CN113630243B - Authentication key negotiation method with anti-key exposure characteristic in Internet of vehicles environment - Google Patents

Authentication key negotiation method with anti-key exposure characteristic in Internet of vehicles environment Download PDF

Info

Publication number
CN113630243B
CN113630243B CN202110787297.0A CN202110787297A CN113630243B CN 113630243 B CN113630243 B CN 113630243B CN 202110787297 A CN202110787297 A CN 202110787297A CN 113630243 B CN113630243 B CN 113630243B
Authority
CN
China
Prior art keywords
key
group
vehicle
pid
edge node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110787297.0A
Other languages
Chinese (zh)
Other versions
CN113630243A (en
Inventor
王晓明
姚梦婷
甘庆晴
林伊健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan University
Original Assignee
Jinan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan University filed Critical Jinan University
Priority to CN202110787297.0A priority Critical patent/CN113630243B/en
Publication of CN113630243A publication Critical patent/CN113630243A/en
Application granted granted Critical
Publication of CN113630243B publication Critical patent/CN113630243B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/26Special purpose or proprietary protocols or architectures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

The invention discloses an authentication key negotiation method with anti-key exposure characteristic in a car networking environment, which is named as a KERAKA method. In the invention, the vehicle can establish the session key with any edge node by only one time of registration, and the method is different from the traditional scheme in that a main public key of the Internet of vehicles system is not required to be set in the initialization stage so as to reduce the storage cost and improve the safety. In addition, the present invention has a key exposure resistance function. Specifically, the private key of the user is updated periodically with the help of the authorization server at each time period, and thus, even if the private key of the user is exposed at the current time period, the security of the private key of the previous or subsequent time period is not affected. Compared with the existing scheme, the method has obvious advantages in the aspects of safety performance and calculation cost, and is more suitable for complex and changeable Internet of vehicles environments.

Description

Authentication key negotiation method with anti-key exposure characteristic in Internet of vehicles environment
Technical Field
The technical field of the invention relates to research of an efficient and safe authentication key negotiation mechanism in an Internet of vehicles environment, in particular to an authentication key negotiation method with anti-key exposure characteristic based on edge calculation in the Internet of vehicles environment.
Background
In the internet of vehicles environment, security and privacy are two major issues that need to be addressed. On the one hand, the communication channel is vulnerable to illegal attacks, such as replay attacks, forgery attacks, etc., due to the openness of the wireless network. On the other hand, with the improvement of safety awareness of people, privacy protection is also becoming more important, and personal sensitive information of the car owners, such as identity information, form routes and the like, should be ensured not to be revealed. In order to protect confidentiality and integrity of the communication information. One possible approach is to encrypt the data prior to its transmission, however, sharing the encryption key in advance can be very costly, especially in complex and diverse internet of vehicles environments. In order to reduce the overhead, the learner then proposes an authentication key agreement method (Authenticated key agreement, AKA), i.e. the two parties together establish a temporary session key by mutual authentication prior to communication.
Dang et al in Efficient identity-based authenticated key agreement protocol with provable security for vehicular ad hoc networks designed an identity-based authentication key agreement protocol for the Internet of vehicles and demonstrated its security in eCK (extended Canetti-Krawczyk) model. However, li et al in A Provably Secure and Lightweight Identity-Based Two-Party Authenticated Key Agreement Protocol for Vehicular Ad Hoc Networks disclose that a man-in-the-middle attack exists in Dang et al's solution and designed a lightweight identity-Based Two-way AKA protocol for the Internet of vehicles. Furthermore, they claim that their solutions can provide strong security and better performance under the eCK model than most other existing solutions. Nevertheless, the above solution cannot be directly applied to an internet of vehicles architecture based on edge calculation or fog calculation.
In recent years, some scholars have proposed an AKA protocol based on fog calculation in an internet of vehicles environment. For example, wazid et al, AKM-IoV: authenticated key management protocol in fog computing-based Internet of vehicles deployment, propose an AKA protocol based on the IoV deployment environment of fog computing. The scheme establishes three session keys respectively located between the fog node and the vehicle, between a roadside unit (RSU) and the fog node, and between the fog node and the cloud server. However, saleem et al, comments on AKM-IoV: authenticated Key Management Protocol in Fog Computing-Based Internet of Vehicles Deployment, indicate that the Wazid et al solution is subject to a counterfeit attack. In order to improve efficiency, ma et al in An efficient and provably secure authenticated key agreement protocol for fog-based vehicular ad-hoc networks designed a provably secure AKA protocol for fog-calculation based internet of vehicles, wherein session keys are negotiated by the vehicle, fog node and cloud server together. However, the document Security-enhanced thread-party pairwise secret key agreement protocol for fog-based vehicular ad-hoc communications states that some Security attacks exist in the Ma et al solution, such as internal attacks, smart card theft attacks, known session-specific temporary information attacks, etc., and proposes an improved three-party key agreement scheme in a fog-based internet of vehicles communication environment.
However, in the proposed authentication key agreement scheme in the internet of vehicles environment, the problem of user key exposure is hardly considered, and in fact, the user key is likely to be compromised due to a low security setting or a shallow security awareness of the user. Once the user's key is known by the adversary, all security objectives will be destroyed and the entire internet of vehicles system will be destroyed once. Also, in most cases, the exposure of the key is difficult for the user to perceive, and as such, the duration of the hazard caused by the exposure of the key may be long, with serious and irreparable consequences. Therefore, we should actively prevent the user key exposure problem. It is necessary to design an AKA protocol based on edge computation with anti-key exposure for the internet of vehicles.
Disclosure of Invention
The invention aims to solve the defects in the prior art and provide an authentication key negotiation method with anti-key exposure characteristic in the environment of the Internet of vehicles.
The aim of the invention can be achieved by adopting the following technical scheme:
an authentication key negotiation method with anti-key exposure characteristic in an internet of vehicles environment, the authentication key negotiation method comprises the following steps:
s1, initializing a vehicle networking system by a trusted center TA, and publishing a public parameter params of the vehicle networking system;
s2, edge node EN j Registering with the trusted center TA to obtain a key pair
Figure BDA0003159486340000031
Wherein j represents the number of the edge node, +.>
Figure BDA0003159486340000032
Representing edge node EN j Is->
Figure BDA0003159486340000033
Representing edge node EN j Is a second private key of (a);
s3, vehicle V i Registering with a trusted center TA to obtain a pseudonymous identity PID i And an initial key SK at time period "0 i,0 Wherein i represents the number of the vehicle;
s4, at the initial moment of the time period t, the vehicle V i Requesting an update key from the authorization server DS, after the authorization server DS receives the request, calculating the assistance key SK for the time period t d,t And returned to vehicle V i The method comprises the steps of carrying out a first treatment on the surface of the Vehicle V i Assistance key SK d,t With the aid of which the key SK for the current time period t is calculated i,t
S5, vehicle V i Off-line calculation of authentication request parameters (R 1 ,R 2 ,E);
S6, in the time period t, the vehicle V i And edge node EN j Mutual authentication, if the mutual authentication is successful, a common temporary session key VEK is established i,t
Further, the step S1 is as follows:
s11, selecting a multiplication loop group G with two steps q 1 And G 2 Where q is a prime number of length 160 bits and G is group G 1 Generates a bilinear map e: G 1 ×G 1 →G 2 Representing the multiplication of two from the cyclic group G 1 Is mapped to a group element from group G by a bilinear pairing operation 2 Group elements of (2);
s12, selecting two random numbers alpha,
Figure BDA0003159486340000041
as master key for a vehicle networking system, +.>
Figure BDA0003159486340000042
An integer group representing modulo q and sending β secretly to the authorization server DS via a secure channel;
s13, firstly selecting a symmetrical encryption algorithm, namely E k (·)/D k (. Cndot.) wherein E k (. Cndot.) represents the encryption algorithm with a key, D k (. Cndot.) represents a decryption algorithm, k represents a key; then 5 hash functions are selected, and the following five conditions are respectively satisfied: h is a 1 (·),h 2 (·):{0,1} * →G 1
Figure BDA0003159486340000043
h 4 (·):G 2 →{0,1} * ,h 5 (·):{0,1} * ×G 1 ×G 1 ×G 1 ×G 2 →Z q * Wherein h is 1 (·)、h 2 (. Cndot.) represents a string {0,1}, which is composed of 0 and 1 of arbitrary length * Mapping to group G 1 Element h of (2) 3 (. Cndot.) represents group G 1 、G 2 Character string {0,1} consisting of elements of (1) and 0 and 1 of arbitrary length * Is mapped to an element in an integer group of modulo q, h 4 (. Cndot.) represents group G 2 The elements in (a) are mapped into character strings {0,1}, which are composed of 0 and 1 with arbitrary length * ,h 5 (. Cndot.) represents a string {0,1}, which is composed of 0 and 1 of arbitrary length * Group G 1 Element and group G of (3) 2 The concatenation of the elements in (a) is mapped to the elements in the integer group of modulo q;
s14, the trusted center TA issues common parameters as follows: params (G) 1 ,G 2 ,g,e,h 1 ,h 2 ,h 3 ,h 4 ,h 5 ,E k (·)/D k (·))。
Further, the step S2 is as follows:
s21, edge node EN j Identity identification EID of oneself j Sending the data to a trusted center TA through a secure channel;
s22, the trusted center TA receives the edge node EN j After registration request of (1), according to the received identity identification EID j Computing edge node EN j Key pair of (2)Wherein->
Figure BDA0003159486340000045
h 1 (EID j ) Representing the edge node EN j Identity identification EID of (a) j Mapping to group G 1 Is then added with the key pair->
Figure BDA0003159486340000046
Returned to the edge node EN j
Further, the step S3 is as follows:
s31, vehicle V i First, the true identity ID of the user is used for identifying the user i Transmitting the data to a trusted center TA through a secure channel;
s32, the trusted center TA receives the vehicle V i After registration request of (a) calculating vehicle V i PID of pseudonymous identity i =E α (ID i ) And the key SK of the vehicle at an initial period of "0 i,0 =[h 1 (PID i )] α ·[h 2 (PID i ||0)] β Where α is the master key of the Internet of vehicles system, E α (ID i ) Denoted alpha vs. vehicle V i Is the true identity ID of (2) i Encryption is carried out, h 1 (PID i ) Indicating the PID i Mapping to a group G 1 Group element of (h) 2 (PID i ||0) indicates that PID is to be performed i Splice mapping with "0" to one from group G 1 The symbol "·" represents a multiplication operation, "|" represents a string join operation, and will be (PID i ,SK i,0 ) Returned to the vehicle V i
Further, the step S4 is as follows:
s41, at the initial time of the time period t, the vehicle V i Requesting an update key from the authorization server DS, which, upon receipt of the request, calculates the assistance of the time period tKey SK d,t =[h 2 (PID i ||t)] β ·[h 2 (PID i ||t-1)] Will then assist the key SK d,t To vehicle V i
S42, vehicle V i After receiving the helper key, the key SK for time period t is calculated i,t =SK i,t-1 ·SK d,t =[h 1 (PID i )] α ·[h 2 (PID i ||t)] β And (SK) i,t-1 ,SK d,t ) Permanent deletion of SK i,t-1 Representing vehicle V i A key at time period t-1.
Further, the step S5 is as follows:
vehicle calculation offline parameter (R) 1 ,R 2 E) is as follows: first offline parameter R 1 =h 1 (PID i ) Second offline parameter R 2 =h 2 (PID i ||t), third offline parameter e=e (SK i,t ,h 1 (EID j ) Where "|" denotes a string connection operation, h 1 (PID i ) Representing the vehicle V i PID of pseudonymous identity i Mapping to a group G 1 Group element of (h) 2 (PID i I t) represents the PID to be used i And time period t as one from group G 1 Group elements of SK i,t Representing vehicle V i Key at time period t, EID j Representing edge node EN j Identity of (h) 1 (EID j ) Representing EID j Mapping to group G 1 Group element, e (SK) i,t ,h 1 (EID j ) Representing two from group G 1 Group element (SK) i,t ,h 1 (EID j ) Mapping to a group G by bilinear pairing operation 2 Is a group element of (a) in the group of (b) elements.
Further, the step S6 is as follows:
s61, vehicle V i Randomly selecting two integers omega, u epsilon Z q * Calculate authentication request parameters (A, U 1 ,U 2 ,η,MAC 1 ) The following are provided: first confirmationCertificate request parameter a=g ω Second authentication request parameter U 1 =R 1 u Third authentication request parameter
Figure BDA0003159486340000061
Sharing parameter TK i,t =E u Fourth authentication request parameter->
Figure BDA0003159486340000062
Verification code MAC 1 =h 5 (TK i,t ||η||U 1 ||U 2 I A I t), then authenticate message Mess 1 ={η,U 1 ,U 2 ,A,MAC 1 T is issued to edge node EN j Wherein i represents the number of the vehicle, the symbol +.>
Figure BDA0003159486340000063
Representing a string exclusive or operation, "||" representing a string join operation, h 4 (TK i,t ) Representing the to-be-shared parameter TK i,t Mapping into character strings with the length of 32 bits, and h 5 (TK i,t '||η||U 1 ||U 2 I A I t indication) parameters (TK) i,t ',η,U 1 ,U 2 The concatenation of A, t) maps to an element in an integer group of modulo q;
s62, edge node EN j Receiving authentication message 1 Then, the sharing parameters are calculated first
Figure BDA0003159486340000064
Verification code MAC 1 '=h 5 (TK i,t '||η||U 1 ||U 2 I A I t), wherein->
Figure BDA0003159486340000065
The representation will come from group G 1 Is->
Figure BDA0003159486340000066
Mapping to a group G by bilinear pairing operation 2 Group element of->
Figure BDA0003159486340000067
The representation will come from group G 1 Is->
Figure BDA0003159486340000068
Mapping to a group G by bilinear pairing operation 2 Is used to represent the multiplication; then verify the MAC 1 ' and received MAC 1 If the verification is equal, if not, the verification fails; if equal, edge node EN j Then the next operation is performed and an integer b epsilon Z is randomly selected q * Calculate the parameter b=g b Vehicle V is restored i Is->
Figure BDA0003159486340000069
Computing session key VEK i,t =h 3 (TK i,t '||t||PID i ||EID j ||A b ) Verification code MAC 2 =h 3 (VEK i,t ||TK i,t '||PID i I B), wherein h 3 (TK i,t '||t||PID i ||EID j ||A b ) Representing the parameters (TK i,t ',t,PID i ,EID j ,A b ) Is mapped to an element in an integer group of modulo q, h 3 (VEK i,t ||TK i,t '||PID i The expression of the parameter (VEK) i,t ,TK i,t ',PID i The concatenation of B) is mapped to an element in an integer group of modulo q; finally, edge node EN j Will authenticate the message 2 ={B,MAC 2 Is sent to vehicle V i
S63, vehicle V i Receiving authentication message 2 After that, the session key VEK is calculated first i,t '=h 3 (TK i,t ||t||PID i ||EID j ||B ω ) Verification code MAC' 2 =h 3 (VEK i,t '||TK i,t ||PID i I B) and then verify MAC' 2 And received MAC 2 If the two types of data are matched, if the two types of data are not matched, authentication fails; otherwise, vehicle V i And edge node EN j Mutually authenticated VEK i,t I.e. the established session key.
Compared with the prior art, the invention has the following advantages and effects:
1) The invention does not need a third party to participate in the authentication process, so that the trusted center TA does not need to be always in an online state.
2) In the invention, the vehicle only needs to register once and store a key, and can establish a session key with any edge node; in addition, unlike the conventional scheme, a main public key of the internet of vehicles system is not required to be set in an initialization stage, so that storage overhead is reduced and safety is improved.
3) In the present invention, the vehicle periodically updates the key of each period with the help of the authorization server DS to achieve the anti-key exposure characteristic, that is, the security of the key of the previous or subsequent period is not affected even if the key of the vehicle is exposed in the current period.
4) Based on the CDH difficult problem, the invention proves that the invention has the anti-key exposure safety under the random language model, and meets the characteristics of privacy protection, session key safety and the like; performance analysis shows that compared with the existing authentication key negotiation scheme in the Internet of vehicles environment, the method has lower calculation cost and higher security performance under the condition that the communication cost is not obviously increased.
Drawings
Fig. 1 is a schematic flow diagram of an authentication key negotiation method with anti-key exposure property in an internet of vehicles environment according to an embodiment of the present invention;
fig. 2 is an application system design diagram of an authentication key negotiation method with anti-key exposure property in an internet of vehicles environment according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Examples
In recent years, with the rapid development of intelligent traffic systems, the internet of vehicles has become a research hotspot, and has important significance for improving traffic efficiency and safety, but at the same time, has faced some challenges. On the one hand, in the internet of vehicles, information is transmitted on a public channel, so that the internet of vehicles is easy to attack by illegal users, such as counterfeiting attack, impersonation attack, replay attack and the like. Therefore, how to protect the privacy and safety of users is the key point of research; on the other hand, due to the characteristic of rapid movement of the vehicle, the designed scheme meets the communication safety requirement and has the characteristics of high efficiency, flexibility, low delay and the like. Authentication key agreement protocols are important mechanisms for protecting data transmission, and some scholars have proposed authentication key agreement protocols suitable for the internet of vehicles environment. However, none of these protocols take into account the user key exposure problem. Anti-key exposure is an important security goal in authentication schemes, once the user key is exposed, other security requirements cannot be met.
Aiming at the problems, the invention mainly researches an authentication key negotiation mechanism in the environment of the Internet of vehicles, and provides an authentication key negotiation method with anti-key exposure characteristic in the environment of the Internet of vehicles, which is named as a KERAKA method. In the invention, the vehicle only needs to register once, and can establish a session key with any edge node by storing a key; unlike the conventional scheme, a main public key of the internet of vehicles system is not required to be set in an initialization stage, so that storage overhead is reduced and safety is improved. In addition, the present invention has a key exposure resistance function. Specifically, the private key of the user is updated periodically with the help of the authorization server at each time period, and thus, even if the user is exposed to the key at the current time period, the security of the key at the previous or subsequent time period is not affected. Compared with the existing scheme, the method has obvious advantages in the aspects of safety performance and calculation communication cost, and is more suitable for complex and changeable Internet of vehicles environments.
The following describes in detail a specific procedure of an authentication key negotiation method with anti-key exposure property in an internet of vehicles environment disclosed in this embodiment with reference to fig. 1. The method comprises the following steps:
s1, initializing a vehicle networking system through a trusted center TA, and publishing a public parameter params of the vehicle networking system.
In a specific application, the initializing of the internet of vehicles system through the registry mainly comprises the following steps:
(1) Selecting a multiplication loop group G with two steps q 1 And G 2 Where q is a prime number of length 160 bits and G is group G 1 Generates a bilinear map e: G 1 ×G 1 →G 2 Representing the multiplication of two from the cyclic group G 1 Is mapped to a group element from group G by a bilinear pairing operation 2 Group elements of (2);
(2) Two random numbers alpha are selected and the result is that,
Figure BDA0003159486340000091
as master key for a vehicle networking system, +.>
Figure BDA0003159486340000092
An integer group representing modulo q and sending β secretly to the authorization server DS via a secure channel;
(3) Selecting a symmetric encryption algorithm, denoted E k (·)/D k (. Cndot.) wherein E k (. Cndot.) represents the encryption algorithm with a key, D k (. Cndot.) represents a decryption algorithm, k represents a key; then 5 hash functions are selected, and the following five conditions are respectively satisfied: h is a 1 (·),h 2 (·):{0,1} * →G 1
Figure BDA0003159486340000093
h 4 (·):G 2 →{0,1} * ,h 5 (·):{0,1} * ×G 1 ×G 1 ×G 1 ×G 2 →Z q * Wherein h is 1 (·)、h 2 (. Cndot.) represents a string {0,1}, which is composed of 0 and 1 of arbitrary length * Mapping to group G 1 Element h of (2) 3 (. Cndot.) represents group G 1 、G 2 Character string {0,1} consisting of elements of (1) and 0 and 1 of arbitrary length * Is mapped to an element in an integer group of modulo q, h 4 (. Cndot.) represents group G 2 The elements in (a) are mapped into character strings {0,1}, which are composed of 0 and 1 with arbitrary length * ,h 5 (. Cndot.) represents a string {0,1}, which is composed of 0 and 1 of arbitrary length * Group G 1 Element and group G of (3) 2 The concatenation of the elements in (a) is mapped to the elements in the integer group of modulo q;
(4) The trusted center TA issues common parameters as follows: params (G) 1 ,G 2 ,g,e,h 1 ,h 2 ,h 3 ,h 4 ,h 5 ,E k (·)/D k (·));
S2, edge node EN j Registering with the trusted center TA to obtain a key pair
Figure BDA0003159486340000101
Wherein j represents the number of the edge node, +.>
Figure BDA0003159486340000102
Representing edge node EN j Is->
Figure BDA0003159486340000103
Representing edge node EN j Is a second private key of (a);
in a specific application, the edge node EN j Identity identification EID of oneself j Sending the data to a trusted center TA through a secure channel; trusted center TA receives edge node EN j After registration request of (1), according to the received identity identification EID j Computing edge node EN j Key pair of (2)
Figure BDA0003159486340000104
Wherein->
Figure BDA0003159486340000105
h 1 (EID j ) Representing the edge node EN j Identity identification EID of (a) j Mapping to group G 1 Elements of (a) and (b); subsequently the key pair->
Figure BDA0003159486340000106
Returned to the edge node EN j
S3, vehicle V i Registering with a trusted center TA to obtain a pseudonymous identity PID i And an initial key SK at time period "0 i,0 Wherein i represents the number of the vehicle;
in a specific application, vehicle V i First, the true identity ID of the user is used for identifying the user i Transmitting the data to a trusted center TA through a secure channel; the trusted center TA receives the vehicle V i After registration request of (a) calculating a pseudonymous identity PID of the vehicle i =E α (ID i ) The pseudonymous identity is to hide the true identity of the vehicle from the edge node, calculate the key SK of the vehicle for an initial period of "0" i,0 =[h 1 (PID i )] α ·[h 2 (PID i ||0)] β Where α is the master key of the Internet of vehicles system, E α (ID i ) Denoted alpha vs. vehicle V i Is the true identity ID of (2) i Encryption is carried out, h 1 (PID i ) Indicating the PID i Mapping to a group G 1 Group element of (h) 2 (PID i ||0) indicates that PID is to be performed i Splice mapping with "0" to one from group G 1 The symbol "·" represents a multiplication operation, "|" represents a string join operation, and will be (PID i ,SK i,0 ) Returned to the vehicle V i
S4, at the initial moment of the time period t, the vehicle V i Requesting an update key from the authorization server DS, after the authorization server DS receives the request, calculating the assistance key SK for the time period t d,t And returned to vehicle V i The method comprises the steps of carrying out a first treatment on the surface of the Vehicle V i Assistance key SK d,t With the aid of which the key SK for the current time period t is calculated i,t Wherein i represents the number of the vehicle;
in a specific application, at the initial moment of the time period t, the vehicle V i Requesting an update key from the authorization server DS, after the authorization server DS receives the request, calculating the assistance key SK for the time period t d,t =[h 2 (PID i ||t)] β ·[h 2 (PID i ||t-1)] And will assist the key SK d,t To vehicle V i The method comprises the steps of carrying out a first treatment on the surface of the Vehicle V i After receiving the helper key, the key SK for time period t is calculated i,t =SK i,t-1 ·SK d,t =[h 1 (PID i )] α ·[h 2 (PID i ||t)] β And (SK) i,t-1 ,SK d,t ) Permanent deletion of SK i,t-1 Representing vehicle V i The key in time period t-1, symbol "·" represents multiplication operation, "||" represents string connection operation;
s5, in order to reduce the delay, in the vehicle V i To edge node EN j Before requesting service, three parameters are calculated offline: first offline parameter R 1 =h 1 (PID i ) Second offline parameter R 2 =h 2 (PID i ||t), third offline parameter e=e (SK i,t ,h 1 (EID j ) A) is provided; where i denotes the number of the vehicle, "||" denotes the character string connection operation, h 1 (PID i ) Representing the vehicle V i PID of pseudonymous identity i Mapping to a group G 1 Group element of (h) 2 (PID i I t) represents the PID to be used i And time period t as one from group G 1 Group elements of SK i,t Representing vehicle V i Key at time period t, EID j Representing edge node EN j Identity of (h) 1 (EID j ) Representing EID j Mapping to a group G 1 Group element, e (SK) i,t ,h 1 (EID j ) Representing two from group G 1 Group element (SK) i,t ,h 1 (EID j ) Mapping to a group G by bilinear pairing operation 2 Is a group of (3)An element.
S6, in the time period t, the vehicle V i And edge node EN j After successful mutual authentication, a common temporary session key VEK is established i,t
In a specific application, the authentication key negotiation steps are as follows:
(1) Vehicle V i Randomly selecting two integers omega, u epsilon Z q * Calculate authentication request parameters (A, U 1 ,U 2 ,η,MAC 1 ) The following are provided: first authentication request parameter a=g ω Second authentication request parameter U 1 =R 1 u Third authentication request parameter
Figure BDA0003159486340000121
Sharing parameter TK i,t =E u Fourth authentication request parameter->
Figure BDA0003159486340000122
Verification code MAC 1 =h 5 (TK i,t ||η||U 1 ||U 2 I A I t), then authenticate message Mess 1 ={η,U 1 ,U 2 ,A,MAC 1 T is issued to edge node EN j Wherein i represents the number of the vehicle, the symbol +.>
Figure BDA0003159486340000123
Representing a string exclusive or operation, "||" representing a string join operation, h 4 (TK i,t ) Representing the to-be-shared parameter TK i,t Mapping into character strings with the length of 32 bits, and h 5 (TK i,t '||η||U 1 ||U 2 I A I t indication) parameters (TK) i,t ',η,U 1 ,U 2 The concatenation of A, t) maps to an element in an integer group of modulo q;
(2) Edge node EN j Receiving authentication message 1 Then, the sharing parameters are calculated first
Figure BDA0003159486340000124
Verification code MAC 1 '=h 5 (TK i,t '||η||U 1 ||U 2 I A I t), wherein->
Figure BDA0003159486340000125
The representation will come from group G 1 Is->
Figure BDA0003159486340000126
Mapping to a group G by bilinear pairing operation 2 Group element of->
Figure BDA0003159486340000127
The representation will come from group G 1 Is->
Figure BDA0003159486340000128
Mapping to a group G by bilinear pairing operation 2 Is used to represent the multiplication; then verify the MAC 1 ' and received MAC 1 If the verification is equal, if not, the verification fails, and the program is terminated; if equal, edge node EN j Then the next operation is performed and an integer b epsilon Z is randomly selected q * Calculate the parameter b=g b Vehicle V is restored i Is->
Figure BDA0003159486340000129
Computing session key VEK i,t =h 3 (TK i,t '||t||PID i ||EID j ||A b ) Verification code MAC 2 =h 3 (VEK i,t ||TK i,t '||PID i I B), wherein h 3 (TK i,t '||t||PID i ||EID j ||A b ) Representing the parameters (TK i,t ',t,PID i ,EID j ,A b ) Is mapped to an element in an integer group of modulo q, h 3 (VEK i,t ||TK i,t '||PID i The expression of the parameter (VEK) i,t ,TK i,t ',PID i The concatenation of B) is mapped to an element in an integer group of modulo q; finally, edge node EN j Will authenticate the message 2 ={B,MAC 2 Is sent to vehicle V i
(3) Vehicle V i Receiving authentication message 2 After that, the session key VEK is calculated first i,t '=h 3 (TK i,t ||t||PID i ||EID j ||B ω ) Verification code MAC' 2 =h 3 (VEK i,t '||TK i,t ||PID i I B) and then verify MAC' 2 And received MAC 2 Whether there is a match. If the authentication is not matched, the authentication fails; otherwise, vehicle V i And edge node EN j Mutually authenticated VEK i,t I.e. the established session key.
In a car networking environment, a specific example of implementing an authentication key agreement (keyaka) mechanism with anti-key exposure features is shown in fig. 2. The diagram contains four entities, each performing the following operations:
(1) Trusted center (TA): is fully trusted, typically a government agency, responsible for registration of vehicles and edge nodes, possibly tracking the true identity of the vehicle;
(2) Authorization server (DS): at the initial moment of each time period, helping the vehicle to update the private key and realizing anti-key exposure;
(3) Edge Node (EN) j ): establishing a session key with the vehicle and providing services for the session key;
(4) Vehicle (V) i ): a session key is established with the edge node and a service is requested from it.
From the aspect of functions, the present embodiment further compares the proposed authentication key agreement (keyaka) method with anti-key exposure characteristics in the internet of vehicles environment with documents [1-5], and the results are shown in table 1. Wherein Fun1 represents vehicle anonymity; fun2 represents traceability; fun3 represents mutual authentication; fun4 denotes session key security; fun5 represents the forward security of the session key; fun6 anti-key exposure property; fun7 indicates that the counterfeit attack can be resisted; fun8 indicates that man-in-the-middle attacks can be resisted.
TABLE 1 functional comparison of the invention with related schemes
Scheme for the production of a semiconductor device Fun1 Fun2 Fun3 Fun4 Fun5 Fun6 Fun7 Fun8
Document [1]] × ×
Document [2]] × ×
Document [3] × × × × ×
Document [4]] × × × ×
Document [5]] ×
The invention is that
As can be seen from table 1, the references [1-4] do not achieve traceability, i.e. the trusted center cannot track the true identity of the malicious vehicle after serious accident caused by the malicious vehicle; the documents [3-4] cannot realize vehicle anonymity and mutual authentication at the same time, because the true identity of the vehicle is directly transmitted on a public channel, and the two communication parties do not perform mutual authentication before calculating a session key; none of the documents [1-5] supports the anti-key exposure property, and only the present invention satisfies all of the above functions, so the present invention has a richer function and a stronger security property.
Among these, the authors, names and outlets of the document [1] are in particular He D, kumar N, khan M K, et al efficiency private-aware authentication scheme for mobile cloud computing services, IEEE Systems Journal,2018,12 (2): 1621-1631.
The authors, names and sources of document [2] are specifically Jia X, he D, kumar N, et al A provably secure and efficient identity-based anonymous authentication scheme for mobile edge computer Systems Journal,2019,14 (1): 560-571.
The authors, names and sources of document [3] are specifically Dang L, xu J, cao X, et al efficiency identity-based authenticated key agreement protocol with provable security for vehicular ad hoc networks, international Journal of Distributed Sensor Networks,2018,14 (4): 1550147718772545.
The authors, literature names and sources of literature [4] are in particular Li Q, hsu C F, raymond Choo K K, et al A Provably Secure and Lightweight Identity-base Two-Party Authenticated Key Agreement Protocol for Vehicular Ad Hoc networks.security and Communication Networks,2019,2019.
The authors, names and sources of document [5] are specifically Xu C, liu H, zhang Y, et al Mutual authentication for vehicular network in complex and uncertain driving. Neurol Computing and Applications,2020,32 (1): 61-72.
In summary, in order to resist the vehicle key exposure attack, the invention constructs an authentication key negotiation method with the key exposure resistance characteristic in the vehicle networking environment, which is named as a KERAKA method. The invention does not need a third party to participate in the authentication process, so that the trusted center TA does not need to be always in an online state. In the invention, the vehicle only needs to register once and store one key, so that the session key can be established with any edge node. In addition, compared with the traditional scheme, the method and the system have the advantages that in the initializing step of the Internet of vehicles system, a main public key of the Internet of vehicles system is not required to be set, so that the storage cost is reduced, and the safety of the Internet of vehicles system is improved. More importantly, the invention ensures that the key exposure attack of the vehicle can be resisted by updating the key of the vehicle at regular intervals, namely the key exposure of the vehicle in the current time period does not influence the security of the key in the time period before or after the current time period. Based on the CDH difficulty problem, the invention proves that the invention has the anti-key exposure characteristic under the random language machine model and meets the common security characteristic in the authentication key negotiation scheme. Meanwhile, efficiency analysis shows that compared with the existing literature, the method has obvious advantages and is more suitable for complex and changeable Internet of vehicles environments.
The above examples are preferred embodiments of the present invention, but the embodiments of the present invention are not limited to the above examples, and any other changes, modifications, substitutions, combinations, and simplifications that do not depart from the spirit and principle of the present invention should be made in the equivalent manner, and the embodiments are included in the protection scope of the present invention.

Claims (3)

1. An authentication key negotiation method with anti-key exposure characteristic in an internet of vehicles environment is characterized by comprising the following steps:
s1, initializing a vehicle networking system by a trusted center TA, and publishing a public parameter params of the vehicle networking system; the process is as follows:
s11, selecting a multiplication loop group G with two steps q 1 And G 2 Where q is a prime number of length 160 bits and G is group G 1 Generates a bilinear map e: G 1 ×G 1 →G 2 Representing the multiplication of two from the cyclic group G 1 Is mapped to a group element from group G by a bilinear pairing operation 2 Group elements of (2);
s12, selecting two random numbers
Figure FDA0004224830500000011
As master key for a vehicle networking system, +.>
Figure FDA0004224830500000012
An integer group representing modulo q and sending β secretly to the authorization server DS via a secure channel;
s13, firstly selecting a symmetrical encryption algorithm, namely E k (·)/D k (. Cndot.) wherein E k (. Cndot.) represents the encryption algorithm with a key, D k (. Cndot.) represents a decryption algorithm, k represents a key; then 5 hash functions are selected, and the following five conditions are respectively satisfied: h is a 1 (·),h 2 (·):{0,1} * →G 1
Figure FDA0004224830500000013
h 4 (·):G 2 →{0,1} * ,/>
Figure FDA0004224830500000014
Wherein h is 1 (·)、h 2 (. Cndot.) represents a string {0,1}, which is composed of 0 and 1 of arbitrary length * Mapping to group G 1 Element h of (2) 3 (. Cndot.) represents group G 1 、G 2 Character string {0,1} consisting of elements of (1) and 0 and 1 of arbitrary length * Is mapped to an element in an integer group of modulo q, h 4 (. Cndot.) represents group G 2 The elements in (a) are mapped into character strings {0,1}, which are composed of 0 and 1 with arbitrary length * ,h 5 (. Cndot.) represents a string {0,1}, which is composed of 0 and 1 of arbitrary length * Group G 1 Element and group G of (3) 2 The concatenation of the elements in (a) is mapped to the elements in the integer group of modulo q;
s14, the trusted center TA issues common parameters as follows: params (G) 1 ,G 2 ,g,e,h 1 ,h 2 ,h 3 ,h 4 ,h 5 ,E k (·)/D k (·));
S2, edge node EN j Registering with the trusted center TA to obtain a key pair
Figure FDA0004224830500000021
Wherein j represents the number of the edge node, +.>
Figure FDA0004224830500000022
Representing edge node EN j Is->
Figure FDA0004224830500000023
Representing edge node EN j Is a second private key of (a);
s3, vehicle V i Registering with a trusted center TA to obtain a pseudonymous identity PID i And an initial key SK at time period "0 i,0 Wherein i represents the number of the vehicle; the process is as follows:
s31, vehicle V i First, the true identity ID of the user is used for identifying the user i Transmitting the data to a trusted center TA through a secure channel;
s32, the trusted center TA receives the vehicle V i After registration request of (a) calculating vehicle V i PID of pseudonymous identity i =E α (ID i ) And the key SK of the vehicle at an initial period of "0 i,0 =[h 1 (PID i )] α ·[h 2 (PID i ||0)] β Where α is the master key of the Internet of vehicles system, E α (ID i ) Denoted alpha vs. vehicle V i Is the true identity ID of (2) i Encryption is carried out, h 1 (PID i ) Indicating the PID i Mapping to a group fromG 1 Group element of (h) 2 (PID i ||0) indicates that PID is to be performed i Splice mapping with "0" to one from group G 1 The symbol "·" represents a multiplication operation, "|" represents a string join operation, and will be (PID i ,SK i,0 ) Returning to the vehicle Vi;
s4, at the initial moment of the time period t, the vehicle V i Requesting an update key from the authorization server DS, after the authorization server DS receives the request, calculating the assistance key SK for the time period t d,t And returned to vehicle V i The method comprises the steps of carrying out a first treatment on the surface of the Vehicle V i Assistance key SK d,t With the aid of which the key SK for the current time period t is calculated i,t The method comprises the steps of carrying out a first treatment on the surface of the The process is as follows:
s41, at the initial time of the time period t, the vehicle V i Requesting an update key from the authorization server DS, after the authorization server DS receives the request, calculating the assistance key SK for the time period t d,t =[h 2 (PID i ||t)] β ·[h 2 (PID i ||t-1)] Will then assist the key SK d,t To vehicle V i
S42, vehicle V i After receiving the helper key, the key SK for time period t is calculated i,t =SK i,t-1 ·SK d,t =[h 1 (PID i )] α ·[h 2 (PID i ||t)] β And (SK) i,t-1 ,SK d,t ) Permanent deletion of SK i,t-1 Representing vehicle V i A key at time period t-1;
s5, vehicle V i Off-line calculation of authentication request parameters (R 1 ,R 2 E), first offline parameter R 1 =h 1 (PID i ) Second offline parameter R 2 =h 2 (PID i ||t), third offline parameter e=e (SK i,t ,h 1 (EID j ) Where "|" denotes a string connection operation, h 1 (PID i ) Representing the vehicle V i PID of pseudonymous identity i Mapping to a group G 1 Group element of (h) 2 (PID i I t) represents the PID to be used i And time period tThe mapping is from group G 1 Group elements of SK i,t Representing vehicle V i Key at time period t, EID j Representing edge node EN j Identity of (h) 1 (EID j ) Representing EID j Mapping to group G 1 Group element, e (SK) i,t ,h 1 (EID j ) Representing two from group G 1 Group element (SK) i,t ,h 1 (EID j ) Mapping to a group G by bilinear pairing operation 2 Group elements of (2);
s6, in the time period t, the vehicle V i And edge node EN j Mutual authentication, if the mutual authentication is successful, a common temporary session key VEK is established i,t
2. The authentication key agreement method with anti-key exposure property in the internet of vehicles environment according to claim 1, wherein the step S2 process is as follows:
s21, edge node EN j Identity identification EID of oneself j Sending the data to a trusted center TA through a secure channel;
s22, the trusted center TA receives the edge node EN j After registration request of (1), according to the received identity identification EID j Computing edge node EN j Key pair of (2)
Figure FDA0004224830500000031
Wherein->
Figure FDA0004224830500000032
h 1 (EID j ) Representing the edge node EN j Identity identification EID of (a) j Mapping to group G 1 Is then added with the key pair->
Figure FDA0004224830500000033
Returned to the edge node EN j
3. The authentication key agreement method with anti-key exposure property in the internet of vehicles environment according to claim 1, wherein the step S6 process is as follows:
s61, vehicle V i Randomly selecting two integers omega, u epsilon Z q * Calculate authentication request parameters (A, U 1 ,U 2 ,η,MAC 1 ) The following are provided: first authentication request parameter a=g ω Second authentication request parameter U 1 =R 1 u Third authentication request parameter
Figure FDA0004224830500000041
Sharing parameter TK i,t =E u Fourth authentication request parameter->
Figure FDA0004224830500000042
Verification code MAC 1 =h 5 (TK i,t ||η||U 1 ||U 2 I A I t), then authenticate message Mess 1 ={η,U 1 ,U 2 ,A,MAC 1 T is issued to edge node EN j Wherein i represents the number of the vehicle, the symbol
Figure FDA0004224830500000043
Representing a string exclusive or operation, "||" representing a string join operation, h 4 (TK i,t ) Representing the to-be-shared parameter TK i,t Mapping into character strings with the length of 32 bits, and h 5 (TK i,t '||η||U 1 ||U 2 I A I t indication) parameters (TK) i,t ',η,U 1 ,U 2 The concatenation of A, t) maps to an element in an integer group of modulo q;
s62, edge node EN j Receiving authentication message 1 Then, the sharing parameters are calculated first
Figure FDA0004224830500000044
Verification code MAC 1 '=h 5 (TK i,t '||η||U 1 ||U 2 I A I t), wherein->
Figure FDA0004224830500000045
The representation will come from group G 1 Is->
Figure FDA0004224830500000046
Mapping to a group G by bilinear pairing operation 2 Group element of->
Figure FDA0004224830500000047
The representation will come from group G 1 Is->
Figure FDA0004224830500000048
Mapping to a group G by bilinear pairing operation 2 Is used to represent the multiplication; then verify the MAC 1 ' and received MAC 1 If the verification is equal, if not, the verification fails; if equal, edge node EN j Then the next operation is performed and an integer b epsilon Z is randomly selected q * Calculate the parameter b=g b Vehicle V is restored i Is->
Figure FDA0004224830500000049
Computing session key VEK i,t =h 3 (TK i,t '||t||PID i ||EID j ||A b ) Verification code MAC 2 =h 3 (VEK i,t ||TK i,t '||PID i I B), wherein h 3 (TK i,t '||t||PID i ||EID j ||A b ) Representing the parameters (TK i,t ',t,PID i ,EID j ,A b ) Is mapped to an element in an integer group of modulo q, h 3 (VEK i,t ||TK i,t '||PID i The expression of the parameter (VEK) i,t ,TK i,t ',PID i The concatenation of B) is mapped to an element in an integer group of modulo q; finally, edge node EN j Will authenticate the message 2 ={B,MAC 2 Is sent to vehicle V i
S63, vehicle V i Receiving authentication message 2 After that, the session key VEK is calculated first i,t '=h 3 (TK i,t ||t||PID i ||EID j ||B ω ) Verification code MAC' 2 =h 3 (VEK i,t '||TK i,t ||PID i I B) and then verify MAC' 2 And received MAC 2 If the two types of data are matched, if the two types of data are not matched, authentication fails; otherwise, vehicle V i And edge node EN j Mutually authenticated VEK i,t I.e. the established session key.
CN202110787297.0A 2021-07-13 2021-07-13 Authentication key negotiation method with anti-key exposure characteristic in Internet of vehicles environment Active CN113630243B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110787297.0A CN113630243B (en) 2021-07-13 2021-07-13 Authentication key negotiation method with anti-key exposure characteristic in Internet of vehicles environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110787297.0A CN113630243B (en) 2021-07-13 2021-07-13 Authentication key negotiation method with anti-key exposure characteristic in Internet of vehicles environment

Publications (2)

Publication Number Publication Date
CN113630243A CN113630243A (en) 2021-11-09
CN113630243B true CN113630243B (en) 2023-07-14

Family

ID=78379633

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110787297.0A Active CN113630243B (en) 2021-07-13 2021-07-13 Authentication key negotiation method with anti-key exposure characteristic in Internet of vehicles environment

Country Status (1)

Country Link
CN (1) CN113630243B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244514B (en) * 2022-02-21 2022-05-24 图灵人工智能研究院(南京)有限公司 Data security processing method based on Internet of vehicles
CN114978712B (en) * 2022-05-25 2023-08-22 中南财经政法大学 Remote secure communication method, system, equipment and terminal of touch Internet of things

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108322486A (en) * 2018-05-07 2018-07-24 安徽大学 Authentication protocol towards multiserver framework under a kind of car networking cloud environment
CN110351272A (en) * 2019-07-11 2019-10-18 北京电子科技学院 A kind of general anti-quantum two-way authentication cryptographic key negotiation method (LAKA)

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108322486A (en) * 2018-05-07 2018-07-24 安徽大学 Authentication protocol towards multiserver framework under a kind of car networking cloud environment
CN110351272A (en) * 2019-07-11 2019-10-18 北京电子科技学院 A kind of general anti-quantum two-way authentication cryptographic key negotiation method (LAKA)

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
面向车联网的多服务器架构的匿名双向认证与密钥协商协议;谢永;吴黎兵;张宇波;叶璐瑶;;计算机研究与发展(第10期);全文 *

Also Published As

Publication number Publication date
CN113630243A (en) 2021-11-09

Similar Documents

Publication Publication Date Title
CN110971415B (en) Space-ground integrated space information network anonymous access authentication method and system
Azees et al. EAAP: Efficient anonymous authentication with conditional privacy-preserving scheme for vehicular ad hoc networks
Cao et al. Fast authentication and data transfer scheme for massive NB-IoT devices in 3GPP 5G network
Cui et al. HCPA-GKA: A hash function-based conditional privacy-preserving authentication and group-key agreement scheme for VANETs
Chim et al. SPECS: Secure and privacy enhancing communications schemes for VANETs
CN112039872A (en) Cross-domain anonymous authentication method and system based on block chain
Kang et al. Highly efficient randomized authentication in VANETs
CN107493165B (en) Internet of vehicles authentication and key agreement method with strong anonymity
CN113630243B (en) Authentication key negotiation method with anti-key exposure characteristic in Internet of vehicles environment
CN109347626B (en) Safety identity authentication method with anti-tracking characteristic
EP2664099B1 (en) Methods and apparatuses for distributing keys for ptp protocol
CN110166228B (en) Privacy protection method based on certificate-free ring signcryption in vehicle-mounted self-organizing network
CN102904896A (en) Anonymous authentication scheme under vehicular ad hoc network based on biometric encryption technology
Hu et al. Efficient HMAC-based secure communication for VANETs
Han et al. A self-authentication and deniable efficient group key agreement protocol for VANET
Patel et al. Vehiclechain: Blockchain-based vehicular data transmission scheme for smart city
Xie et al. Provably secure and anonymous V2I and V2V authentication protocol for VANETs
He et al. An accountable, privacy-preserving, and efficient authentication framework for wireless access networks
Amin et al. An enhanced anonymity resilience security protocol for vehicular ad-hoc network with scyther simulation
Zhang et al. A novel privacy-preserving authentication protocol using bilinear pairings for the VANET environment
Mahmood et al. A provably secure mobile user authentication scheme for big data collection in IoT-enabled maritime intelligent transportation system
Karim et al. BSDCE-IoV: blockchain-based secure data collection and exchange scheme for IoV in 5G environment
Xie et al. Provable secure and lightweight vehicle message broadcasting authentication protocol with privacy protection for VANETs
CN116056080A (en) Satellite switching authentication method for low-orbit satellite network
Büttner et al. Real-world evaluation of an anonymous authenticated key agreement protocol for vehicular ad-hoc networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant