CN110366176B - Key negotiation method for vehicle-mounted self-organizing network - Google Patents

Key negotiation method for vehicle-mounted self-organizing network Download PDF

Info

Publication number
CN110366176B
CN110366176B CN201910536975.9A CN201910536975A CN110366176B CN 110366176 B CN110366176 B CN 110366176B CN 201910536975 A CN201910536975 A CN 201910536975A CN 110366176 B CN110366176 B CN 110366176B
Authority
CN
China
Prior art keywords
vehicle
mounted device
key
key agreement
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910536975.9A
Other languages
Chinese (zh)
Other versions
CN110366176A (en
Inventor
侯延昭
许晓东
陶小峰
孟锐
王晓雪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN201910536975.9A priority Critical patent/CN110366176B/en
Publication of CN110366176A publication Critical patent/CN110366176A/en
Application granted granted Critical
Publication of CN110366176B publication Critical patent/CN110366176B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention provides a key negotiation method of a vehicle-mounted self-organizing network, which comprises the following steps: sending identity authentication request information to a trusted authority; receiving identity confirmation information sent by the trusted authority; sending key agreement request information to the second onboard device; receiving key negotiation response information sent by the second vehicle-mounted device; and if the obtained key negotiation response information is effective, calculating a communication private key between the first vehicle-mounted device and the second vehicle-mounted device. The key agreement method of the vehicle-mounted self-organizing network provided by the embodiment of the invention comprises the steps of firstly carrying out identity authentication on a vehicle-mounted device, then judging whether to carry out key agreement or not by verifying whether a message is valid or not by two negotiation parties, and finally realizing bidirectional authentication and negotiating out a communication private key. The privacy of the vehicle is protected and the computational overhead of the key agreement mechanism is small.

Description

Key negotiation method for vehicle-mounted self-organizing network
Technical Field
The invention relates to the technical field of mobile communication, in particular to a key negotiation method of a vehicle-mounted self-organizing network.
Background
The vehicle-mounted self-organizing network is a large network which realizes wireless communication and information exchange between vehicles (V2V), between vehicles and a base station (V2I) and between vehicles and pedestrians (V2P) according to a specific communication protocol, and is also an integrated network which can realize intelligent transportation and dynamic information service. The vehicle-mounted self-organizing network consists of a vehicle-mounted unit, a roadside unit and a trusted authority. The On Board Unit (OBU) will install wireless communication means for communicating with other vehicles and roadside units; the roadside unit (RSU) can receive the information of other vehicles, forward the information to other vehicles and perform wired communication with a trusted authority; the Trusted Authority (TA) performs identity authentication on the vehicle, and can identify and manage the vehicle under the condition of traffic accidents, forged information and the like.
The vehicle-mounted ad hoc network requires that the vehicle periodically broadcasts information such as the position and the speed of the vehicle to other vehicles and roadside units, but the information sent by the vehicle is transmitted in an unsafe wireless multi-hop mode, and an eavesdropper can attack the vehicle network by eavesdropping a channel, so that the position privacy of the owner of the vehicle is exposed, and meanwhile, the collected information can be used for scattering error information to other vehicles, so that the vehicle privacy protection in the vehicle network is of great importance. In addition, since the computing power of the car networking users in the car networking is generally limited, the computing overhead of the key agreement mechanism is required to be as small as possible.
Disclosure of Invention
It is an object of embodiments of the present invention to provide a key agreement method for a vehicular ad hoc network that overcomes or at least partially solves the above mentioned problems.
In order to solve the foregoing technical problem, an embodiment of the present invention provides a key agreement method for a vehicle-mounted ad hoc network, including:
sending identity authentication request information to a trusted authority, wherein the identity authentication request information comprises an identity identifier of a first vehicle-mounted device and an identity identifier of a second vehicle-mounted device, the first vehicle-mounted device is an initiator of key agreement, and the second vehicle-mounted device is an agreement object of the first vehicle-mounted device;
receiving identity confirmation information sent by the trusted authority, wherein the identity confirmation information is sent by the trusted authority under the condition that the identities of the first vehicle-mounted device and the second vehicle-mounted device are both legal;
sending key negotiation request information to the second vehicle-mounted device, wherein the key negotiation request information is generated by the first vehicle-mounted device according to a preset elliptic curve cryptographic algorithm;
receiving key agreement response information sent by the second vehicle-mounted device, wherein the key agreement response information is sent by the second vehicle-mounted device under the condition that the key agreement request information is verified to be valid;
and if the key negotiation response information is judged to be valid, calculating a communication private key between the first vehicle-mounted device and the second vehicle-mounted device.
Further, before sending the identity authentication request information to the trusted authority, the method further includes:
and receiving the system information broadcast by the trusted authority and the identity identification broadcast by the second vehicle-mounted device.
Further, the system information comprises parameters E, q, Ppub、h0、h1And h2
Wherein, PpubE is an elliptic curve over a finite field, q is the order of a finite cyclic group on the elliptic curve, P is a generator of the finite cyclic group on the elliptic curve, PpubIs a system public key, s is a first random number, h0Is a first hash function, h1Is a second hash function, h2Is a third hash function.
Further, the key negotiation request message includes a parameter ID1、PID0、R0And delta0
Wherein:
Figure BDA0002101422350000021
R0=r0P
δ0=f0r0
f0=h0(ID1,PID0,R0)
PID0、R0、δ0and f0Are all intermediate process parameters, r0Is a second random number, u0Is a third randomNumber, ID0Is the identity, ID, of the first vehicle-mounted device1For the identity of the second onboard device, P is the generator of the finite cyclic group on the elliptic curve, h0Is a first hash function.
Further, the second vehicle-mounted device verifies whether the key agreement request information is valid through a first preset verification formula, if the first preset verification formula is established, the key agreement request information is valid, otherwise, the key agreement request information is invalid;
the first preset verification formula is as follows:
δ0P=f0R0
wherein R is0、δ0And f0Are intermediate process parameters, and P is the generator of the finite cyclic group on the elliptic curve.
Further, the key agreement response information comprises a parameter PID0、R1、δ1
Wherein:
Figure BDA0002101422350000031
R1=r1P
δ1=f1r1
f1=h2(PID0,ID1,SK,r1R0)
R0=r0P
SK=h1(r1R0,ID1,PID0)
PID0、R1、δ1、f1and R0Are all intermediate process parameters, r0Is a second random number, u0Is a third random number, r1Is a fourth random number, ID0Is the identity, ID, of the first vehicle-mounted device1For the identity of the second vehicle-mounted device, P is the generator of the finite cyclic group on the elliptic curve, and SK is the first vehicle-mounted devicePrivate key of communication between device and second in-vehicle device, h1Is a second hash function, h2Is a third hash function.
Further, before the calculating the private key for communication between the first in-vehicle device and the second in-vehicle device, the method further includes:
verifying whether the key negotiation response information is valid through a second preset verification formula, if the second preset verification formula is established, the key negotiation response information is valid, otherwise, the key negotiation response information is invalid;
the second preset verification formula is as follows:
δ1P=f1R1
wherein R is1、δ1And f1Are intermediate process parameters, and P is the generator of the finite cyclic group on the elliptic curve.
In another aspect, an embodiment of the present invention provides a first vehicle-mounted device, including:
the authentication module is used for sending identity authentication request information to a trusted authority, wherein the identity authentication request information comprises an identity identifier of a first vehicle-mounted device and an identity identifier of a second vehicle-mounted device, the first vehicle-mounted device is an initiator of key agreement, and the second vehicle-mounted device is an agreement object of the first vehicle-mounted device;
a first receiving module, configured to receive identity confirmation information sent by the trusted authority, where the identity confirmation information is sent by the trusted authority when it is determined that the identities of the first onboard device and the second onboard device are both legal;
the negotiation module is used for sending key negotiation request information to the second vehicle-mounted device, and the key negotiation request information is generated by the first vehicle-mounted device according to a preset elliptic curve cryptographic algorithm;
a second receiving module, configured to receive key agreement response information sent by the second onboard apparatus, where the key agreement response information is sent by the second onboard apparatus when the key agreement request information is verified to be valid;
and the key generation module is used for calculating a communication private key between the first vehicle-mounted device and the second vehicle-mounted device if the key negotiation response information is judged to be valid.
In another aspect, an embodiment of the present invention provides an electronic device, including: a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the above method when executing the computer program.
In yet another aspect, the present invention provides a non-transitory computer readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of the above method.
The key agreement method of the vehicle-mounted self-organizing network provided by the embodiment of the invention comprises the steps of firstly carrying out identity authentication on a vehicle-mounted device, then judging whether to carry out key agreement or not by verifying whether a message is valid or not by two negotiation parties, and finally realizing bidirectional authentication and negotiating out a communication private key. The privacy of the vehicle is protected and the computational overhead of the key agreement mechanism is small.
Drawings
Fig. 1 is a schematic diagram of a key agreement method of a vehicle-mounted ad hoc network according to an embodiment of the present invention;
fig. 2 is a schematic view of a scenario of a key negotiation mechanism of a vehicle-mounted ad hoc network according to an embodiment of the present invention;
fig. 3 is a timing diagram of a key agreement mechanism of a vehicle ad hoc network according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a first onboard device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic diagram of a key agreement method for a vehicle-mounted ad hoc network according to an embodiment of the present invention, and as shown in fig. 1, the embodiment of the present invention provides a key agreement method for a vehicle-mounted ad hoc network, where an execution subject of the key agreement method is a first vehicle-mounted device, and the method includes:
step S101, identity authentication request information is sent to a trusted authority, the identity authentication request information comprises an identity of a first vehicle-mounted device and an identity of a second vehicle-mounted device, the first vehicle-mounted device is an initiator of key agreement, and the second vehicle-mounted device is an agreement object of the first vehicle-mounted device.
Specifically, fig. 2 is a schematic view of a scenario of a key agreement mechanism of a vehicle ad hoc network according to an embodiment of the present invention, as shown in fig. 2, a first vehicle-mounted device V0Is the initiator of the key agreement. Second onboard device V1Is V0The negotiation object of (2). The trusted authority is a registry, is a completely trusted third party, and can resist various security attacks. The task of the system is to generate system parameters, which are broadcast to each vehicle.
Firstly, a first vehicle-mounted device V0And sending identity authentication request information to the trusted authority. When the system is initialized, the trusted authority of the system broadcasts system information, and all vehicle-mounted devices in the area can receive the system information broadcasted by the trusted authority. When the first vehicle-mounted device V0And a second vehicle-mounted device V1When the communication condition is satisfied, for example, when the first in-vehicle device V0And a second vehicle-mounted device V1When the distance between the first and second vehicle-mounted devices is less than the preset distance, the first vehicle-mounted device V0And a second onboard device V1Respectively broadcast the identification marks of the first vehicle-mounted device V0Receives the second onboard device V1Broadcast its identity ID1Then, it is desired to communicate with the second in-vehicle device V1The key agreement is carried out on the first vehicleDevice V0Sending identity authentication request information to a trusted authority, wherein the identity authentication request information comprises a first vehicle-mounted device V0ID of0And a second onboard device V1ID of1
Step S102, receiving identity confirmation information sent by the trusted authority, wherein the identity confirmation information is sent by the trusted authority under the condition that the identity of the first vehicle-mounted device and the identity of the second vehicle-mounted device are both legal.
Specifically, the trusted authority receives the first in-vehicle device V0After the transmitted identity authentication request information, the first vehicle-mounted device V is subjected to0And a second onboard device V1Is authenticated after confirming the first in-vehicle device V0And a second onboard device V1To the first vehicle-mounted device V under the condition that the identities of the vehicle-mounted devices are legal0And sending identity confirmation information.
First vehicle-mounted device V0Receiving identity confirmation information sent by the trusted authority, wherein the identity confirmation information is used for indicating that the trusted authority passes the second vehicle-mounted device V1The identity authentication of (1).
Step S103, sending key negotiation request information to the second vehicle-mounted device, wherein the key negotiation request information is generated by the first vehicle-mounted device according to a preset elliptic curve cryptography algorithm.
Specifically, the first in-vehicle device V0And after receiving the identity confirmation information sent by the trusted authority, starting to perform key agreement. First vehicle-mounted device V0To the second onboard device V1Transmitting key agreement request information by the first in-vehicle device V0And generating according to a preset elliptic curve cryptographic algorithm.
In the embodiment of the invention, a key negotiation mechanism uses a mathematic difficult-to-solve problem to protect the security of a key, wherein the mathematic difficult-to-solve problem is as follows:
(1) discrete logarithm difficult-to-solve problem: gx≡ a mod p, solving x is a difficult problem when integers g and a are known, and a large prime number p is known;
(2) elliptic curve discrete logarithm difficult-to-solve problem: the problem is based on an elliptic curve cryptography algorithm, and the calculation of the integer k is problematic for any one of the discrete points S and Q on the elliptic curve E, so that the equation kS ═ Q holds.
Step S104 is to receive key agreement response information sent by the second onboard device, where the key agreement response information is sent by the second onboard device when the key agreement request information is verified to be valid.
Specifically, the second in-vehicle device V1Receives the first vehicle-mounted device V0After the key agreement request information is sent, whether the key agreement request information is valid is verified through a first preset verification formula, and when the key agreement request information is valid, the key agreement request information is sent to the first vehicle-mounted device V0And sending key agreement response information. First vehicle-mounted device V0Receive the second onboard device V1And sending the key agreement response information.
When the key agreement request message is invalid, the second in-vehicle device V1This key agreement is terminated.
Step S105, if it is determined that the key agreement response information is valid, calculating a communication private key between the first in-vehicle device and the second in-vehicle device.
Specifically, when the first in-vehicle device V0Receives the second onboard device V1After the key agreement response message is sent, the validity of the key agreement response message also needs to be verified, and if the key agreement response message is judged to be valid, the first vehicle-mounted device V is calculated0And a second onboard device V1The private key of communication between.
When the key agreement response message is invalid, the first in-vehicle device V0This key agreement is terminated.
The key agreement method of the vehicle-mounted self-organizing network provided by the embodiment of the invention comprises the steps of firstly carrying out identity authentication on a vehicle-mounted device, then judging whether to carry out key agreement or not by verifying whether a message is valid or not by two negotiation parties, and finally realizing bidirectional authentication and negotiating out a communication private key. The privacy of the vehicle is protected and the computational overhead of the key agreement mechanism is small.
Based on any one of the above embodiments, further before sending the identity authentication request information to the trusted authority, the method further includes:
and receiving the system information broadcast by the trusted authority and the identity identification broadcast by the second vehicle-mounted device.
Specifically, when the system is initialized, the trusted authority of the system broadcasts system information, and all vehicle-mounted devices in the area can receive the system information broadcasted by the trusted authority. When the first vehicle-mounted device V0And a second vehicle-mounted device V1When the communication condition is satisfied, for example, when the first in-vehicle device V0And a second vehicle-mounted device V1When the distance between the first and second vehicle-mounted devices is less than the preset distance, the first vehicle-mounted device V0And a second onboard device V1Respectively broadcast the identification marks of the first vehicle-mounted device V0Receives the second onboard device V1Broadcast its identity ID1Then, it is desired to communicate with the second in-vehicle device V1The first vehicle-mounted device V carries out key agreement0And sending identity authentication request information to the trusted authority.
The key agreement method of the vehicle-mounted self-organizing network provided by the embodiment of the invention comprises the steps of firstly carrying out identity authentication on a vehicle-mounted device, then judging whether to carry out key agreement or not by verifying whether a message is valid or not by two negotiation parties, and finally realizing bidirectional authentication and negotiating out a communication private key. The privacy of the vehicle is protected and the computational overhead of the key agreement mechanism is small.
Based on any of the above embodiments, further, the system information includes parameters E, q, P, and Ppub、h0、h1And h2
Wherein, PpubE is an elliptic curve over a finite field, q is the order of a finite cyclic group on the elliptic curve, P is a generator of the finite cyclic group on the elliptic curve, PpubIs a system public key, s is a first random number, h0Is a first hash function, h1Is a second hash function, h2Is a third hash function.
Specifically, in the embodiment of the present invention, the key agreement mechanism uses a mathematical difficult-to-solve problem to protect the security of the key, where the mathematical difficult-to-solve problem is as follows:
(1) discrete logarithm difficult-to-solve problem: gx≡ a mod p, solving x is a difficult problem when integers g and a are known, and a large prime number p is known;
(2) elliptic curve discrete logarithm difficult-to-solve problem: the problem is based on an elliptic curve cryptography algorithm, and the calculation of the integer k is problematic for any one of the discrete points S and Q on the elliptic curve E, so that the equation kS ═ Q holds.
When the system is initialized, the system information broadcast by the trusted authority of the system comprises parameters E, q, P and Ppub、h0、h1And h2
Wherein, PpubE is an elliptic curve over a finite field, FqIs a large prime number P, q is the order of a finite cyclic group on the elliptic curve, P is the generator of the finite cyclic group on the elliptic curve, PpubIs a system public key, s is a first random number,
Figure BDA0002101422350000081
Figure BDA0002101422350000082
is a predetermined domain, h0Is a first hash function, h1Is a second hash function, h2Is a third hash function.
The key agreement method of the vehicle-mounted self-organizing network provided by the embodiment of the invention comprises the steps of firstly carrying out identity authentication on a vehicle-mounted device, then judging whether to carry out key agreement or not by verifying whether a message is valid or not by two negotiation parties, and finally realizing bidirectional authentication and negotiating out a communication private key. The privacy of the vehicle is protected and the computational overhead of the key agreement mechanism is small.
Based on any of the above embodiments, further, the key agreement request information includes a parameter ID1、PID0、R0And delta0
Wherein:
Figure BDA0002101422350000091
R0=r0P;
δ0=f0r0
f0=h0(ID1,PID0,R0);
PID0、R0、δ0and f0Are all intermediate process parameters, r0Is a second random number, u0Is a third random number, ID0Is the identity, ID, of the first vehicle-mounted device1For the identity of the second onboard device, P is the generator of the finite cyclic group on the elliptic curve, h0Is a first hash function.
Specifically, the first in-vehicle device V0And after receiving the identity confirmation information sent by the trusted authority, starting to perform key agreement. First vehicle-mounted device V0To the second onboard device V1Transmitting key agreement request information by the first in-vehicle device V0And generating according to a preset elliptic curve cryptographic algorithm.
The key agreement request information includes a parameter ID1、PID0、R0And delta0
Wherein:
Figure BDA0002101422350000092
R0=r0P;
δ0=f0r0
f0=h0(ID1,PID0,R0);
PID0、R0、δ0and f0All are involved in the intermediate processNumber r0Is a second random number that is a function of the first random number,
Figure BDA0002101422350000093
u0is a third random number that is a random number,
Figure BDA0002101422350000094
Figure BDA0002101422350000095
is a predetermined domain, r0Is a second random number, u0Is a third random number, ID0Is the identity, ID, of the first vehicle-mounted device1For the identity of the second onboard device, P is the generator of the finite cyclic group on the elliptic curve, h0Is a first hash function.
The key agreement method of the vehicle-mounted self-organizing network provided by the embodiment of the invention comprises the steps of firstly carrying out identity authentication on a vehicle-mounted device, then judging whether to carry out key agreement or not by verifying whether a message is valid or not by two negotiation parties, and finally realizing bidirectional authentication and negotiating out a communication private key. The privacy of the vehicle is protected and the computational overhead of the key agreement mechanism is small.
Based on any one of the above embodiments, further, the second onboard apparatus verifies whether the key agreement request information is valid through a first preset verification formula, if the first preset verification formula is true, the key agreement request information is valid, otherwise, the key agreement request information is invalid;
the first preset verification formula is as follows:
δ0P=f0R0
wherein R is0、δ0And f0Are intermediate process parameters, and P is the generator of the finite cyclic group on the elliptic curve.
Specifically, the second in-vehicle device V1Receives the first vehicle-mounted device V0After the key agreement request information is sent, whether the key agreement request information is valid is verified through a first preset verification formula, and when the key agreement request information is valid, the key agreement request information is sent to the first vehicle-mounted device V0And sending key agreement response information. First vehicle-mounted device V0Receive the second onboard device V1And sending the key agreement response information.
When the key agreement request message is invalid, the second in-vehicle device V1This key agreement is terminated.
Second onboard device V1And verifying whether the key negotiation request information is valid through a first preset verification formula, if the first preset verification formula is established, the key negotiation request information is valid, and if not, the key negotiation request information is invalid.
The first preset verification formula is as follows:
δ0P=f0R0
wherein R is0、δ0And f0Are intermediate process parameters, and P is the generator of the finite cyclic group on the elliptic curve.
First predetermined verification formula delta0P=f0R0Can be derived as δ0P=(f0r0)P=f0(r0P)=f0R0The satisfaction of the first preset verification formula indicates that the second in-vehicle device V1 received the information from the first in-vehicle device V0The information of (1).
The key agreement method of the vehicle-mounted self-organizing network provided by the embodiment of the invention comprises the steps of firstly carrying out identity authentication on a vehicle-mounted device, then judging whether to carry out key agreement or not by verifying whether a message is valid or not by two negotiation parties, and finally realizing bidirectional authentication and negotiating out a communication private key. The privacy of the vehicle is protected and the computational overhead of the key agreement mechanism is small.
Based on any of the above embodiments, further, the key agreement response information includes a parameter PID0、R1、δ1
Wherein:
Figure BDA0002101422350000111
R1=r1P;
δ1=f1r1
f1=h2(PID0,ID1,SK,r1R0);
R0=r0P;
SK=h1(r1R0,ID1,PID0);
PID0、R1、δ1、f1and R0Are all intermediate process parameters, r0Is a second random number, u0Is a third random number, r1Is a fourth random number, ID0Is the identity, ID, of the first vehicle-mounted device1P is a generation element of a finite cyclic group on an elliptic curve, SK is a communication private key between the first vehicle-mounted device and the second vehicle-mounted device, and h is an identity of the second vehicle-mounted device1Is a second hash function, h2Is a third hash function.
Specifically, when the key agreement request message is valid, the second in-vehicle device V1Generating key negotiation response information and sending the key negotiation response information to the first vehicle-mounted device V0
The key agreement response information comprises a parameter PID0、R1、δ1
Wherein:
Figure BDA0002101422350000112
R1=r1P;
δ1=f1r1
f1=h2(PID0,ID1,SK,r1R0);
R0=r0P;
SK=h1(r1R0,ID1,PID0);
PID0、R1、δ1、f1and R0Are all intermediate process parameters, r0Is a second random number that is a function of the first random number,
Figure BDA0002101422350000113
Figure BDA0002101422350000114
u0is a third random number that is a random number,
Figure BDA0002101422350000115
r1is a fourth random number, and is,
Figure BDA0002101422350000116
Figure BDA0002101422350000117
is a predetermined domain, ID0Is the identity, ID, of the first vehicle-mounted device1P is a generation element of a finite cyclic group on an elliptic curve, SK is a communication private key between the first vehicle-mounted device and the second vehicle-mounted device, and h is an identity of the second vehicle-mounted device1Is a second hash function, h2Is a third hash function.
The key agreement method of the vehicle-mounted self-organizing network provided by the embodiment of the invention comprises the steps of firstly carrying out identity authentication on a vehicle-mounted device, then judging whether to carry out key agreement or not by verifying whether a message is valid or not by two negotiation parties, and finally realizing bidirectional authentication and negotiating out a communication private key. The privacy of the vehicle is protected and the computational overhead of the key agreement mechanism is small.
Based on any one of the above embodiments, further before the calculating the private key for communication between the first in-vehicle device and the second in-vehicle device, the method further includes:
verifying whether the key negotiation response information is valid through a second preset verification formula, if the second preset verification formula is established, the key negotiation response information is valid, otherwise, the key negotiation response information is invalid;
the second preset verification formula is as follows:
δ1P=f1R1
wherein R is1、δ1And f1Are intermediate process parameters, and P is the generator of the finite cyclic group on the elliptic curve.
Specifically, when the first in-vehicle device V0Receives the second onboard device V1After the key agreement response message is sent, the validity of the key agreement response message also needs to be verified, and if the key agreement response message is judged to be valid, the first vehicle-mounted device V is calculated0And a second onboard device V1The private key of communication between.
When the key agreement response message is invalid, the first in-vehicle device V0This key agreement is terminated.
First vehicle-mounted device V0And verifying whether the key negotiation response information is valid through a second preset verification formula, if the second preset verification formula is established, the key negotiation response information is valid, and if not, the key negotiation response information is invalid.
The second preset verification formula is as follows:
δ1P=f1R1
wherein R is1、δ1And f1Are intermediate process parameters, and P is the generator of the finite cyclic group on the elliptic curve.
First vehicle-mounted device V0Verifying the formula delta by a second preset1P=f1R1Verifying the correctness of the digital signature, and a second predetermined verification formula delta1P=f1R1Can be deduced as delta1P=(f1r1)P=f1(r1P)=f1R1The establishment of the formula explains the first vehicle-mounted device V0Has received the information from the second in-vehicle device V1The message of (2).
First vehicle-mounted device V0Calculating it and a second onboard device V1The formula of the private key for communication between the two is as follows:
SK=h1(r0R1,ID1,PID0)
wherein, PID0And R1Are all intermediate process parameters, r0Is a second random number that is a function of the first random number,
Figure BDA0002101422350000121
Figure BDA0002101422350000122
is a predetermined domain, ID1SK is a private key of communication between the first vehicle-mounted device and the second vehicle-mounted device, h is an identity of the second vehicle-mounted device1Is a second hash function.
In contrast to the above embodiment, the second in-vehicle device V1Calculate it and the first vehicle-mounted device V0The formula of the private key for communication between the two is as follows:
SK=h1(r1R0,ID1,PID0)
PID0and R0Are all intermediate process parameters, r1Is a fourth random number, and is,
Figure BDA0002101422350000131
Figure BDA0002101422350000132
is a predetermined domain, ID1SK is a private key of communication between the first vehicle-mounted device and the second vehicle-mounted device, h is an identity of the second vehicle-mounted device1Is a second hash function.
The difference of the two calculated communication private keys lies in r0R1And r1R0According to r0R1=r0r1P=r1r0P=r1R0It can be seen that the first in-vehicle device V0Generated communication private key and second in-vehicle device V1The generated private communication key is consistent.
The security analysis of the key agreement mechanism in the embodiment of the invention is as follows:
(1) in the first vehicle-mounted device V0The second onboard device V1And in the process of carrying out key agreement, the digital signature is used for verifying the correctness of the message, the subsequent information interaction step can be continued only if the signature verification is passed, and if the signature is not passed, repeated signature authentication is carried out or the vehicle node is abandoned. The digital signature can solve the problems of repudiation, forgery, falsification and the like of information in the transmission process, ensure that the information received by the node comes from a safe node, and prevent the attack of a malicious node.
(2) In the key agreement process, the first vehicle-mounted device V0The second onboard device V1The negotiated communication key satisfies SK h1(r0R1,ID1,PID0)=h1(r1R0,ID1,PID0) Wherein r is0、r1Are respectively the first vehicle-mounted device V0The second onboard device V1And selecting a random number. Based on the problem of discrete logarithm of an elliptic curve, only a first vehicle-mounted device V in the communication system0The second onboard device V1Knowing the random number of its own choosing, it is difficult for the rest of the devices to calculate it, and the final session key is only the first vehicle-mounted device V0The second onboard device V1Knowing, therefore, the first vehicle-mounted device V0The second onboard device V1The negotiated session key is secure.
(3) In the key agreement process, the first vehicle-mounted device V0Before sending out the key agreement application, the identity authentication is carried out to the trusted authority, and a second vehicle-mounted device V is obtained1Is unique identification ID of1. But the second in-vehicle device V1Only receives the first vehicle-mounted device V0Temporary identity PID of0Due to calculation of PID0In the formula (a) u0Is a first vehicle-mounted device V0Randomly selected, thus the second vehicle-mounted device V1The first vehicle-mounted device V cannot be obtained0Thereby protecting the first vehicle-mounted device V0The identity security of the system realizes the hidden key negotiation initiator V0The purpose of the identity.
The key agreement method of the vehicle-mounted self-organizing network provided by the embodiment of the invention comprises the steps of firstly carrying out identity authentication on a vehicle-mounted device, then judging whether to carry out key agreement or not by verifying whether a message is valid or not by two negotiation parties, and finally realizing bidirectional authentication and negotiating out a communication private key. The privacy of the vehicle is protected and the computational overhead of the key agreement mechanism is small.
Fig. 3 is a timing diagram of a key agreement mechanism of a vehicle ad hoc network according to an embodiment of the present invention, where as shown in fig. 3, the mechanism includes:
s1, negotiating key to initiator vehicle V0Initializing a system in the vehicle-mounted self-organizing network, wherein a trusted authority of the system publishes system parameters: params ═ { E, P, q, P ═ Ppub,h0,h1,h2};
S2、V0Submitting an identity authentication application to a trusted authority, the trusted authority applying to V0Returning system private keys s and V0Vehicle node V to be negotiated1ID of1;V1Application for identity authentication to trusted authority, trusted authority checking V1After the validity of the authorization V1Returning a unique identity ID1
S3、V0To V1Sending a message V0→V1:req=(ID1,PID0,R0,δ0);V1Return V0Message V1→V0:res=(PID0,R1,δ1);V0Verifying the received response message res ═ (PID)0,R1,δ1)。
Fig. 4 is a schematic diagram of a first vehicle-mounted device according to an embodiment of the present invention, and as shown in fig. 4, the first vehicle-mounted device according to the embodiment of the present invention includes an authentication module 401, a first receiving module 402, a negotiation module 403, a second receiving module 404, and a key generation module 405, where:
the authentication module 401 is configured to send identity authentication request information to a trusted authority, where the identity authentication request information includes an identity of a first vehicle-mounted device and an identity of a second vehicle-mounted device, the first vehicle-mounted device is an initiator of key agreement, and the second vehicle-mounted device is an object of the first vehicle-mounted device in agreement.
The first receiving module 402 is configured to receive identity confirmation information sent by the trusted authority, where the identity confirmation information is sent by the trusted authority when it is determined that the identities of the first onboard device and the second onboard device are both legal.
The negotiation module 403 is configured to send a key negotiation request message to the second vehicle-mounted device, where the key negotiation request message is generated by the first vehicle-mounted device according to a preset elliptic curve cryptography algorithm.
The second receiving module 404 is configured to receive a key agreement response message sent by the second vehicle-mounted device, where the key agreement response message is sent by the second vehicle-mounted device under the condition that the key agreement request message is verified to be valid.
The key generation module 405 is configured to calculate a communication private key between the first vehicle-mounted device and the second vehicle-mounted device if it is determined that the key agreement response message is valid.
Specifically, first, the first onboard device V0Identity authentication request information is sent to the trusted authority through the authentication module 401. When the system is initialized, the trusted authority of the system broadcasts system information, and all vehicle-mounted devices in the area can receive the system information broadcasted by the trusted authority. When the first vehicle-mounted device V0And a second vehicle-mounted device V1When the communication condition is satisfied, for example, when the first in-vehicle device V0And a second vehicle-mounted device V1When the distance between the first and second vehicle-mounted devices is less than the preset distance, the first vehicle-mounted device V0And a second onboard device V1Respectively broadcast the identification marks of the first vehicle-mounted device V0Receives the second onboard device V1Broadcast its identity ID1Then, it is desired to communicate with the second in-vehicle device V1The first vehicle-mounted device V carries out key agreement0Sending identity authentication request information to a trusted authority, the identity authentication request informationThe information includes a first vehicle-mounted device V0ID of0And a second onboard device V1ID of1
The trusted authority receives the first vehicle-mounted device V0After the transmitted identity authentication request information, the first vehicle-mounted device V is subjected to0And a second onboard device V1Is authenticated after confirming the first in-vehicle device V0And a second onboard device V1To the first vehicle-mounted device V under the condition that the identities of the vehicle-mounted devices are legal0And sending identity confirmation information.
First vehicle-mounted device V0The first receiving module 402 receives the identity confirmation message sent by the trusted authority, which is used to indicate that the trusted authority passes the second vehicle-mounted device V1The identity authentication of (1).
First vehicle-mounted device V0And after receiving the identity confirmation information sent by the trusted authority, starting to perform key agreement. First vehicle-mounted device V0To the second onboard device V by means of the negotiation module 4031Transmitting key agreement request information by the first in-vehicle device V0And generating according to a preset elliptic curve cryptographic algorithm.
Second onboard device V1Receives the first vehicle-mounted device V0After the key agreement request information is sent, whether the key agreement request information is valid is verified through a first preset verification formula, and when the key agreement request information is valid, the key agreement request information is sent to the first vehicle-mounted device V0And sending key agreement response information. First vehicle-mounted device V0Receiving the second vehicle-mounted device V through the second receiving module 4041And sending the key agreement response information.
When the key agreement request message is invalid, the second in-vehicle device V1This key agreement is terminated.
When the first vehicle-mounted device V0Receives the second onboard device V1After the key agreement response message is sent, the validity of the key agreement response message also needs to be verified, and if the key agreement response message is judged to be valid, the secret key is usedThe key generation module 405 calculates the first in-vehicle device V0And a second onboard device V1The private key of communication between.
When the key agreement response message is invalid, the first in-vehicle device V0This key agreement is terminated.
The first vehicle-mounted device provided by the embodiment of the invention firstly performs identity authentication on the vehicle-mounted device, then negotiates whether to perform key negotiation or not by judging whether the verification message is valid or not, and finally realizes bidirectional authentication and negotiates a communication private key. The privacy of the vehicle is protected and the computational overhead of the key agreement mechanism is small.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 5, the electronic device includes: a processor (processor)501, a memory (memory)502, a bus 503, and computer programs stored on the memory and executable on the processor.
The processor 501 and the memory 502 complete communication with each other through a bus 503;
the processor 501 is configured to call and execute the computer program in the memory 502 to perform the steps in the above method embodiments, including:
sending identity authentication request information to a trusted authority, wherein the identity authentication request information comprises an identity identifier of a first vehicle-mounted device and an identity identifier of a second vehicle-mounted device, the first vehicle-mounted device is an initiator of key agreement, and the second vehicle-mounted device is an agreement object of the first vehicle-mounted device;
receiving identity confirmation information sent by the trusted authority, wherein the identity confirmation information is sent by the trusted authority under the condition that the identities of the first vehicle-mounted device and the second vehicle-mounted device are both legal;
sending key negotiation request information to the second vehicle-mounted device, wherein the key negotiation request information is generated by the first vehicle-mounted device according to a preset elliptic curve cryptographic algorithm;
receiving key agreement response information sent by the second vehicle-mounted device, wherein the key agreement response information is sent by the second vehicle-mounted device under the condition that the key agreement request information is verified to be valid;
and if the key negotiation response information is judged to be valid, calculating a communication private key between the first vehicle-mounted device and the second vehicle-mounted device.
In addition, the logic instructions in the memory may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand-alone product. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Embodiments of the present invention provide a computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the steps of the above-described method embodiments, for example, including:
sending identity authentication request information to a trusted authority, wherein the identity authentication request information comprises an identity identifier of a first vehicle-mounted device and an identity identifier of a second vehicle-mounted device, the first vehicle-mounted device is an initiator of key agreement, and the second vehicle-mounted device is an agreement object of the first vehicle-mounted device;
receiving identity confirmation information sent by the trusted authority, wherein the identity confirmation information is sent by the trusted authority under the condition that the identities of the first vehicle-mounted device and the second vehicle-mounted device are both legal;
sending key negotiation request information to the second vehicle-mounted device, wherein the key negotiation request information is generated by the first vehicle-mounted device according to a preset elliptic curve cryptographic algorithm;
receiving key agreement response information sent by the second vehicle-mounted device, wherein the key agreement response information is sent by the second vehicle-mounted device under the condition that the key agreement request information is verified to be valid;
and if the key negotiation response information is judged to be valid, calculating a communication private key between the first vehicle-mounted device and the second vehicle-mounted device.
An embodiment of the present invention provides a non-transitory computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the steps in the above method embodiments, for example, including:
sending identity authentication request information to a trusted authority, wherein the identity authentication request information comprises an identity identifier of a first vehicle-mounted device and an identity identifier of a second vehicle-mounted device, the first vehicle-mounted device is an initiator of key agreement, and the second vehicle-mounted device is an agreement object of the first vehicle-mounted device;
receiving identity confirmation information sent by the trusted authority, wherein the identity confirmation information is sent by the trusted authority under the condition that the identities of the first vehicle-mounted device and the second vehicle-mounted device are both legal;
sending key negotiation request information to the second vehicle-mounted device, wherein the key negotiation request information is generated by the first vehicle-mounted device according to a preset elliptic curve cryptographic algorithm;
receiving key agreement response information sent by the second vehicle-mounted device, wherein the key agreement response information is sent by the second vehicle-mounted device under the condition that the key agreement request information is verified to be valid;
and if the key negotiation response information is judged to be valid, calculating a communication private key between the first vehicle-mounted device and the second vehicle-mounted device.
The above-described embodiments of the apparatuses and devices are merely illustrative, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A key negotiation method of a vehicle-mounted self-organizing network is characterized by comprising the following steps:
sending identity authentication request information to a trusted authority, wherein the identity authentication request information comprises an identity identifier of a first vehicle-mounted device and an identity identifier of a second vehicle-mounted device, the first vehicle-mounted device is an initiator of key agreement, and the second vehicle-mounted device is an agreement object of the first vehicle-mounted device;
receiving identity confirmation information sent by the trusted authority, wherein the identity confirmation information is sent by the trusted authority under the condition that the identities of the first vehicle-mounted device and the second vehicle-mounted device are both legal;
sending key negotiation request information to the second vehicle-mounted device, wherein the key negotiation request information is generated by the first vehicle-mounted device according to a preset elliptic curve cryptographic algorithm;
receiving key agreement response information sent by the second vehicle-mounted device, wherein the key agreement response information is sent by the second vehicle-mounted device under the condition that the key agreement request information is verified to be valid;
and if the key negotiation response information is judged to be valid, calculating a communication private key between the first vehicle-mounted device and the second vehicle-mounted device.
2. The key agreement method for the vehicular ad hoc network according to claim 1, wherein before sending the identity authentication request message to the trusted authority, the method further comprises:
and receiving the system information broadcast by the trusted authority and the identity identification broadcast by the second vehicle-mounted device.
3. The key agreement method for the vehicular ad hoc network according to claim 2, wherein the system information includes parameters E, q, Ppub、h0、h1And h2
Wherein, PpubE is an elliptic curve over a finite field, q is the order of a finite cyclic group on the elliptic curve, P is a generator of the finite cyclic group on the elliptic curve, PpubIs a system public key, s is a first random number, h0Is a first hash function, h1Is a second hash function, h2Is a third hash function.
4. According to the rightThe key agreement method of the vehicular ad hoc network according to claim 3, wherein the key agreement request message includes a parameter ID1、PID0、R0And delta0
Wherein:
Figure FDA0002101422340000011
R0=r0P
δ0=f0r0
f0=h0(ID1,PID0,R0)
PID0、R0、δ0and f0Are all intermediate process parameters, r0Is a second random number, u0Is a third random number, ID0Is the identity, ID, of the first vehicle-mounted device1For the identity of the second onboard device, P is the generator of the finite cyclic group on the elliptic curve, h0Is a first hash function.
5. The key agreement method of the vehicle ad hoc network according to claim 4, wherein the second vehicle-mounted device verifies whether the key agreement request message is valid through a first preset verification formula, if the first preset verification formula equation is established, the key agreement request message is valid, otherwise, the key agreement request message is invalid;
the first preset verification formula is as follows:
δ0P=f0R0
wherein R is0、δ0And f0Are intermediate process parameters, and P is the generator of the finite cyclic group on the elliptic curve.
6. The key agreement method of the vehicular ad hoc network according to claim 5, wherein the key agreement response information includes a parameter PID0、R1、δ1
Wherein:
Figure FDA0002101422340000021
R1=r1P
δ1=f1r1
f1=h2(PID0,ID1,SK,r1R0)
R0=r0P
SK=h1(r1R0,ID1,PID0)
PID0、R1、δ1、f1and R0Are all intermediate process parameters, r0Is a second random number, u0Is a third random number, r1Is a fourth random number, ID0Is the identity, ID, of the first vehicle-mounted device1P is a generation element of a finite cyclic group on an elliptic curve, SK is a communication private key between the first vehicle-mounted device and the second vehicle-mounted device, and h is an identity of the second vehicle-mounted device1Is a second hash function, h2Is a third hash function.
7. The key agreement method for the vehicle-mounted ad hoc network according to claim 6, wherein before calculating the private key for communication between the first vehicle-mounted device and the second vehicle-mounted device, the method further comprises:
verifying whether the key negotiation response information is valid through a second preset verification formula, if the second preset verification formula is established, the key negotiation response information is valid, otherwise, the key negotiation response information is invalid;
the second preset verification formula is as follows:
δ1P=f1R1
wherein R is1、δ1And f1Are all intermediate process parameters, P is on the elliptic curveIs generated from the finite cyclic group.
8. A first vehicle-mounted device, comprising:
the authentication module is used for sending identity authentication request information to a trusted authority, wherein the identity authentication request information comprises an identity identifier of a first vehicle-mounted device and an identity identifier of a second vehicle-mounted device, the first vehicle-mounted device is an initiator of key agreement, and the second vehicle-mounted device is an agreement object of the first vehicle-mounted device;
a first receiving module, configured to receive identity confirmation information sent by the trusted authority, where the identity confirmation information is sent by the trusted authority when it is determined that the identities of the first onboard device and the second onboard device are both legal;
the negotiation module is used for sending key negotiation request information to the second vehicle-mounted device, and the key negotiation request information is generated by the first vehicle-mounted device according to a preset elliptic curve cryptographic algorithm;
a second receiving module, configured to receive key agreement response information sent by the second onboard apparatus, where the key agreement response information is sent by the second onboard apparatus when the key agreement request information is verified to be valid;
and the key generation module is used for calculating a communication private key between the first vehicle-mounted device and the second vehicle-mounted device if the key negotiation response information is judged to be valid.
9. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the key agreement method of the vehicle ad hoc network according to any one of claims 1 to 7 when executing the computer program.
10. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor, carries out the steps of the key agreement method of the ad hoc network in vehicle according to any one of claims 1 to 7.
CN201910536975.9A 2019-06-20 2019-06-20 Key negotiation method for vehicle-mounted self-organizing network Active CN110366176B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910536975.9A CN110366176B (en) 2019-06-20 2019-06-20 Key negotiation method for vehicle-mounted self-organizing network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910536975.9A CN110366176B (en) 2019-06-20 2019-06-20 Key negotiation method for vehicle-mounted self-organizing network

Publications (2)

Publication Number Publication Date
CN110366176A CN110366176A (en) 2019-10-22
CN110366176B true CN110366176B (en) 2021-08-06

Family

ID=68217445

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910536975.9A Active CN110366176B (en) 2019-06-20 2019-06-20 Key negotiation method for vehicle-mounted self-organizing network

Country Status (1)

Country Link
CN (1) CN110366176B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111212047B (en) * 2019-12-26 2022-03-29 国汽(北京)智能网联汽车研究院有限公司 Communication establishing method and device
CN111093169B (en) * 2019-12-26 2022-06-07 国汽(北京)智能网联汽车研究院有限公司 Communication establishing method and device
EP4254861A4 (en) * 2020-12-24 2024-01-17 Huawei Technologies Co., Ltd. Secure access method and device
CN113453223B (en) * 2021-06-07 2023-04-07 北京聚利科技有限公司 Key updating method, system, device, storage medium and terminal
CN114363858A (en) * 2022-03-21 2022-04-15 苏州浪潮智能科技有限公司 Conversation and registration method, system and related components of cellular internet of vehicles cooperative communication

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101123501A (en) * 2006-08-08 2008-02-13 西安电子科技大学 A WAPI authentication and secret key negotiation method and system
CN106027519A (en) * 2016-05-18 2016-10-12 安徽大学 Efficient condition privacy protection and security authentication method in internet of vehicles
CN108833074A (en) * 2018-04-28 2018-11-16 西安电子科技大学 The Verification System and method of vehicle self-organizing network based on homomorphic cryptography

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
MX365994B (en) * 2014-09-15 2019-06-24 Sirius Xm Radio Inc Satellite receiver option for certificate distribution.
CN106559877B (en) * 2015-09-24 2019-02-26 中兴通讯股份有限公司 The sending method and device of car networking business, resource allocation method and device
CN106330910B (en) * 2016-08-25 2019-07-19 重庆邮电大学 Strong secret protection double authentication method in car networking based on node identities and prestige
CN108881176A (en) * 2018-05-28 2018-11-23 惠州市德赛西威汽车电子股份有限公司 A kind of method of secure communication between car networking terminal
CN109040285B (en) * 2018-08-24 2023-06-20 北京汽车集团有限公司 Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101123501A (en) * 2006-08-08 2008-02-13 西安电子科技大学 A WAPI authentication and secret key negotiation method and system
CN106027519A (en) * 2016-05-18 2016-10-12 安徽大学 Efficient condition privacy protection and security authentication method in internet of vehicles
CN108833074A (en) * 2018-04-28 2018-11-16 西安电子科技大学 The Verification System and method of vehicle self-organizing network based on homomorphic cryptography

Also Published As

Publication number Publication date
CN110366176A (en) 2019-10-22

Similar Documents

Publication Publication Date Title
CN110366176B (en) Key negotiation method for vehicle-mounted self-organizing network
CN105847235B (en) Identity-based efficient anonymous batch authentication method in Internet of vehicles environment
CN109922475B (en) Vehicle authentication and message verification method under vehicle-mounted network environment
CN109412816B (en) Anonymous communication system and method for vehicle-mounted network based on ring signature
CN104683112B (en) A kind of car car safety communicating method that certification is assisted based on RSU
CN108322486B (en) Authentication method for multi-server architecture under Internet of vehicles cloud environment
CN104394000A (en) Batched certification method based on pseudonym verification public key in vehicle-mounted network
CN113596778A (en) Vehicle networking node anonymous authentication method based on block chain
KR101521412B1 (en) Protocol Management System for Aggregating Massages based on certification
CN107493165B (en) Internet of vehicles authentication and key agreement method with strong anonymity
CN109561383A (en) A kind of location privacy protection method based on dynamic assumed name exchange area
CN104853351A (en) Internet of Vehicles distributed authentication method based on controllable privacy
CN110022542A (en) A kind of anonymous authentication method of the modified based on condition secret protection
JP2016139882A (en) Communication device, LSI, program and communication system
CN104219663A (en) A method and system for certificating vehicle identity
Limbasiya et al. Secure message confirmation scheme based on batch verification in vehicular cloud computing
KR101321080B1 (en) Method of message batch verification scheme using bloom filter in vanet
Park et al. An Efficient Anonymous Authentication Protocol for Secure Vehicular Communications.
Babu et al. Robust authentication protocol for dynamic charging system of electric vehicles
Patel et al. Vehiclechain: Blockchain-based vehicular data transmission scheme for smart city
CN112437108A (en) Decentralized identity authentication device and method for privacy protection of Internet of vehicles
CN113852632A (en) Vehicle identity authentication method, system, device and storage medium based on SM9 algorithm
CN110166445A (en) A kind of the secret protection anonymous authentication and cryptographic key negotiation method of identity-based
CN115580488A (en) Vehicle-mounted network message authentication method based on block chain and physical unclonable function
CN113115309B (en) Data processing method and device for Internet of vehicles, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant