CN113766452B - V2X communication system, communication key distribution method and implicit authentication method - Google Patents

V2X communication system, communication key distribution method and implicit authentication method Download PDF

Info

Publication number
CN113766452B
CN113766452B CN202110724085.8A CN202110724085A CN113766452B CN 113766452 B CN113766452 B CN 113766452B CN 202110724085 A CN202110724085 A CN 202110724085A CN 113766452 B CN113766452 B CN 113766452B
Authority
CN
China
Prior art keywords
key
communication
certificate
processing module
vehicle
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110724085.8A
Other languages
Chinese (zh)
Other versions
CN113766452A (en
Inventor
肖佃艳
李政
陈燕呢
李承泽
范乐君
赵怀瑾
申任远
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National Computer Network and Information Security Management Center
Original Assignee
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National Computer Network and Information Security Management Center filed Critical National Computer Network and Information Security Management Center
Priority to CN202110724085.8A priority Critical patent/CN113766452B/en
Publication of CN113766452A publication Critical patent/CN113766452A/en
Application granted granted Critical
Publication of CN113766452B publication Critical patent/CN113766452B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Abstract

The invention discloses a V2X communication system, a communication key distribution method and an implicit authentication method. Sending out first request information for applying for a pseudonym certificate and second request information for establishing a communication request through a first processing module, and respectively generating an intermediate key and a vehicle key package through a second processing module and a third processing module; in the aspect of communication establishment, a first processing module directly establishes a communication link with a fourth processing module; the key generation method is designed based on the problem of small integer solution, has good quantum attack resistance, and can effectively avoid series connection between the key generator and the key requester; the auditor of the communication request is not directly connected with the generator of the secret key, so that the mutual serial connection is avoided, and the access request of the non-authentication client is ensured to be excluded; the safety and reliability of the whole communication network are ensured.

Description

V2X communication system, communication key distribution method and implicit authentication method
Technical Field
The invention relates to the technical field of intelligent vehicle communication, in particular to a V2X communication system, a communication key distribution method and an implicit authentication method.
Background
Along with the development of intelligent networking, the traffic vehicles gradually have calculation and communication capabilities, and the intelligent integration of a traffic system is promoted. In particular, V2X communication technology is rapidly evolving, further enhancing the ability of vehicles to communicate with other entities (e.g., other vehicles, roadside units RSUs, pedestrians, etc.). The intelligent trend of the traffic system not only enables vehicles to be added into the everything interconnection layout, but also enables the traffic system to be more efficient and safer.
Information security and privacy protection are vital safety elements of intelligent transportation systems. Authentication technology is a fundamental means of protecting data integrity, identity authenticity, and legitimacy. Based on the security requirements of information security and privacy protection, many security solutions for identity authentication and management based on vehicle PKI technology are presented. Among them, the secure trusted management system (SCMS) is one of the powerful competitions of the U.S. intelligent transportation system security authentication standard. SCMS offer a wide range of security attributes including, but not limited to, data authentication, vehicle privacy protection, malicious behavior vehicle tracking, and the like. The security feature for privacy protection is achieved by a pseudonymous certificate, i.e. the certificate does not expose the identity of the holder. Wherein the pseudonym certificate distribution process of SCMS relies on "butterfly" key flooding technology. For a single client request, the "butterfly" key diffusion technique can issue pseudonym certificates of arbitrary size and batch without exposing the holder's sensitive data. Thus, any internal or external entity cannot distinguish whether a pseudonymous certificate is issued to a different user or the same user.
Although V2X communication technology is very promising and application-prospect, current V2X information security solutions, including SCMS, are based on Elliptic Curve Cryptography (ECC), which is very vulnerable under quantum attack. Quantum attack is devastating to current V2X communication systems because it not only violates the privacy of the communication entities within the V2X communication system, but also alters the rights of users within the system by forging digital signatures, etc., thus making it less secure.
Disclosure of Invention
Aiming at the defect of low safety in the prior art, the invention discloses a V2X communication system, a communication key distribution method and an implicit authentication method, and the invention can effectively improve the safety and reliability of the V2X communication system.
The invention realizes the aim through the following technical scheme:
a V2X communication system, comprising:
a first processing module for activating a registration certificate based on the true identity information and generating first request information for applying a pseudonym certificate based on the registration certificate; simultaneously receiving a vehicle key package generated based on the first request information, and generating second request information for interactive communication in the system based on the vehicle key package;
the second processing module is used for responding to the first request information, generating an intermediate key for generating the implicit certificate and forwarding the generated implicit certificate to a certificate requester under the condition that the verification data source is qualified;
the third processing module is used for generating a vehicle key package according to the received intermediate key and sending the vehicle key package to the data forwarding party;
and the fourth processing module is used for receiving the second request information sent by the communication requester and establishing a communication link with the communication requester under the condition of verifying that the pseudonym certificate is true.
Preferably, the first processing module includes a data generating unit for generating the first request information and the second request information and a data storing unit for storing the public and private key and the registration certificate;
the second processing module comprises a communication unit for data transceiving and an intermediate key generation unit for generating an intermediate key;
the third processing module comprises a key generation unit for generating a vehicle key package and a storage unit for storing public and private pairs and various parameters;
the fourth processing module comprises a communication unit for receiving various requests and establishing corresponding communication connection and a verification unit for analyzing the received requests and judging authenticity.
A V2X communication key distribution method, comprising:
activating a registration certificate based on the true identity information and generating first request information for applying a pseudonym certificate based on the registration certificate; simultaneously receiving an implicit certificate generated based on the first request information and generating a pseudonym certificate for intra-system interactive communication based on the implicit certificate;
generating an intermediate key for implicit certificate generation in response to the first request information, and forwarding the generated implicit certificate to the certificate requester if the verification data source is qualified;
generating an implicit certificate according to the received intermediate key and sending the implicit certificate to a data forwarding party;
preferably, the first request information includes a pseudonym certificate application request, an application number, a random function f (·) and a vehicle registration certificate; the activation of the registration certificate includes applying for activation directly to the second processing module or by sending a VIN code to the second processing module.
Preferably, the intermediate key is generated by a random function f (·) and a public key which is externally disclosed, and the specific expression is as follows: pk (pk) 1 =pk+a×f(1)modq;
pk 2 =pk+a×f(2)modq;
pk n =pk+a×f(n)modq。
Preferably, the vehicle key package generation includes the steps of:
selecting a random vector e i D, wherein D is discrete Gaussian distribution;
calculating intermediate variable ID by random vector i =pk i +a×e i modq;
Generating implicit certificate cert from intermediate vectors i =<ID i ,meta>;
Generating a corresponding key S from an implicit certificate i =H(cert i )×e i +mskmodq;
Repeating the above process to generate all implicit certificates and keys corresponding to the implicit certificates, integrating each privacy certificate and the corresponding key to generate a plurality of key groups, and finally integrating each key group into a vehicle key package.
Preferably, the second request information generation includes the steps of:
randomly selecting a group of key groups from the received vehicle key package, and extracting corresponding public and private key pairs;
calculate sk' i =H(cert i )×(sk+f(i))+mpkmodq;
Calculation of pk' i =a×sk i ' modq and H (cert) i )×ID i +mpkmod, determining whether the above two calculation results are equal, if so, the pseudonym certificate is valid, and storing<sk′ i ,pk′ i >Generating vehicle identity information for the corresponding signing key pair at the same time; otherwise cert i And (3) invalidating.
Randomly selecting a group of corresponding signing key pairs and implicit certificates, and randomly selecting a {0,1} coefficient polynomial e; calculating a signature according to the signature private key pair, and generating an information packet to be interacted by combining the communication information M; the expression of the signature is sign=sk' +H (M|timestamp|cert|t) ×emodq, the t=a×emodq, and the expression of the information packet to be interacted is < M, t, sign, timestamp >;
and integrating the vehicle identity information and the information packet to be interacted into second request information.
A V2X key implicit authentication method, comprising:
receiving second request information, and analyzing the second request information into vehicle identity information and an information packet to be interacted;
respectively identifying the authenticity of the vehicle identity information and the information package to be interacted, and if the identification is passed, triggering the verification to pass, reading the communication information M and establishing a communication link with a communication requester; otherwise, the verification fails.
Preferably, the verification of the information packet to be interacted comprises the following steps:
analyzing the information packet to be interacted and extracting corresponding parameters;
verifying whether the following formula holds by combining system public parameters: a×sign=pk' +h (m||timestamp) cert I T x tmodq); if so, the vehicle information passes verification, otherwise, all the procedures are terminated.
Preferably, the vehicle identity information verification includes:
extracting a corresponding ID according to the registration certificate cert;
verifying whether the following formula holds: pk' =h (cert) ×id+mpkmodq; if so, the identity information is verified to be qualified, otherwise, all the procedures are terminated.
Preferably, the method further comprises batch authentication, including:
and simultaneously receiving a plurality of verification requests sent by a plurality of different vehicles, wherein the expression of the verification requests is as follows:
<M 1 ,t 1 ,Sign 1 ,timestamp 1 >
<M 2 ,t 2 ,Sign 2 ,timestamp 2 >
<M n ,t n ,Sign n ,timestamp n >;
randomly selecting n messages from the authentication request, i.e. (x) 1 ,x 2 ,.....x n ) And calculates whether the following formula is satisfied:
if yes, the authentication is passed.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention sends out a first request message for applying a pseudonym certificate and a second request message for establishing a communication request through a first processing module, and simultaneously generates an intermediate key and a final vehicle key package through a second processing module and a third processing module respectively; meanwhile, in the aspect of communication establishment, a first processing module directly establishes a communication link with a fourth processing module;
the technical scheme of the invention realizes the generation of the secret key in a mode of respectively generating the secret key, and the mode can effectively avoid the serial connection between the secret key generator and the secret key requester, thereby improving the safety and the reliability of the secret key in a secret key distribution mode;
meanwhile, the auditor of the communication request is not directly contacted with the generator of the secret key, and the auditor and the generator of the secret key are prevented from being connected in series, so that the access request of the non-authentication client is ensured to be excluded in a secret key distribution mode, and the safety and the reliability of the whole communication network are ensured;
compared with the existing scheme based on elliptic curve cryptography, the key generation scheme and the cryptographic algorithm are designed based on the problem of small integer solution, have the characteristic of quantum attack resistance, and further improve the safety and reliability of the whole set of key distribution scheme and verification mechanism, so that the key is prevented from being attacked and solved and deciphered.
3. According to the invention, the vehicle public key is expanded through the random function so as to generate the intermediate key, wherein the random function is randomly agreed between the requester of the pseudonym certificate and the second processing module, so that the generation of the key operated by key generators in series is avoided, the uncertainty of the key is greatly improved, and the reliability and the safety of the key generation process are further improved.
4. In the vehicle key generation process, the implicit certificate and the corresponding key are generated, and the pseudonym certificate can be judged to be true only under the condition that the implicit certificate and the key are correct, so that the security of the pseudonym certificate is greatly improved;
meanwhile, the subsequent verification of the validity of the pseudonym certificate is also realized through the implicit certificate, so the invention realizes the verification of the validity of the pseudonym certificate through an implicit authentication mode.
5. The key distribution method and the implicit authentication method are based on modulo addition and multiplication operation on an integer ring, and therefore have homomorphic properties. By utilizing the characteristics, based on the randomness principle, the authentication of a plurality of verification messages in batches can be realized at the same time; and can find out malicious information of authentication failure through limited times of calculation under the condition of authentication error. The authentication efficiency of the V2X communication system when processing the multiparty authentication request is greatly improved, and the problems of low efficiency, easy system congestion and the like caused by authentication one by one are avoided.
Drawings
FIG. 1 is a schematic diagram of the structure of the present invention;
FIG. 2 is a flow chart of key generation and distribution in accordance with the present invention;
FIG. 3 is a flow chart of an implicit authentication method of the present invention;
reference numerals: 1. the device comprises a first processing module, 2, a second processing module, 3, a third processing module, 4, a fourth processing module, 11, a data generation unit, 12, a data storage unit, 13, a first communication unit, 21, a second communication unit, 22, an intermediate key generation unit, 31, a key generation unit, 32, a storage unit, 33, a third communication unit, 41, a fourth communication unit, 42 and a verification unit.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more clear, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.
Embodiment 1
As a basic embodiment of the present invention, as shown in fig. 1, a V2X communication system is disclosed, which includes a first processing module 1, a second processing module 2, a third processing module 3, and a fourth processing module 4, where the first processing module 1 is built in a vehicle, and the first processing module 1 includes a data generating unit 11 and a data storage unit 12, where the data storage unit 12 stores therein a registration certificate generated based on real identity information of the vehicle, and also stores therein a private key and a returned and validated pseudonym certificate in the data storage unit 12; the data generating unit 11 generates first request information for applying a pseudonym certificate according to a registration certificate, and generates second request information for interactive communication in a system according to a vehicle key package at the same time, and the first processing module 1 further comprises a first communication unit 13 for interactive communication of information;
a second processing module 2, including a second communication unit 21 for data transceiving and an intermediate key generating unit 22 for generating an intermediate key, wherein the second communication unit 21 is configured to receive the first request information, and control the intermediate key generating unit 22 to generate the intermediate key for implicit certificate generation when verifying that the data is true or false, and the second communication unit 21 also forwards the generated implicit certificate to the certificate requester when verifying that the data source is acceptable;
the third processing module 3 includes a key generation unit 31 for generating a vehicle key package, a storage unit 32 for storing a public and private pair and various parameters, and a third communication unit 33 for receiving and transmitting various information;
the fourth processing module 4 includes a fourth communication module 41 for receiving various requests and establishing corresponding communication connections, and a verification module 42 for analyzing the received requests and determining authenticity.
Embodiment 2
As a preferred embodiment of the present invention, as shown in fig. 2, the present embodiment discloses a V2X communication key distribution method, which includes the following steps:
s1, presetting a registration certificate bound with a true identity when a vehicle leaves a factory, and enabling a client to send a request for activating the registration certificate to a second processing module through a first processing module or send a VIN code to the second processing module for activation;
generating first request information through a first processing module, and sending the first request information to a second processing module; the first message for requesting information includes: a pseudonym certificate application request, a declared quantity n, a random function f (·) and a registration certificate;
s2, receiving first request information, analyzing the first request information, extracting the application number n and the random function f (-) from the first request information, and extracting a public key of the vehicle from the registration certificate;
calculating an intermediate key according to the application number n, the random function f (-) and the public key, and packaging the generated intermediate key and sending the packaged intermediate key to a third processing module; wherein the expression of the intermediate key is:
pk 1 =pk+a×f(1)modq;
pk 2 =pk+a×f(2)modq;
pk n =pk+a×f(n)modq;
wherein a and q are public parameters preset by a system, and a represents a random coefficient polynomial; sk and pk respectively represent a preset vehicle private key and a preset vehicle public key, which are externally disclosed in a registration certificate, and the calculation formula is pk=a×skmodq;
s3, the third processing module receives the intermediate keys, analyzes the intermediate keys, extracts each intermediate key, and extracts any intermediate key pk i
Selecting a random vector e i D, wherein D is discrete Gaussian distribution;
calculating an intermediate variable by combining a random vector with a public random coefficient polynomial a disclosed by the system, wherein the expression is as follows: ID (identity) i =pk i +a×e i modq;
Generating implicit certificate cert from intermediate variables i =<ID i ,meta>The method comprises the steps of carrying out a first treatment on the surface of the Wherein meta represents the validity period, serial number of the registration certificate;
generating a corresponding key according to the implicit certificate and the private key of the master part S i =H(cert i )×e i +mskmod q; wherein msk and mpk respectively represent a private key and a public key preset in the third processing module, the public key of the private key is disclosed outwards, and the private key is saved by itself, wherein msk=a×mpkmodq;
repeating the above process until all the implicit certificates and the keys corresponding to the implicit certificates are generated, integrating all the implicit certificates and the corresponding keys to generate a plurality of key groups, finally integrating all the key groups into a vehicle key package, and sending the encrypted signature of the vehicle key package to a second processing module;
s4, the second processing module receives the vehicle key package, verifies the signature of the vehicle key package, and forwards the vehicle key package to the first processing module after the vehicle key package is qualified in verification;
s5, the first processing module receives the vehicle key package from the second processing module, analyzes the vehicle key package, and extracts any group of key sets (cert) i ,s i ) Simultaneously extracting a corresponding public and private key pair;
calculate sk' i =H(cert i )×(sk+f(i))+mpkmodq;
Recalculate pk' i =a×sk i ' modq and H (cert) i )×ID i +mpkmod, determining whether the above two calculation results are equal, if so, the pseudonym certificate is valid, and storing<sk′ i ,pk′ i >Generating vehicle identity information for the corresponding signing key pair at the same time; otherwise cert i Invalidating;
embodiment 3
As a preferred embodiment of the present invention, as shown in fig. 3, the present embodiment discloses a V2X key implicit authentication method, which includes the following steps:
s1, a first processing module randomly selects a group of corresponding signature key pairs and implicit certificates from stored effective pseudonym certificates, and randomly selects a {0,1} coefficient polynomial e;
calculating a signature according to a signature private key pair, and generating an information packet to be interacted by combining communication information M to be transmitted, wherein the expression of the signature is sign=sk' +H (M|timestamp|cert|t) ×emodq, wherein t=a×emodq;
generating an information packet to be interacted according to the signature, and integrating the vehicle identity information and the information packet to be interacted into second request information, wherein the expression of the information packet to be interacted is < M, t, sign, timestamp >, and the expression of the vehicle identity information is < cert, pk' >;
s2, the fourth processing module receives second request information and analyzes the second request information into vehicle identity information and an information packet to be interacted;
s3, analyzing the information packet to be interacted, extracting corresponding parameters, and verifying whether the following formula is established by combining the system public parameters: a×sign=pk' +h (m||h) Timestamp|cert|t) ×tmodq;
if so, the vehicle information passes verification, otherwise, all the programs are terminated;
s4, analyzing the vehicle identity information, and extracting a corresponding ID according to the registration certificate cert;
verifying whether the following formula holds: pk' =h (cert) ×id+mpkmodq; if so, the identity information is verified to be qualified, otherwise, all the programs are terminated;
s5, judging that the second request information is true under the condition that the step S3 and the step S4 are both passed, triggering verification to pass, reading the communication information M and establishing a communication link with a communication requester;
if the fourth processing module receives several second request messages at the same time, n, i.e., (x) are selected from the received several request messages 1 ,x 2 ,.....x n ) Then, it is verified whether the following formula is established,if so, all the received second request information passes verification.

Claims (9)

1. A V2X communication system, comprising:
a first processing module (1) for activating a registration certificate based on real identity information and generating first request information for applying a pseudonym certificate based on the registration certificate; simultaneously receiving a vehicle key package generated based on the first request information, and generating second request information for interactive communication in the system based on the vehicle key package;
a second processing module (2) for generating an intermediate key for implicit certificate generation in response to the first request information and forwarding the generated implicit certificate to the certificate requester in case that the source of the verification data is qualified;
a third processing module (3) for generating a vehicle key package according to the received intermediate key and transmitting the vehicle key package to the data forwarding party;
a fourth processing module (4) for receiving the second request information sent by the communication requester and establishing a communication link with the communication requester if the pseudonym certificate is verified to be true;
wherein, the vehicle key package generation includes the following steps:
selecting a random vector e i D, wherein D is discrete Gaussian distribution;
calculating intermediate variable ID by random vector i =pk i +a×e i modq, where pk i Representing any intermediate key, a, q being a predetermined random coefficient polynomial, e i Is a random vector;
generating implicit certificate cert from intermediate vectors i =<ID i ,meta>Meta indicates the validity period, serial number of the registration certificate;
generating a corresponding key S from an implicit certificate i =H(cert i )×e i +mskmod, msk representing the private key preset in the third processing module, cert i Is an implicit certificate;
repeating the above process to generate all implicit certificates and keys corresponding to the implicit certificates, integrating each privacy certificate and the corresponding key to generate a plurality of key groups, and finally integrating each key group into a vehicle key package.
2. A V2X communication system according to claim 1, characterized in that;
the first processing module (1) comprises a data generating unit (11) for generating first request information and second request information, a data storage unit (12) for storing public and private keys and registration certificates, and a first communication unit (13) for communication connection;
the second processing module (2) comprises a second communication unit (21) for data transceiving and an intermediate key generation unit (22) for generating an intermediate key;
the third processing module (3) comprises a key generation unit (31) for generating a vehicle key package, a storage unit (32) for storing public and private key pairs and various parameters, and a third communication unit (33) for communication connection;
the fourth processing module (4) comprises a fourth communication unit (41) for receiving various requests and establishing corresponding communication connection and a verification unit (42) for analyzing the received requests and judging authenticity.
3. A V2X communication key distribution method, comprising:
the first processing module (1) activates a registration certificate based on the true identity information and generates first request information for applying a pseudonym certificate based on the registration certificate; simultaneously receiving an implicit certificate generated based on the first request information and generating a pseudonym certificate for intra-system interactive communication based on the implicit certificate;
the second processing module (2) responds to the first request information, generates an intermediate key for implicit certificate generation, and forwards the generated implicit certificate to a certificate requester under the condition that the verification data source is qualified;
the third processing module (3) generates a vehicle key package according to the received intermediate key and sends the vehicle key package to the data forwarding party;
a fourth processing module (4) receives second request information sent by a communication requester and establishes a communication link with the communication requester under the condition of verifying that the pseudonym certificate is true;
wherein, the vehicle key package generation includes the following steps:
selecting a random vector e i D, wherein D is a discrete Gaussian distribution
Calculating intermediate variable ID by random vector i =pk i +a×e i modq, where pk i Representing any intermediate key, wherein a and q are preset random coefficient polynomials;
generating implicit certificate cert from intermediate vectors i =<ID i ,meta>Meta indicates the validity period, serial number of the registration certificate;
generating a corresponding key S from an implicit certificate i =H(cert i )×e i +mskmod, msk representing the private key preset in the third processing module, cert i Is an implicit certificate;
repeating the above process to generate all implicit certificates and keys corresponding to the implicit certificates, integrating each privacy certificate and the corresponding key to generate a plurality of key groups, and finally integrating each key group into a vehicle key package.
4. A V2X communication key distribution method according to claim 3, characterized in that: the first request information comprises a pseudonym certificate application request, an application quantity, a random function f (·) and a vehicle registration certificate; the activation of the registration certificate includes applying for activation directly to the second processing module or by sending a VIN code to the second processing module.
5. The V2X communication key distribution method according to claim 2, wherein: the intermediate key is generated through a random function f (-) and a public key which is disclosed externally, and the specific expression is as follows:
wherein a and q are common parameters preset by the system, a represents a random coefficient polynomial, n represents the application quantity, pk represents a preset public key of the vehicle, and pk i Representing any intermediate key.
6. A V2X communication key distribution method according to claim 3, characterized in that: the second request information generation includes the steps of:
randomly selecting a group of key groups from the received vehicle key package, and extracting corresponding public and private key pairs;
calculate sk' i =H(cert i )×(sk+f(u))+mpk mod q;
Calculation of pk' i =a×sk i ' mod q and H (cert) i )×ID i +mpa mod q, determining whether the above two calculation results are equal, if so, cert i Is effective and stored<sk′ i ,pki′ i >For the corresponding signing keySimultaneously generating vehicle identity information; otherwise cert i Invalidation, wherein a and q are common parameters preset by the system, cert i For an implicit certificate sk represents a pre-set vehicle private key, f (i) is a random function, mpk represents the public key in the third processing module, ID i Is an intermediate variable;
randomly selecting a group of corresponding signing key pairs and implicit certificates, and randomly selecting a {0,1} coefficient polynomial e; calculating a signature according to the signature private key pair, and generating an information packet to be interacted by combining the communication information M; the expression of the signature is sign=sk' +H (M|timestamp|t) x e mod q, the expression of the information packet to be interacted is < M, t, sign, timestamp >;
and integrating the vehicle identity information and the information packet to be interacted into second request information.
7. A V2X key implicit authentication method comprising the V2X communication key distribution method according to any one of claims 3 to 6, further comprising:
receiving second request information, and analyzing the second request information into vehicle identity information and an information packet to be interacted;
respectively identifying the authenticity of the vehicle identity information and the information package to be interacted, and if the identification is passed, triggering the verification to pass, reading the communication information M and establishing a communication link with a communication requester; otherwise, the verification fails.
8. The V2X key implicit authentication method of claim 7, wherein: the verification of the information package to be interacted comprises the following steps:
analyzing the information packet to be interacted and extracting corresponding parameters;
verifying whether the following formula holds by combining system public parameters: a×sign=pk' +h (miitimestamp iicet) ×t mod q; if so, the vehicle information passes verification, otherwise, all the programs are terminated;
the vehicle identity information verification includes:
extracting a corresponding ID according to the registration certificate cert;
verifying whether the following formula holds: pk' =h (cert) ×id+mpk mod q; if so, the identity information is verified to be qualified, otherwise, all the procedures are terminated.
9. The V2X key implicit authentication method of claim 8, wherein: also included is batch authentication, including:
and simultaneously receiving a plurality of verification requests sent by a plurality of different vehicles, wherein the expression of the verification requests is as follows:
<M 1 ,t 1 ,Sign 1 ,timestamp 1 >
<M 2 ,t 2 ,Sign 2 ,timestamp 2 >
<M n ,t n ,Sign n ,timestamp n >;
randomly selecting n messages from the authentication request, i.e. (x) 1 ,x 2 ,.....x n ) And calculates whether the following formula is satisfied:
if yes, the authentication is passed.
CN202110724085.8A 2021-06-29 2021-06-29 V2X communication system, communication key distribution method and implicit authentication method Active CN113766452B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110724085.8A CN113766452B (en) 2021-06-29 2021-06-29 V2X communication system, communication key distribution method and implicit authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110724085.8A CN113766452B (en) 2021-06-29 2021-06-29 V2X communication system, communication key distribution method and implicit authentication method

Publications (2)

Publication Number Publication Date
CN113766452A CN113766452A (en) 2021-12-07
CN113766452B true CN113766452B (en) 2023-10-27

Family

ID=78787504

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110724085.8A Active CN113766452B (en) 2021-06-29 2021-06-29 V2X communication system, communication key distribution method and implicit authentication method

Country Status (1)

Country Link
CN (1) CN113766452B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826716B (en) * 2022-04-18 2024-02-27 西安华企众信科技发展有限公司 Internet of vehicles condition privacy protection method based on certificate-free group signcryption

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20160038091A (en) * 2014-09-24 2016-04-07 현대자동차주식회사 Method and System for Issuing CSR Certificate for Vehicle-to-Anything Communication
CN105847235A (en) * 2016-03-14 2016-08-10 安徽大学 Identity based efficient anonymous batch authentication method in IOV (Internet of Vehicles) environment
CN109412816A (en) * 2018-12-20 2019-03-01 东北大学 A kind of vehicle-mounted net anonymous communication system and method based on ring signatures
CN109788482A (en) * 2019-02-26 2019-05-21 武汉大学 Message anonymous authentication method and system under a kind of car networking environment between vehicle
CN110233724A (en) * 2019-05-15 2019-09-13 上海大学 Mist calculates the car networking private data guard method based on dual assumed name under environment
WO2020041499A1 (en) * 2018-08-21 2020-02-27 Lg Electronics, Inc. Systems and methods for a butterfly key exchange program
CN111684760A (en) * 2017-10-22 2020-09-18 Lg 电子株式会社 Cryptographic method and system for managing digital certificates
CN112188439A (en) * 2020-09-28 2021-01-05 大唐微电子技术有限公司 Access authentication system of V2X equipment in Internet of vehicles
CN112887080A (en) * 2020-09-04 2021-06-01 深圳奥联信息安全技术有限公司 SM 2-based key generation method and system
WO2021126554A1 (en) * 2019-12-20 2021-06-24 Lg Electronics, Inc. Privacy-preserving delivery of activation codes for pseudonym certificates

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20160038091A (en) * 2014-09-24 2016-04-07 현대자동차주식회사 Method and System for Issuing CSR Certificate for Vehicle-to-Anything Communication
CN105847235A (en) * 2016-03-14 2016-08-10 安徽大学 Identity based efficient anonymous batch authentication method in IOV (Internet of Vehicles) environment
CN111684760A (en) * 2017-10-22 2020-09-18 Lg 电子株式会社 Cryptographic method and system for managing digital certificates
WO2020041499A1 (en) * 2018-08-21 2020-02-27 Lg Electronics, Inc. Systems and methods for a butterfly key exchange program
CN109412816A (en) * 2018-12-20 2019-03-01 东北大学 A kind of vehicle-mounted net anonymous communication system and method based on ring signatures
CN109788482A (en) * 2019-02-26 2019-05-21 武汉大学 Message anonymous authentication method and system under a kind of car networking environment between vehicle
CN110233724A (en) * 2019-05-15 2019-09-13 上海大学 Mist calculates the car networking private data guard method based on dual assumed name under environment
WO2021126554A1 (en) * 2019-12-20 2021-06-24 Lg Electronics, Inc. Privacy-preserving delivery of activation codes for pseudonym certificates
CN112887080A (en) * 2020-09-04 2021-06-01 深圳奥联信息安全技术有限公司 SM 2-based key generation method and system
CN112188439A (en) * 2020-09-28 2021-01-05 大唐微电子技术有限公司 Access authentication system of V2X equipment in Internet of vehicles

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Paulo S.L.M.Barreto ; et al.Schnorr-based implicit certification:improving the security and efficiency of vehicular communications.《IEEE Transactions on computers》.2020,全文. *
面向V2X安全通信的认证协议研究;吴甜甜;等;《智能计算机与应用》;全文 *

Also Published As

Publication number Publication date
CN113766452A (en) 2021-12-07

Similar Documents

Publication Publication Date Title
Ma et al. An efficient decentralized key management mechanism for VANET with blockchain
Bagga et al. On the design of mutual authentication and key agreement protocol in internet of vehicles-enabled intelligent transportation system
Ambrosin et al. SANA: Secure and scalable aggregate network attestation
Horng et al. b-SPECS+: Batch verification for secure pseudonymous authentication in VANET
Sun et al. A privacy-preserving mutual authentication resisting DoS attacks in VANETs
CN108768652B (en) Coalition block chain bottom layer encryption method capable of resisting quantum attack
CN102170352B (en) Method of using ECDSA with winternitz one time signature
CN111526023B (en) Block chain uplink data security authentication method and system based on IPK
CN113301022B (en) Internet of things equipment identity security authentication method based on block chain and fog calculation
US8667283B2 (en) Soft message signing
Shim Reconstruction of a secure authentication scheme for vehicular ad hoc networks using a binary authentication tree
CN111614621B (en) Internet of things communication method and system
Han et al. Improved dual-protected ring signature for security and privacy of vehicular communications in vehicular ad-hoc networks
CN114710275B (en) Cross-domain authentication and key negotiation method based on blockchain in Internet of things environment
CN115580488A (en) Vehicle-mounted network message authentication method based on block chain and physical unclonable function
CN113766452B (en) V2X communication system, communication key distribution method and implicit authentication method
Ogundoyin An Efficient, Secure and Conditional Privacy-Preserving Authentication Scheme for Vehicular Ad-hoc Networks.
CN111245611B (en) Anti-quantum computation identity authentication method and system based on secret sharing and wearable equipment
Hegde et al. Hash based integrity verification for vehicular cloud environment
CN116388995A (en) Lightweight smart grid authentication method based on PUF
CN110572257B (en) Identity-based data source identification method and system
CN113641975A (en) Identity registration method, identity verification method, device and system
Olufemi et al. SAMA: a secure and anonymous mutual authentication with conditional identity-tracking scheme for a unified car sharing system
CN112925535A (en) Method and device for installing embedded application of password chip
Ha et al. Quantum-resistant lattice-based authentication for V2X communication in C-ITS

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant