CN114302390B

CN114302390B - Intra-group authentication key negotiation method in vehicle-mounted ad hoc network

Info

Publication number: CN114302390B
Application number: CN202111510554.2A
Authority: CN
Inventors: 张海波; 陈舟; 刘开健; 黄宏武; 张耘浩
Original assignee: Guangzhou Zhuohang Information Technology Co ltd
Current assignee: Guangzhou Zhuohang Information Technology Co ltd
Priority date: 2021-12-10
Filing date: 2021-12-10
Publication date: 2024-05-17
Anticipated expiration: 2041-12-10
Also published as: CN114302390A

Abstract

The invention belongs to the field of authentication key negotiation, and particularly relates to an intra-group authentication key negotiation method in a vehicle-mounted ad hoc network; the method comprises the following steps: establishing a dynamic vehicle group according to the China remainder theorem; the information sender V _i in the vehicle group signs the information by using private key information, and the information receiver V _j authenticates the identity of the information sender V _i by using public key information in the signed information; after the information sender V _i and the information receiver V _j mutually authenticate the identity, the two communication parties carry out key negotiation according to the semi-swarm of Chebyshev chaotic mapping; a pseudonym updating mechanism and a private key updating mechanism are adopted to update corresponding pseudonyms and private keys of the vehicle respectively; the invention ensures that the safe communication can be carried out under the condition of malicious attack by tracing the identity of the malicious vehicle through the signature message and canceling the legal identity of the malicious vehicle by modifying the public key information corresponding to the malicious vehicle, thereby having good economic benefit.

Description

Intra-group authentication key negotiation method in vehicle-mounted ad hoc network

Technical Field

The invention belongs to the field of authentication key negotiation, and particularly relates to an intra-group authentication key negotiation method in a vehicle-mounted ad hoc network.

Background

The rapid development of wireless communication and automotive technology has prompted the development of intelligent transportation systems (ITS, INTELLIGENT TRANSPORTATION SYSTEM). The vehicle ad hoc network (VANET, vehicular Ad Hoc Network) is used as an important component of the ITS, and can provide auxiliary information such as current driving road surface condition, traffic congestion condition, weather condition and the like for vehicle nodes, so that a vehicle driver can drive the vehicle more safely and conveniently. The communication modes in VANET are mainly divided into two types: vehicle-to-Vehicle (V2V), vehicle-to-infrastructure (V2I). Both V2V and V2I communicate over the disclosed wireless channel and are therefore vulnerable to malicious attacks, such as eavesdropping, counterfeiting, replay attacks, etc., when information is transmitted in the VANET. The attack of malicious persons threatens the privacy security of communications in VANET. Meanwhile, the VANET system has characteristics of high-speed mobility of vehicles and rapid network topology change compared with other static network structures, which makes privacy security of the VANET system more vulnerable to vandals.

The authentication key agreement (AKA, authenticated AND KEY AGREEMENT) protocol enables participants to complete mutual authentication over a public network and establish a secure session key to protect privacy security of both parties to the communication.

Many scholars have done a lot of research work on AKA technology and have proposed many valuable solutions. The traditional public key infrastructure (PKI, public key infrastructure) scheme uses a digital certificate as a medium and combines symmetric and asymmetric encryption technology to bind the information such as the identity and the public key of a user together, thereby ensuring the integrity, the identity authentication and the non-repudiation of the message. However, this solution requires the management of a large number of anonymous certificates and revocation lists, and the storage overhead is very high; in addition, the certificate verification process of the scheme involves a large number of nodes, which is complicated, so that the scheme has low authentication efficiency. Blockchain-based authentication key agreement schemes provide mutual authentication and key agreement among users while protecting user privacy by taking advantage of blockchain benefits such as auditable journals, decentralized architecture, and denial of service prevention (DoS, denial of Service). But the blockchain-based authentication key negotiation scheme rarely considers factors of member dynamic change and cannot cope with the characteristic of rapid change of the VANET network topology. The non-certificate asymmetric group key negotiation scheme provides a public encryption key, each group member can calculate a corresponding decryption key, and only the group members can properly decrypt the information encrypted by the public key. The scheme can realize mutual authentication and key negotiation among members. However, the scheme does not consider the traceability and revocability of the identity of the members and cannot deal with the malicious behaviors of the group members.

Disclosure of Invention

Aiming at the defects existing in the prior art, the invention provides a method for negotiating an intra-group authentication key in a vehicle-mounted ad hoc network, which comprises the following steps: .

Establishing a dynamic vehicle group according to the China remainder theorem;

The information sender V _i in the vehicle group signs the information by using private key information, and the information receiver V _j authenticates the identity of the information sender V _i by using public key information in the signed information; after the information sender V _i and the information receiver V _j mutually authenticate the identity, the two communication parties carry out key negotiation according to the semi-swarm of Chebyshev chaotic mapping;

A pseudonym updating mechanism and a private key updating mechanism are adopted to update corresponding pseudonyms and private keys of the vehicle respectively;

The identity of the malicious vehicle is traced through the signature message, and the legal identity of the malicious vehicle is revoked through modifying public key information corresponding to the malicious vehicle.

Preferably, establishing the dynamic vehicle group according to the chinese remainder theorem includes: initializing a trusted center TA; the vehicle-mounted unit OBU and the roadside unit RSU are registered on the TA; the TA builds a dynamic vehicle group according to the registered OBU and RSU by adopting the China remainder theorem.

Further, the process of constructing the dynamic vehicle group is as follows: the trusted center constructs a congruence equation set according to the public key of the vehicle node i and the public key of the roadside unit, and the congruence equation set is expressed as:

where c denotes a system public key, y _i (i=1, 2, …, k) denotes a public key of the vehicle node i, y _k+1 denotes a public key of the roadside unit, p _i (i=1, 2, …, k) denotes a prime number issued by the trust center to the vehicle i, and p _k+1 denotes a prime number issued by the trust center to the roadside unit.

Preferably, the process of key negotiation by the two communication parties according to the semi-constellations of Chebyshev chaotic mapping comprises the following steps:

V _i selects a time stamp T _vi, and calculates B _vi and AIDV according to the selected time stamp; transmitting the request message { B _vi,T_vi,AIDV_i,SIDV_j } to the roadside unit RSU _i; wherein SIDV _j denotes a pseudonym of V _j, B _vi denotes a first pseudonym-verification-assistance parameter, AIDV _i denotes a second pseudonym-verification-assistance parameter;

S2: the RSU _i verifies the received request message, and if the verification fails, the request message is refused; if the verification is successful, the RSU _i sends { p _j,T_Ri } to V _i; where p _j represents the prime number of V _j and T _Ri represents the timestamp sent by RSU _i to V _i;

S3: v _i verifies the message from RSU _i and if the verification is passed, sends a key agreement request message to V _j; if the verification fails, refusing to receive the message of the RSU _i; wherein the key agreement request message includes: first signature of V _i Second signature of V _i The time segment T _vi,V_i sends a time stamp T _ij of V _j and key negotiation information xi ₁;

S4: v _j verifies the timestamp in the key negotiation request message, if verification is successful, the prime number request message is sent to RSU _i, and if verification fails, the key negotiation request message is refused to be received;

S5: the RSU _i verifies the received key negotiation request message, and if the verification fails, the request message is refused; if the verification is successful, the RSU _i sends { p _i,T_Rj } to V _j; where p _i represents the prime number of V _i and T _Rj represents the current timestamp of the system;

S6: v _j verifies the message from RSU _i, after the verification is passed, V _j authenticates the identity information of V _i, and after the authentication is successful, the key negotiation message is sent to V _i; otherwise refusing to send key negotiation message;

S7: v _i checks the key agreement message of V _j, if the check fails, the session key establishment fails, and if the check succeeds, the session key establishment succeeds.

Further, the RSU _i verifies the received request message including: judging whether the freshness condition is satisfied, if not, rejecting the request message, and if so, calculating B _vi 'according to the prime number p _i of V _i and the time stamps T _vi and AIDV _i'; and judging whether B _vi' and B _vi are equal, if so, verifying successfully, and if not, verifying failed.

Further, the authentication of the identity information of V _i by V _j includes: calculating a public key y _i of the vehicle node i according to the prime number p _i of V _i, and calculating an equation according to the public key y _i of the vehicle node iIf not, V _j refuses the key negotiation request of V _i, and if so, the identity authentication is successful.

Preferably, the pseudonym update mechanism is: the trusted center TA assigns a pseudonym update seed delta ID _j to each registered vehicle; when the vehicle node V _i accesses V _j the current pseudonymAfter the corresponding prime numbers, the roadside unit RSU sends a pseudonym update request to the TA; TA calculates the next pseudonym/>, corresponding to V _j And publishing; recording the corresponding prime numbers p _j and l, and recording the corresponding list/>, of the kana prime numbersAnd transmitted to the RSU.

Preferably, the private key update mechanism is: v _i private key at t _vi time segment isThe private key of V _i is/>, within t _vi +1 time slicesWhen the private key corresponding to the t _vi +1 time slices is generated, the OBU _i deletes the private key of the t _vi time slice immediately; if t _vi =l, the key of the t _vi +1 time segment output by the vehicle node V _i is a null string; when the time segment of V _i expires, V _i reselects private key x' _i,0 and recalculates the corresponding public key y _i, and TA updates system public key c based on the recalculated public key y _i.

Preferably, the process of canceling the legal identity of the malicious vehicle by modifying the public key information corresponding to the malicious vehicle is as follows: when V _i issues a malicious message within the coverage of RSU _i, RSU _i obtains p _i used by V _i in sending the malicious message; finding the current pseudonym generated by the trusted center TA for V _i in the pseudonym and prime number list lambda _SIDV,p to obtain the current pseudonym SIDV _i of V _i; transmitting the pseudonyms SIDV _i and p _i to the TA, and judging the real identity of the vehicle corresponding to the pseudonym by the TA through the l corresponding to the equation H ₀(IDV_i||δ_sk)＝SIDV_i、p_i and the pseudonym update seed delta ID _i; based on the true identity of the vehicle to which the pseudonym corresponds, the TA will revoke the legitimate identity of V _i within the group.

Further, the modification of the public key information corresponding to the malicious vehicle includes: the public key information y _i corresponding to the V _i is modified into another random number y' _i, other vehicle node information is kept unchanged, and the system public key c is updated.

The beneficial effects of the invention are as follows: according to the invention, the problems of rapid movement of the vehicle and rapid change of the topology of the vehicle in the VANET system are considered, a dynamic vehicle group is established by utilizing the China remainder theorem, and the rapid change of the topology of the VANET network is adapted; aiming at the problem that communication on a network which is re-disclosed by a vehicle in VANET is easily subjected to a series of attacks such as eavesdropping, tampering and imitation, key negotiation is carried out by utilizing the semi-swarm through Chebyshev chaotic mapping, and the communication information is encrypted by using the negotiated key so as to complete secure communication on the public network; the corresponding pseudonym and private key of the vehicle are updated by adopting a pseudonym updating scheme and a private key updating scheme, so that the identity privacy safety of the vehicle is effectively protected; for the problem of malicious vehicles in the vehicle group, the identity of the malicious vehicles is traced by utilizing signature information of the malicious vehicles, and legal identities of the malicious vehicles are revoked by modifying public key information corresponding to the malicious vehicles; the BAN logical model is utilized to formalize the semantic security of the authentication key negotiation scheme, so that the security communication can be ensured under the condition of malicious attack, and the economic benefit is good.

Drawings

Fig. 1 is a schematic diagram of a method for negotiating an intra-group authentication key in a vehicle-mounted ad hoc network according to the present invention;

FIG. 2 is a model diagram of a vehicular ad hoc network system in accordance with the present invention;

FIG. 3 is a flow chart of vehicle registration in the present invention;

FIG. 4 is a flow chart of the roadside unit registration in the present invention;

FIG. 5 is a block diagram of an authentication key negotiation algorithm based on Chebyshev chaos operation and Chinese remainder theorem in the invention;

FIG. 6 is a flowchart of a malicious vehicle identity tracing and revocation algorithm in the present invention;

Fig. 7 is a block diagram of a BAN logic algorithm in accordance with the present invention.

Detailed Description

The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

The invention provides a method for negotiating an intra-group authentication key in a vehicle-mounted ad hoc network, as shown in fig. 1, the method comprises the following steps: establishing a dynamic vehicle group according to the China remainder theorem; the information sender V _i in the vehicle group signs the information by using private key information, and the information receiver V _j authenticates the identity of the information sender V _i by using public key information in the signed information; after the information sender V _i and the information receiver V _j mutually authenticate the identity, the two communication parties carry out key negotiation according to the semi-swarm of Chebyshev chaotic mapping; a pseudonym updating mechanism and a private key updating mechanism are adopted to update corresponding pseudonyms and private keys of the vehicle respectively; the identity of the malicious vehicle is traced through the signature message, and the legal identity of the malicious vehicle is revoked through modifying public key information corresponding to the malicious vehicle.

As shown in fig. 2, the vehicle-mounted ad hoc network system includes: the system comprises a roadside unit RSU, a mobile automobile TV and a trusted authority TA, wherein wired communication is adopted between the TA and the RSU, and wireless communication is adopted between the TV and between the TV and the RSU.

The TA (trusted center) establishes a dynamic vehicle session group with registered vehicles and RSUs (roadside units) using the chinese remainder theorem. The specific process is as follows:

TA initialization phase:

the TA is responsible for system initialization and defines two one-way hash functions And l _i is the bit width of the hash function output. For chebyshev chaotic mapping, TA selects the public parameter x, the large prime number n, and the system private key δ _sk.

RSU and OBU (on board unit) registration phase:

1) Registration of OBU _i

As shown in fig. 3, assume that there is a vehicle cluster in which there are now k vehicle members { V ₁,V₂,…,V_k }. On identity registration, the OBU _i on V _i sends the real identity IDV _i of the vehicle V _i to the TA over a secure channel by the vehicle node V _i. After the TA receives the message, the pseudonym SIDV _i＝H₀(IDV_i||δ_sk for V _i is computed) and published throughout the system. TA selects one large prime number p _i (i=1, 2, …, k), p _i≠p_j when i=j is satisfied, and there are two large prime numbers in (0-p _i -1). TA selection system common parameter g, g is the primitive root of the exponential operation, also is all multiplication groupsIs a generator of (1). The TA sends { SIDV _i,p_i } to V _i over the secure channel.

V _i after receiving { SIDV _i,p_i } from TA, randomly selecting its own initial cipherCalculate the public key of V _i V _i sends { y _i } to TA over the secure channel. The TA divides the effective time of the public keys of the vehicles in the vehicle group into L time segments, during which the public key y _i of the vehicle nodes remains unchanged. When L time segments have elapsed, V _i reselects private key x' _i,0 and recalculates public key y _i, and TA also updates system public key c.

2) Registration of RSU _i

As shown in fig. 4, the registration procedure of RSU _i is similar to that of OBU _i, the true identity IDR _i is sent to TA via secure channel, TA calculates the pseudonym SIDR _i＝H₀(IDR_i||δ_sk of RSU _i), and assigns RSU _i a large prime number p _k+1.RSU_i to select private keyAnd calculates a corresponding public key y _k+1 to return to the TA.

TA build group

The TA builds a set of congruence equations from y _i (i=1, 2, …, k) received from k vehicle nodes and y _k+1 from RSU _i:

Wherein c is a system public key, and the congruence equation set can be calculated by using the Chinese remainder theorem

Wherein p=p ₁p₂…p_k+1,Representation/>The inverse of the modulo p _i; TA calculates SP _i＝H₁(SIDV_i||p_i) and sends { SIDV _i,p_i } to registered RSU _i.RSU_i to generate a list of V _i pseudonyms and prime numbers corresponding to lambda _SIDV,p based on { SIDV _i,p_i } received.

And the two communication parties rapidly authenticate the identity of the message sender by using the signature information, and carry out key negotiation through the semi-swarm of Chebyshev chaotic mapping. The algorithm flow is shown in fig. 5, and the specific process of the algorithm is as follows:

V _i selects a time stamp T _vi, and calculates B _vi and AIDV according to the selected time stamp; transmitting the request message { B _vi,T_vi,AIDV_i,SIDV_j } to the roadside unit RSU _i; wherein SIDV _j represents the pseudonym of V _j, and the calculation formulas of B _vi and AIDV _i are respectively:

B_vi＝H₁(SIDV_i||p_i||T_vi)

Wherein B _vi represents a first pseudonym verification auxiliary parameter, AIDV _i represents a second pseudonym verification auxiliary parameter, H ₁ () represents a hash function, and l represents a connector;

S2: the RSU _i verifies the received request message, and the verification process is as follows: after the RSU _i receives the message, it first checks the freshness of T _vi by (T _iR-T_vi) < Δt, where Δt represents the effective time difference between the two time stamps specified by the system, and T _iR represents the time stamp sent by V _i to the RSU; if the verification fails, rejecting the request message; if verification is successful, calculate By determining whether equation B' _vi＝H₁(SIDV'_i||p_i||T_vi)＝B_vi holds true, the validity of the identity of the message requester is determined and only the members within the group can pass the verification. Rejecting the request message if the equation is not true; if the equation is true, RSU _i sends { p _j,T_Ri } to V _i.

S3: v _i verifies the message from RSU _i and sends a key agreement request message to V _j; the verification process is as follows: after V _i receives { p _j,T_Ri }, firstly checking the freshness of a time stamp T _Ri by (T _vRi-T_Ri) < Δt, wherein T _vRi is the current time stamp of the system; by equation SP _j＝H₁(SIDV_j||p_j) is established to determine the correctness of the message from RSU _i. If not, rejecting the message, if so, V _i selecting current timestamp T _ij, selecting random number alpha, calculating xi ₁≡T_α(x)modn;V_i to sign the key negotiation request, and randomly selecting Representing an integer set of prime numbers p _i less than V _i, determining a time segment t _vi, calculating a first signature/>, of V _i And a second signature/>, of V _i V _i issues a key agreement request message/>Sent to V _j.

S4: v _j verifies the timestamp T _ij in the key agreement request message; the verification process is as follows: after V _j receives the message, T _rj is the system current timestamp by (T _rj-T_ij) < Δt check for freshness of T _ij. If the verification fails, the key negotiation request message is refused to be received, and if the verification is successful, the generated timestamp T _vj;V_j sends the prime number request message { B _vj,T_vj,AIDV_j,SIDV_i } to the RSUs _i;B_vj and AIDV _j according to the calculation formulas:

B_vj＝H₁(SIDV_j||p_j||T_vj)

S5: the RSU _i verifies the received key agreement request message; the verification process is as follows: after the RSU _i receives the message, it first checks the freshness of the timestamp T _vj by (T _jR-T_vj) < Δt, T _jR being the system current timestamp. If the verification fails, rejecting the request message; if verification is successful, calculate The validity of the identity of the sender of the message is judged by calculating whether equation B' _vj＝H₁(SIDV'_j||p_j||T_vj)＝B_vj holds. Rejecting the request message if the equation is not true; if the equation is true, RSU _i sends { p _i,T_Rj } to V _j.

S6: v _j verifies the message from RSU _i, after the verification is passed, V _j authenticates the identity of V _i, and after the authentication is successful, the key agreement message is sent to V _i; otherwise refusing to send key negotiation message; the verification process is as follows: v _j determines the freshness of the timestamp T _Rj by (T _vRj-T_Rj) < Δt, T _Rj being the system current timestamp. By calculating equation SP _i＝H₁(SIDV_i||p_i) to determine the correctness of the prime numbers from RSU _i. After passing the verification, the identity information of the V _i is authenticated, and the authentication process is as follows: calculation y _i≡c(modp_i), judgment equation(Modp _i) whether or not this is true. If the equation is not satisfied, rejecting the key agreement request from V _i, failing authentication; if the equation is satisfied, the authentication is successful, V _j randomly selects beta and a timestamp T _ji, calculates ξ₂≡T_β(x)modn,sk≡T_β(ξ₁)modn,M_ij＝H₁(sk||ξ₁||ξ₂),/>V _j signs the Key agreement message, randomly selects/> An integer set representing a prime number p _j less than V _j, determining a time segment t _vj, calculatingAnd/>V _j sends key agreement messageV _i.

S7: v _i checks the key agreement message of V _j, if the check fails, the session key establishment fails, if the check succeeds, the session key establishment succeeds; the inspection process comprises the following steps: v _i first verifies the timestamp T _ji by (T _ri-T_ji) < Δt, T _ri is the system current timestamp. After the time stamp passes, the identity of V _j is authenticated again, namely the judgment is madeWhether or not it is. If not, authentication fails, if yes, sk '≡t _α(ξ₂) mod n and M' _ij＝H₁(sk'||ξ₁||ξ₂) are calculated, and equation/>Whether or not to establish; if not, the session key negotiation fails; if so, the session key negotiation between V _i,V_j is successful, and the session key is sk≡T _α(T_β(x))modn＝T_β(T_α (x)) mod n.

The identity privacy security of the vehicle can be effectively protected by adopting a pseudonym updating and private key updating mechanism, and if the same pseudonym and private key are always used, an attacker can threaten the privacy security of the vehicle by collecting signature messages corresponding to the pseudonym; the process of updating the corresponding pseudonym and private key of the vehicle by adopting a pseudonym updating mechanism and a private key updating mechanism is as follows:

Private key update mechanism: v _i private key at t _vi time segment is The private key of V _i is/>, within t _vi +1 time slicesWhen the private key corresponding to the t _vi +1 time slices is generated, the OBU _i deletes the private key of the t _vi time slice immediately. If t _vi =l, the key of the t _vi +1 time slice output by the vehicle node V _i is a null string. When the time period of V _i expires, V _i reselects private key x' _i,0 and recalculates the corresponding public key y _i, and TA also updates system public key c.

Pseudonym update mechanism: the TA assigns each registered vehicle a pseudonym update seed δID _i or δID _j when the vehicle node V _i accesses V _j the current pseudonymAfter the corresponding prime numbers, the RSU sends a pseudonym update request to the TA, and the TA calculates the next pseudonym/>, corresponding to V _j And publishes, records the corresponding prime numbers p _j and l. Then the kana prime number corresponding list/>And transmitted to the RSU.

When the system discovers that the malicious vehicle performs malicious behaviors in the vehicle group, the TA performs identity tracing on the identity of the malicious vehicle according to the signature message in the message issued by the malicious vehicle, and the malicious vehicle does not have legal identity in the vehicle group by modifying large prime numbers allocated to the malicious vehicle. The algorithm flow is shown in fig. 6, and the specific process is as follows:

When a registered vehicle node V _i issues a malicious message within a vehicle group, the TA can trace back and revoke its legitimate identity. When V _i issues a malicious message within the coverage of RSU _i, RSU _i first obtains p _i used by V _i in sending the malicious message, and then finds the current pseudonym generated by TA for V _i in pseudonym and prime list λ _SIDV,p. After the current pseudonym SIDV _i of V _i is obtained, pseudonyms SIDV _i and p _i are sent to the TA. The TA determines the true identity of the vehicle to which the pseudonym corresponds by the i corresponding to equation H ₀(IDV_i||δ_sk)＝SIDV_i、p_i and the pseudonym update seed δid _i. After acquiring the true identity of V _i, the TA will revoke the legitimate identity of V _i within the group. In addition, when a registered legitimate vehicle node V _j leaves the vehicle node group established by the TA, the TA will also revoke the identity of V _j. The TA revokes the legal identity of the group member V _i in the group, only needs to modify the public key information y _i corresponding to V _i to another random number y' _i, other vehicle node information remains unchanged, and then updates the system public key c. V _i is revoked at this point and its key will not be able to generate valid key agreement information.

The invention uses BAN logic model to prove the semantic safety of the scheme, the model flow chart is shown in figure 7, and the specific model is described as follows:

1) BAN logical symbol

In the security proving process for the present protocol, the following BAN logical symbols are used:

① P≡x: p believes that message X is authentic.

②P finds a message containing X.

③ P| -X: p has sent a message containing X for a certain period of time.

④P has jurisdiction of message X.

⑤ # (X): message X is fresh.

⑥ (X, Y): x and Y are part of a message (X, Y).

⑦〈X〉_Y : Message X is encrypted using key Y.

⑧K is a key shared by P and Q.

2) BAN logic rules

The protocol security is formalized here using 4 BAN logic rules R1-R4:

① Meaning of information (Message-meaning) rule:

R1： r1 represents the key K shared between entities P and Q if P believes that K encrypts message X, P believes that Q sent X.

② Random number proof (Nonce-verification) rule:

R2： R2 represents that if P believes that X is fresh and P believes that Q has sent X, then P believes that Q is believing X.

③ Jurisdiction (Jurisdiction) rules:

R3： r3 represents that if P believes Q has jurisdiction over X and P believes Q is believing X, then P will believes X.

④ Freshness (FRESHNESS) rule:

R4： R4 represents that if a portion (X) of the P-belief message (X, Y) is fresh, then the P-belief (X, Y) is also fresh.

3) Establishing two scheme proving targets

To demonstrate that the intra-group vehicle node mutual authentication key scheme is secure, two security targets, gol 1 and gol 2, need to be implemented.

Gol 1: v _j|≡ξ₁.V_j believes the key agreement information from V _i.

Gold 2: v _i|≡ξ₂.V_i believes the key agreement information from V _j.

4) Idealized protocol form

Converting the generalized form of the 3.3 authentication key agreement protocol flow into an idealized form:

①

②

③

④

⑤

⑥

5) The premise assumption is that

Prior to security proving the protocol, the following assumptions need to be made for the BAN logic:

P1：

P2：

P3：

P4：

P5：

P6：

P7：

P8：

P9：

P10：

P11：

P12：

6) Scheme security certification

By analyzing the security in the form of an idealized scheme, two security certification targets, goal1 and Goal2, are obtained.

①According to P1: /(I)And Message-meaning rule R1: /(I)RSU _i|≡V_i|～{B_vi,AIDV_i can be obtained. When the timestamp T _vi passes the verification, there is an RSU _i|≡#(T_vi). Again according to FRESHNESS rule R4: and the Nonce-verification rule R3: /(I) The RSU _i|≡V_i|≡{B_vi,AIDV_i can be obtained. Finally according to Jurisdiction rule R2: /(I)And P7: After the RSUs _i|≡{B_vi,AIDV_i}.B_vi and AIDV _i are obtained and pass the test, the RSU _i sends the prime number p _j corresponding to SIDV _j to V _i.

②And the same applies to P2:/>And R1, V _i|≡RSU_i|～p_j can be obtained. When the timestamp T _Ri passes the test, there is V _i|≡#(T_Ri). From R4 and R3, V _i|≡RSU_i|≡p_j can be derived. Finally according to R2 and P8: /(I)V _i|≡p_j can be obtained. When V _i obtains the prime numbers corresponding to V _j, a signature authentication key agreement message is sent to V _j.

③According to P5: /(I)And R1, RSU _i|≡V_j|～{B_vj,AIDV_j can be obtained. After the time stamp T _vj is checked, there is RSU _i|≡#(T_vj). Based on R4 and R3, RSU _i|≡V_j|≡{B_vj,AIDV_j can be obtained. Finally according to R2 and P10: /(I)After the RSUs _i|≡{B_vj,AIDV_j}.B_vj and AIDV _j are obtained and pass the test, the RSU _i sends the prime number p _i corresponding to SIDV _i to V _j.

④According to P6:/>And R1, V _j|≡RSU_i|～p_i can be obtained. When the timestamp T _Rj passes the test, there is V _j|≡#(T_Rj). From R4 and R3, V _j|≡RSU_i|≡p_i can be derived. Finally according to R2 and P11: /(I)V _i|≡p_j can be obtained. When V _j obtains the prime numbers corresponding to V _i, the signature information from V _i is verified, and after verification, the signature key negotiation message is sent to V _i.

⑤According to P4: /(I)And R1, can obtainAfter the time stamp T _ij passes the test, there is V _j|≡#(T_ij). From R4 and R3, one can obtainThen according to R2 and P9: /(I)Obtain/>When signed message from V _i/>And/>Upon verification, the protocol completes V _j's authentication of V _i and V _j believes that V _i's key agreement message ζ ₁, V _j|≡ξ₁. Thus, the target gold 1 is completed. V _j selects the random number β, calculates ζ ₂＝T_β (x) mod n and the session key sk≡t _β(ξ₁)modn≡T_β·α (x) mod n. And finally, sending a signature authentication key negotiation message to the V _i.

⑥According to P3: /(I)And R1, can obtainWhen the timestamp T _ji is verified as fresh, V _i|#(T_ji). From R4 and R3, one can obtain/>Then according to R2 and P12: /(I)ObtainingWhen signature information from V _j/>And/>By verification, delta is also verified, V _i believes that the session key message ζ ₂ from V _j, V _i|≡ξ₂. Here, the target gold 2 is completed. Finally V _i calculates the session key sk≡t _α(ξ₂)modn≡T_α·β (x) mod n.

The proving process of Goal1 and Goal2 can show that the scheme provided by the invention can effectively realize the safety proving of mutual authentication key negotiation of members in a group. By utilizing the BAN logic model, all messages involved in the scheme are simulated, two targets for completing the security certification of the scheme are established, and the verification of the message source, the verification of the message freshness and the verification of the message source credibility are completed on the premise of reasonable assumption. Finally, two preset targets are proved according to the model rules, and formal proof of the scheme is completed.

The invention considers the problems of rapid movement of the vehicle and rapid change of the topology of the vehicle in the VANET system, establishes a dynamic vehicle group by utilizing the China remainder theorem, and adapts to the rapid change of the topology of the VANET network; aiming at the problem that communication on a network which is re-disclosed by a vehicle in VANET is easily subjected to a series of attacks such as eavesdropping, tampering and imitation, key negotiation is carried out by utilizing the semi-swarm through Chebyshev chaotic mapping, and the communication information is encrypted by using the negotiated key so as to complete secure communication on the public network; the corresponding pseudonym and private key of the vehicle are updated by adopting a pseudonym updating scheme and a private key updating scheme, so that the identity privacy safety of the vehicle is effectively protected; for the problem of malicious vehicles in the vehicle group, the identity of the malicious vehicles is traced by utilizing signature information of the malicious vehicles, and legal identities of the malicious vehicles are revoked by modifying public key information corresponding to the malicious vehicles; the BAN logical model is utilized to formalize the semantic security of the authentication key negotiation scheme, so that the security communication can be ensured under the condition of malicious attack, and the economic benefit is good.

While the foregoing is directed to embodiments, aspects and advantages of the present invention, other and further details of the invention may be had by the foregoing description, it will be understood that the foregoing embodiments are merely exemplary of the invention, and that any changes, substitutions, alterations, etc. which may be made herein without departing from the spirit and principles of the invention.

Claims

1. An intra-group authentication key negotiation method in a vehicle-mounted ad hoc network is characterized by comprising the following steps:

establishing a dynamic vehicle group according to the China remainder theorem; the process of constructing the dynamic vehicle group is as follows: the trusted center constructs a congruence equation set according to the public key of the vehicle node i and the public key of the roadside unit, and the congruence equation set is expressed as:

Where c represents a system public key, y _i (i=1, 2, …, k) represents a public key of a vehicle node i, y _k+1 represents a public key of a roadside unit, p _i (i=1, 2, …, k) represents a prime number issued by a trust center to the vehicle i, and p _k+1 represents a prime number issued by the trust center to the roadside unit;

the information sender V _i in the vehicle group signs the information by using private key information, and the information receiver V _j authenticates the identity of the information sender V _i by using public key information in the signed information; after the information sender V _i and the information receiver V _j mutually authenticate the identity, the two communication parties carry out key negotiation according to the semi-swarm of Chebyshev chaotic mapping; the key negotiation process of the two communication parties according to the semi-swarm of the Chebyshev chaotic map comprises the following steps:

S3: v _i verifies the message from RSU _i and if the verification is passed, sends a key agreement request message to V _j; if the verification fails, refusing to receive the message of the RSU _i; wherein the key agreement request message includes: first signature of V _i Second signature of V _i ]The time segment T _vi,V_i sends a time stamp T _ij of V _j and key negotiation information xi ₁;

S7: v _i checks the key agreement message of V _j, if the check fails, the session key establishment fails, if the check succeeds, the session key establishment succeeds;

A pseudonym updating mechanism and a private key updating mechanism are adopted to update corresponding pseudonyms and private keys of the vehicle respectively; wherein, the pseudonym updating mechanism is as follows: the trusted center TA assigns a pseudonym update seed delta ID _j to each registered vehicle; when the vehicle node V _i accesses V _j the current pseudonym After the corresponding prime numbers, the roadside unit RSU sends a pseudonym update request to the TA; TA calculates the next pseudonym/>, corresponding to V _j And publishes that H ₀ is a one-way hash function; recording the corresponding prime numbers p _j and l, and recording the corresponding list/>, of the kana prime numbersSending to the RSU; the private key update mechanism is: v _i private key at time t _vi is/>The private key of V _i is/>, within t _vi +1 time slicesWhen the private key corresponding to the t _vi +1 time slices is generated, the OBU _i deletes the private key of the t _vi time slice immediately; if t _vi =l, the key of the t _vi +1 time segment output by the vehicle node V _i is a null string; when the time segment of V _i runs out, V _i reselects private key x' _i,0 and recalculates the corresponding public key y _i, and TA updates system public key c according to the recalculated public key y _i;

2. The method for intra-group authentication key agreement in a vehicular ad hoc network according to claim 1, wherein establishing a dynamic vehicle group according to the chinese remainder theorem comprises: initializing a trusted center TA; the vehicle-mounted unit OBU and the roadside unit RSU are registered on the TA; the TA builds a dynamic vehicle group according to the registered OBU and RSU by adopting the China remainder theorem.

3. The method for intra-group authentication key agreement in a vehicle-mounted ad hoc network according to claim 1, wherein the RSU _i verifies the received request message comprising: judging whether the freshness condition is satisfied, if not, rejecting the request message, and if so, calculating B _vi 'according to the prime number p _i of V _i and the time stamps T _vi and AIDV _i'; judging whether B _vi' and B _vi are equal, if so, verifying successfully, and if not, verifying failed; the freshness conditions were: (T _iR-T_vi) < Δt, Δt prescribing an effective time difference between two time stamps for the system.

4. The method for intra-group authentication key agreement in a vehicle-mounted ad hoc network according to claim 1, wherein the V _j authenticates the identity information of V _i comprising: calculating a public key y _i of the vehicle node i according to the prime number p _i of V _i, and calculating an equation according to the public key y _i of the vehicle node iIf not, V _j refuses the key negotiation request of V _i, and if so, the identity authentication is successful.

5. The method for negotiating the intra-group authentication key in the vehicular ad hoc network according to claim 1, wherein the process of revoked legal identity of a malicious vehicle by modifying public key information corresponding to the malicious vehicle comprises the steps of: when V _i issues a malicious message within the coverage of RSU _i, RSU _i obtains p _i used by V _i in sending the malicious message; finding the current pseudonym generated by the trusted center TA for V _i in the pseudonym and prime number list lambda _SIDV,p to obtain the current pseudonym SIDV _i of V _i; transmitting the pseudonyms SIDV _i and p _i to the TA, and judging the real identity of the vehicle corresponding to the pseudonym by the TA through the l corresponding to the equation H ₀(IDV_i||δ_sk)＝SIDV_i、p_i and the pseudonym update seed delta ID _i; based on the true identity of the vehicle to which the pseudonym corresponds, the TA will revoke the legitimate identity of V _i within the group.

6. The method for negotiating an intra-group authentication key in a vehicular ad hoc network according to claim 5, wherein modifying public key information corresponding to a malicious vehicle comprises: the public key information y _i corresponding to the V _i is modified into another random number y' _i, other vehicle node information is kept unchanged, and the system public key c is updated.