following steps:
(2.3.1.1) after the RSU receives the message from the edge computing vehicle, it first checks if the message signature is valid, if not, it rejects the message, if valid, it continues with the following steps;
(2.3.1.2) searching the corresponding pseudonym PID sequence of the message which needs to be authenticated of the edge computing vehicle in the memory of the edge computing vehicle, and recording the sequence as
Figure FDA0002572240260000041
The sequence minus ECViSent illegal message owner identity sequence
Figure FDA0002572240260000042
Then obtain ECViPID sequence of authenticated message owners
Figure FDA0002572240260000043
(2.3.1.3) pairs
Figure FDA0002572240260000044
Carrying out batch authentication on the corresponding message signature, and if the message signature passes the batch authentication, outputting a to True; if not, outputting a as False; identity sequence to illegal message owner
Figure FDA0002572240260000047
The message signatures corresponding to all the elements in the list are authenticated one by one according to the following formula, and if all the signatures fail to be authenticated, b is output as True; otherwise, outputting b as False;
Figure FDA0002572240260000045
(2.3.1.4) if a and b are True, then ECViThe message authentication result is reliable, and the following steps are continued; otherwise, ECV is explainediAttempting to spoof the RSU, the RSU recognizes the ECViCancellation of ECV for malicious vehiclesiCalculates vehicle qualification and sends an ECV to the TAiIs a pseudonym of
Figure FDA0002572240260000046
Requesting TA to withdraw ECVi
(2.3.2) the RSU computes fingerprints for legitimate messages, illegitimate messages, respectively, and stores them in the positive filter and the negative filter, respectively, and then broadcasts them.
8. The edge computing-based internet of vehicles message authentication method of claim 1, wherein: the specific method of the step (2.4) comprises the following steps: the vehicle calculates the fingerprint of the message to be authenticated, and performs inquiry operation in the positive filter and the negative filter sent by the RSU respectively aiming at the fingerprint to determine whether the message is legal and valid.
CN201711057462.7A 2017-11-01 2017-11-01 Internet of vehicles message authentication method based on edge calculation Active CN107634837B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711057462.7A CN107634837B (en) 2017-11-01 2017-11-01 Internet of vehicles message authentication method based on edge calculation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711057462.7A CN107634837B (en) 2017-11-01 2017-11-01 Internet of vehicles message authentication method based on edge calculation

Publications (2)

Publication Number Publication Date
CN107634837A CN107634837A (en) 2018-01-26
CN107634837B true CN107634837B (en) 2020-09-01

Family

ID=61106971

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711057462.7A Active CN107634837B (en) 2017-11-01 2017-11-01 Internet of vehicles message authentication method based on edge calculation

Country Status (1)

Country Link
CN (1) CN107634837B (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108492603A (en) * 2018-04-25 2018-09-04 济南浪潮高新科技投资发展有限公司 A kind of edge calculations station and the automatic Pilot method based on edge calculations station
CN109005542B (en) * 2018-07-25 2021-03-02 安徽大学 5G Internet of vehicles rapid message authentication method based on reputation system
CN109005538B (en) * 2018-07-27 2021-03-02 安徽大学 Message authentication method between unmanned vehicle and multi-mobile-edge computing server
CN109067525B (en) * 2018-08-01 2021-03-02 安徽大学 Message authentication method based on semi-trusted management center in Internet of vehicles
CN109218018B (en) * 2018-09-14 2021-08-10 西安电子科技大学 Identity-based unmanned aerial vehicle key management and networking authentication system and method
CN110971397B (en) 2018-09-28 2021-09-14 华为技术有限公司 Communication method, communication device, server and system
CN110099367A (en) * 2019-04-26 2019-08-06 河南工学院 Car networking secure data sharing method based on edge calculations
CN110225481A (en) * 2019-06-12 2019-09-10 中国科学院计算技术研究所 The registration, certification and update method of the user of vehicle in vehicular ad hoc network
CN110493256B (en) * 2019-09-04 2020-04-17 深圳供电局有限公司 Data transmission safety authentication method and system based on edge calculation and vector projection
CN110621005B (en) * 2019-09-26 2020-06-23 电子科技大学 Vehicle networking privacy protection method based on crowdsourcing application
CN110930704B (en) * 2019-11-27 2021-11-05 连云港杰瑞电子有限公司 Traffic flow state statistical analysis method based on edge calculation
CN111371560B (en) * 2020-02-27 2021-03-30 电子科技大学 Certificateless fault-tolerant aggregation signature method and system applied to Internet of vehicles
CN111355745B (en) * 2020-03-12 2021-07-06 西安电子科技大学 Cross-domain identity authentication method based on edge computing network architecture
CN111614561A (en) * 2020-05-28 2020-09-01 北京瑞华赢科技发展有限公司 Intelligent road side data transmission method and device based on edge calculation and distributed system
CN111951420A (en) * 2020-08-27 2020-11-17 深圳成谷智能科技有限公司 Method and device for safely transmitting ETC broadcast message
CN112929944B (en) * 2021-02-04 2022-07-22 天津理工大学 Car networking collaboration content distribution method based on fuzzy logic and alliance graph game

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105959117A (en) * 2016-07-19 2016-09-21 安徽大学 Vehicle-mounted ad hoc network security authentication method based on Cuckoo filter
CN106027519A (en) * 2016-05-18 2016-10-12 安徽大学 Efficient condition privacy protection and security authentication method in internet of vehicles
CN106454825A (en) * 2016-09-22 2017-02-22 北京航空航天大学 Vehicle auxiliary authentication method in Internet of Vehicles environment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106027519A (en) * 2016-05-18 2016-10-12 安徽大学 Efficient condition privacy protection and security authentication method in internet of vehicles
CN105959117A (en) * 2016-07-19 2016-09-21 安徽大学 Vehicle-mounted ad hoc network security authentication method based on Cuckoo filter
CN106454825A (en) * 2016-09-22 2017-02-22 北京航空航天大学 Vehicle auxiliary authentication method in Internet of Vehicles environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
面向车联网高效安全的消息认证方案;吴黎兵 等;《通信学报》;20161130;第37卷(第11期);1-10 *

Also Published As

Publication number Publication date
CN107634837A (en) 2018-01-26

Similar Documents

Publication Publication Date Title
CN107634837B (en) Internet of vehicles message authentication method based on edge calculation
Cui et al. An efficient message-authentication scheme based on edge computing for vehicular ad hoc networks
Yang et al. Blockchain-based traffic event validation and trust verification for VANETs
CN109698754B (en) Fleet safety management system and method based on ring signature and vehicle management platform
Grover Security of Vehicular Ad Hoc Networks using blockchain: A comprehensive review
CN109802956B (en) Anonymous vehicle-mounted network authentication system and method based on ring signature and vehicle communication platform
He et al. Mitigating DoS attacks against signature-based authentication in VANETs
CN111277978B (en) Vehicle networking system and method based on secret sharing and alliance chain
CN109005542B (en) 5G Internet of vehicles rapid message authentication method based on reputation system
Zhou et al. Efficient certificateless conditional privacy-preserving authentication for VANETs
Wang et al. Challenges and solutions in autonomous driving: A blockchain approach
CN108964919A (en) The lightweight anonymous authentication method with secret protection based on car networking
US9100418B2 (en) Adaptive data verification for resource-constrained systems
CN110022542A (en) A kind of anonymous authentication method of the modified based on condition secret protection
Wei et al. An efficient trust management system for balancing the safety and location privacy in VANETs
Swanson et al. Unconditionally secure signature schemes revisited
Zhao et al. PBTM: A privacy-preserving announcement protocol with blockchain-based trust management for IoV
CN111260348B (en) Fair payment system based on intelligent contract in Internet of vehicles and working method thereof
Olakanmi SAPMS: a secure and anonymous parking management system for autonomous vehicles
CN111416705A (en) Quantum computing resistance alliance chain voting system and method based on identity cryptography
Zhao et al. Challenges and opportunities for securing intelligent transportation system
Chikhaoui et al. A ticket-based authentication scheme for vanets preserving privacy
CN111629359A (en) Message authentication method based on agent vehicle
US20080133917A1 (en) Ring authentication method for concurrency environment
Wang et al. Decentralized CRL Management for Vehicular Networks With Permissioned Blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant