CN110830998B - Vehicle networking malicious node identification method based on trust mechanism - Google Patents

Vehicle networking malicious node identification method based on trust mechanism Download PDF

Info

Publication number
CN110830998B
CN110830998B CN201910454546.7A CN201910454546A CN110830998B CN 110830998 B CN110830998 B CN 110830998B CN 201910454546 A CN201910454546 A CN 201910454546A CN 110830998 B CN110830998 B CN 110830998B
Authority
CN
China
Prior art keywords
node
nodes
trust
vehicle
trust value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910454546.7A
Other languages
Chinese (zh)
Other versions
CN110830998A (en
Inventor
曹利
邵长虹
张俐
张淼
顾翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nantong University
Original Assignee
Nantong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nantong University filed Critical Nantong University
Priority to CN201910454546.7A priority Critical patent/CN110830998B/en
Publication of CN110830998A publication Critical patent/CN110830998A/en
Application granted granted Critical
Publication of CN110830998B publication Critical patent/CN110830998B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/12Arrangements for detecting or preventing errors in the information received by using return channel
    • H04L1/16Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
    • H04L1/1607Details of the supervisory signal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a method for identifying malicious nodes in Internet of vehicles based on a trust mechanism, and belongs to the technical field of Internet of vehicles safety. The technical scheme is as follows: a vehicle networking malicious node identification method based on a trust mechanism comprises four steps of off-line registration, network joining, trusted value calculation, identification and malicious node processing. The invention has the beneficial effects that: the invention provides a method for identifying malicious vehicle nodes based on a credible mechanism in an Internet of vehicles environment, which detects the communication condition of neighbor nodes by utilizing a wireless network hybrid monitoring mode; according to the detected result, a subjective logic model is introduced, and the idea of weighted calculation is adopted to evaluate the trust value of the vehicle node; and isolating the nodes with excessively low trust values, so that the damage of malicious nodes to the Internet of vehicles environment is reduced.

Description

Vehicle networking malicious node identification method based on trust mechanism
Technical Field
The invention relates to the technical field of Internet of vehicles safety, in particular to an Internet of vehicles malicious node identification method based on a trust mechanism.
Background
The vehicle networking (VANET) is an important component of a modern intelligent traffic system, mainly acquires attribute information of vehicles, owners of the vehicles and roads and dynamic and static information of the vehicles in the driving process through various vehicle-mounted sensors, and realizes information exchange and sharing among people and vehicles, vehicles and road side infrastructures through various communication technologies, thereby improving road safety and traffic operation efficiency.
The basic structure of the VANET system mainly comprises three main parts, namely a traffic control center (TRC), a roadside unit (RSU) and an on-board unit (OBU):
(1) The traffic control center (TRC) is the highest authority organization in the VANET, is connected with a roadside unit (RSU) through a wire and is mainly responsible for initializing traffic participants, storing core information and the like;
(2) Roadside units (RSU) are distributed at the crossroad and at two sides of the road, and provide related services such as vehicle access and identity authentication;
(3) The on-board unit (OBU) is installed in the embedded equipment of the vehicle and is used as a communication module of the vehicle to exchange information with surrounding vehicles.
Compared with traditional wired network communication, the internet of vehicles has the characteristics of open channels, limited bandwidth, variable link capacity, rapid movement, dynamic change of network topology and the like, and the characteristics cause the communication of the internet of vehicles to have a plurality of inherent security weaknesses. Currently, security research on the internet of vehicles is mainly built on traditional security mechanisms, such as data encryption, trusted routing, communication protocol security authentication, privacy protection, and the like. However, as a special form of AD HOC networks (AD HOC networks), the internet of vehicles is in a dynamic state, and although traditional mechanisms such as encryption authentication can resist attacks from external nodes to a certain extent, the traditional mechanisms do not have the ability to malicious behaviors of the internal nodes.
If a malicious node in the network refuses communication cooperation or carries out denial of service attack, the network performance will be seriously influenced, and the network security is threatened. Based on the above, a corresponding malicious node identification and elimination mechanism needs to be established on the basis of researching the safety characteristics of the Internet of vehicles.
The internet of vehicles allows vehicles to generate and broadcast vehicle, owner, road attribute information and information about road conditions during vehicle travel, such as traffic jams, traffic accidents, etc. The vehicles receiving the messages can confirm the conditions of the neighbor nodes and the front road sections according to the message contents, know the current traffic environment and enable the vehicles to timely take actions according with the interests of the vehicles. The advantages of the internet of vehicles must be reliable based on the messages generated and broadcast by the vehicles. But in reality there may be malicious vehicles in the internet of vehicles, and their intentional sending of malicious messages may cause traffic confusion. In a large internet of vehicles environment, vehicles do not trust each other. The problem that arises is how the vehicle decides whether or not it can trust messages from other vehicles.
In the prior art, the following modes exist in the detection of malicious nodes in the internet of vehicles:
1) The malicious node identification method based on the ACK comprises the following steps: the node that correctly receives the data packet sends an ACK back to the source node or the previous hop node that forwarded the data packet, thereby checking whether there is an unreliable communication connection. If the number of lost data packets on a route is larger than a set threshold value, the route is doubtful, and a malicious node may exist. However, when there is a node with malicious packet loss, simply receiving the ACK from the next hop node does not fully guarantee that the packet will be actually forwarded by the next hop node. For example, the node i forwards the data packet to the malicious node j, then i waits for the ACK packet from j, and after j sends the ACK packet to i, the data packet is discarded again, which may cause the node i to determine incorrectly.
2) The malicious node identification method based on the specification comprises the following steps: attacks against the AODV protocol are detected by establishing a finite state machine. The scheme utilizes monitoring points distributed in a network to cooperatively monitor whether a monitored node operates according to a routing specification in the AODV routing query process, and then utilizes a finite state machine formed by the specification to check and output a normal state, a suspected state and an intrusion state. According to the method, the characteristics of the attack behavior do not need to be extracted in advance, data are not needed to be trained, however, in order to detect the behavior of the node, a monitoring point needs to monitor a certain node and maintain all information and available path information generated and received by the node, so that the complexity of the monitoring point is high, and the amount of data needing to be stored is unacceptable. In addition, the method is designed based on a routing protocol, and the universality is poor.
3) The malicious node identification method based on statistics comprises the following steps: a series of rules are predefined to describe the normal behavior of the node, and meanwhile, in a promiscuous monitoring mode, the monitoring node monitors the communication of the neighbor nodes, and extracts and stores data useful for the rules. And finally, rule matching is carried out, and if the node behavior does not accord with a certain rule, the exception counter is automatically added with 1. And comparing the recorded abnormal behavior times with the expected value of the accidental fault, and if the former is greater than the latter, determining that the attack is malicious. This technique introduces the idea of deviating from tolerance, by observing the range of variation of the number of failures, to obtain the expected value of an accidental failure. The scheme requires a relatively long learning time to determine the expected value, no interaction exists between nodes, the information amount is greatly reduced, and the false alarm rate is increased.
4) The malicious node identification method based on the incentive mechanism comprises the following steps: and awarding the well-behaved nodes, and exciting the nodes to participate in network cooperation to identify the malicious nodes in the network. This mechanism can be used not only to detect attacking nodes that disrupt normal communications in the network, but also to selfish nodes that do not perform the intended functions of the mobile Ad Hoc network. This approach requires that there be a lot of additional traffic information in each packet, increasing network overhead.
5) A malicious node identification method based on a reputation mechanism comprises the following steps: whether a node is trusted directly affects the communication result. Nodes in the network exchange behavior information of other nodes with each other, expect that each node maintains reputation information of other nodes, and inform other nodes in the network of observed reputation information of other nodes. However, the conventional mainstream malicious node detection method based on the reputation mechanism, namely, the configdant protocol, the CORE scheme and the OCEAN scheme, has the following defects:
(1) CONFINNT protocol: each node comprises the following four modules: monitors, reputation systems, trust management, and path management. The basic idea is to adopt the neighbor monitoring technology to monitor neighbor nodes and evaluate the credit at the same time, and the nodes with the trust value lower than the threshold are considered as suspicious nodes. According to the scheme, only the influence of negative behaviors on reputation information is considered, and the reaction on malicious behaviors is quick; but the scheme is only a theoretical framework, and meanwhile, the method is difficult to resist \35820of a malicious node, advertises attacks, and is easy to generate misjudgment on accidental error behaviors of normal nodes.
(2) The CORE scheme comprises the following steps: CORE consists of two parts: a watchdog mechanism and a table of reputation values. Each node uses a watchdog to monitor the behavior of its neighbor nodes. Whether the node sends the data packet is judged by monitoring the transmission condition of the next hop node. If the next hop node does not send a packet, it is considered a bad node. A reputation value table is a data structure used to store the reputation values of nodes. The nodes calculate the direct credit values observed by the nodes, the indirect credit values provided by other nodes and the functional credit values through a comprehensive formula, and when the total credit value is lower than a threshold value, other nodes refuse to provide services for the nodes, so that the non-operating nodes are excluded from the network. The CORE gives different weights to different information sending, notices that the importance of different functions in the network is different, increases the complexity of a credit value system, and also has the problem of malicious defamation.
(3) OCEAN protocol: according to the scheme, indirect reputation values are not considered, only the first-hand data observed by the nodes are used, each node only selects a route according to the observed result, the complexity of the protocol is reduced, and information for judging the node behaviors is reduced. Simulation results show that the scheme is simpler than the scheme using indirect reputation values and avoids the risk of false accuracies while achieving the same performance, but is sensitive to certain parameters.
How to solve the above technical problems is the subject of the present invention.
Disclosure of Invention
The invention aims to provide a vehicle networking malicious node identification method based on a trust mechanism, which is used for detecting each neighbor node of a vehicle node in a network in real time through a hybrid monitoring mode, carrying out trust evaluation according to the communication behavior of the neighbor node and judging whether the node is a malicious node or not through a trust value.
The invention is realized by the following measures: a method for identifying malicious nodes in Internet of vehicles based on a trust mechanism comprises the following steps:
step one, online registration:
registering the purchased vehicles in a vehicle management place, generating digital business cards to be stored in a database of a vehicle management center, wherein the digital business cards comprise vehicle IDs (identity), vehicle basic information, reporting trust values and access trust values, giving initial values, and generating key pairs;
step two, adding the network:
1) And (3) joining the communication domain: sending the existing message to a network, and establishing a preliminary link with the neighbor node;
2) Identity authentication: interacting with a trusted center to authenticate identity and assign a trust value;
step three, calculating a credible value:
1) And (3) behavior detection: the node evaluates the trust value according to the communication behavior of the neighbor node in the promiscuous monitoring mode;
2) And (3) calculating a trust value: calculating a trust value according to the mixed monitoring result;
step four, identifying and processing the malicious nodes:
and when the communication credibility value of the nodes is lower than the threshold value, all the nodes in the network refuse to cooperate with the nodes, and the nodes are isolated from the network.
Further, the step one specifically includes the steps of:
step1: the vehicle information provided by the vehicle management is registered on the license plate;
step2: the vehicle management station generates a digital business card for the vehicle according to the vehicle information, wherein the digital business card comprises: vehicle ID, vehicle color, brand, engine number information, and generates a pair key pair (PUv, PKv).
Further, the two stages of adding the network and the identity authentication in the second step are specifically:
(1) The network joining specifically comprises the following steps:
step1: the vehicle node broadcasts a message of self existence to declare the self existence;
step2: the neighbor node receives the existence message, replies the self existence message and informs the existence of the other side;
step3, the two parties determine the existence of the other party, establish connection, synchronize clocks and negotiate the time for sending the existing message next time;
(2) The identity authentication specifically comprises the following steps:
step1: the vehicle sends a request authentication message to the authentication center, the message field 1 indicates that the message type is an authentication request messageEncrypting with a public key of a trusted center, the encrypted message including a self ID random number N 1 Time stamp T 1 The message format is: m (1 | | E (PU) tc ,ID||N 1 ||T 1 ));
Step2: the trusted center receives the authentication request message, encrypts and sends an ACK message by using the public key of the vehicle node, wherein the message comprises the random number N generated by the vehicle node 1 Generating a random number N 2 And is annotated with a time stamp T 2 The message format is: e (PU) v ,N 1 ||N 2 ||T 2 );
Step3: the vehicle node receives the ACK message from the credible center, and encrypts a piece of confirmation information by using the public key of the credible center, wherein the confirmation information comprises a random number N generated by the credible center 2 Sending neighbor list request to obtain neighbor node trust value and time stamp T 3 The message format is: e (PU) tc ,N 2 ||NeighborList||T 3 );
Step4: the trusted center replies the message, encrypts the message by using the public key of the vehicle node, and comprises a neighbor list trust value and a timestamp T 4 Message format E (PU) v ,NeighborListTrustedValue||T 4 )。
Further, the third step specifically includes two stages of detecting the neighboring node by the vehicle node and calculating the trust value for the detection result, which specifically includes the following contents:
(1) Detection of the vehicle node on the neighbor node:
step1: the vehicle node monitors the communication behavior of the neighbor node at any moment, the neighbor node successfully receives and forwards the data packet, and records the good behavior once, otherwise, records the malicious behavior once;
step2, calculating a trust value according to the detection result;
step3: comparing the trust values of the vehicle nodes, if the trust values are larger than a threshold value, turning to Step1, otherwise, turning to Step3;
step4: the vehicle node reports the neighbor nodes with the trust values lower than the threshold value to the trusted center;
step5: the trusted center receives the report, sends inquiry information to the neighbor nodes of the reported node and inquires the trust value of the reported node;
step6: the neighbor nodes of the reported node receive the inquiry message of the trusted center and send the trust value of the inquired node to the trusted center;
step7: and the credible center compares the feedback results to make a judgment, if the reporting result is consistent with the feedback result, the reported node is isolated, the reporting success is recorded once, otherwise, the recording failure is recorded once.
(2) And (3) performing trust value calculation on the detection result:
1) When the node is accessed into the network for the first time, the credible center distributes an initial trust value, and the initial trust value is set as T C Setting a monitoring time period delta t, setting two counters SUCCESS and FAIL in the monitoring time period delta t, respectively representing the number of forwarded data packets and the number of non-forwarded data packets, and adopting the following algorithm:
Figure GDA0003996564450000051
after a detection period is finished, calculating a trust value in the communication period, b representing the credibility in the period, d representing the untrustworthy degree in the period, u representing the uncertainty degree, and T i Represents the trust value in the period i, alpha and beta represent different weights possessed by b and d in the T calculation, respectively, and alpha<β;
Figure GDA0003996564450000052
Figure GDA0003996564450000053
T i For an entity trust model, the influence of recent behaviors on a trust value is larger than that of historical behaviors, and in order to reduce the influence of the historical behaviors on the trust value as much as possible and avoid the high influence of the recent behaviors on the trust degree, the invention provides an averaging algorithm by referring to the idea of weighting timeThe communication trust value and the trust value of a single detection period are added to average, so that the influence of historical behaviors on the node trust value is effectively reduced;
Figure GDA0003996564450000061
t represents a node communication trust value, T i A trust value representing the ith cycle;
2) The value of the confidence is reported,
the WSLT model trust value calculation depends on the behavior detection of nodes on neighbor nodes, if the nodes report the surrounding nodes maliciously, the normal node trust value is reduced so as to be isolated from the network, the reporting trust value is set up in the text, the abnormal behavior detection is combined to judge whether the nodes have the maliciously reporting behaviors or not, an independent trust value is set, the nodes with the trust values lower than the threshold value are also isolated from the network, and the trust value is calculated according to the node behaviors, wherein the algorithm is as follows:
Figure GDA0003996564450000062
alpha and beta represent the impact factors of success and failure, respectively, and (T) is specified c α, β) is an element [0,1), α < β,0 represents completely untrustworthy, 1 represents completely trunable;
3) Access trust value:
the VANET communication depends on a wireless network, after abnormity occurs, the VANET communication is inevitably detected by other nodes and is mistaken as a malicious node to be removed out of the network, a connection trust value is set, the nodes with abnormal behaviors caused by peripheral factors can be ensured to be reconnected after the nodes are recovered to be normal, the malicious node is prevented from being unlimitedly reconnected, the trust value is calculated according to a node offline mode, and the algorithm is as follows:
Figure GDA0003996564450000063
alpha and beta represent the impact factors of isolating and exiting the network, respectively, and (T) is specified IN ,α,β)∈[01), α < β,0 means completely untrustworthy, 1 means completely untrustworthy.
Further, the identifying and isolating the malicious node in the fourth step specifically includes the following steps:
step1: if the vehicle node finds that the credibility value is lower than the threshold node, deleting abnormal node information, enabling the abnormal node to become an unknown node, reporting the node to a credibility center, and if the reporting is successful, recording that the communication of the abnormal node is abnormal once;
step2: the isolated node is allowed to access the network again and resends the authentication message to the trusted center;
step3: the trusted center calculates an access trust value according to historical interaction information of the access node, if the access trust value is lower than a threshold value, reconnection is refused, the node is isolated permanently, and otherwise, the Step4 is carried out;
step4: the trust center reassigns the trust value, allowing the node to re-access the network.
Further, the identity authentication in the second step specifically includes: when a vehicle is accessed into a network for the first time, because a trust value is not distributed, and data communication cannot be carried out after connection is established between the vehicle and all neighbor nodes, the scheme refers to the nodes without the trust value distribution as unknown nodes, after the unknown nodes are accessed into the network, a neighbor list is firstly established locally, only IDs of the neighbor nodes are stored, meanwhile, an authentication request is sent to a trust center, and for the unknown nodes, only authentication information is allowed to be forwarded in the network.
Further, the identifying and isolating the malicious node in the fourth step specifically includes: when the communication credibility value of the nodes is lower than the threshold value, all the nodes in the network refuse to cooperate with the nodes, delete the node credibility information in the neighbor list, disconnect, the nodes become unknown nodes, allow the unknown nodes to send access authentication requests to the credible center again, when the access credibility value is in a normal interval, the isolated nodes can be reconnected, otherwise, the reconnection is refused.
Specifically, in order to better achieve the above object, the present invention provides a method for identifying malicious nodes in a vehicle networking based on a trust mechanism, wherein the method includes the following steps:
step one, registering under line:
registering the purchased vehicles in a vehicle management place, generating digital business cards to be stored in a database of a vehicle management center, wherein the digital business cards comprise vehicle IDs (identity), vehicle basic information, reporting trust values and access trust values, giving initial values, and generating key pairs;
step two, adding the network:
1) Joining into the communication domain: sending the existing message to a network, and establishing a preliminary link with the neighbor node;
2) Identity authentication: interacting with a trusted center to authenticate identity and assign a trust value; when a vehicle is accessed into a network for the first time, because a trust value is not distributed, and data communication cannot be carried out after connection is established between the vehicle and all neighbor nodes, the scheme refers to the nodes without the trust value distribution as unknown nodes, after the unknown nodes are accessed into the network, a neighbor list is firstly established locally, only IDs of the neighbor nodes are stored, meanwhile, an authentication request is sent to a trust center, and for the unknown nodes, only authentication information is allowed to be forwarded in the network.
Further, the identifying and isolating the malicious node in the fourth step specifically includes: when the communication credibility value of the nodes is lower than the threshold value, all the nodes in the network refuse to cooperate with the nodes, delete the node credibility information in the neighbor list, disconnect, the nodes become unknown nodes, allow the unknown nodes to send access authentication requests to the credible center again, when the access credibility value is in a normal interval, the isolated nodes can be reconnected, otherwise, the reconnection is refused.
Step three, calculating a credible value:
1) And (3) behavior detection: the node evaluates the trust value according to the communication behavior of the neighbor node in the promiscuous monitoring mode;
2) And (3) calculating a trust value: calculating a trust value according to the mixed monitoring result;
step four, identifying and processing the malicious nodes:
when the communication credibility value of the node is lower than the threshold value, all the nodes in the network refuse to cooperate with the node, the node is isolated from the network, the credibility information of the node is deleted in the neighbor list, the connection is disconnected, the node becomes an unknown node, the unknown node is allowed to send an access authentication request to the credible center again, when the access credibility value is in a normal interval, the isolated node can be reconnected, otherwise, the reconnection is refused.
Further, the step one specifically includes the steps of:
step1: the vehicle information provided by the vehicle management is registered on the license plate;
step2: the vehicle management station generates a digital business card for the vehicle according to the vehicle information, wherein the digital business card comprises: vehicle ID, vehicle color, brand, engine number information, and a pair key pair (PUv, PKv) is generated.
Further, the two stages of adding the network and the identity authentication in the second step are specifically:
(1) The network joining specifically comprises: when the vehicle node is accessed to the network, the existence of the vehicle node is declared, and a neighbor is found, and the neighbor discovery of the scheme refers to an SPND discovery method; the idea of the method is that at a certain time T, within the waking time T, the nodes continuously broadcast discovery messages to the surroundings and simultaneously receive the discovery messages, when two nodes detect each other discovery messages simultaneously, the existence of both nodes is declared, and the next dormancy duration is negotiated, after the dormancy period is finished, the messages are retransmitted to inform the existence of the nodes, the SPAN method is mainly applied to MANET, because of the node energy limitation, the dormancy period needs to be set, in the car networking with high-speed change of the topological structure, the discovery efficiency and performance are seriously affected, the nodes in the car networking do not need to consider the problem of energy loss, therefore, the SPND algorithm is improved by the scheme, and the improved algorithm is as follows: when the vehicle node accesses the network, a beacon is broadcast to the surrounding to inform the existence of the vehicle node, and at t 0 At any moment, vehicles i and j in the communication range receive the broadcast message, return a message to inform the opposite side of existence, synchronize the clock, negotiate the time interval of the next message transmission, after a new vehicle enters the network, broadcast the message to inform the existence of the vehicle, vehicles in the communication range receive the broadcast message, return an existence message, synchronize the clock, negotiate the next message transmission time interval, and an improved algorithm has a remarkable advantageThe method has the advantages that specific sending time is not specified, and when the number of network nodes is extremely large, a large number of broadcast messages cannot appear at the same time to cause network congestion;
the method specifically comprises the following steps:
step1: the vehicle node broadcasts a message of self existence to declare the self existence;
step2: the neighbor node receives the existence message, replies the self existence message and informs the existence of the other side;
step3, the two parties determine the existence of the other party, establish connection, synchronize clocks and negotiate the time for sending the existing message next time;
(2) The identity authentication specifically comprises the following steps:
step1: the vehicle sends a request authentication message to the authentication center, the message field 1 indicates that the message type is an authentication request message, the message is encrypted by a public key of the trusted center, and the encrypted message comprises an ID random number N of the vehicle 1 Time stamp T 1 The message format is: m (1 | | E (PU) tc ,ID||N 1 ||T 1 ));
Step2: the trusted center receives the authentication request message, encrypts and sends an ACK message by using the public key of the vehicle node, wherein the message comprises the random number N generated by the vehicle node 1 Generating a random number N 2 And is annotated with a time stamp T 2 The message format is: e (PU) v ,N 1 ||N 2 ||T 2 );
Step3: the vehicle node receives the ACK message from the credible center, and encrypts a piece of confirmation information by using the public key of the credible center, wherein the confirmation information comprises a random number N generated by the credible center 2 Sending neighbor list request to obtain neighbor node trust value and time stamp T 3 The message format is: e (PU) tc ,N 2 ||NeighborList||T 3 );
Step4: the trusted center replies the message, and the message is encrypted by the public key of the vehicle node, and comprises a neighbor list trust value and a timestamp T 4 Message format E (PU) v ,NeighborListTrustedValue||T 4 )。
Further, the third step specifically includes two stages of detecting the neighboring node by the vehicle node and calculating a trust value for the detection result, and the specific contents are as follows:
(1) Detection of the vehicle node on the neighbor node:
step1: the vehicle node monitors the communication behavior of the neighbor node at any moment, the neighbor node successfully receives and forwards the data packet, and records the good behavior once, otherwise, records the malicious behavior once;
step2, calculating a trust value according to the detection result;
step3: comparing the trust values of the vehicle nodes, if the trust values are larger than a threshold value, turning to Step1, otherwise, turning to Step3;
step4: the vehicle node reports the neighbor nodes with the trust values lower than the threshold value to the trusted center;
step5: the trusted center receives the report, sends inquiry information to the neighbor node of the reported node and inquires the trust value of the reported node;
step6: the neighbor nodes of the reported node receive the inquiry message of the trusted center and send the trust value of the inquired node to the trusted center;
step7: and the credible center compares the feedback results to make a judgment, if the reporting result is consistent with the feedback result, the reported node is isolated, the reporting success is recorded once, otherwise, the recording failure is recorded once.
(2) And (3) carrying out trust value calculation on the detection result:
1) When the node is accessed into the network for the first time, the credible center distributes an initial trust value, and the initial trust value is set as T C Setting a monitoring time period delta t, setting two counters SUCCESS and FAIL in the monitoring time period delta t, respectively representing the number of forwarded data packets and the number of non-forwarded data packets, and adopting the following algorithm:
Figure GDA0003996564450000101
after a detection period is finished, calculating a trust value in the communication period, b representing the credibility in the period, d representing the untrustworthy degree in the period, u representing the uncertainty degree, and T i Represents the trust value in the period i, alpha and beta represent different weights possessed by b and d in the T calculation, respectively, and alpha<β;
Figure GDA0003996564450000102
Figure GDA0003996564450000103
T i For an entity trust model, the influence of recent behaviors on a trust value is larger than that of historical behaviors, so that the influence of the historical behaviors on the trust value is reduced as much as possible, the influence of the recent behaviors on the trust value is avoided from being too high, and the time weighting idea is referred to, the invention provides an averaging algorithm, the communication trust value and the trust value of a single detection period are added for averaging, and the influence of the historical behaviors on the node trust value is effectively reduced;
Figure GDA0003996564450000104
t represents a node communication trust value, T i A trust value representing the ith period;
2) The value of the confidence is reported,
the WSLT model trust value calculation depends on the behavior detection of nodes to neighbor nodes, if the nodes report the surrounding nodes maliciously, the normal node trust value is reduced so as to be isolated from the network, a reporting trust value is set up in the text, the abnormal behavior detection is combined to judge whether the malicious reporting behaviors exist in the nodes, an independent trust value is set, the nodes with the trust values lower than a threshold value are isolated from the network, and the trust value is calculated according to the node behaviors, wherein the algorithm is as follows:
Figure GDA0003996564450000105
alpha and beta represent the impact factors of success and failure, respectively, and (T) is specified c α, β) is ∈ [0,1) and α < β,0 indicates completionAll are not trusted, 1 means fully trusted;
3) Access trust value:
the VANET communication depends on a wireless network, after abnormity occurs, the VANET communication is inevitably detected by other nodes and is mistaken as a malicious node to be removed out of the network, a connection trust value is set, the nodes with abnormal behaviors caused by peripheral factors can be ensured to be reconnected after the nodes are recovered to be normal, the malicious node is prevented from being unlimitedly reconnected, the trust value is calculated according to a node offline mode, and the algorithm is as follows:
Figure GDA0003996564450000111
alpha and beta represent the impact factors of isolating and exiting the network, respectively, and (T) is specified IN α, β) is ∈ [0,1), α < β,0 means completely untrusted, and 1 means completely trusted.
Further, the identifying and isolating malicious nodes in the fourth step specifically includes the following steps:
step1: if the vehicle node finds that the credibility value is lower than the threshold node, deleting abnormal node information, enabling the abnormal node to become an unknown node, reporting the node to a credibility center, and if the reporting is successful, recording that the communication of the abnormal node is abnormal once;
step2: the isolated node is allowed to access the network again and resends the authentication message to the trusted center;
step3: the trusted center calculates an access trust value according to historical interaction information of the access node, if the access trust value is lower than a threshold value, reconnection is refused, the node is isolated permanently, and otherwise, the Step4 is carried out;
step4: the trust center reassigns the trust value, allowing the node to re-access the network.
The beneficial effects of the invention are as follows: the invention provides a method for identifying malicious vehicle nodes based on a credible mechanism in an Internet of vehicles environment, which detects the communication condition of neighbor nodes by utilizing a wireless network hybrid monitoring mode; according to the detected result, a subjective logic model is introduced, and the idea of weighted calculation is adopted to evaluate the trust value of the vehicle node; and isolating the nodes with excessively low trust values, so that the damage of malicious nodes to the Internet of vehicles environment is reduced.
Drawings
Fig. 1 is a schematic diagram of the overall structure of the embodiment of the present invention.
Fig. 2 is a general structural block diagram of the embodiment of the present invention.
FIG. 3 is an overall flow chart of an embodiment of the present invention.
Fig. 4 is a diagram of a process of establishing a connection between a vehicle node and a neighboring node according to an embodiment of the present invention.
Fig. 5 is a schematic diagram of an identity authentication process according to an embodiment of the present invention.
Fig. 6 is a schematic diagram illustrating a communication success rate of 95% and a change in a node cycle trust value in an embodiment of the present invention.
Fig. 7 is a schematic diagram of a change in trust value in 20 cycles at a communication success rate of 95% in an embodiment of the present invention. Fig. 8 is a schematic diagram illustrating a change in a cycle trust value with a communication success rate of 85% in an embodiment of the present invention.
Fig. 9 is a schematic diagram illustrating a change in trust value of 20 cycles at a communication success rate of 85% in an embodiment of the present invention.
Fig. 10 is a schematic diagram illustrating a 50% success rate of communication and a change in a period trust value according to an embodiment of the present invention.
Fig. 11 is a schematic diagram illustrating a change in trust value of 20 cycles with a communication success rate of 50% in an embodiment of the present invention. Fig. 12 is a first diagram illustrating a 30% communication success rate and a 20-time communication trust value change in an embodiment of the present invention.
Fig. 13 is a diagram illustrating a change in the trust value within 20 cycles with a communication success rate of 30% in the embodiment of the present invention.
Fig. 14 is a diagram illustrating a change in trust value in an untrusted node cycle according to an embodiment of the present invention.
Fig. 15 is a schematic diagram illustrating a change in a cycle trust value of a trusted node in an embodiment of the present invention.
Detailed Description
In order to clearly illustrate the technical features of the present solution, the present solution is explained below by way of specific embodiments.
Referring to fig. 1-15, the present invention is: a method for identifying malicious nodes in Internet of vehicles based on a trust mechanism comprises the following steps:
step one, registering under line:
registering the purchased vehicles in a vehicle management place, generating digital business cards to be stored in a database of a vehicle management center, wherein the digital business cards comprise vehicle IDs (identity), vehicle basic information, reporting trust values and access trust values, giving initial values, and generating key pairs;
step two, adding the network:
1) Joining into the communication domain: sending the existing message to a network, and establishing a preliminary link with the neighbor node;
2) Identity authentication: interacting with a trusted center to authenticate identity and assign a trust value; when a vehicle accesses a network for the first time, because a trust value is not distributed, and data communication cannot be carried out after connection with all neighbor nodes is established, the scheme refers to the nodes without the trust value to be unknown nodes, after the unknown nodes are accessed into the network, a neighbor list is established locally at first, only the IDs of the neighbor nodes are stored, meanwhile, an authentication request is sent to a trust center, and for the unknown nodes, the authentication information is only allowed to be forwarded in the network.
Further, the identifying and isolating the malicious node in the fourth step specifically includes: when the communication credibility value of the node is lower than the threshold value, all the nodes in the network refuse to cooperate with the node, the node credibility information is deleted in the neighbor list, the connection is disconnected, the node becomes an unknown node, the unknown node is allowed to send an access authentication request to the credible center again, when the access credibility value is in a normal interval, the isolated node can be reconnected, otherwise, the reconnection is refused.
Step three, calculating a credible value:
1) And (3) behavior detection: the node evaluates the trust value according to the communication behavior of the neighbor node in the promiscuous monitoring mode;
2) And (3) calculating a trust value: calculating a trust value according to the mixed monitoring result;
step four, identifying and processing the malicious nodes:
when the communication credibility value of the node is lower than the threshold value, all the nodes in the network refuse to cooperate with the node, the node is isolated from the network, the credibility information of the node is deleted in the neighbor list, the connection is disconnected, the node becomes an unknown node, the unknown node is allowed to send an access authentication request to the credible center again, when the access credibility value is in a normal interval, the isolated node can be reconnected, otherwise, the reconnection is refused.
Further, the step one specifically includes the steps of:
step1: the vehicle information provided by the vehicle management is registered on the license plate;
step2: the vehicle management station generates a digital business card for the vehicle according to the vehicle information, wherein the digital business card comprises: vehicle ID, vehicle color, brand, engine number information, and generates a pair key pair (PUv, PKv).
Further, the two stages of adding the network and the identity authentication in the second step are specifically:
(1) The network joining specifically comprises: when the vehicle node is accessed to the network, the existence of the vehicle node is declared, and a neighbor is found, and the neighbor discovery of the scheme refers to an SPND discovery method; the idea of the method is that at a certain time T, within the wakeup time T, nodes continuously broadcast discovery messages to the surroundings and simultaneously receive the discovery messages, when two nodes detect the discovery messages of each other at the same time, the existence of the two nodes is declared, and the next dormancy duration is negotiated, after the dormancy period is ended, the messages are retransmitted to inform the existence of the nodes, the SPAN method is mainly applied to MANET, because of the energy limitation of the nodes, the dormancy period needs to be set, in the car networking with high-speed change of the topological structure, the discovery efficiency and performance are seriously influenced, and the nodes in the car networking do not need to consider the problem of energy loss, so the scheme improves the SPND algorithm, and the improved algorithm is as follows: when the vehicle node accesses the network, a beacon is broadcast to the surrounding to inform the existence of the vehicle node, and at t 0 At the moment, vehicles i and j in the communication range receive the broadcast message, return a message to inform the opposite side of existence, synchronize clocks, negotiate the time interval of next message transmission, after a new vehicle enters the network, the broadcast message informs the existence of the new vehicle, the vehicles in the communication range receive the broadcast message and return a existence message, and the synchronizationThe clock negotiates that a message sending time interval exists next time, and an obvious advantage of the improved algorithm is that specific sending time is not specified, and when the number of network nodes is extremely large, a large number of broadcast messages do not appear at the same time to cause network congestion;
the method specifically comprises the following steps:
step1: the vehicle node broadcasts a message of self existence to declare the self existence;
step2: the neighbor node receives the existence message, replies the self existence message and informs the existence of the other side;
step3, the two parties determine the existence of the other party, establish connection, synchronize clocks and negotiate the time for sending the existing message next time;
(2) The identity authentication specifically comprises the following steps:
step1: the vehicle sends a request authentication message to the authentication center, the message field 1 indicates that the message type is an authentication request message, the message is encrypted by a public key of the trusted center, and the encrypted message comprises an ID random number N of the vehicle 1 Time stamp T 1 The message format is: m (1 | | E (PU) tc ,ID||N 1 ||T 1 ));
Step2: the trusted center receives the authentication request message, encrypts and sends an ACK message by using the public key of the vehicle node, wherein the message comprises the random number N generated by the vehicle node 1 Generating a random number N 2 And is annotated with a time stamp T 2 The message format is: e (PU) v ,N 1 ||N 2 ||T 2 );
Step3: the vehicle node receives the ACK message from the credible center, and encrypts a piece of confirmation information by using the public key of the credible center, wherein the confirmation information comprises a random number N generated by the credible center 2 Sending neighbor list request to obtain neighbor node trust value and time stamp T 3 The message format is: e (PU) tc ,N 2 ||NeighborList||T 3 );
Step4: the trusted center replies the message, and the message is encrypted by the public key of the vehicle node, and comprises a neighbor list trust value and a timestamp T 4 Message format E (PU) v ,NeighborListTrustedValue||T 4 )。
Further, the third step specifically includes two stages of detecting the neighboring node by the vehicle node and calculating a trust value for the detection result, and the specific contents are as follows:
(1) Detection of the vehicle node on the neighbor node:
step1: the vehicle node monitors the communication behavior of the neighbor node at any moment, the neighbor node successfully receives and forwards the data packet, and records the good behavior once, otherwise, records the malicious behavior once;
step2, calculating a trust value according to the detection result;
step3: comparing the trust values of the vehicle nodes, turning to Step1 if the trust values are greater than a threshold value, and turning to Step3 if the trust values are not greater than the threshold value;
step4: the vehicle node reports the neighbor nodes with the trust values lower than the threshold value to the trusted center;
step5: the trusted center receives the report, sends inquiry information to the neighbor node of the reported node and inquires the trust value of the reported node;
step6: the neighbor nodes of the reported node receive the inquiry message of the trusted center and send the trust value of the inquired node to the trusted center;
step7: and the credible center compares the feedback results to make a judgment, if the reporting result is consistent with the feedback result, the reported node is isolated, the reporting success is recorded once, otherwise, the recording failure is recorded once.
(2) And (3) performing trust value calculation on the detection result:
1) When the node is accessed into the network for the first time, the credible center distributes an initial trust value, and the initial trust value is set as T C Setting a monitoring time period delta t, setting two counters SUCCESS and FAIL in the monitoring time period delta t, respectively representing the number of forwarded data packets and the number of non-forwarded data packets, and adopting the following algorithm:
Figure GDA0003996564450000141
after the end of a detection period, calculating the trust value in the communication period, wherein b representsCredibility in period, d untrustworthy degree in period, u uncertain degree, T i Represents the trust value in the period i, alpha and beta represent different weights possessed by b and d in the T calculation, respectively, and alpha<β;
Figure GDA0003996564450000151
Figure GDA0003996564450000152
T i For an entity trust model, the influence of recent behaviors on a trust value is larger than that of historical behaviors, so that the influence of the historical behaviors on the trust value is reduced as much as possible, the influence of the recent behaviors on the trust value is avoided from being too high, and the time weighting idea is referred to, the invention provides an averaging algorithm, the communication trust value and the trust value of a single detection period are added for averaging, and the influence of the historical behaviors on the node trust value is effectively reduced;
Figure GDA0003996564450000153
t represents a node communication trust value, T i A trust value representing the ith cycle;
2) The value of the confidence is reported,
the WSLT model trust value calculation depends on the behavior detection of nodes on neighbor nodes, if the nodes report the surrounding nodes maliciously, the normal node trust value is reduced so as to be isolated from the network, the reporting trust value is set up in the text, the abnormal behavior detection is combined to judge whether the nodes have the maliciously reporting behaviors or not, an independent trust value is set, the nodes with the trust values lower than the threshold value are also isolated from the network, and the trust value is calculated according to the node behaviors, wherein the algorithm is as follows:
Figure GDA0003996564450000154
alpha and beta indicate success and failure, respectivelyInfluence factor of failure and specifies (T) c α, β) is ∈ [0,1), α < β,0 means completely untrustworthy, 1 means completely untrustworthy;
3) An access trust value:
the VANET communication depends on a wireless network, after abnormity occurs, the VANET communication is inevitably detected by other nodes and is mistaken as a malicious node to be removed out of the network, a connection trust value is set, the nodes with abnormal behaviors caused by peripheral factors can be ensured to be reconnected after the nodes are recovered to be normal, the malicious node is prevented from being unlimitedly reconnected, the trust value is calculated according to a node offline mode, and the algorithm is as follows:
Figure GDA0003996564450000155
Figure GDA0003996564450000161
alpha and beta represent the impact factors of isolating and exiting the network, respectively, and (T) is specified IN α, β) is ∈ [0,1), α < β,0 means completely untrusted, and 1 means completely trusted.
Further, the identifying and isolating malicious nodes in the fourth step specifically includes the following steps:
step1: if the vehicle node finds that the credibility value is lower than the threshold node, deleting abnormal node information, enabling the abnormal node to become an unknown node, reporting the node to a credibility center, and if the reporting is successful, recording that the communication of the abnormal node is abnormal once;
step2: the isolated node is allowed to access the network again and resends the authentication message to the trusted center;
step3: the trusted center calculates an access trust value according to historical interaction information of the access node, if the access trust value is lower than a threshold value, reconnection is refused, the node is isolated permanently, and otherwise, the Step4 is carried out;
step4: and the trust center redistributes the trust value and allows the node to access the network again.
The invention detects the behavior of the node in the network, and calculates the trust value aiming at the behavior of the node; in the communication process of a vehicle in a network, due to the influence of environment and the like, certain abnormal behaviors can occur in the communication process, and generally, a node with a communication failure rate not exceeding 15% is considered to be a normal node in the communication behavior.
In order to ensure the reliability of verification, a node communication trust value is initially set to be 0.5, as a total communication trust value is further calculated according to a cycle trust value result, each communication cycle is set, a vehicle node completes 20 times of communication with surrounding nodes for 20 cycles each time, and the feasibility of a scheme is judged according to the trust value obtained by final calculation;
1. if the success rate of each communication between the node and the surrounding nodes is 95%, the success rate of each communication is randomly determined.
Table 1 shows the calculation process of the trust value in the period, since all the calculation processes are repeated, the intermediate process is omitted, and table 2 shows the data of each node in the whole communication period.
Table 1 example procedure for 95% communication success rate
Figure GDA0003996564450000162
Figure GDA0003996564450000171
TABLE 2 data Change procedure
Figure GDA0003996564450000172
Figure GDA0003996564450000181
After twenty communications, the node cycle communication trust value changes as follows:
as shown in fig. 6, in a certain single period, a single communication failure has a large influence on the period node trust value, and under the condition of a certain fault tolerance, when the node communication success rate reaches 95%, the period trust value can be maintained at a normal level; table 3 shows the calculation process of the trust value of the node, since all the calculation processes are repeated, the intermediate process is omitted, and table 4 shows each item of data of the node.
TABLE 3 node Trust value calculation
Figure GDA0003996564450000182
TABLE 4 communication success rate value change of 95%
Figure GDA0003996564450000183
/>
Figure GDA0003996564450000191
Let the node communicate for twenty cycles, and record the change of the node communication trust value as shown in the following graph:
as shown in fig. 7, when the node communication success rate is 95%, the communication trust value is always maintained between 0.5 and 0.8, and occasionally fluctuates due to the change of the node communication success or failure times in a certain period, which is considered to be a normal node.
Since the calculation process is the same, the description process will not be repeated hereinafter, and only the data is presented in the form of a table.
2. If the success rate of single communication of the node is 85%, whether each communication is successful or not is randomly determined, and after twenty communications.
Table 5 shows the change of each item of data of the node in the node cycle:
the 85% communication success rate data in table 5 is changed as follows:
Figure GDA0003996564450000192
/>
Figure GDA0003996564450000201
the node cycle communication trust value changes as follows:
as shown in fig. 8, when the node communication success rate is 85%, the communication success rate within the node period changes greatly, and a communication failure affects the trust value more greatly than a communication failure, and better conforms to the trust criterion of normal thinking logic on an objective object.
Table 6 shows node data changes
TABLE 6 Change in 85% communication success rate values
Communication cycle Periodic trust value Node trust value
1 0.277228 0.388614
2 0.269802 0.273515
3 0.28094 0.275371
4 -0.20359 0.038676
5 0.40068 0.098546
6 -0.14372 0.128481
7 0.133584 -0.00507
8 -0.09905 0.017269
9 -0.31933 -0.20919
10 -0.14729 -0.23331
11 0.131802 -0.00774
12 0.137684 0.134743
13 0.155474 0.146579
14 0.149522 0.152498
15 -0.13564 0.006942
16 -0.17425 -0.15495
17 0.118316 -0.02797
18 -0.16609 -0.02389
19 0.241212 0.037563
20 -0.16405 0.038583
The node communication is carried out for twenty periods, and the change of the node communication trust value is recorded as shown in the following graph:
as shown in fig. 9, when the node communication success rate is 85%, the node trust value fluctuates around 0, and it is considered that when a node whose node trust value is lower than zero is an untrusted node, the 85% communication success rate is a very delicate point, and because one communication failure may cause a drop in the trust value, even lower than the trusted range. The detection sensitivity of the invention is high. Under normal conditions, when the trust value of the node is lower than the trust range, the node should be excluded from the network, and the change of the trust value is displayed more clearly without processing, and the processing is also performed in the following text, and the description is not repeated.
3. Assuming that the success rate of single communication of the node is 85%, whether each communication is successful or not is randomly determined, after twenty times of communication,
table 7 shows the periodic node data variation:
TABLE 7 50% communication success rate value variation
Figure GDA0003996564450000211
The node cycle communication trust value changes as follows:
as shown in fig. 10, it is generally considered that a node communication success rate is lower than 85% as an untrusted node, and when the node communication success rate is 50%, the periodic node trust value is at an extremely low level.
Table 8 shows node data changes:
TABLE 8 50% communication success rate value variation
Figure GDA0003996564450000212
/>
Figure GDA0003996564450000221
Record the variation of the trust values for twenty cycles of nodes as shown in FIG. 6 below:
as shown in fig. 6, the communication success rate of the node is 50%, and the trust value is lower than the trust range, which is considered as an untrusted node.
4. In order to avoid the situation that the trust value is increased in the calculation process due to low communication success rate, simulation of the communication process is carried out on the nodes with the communication success rate of 30%, and after twenty times of communication, table 9 shows periodic node data changes.
TABLE 9 30% communication success rate value variation
Figure GDA0003996564450000222
The node cycle trust value changes as shown in FIG. 7:
as shown in FIG. 7, the communication success rate of 30% is lower than the communication trust value of 50% in a single period, and the table 10 shows the node data change
TABLE 10 30% communication success rate value variation
Communication period Periodic trust value Node trust value
1 -3.10891 -1.30446
2 -1.42327 -2.26609
3 -4.01114 -2.7172
4 -1.69616 -2.85365
5 -5.03867 -3.36742
6 -1.25944 -3.14906
7 -4.82031 -3.03988
8 -1.6255 -3.22291
9 -4.40928 -3.01739
10 -1.77643 -3.09286
11 -4.12831 -2.95237
12 -1.69535 -2.91183
13 -4.02836 -2.86185
14 -2.06122 -3.04479
15 -4.2707 -3.16596
16 -2.06357 -3.16714
17 -4.4501 -3.25684
18 -2.4503 -3.4502
19 -3.75237 -3.10134
20 -2.81431 -3.28334
The twenty-cycle confidence value changes are shown in FIG. 8 below:
the 30% communication trust value is far lower than the credibility range, and the communication trust value is considered to be not credible.
Further verification:
in order to reduce the contingency of randomly generated data and enable the data to be more convincing, the number of periodic communication is adjusted to be 150, a plurality of groups of different communication success rate experiment nodes are set, periodic trust values are observed, and the results are as follows:
as shown in fig. 10, to further evaluate the effect of the present algorithm on the trust value, while reducing the effect of contingencies on changes in trust value, the number of single cycle interactions was increased to 150 cycles. And adjusting the single-period node interaction success rates to be 85%, 90%, 95% and 100% respectively, and randomly generating single interaction success failure or success according to the set node interaction success rate. Compared with successful communication between nodes, the influence of node communication failure on the trust value is obviously greater; when the node communication failure rate exceeds 15%, setting that only one pair of nodes participate in each communication, and setting the node communication success rate to be 30%, 50%, 70% and 80% respectively, wherein the nodes interact 20 times in each communication period. When the communication success rate between the nodes is lower than 80%, the node trust value is always lower than 0, and the lower the communication success rate is, the lower the node trust value is correspondingly.
The technical features of the present invention which are not described in the above embodiments may be implemented by or using the prior art, and are not described herein again, of course, the above description is not intended to limit the present invention, and the present invention is not limited to the above examples, and variations, modifications, additions or substitutions which may be made by those skilled in the art within the spirit and scope of the present invention should also fall within the protection scope of the present invention.

Claims (1)

1. A method for identifying malicious nodes in Internet of vehicles based on a trust mechanism is characterized by comprising the following steps:
step one, online registration:
registering the purchased vehicles in a vehicle management place, generating digital business cards to be stored in a database of a vehicle management center, wherein the digital business cards comprise vehicle IDs (identity), vehicle basic information, reporting trust values and access trust values, giving initial values, and generating key pairs;
step two, adding the network:
1) Joining into the communication domain: sending the existing message to a network, and establishing a preliminary link with the neighbor node;
2) Identity authentication: interacting with a trusted center to authenticate identity and assign a trust value;
step three, calculating a credible value:
1) And (3) behavior detection: the node evaluates the trust value according to the communication behavior of the neighbor node in the promiscuous monitoring mode;
2) And (3) calculating a trust value: calculating a trust value according to the mixed monitoring result;
step four, identifying and processing the malicious nodes:
when the communication reliability value of the nodes is lower than the threshold value, all the nodes in the network refuse to cooperate with the nodes, and the nodes are isolated from the network;
the first step specifically comprises the following steps:
step1: the vehicle information provided by the vehicle management is registered on the license plate;
step2: the vehicle management station generates a digital business card for the vehicle according to the vehicle information, wherein the digital business card comprises: vehicle ID, vehicle color, brand, engine number information, generating a pair key pair (PUv, PKv);
the two stages of adding the network and the identity authentication in the second step are specifically as follows:
(1) The network joining specifically comprises the following steps:
step1: the vehicle node broadcasts a message of self existence to declare the self existence;
step2: the neighbor node receives the existence message, replies the self existence message and informs the existence of the other side;
step3, the two parties determine the existence of the other party, establish connection, synchronize clocks and negotiate the time for sending the existing message next time;
(2) The identity authentication specifically comprises the following steps:
step1: the vehicle sends a request authentication message to the authentication center, the message field 1 indicates that the message type is an authentication request message, the message is encrypted by a public key of the trusted center, and the encrypted message comprises an ID random number N of the vehicle 1 Time stamp T 1 The message format is: m (1 | | E (PU) tc ,ID||N 1 ||T 1 ));
Step2: the trusted center receives the authentication request message, encrypts and sends an ACK message by using the public key of the vehicle node, wherein the message comprises the random number N generated by the vehicle node 1 Generating a random number N 2 And is annotated with a time stamp T 2 The message format is: e (PU) v ,N 1 ||N 2 ||T 2 );
Step3: the vehicle node receives the ACK message from the credible center, and encrypts a piece of confirmation information by using the public key of the credible center, wherein the confirmation information comprises a random number N generated by the credible center 2 Sending neighbor list request to obtain neighbor node trust value and time stamp T 3 The message format is: e (PU) tc ,N 2 ||NeighborList||T 3 );
Step4: the trusted center replies the message, encrypts the message by using the public key of the vehicle node, and comprises a neighbor list trust value and a timestamp T 4 Message format E (PU) v ,NeighborListTrustedValue||T 4 );
The third step specifically comprises two stages of detecting the neighbor nodes by the vehicle nodes and calculating the trust value aiming at the detection result, and the specific contents are as follows:
(1) Detection of the vehicle node on the neighbor node:
step1: monitoring the communication behaviors of the neighbor nodes by the vehicle node, successfully receiving and forwarding the data packet by the neighbor nodes, and recording the good behaviors once, otherwise, recording the malicious behaviors once;
step2, calculating a trust value according to the detection result;
step3: comparing the trust values of the vehicle nodes, turning to Step1 if the trust values are greater than a threshold value, and turning to Step3 if the trust values are not greater than the threshold value;
step4: the vehicle node reports the neighbor nodes with the trust values lower than the threshold value to the trusted center;
step5: the trusted center receives the report, sends inquiry information to the neighbor node of the reported node and inquires the trust value of the reported node;
step6: the neighbor nodes of the reported node receive the inquiry message of the trusted center and send the trust value of the inquired node to the trusted center;
step7: the credible center compares the feedback results to make a judgment, if the reporting result is consistent with the feedback result, the reported node is isolated, the reporting success is recorded once, otherwise, the recording failure is recorded once;
(2) And (3) performing trust value calculation on the detection result:
1) When the node is accessed into the network for the first time, the credible center distributes an initial trust value, and the initial trust value is set as T C Setting up a monitoring time period delta t, setting up two counters SUCCESS and FAIL in the monitoring time period delta t, respectively representing the number of forwarded data packets and the number of non-forwarded data packets, and the algorithm is as follows:
Figure FDA0003996564440000021
after a detection period is finished, calculating a trust value in the communication period, b representing the credibility in the period, d representing the untrustworthy degree in the period, u representing the uncertainty degree, and T i Represents the trust value in the period i, alpha and beta represent different weights possessed by b and d in the T calculation, respectively, and alpha<β;
Figure FDA0003996564440000031
Figure FDA0003996564440000032
T i = α b- β d entity trust model:
Figure FDA0003996564440000033
indicating a node communication trust value, T i A trust value representing the ith cycle;
2) The confidence value is reported and the user can use the method,
the WSLT model trust value calculation depends on the behavior detection of nodes on neighbor nodes, if the nodes report the surrounding nodes maliciously, the normal node trust value is reduced so as to be isolated from the network, the reporting trust value is set up in the text, the abnormal behavior detection is combined to judge whether the nodes have the maliciously reporting behaviors or not, an independent trust value is set, the nodes with the trust values lower than the threshold value are also isolated from the network, and the trust value is calculated according to the node behaviors, wherein the algorithm is as follows:
Figure FDA0003996564440000034
alpha and beta represent the impact factors of success and failure, respectively, and (T) is specified c α, β) is ∈ [0,1), α < β,0 means completely untrustworthy, 1 means completely untrustworthy;
3) Access trust value:
the VANET communication depends on a wireless network, after abnormity occurs, the VANET communication is inevitably detected by other nodes and is mistaken as a malicious node to be removed out of the network, a connection trust value is set, the nodes with abnormal behaviors caused by peripheral factors can be ensured to be reconnected after the nodes are recovered to be normal, the malicious node is prevented from being unlimitedly reconnected, the trust value is calculated according to a node offline mode, and the algorithm is as follows:
Figure FDA0003996564440000035
alpha and beta represent the impact factors of isolating and exiting the network, respectively, and (T) is specified IN α, β) is an element [0,1), α < β,0 represents completely untrustworthy, 1 represents completely trunable;
the step four of identifying and isolating the malicious nodes specifically comprises the following steps:
step1: if the vehicle node finds that the credibility value is lower than the threshold node, deleting the abnormal node information, reporting the node to the credibility center, and recording the abnormal node that the communication is abnormal once if the report is successful;
step2: the isolated node is allowed to access the network again and resends the authentication message to the trusted center;
step3: the trusted center calculates an access trust value according to historical interaction information of the access node, if the access trust value is lower than a threshold value, reconnection is refused, the node is isolated permanently, and otherwise, the Step4 is carried out;
step4: the trusted center redistributes the trust value and allows the node to access the network again;
the identity authentication in the step two specifically comprises the following steps: when a vehicle is accessed into a network for the first time, because a trust value is not distributed, and after connection is established with all neighbor nodes, data communication cannot be carried out, the scheme calls the nodes without the trust value to be unknown nodes, after the unknown nodes are accessed into the network, a neighbor list is firstly established locally, only the IDs of the neighbor nodes are stored, meanwhile, an authentication request is sent to a trust center, and for the unknown nodes, the authentication information is only allowed to be forwarded in the network;
the step four of identifying and isolating the malicious nodes specifically comprises the following steps: when the communication credibility value of the nodes is lower than the threshold value, all the nodes in the network refuse to cooperate with the nodes, delete the node credibility information in the neighbor list, disconnect, the nodes become unknown nodes, allow the unknown nodes to send access authentication requests to the credible center again, when the access credibility value is in a normal interval, the isolated nodes can be reconnected, otherwise, the reconnection is refused.
CN201910454546.7A 2019-05-28 2019-05-28 Vehicle networking malicious node identification method based on trust mechanism Active CN110830998B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910454546.7A CN110830998B (en) 2019-05-28 2019-05-28 Vehicle networking malicious node identification method based on trust mechanism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910454546.7A CN110830998B (en) 2019-05-28 2019-05-28 Vehicle networking malicious node identification method based on trust mechanism

Publications (2)

Publication Number Publication Date
CN110830998A CN110830998A (en) 2020-02-21
CN110830998B true CN110830998B (en) 2023-04-18

Family

ID=69547712

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910454546.7A Active CN110830998B (en) 2019-05-28 2019-05-28 Vehicle networking malicious node identification method based on trust mechanism

Country Status (1)

Country Link
CN (1) CN110830998B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111372248B (en) * 2020-02-27 2022-08-12 南通大学 Efficient anonymous identity authentication method in Internet of vehicles environment
CN111049862B (en) * 2020-03-12 2020-09-22 深圳开源互联网安全技术有限公司 Malicious node detection method in vehicle-mounted ad hoc network
CN111629022B (en) * 2020-03-20 2022-05-20 恒宝股份有限公司 Practical Byzantine fault-tolerant node setting method
CN112019373B (en) * 2020-07-10 2024-04-19 浙江工业大学 Intelligent home security data acquisition method based on dynamic trust evaluation model
CN112261427B (en) * 2020-10-20 2022-04-29 中国联合网络通信集团有限公司 Malicious node identification method and device and electronic equipment
CN112630774B (en) * 2020-12-29 2024-07-05 北京经纬恒润科技股份有限公司 Target tracking data filtering processing method and device
CN114040362A (en) * 2021-09-18 2022-02-11 清华大学 Method and device for establishing dynamic credible relationship of vehicle in vehicle-road cooperative environment
CN114567473B (en) * 2022-02-23 2024-01-09 南通大学 Internet of vehicles access control method based on zero trust mechanism
CN115643117B (en) * 2022-12-23 2023-03-21 北京六方云信息技术有限公司 Digital entity identity identification method, device, terminal equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103957525A (en) * 2014-05-12 2014-07-30 江苏大学 Malicious node detection method based on clustering trust evaluation in internet of vehicles
WO2016188116A1 (en) * 2015-05-25 2016-12-01 华南理工大学 Credibility detection-based security routing protocol in vehicular ad hoc network
CN109462836A (en) * 2018-11-09 2019-03-12 长安大学 Merge the car networking malicious node detection system and method for block chain common recognition mechanism

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103957525A (en) * 2014-05-12 2014-07-30 江苏大学 Malicious node detection method based on clustering trust evaluation in internet of vehicles
WO2016188116A1 (en) * 2015-05-25 2016-12-01 华南理工大学 Credibility detection-based security routing protocol in vehicular ad hoc network
CN109462836A (en) * 2018-11-09 2019-03-12 长安大学 Merge the car networking malicious node detection system and method for block chain common recognition mechanism

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WSNs基于信誉机制的恶意节点识别模型;杨光等;《哈尔滨工业大学学报》;20091015(第10期);全文 *

Also Published As

Publication number Publication date
CN110830998A (en) 2020-02-21

Similar Documents

Publication Publication Date Title
CN110830998B (en) Vehicle networking malicious node identification method based on trust mechanism
Buchegger et al. Self-policing mobile ad hoc networks by reputation systems
Baiad et al. Novel cross layer detection schemes to detect blackhole attack against QoS-OLSR protocol in VANET
Dietzel et al. Resilient secure aggregation for vehicular networks
Baiad et al. Cooperative cross layer detection for blackhole attack in VANET-OLSR
Barka et al. UNION: a trust model distinguishing intentional and UNIntentional misbehavior in inter‐UAV communication
van der Heijden et al. Misbehavior detection in vehicular ad-hoc networks
Beigi-Mohammadi et al. An intrusion detection system for smart grid neighborhood area network
Engoulou et al. A decentralized reputation management system for securing the internet of vehicles
Kumar et al. Detection of multiple malicious nodes using entropy for mitigating the effect of denial of service attack in VANETs
Xu et al. Comprehensive review on misbehavior detection for vehicular ad hoc networks
Dong et al. A blockchain-based hierarchical reputation management scheme in vehicular network
Gazdar et al. A trust-based architecture for managing certificates in vehicular ad hoc networks
Coussement et al. Decision support protocol for intrusion detection in VANETs
Yu et al. A cross-layer security monitoring selection algorithm based on traffic prediction
Sireesha et al. A survey of VANET Security models and its issues on node level data transmission
CN116916319A (en) Malicious node identification method based on subjective logic trust evaluation algorithm in VANET environment
Jeevitha et al. Malicious node detection in VANET session hijacking attack
Clavijo-Herrera et al. Performance evaluation in misbehaviour detection techniques for DoS attacks in VANETs
Fu et al. A distributed intrusion detection scheme for mobile ad hoc networks
Gopalakrishnan et al. Cluster based Intrusion Detection System for Mobile Ad-hoc Network
Li et al. A Trust Evaluation Method Based on Environmental Assessment in the Perception Layer of Internet of Vehicles
Vijithanand et al. A survey on finding selfish nodes in mobile ad hoc networks
Oluoch A theoretical framework for trust management in vehicular ad hoc networks
Siddiqui et al. CTS: A credit based threshold system to minimize the dissemination of faulty data in vehicular adhoc networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant