CN112637814A - DDoS attack defense method based on trust management - Google Patents
DDoS attack defense method based on trust management Download PDFInfo
- Publication number
- CN112637814A CN112637814A CN202110110690.6A CN202110110690A CN112637814A CN 112637814 A CN112637814 A CN 112637814A CN 202110110690 A CN202110110690 A CN 202110110690A CN 112637814 A CN112637814 A CN 112637814A
- Authority
- CN
- China
- Prior art keywords
- vehicle
- trust
- node
- representing
- trust value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a DDoS attack defense method based on trust management, which relates to the network security technology and comprises the following steps: step 1: initializing a system; step 2: updating a node trust value; and step 3: authentication and trust evaluation from vehicle to vehicle. The credibility of the vehicle nodes is enhanced by using a key technology in a system constructed by an authoritative trust authority, an authoritative trust authority agent and a roadside unit; the method for constructing the node trust value and actually refreshing the trust value ensures that the communication between the vehicle nodes in the vehicle-mounted network is safer and more efficient, and the DDoS attack can be effectively resisted.
Description
Technical Field
The invention relates to a network security technology, in particular to a DDoS attack defense method based on trust management in a vehicle-mounted network.
Background
Currently, Vehicular ad hoc networks (VANET) are applications of mobile ad hoc network technology in vehicle communication, and wireless communication networks interconnecting vehicles and roadside units are quickly constructed through communication equipment equipped in vehicles. On the basis of the VANET, a series of applications such as auxiliary driving, traffic accident early warning, inter-vehicle communication, automatic payment, Internet information service and the like can be realized, so that the traffic efficiency can be effectively improved, safe and reliable support and convenience can be provided for the trip of people, and a severe safety problem is also faced.
Among various network security problems of the vehicle-mounted network, DDoS (Distributed Denial of Service) attack is a common attack mode, which destroys a communication channel by sending a large amount of redundant messages to the communication channel in the vehicle-mounted network, and this attack may destroy the network, and when a driver or a passenger cannot use the Service, the unavailability of the Service may result in serious consequences, even traffic accidents.
Many solutions have been proposed to solve the DDoS attack problem in VANETs, and are mainly classified into two categories, namely encryption technology and traditional trust scheme. The former can provide security in vehicle navigation terminals but at the cost of additional time delay and power consumption, thus limiting its scope of application in dynamic environments, especially where energy is limited the latter attempts to assess the trustworthiness of a node and eliminate dishonest nodes from the vehicle navigation system. These methods do not take into account message quality and assume that if a node is trusted, then the message from that node is also reliable. However, in certain cases, honest nodes may also send or forward malicious messages in VANETs. The security of the node cannot be fully guaranteed.
Disclosure of Invention
The invention mainly aims to provide a DDoS attack defense method based on trust management, which greatly improves the credibility of vehicle communication nodes and effectively defends DDoS attacks, thereby ensuring the safety of a vehicle-mounted network.
The technical scheme adopted by the invention is as follows: a DDoS attack defense method based on trust management comprises the following steps:
step 1: initializing a system;
step 2: updating a node trust value;
and step 3: authentication and trust evaluation from vehicle to vehicle.
Further, the step 1 comprises:
each ATA, RSU and OBU needs to perform offline registration in TA before entering the vehicle-mounted network communication;
each ATA first registers with the TA in its coverage area via its real identity, and the TA then uploads the following keys in the ATA:
whereinA private key representing each trust authority agent,a public key representing each trust authority agent,a private key representing a trust authority,representing a shared key;
each roadside unit then registers the corresponding ATA of the blade with its true identity, which then uploads the following keys on the RSU:
whereinRepresents the private key of the roadside unit,a public key representing a roadside unit is shown,the public key representing the ATA,representing a shared key;
finally, each vehicle ' V ' registers first with the TA and then with the ATA through its real identity, the TA and ATA upload the following keys and initialize trust values, encrypted with the TA's public key and pseudo-identity, respectively, as follows:
whereinPrivate key representing vehicle node' VA public key representing the vehicle node 'V',represents the private key of the roadside unit,a trust value representing a vehicle node 'V';public key representing authoritative agents:
whereinIndicating that the true identity of the vehicle 'V' is encrypted with a public key,meaning encrypted with the public key of the TA,which represents a shared secret key, is,representing the regional zip code of the vehicle.
Further, the step 2 includes:
the stage is an updating process of the trust value in the process that the vehicle is continuously added, and the range of the trust value is 0 to 1;
first of all, the neighbor vehicle node VjTo vehicle ViSending a test message to check its reliability;
then ViReceives this message and forwards it to VjSending a message for comparing the test information;
neighbor node VjSends its pair V to TAiTrust value to prevent it from getting authentication of test message directly from target communication node, and also to prevent ViThe trust value is always 0 and cannot be added to communication;
TA calculation and V generationiNew basic trust value is formed by n neighbor node pairs ViThe confidence value is evaluated, and the specific calculation is shown as the following formula:
when node V from any of its neighboring vehiclesjWhen data is acquired, V will be completed by TAiThe trust evaluation of (1) is updated as shown in the following equation:
whereinRepresenting a vehicle node ViThe old value of trust is then used,representing a vehicle node ViA new trust value;
Still further, the step 3 includes:
firstly, a safety message sent by communication between vehicle nodes comprises a unique message, a hash encryption code, a trust value and a pseudo identity identifier of a source node vehicle node and a timestamp;
when a certain vehicle node obtains the safety message, the safety message firstly passes through the previous safety messageSharing the key to determine a hashed encrypted keycode, if the determined encrypted keycode is the same as the obtained hashed encrypted keycode, which means that the sending vehicle is authenticated, and if not, the message trustworthiness is generally not satisfied, and then the message they obtained is discarded;
the subsequent stage is that the trust value of a sending vehicle, namely a source node vehicle is checked, the encoded trust value is decoded by a destination node of a receiving vehicle node by utilizing a public key of a TA (trusted application) to preliminarily confirm the trust income of the sending vehicle;
then screening the obtained trust value, and checking whether the trust value exceeds a minimum trust threshold value; if the trust value is below the minimum trust threshold, the message will be discarded, otherwise it will be acknowledged and the trust value of the sending vehicle node refreshed.
The invention has the advantages that:
(1) the credibility of the vehicle nodes is enhanced by using a key technology in a system constructed by an authoritative trust authority, an authoritative trust authority proxy and a roadside unit;
(2) the method for constructing the node trust value and actually refreshing the trust value ensures that the communication between the vehicle nodes in the vehicle-mounted network is safer and more efficient, and the DDoS attack can be effectively resisted.
In addition to the objects, features and advantages described above, other objects, features and advantages of the present invention are also provided. The present invention will be described in further detail below with reference to the drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the invention and, together with the description, serve to explain the invention and not to limit the invention.
FIG. 1 is a system structure diagram corresponding to the DDoS attack defense method based on trust management;
FIG. 2 is a flow chart of a DDoS attack defense method based on trust management of the present invention;
FIG. 3 is a graph showing the variation of the transmission rate of the AODV of the prevention strategy of the present invention, the AODV not under attack, and the AODV under DDoS attack with the increase of the number of nodes;
FIG. 4 is a graph of the change of the AODV of the prevention strategy of the present invention, the AODV not under attack, and the AODV under DDoS attack with the increase of the number of nodes;
fig. 5 is a graph of end-to-end delay variation of AODV of the prevention strategy of the present invention, AODV not under attack, AODV under DDoS attack with increasing node number.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1 to 5, a method for defending against DDoS (Distributed Denial of Service) attacks based on trust management includes:
step 1: initializing a system;
step 2: updating a node trust value;
and step 3: authentication and trust evaluation from vehicle to vehicle.
Further, the step 1 comprises:
each ATA (Agent of TA, trust Authority Agent), RSU (Road of Unit), OBU (On Board Unit, vehicle Unit) needs to perform offline registration in TA (Trusted Authority) before entering vehicle network communication;
each ATA first registers with the TA in its coverage area via its Real identity (RIDA, Real-ID ATA), and the TA then uploads the following keys in the ATA:
whereinA private key representing each trust authority agent,a public key representing each trust authority agent,a private key representing a trust authority,representing a shared key;
each roadside unit then registers the corresponding ATA of the blade with its true identity, which then uploads the following keys on the RSU:
whereinRepresents the private key of the roadside unit,a public key representing a roadside unit is shown,the public key representing the ATA,representing a shared key;
finally each Vehicle ' V ' registers first with the TA and then with the ATA via its Real-ID Vehicle (RIDV), the TA and ATA upload the following keys and initialize trust values, encrypted with the TA's public key and pseudo-identity respectively, as follows:
whereinPrivate key representing vehicle node' VA public key representing the vehicle node 'V',represents the private key of the roadside unit,a trust value representing a vehicle node 'V';public key representing authoritative agents:
whereinIndicating that the true identity (Real-ID) of the vehicle 'V' is encrypted with a public key,meaning encrypted with the public key of the TA,which represents a shared secret key, is,representing the regional zip code of the vehicle.
Further, the step 2 includes:
the stage is an updating process of the trust value in the process that the vehicle is continuously added, and the range of the trust value is 0 to 1;
first of all, the neighbor vehicle node VjTo vehicle ViSending a test message to check its reliability;
then ViReceives this message and forwards it to VjSending a message for comparing the test information;
neighbor node VjSends its pair V to TAiTrust value to prevent it from getting authentication of test message directly from target communication node, and also to prevent ViThe trust value is always 0 and cannot be added to communication;
TA calculation and V generationiNew basic trust value is formed by n neighbor node pairs ViThe confidence value is evaluated, and the specific calculation is shown as the following formula:
when node V from any of its neighboring vehiclesjWhen data is acquired, V will be completed by TAiThe trust evaluation of (1) is updated as shown in the following equation:
whereinRepresenting a vehicle node ViThe old value of trust is then used,representing a vehicle node ViA new trust value;
Still further, the step 3 includes:
firstly, a Safety Message (SMSGV) sent by communication between Vehicle nodes comprises a unique Message, a hash encryption code, a trust value and a pseudo identity of a Vehicle node of a source node and a timestamp;
when a certain vehicle node obtains the safety message, the safety message firstly passes through the previous safety messageSharing a Key to determine a hashed Encryption Key Code (HC) if the determined Encryption Key Code matches the obtained hashed Encryption Key CodeThe same, which means that the sending vehicle is verified, and if not the same, the message trustworthiness is typically not satisfied, and then the messages they obtained are discarded;
the subsequent stage is to check the trust value of the sending vehicle, namely the vehicle of the source node, and the destination node of the receiving vehicle node decodes the coded trust value by utilizing the public key of the TA to preliminarily confirm the trust income of the sending vehicle (namely the result that the received message may appear);
then screening the obtained trust value, and checking whether the trust value exceeds a minimum trust threshold value (set to be 0.5); if the trust value is below the minimum trust threshold, the message will be discarded, otherwise it will be acknowledged and the trust value of the sending vehicle node refreshed.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (4)
1. A DDoS attack defense method based on trust management is characterized by comprising the following steps:
step 1: initializing a system;
step 2: updating a node trust value;
and step 3: authentication and trust evaluation from vehicle to vehicle.
2. The method of claim 1 for defending against DDoS attacks based on trust management, wherein
In that, the step 1 comprises:
each ATA, RSU and OBU needs to perform offline registration in TA before entering the vehicle-mounted network communication;
each ATA first registers with the TA in its coverage area via its real identity, and the TA then uploads the following keys in the ATA:
whereinA private key representing each trust authority agent,a public key representing each trust authority agent,a private key representing a trust authority,representing a shared key;
each roadside unit then registers the corresponding ATA of the blade with its true identity, which then uploads the following keys on the RSU:
whereinRepresents the private key of the roadside unit,a public key representing a roadside unit is shown,the public key representing the ATA,representing a shared key;
finally, each vehicle ' V ' registers first with the TA and then with the ATA through its real identity, the TA and ATA upload the following keys and initialize trust values, encrypted with the TA's public key and pseudo-identity, respectively, as follows:
whereinPrivate key representing vehicle node' VA public key representing the vehicle node 'V',represents the private key of the roadside unit,a trust value representing a vehicle node 'V';public key representing authoritative agents:
3. The method of claim 1 for defending against DDoS attacks based on trust management, wherein
In that, the step 2 includes:
the stage is an updating process of the trust value in the process that the vehicle is continuously added, and the range of the trust value is 0 to 1;
first of all, the neighbor vehicle node VjTo vehicle ViSending a test message to check its reliability;
then ViReceives this message and forwards it to VjSending a message for comparing the test information;
neighbor node VjSends its pair V to TAiTrust value to prevent it from getting authentication of test message directly from target communication node, and also to prevent ViThe trust value is always 0 and cannot be added to communication;
TA calculation and V generationiNew basic trust value is formed by n neighbor node pairs ViThe confidence value is evaluated, and the specific calculation is shown as the following formula:
when node V from any of its neighboring vehiclesjWhen data is acquired, V will be completed by TAiThe trust evaluation of (1) is updated as shown in the following equation:
whereinRepresenting a vehicle node ViThe old value of trust is then used,representing a vehicle node ViA new trust value;
4. The method of claim 1 for defending against DDoS attacks based on trust management, wherein
In that, the step 3 includes:
firstly, a safety message sent by communication between vehicle nodes comprises a unique message, a hash encryption code, a trust value and a pseudo identity identifier of a source node vehicle node and a timestamp;
when a certain vehicle node obtains the safety message, the safety message firstly passes through the previous safety messageSharing the key to determine a hashed encrypted keycode, if the determined encrypted keycode is the same as the obtained hashed encrypted keycode, which means that the sending vehicle is authenticated, and if not, the message trustworthiness is generally not satisfied, and then the message they obtained is discarded;
the subsequent stage is that the trust value of a sending vehicle, namely a source node vehicle is checked, the encoded trust value is decoded by a destination node of a receiving vehicle node by utilizing a public key of a TA (trusted application) to preliminarily confirm the trust income of the sending vehicle;
then screening the obtained trust value, and checking whether the trust value exceeds a minimum trust threshold value; if the trust value is below the minimum trust threshold, the message will be discarded, otherwise it will be acknowledged and the trust value of the sending vehicle node refreshed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110110690.6A CN112637814A (en) | 2021-01-27 | 2021-01-27 | DDoS attack defense method based on trust management |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110110690.6A CN112637814A (en) | 2021-01-27 | 2021-01-27 | DDoS attack defense method based on trust management |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112637814A true CN112637814A (en) | 2021-04-09 |
Family
ID=75295073
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110110690.6A Pending CN112637814A (en) | 2021-01-27 | 2021-01-27 | DDoS attack defense method based on trust management |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112637814A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140222955A1 (en) * | 2013-02-01 | 2014-08-07 | Junaid Islam | Dynamically Configured Connection to a Trust Broker |
CN107835077A (en) * | 2017-09-22 | 2018-03-23 | 中国人民解放军国防科技大学 | Mutual trust cluster collaborative verification method for anonymous authentication of vehicle-mounted network |
CN110958135A (en) * | 2019-11-05 | 2020-04-03 | 东华大学 | Method and system for eliminating DDoS (distributed denial of service) attack in feature self-adaptive reinforcement learning |
CN112235287A (en) * | 2020-10-13 | 2021-01-15 | 李晓晓 | Internet of vehicles application layer safety protection system |
-
2021
- 2021-01-27 CN CN202110110690.6A patent/CN112637814A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140222955A1 (en) * | 2013-02-01 | 2014-08-07 | Junaid Islam | Dynamically Configured Connection to a Trust Broker |
CN107835077A (en) * | 2017-09-22 | 2018-03-23 | 中国人民解放军国防科技大学 | Mutual trust cluster collaborative verification method for anonymous authentication of vehicle-mounted network |
CN110958135A (en) * | 2019-11-05 | 2020-04-03 | 东华大学 | Method and system for eliminating DDoS (distributed denial of service) attack in feature self-adaptive reinforcement learning |
CN112235287A (en) * | 2020-10-13 | 2021-01-15 | 李晓晓 | Internet of vehicles application layer safety protection system |
Non-Patent Citations (2)
Title |
---|
PIYUSH CHOUHAN 等: "Prevention of DDoS Attack Through Trust Management System for VANET Environment", 《ICCNCT 2019: SECOND INTERNATIONAL CONFERENCE ON COMPUTER NETWORKS AND COMMUNICATION TECHNOLOGIES》 * |
王林林等: "车联网信息安全风险分析及防护技术", 《汽车实用技术》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110300107B (en) | Vehicle networking privacy protection trust model based on block chain | |
Obaidat et al. | Security and privacy challenges in vehicular ad hoc networks | |
Kaur et al. | Security issues in vehicular ad-hoc network (VANET) | |
Raya et al. | Certificate revocation in vehicular networks | |
CN107508859A (en) | Vehicle communication method based on block chain technology in vehicular ad hoc network | |
KR101521412B1 (en) | Protocol Management System for Aggregating Massages based on certification | |
Quyoom et al. | A novel mechanism of detection of denial of service attack (DoS) in VANET using Malicious and Irrelevant Packet Detection Algorithm (MIPDA) | |
JP7074863B2 (en) | Encryption method and system using activation code for withdrawal of digital certificate | |
Gandhi et al. | Request response detection algorithm for detecting DoS attack in VANET | |
CN104717229A (en) | Method for resisting Sybil attack with multiple fake identity sources in car networking | |
Qureshi et al. | Provision of security in vehicular ad hoc networks through an intelligent secure routing scheme | |
CN109362062A (en) | VANETs anonymous authentication system and method based on ID-based group ranking | |
Khalil et al. | Sybil attack prevention through identity symmetric scheme in vehicular ad-hoc networks | |
Dhurandher et al. | Securing vehicular networks: a reputation and plausibility checks-based approach | |
Tyagi et al. | Advanced secured routing algorithm of vehicular ad-hoc network | |
Hu et al. | Vtrust: a robust trust framework for relay selection in hybrid vehicular communications | |
Lal et al. | Region authority based collaborative scheme to detect Sybil attacks in VANET | |
CN112243234A (en) | Identity-based privacy security protection method for Internet of vehicles | |
Osibo et al. | Security and privacy in 5G internet of vehicles (IoV) environment | |
Kushwah et al. | ECDSA for data origin authentication and vehicle security in VANET | |
Kamel et al. | Feasibility study of misbehavior detection mechanisms in cooperative intelligent transport systems (C-ITS) | |
Jeevitha et al. | Malicious node detection in VANET session hijacking attack | |
Monir et al. | A trust-based message reporting scheme for vanet | |
CN112637814A (en) | DDoS attack defense method based on trust management | |
Velayudhan et al. | Review on avoiding Sybil attack in VANET while operating in an urban environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210409 |