CN109362062B - ID-based group signature-based VANETs anonymous authentication system and method - Google Patents

Abstract

The invention relates to the technical field of wireless network security, and provides a VANETs anonymous authentication system based on an ID-based group signature. The invention also provides a method for anonymous authentication by using the system, wherein a third-party trust mechanism generates an initial pseudonym, an initial trust value and a signature private key for a vehicle unit, the vehicle unit and the roadside unit execute a V2I authentication protocol after generating the signature private key, a group private key and a group public key for the roadside unit, the vehicle unit executes a V2V authentication protocol among the vehicle units and generates a shared key when the vehicle units are legal, and finally the roadside unit assists the third-party trust mechanism to track the real identity of the vehicle unit which sends the malicious message and further process the real identity. The invention can ensure the anonymity of the identity of the vehicle node, avoid the expense of certificate storage and management, and improve the privacy protection strength and the authentication efficiency.

Description

ID-based group signature-based VANETs anonymous authentication system and method

Technical Field

The invention relates to the technical field of wireless network security, in particular to a VANETs anonymous authentication system and method based on ID-based group signature.

Background

In recent years, with the rapid development of ad hoc networks and Internet of things (IoT), intelligent transportation systems have become a research hotspot in academic and industrial circles. As an important component in the field of intelligent transportation, Vehicle Ad hoc Networks (VANETs) are an effective technology that can provide wide safety applications for Vehicle users, and are special mobile Ad hoc Networks that connect road entities such as vehicles and roadside infrastructures with a traffic network to form an intelligent network by using vehicles as basic information units and using technologies such as wireless access. It relies On a Trusted Authority (TAs), vehicle units (RSUs) and roadside units (OBUs), where RSUs are widely distributed at the Road edge to meet specific services, while OBUs are installed in VANETs's vehicles. By means of dedicated short-range communication technology (DSRC), nodes in the network are able to communicate with roadside Infrastructure unit nodes (V2I) or with other Vehicle unit nodes (V2V) during free-driving. By broadcasting information such as position, direction, speed, traffic incident and the like at regular time, a user can obtain real-time road condition information and information of neighbor vehicle nodes to avoid traffic risks. The VANETs can effectively prevent potential traffic hidden dangers, provide a new solution for collecting and releasing traffic safety information, accident early warning, accident investigation, vehicle-mounted office entertainment and the like, and also provide point-to-point (P2P) service for users and value-added services for accessing Internet and the like so as to realize functions of collaborative safe driving, intelligent scheduling, charging service and the like among vehicles. Therefore, the VANETs can enhance the driving experience of vehicle users, improve the life quality of people and have great significance for the development of intelligent cities.

However, VANETs also have a number of security issues. The VANETs are an open access environment and have high privacy sensitivity, and if an illegal attacker accesses a network, a plurality of privacy information of a legal node, such as user identity, driving track and the like, can be easily stolen. If the security sensitive network cannot consider and solve the security problem, threats, risks and loopholes exist, and economic loss and even life security are extremely easy to bring to users. The security protocols of VANETs must guarantee basic security requirements (authentication and non-repudiation) and privacy (identity and location privacy) of the vehicle user from being accessed, tracked or analyzed by unauthorized entities.

In the current VANETs access authentication method, an anonymous authentication technology is mostly adopted, so that privacy protection is realized while authentication reliability is achieved, and meanwhile, the method can well cope with flow analysis attacks. In the current VANETs anonymous access authentication method, the most used are the certificate-based anonymous access authentication method and the group signature-based anonymous access authentication method, wherein the group signature-based anonymous access authentication method can provide anonymity which a general digital signature does not have due to the group signature technology, so that group members can sign on behalf of the whole group and only a group owner can reveal the true identity of the group members. In these methods, although identity privacy protection can be achieved to a certain extent, a large number of anonymous certificates or anonymous identities need to be maintained, resulting in large costs for managing and storing certificates and keys. With the rise of identity-based cryptography, since the key management problem can be better solved, a plurality of identity-based VANETs anonymous access authentication methods are proposed in succession, but these methods still do not form a complete and mature scheme to realize identity authentication, privacy protection and malicious node identification and revocation in VANETs under the condition of safety and high efficiency.

Disclosure of Invention

Aiming at the problems in the prior art, the invention provides the VANETs anonymous authentication system and method based on the ID-based group signature, which can ensure the anonymity of the identity of the vehicle node and avoid the expense of certificate storage and management, thereby improving the privacy protection strength and the authentication efficiency of the vehicle node and simultaneously reducing the calculation expense and the communication expense of an authentication scheme.

The technical scheme of the invention is as follows:

a VANETs anonymous authentication system based on ID-based group signature is characterized in that: the system comprises a third-party trust authority, a plurality of roadside units and a plurality of vehicle units;

the third-party trust mechanism is connected with the roadside unit through a network, the vehicle unit is connected with the roadside unit through the network, and the third-party trust mechanism is communicated with the vehicle unit through the roadside unit; the third-party trust mechanism and the roadside units trust each other, the third-party trust mechanism is completely trusted by the vehicle units, the vehicle units and the roadside units do not trust each other, the vehicle units do not trust each other, and the roadside units do not trust each other;

the third-party trust mechanism registers for a roadside unit and a vehicle unit entering VANETs, generates an initial pseudonym, an initial trust value and a signature private key of the vehicle unit for the vehicle unit, and generates a signature private key, a group private key and a group public key of the roadside unit for the roadside unit;

the roadside unit is an infrastructure established at the roadside and generates a new pseudonym, a group signature key and the validity period of the group signature key for a legally accessed vehicle unit;

the vehicle unit is a communication unit loaded on a vehicle node, the vehicle unit is switched among different roadside units along with the movement process of the vehicle node, the vehicle unit is responsible for communication between the corresponding vehicle node and the roadside units and between the corresponding vehicle node and other vehicle nodes, and different vehicle units can directly communicate in a neighbor range and communicate outside the neighbor range in an opportunistic routing manner; the vehicle unit can issue safety information periodically, wherein the safety information comprises the pseudonym, the current speed, the position and the road condition of a vehicle node corresponding to the vehicle unit; the vehicle unit registers to a third-party trust authority after a corresponding vehicle node enters a VANETs, and the vehicle unit obtains a new pseudonym, a group signature key and the validity period of the group signature key which are generated for the vehicle unit by a roadside unit serving as a group manager through bidirectional authentication with the roadside unit;

only the third-party trust authority can obtain the real identity of the vehicle unit, and only the third-party trust authority can cancel the vehicle unit; the roadside unit can assist a third party trust authority in tracking the true identity of the vehicle unit.

A method for anonymous authentication by using the VANETs anonymous authentication system based on ID-based group signature is characterized by comprising the following steps:

step 1: the roadside unit and the vehicle unit register with a third-party trust authority at an initial stage, the third-party trust authority generates an initial pseudonym, an initial trust value and a signature private key of the vehicle unit for the vehicle unit, and the third-party trust authority generates a signature private key, a group private key and a group public key of the roadside unit for the roadside unit;

step 2: during the moving process of the vehicle unit, when the vehicle unit moves to the wireless communication range of the accessible roadside unit, a V2I authentication protocol is executed between the vehicle unit and the roadside unit to authenticate whether the vehicle unit and the roadside unit are legal or not, and if the vehicle unit and the roadside unit are legal, the roadside unit generates the validity period of a new pseudonym, a group signature key and a group signature key for the legally accessed vehicle unit;

and step 3: legal two vehicle unit OBU completing V2I authentication_aAnd OBU_bPerforms a V2V authentication protocol to accomplish mutual authentication, i.e., OBU_aAnd OBU_bIf the mutual authentication is legal, if the OBU is not legal_aAnd OBU_bIf both are legal, the OBU is started_aAnd OBU_bObtaining a second shared secret key for subsequent secure communication;

and 4, step 4: on two vehicle units OBU_aAnd OBU_bDuring communication between the OBU and the other OBU_bReceive OBU_aWhen message m is sent, OBU_bThe message m is verified, if the message m fails to pass the verification, the message m is judged to be a malicious message, and a warning message is sent to an adjacent roadside unit; the adjacent roadside unit further sends the warning message to a third-party trust mechanism; the third party trust mechanism is used for aiming at the OBU according to the warning message_aTracking the true identity of the user;

and 5: and the third-party trust mechanism reduces the trust value of the vehicle unit which sends the malicious message, checks the trust value of the vehicle unit, judges the vehicle unit as a malicious node if the trust value of the vehicle unit is less than a critical value N, broadcasts the initial pseudonym of the vehicle unit to all roadside units, enables all the roadside units to stop providing access service for the vehicle unit, and simultaneously carries out further processing under the roadside and cancels the vehicle unit.

The step 1 comprises the following steps:

step 1.1: the vehicle unit registers to a third party trust authority at an initial stage, and specifically comprises:

step 1.1.1: the vehicle unit submits the real identity ID of the vehicle unit to a third-party trust authority through a secure channel;

and 1.1.2: third party trust authority random selection

As the private key of the third party trust authority, and then selecting a symmetric encryption algorithm E with a key of K_K() To calculate an initial pseudonym V for the vehicle unit_ID＝E_K(ID) followed by setting an initial trust value for the vehicle unit to N₀And calculating the private signature key of the vehicle unit as

Wherein H₀For the hash function, P ∈ G₁，G₁An addition group selected for a third party trust authority, P being G₁The number of the generator in the inner layer,

is a finite field;

step 1.1.3: third party trust authority will { s over secure channel_v,V_ID,N₀Sending the data to a vehicle unit;

step 1.1.4: vehicle unit pair received s_v,V_ID,N₀Storing;

step 1.2: the roadside unit registers to a third party trust authority at an initial stage, and the method specifically comprises the following steps:

step 1.2.1: the roadside unit submits the real identity R of the roadside unit to a third-party trust authority through a secure channel_ID；

Step 1.2.2: the third party trust organization calculates the signature private key of the roadside unit as

Third party trust authority random selection

As the group private key of the roadside unit, and calculating the group public key of the roadside unit as PK_g＝s_gP；

Step 1.2.3: the third party trust mechanism will make a great deal through a secure channels_R,s_g,PK_gSending the data to a roadside unit;

step 1.2.4: roadside unit pair received s_R,s_g,PK_gAnd storing.

In the step 2, the V2I authentication protocol is executed between the vehicle unit and the roadside unit, which specifically includes the following steps:

step 2.1: the roadside unit periodically broadcasts a first message { R } to the surroundings_ID,PK_g,σ₁,TS₁}；

Wherein σ₁Is a first signature and is generated by the roadside unit,

signature private key s representing the use of roadside units_RPairing information { PK through identity-based signature scheme BLMQ_g，TS₁Sign, TS₁Is a time stamp, h_RSU＝H₁(PK_g||TS₁,x₁)，H₁In order to be a function of the hash function,

g is an addition group G₁A point of (1), r_RSUIs a random number, and is a random number,

V_RSU＝(r_RSU+h_RSU)s_R；

step 2.2: when a vehicle unit comes within communication range of a roadside unit, a first message { R is received_ID,PK_g,σ₁,TS₁Checking the time stamp TS first₁If it is valid, if the time stamp TS₁If it is valid, the first signature σ is verified₁Determine equation one

Whether the result is true or not;

where e is a bilinear map, P_pubSystem public key, P, generated for a third party trust authority_pub＝sP；

If the equation is established, the roadside unit is legal, and the vehicle unit selects the random number r_OBUUsing the private signature key s of the vehicle unit_VPairing information { r ] through an identity-based signature scheme BLMQ_OBU，TS₂Signing to generate a second signature

A first shared key K is then calculated for the vehicle unit and the roadside unit_V-R＝PK_gr_OBU＝s_gPr_OBUThen using the secret key as K_V-RSymmetric encryption algorithm of

For initial pseudonym V_IDAnd a random number r_OBUEncrypting to generate ciphertext

Finally, a second message { c, r is sent to the roadside unit_OBUP,σ₂,TS₂And go to step 2.3;

wherein the content of the first and second substances,

TS₂is a time stamp, h_OBU＝H₁(r_OBU||TS₂,x₂)，

V_OBU＝(r_OBU+h_OBU)s_V；

If the equation is not established, the vehicle unit refuses to access the roadside unit and moves to the next roadside unit;

step 2.3: the roadside unit receives the second message { c, r) from the vehicle unit_OBUP,σ₂,TS₂After that time, the device is started to be operated,checking the time stamp TS first₂If it is valid, if the time stamp TS₂If valid, the first shared secret key K is calculated_V-R＝r_OBUPs_g＝r_OBUPK_gAnd using the first shared key K_V-RDecrypting the ciphertext c to obtain V of the vehicle unit_IDAnd r_OBUAnd then verify the second signature σ of the vehicle unit₂Judging equation two

Whether or not:

if the second equation is established, the vehicle unit is legal, and the step 2.4 is entered;

if the second equation is not satisfied, the roadside unit refuses to provide the access service for the vehicle unit;

step 2.4: vehicle unit selection random number x_OBUThen using the secret key as K_V-RSymmetric encryption algorithm of

For x_OBUP-cipher generation of third message

And sends a third message c to the roadside unit₁(ii) a Wherein the content of the first and second substances,

step 2.5: the roadside unit receives the third message c from the vehicle unit₁Thereafter, first the first shared key K is used_V-RThe third message c₁Decrypting to obtain x of the vehicle unit_OBUP, then select the ith random number

Generating the ith new pseudonym V for the vehicle unit_i＝{V_i,1,V_i,2And generating an ith group signing key sk for the vehicle unit_i＝s_gH₃(V_i,2,r_OBUx_OBUP) and selects T as the validity period of the group signing key, followed by the use of the key K_V-RSymmetric encryption algorithm of

For the ith new pseudonym V_iThe ith group signing key sk_iAnd generating ith fourth message by encrypting the validity period T of the group signing key

And sends an ith fourth message c to the vehicle unit_2i(ii) a Wherein, V_i,1＝u_iP，

H₂、H₃Are all hash functions;

step 2.6: the vehicle unit receives the ith fourth message c_2iThereafter, the first shared key K is used_V-RThe ith fourth message c_2iDecipher to obtain < sk_i,V_iT >, then will be < sk_i,V_iAnd T is stored in TPD of the vehicle unit, and a group signature key list { < sk is finally obtained₁,V₁,T＞,＜sk₂,V₂,T＞,...,＜sk_i,V_i,T＞,...,＜sk_n,V_n,T＞}。

In step 3, two vehicle units OBU_aAnd OBU_bThe method executes a V2V authentication protocol, and specifically comprises the following steps:

step 3.1: OBU_aRandomly selecting a new pseudonym V_j＝{V_j,1,V_j,2V and new pseudonyms_jCorresponding group signing key sk_jGenerating an OBU_aGroup signature public key

Then an identity-based group signature scheme IGS is performed on the group public key PK_gAnd OBU_aGroup signature public key

Signing to generate a third signature

And to the OBU_bSending a fifth message

Wherein, TS_aIs a time stamp;

step 3.2: OBU_bReceiving the fifth message

Then, the timestamp TS is checked first_aIf it is valid, if the time stamp TS_aIf it is valid, the third signature σ is verified₃(ii) a If the third signature σ₃Successful verification, OBU_bRandomly selecting a new pseudonym V_k＝{V_k,1,V_k,2V and new pseudonyms_kCorresponding group signing key sk_kGenerating an OBU_bGroup signature public key

Then an identity-based group signature scheme IGS is performed on the group public key PK_gAnd OBU_bGroup signature public key

Signing to generate a fourth signature

Then selecting random number

Is an OBU_bAnd OBU_aCalculates a second shared secret key K therebetween_V-V＝n_bR_a＝n_bn_aP, and the second shared secret key K_V-VStored in OBU_bIn the TPD of (2), then to the OBU_aSending a sixth message

Wherein, TS_bIs a time stamp;

step 3.3: OBU_aReceiving the sixth message

Then, the timestamp TS is checked first_bIf it is valid, if the time stamp TS_bIf it is valid, the fourth signature σ is verified₄(ii) a If the fourth signature σ₄If the verification is successful, calculating a second shared secret key K_V-V＝n_aR_b＝n_an_bP, and the second shared secret key K_V-VStored in OBU_aIn the TPD of (1).

The step 4 comprises the following steps:

step 4.1: on two vehicle units OBU_aAnd OBU_bDuring communication between the OBU and the other OBU_bReceive OBU_aWhen message m is sent, OBU_bThe message m will be verified if the OBU_bUsing a second shared secret key K_V-VIf the message m cannot be decrypted, the message m is not verified, the message m is judged to be a malicious message, and a warning message alert is generated, wherein the warning message alert comprises an OBU (on-board unit)_aMessage m and OBU sent_aNew pseudonym V used_jThen sending a warning message alert to the adjacent roadside unit;

step 4.2: after receiving the warning message alert, the adjacent roadside unit sends the warning message alert to a third-party trust mechanism through a safety channel;

step 4.3: after the third party trust machine receives the warning message alert, according to the OBU_aNew pseudonym V used_j＝{V_j,1,V_j,2Calculate OBU_aInitial pseudonym of

Finally, for the initial pseudonym V_IDDecrypting to obtain the OBU_aThe true identity ID of; wherein, V_j,1＝u_jP，

The invention has the beneficial effects that:

firstly, the anonymous identity authentication scheme based on the ID-based group signature is applied to the identity privacy protection of the vehicle nodes in the VANETs, the pseudonyms and the group signature are used, the vehicle nodes are guaranteed to finish access authentication and safe communication under the condition that the real identities of the vehicle nodes are not exposed, the anonymity of the identities of the vehicle nodes can be guaranteed, and therefore the privacy protection strength of the vehicle nodes is improved;

secondly, the invention adopts an identity-based mechanism system, and does not need to store a large number of public key certificates, thereby avoiding the expense of certificate storage and management, improving the authentication efficiency, reducing the calculation expense and the communication expense of the authentication scheme, and greatly improving the performance of the authentication system.

Drawings

Fig. 1 is a structural diagram of the anonymous authentication system of VANETs based on ID-based group signature according to the present invention.

Detailed Description

The invention will be further described with reference to the following figures and examples.

The invention aims to provide a VANETs anonymous authentication system and method based on ID-based group signature, which are used for ensuring the anonymity of the identity of a vehicle node and avoiding the expense of certificate storage and management, thereby improving the privacy protection strength and the authentication efficiency of the vehicle node and simultaneously reducing the calculation expense and the communication expense of an authentication scheme.

Fig. 1 shows a structure diagram of the VANETs anonymous authentication system based on ID-based group signature according to the present invention. In fig. 1, TA (trustedauthority) represents a third party trust authority of the present invention, TA being generally controlled by a government regulatory authority; rsu (road Side unit) represents a roadside unit of the present invention, and obu (onboard unit) represents a vehicle unit of the present invention.

The invention discloses a VANETs anonymous authentication system based on ID-based group signature, which is characterized in that: the system comprises a third-party trust authority, a plurality of roadside units and a plurality of vehicle units;

the third-party trust mechanism is connected with the roadside unit through a network, the vehicle unit is connected with the roadside unit through the network, and the third-party trust mechanism is communicated with the vehicle unit through the roadside unit; the third-party trust mechanism and the roadside units trust each other, the third-party trust mechanism is completely trusted by the vehicle units, the vehicle units and the roadside units do not trust each other, the vehicle units do not trust each other, and the roadside units do not trust each other;

the third-party trust mechanism registers for a roadside unit and a vehicle unit entering VANETs, generates an initial pseudonym, an initial trust value and a signature private key of the vehicle unit for the vehicle unit, and generates a signature private key, a group private key and a group public key of the roadside unit for the roadside unit;

the roadside unit is an infrastructure established at the roadside and generates a new pseudonym, a group signature key and the validity period of the group signature key for a legally accessed vehicle unit;

the vehicle unit is a communication unit loaded on a vehicle node, the vehicle unit is switched among different roadside units along with the movement process of the vehicle node, the vehicle unit is responsible for communication between the corresponding vehicle node and the roadside units and between the corresponding vehicle node and other vehicle nodes, and different vehicle units can directly communicate in a neighbor range and communicate outside the neighbor range in an opportunistic routing manner; the vehicle unit can issue safety information periodically, wherein the safety information comprises the pseudonym, the current speed, the position and the road condition of a vehicle node corresponding to the vehicle unit; the vehicle unit registers to a third-party trust authority after a corresponding vehicle node enters a VANETs, and the vehicle unit obtains a new pseudonym, a group signature key and the validity period of the group signature key which are generated for the vehicle unit by a roadside unit serving as a group manager through bidirectional authentication with the roadside unit;

only the third-party trust authority can obtain the real identity of the vehicle unit, and only the third-party trust authority can cancel the vehicle unit; the roadside unit can assist a third party trust authority in tracking the true identity of the vehicle unit.

A method for anonymous authentication by using the VANETs anonymous authentication system based on ID-based group signature is characterized by comprising the following steps:

step 1: the roadside unit and the vehicle unit register with a third-party trust authority at an initial stage, the third-party trust authority generates an initial pseudonym, an initial trust value and a signature private key of the vehicle unit for the vehicle unit, and the third-party trust authority generates a signature private key, a group private key and a group public key of the roadside unit for the roadside unit;

step 2: during the moving process of the vehicle unit, when the vehicle unit moves to the wireless communication range of the accessible roadside unit, a V2I authentication protocol is executed between the vehicle unit and the roadside unit to authenticate whether the vehicle unit and the roadside unit are legal or not, and if the vehicle unit and the roadside unit are legal, the roadside unit generates the validity period of a new pseudonym, a group signature key and a group signature key for the legally accessed vehicle unit;

and step 3: legal two vehicle unit OBU completing V2I authentication_aAnd OBU_bPerforms a V2V authentication protocol to accomplish mutual authentication, i.e., OBU_aAnd OBU_bIf the mutual authentication is legal, if the OBU is not legal_aAnd OBU_bIf both are legal, the OBU is started_aAnd OBU_bObtaining a second shared secret key for subsequent secure communication;

the V2I (Vehicle to Infrastructure) authentication protocol refers to an authentication protocol for communication between a Vehicle unit and a roadside unit, and is one of t communications in VANETs; the V2V (Vehicle to Vehicle) authentication protocol is a two-way authentication protocol for communication between Vehicle units.

And 4, step 4: on two vehicle units OBU_aAnd OBU_bDuring communication between the OBU and the other OBU_bReceive OBU_aWhen message m is sent, OBU_bThe message m is verified, if the message m fails to pass the verification, the message m is judged to be a malicious message, and a warning message is sent to an adjacent roadside unit; the adjacent roadside unit further sends the warning message to a third-party trust mechanism; third party trust authority rootAccording to the warning message pair OBU_aTracking the true identity of the user;

and 5: and the third-party trust mechanism reduces the trust value of the vehicle unit which sends the malicious message, checks the trust value of the vehicle unit, judges the vehicle unit as a malicious node if the trust value of the vehicle unit is less than a critical value N, broadcasts the initial pseudonym of the vehicle unit to all roadside units, enables all the roadside units to stop providing access service for the vehicle unit, and simultaneously carries out further processing under the roadside and cancels the vehicle unit.

The step 1 comprises the following steps:

step 1.1: the vehicle unit registers to a third party trust authority at an initial stage, and specifically comprises:

step 1.1.1: the vehicle unit submits the real identity ID of the vehicle unit to a third-party trust authority through a secure channel;

step 1.1.2: third party trust authority random selection

As the private key of the third party trust authority, and then selecting a symmetric encryption algorithm E with a key of K_K() To calculate an initial pseudonym V for the vehicle unit_ID＝E_K(ID) followed by setting an initial trust value for the vehicle unit to N₀And calculating the private signature key of the vehicle unit as

Wherein H₀For the hash function, P ∈ G₁，G₁An addition group selected for a third party trust authority, P being G₁The number of the generator in the inner layer,

is a finite field;

step 1.1.3: third party trust authority will { s over secure channel_v,V_ID,N₀Sending the data to a vehicle unit;

step 1.1.4: vehicle unit pair receivingS of_v,V_ID,N₀Storing;

step 1.2: the roadside unit registers to a third party trust authority at an initial stage, and the method specifically comprises the following steps:

step 1.2.1: the roadside unit submits the real identity R of the roadside unit to a third-party trust authority through a secure channel_ID；

Step 1.2.2: the third party trust organization calculates the signature private key of the roadside unit as

Third party trust authority random selection

As the group private key of the roadside unit, and calculating the group public key of the roadside unit as PK_g＝s_gP；

Step 1.2.3: third party trust authority will { s over secure channel_R,s_g,PK_gSending the data to a roadside unit;

step 1.2.4: roadside unit pair received s_R,s_g,PK_gAnd storing.

In the step 2, the V2I authentication protocol is executed between the vehicle unit and the roadside unit, which specifically includes the following steps:

step 2.1: the roadside unit periodically broadcasts a first message { R } to the surroundings_ID,PK_g,σ₁,TS₁}；

Wherein σ₁Is a first signature and is generated by the roadside unit,

signature private key s representing the use of roadside units_RPairing information { PK through identity-based signature scheme BLMQ_g，TS₁Sign, TS₁Is a time stamp, h_RSU＝H₁(PK_g||TS₁,x₁)，H₁In order to be a function of the hash function,

g is an addition group G₁A point of (1), r_RSUIs a random number, and is a random number,

V_RSU＝(r_RSU+h_RSU)s_R；

step 2.2: when a vehicle unit comes within communication range of a roadside unit, a first message { R is received_ID,PK_g,σ₁,TS₁Checking the time stamp TS first₁If it is valid, if the time stamp TS₁If it is valid, the first signature σ is verified₁Determine equation one

Whether the result is true or not;

where e is a bilinear map, P_pubSystem public key, P, generated for a third party trust authority_pub＝sP；

If the equation is established, the roadside unit is legal, and the vehicle unit selects the random number r_OBUUsing the private signature key s of the vehicle unit_VPairing information { r ] through an identity-based signature scheme BLMQ_OBU，TS₂Signing to generate a second signature

A first shared key K is then calculated for the vehicle unit and the roadside unit_V-R＝PK_gr_OBU＝s_gPr_OBUThen using the secret key as K_V-RSymmetric encryption algorithm of

For initial pseudonym V_IDAnd a random number r_OBUEncrypting to generate ciphertext

Finally, a second message { c, r is sent to the roadside unit_OBUP,σ₂,TS₂And go to step 2.3;

wherein the content of the first and second substances,

TS₂is a time stamp, h_OBU＝H₁(r_OBU||TS₂,x₂)，

V_OBU＝(r_OBU+h_OBU)s_V；

If the equation is not established, the vehicle unit refuses to access the roadside unit and moves to the next roadside unit;

step 2.3: the roadside unit receives the second message { c, r) from the vehicle unit_OBUP,σ₂,TS₂After that, check the timestamp TS first₂If it is valid, if the time stamp TS₂If valid, the first shared secret key K is calculated_V-R＝r_OBUPs_g＝r_OBUPK_gAnd using the first shared key K_V-RDecrypting the ciphertext c to obtain V of the vehicle unit_IDAnd r_OBUAnd then verify the second signature σ of the vehicle unit₂Judging equation two

Whether or not:

if the second equation is established, the vehicle unit is legal, and the step 2.4 is entered;

if the second equation is not satisfied, the roadside unit refuses to provide the access service for the vehicle unit;

step 2.4: vehicle unit selection random number x_OBUThen using the secret key as K_V-RSymmetric encryption algorithm of

For x_OBUP-cipher generation of third message

And sends a third message c to the roadside unit₁(ii) a Wherein the content of the first and second substances,

step 2.5: the roadside unit receives the third message c from the vehicle unit₁Thereafter, first the first shared key K is used_V-RThe third message c₁Decrypting to obtain x of the vehicle unit_OBUP, then select the ith random number

Generating the ith new pseudonym V for the vehicle unit_i＝{V_i,1,V_i,2And generating an ith group signing key sk for the vehicle unit_i＝s_gH₃(V_i,2,r_OBUx_OBUP) and selects T as the validity period of the group signing key, followed by the use of the key K_V-RSymmetric encryption algorithm of

For the ith new pseudonym V_iThe ith group signing key sk_iAnd generating ith fourth message by encrypting the validity period T of the group signing key

And sends an ith fourth message c to the vehicle unit_2i(ii) a Wherein, V_i,1＝u_iP，

H₂、H₃Are all hash functions;

step 2.6: the vehicle unit receives the ith fourth message c_2iThereafter, the first shared key K is used_V-RThe ith fourth message c_2iDecipher to obtain < sk_i,V_iT >, then will be < sk_i,V_i,T＞The key list is stored in the TPD of the vehicle unit, and the group signature key list { < sk is finally obtained₁,V₁,T＞,＜sk₂,V₂,T＞,...,＜sk_i,V_i,T＞,...,＜sk_n,V_n,T＞}。

Among them, tpd (tamperprofvice) is a tamper resistant device used to perform security operations such as signature and credit updates. BLMQ is an identity-based signature scheme proposed by paulos.l.m.barreto, benoitlilbert, noelmccullagagh, and Jean-JacquesQuisquater, in which a user can verify whether the signature of the other party is legitimate only by providing the identity to the other party without the public key of the other party. When the group signing key is generated, the third-party trust mechanism and the related parameters of the roadside unit are needed at the same time, and an attacker cannot forge the key, so that only legal group members can sign the message and cannot sign on behalf of other group members, and the signature can be opened and the real identity of the signer can be restored only by the third-party trust mechanism, so that the anonymity of the user identity is protected, and the identity privacy protection of the system is realized.

In step 3, two vehicle units OBU_aAnd OBU_bThe method executes a V2V authentication protocol, and specifically comprises the following steps:

step 3.1: OBU_aRandomly selecting a new pseudonym V_j＝{V_j,1,V_j,2V and new pseudonyms_jCorresponding group signing key sk_jGenerating an OBU_aGroup signature public key

Then an identity-based group signature scheme IGS is performed on the group public key PK_gAnd OBU_aGroup signature public key

Signing to generate a third signature

And to the OBU_bSending a fifth message

Wherein, TS_aIs a time stamp;

step 3.2: OBU_bReceiving the fifth message

Then, the timestamp TS is checked first_aIf it is valid, if the time stamp TS_aIf it is valid, the third signature σ is verified₃(ii) a If the third signature σ₃Successful verification, OBU_bRandomly selecting a new pseudonym V_k＝{V_k,1,V_k,2V and new pseudonyms_kCorresponding group signing key sk_kGenerating an OBU_bGroup signature public key

Then an identity-based group signature scheme IGS is performed on the group public key PK_gAnd OBU_bGroup signature public key

Signing to generate a fourth signature

Then selecting random number

Is an OBU_bAnd OBU_aCalculates a second shared secret key K therebetween_V-V＝n_bR_a＝n_bn_aP, and the second shared secret key K_V-VStored in OBU_bIn the TPD of (2), then to the OBU_aSending a sixth message

Wherein, TS_bIs a time stamp;

step 3.3: OBU_aReceiving the sixth message

Then, the timestamp TS is checked first_bIf valid, if the timestamp isTS_bIf it is valid, the fourth signature σ is verified₄(ii) a If the fourth signature σ₄If the verification is successful, calculating a second shared secret key K_V-V＝n_aR_b＝n_an_bP, and the second shared secret key K_V-VStored in OBU_aIn the TPD of (1).

The ID-based group Signature scheme proposed by Pankaj Sarde, Amitabh Banerjee is an ID-based group Signature, which is an IGS (ID-based group Signature), in which a user can generate a Signature on behalf of the whole group as a group member. In the invention, the identity-based group signature scheme IGS is applied to the anonymous access authentication process of the vehicle nodes entering the VANETs, so that the legality of the vehicle node identities and the safety of subsequent communication can be ensured, and the identity privacy of the vehicle nodes is effectively protected.

The step 4 comprises the following steps:

step 4.1: on two vehicle units OBU_aAnd OBU_bDuring communication between the OBU and the other OBU_bReceive OBU_aWhen message m is sent, OBU_bThe message m will be verified if the OBU_bUsing a second shared secret key K_V-VIf the message m cannot be decrypted, the message m is not verified, the message m is judged to be a malicious message, and a warning message alert is generated, wherein the warning message alert comprises an OBU (on-board unit)_aMessage m and OBU sent_aNew pseudonym V used_jThen sending a warning message alert to the adjacent roadside unit;

step 4.2: after receiving the warning message alert, the adjacent roadside unit sends the warning message alert to a third-party trust mechanism through a safety channel;

step 4.3: after the third party trust machine receives the warning message alert, according to the OBU_aNew pseudonym V used_j＝{V_j,1,V_j,2Calculate OBU_aInitial pseudonym of

Finally, for the initial pseudonym V_IDDecrypting to obtain the OBU_aThe true identity ID of; wherein, V_j,1＝u_jP，

The above description details one embodiment of the present invention. It is to be understood that the above-described embodiments are only some embodiments of the present invention, and not all embodiments; the above examples are only for explaining the present invention and do not constitute a limitation to the scope of protection of the present invention. All other embodiments, which can be derived by those skilled in the art from the above-described embodiments without any creative effort, namely all modifications, equivalents, improvements and the like made within the spirit and principle of the present application, fall within the protection scope of the present invention claimed.

Claims (4)

1. A method for anonymous authentication of a VANETs anonymous authentication system based on ID-based group signature comprises a third party trust mechanism, a plurality of roadside units and a plurality of vehicle units;

the third-party trust mechanism is connected with the roadside unit through a network, the vehicle unit is connected with the roadside unit through the network, and the third-party trust mechanism is communicated with the vehicle unit through the roadside unit; the third-party trust mechanism and the roadside units trust each other, the third-party trust mechanism is completely trusted by the vehicle units, the vehicle units and the roadside units do not trust each other, the vehicle units do not trust each other, and the roadside units do not trust each other;

the third-party trust mechanism registers for a roadside unit and a vehicle unit entering VANETs, generates an initial pseudonym, an initial trust value and a signature private key of the vehicle unit for the vehicle unit, and generates a signature private key, a group private key and a group public key of the roadside unit for the roadside unit;

the roadside unit is an infrastructure established at the roadside and generates a new pseudonym, a group signature key and the validity period of the group signature key for a legally accessed vehicle unit;

the vehicle unit is a communication unit loaded on a vehicle node, the vehicle unit is switched among different roadside units along with the movement process of the vehicle node, the vehicle unit is responsible for communication between the corresponding vehicle node and the roadside units and between the corresponding vehicle node and other vehicle nodes, and different vehicle units can directly communicate in a neighbor range and communicate outside the neighbor range in an opportunistic routing manner; the vehicle unit can issue safety information periodically, wherein the safety information comprises the pseudonym, the current speed, the position and the road condition of a vehicle node corresponding to the vehicle unit; the vehicle unit registers to a third-party trust authority after a corresponding vehicle node enters a VANETs, and the vehicle unit obtains a new pseudonym, a group signature key and the validity period of the group signature key which are generated for the vehicle unit by a roadside unit serving as a group manager through bidirectional authentication with the roadside unit;

only the third-party trust authority can obtain the real identity of the vehicle unit, and only the third-party trust authority can cancel the vehicle unit; the roadside unit can assist a third-party trust authority in tracking the real identity of the vehicle unit;

the method is characterized by comprising the following steps:

step 1: the roadside unit and the vehicle unit register with a third-party trust authority at an initial stage, the third-party trust authority generates an initial pseudonym, an initial trust value and a signature private key of the vehicle unit for the vehicle unit, and the third-party trust authority generates a signature private key, a group private key and a group public key of the roadside unit for the roadside unit;

step 2: during the moving process of the vehicle unit, when the vehicle unit moves to the wireless communication range of the accessible roadside unit, a V2I authentication protocol is executed between the vehicle unit and the roadside unit to authenticate whether the vehicle unit and the roadside unit are legal or not, and if the vehicle unit and the roadside unit are legal, the roadside unit generates the validity period of a new pseudonym, a group signature key and a group signature key for the legally accessed vehicle unit;

and step 3: legal two vehicle unit OBU completing V2I authentication_aAnd OBU_bBetweenPerforming the V2V authentication protocol to accomplish mutual authentication, i.e. OBU_aAnd OBU_bIf the mutual authentication is legal, if the OBU is not legal_aAnd OBU_bIf both are legal, the OBU is started_aAnd OBU_bObtaining a second shared secret key for subsequent secure communication;

and 4, step 4: on two vehicle units OBU_aAnd OBU_bDuring communication between the OBU and the other OBU_bReceive OBU_aWhen message m is sent, OBU_bThe message m is verified, if the message m fails to pass the verification, the message m is judged to be a malicious message, and a warning message is sent to an adjacent roadside unit; the adjacent roadside unit further sends the warning message to a third-party trust mechanism; the third party trust mechanism is used for aiming at the OBU according to the warning message_aTracking the true identity of the user;

and 5: the third-party trust mechanism reduces the trust value of the vehicle unit which sends the malicious message, checks the trust value of the vehicle unit, if the trust value of the vehicle unit is less than the critical value N, the vehicle unit is judged as a malicious node, the third-party trust mechanism broadcasts the initial pseudonym of the vehicle unit to all roadside units, all the roadside units stop providing access service for the vehicle unit, and meanwhile, the third-party trust mechanism carries out further processing under the roadside and cancels the vehicle unit;

the step 1 comprises the following steps:

step 1.1: the vehicle unit registers to a third party trust authority at an initial stage, and specifically comprises:

step 1.1.1: the vehicle unit submits the real identity ID of the vehicle unit to a third-party trust authority through a secure channel;

step 1.1.2: third party trust authority random selection

As the private key of the third party trust authority, and then selecting a symmetric encryption algorithm E with a key of K_K() To calculate an initial pseudonym V for the vehicle unit_ID＝E_K(ID) followed by setting an initial trust value for the vehicle unit to N₀And calculateThe private signature key of the vehicle unit is

Wherein H₀For the hash function, P ∈ G₁，G₁An addition group selected for a third party trust authority, P being G₁The number of the generator in the inner layer,

is a finite field;

step 1.1.3: third party trust authority will { s over secure channel_v,V_ID,N₀Sending the data to a vehicle unit;

step 1.1.4: vehicle unit pair received s_v,V_ID,N₀Storing;

step 1.2: the roadside unit registers to a third party trust authority at an initial stage, and the method specifically comprises the following steps:

step 1.2.1: the roadside unit submits the real identity R of the roadside unit to a third-party trust authority through a secure channel_ID；

Step 1.2.2: the third party trust organization calculates the signature private key of the roadside unit as

Third party trust authority random selection

As the group private key of the roadside unit, and calculating the group public key of the roadside unit as PK_g＝s_gP；

Step 1.2.3: third party trust authority will { s over secure channel_R,s_g,PK_gSending the data to a roadside unit;

step 1.2.4: roadside unit pair received s_R,s_g,PK_gAnd storing.

2. The ID-based group signature VANETs anonymous authentication method as claimed in claim 1, wherein in step 2, a V2I authentication protocol is performed between the vehicle unit and the roadside unit, specifically comprising the steps of:

step 2.1: the roadside unit periodically broadcasts a first message { R } to the surroundings_ID,PK_g,σ₁,TS₁}；

Wherein σ₁Is a first signature and is generated by the roadside unit,

signature private key s representing the use of roadside units_RPairing information { PK through identity-based signature scheme BLMQ_g，TS₁Sign, TS₁Is a time stamp, h_RSU＝H₁(PK_g||TS₁,x₁)，H₁In order to be a function of the hash function,

g is an addition group G₁A point of (1), r_RSUIs a random number, and is a random number,

V_RSU＝(r_RSU+h_RSU)s_R；

step 2.2: when a vehicle unit comes within communication range of a roadside unit, a first message { R is received_ID,PK_g,σ₁,TS₁Checking the time stamp TS first₁If it is valid, if the time stamp TS₁If it is valid, the first signature σ is verified₁Determine equation one

Whether the result is true or not;

where e is a bilinear map, P_pubSystem public key, P, generated for a third party trust authority_pub＝sP；

If the equation is established, the roadside unit is legal, and the vehicle unit selects the random number r_OBUUsing the private signature key s of the vehicle unit_VPairing information { r ] through an identity-based signature scheme BLMQ_OBU，TS₂Signing to generate a second signature

A first shared key is then calculated for use between the vehicle unit and the roadside unit

Then using the secret key as K_V-RSymmetric encryption algorithm of

For initial pseudonym V_IDAnd a random number r_OBUEncrypting to generate ciphertext

Finally, a second message { c, r is sent to the roadside unit_OBUP,σ₂,TS₂And go to step 2.3;

wherein the content of the first and second substances,

TS₂is a time stamp, h_OBU＝H₁(r_OBU||TS₂,x₂)，

V_OBU＝(r_OBU+h_OBU)s_V；

If the equation is not established, the vehicle unit refuses to access the roadside unit and moves to the next roadside unit;

step 2.3: the roadside unit receives the second message { c, r) from the vehicle unit_OBUP,σ₂,TS₂After that, check the timestamp TS first₂Whether or not it is effectiveIf the time stamp TS₂If valid, the first shared secret key K is calculated_V-R＝r_OBUPs_g＝r_OBUPK_gAnd using the first shared key K_V-RDecrypting the ciphertext c to obtain V of the vehicle unit_IDAnd r_OBUAnd then verify the second signature σ of the vehicle unit₂Judging equation two

Whether or not:

if the second equation is established, the vehicle unit is legal, and the step 2.4 is entered;

if the second equation is not satisfied, the roadside unit refuses to provide the access service for the vehicle unit;

step 2.4: vehicle unit selection random number x_OBUThen using the secret key as K_V-RSymmetric encryption algorithm of

For x_OBUP-cipher generation of third message

And sends a third message c to the roadside unit₁(ii) a Wherein the content of the first and second substances,

step 2.5: the roadside unit receives the third message c from the vehicle unit₁Thereafter, first the first shared key K is used_V-RThe third message c₁Decrypting to obtain x of the vehicle unit_OBUP, then select the ith random number

Generating the ith new pseudonym V for the vehicle unit_i＝{V_i,1,V_i,2And generating an ith group signing key sk for the vehicle unit_i＝s_gH₃(V_i,2,r_OBUx_OBUP) and selects T as the validity period of the group signing key, followed by the use of the key K_V-RSymmetric encryption algorithm of

For the ith new pseudonym V_iThe ith group signing key sk_iAnd generating ith fourth message by encrypting the validity period T of the group signing key

And sends an ith fourth message c to the vehicle unit_2i(ii) a Wherein, V_i,1＝u_iP，

H₂、H₃Are all hash functions;

step 2.6: the vehicle unit receives the ith fourth message c_2iThereafter, the first shared key K is used_V-RThe ith fourth message c_2iDecipher to obtain < sk_i,V_iT >, then will be < sk_i,V_iAnd T is stored in TPD of the vehicle unit, and a group signature key list { < sk is finally obtained₁,V₁,T＞,＜sk₂,V₂,T＞,…,＜sk_i,V_i,T＞,...,＜sk_n,V_n,T＞}。

3. The method for anonymous authentication of VANETs based on ID-based group signatures as claimed in claim 2, wherein in step 3, two vehicle units OBUs_aAnd OBU_bThe method executes a V2V authentication protocol, and specifically comprises the following steps:

step 3.1: OBU_aRandomly selecting a new pseudonym V_j＝{V_j,1,V_j,2V and new pseudonyms_jCorresponding group signing key sk_jGenerating an OBU_aGroup signature public key

Then an identity-based group signature scheme IGS is performed on the group public key PK_gAnd OBU_aGroup signature public key

Signing to generate a third signature

And to the OBU_bSending a fifth message

Wherein, TS_aIs a time stamp;

step 3.2: OBU_bReceiving the fifth message

Then, the timestamp TS is checked first_aIf it is valid, if the time stamp TS_aIf it is valid, the third signature σ is verified₃(ii) a If the third signature σ₃Successful verification, OBU_bRandomly selecting a new pseudonym V_k＝{V_k,1,V_k,2V and new pseudonyms_kCorresponding group signing key sk_kGenerating an OBU_bGroup signature public key

Then an identity-based group signature scheme IGS is performed on the group public key PK_gAnd OBU_bGroup signature public key

Signing to generate a fourth signature

Then selecting random number

Is an OBU_bAnd OBU_aTo calculate a second share therebetweenSecret key K_V-V＝n_bR_a＝n_bn_aP, and the second shared secret key K_V-VStored in OBU_bIn the TPD of (2), then to the OBU_aSending a sixth message

Wherein, TS_bIs a time stamp;

step 3.3: OBU_aReceiving the sixth message

Then, the timestamp TS is checked first_bIf it is valid, if the time stamp TS_bIf it is valid, the fourth signature σ is verified₄(ii) a If the fourth signature σ₄If the verification is successful, calculating a second shared secret key K_V-V＝n_aR_b＝n_an_bP, and the second shared secret key K_V-VStored in OBU_aIn the TPD of (1).

4. The method for anonymously authenticating VANETs based on ID-based group signatures as claimed in claim 3, wherein said step 4 comprises the steps of:

step 4.1: on two vehicle units OBU_aAnd OBU_bDuring communication between the OBU and the other OBU_bReceive OBU_aWhen message m is sent, OBU_bThe message m will be verified if the OBU_bUsing a second shared secret key K_V-VIf the message m cannot be decrypted, the message m is not verified, the message m is judged to be a malicious message, and a warning message alert is generated, wherein the warning message alert comprises an OBU (on-board unit)_aMessage m and OBU sent_aNew pseudonym V used_jThen sending a warning message alert to the adjacent roadside unit;

step 4.2: after receiving the warning message alert, the adjacent roadside unit sends the warning message alert to a third-party trust mechanism through a safety channel;

step 4.3: after the third party trust machine receives the warning message alert, according to the OBU_aNew fake of useName V_j＝{V_j,1,V_j,2Calculate OBU_aInitial pseudonym of

Finally, for the initial pseudonym V_IDDecrypting to obtain the OBU_aThe true identity ID of; wherein, V_j,1＝u_jP，

Images