CN114567473B - Internet of vehicles access control method based on zero trust mechanism - Google Patents

Internet of vehicles access control method based on zero trust mechanism Download PDF

Info

Publication number
CN114567473B
CN114567473B CN202210166731.8A CN202210166731A CN114567473B CN 114567473 B CN114567473 B CN 114567473B CN 202210166731 A CN202210166731 A CN 202210166731A CN 114567473 B CN114567473 B CN 114567473B
Authority
CN
China
Prior art keywords
vehicle
rsu
trust
decision
resource
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210166731.8A
Other languages
Chinese (zh)
Other versions
CN114567473A (en
Inventor
曹利
陈葳葳
张迪
朱李辰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nantong University
Original Assignee
Nantong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nantong University filed Critical Nantong University
Priority to CN202210166731.8A priority Critical patent/CN114567473B/en
Publication of CN114567473A publication Critical patent/CN114567473A/en
Application granted granted Critical
Publication of CN114567473B publication Critical patent/CN114567473B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a vehicle networking access control method based on a zero trust mechanism, belongs to the technical field of vehicle networking application, and solves the problem of safety control of resource access in a vehicle networking environment; the technical proposal is as follows: the method comprises the following steps: s1, a trusted authority registers identities of vehicles and RSU, sets an initial trust value for the registered vehicles, and initializes an access control strategy; s2, the registered vehicle and the RSU perform bidirectional identity authentication and negotiate a session key; and S3, the decision server issues a resource access authorization token for the resource request vehicle according to the credibility level of the resource request vehicle, and performs access control. The beneficial effects of the invention are as follows: a dynamic trust value evaluation algorithm is established, a continuously-evaluated and on-demand authorized Internet of vehicles access control model is designed based on the zero trust idea, and resource owners allocate resource rights according to own needs, so that flexible and fine-grained access control is realized.

Description

Internet of vehicles access control method based on zero trust mechanism
Technical Field
The invention relates to the technical field of Internet of vehicles application, in particular to an Internet of vehicles access control method based on a zero trust mechanism.
Background
The internet of things (Internet of Things) is an important branch of the internet of things in the traffic field, vehicles are used as basic communication units, and information sharing among vehicles, vehicles and Road Side Units (RSUs) and vehicles and people is realized through networking communication among vehicle nodes and Road Side infrastructure, so that convenience is provided for traffic management and mass travel. Under the environment of the Internet of vehicles, the complex network formed by the interweaving of networking nodes not only can realize the interconnection and intercommunication among vehicles, roads and people, but also can derive a great deal of abundant shareable resources. For example, when the vehicle is traveling in a new environment, necessary information may be obtained in advance using service site sharing information of surrounding vehicles; in case of emergency, the vehicle can utilize the emergency brake triggered shared road condition early warning information shared by other vehicles; in addition, the realization of collaborative work by manipulating the vehicle group during the execution of the task by the vehicle is also a form of resource sharing. The vehicle can further provide hardware sharing such as excessive computing power, storage resources and the like. The sharing of information resources, control authorities and hardware resources among nodes in the Internet of vehicles effectively solves the problem of pain points existing in the development of the vehicle traffic industry, reduces the occurrence frequency of accidents, facilitates the travel burden of people and can realize efficient intelligent traffic control. However, the resource sharing is to use double-edged swords, and the network security threat faced by the double-edged swords is also becoming more complex. If the vehicle resources are illegally accessed by unauthorized persons, information interception and even tampering, privacy leakage of the vehicle owners can be caused, and serious conditions can face that the vehicles are remotely unlocked, remotely opened and started, even steering systems, power systems and the like are illegally controlled, so that the vehicles are stolen and even vehicle driving safety accidents are caused, and life and property safety of people is endangered. Therefore, how to ensure the safety of the internet of vehicles limited equipment and the safety of private data becomes a key problem to be solved urgently.
As one of the basic stone technologies of security protection, the access control can ensure that the use authority of the authorized user on the resources corresponds to the access authority possessed by the authorized user according to the set policy rule, so as to prevent unauthorized access on other resources. However, in a complex multi-node, high-real-time and high-dynamic internet-of-vehicles environment, the traditional access control model is not completely adequate for controlling access rights by the environment state, the access from the place, the communication network and other factors in the internet of vehicles. Therefore, efficient access control to internet of vehicles devices and resources becomes a great challenge for internet of vehicles security research work. The invention mainly researches the unauthorized access control of equipment and data resources in a specific network environment of the Internet of vehicles, and designs an access control model based on the environmental characteristics of the Internet of vehicles so as to resist illegal access of malicious attackers to the resources.
The internet of things is one of the internet of things technologies. At present, scholars at home and abroad have made a great deal of researches on the network Access Control technology of the internet of things, and Access Control (AC) methods and solutions based on different targets are also provided. Because most of the common internet of things applications are resource sharing among static nodes, conventionally used access control models, namely an attribute-based access control model (Attribute Based Access Control, ABAC) and a role-based access control model (Role Based Access Control, RBAC), cannot adapt to the internet of things resource sharing environment with burstiness, temporary property and self-organization property. Aiming at an access control model featuring flexibility, safety and dynamics in the environment of the internet of vehicles, some scholars are researching, for example: in the text of safety access control policy research of the Internet of vehicles, phyllanthus and the like, an access control model based on attributes is designed, the model converts multiple access attributes into a disjunctive normal form structure, and dynamic extensible access control under a specific scene is realized based on an access policy formulated by the disjunctive normal form. Zeng Zhe et al in the document "study of access control model for vehicle-mounted communication system", proposed a multi-level security access control method based on attribute, and control access requests from different subjects by using security level as attribute factor. Even, etc. in the information security distribution technical research based on dynamic adjustment of access control policies in the Internet of vehicles, a policy optimization scheme based on a dynamic feedback mechanism is provided, and the access control policies are optimized by utilizing probability distribution of the optimal policy adjustment attribute. WEI LUO et al in Efficient and Secure Access Control Scheme in the Standard Model for Vehicular Cloud Computing discloses that based on attribute authentication of multiple entities to requesters, a safe and revocable access control model under vehicle cloud computing is designed, an encryption and decryption scheme based on attributes is improved, and safe and lightweight access control is realized. Although the above researches all realize access control in the environment of the internet of vehicles through the ABAC model, huge access requests of the internet of vehicles are not considered, and the sudden increase of attribute information can reduce the operation efficiency of the system. Moreover, the biggest defect of these schemes is that the temporary performance of the vehicle self-organizing network and the fluctuation of trust values caused by the variability of the behavior of single vehicle nodes are not fully considered, and continuous evaluation and on-demand authorization cannot be carried out on the establishment of access control authorities.
Zero trust is a secure mode for continuous authentication and dynamic authorization of all users based on as many trust elements as possible, such as access subject identity, network environment, terminal status, etc.
Disclosure of Invention
The invention aims to provide a vehicle networking resource access control method based on a zero trust mechanism, and provides a vehicle networking access control model capable of performing continuous evaluation and authorization as required based on the zero trust idea.
The invention is characterized in that: the invention provides a vehicle networking access control model capable of carrying out continuous evaluation and authorization as required based on a zero trust idea. In the design of the invention, in order to ensure the continuity and safety of trust value calculation, the history value is stored by utilizing the non-tamperable characteristic of the blockchain distributed database.
The invention is realized by the following measures: a vehicle networking access control method based on a zero trust mechanism comprises the following steps:
s1, a PKI mechanism of a trusted authority registers identities of vehicles and RSU, an initial trust value is set for the registered vehicles, and a decision server of the trusted authority initializes an access control strategy;
s2, the registered vehicles and RSU realize two-way identity authentication based on the PKI system, and negotiate a session key;
and S3, the decision server issues a resource access authorization token for the resource request vehicle through the RSU according to the credibility level of the resource request vehicle, and access control is carried out.
Further, the step S1 includes:
s11, RSU identity registration, TC distributes unique identity ID for RSU R Selecting two prime numbers p and q, and calculating n=p×q, phi (n) = (p-1) (q-1); e is chosen to satisfy gcd (n), e) =1, d is determined such that d≡e -1 (mod φ (n)); calculating public private key P R ={e,n},S R = { d, n }, combine public key, timestamp, ID R Equal element generation public key certificate Cert R
S12, registering the identity of the vehicle, and generating a public-private key pair { P (public-private key pair) for the vehicle by TC (traffic control) by using RSA (rivest-Shamir-Adleman) algorithm v ,S v -issuing an identity certificate Cert v TC sets an initial trust value TV x Forming a trust value record and recording the trust value record into a blockchain network;
s13, initializing a decision server. The decision server generates a trust value interval and a trust level tl= { TL 1 ,TL 2 ,...,TL n Set Role = { Role } and Role 1 ,Role 2 ,...,Role n Mapping relation of the character list is established at the same time, corresponding resource authority is allocated for each character, and the character list is set upThe head node is a role corresponding to different trust levels, and the tail pointer of the linked list points to the decision node uploaded by the vehicle;
s14, vehicle V x Uploading self shared resources and authority sets thereof to a decision server, V x According to the type of the self-opened shared resource, determining the role requirement for accessing a certain type of resource, different resource sets of the same vehicle can require different role authorities, so that the vehicle can form a plurality of decision nodes and link the different decision nodes to the tail parts of different role chains; the meaning of each field of the decision node is as follows:
1) The hash value of the shared resource is used as an index for retrieving the corresponding authority; because the Hash value and the resource are in a corresponding relation, the identity of the resource owner is not stored in the decision node so as to protect the identity privacy of the resource owner, and the authorized vehicle is searched by a Hash field during indexing;
2) Allowing the role to set the authority of the resource;
3) The time of uploading the resource is used for verifying the timeliness of the resource;
4) The end field of the node is a pointer, and the initial value of the field is Null; if the new node is accessed after the node, the field value is Next, which points to the address of the Next node.
And S15, the decision server accesses the decision node to the tail of the corresponding role linked list according to the information of the decision node uploaded by the vehicle. The linked list structure of trust level, role and decision node has the following characteristics that the nodes taking H1 as index appear in different levels of linked list because the same vehicle divides different authority sets according to the access control requirement and distributes the authority sets to the roles of different levels, so that different decision nodes belonging to the same vehicle can appear on different levels of chains, in addition, because the roles are layered in level, the authority sets (A1, A2) owned by the nodes in the low-level linked list (roller 1) are subsets of the authority sets (A1, A2, …, A4) contained in the high-level linked list (roller 2).
Further, the step S2 includes:
s21, the RSU periodically broadcasts own certificate:
R:{Cert R ||Sign(S R ,Cert R )}
awaiting access to the vehicle. The broadcast message is signed by using a private key, so that the integrity of the broadcast message is ensured:
s22, vehicle V i Entering the coverage area of the RSU R, receiving the broadcast message thereof, using the certificate Cert R The public key in (a) decrypts the signature, verifies [ Sign (S) R ,Cert R )] d (modn)=Cert R Whether or not it is. If so, a prime number q and an integer a (a<q and a is the primitive root of q) to produce an X v (X v <q), calculate Public key encryption networking application using RSU:
V i →R:{E(P R ,Cert v ||Y i ||a||q||T 1 )}
wherein T is 1 For the time stamp, the freshness of the message is proved, and replay attack is prevented;
s23, the RSU uses the private key to decrypt the received network access application message, and calculates the time difference |T-T 1 If the difference value is less than or equal to deltat, the legitimacy of the identity of the vehicle is further authenticated through the certificate; otherwise, defining it as overtime message, refusing to receive. After passing the identity authentication, the RSU generates an integer X R (X R <q) according to parameter Y i Computing the value of a qGenerating a shared session keyRSU generates a pseudonym ID 'for the vehicle' i Encryption using the public key of the vehicle: { Success }, I ID's' 1 ||K||T 2 -return a message that authentication was successful:
R→V i :{E(P v ,Success||ID' i ||K||T 2 )}
s24, vehicle V i Decrypting the feedback message from the RSU: d (V) s ,Success||ID' i ||K||T 2 ). Verifying message timeliness: i T-T 2 I, if the result is less than the maximum tolerance Δt of time delay, generating a consistent shared session keyAnd accepts kana ID' i
Further, the step S3 is:
s31, vehicle V j Request resource access to RSU:
V j →R:{Request||T 3 ||HMAC(K j ,Request||T 3 ))}
wherein request= { ID' j ||ID' i ||H i -comprising: kana ID 'of vehicle j' j Resource owner pseudonym ID' i Hash value H of request access resource i =Hash(Resource i ). Using HMAC algorithm and shared key K j Calculating a message authentication code HMAC (K) j ,Request||T 3 ),T 3 The time stamp is the current time to ensure the timeliness of the message;
S32, RSU firstly verifies the freshness of the message-whether the timestamp meets the T-T 3 |<Δt. If so, further searching the identity list for V j Kana ID 'of (1)' j . If a pseudonym exists, the locally stored session key k is used j HMAC' (K) was calculated j ,Request||T 3 ) And judging whether the HMAC' is consistent with the received HMAC or not, and checking the integrity of the message. If the message is not tampered, calling TrustValue Research () function and inputting the vehicle identity ID v Finding out the vehicle according to ID' j Corresponding latest trust value TV j . RSU uses public key P S Encryption parameter { request||TV j ||T 4 -sending a decision request to a decision server S:
R→S:{E(P S ,Request||TV j ||T 4 )};
and S33, after receiving the decision request, decrypting and verifying timeliness, the decision server makes a decision. According to the decision result, the server S generates an access control token warrant j Encrypting the token by using the RSU public key and sending the encrypted token to the RSU:
S→R:{E(P R ,warrant j )}。
s34, after the RSU decrypts and takes out the token, the public key of S is used for verifying the integrity of the token. Using session keys K, respectively i ,K j Generating a message authentication code HMAC (K i/j ,warrant j ) Distributing tokens to vehicles V i Vehicle V j
R→V i :{warrant j ||HMAC(K i ,warrant j )}
R→V j :{warrant j ||HMAC(K j ,warrant j )};
S35, vehicle V i 、V j The authenticity of the message is verified using the respective session key and the timeliness of the token is verified. If all tests pass, vehicle V j Accessing vehicle V using access rights specified in token i Is a resource of (a).
S36, vehicle V i For V j Performing trust evaluation: at V j After completing the resource access behavior, vehicle V i Invoking trust evaluation algorithm on V j The trust value is evaluated for a new round and a direct trust value is calculated. If the vehicle j tries to perform unauthorized or illegal operation, the trust value of the vehicle j is reduced; if the vehicle j accesses the resource legally, the trust value is increased. The trust evaluation algorithm here functions as:
1) If the vehicle V j Attempting to perform unauthorized or illegal operations, V i Calculating a direct trust value:
DT j =TV j -f*TV i
2) If the vehicle V j Legal access to resources, V i Calculating a direct trust value:
DT j =TV j +p*TV i
wherein V is i Trust value TV of (a) i The larger the prize and punishment, the larger the amplitude of increase and decrease. Vehicle V i DT is prepared j Attached with a time stamp T 5 And message authentication code HMAC (K) i ,DT j ||T 5 ) Send to RSU:
V i →R:{DT j ||T 5 ,HMAC(K i ,DT j ||T 5 )};
s37, RSU checks V by HMAC algorithm i Reliability of the feedback message. And the RSU receives the direct trust value passing the authentication, invokes a trust evaluation algorithm and further calculates a recommended trust value.
Further, the decision server performs the decision process as follows:
s331, the server utilizes a segmentation function F defined as follows:
calculating a trust level from the trust value: f (TV) j )→TL j Mapping the trust level to the corresponding role to obtain an angular color value;
S332, searching a role linked list by the server, wherein the role linked list is specifically: and positioning the role list to a corresponding role list according to the role value, inputting the role list and the resource index as real parameters, and calling a decision algorithm function to obtain a corresponding decision node. Analysis of the decision algorithm is as follows:
1) Traversing the linked list in the role linked list of the layer, matching the Hash field of each decision node, and obtaining the node and the authority set field of the node if a matching item exists; otherwise, execute 2)
2) If the corresponding decision node does not exist in the layer, traversing the role linked list of the upper layer until the decision node is found, and obtaining the authority set of the decision node.
3) Generating an access token warrant according to the permission in the node j . The token field is:
(1) resource requester pseudonym ID' j
(2) Resource owner identification ID i
(3) Time of token creation T q
(4) Decision server granting vehicle V j Access rights operation of (a) j
(5) The decision server S signs the signature of the token using the private key S Other vehicles can use the public key of S to verify the authenticity of the token; meanwhile, because there is no private key of S, an attacker cannot forge the access token.
Further, the indirect trust value calculation is specifically implemented as follows:
S371, RSU invokes the blockchain Read () query function to retrieve n V' S retrieved in the blockchain j Is a historical trust value for (1);
s372, extracting trust value evaluator in the record, and calculating V j And evaluator V k Similarity of (3):
1) The search is within the time period delta t, and the evaluator fields are V respectively k ,V j Trust value records of (a).
2) V for evaluator j Screening out the records belonging to [0.5,1 ]]Trust values within range and calculate the average:
3) V for evaluator k And similarly, calculate the average:
4) Calculate V k ,V j Similarity between:
V k ,V j differences in results of evaluation of legitimate vehiclesThe degree of similarity between the two is represented, and the smaller the difference is, the higher the similarity is.
S373, calculating recommendation trust value
q k The more distant the impact of the representative time on the recommended trust value, the less in the recommended trust value's duty cycle the more distant the evaluation; in addition to this, the similarity S of two vehicles k Historical trust value TV kj And is also a key index for measuring the reliability of the recommended trust value.
S374, comprehensive trust value calculation
TV j =W*DT j +(1-W)*R j
Finally, according to a certain weight W, the direct trust value DT j Recommendation trust value R j Combined to calculate the vehicle V j Is a comprehensive trust value TV of (1) j The RSU generates trust value record data: { V j ID,V i ID,TV j ,T i And consensus and posting to the blockchain.
Compared with the prior art, the invention has the beneficial effects that:
(1) According to the Internet of vehicles access control method based on the zero trust mechanism, a trust value evaluation algorithm is innovatively designed, and the evaluation of the trust value is divided into two parts, namely direct trust value calculation and recommended trust value calculation: the calculation of the direct trust value is based on the direct behavior of the vehicle on resource access, and whether the access behavior is legal or not determines the fluctuation adjustment of the direct trust value of the vehicle; the calculation of the recommended trust value is determined according to the trust degree of other vehicles on the vehicle, the reliability of recommendation is measured by factors such as similarity between two vehicles, and finally, the current reliability of the vehicle is comprehensively estimated through the direct trust value and the recommended trust value, and the accuracy and the rationality of the reliability estimation of the vehicle are ensured by combining a rewarding and punishing mechanism and the indirect trust degree of the vehicle through an algorithm.
(2) The invention relates to a vehicle networking access control method based on a zero trust mechanism, which creatively designs decision nodes, wherein a node data structure comprises the following steps: the Hash value of the resource, the authority set, the time stamp and the next node pointer are in one-to-one correspondence, so that the decision node does not need to be bound with the identity of the resource owner to protect the identity privacy of the resource owner.
(3) According to the Internet of vehicles access control method based on the zero trust mechanism, a role linked list for allocation of resource authority is innovatively designed, head nodes of the role linked list are roles corresponding to different trust levels, tail pointers of the linked list point to decision nodes uploaded by vehicles, a decision server accesses the decision nodes to tail parts of the corresponding role linked list according to decision node information uploaded by the vehicles, and in a decision process, dynamic trust values of a request vehicle are utilized to match the corresponding roles and resource access authority, so that fine granularity access control is realized.
(4) The invention relates to a vehicle networking access control method based on a zero trust mechanism, which creatively designs a trust value record data structure, wherein the structure consists of an estimated vehicle identity, an evaluator identity, a trust value and a timestamp, and is arranged in a blockchain network, and the structure is convenient for retrieving the trust value of the latest vehicle, so that the reliability of the vehicle is judged, and the access control of resources is carried out according to the trust level of the vehicle.
(5) According to the Internet of vehicles access control method based on the zero trust mechanism, the zero trust mechanism is innovatively combined with the Internet of vehicles access control, the trust level of vehicles is continuously evaluated based on the zero trust idea, authorization is achieved according to needs, the communication scene that Internet of vehicles is frequently switched and the topology is highly dynamic is met, the uncertainty of resource access is reduced, and the unauthorized transverse attack inside the network is effectively prevented.
(6) According to the Internet of vehicles access control method based on the zero trust mechanism, a blockchain technology is innovatively combined with the Internet of vehicles access control technology, dynamically adjusted trust values are stored by utilizing the characteristics of the blockchain, such as decentralization, non-falsification, non-repudiation and the like, the Internet of vehicles is utilized to be distributed on two sides of a road to serve as network nodes in the blockchain, the blocks formed by vehicle trust value records are endorsed, the blocks are connected front and back through a Hash pointer and cannot be falsified, meanwhile, the RSU nodes realize the update of the trust value records through a consensus mechanism, the robustness of the blockchain effectively resists denial of service attack, and the safety of vehicle history trust values is guaranteed.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention.
FIG. 1 is a flow chart of an access control scheme of the Internet of vehicles based on a zero trust mechanism according to an embodiment of the invention;
FIG. 2 is a diagram of an architecture of an Internet of vehicles architecture according to an embodiment of the present invention;
FIG. 3 is a logic architecture diagram of an embodiment of the present invention;
FIG. 4 is a schematic diagram of a system initialization process according to an embodiment of the present invention;
FIG. 5 is a diagram of a trust value record data structure in accordance with an embodiment of the present invention;
FIG. 6 is a block diagram of a linked list of trust values, roles and decision nodes in an embodiment of the invention;
FIG. 7 is a role node architecture diagram of an embodiment of the present invention;
FIG. 8 is a diagram illustrating a two-way authentication and session key generation process according to an embodiment of the present invention;
FIG. 9 is a flow chart of resource access control according to an embodiment of the present invention;
FIG. 10 is a diagram of a trust value query algorithm in accordance with an embodiment of the present invention;
FIG. 11 is a diagram of a decision algorithm according to an embodiment of the present invention;
FIG. 12 is a diagram of a token format according to an embodiment of the present invention;
FIG. 13 is a graph of penalty factor calculation for an embodiment of the present invention;
FIG. 14 is a graph of a determined bonus factor calculation according to an embodiment of the invention;
FIG. 15 is a graph of integrated trust value variation for an embodiment of the invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. Of course, the specific embodiments described herein are for purposes of illustration only and are not intended to limit the invention.
Example 1
Referring to fig. 1 to 3, the technical scheme provided by the invention is that the embodiment provides a vehicle networking access control method based on a zero trust mechanism, as shown in fig. 1, comprising the following steps:
S1, a PKI mechanism of a trusted authority registers identities of vehicles and RSU, an initial trust value is set for the registered vehicles, and a decision server of the trusted authority initializes an access control strategy;
s2, the registered vehicles and RSU realize two-way identity authentication based on the PKI system, and negotiate a session key;
and S3, the decision server issues a resource access authorization token for the resource request vehicle through the RSU according to the credibility level of the resource request vehicle, and access control is carried out.
As shown in fig. 2, the internet of vehicles architecture in the internet of vehicles access control method based on the zero trust mechanism includes:
1) Trusted authentication Center (TC): the trusted authentication center is an unconditional trust mechanism in the network and is connected with the roadside unit RSU through a safe and fixed wired network, so that the related initialization work, authentication and supervision of the vehicles and the RSU are realized.
2) Roadside unit (Road Side Unite, RSU): roadside units are base stations deployed on both sides of the roadway. The system provides services such as message forwarding and broadcasting for vehicles, and is simultaneously interconnected with a background trusted center to cooperatively process data generated by the Internet of vehicles.
3) On board unit (On the Broad Unit, OBU): and the vehicle-mounted unit arranged in the vehicle performs networking communication with the RSU and other OBUs by using a DSRC vehicle-mounted short-distance wireless communication protocol. Both as the producer of the message and as the forwarder and recipient of the message.
As shown in fig. 3, the internet of vehicles access control model of the internet of vehicles access control method based on the zero trust mechanism is logically divided into three layers, the top trusted center comprises a PKI system and a decision server, and functions of identity registration, access decision and the like are realized, the middle layer RSU node forms a trust value record of a blockchain network storage vehicle, and the bottom layer is a self-organizing vehicle node:
1) A trusted center: in the invention, the trusted center comprises a PKI mechanism and a decision server. The PKI mechanism provides PKI service for the vehicle and the RSU, and assists the RSU to realize reliable access of the network boundary; the decision server is responsible for making access control decisions: and maintaining the mapping relation between the trust level and the roles, and distributing the rights to the corresponding roles according to the requirements of the resource owners.
2) RSU node: because of the powerful computing and storage capabilities, in the present invention, the RSUs constitute a blockchain network as decision execution points. Meanwhile, the RSU is responsible for dynamic evaluation of vehicle access control and credibility level, and issues an access token for the credible vehicle.
3) Vehicle node: vehicles act as boundary access points for the internet of vehicles and are also owners and requesters of internet of vehicles resources. In the invention, when a vehicle requests to access resources, the access control needs to be realized in a zero trust form of one access token at a time through the RSU.
The PKI mechanism of the trusted authority TC adopts RSA algorithm to generate public and private keys and identity certificates for RSU and OBU; the decision server initializes an access control policy: and establishing a mapping relation between the trust level and the roles, receiving the resources uploaded by the vehicle and the permission sets thereof, and distributing the permission sets to the corresponding roles.
As shown in fig. 4, the step S1 includes:
s11, RSU identity registration. TC distributes unique identity ID for RSU R Selecting two prime numbers p and q, and calculating n=p×q, phi (n) = (p-1) (q-1); e is chosen to satisfy gcd (n), e) =1, d is determined such that d≡e -1 (mod φ (n)); calculating public private key P R ={e,n},S R = { d, n }. Combine public key, timestamp, ID R Equal element generation of public key certificate Cert R
S12, registering the identity of the vehicle. TC uses RSA algorithm to generate public-private key pair { P for vehicle v ,S v -issuing an identity certificate Cert v . TC-set initial trust value TV x Forming a trust value record of FIG. 5 into a blockchain network;
s13, initializing a decision server. The decision server generates a trust value interval and a trust level tl= { TL 1 ,TL 2 ,...,TL n Set Role = { Role } and Role 1 ,Role 2 ,...,Role n And establishing a role linked list and distributing corresponding resource rights for each role. The head node of the role linked list is the role corresponding to different trust levels, and the linked list tail pointer points to the decision node uploaded by the vehicle. The chain list structure of trust value, role and decision node is shown in figure 6;
S14、V x According to the type of the self-opened shared resource, determining the role requirement for accessing a certain type of resource, forming a plurality of decision nodes shown in figure 7, and linking different decision nodes to the tail parts of different role chains; the meaning of each field of the decision node is as follows:
1)H x the hash value representing the shared resource of the category is used as an index for retrieving the corresponding authority; because the Hash value and the resource are in a corresponding relation, the identity of the resource owner is not stored in the decision node, so that the identity privacy of the resource owner is protected. Retrieving the authorized vehicle by a Hash field during indexing;
2){A 1 ,A 2 ,...,A x -representing a set of permissions that allow a character to access the resource;
3)T x representing the uploading time of the resource and verifying the timeliness of the resource;
4) The end of node field is a pointer. The initial value of this field is Null; if the new node is accessed after the node, the field value is Next, which points to the address of the Next node.
And S15, the decision server accesses the decision node to the tail of the corresponding role linked list according to the information of the decision node uploaded by the vehicle. The linked list structure of trust level, roles and decision nodes is shown in fig. 6. In fig. 6, the nodes with H1 as indexes appear in different levels of the linked list, because the same vehicle divides different authority sets according to the access control requirements and assigns the authority sets to different levels of roles, different decision nodes belonging to the same vehicle may appear in different levels of the linked list. In addition, since roles are hierarchically layered, the sets of permissions (A1, A2) that a node owns in the lower-level linked list (Role 1) are a subset of the sets of permissions (A1, A2, …, A4) that it contains in the higher-level linked list (Role 2).
The registered vehicles and RSU realize bidirectional identity authentication based on PKI system, and negotiate session key.
As shown in fig. 8, the specific content of step S2 includes the following steps:
s21, the RSU periodically broadcasts own certificate:
R:{Cert R ||Sign(S R ,Cert R )}
awaiting access to the vehicle. The broadcast message is signed by using a private key, so that the integrity of the broadcast message is ensured:
s22, vehicle V i Entering the coverage area of the RSU R, receiving the broadcast message thereof, using the certificate Cert R The public key in (a) decrypts the signature, verifies [ Sign (S) R ,Cert R )] d (modn)=Cert R Whether or not it is. If so, a prime number q and an integer a (a<q and a is the primitive root of q) to produce an X v (X v <q), calculatePublic key encryption networking application using RSU:
V i →R:{E(P R ,Cert v ||Y i ||a||q||T 1 )}
wherein T is 1 For the time stamp, the freshness of the message is proved, and replay attack is prevented;
s23, the RSU uses the private key to decrypt the received network access application message, and calculates the time difference |T-T 1 If the difference value is less than or equal to deltat, the legitimacy of the identity of the vehicle is further authenticated through the certificate; otherwise, defining it as overtime message, refusing to receive. After passing the identity authenticationRSU generates integer X R (X R <q) according to parameter Y i Computing the value of a qGenerating a shared session keyRSU generates a pseudonym ID 'for the vehicle' i Encryption using the public key of the vehicle: { Success }, I ID's' 1 ||K||T 2 -return a message that authentication was successful:
R→V i :{E(P v ,Success||ID' i ||K||T 2 )}
S24, vehicle V i Decrypting the feedback message from the RSU: d (V) s ,Success||ID' i ||K||T 2 ). Verifying message timeliness: i T-T 2 I, if the result is less than the maximum tolerance Δt of time delay, generating a consistent shared session keyAnd accepts kana ID' i
Set vehicle V j Entering the RSU coverage and completing identity authentication, which it wishes to access vehicle V i Resource of (a) i First, the vehicle V j Access application needs to be provided to RSU to obtain access to vehicle V i Resource of (a) i Accessing an authorization token; RSU retrieves V from blockchain j Finally, the stored trust value (the trust value is in dynamic adjustment) is sent to a decision server; the decision server acquires the role corresponding to the trust value, and screens out matched decision nodes in a role linked list; finally, the set of rights in the node is V j The decision server generates an access token according to the permission and sends the token to the RSU. The RSU distributes tokens to vehicles V i And vehicle V j 。V j The requested resource is accessed using the rights granted in the token.
As shown in fig. 9, the specific content of step S3 includes the following steps:
s31, vehicle V j Request resource access to RSU:
V j →R:{Request||T 3 ||HMAC(K j ,Request||T 3 ))}
wherein request= { ID' j ||ID' i ||H i -comprising: kana ID 'of vehicle j' j Resource owner pseudonym ID' i Hash value H of request access resource i =Hash(Resource i ). Using HMAC algorithm and shared key K j Calculating a message authentication code HMAC (K) j ,Request||T 3 ),T 3 The time stamp is the current time to ensure the timeliness of the message;
s32, RSU firstly verifies the freshness of the message-whether the timestamp meets the T-T 3 |<Δt. If so, further searching the identity list for V j Kana ID 'of (1)' j . If a pseudonym exists, the locally stored session key k is used j HMAC' (K) was calculated j ,Request||T 3 ) And judging whether the HMAC' is consistent with the received HMAC or not, and checking the integrity of the message. If the message is not tampered with, call TrustValue Research () function (FIG. 10), input vehicle identification ID v Finding out the vehicle according to ID' j Corresponding latest trust value TV j . RSU uses public key P S Encryption parameter { request||TV j ||T 4 -sending a decision request to a decision server S:
R→S:{E(P S ,Request||TV j ||T 4 )};
s33, after receiving the decision request, decrypting and verifying timeliness, the decision server makes a decision:
s331, the server divides roles of the vehicle and the cooperative vehicle into 10 levels by utilizing a segmentation function F defined as follows, and realizes the mapping relation between trust value intervals of all levels and the roles:
since 0.5 is the initial trust value, 0.5 is taken as the individual trust level to assign the base rights. In order to prevent vehicles with high reputation level from illegally accessing resources, the invention divides the high trust value interval into more grades, and further refines roles and authorities corresponding to different grades. Setting the trust level of the evaluated vehicle to be an initial value of 0.5, and calculating the trust level according to the trust value: f (0.5) →TL 5 Obtaining a Role value Role 4
S332, the server searches the role linked list, positions the role linked list to the corresponding role linked list according to the role value, inputs the role linked list and the resource index as real parameters, and calls a decision algorithm function (figure 11) to obtain the corresponding decision node. Analysis of the decision algorithm is as follows:
1) Traversing the linked list in the role linked list of the layer, matching the Hash field of each decision node, and obtaining the node and the authority set field of the node if a matching item exists; otherwise, execute 2)
2) If the corresponding decision node does not exist in the layer, traversing the role linked list of the upper layer until the decision node is found, and obtaining the authority set of the decision node.
3) Generating an access token warrant as in fig. 11, according to the permissions allowed in the node j . The token field is:
(1) resource requester pseudonym ID' j
(2) Resource owner identification ID i
(3) Time of token creation T q
(4) Decision server granting vehicle V j Access rights operation of (a) j
(5) The decision server S signs the signature of the token using the private key S Other vehicles can use the public key of S to verify the authenticity of the token; meanwhile, because there is no private key of S, an attacker cannot forge the access token.
The server S will token warrants j Encryption using RSU public keyAnd sending to the RSU:
S→R:{E(P R ,warrant j )};
s34, after the RSU decrypts and takes out the token, the public key of S is used for verifying the integrity of the token. Using session keys K, respectively i ,K j Generating a message authentication code HMAC (K i/j ,warrant j ) Distributing tokens to vehicles V i Vehicle V j
R→V i :{warrant j ||HMAC(K i ,warrant j )}
R→V j :{warrant j ||HMAC(K j ,warrant j )};
S35, vehicle V i 、V j The authenticity of the message is verified using the respective session key and the timeliness of the token is verified. If all tests pass, vehicle V j Accessing vehicle V using access rights specified in token i Is a resource of (a).
S36, vehicle V i For V j Performing trust evaluation: at V j After completing the resource access behavior, vehicle V i Invoking trust evaluation algorithm on V j The trust value is evaluated for a new round and a direct trust value is calculated. If the vehicle j tries to perform unauthorized or illegal operation, the trust value of the vehicle j is reduced; if the vehicle j accesses the resource legally, the trust value is increased. Setting the trust value of the estimated vehicle to be 0.75, and 5 times of estimation on the direct trust value of the vehicle, wherein the result is shown in fig. 12 and 13, when the penalty factor f=0.05 and the reward factor p=0.02 are determined, the trust value is reasonably reduced and the trend is reasonably increased, and the trust value is substituted into the formula:
1) If the vehicle V j Attempting to perform unauthorized or illegal operations, V i Calculating a direct trust value:
DT j =TV j -f*TV i =0.475
2) If the vehicle V j Legal access to resources, V i Calculating a direct trust value:
DT j =TV j +p*TV i =0.51
vehicle V i DT is prepared j Attached with a time stamp T 5 And message authentication code HMAC (K) i ,DT j ||T 5 ) Send to RSU:
V i →R:{DT j ||T 5 ,HMAC(K i ,DT j ||T 5 )};
s37, RSU checks V by HMAC algorithm i Reliability of the feedback message. The RSU receives the direct trust value passing the authentication, invokes a trust evaluation algorithm, and further calculates a recommended trust value:
s371, RSU invokes the blockchain Read () query function to retrieve 6V' S in the blockchain j Is a historical trust value for (1);
s372, extracting trust value evaluator in the record, and calculating V j And evaluator V k Similarity of (3):
1) The search is within the time period delta t, and the evaluator fields are V respectively k ,V j Trust value records of (a).
2) V for evaluator j Screening out the records belonging to [0.5,1 ]]Trust values within range and calculate the average:
3) V for evaluator k And similarly, calculate the average:
4) Calculate V k ,V j Similarity between:
the similarity results are shown in the table:
s373, calculating recommendation trust value
The indirect trust values for calculating the punishment situation and the rewarding situation are respectively as follows: 0.3721,0.5057.
S374, finally, using 0.5 as the trust value change starting point, using the formula
TV j =W*DT j +(1-W)*R j
And calculating the comprehensive trust value to obtain the trust value change result of FIG. 14. Fig. 14 depicts the variation of the integrated trust value for the vehicle performing 6 times of normal access control and illegal access. As can be seen from fig. 14, the trust value changes to a trend of gradually increasing and decreasing, which meets the trust value evaluation requirement. The RSU generates trust value record data: { V j ID,V i ID,TV j ,T i And consensus and posting to the blockchain.
In order to verify the feasibility of the embodiment, the correctness and the feasibility of the method of the invention are analyzed.
1. Trust value reliability
The invention adopts the blockchain technology to store the historical trust value record of the vehicle, combines the cryptographic principles of a Hash function, an asymmetric key and the like, has the characteristic of non-falsification and permanent storage, and ensures the sustainable evaluation of the trust value of the vehicle. The trust value and elements such as the vehicle pseudonym, the timestamp and the like form a mapping relation to be used as a record in the block body structure, and the distributed blockchain network node RSU carries out endorsement signature, so that the trust value cannot be negated and cannot be counterfeited. The RSU nodes synchronize the whole network trust value records through the PBFT consensus algorithm, the PBFT algorithm can resist 1/3 node faults, and the fault tolerance of the PBFT algorithm is proved as follows:
there are 4 RSU nodes in the blockchain network, where node 1 is a malicious node. When a new trust value record is released to the blockchain network, the master node firstly sends a record v to other nodes; the remaining nodes forward the record to the other two nodes. Let malicious node 1 send tampered record x to nodes 2, 3. The message received by the node 2 is: (v, v, x), the result after decision is v; the message received by node 3 is (v, v, x) and the result of the decision is v. Therefore, even if the attacking node 1 wants to tamper with the record, the honest nodes 2 and 3 have consensus, and the consistency and reliability of the trust value record are ensured.
2. Identity privacy
The invention protects the identity privacy of the vehicle by using a pseudonymous name mechanism. If a single identity is used in the vehicle communication process, the vehicle is tracked by an attacker, and the identity and the track privacy are threatened. In the method, after the bidirectional identity authentication is completed between the vehicle and the RSU, the RSU distributes a pseudonym for the vehicle and stores the pseudonym in an identity list, the vehicle communicates through the pseudonym, and the identity privacy of the vehicle is protected by periodical replacement of the pseudonym.
Because of the collision resistance and compression function of the Hash function, the Hash value of the resource is used as an index to correspond to the resource one by one, the identity of the resource owner is not required to be bound, and an attacker cannot restore the resource information:
1) Primary image attack and secondary primary image attack: for a given Hash value h, an attacker tries to find that x satisfies Hash (x) =h. An attacker uses an exhaustive attack, randomly selecting x, trying to calculate its Hash value until a collision occurs. For a Hash value of n bits, the exhaustive scale is 2 n On the order of magnitude. The attacker needs to average try 2 n-1 Then x can be found to be satisfied.
2) Birthday attack: the attacker uses the birthday paradox (if random integer variables are chosen in the range of 0-N-1 evenly distributed,the probability of repetition after the second selection exceeds 50%), the challenge is initiated for the collision resistance of the Hash function, i.e. two messages m=m' are found, their Hash codes: h (M) =h (M'). For a Hash value of m bits, it is expected to be 2 m/2 This attempt is followed by finding the same data block. However, if the Hash code is 160 bits, it takes 4000 years to find a collision even if a special collision search machine is used.
Therefore, the decision server only needs to store the Hash value and the authority set of the resource, and the required resource can be retrieved through the Hash value to carry out access control decision. The invention conceals the identity and the track of the resource visitor and also protects the identity privacy of the resource owner.
3. Message security
The invention firstly uses PKI mechanism to issue identity certificate for vehicle and RSU by third party trusted organization TC, realizes bidirectional identity authentication of vehicle and RSU, negotiates session key, and builds first defense line for access control of vehicle networking. And secondly, under the condition that the identities of the two parties are legal, the negotiated session secret is used for calculating a message verification code HMAC, and the HMAC has the characteristics of irreversibility, low operation cost, high cracking difficulty and the like, so that the integrity of the message is verified, and the calculation burden of encrypting and decrypting by using an asymmetric key is reduced.
The secure transmission of the message depends on the security of the session key, which security is analyzed as follows:
1) Vehicle random generation X v (X v <q) RSU randomly generates X R (X R <q)。
2) Vehicle computing RSU calculation +.>
3) RSU receives Y V Calculation ofThe vehicle receives Y R Calculate->
The calculation results of the two are the same:
from the above analysis, it can be seen thatThe validity of the method is based on the difficulty of calculating discrete logarithms: taking a prime number p, the integer a being the primitive root of p, the power of which can produce all integers between 1 and p-1, a mod p, a 2 mod p,…,a p-1 mod p is different. For any integer b and prime p primitive root a, only a unique index i can be found out to obtain
b≡a i mod p, where 0.ltoreq.i.ltoreq.p-1
Therefore, the power operation of prime numbers is easy, and discrete logarithm calculation is very difficult; for large primes, discrete logarithms are considered to be infeasible, and session keys can guarantee confidentiality and integrity of sessions of two communication parties.
The foregoing description of the preferred embodiments of the invention is not intended to limit the invention to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and scope of the invention are intended to be included within the scope of the invention.

Claims (4)

1. A vehicle networking access control method based on a zero trust mechanism is characterized by comprising the following steps:
s1, a PKI mechanism of a trusted authority TC adopts an RSA algorithm to generate public and private keys and identity certificates for RSU and vehicles; the decision server initializes an access control policy: establishing a mapping relation between trust level and roles, receiving resources uploaded by a vehicle and authority sets thereof, and distributing the authority sets to corresponding roles;
The step S1 comprises the following steps:
s11, RSU identity registration, TC distributes unique identity ID for RSU R Selecting two prime numbers p and q, and calculating n=p×q, phi (n) = (p-1) (q-1); e is chosen to satisfy gcd (n), e) =1, d is determined such that d≡e -1 (mod φ (n)); calculating public private key P R ={e,n},S R = { d, n }, combine public key, timestamp, ID R Element generation public key certificate Cert R
S12, registering the identity of the vehicle, and generating a public-private key pair { P (public-private key pair) for the vehicle by TC (traffic control) by using RSA (rivest-Shamir-Adleman) algorithm v ,S v -issuing an identity certificate Cert v TC sets an initial trust value TV x Forming a trust value record and recording the trust value record into a blockchain network;
s13, initializing a decision server, and generating a trust value interval and a trust level TL= { TL by the decision server 1 ,TL 2 ,...,TL n Set Role = { Role } and Role 1 ,Role 2 ,...,Role n Establishing a role linked list simultaneously, and distributing corresponding resource rights for each role, wherein the head nodes of the role linked list are roles corresponding to different trust levels, and the tail pointers of the linked list point to decision nodes uploaded by vehicles;
s14, vehicle V x Uploading self shared resources and authority sets thereof to a decision server, V x According to the type of the self-opened shared resource, determining the role requirement for accessing a certain type of resource, wherein different resource sets of the same vehicle require different role authorities, the vehicle forms a plurality of decision nodes, and links the different decision nodes to the tail parts of different role chains; the meaning of each field of the decision node is as follows:
1) The Hash value of the shared resource is used as an index for retrieving the corresponding authority, and the identity of the resource owner is not stored in the decision node because the Hash value and the resource are in a corresponding relation, so that the identity privacy of the resource owner is protected, and the authorized vehicle is retrieved by a Hash field during indexing;
2) Allowing the role to set the authority of the resource;
3) The time of uploading the resource is used for verifying the timeliness of the resource;
4) The end field of the node is a pointer, and the initial value of the field is Null; if the new node is accessed after the node, the field value is Next-the address pointing to the Next node;
s15, the decision server accesses decision nodes to the tail parts of corresponding Role linked lists according to decision node information uploaded by vehicles, the trust level, the roles and the linked list structure of the decision nodes are characterized in that the nodes taking H1 as indexes appear in different levels of the linked list, because the same vehicle divides different authority sets according to access control requirements and distributes the authority sets to the roles of different levels, different decision nodes belonging to the same vehicle can appear on different levels of chains, in addition, because the roles are layered in levels, the authority sets (A1, A2) owned by the nodes in a low-level linked list (Role 1) are subsets of the authority sets (A1, A2, …, A4) contained in a high-level linked list (Role 2);
S2, realizing two-way identity authentication by the registered vehicle and the RSU based on the PKI system, negotiating a session key, in the process, after the vehicle enters a certain RSU coverage area, firstly carrying out two-way identity authentication, then negotiating by both sides to generate the session key, generating a pseudonym for the vehicle for protecting the identity privacy of the vehicle, and storing the pseudonym in a local identity list by the RSU;
s3, vehicle V is set j Entering the RSU coverage and completing identity authentication, which it wishes to access vehicle V i Resource of (a) i First, the vehicle V j Access application needs to be provided to RSU to obtain access to vehicle V i Resource of (a) i Accessing an authorization token; RSU retrieves V from blockchain j Finally, the stored trust value and the request information are sent to a decision server; the decision server acquires the role corresponding to the trust value, and screens out matched decision nodes in the role linked list; finally, the authority set in the decision node is V j The allowed access rights, the decision server generates an access token according to the rights and sends the token to the RSU, which distributes the token to the vehicle V i And vehicle V j ,V j Accessing the requested resource using the rights granted in the token;
the step S3 comprises the following steps:
s31, vehicle V j Request resource access to RSU:
V j →R:{Request||T 3 ||HMAC(K j ,Request||T 3 ))}
Wherein request= { ID' j ||ID' i ||H i -comprising: kana ID 'of vehicle j' j Resource owner pseudonym ID' i Hash value H of request access resource i =Hash(Resource i ) Using HMAC algorithm and shared key K j Calculating a message authentication code HMAC (K) j ,Request||T 3 ),T 3 Time stamping the current time to ensureTimeliness of messages;
s32, RSU firstly verifies the freshness of the message-whether the timestamp meets the T-T 3 |<Δt, if so, further retrieving V in the identity list j Kana ID 'of (1)' j If a pseudonym exists, the locally stored session key k is used j HMAC' (K) was calculated j ,Request||T 3 ) Judging whether the HMAC' is consistent with the received HMAC, checking the integrity of the message, calling TrustValue Research () function if the message is not tampered, and inputting the vehicle identity ID v Finding out the vehicle according to ID' j Corresponding latest trust value TV j RSU uses public key P S Encryption parameter { request||TV j ||T 4 -sending a decision request to a decision server S:
R→S:{E(P S ,Request||TV j ||T 4 )};
s33, after receiving the decision request, decrypting and verifying timeliness, the decision server makes a decision, and according to the decision result, the server S generates an access control token warrant j Encrypting the token by using the RSU public key, and sending the encrypted token to the RSU:
S→R:{E(P R ,warrant j )}
s34, after the RSU decrypts and takes out the token, the public key of S is used for verifying the integrity of the token, and the session key K is used respectively i ,K j Generating a message authentication code HMAC (K i/j ,warrant j ) Distributing tokens to vehicles V i Vehicle V j
R→V i :{warrant j ||HMAC(K i ,warrant j )}
R→V j :{warrant j ||HMAC(K j ,warrant j )};
S35, vehicle V i 、V j Verifying the authenticity of the message using the respective session key and verifying the timeliness of the token, if both pass, vehicle V j Accessing vehicle V using access rights specified in token i Is a resource of (1);
s36, vehicle V i For V j Performing trust evaluation: at V j After completing the resource access behavior, vehicle V i Invoking trust evaluation algorithm on V j Evaluating the trust value for a new round, calculating a direct trust value, and reducing the trust value if the vehicle j tries to perform unauthorized or illegal operation; if the vehicle j accesses the resource legally, then the trust value is increased, and the trust evaluation algorithm acts here as:
1) If the vehicle V j Attempting to perform unauthorized or illegal operations, V i Calculating a direct trust value:
DT j =TV j -f*TV i
2) If the vehicle V j Legal access to resources, V i Calculating a direct trust value:
DT j =TV j +p*TV i
wherein V is i Trust value TV of (a) i The larger the magnitude of the punishment and punishment, the larger the magnitude of the increase and decrease, the vehicle V i DT is prepared j Attached with a time stamp T 5 And message authentication code HMAC (K) i ,DT j ||T 5 ) Send to RSU:
V i →R:{DT j ||T 5 ,HMAC(K i ,DT j ||T 5 )};
s37, RSU checks V by HMAC algorithm i And feeding back the reliability of the message, receiving a direct trust value passing authentication by the RSU, calling a trust evaluation algorithm, and further calculating a recommended trust value.
2. The internet of vehicles access control method based on the zero trust mechanism according to claim 1, wherein the step S2 comprises:
s21, the RSU periodically broadcasts own certificate:
R:{Cert R ||Sign(S R ,Cert R )}
waiting for the access of the vehicle, signing the broadcast message by using a private key, and ensuring the integrity of the broadcast message;
s22, vehicle V i Entering the coverage area of the RSU R, receiving the broadcast message thereof, using the certificate Cert R The public key in (a) decrypts the signature, verifies [ Sign (S) R ,Cert R )] d (modn)=Cert R If so, generating a prime number q and an integer a (a<q and a is the primitive root of q) to produce an X v (X v <q), calculatePublic key encryption networking application using RSU:
V i →R:{E(P R ,Cert v ||Y i ||a||q||T 1 )}
wherein T is 1 For the time stamp, the freshness of the message is proved, and replay attack is prevented;
s23, the RSU uses the private key to decrypt the received network access application message, and calculates the time difference |T-T 1 If the difference value is less than or equal to deltat, the legitimacy of the identity of the vehicle is further authenticated through the certificate; otherwise, defining it as overtime message, refusing to receive it, after the identity authentication is passed, RSU can produce integer X R (X R <q) according to parameter Y i Computing the value of a qGenerating a shared session keyRSU generates a pseudonym ID 'for the vehicle' i Encryption using the public key of the vehicle: { Success }, I ID's' 1 ||K||T 2 -return a message that authentication was successful:
R→V i :{E(P v ,Success||ID' i ||K||T 2 )}
s24, vehicle V i Decrypting the feedback message from the RSU: d (V) s ,Success||ID' i ||K||T 2 ) Verifying message timeliness: i T-T 2 I, if the result is less than the maximum tolerance Δt of time delay, generating a consistent shared session keyAnd accepts kana ID' i
3. The internet of vehicles access control method based on the zero trust mechanism according to claim 2, wherein the decision server performs a decision process as follows:
s331, the server utilizes a segmentation function F defined as follows:
calculating a trust level from the trust value: f (TV) j )→TL j Mapping the trust level to the corresponding role to obtain an angular color value;
s332, searching a role linked list by the server, wherein the role linked list is specifically: according to the role value positioning to the corresponding role linked list, inputting the role linked list and the resource index as real parameters, calling a decision algorithm function, obtaining the corresponding decision node, and analyzing the decision algorithm as follows:
1) Traversing the linked list in the role linked list of the layer, matching the Hash field of each decision node, and obtaining the node and the authority set field of the node if a matching item exists; otherwise, execute 2)
2) If the layer does not have the corresponding decision node, traversing the role linked list of the upper layer until the decision node is found, and obtaining a permission set of the decision node;
3) Generating an access token warrant according to the permission in the node j The token field is:
(1) resource requester pseudonym ID' j
(2) Resource owner identification ID i
(3) Time of token creation T q
(4) Decision server granting vehicle V j Access rights operation of (a) j
(5) The decision server S signs the signature of the token using the private key S Other vehicles can use the public key of S to verify the authenticity of the token; meanwhile, because there is no private key of S, an attacker cannot forge the access token.
4. The Internet of vehicles access control method based on the zero trust mechanism according to claim 3, wherein,
the indirect trust value calculation is specifically implemented as follows:
s371, RSU invokes the blockchain Read () query function to retrieve n V' S retrieved in the blockchain j Is a historical trust value for (1);
s372, extracting trust value evaluators in records, and calculating V j And evaluator V k Similarity of (3):
1) The search is within the time period delta t, and the evaluator fields are V respectively k ,V j Is a trust value record of (1);
2) V for evaluator j Screening out the records belonging to [0.5,1 ]]Trust values within range and calculate the average:
3) V for evaluator k And similarly, calculate the average:
4) Calculate V k ,V j Similarity between:
V k ,V j Differences in results of evaluation of legitimate vehiclesRepresenting the similarity between the two, wherein the smaller the difference value is, the higher the similarity is;
s373, calculating recommendation trust value
q k The more distant the impact of the representative time on the recommended trust value, the less in the recommended trust value's duty cycle the more distant the evaluation; in addition to this, the similarity S of two vehicles k Historical trust value TV kj The method is also a key index for measuring the reliability of the recommended trust value;
s374, trust value calculation
TV j =W*DT j +(1-W)*R j
Finally, according to a certain weight W, the direct trust value DT j Recommendation trust value R j Combined to calculate the vehicle V j Trust value TV of (a) j The RSU generates trust value record data: { V j ID,V i ID,TV j ,T i And consensus and posting to the blockchain.
CN202210166731.8A 2022-02-23 2022-02-23 Internet of vehicles access control method based on zero trust mechanism Active CN114567473B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210166731.8A CN114567473B (en) 2022-02-23 2022-02-23 Internet of vehicles access control method based on zero trust mechanism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210166731.8A CN114567473B (en) 2022-02-23 2022-02-23 Internet of vehicles access control method based on zero trust mechanism

Publications (2)

Publication Number Publication Date
CN114567473A CN114567473A (en) 2022-05-31
CN114567473B true CN114567473B (en) 2024-01-09

Family

ID=81713841

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210166731.8A Active CN114567473B (en) 2022-02-23 2022-02-23 Internet of vehicles access control method based on zero trust mechanism

Country Status (1)

Country Link
CN (1) CN114567473B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114928499B (en) * 2022-06-21 2023-09-19 深圳建科网络科技有限公司 Access control method based on block chain and trust system
CN115333755A (en) * 2022-10-17 2022-11-11 四川中电启明星信息技术有限公司 Multi-attribute identity authentication method based on continuous trust evaluation
CN115623471B (en) * 2022-12-21 2023-03-10 北京金睛云华科技有限公司 Trust management method and device for privacy protection of vehicle-mounted network
CN117956451B (en) * 2024-03-27 2024-06-18 广州铭创通讯科技有限公司 Data security transmission method and system based on OBU storage key

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039322A (en) * 2007-04-20 2007-09-19 华中师范大学 Dynamic access control method of pervasive computing
CN101257386A (en) * 2008-03-11 2008-09-03 南京邮电大学 Dynamic accesses control method based on trust model
CN101729321A (en) * 2009-12-22 2010-06-09 北京理工大学 Dynamic cross-domain access control method based on trust valuation mechanism
CN101888341A (en) * 2010-07-20 2010-11-17 上海交通大学 Calculable creditworthiness-based access control method under distributed environment of multiple trusting domains
CN102664888A (en) * 2012-04-19 2012-09-12 中国科学院软件研究所 Trust-based access control method and system thereof
CN104935590A (en) * 2015-06-10 2015-09-23 南京航空航天大学 HDFS access control method based on role and user trust value
CN106330910A (en) * 2016-08-25 2017-01-11 重庆邮电大学 Strong privacy protection dual authentication method based on node identities and reputations in Internet of vehicles
CN110446204A (en) * 2019-09-11 2019-11-12 南通大学 A kind of trust value computing method suitable for car networking network vehicle node
CN110830998A (en) * 2019-05-28 2020-02-21 南通大学 Vehicle networking malicious node identification method based on trust mechanism
CN112055029A (en) * 2020-09-16 2020-12-08 全球能源互联网研究院有限公司 Zero-trust power Internet of things equipment and user real-time trust degree evaluation method
CN112153608A (en) * 2020-09-24 2020-12-29 南通大学 Vehicle networking cross-domain authentication method based on side chain technology trust model
WO2020258060A2 (en) * 2019-06-25 2020-12-30 南京邮电大学 Blockchain-based privacy protection trust model for internet of vehicles
CN113055363A (en) * 2021-03-02 2021-06-29 南通大学 Identification analysis system implementation method based on block chain trust mechanism
CN113727282A (en) * 2021-08-18 2021-11-30 暨南大学 Similarity-based trust evaluation method for privacy protection in Internet of vehicles

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039322A (en) * 2007-04-20 2007-09-19 华中师范大学 Dynamic access control method of pervasive computing
CN101257386A (en) * 2008-03-11 2008-09-03 南京邮电大学 Dynamic accesses control method based on trust model
CN101729321A (en) * 2009-12-22 2010-06-09 北京理工大学 Dynamic cross-domain access control method based on trust valuation mechanism
CN101888341A (en) * 2010-07-20 2010-11-17 上海交通大学 Calculable creditworthiness-based access control method under distributed environment of multiple trusting domains
CN102664888A (en) * 2012-04-19 2012-09-12 中国科学院软件研究所 Trust-based access control method and system thereof
CN104935590A (en) * 2015-06-10 2015-09-23 南京航空航天大学 HDFS access control method based on role and user trust value
CN106330910A (en) * 2016-08-25 2017-01-11 重庆邮电大学 Strong privacy protection dual authentication method based on node identities and reputations in Internet of vehicles
CN110830998A (en) * 2019-05-28 2020-02-21 南通大学 Vehicle networking malicious node identification method based on trust mechanism
WO2020258060A2 (en) * 2019-06-25 2020-12-30 南京邮电大学 Blockchain-based privacy protection trust model for internet of vehicles
CN110446204A (en) * 2019-09-11 2019-11-12 南通大学 A kind of trust value computing method suitable for car networking network vehicle node
CN112055029A (en) * 2020-09-16 2020-12-08 全球能源互联网研究院有限公司 Zero-trust power Internet of things equipment and user real-time trust degree evaluation method
CN112153608A (en) * 2020-09-24 2020-12-29 南通大学 Vehicle networking cross-domain authentication method based on side chain technology trust model
CN113055363A (en) * 2021-03-02 2021-06-29 南通大学 Identification analysis system implementation method based on block chain trust mechanism
CN113727282A (en) * 2021-08-18 2021-11-30 暨南大学 Similarity-based trust evaluation method for privacy protection in Internet of vehicles

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
基于信任值评估的云计算访问控制模型研究;范运东;吴晓平;石雄;;信息网络安全(07);全文 *
基于可信计算的车联网云安全模型;张文博;包振山;李健;;武汉大学学报(理学版)(05);全文 *
网格计算中基于信任度的动态角色访问控制的研究;邓勇;张琳;王汝传;张梅;;计算机科学(01);全文 *
车载自组网中信任感知的隐私保护策略;王进;张永慧;顾翔;;计算机工程与应用(06);全文 *

Also Published As

Publication number Publication date
CN114567473A (en) 2022-05-31

Similar Documents

Publication Publication Date Title
CN114567473B (en) Internet of vehicles access control method based on zero trust mechanism
CN111050317B (en) Intelligent traffic data safety sharing method based on alliance block chain
Tzeng et al. Enhancing security and privacy for identity-based batch verification scheme in VANETs
Ma et al. Blockchain-driven trusted data sharing with privacy protection in IoT sensor network
CN107888377B (en) VANETs position privacy protection method based on random encryption period
CN109698754A (en) Fleet&#39;s safety management system and method, vehicle management platform based on ring signatures
CN106713326A (en) Vehicle-mounted network message authentication protocol
CN106953839B (en) System and method for controlling propagation of untrusted resources in Internet of vehicles
Jolfaei et al. Secure data streaming to untrusted road side units in intelligent transportation system
CN112929333A (en) Vehicle networking data safe storage and sharing method based on hybrid architecture
CN112489458B (en) Credible privacy protection intelligent traffic light method and system based on V2X technology
Guehguih et al. Blockchain-based privacy-preserving authentication and message dissemination scheme for vanet
Chen et al. A Summary of Security Techniques‐Based Blockchain in IoV
Alshehri et al. A blockchain-encryption-based approach to protect fog federations from rogue nodes
Jamjoom et al. [Retracted] Lightweight Authenticated Privacy‐Preserving Secure Framework for the Internet of Vehicles
Elavarasu et al. Block chain based secure data transmission among internet of vehicles
CN115442048A (en) VANET-oriented block chain-based anonymous authentication method
Zhang et al. Traffic data security sharing scheme based on blockchain and traceable ring signature for VANETs
Zhong et al. Connecting things to things in physical-world: Security and privacy issues in vehicular ad-hoc networks
Xi et al. Probabilistic adaptive anonymous authentication in vehicular networks
Azam et al. Privacy and authentication schemes in VANETS using Blockchain: a review and a framework to mitigate security and privacy issues
Sutradhar et al. A survey on privacy-preserving authentication protocols for secure vehicular communication
Berlato et al. Smart card-based identity management protocols for V2V and V2I communications in CCAM: A systematic literature review
Aljumaili et al. A Review on Secure Authentication Protocols in IOV: Algorithms, Protocols, and Comparisons
Squicciarini et al. Paim: Peer-based automobile identity management in vehicular ad-hoc network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant