CN115102695A - Vehicle networking certificate authentication method based on block chain - Google Patents
Vehicle networking certificate authentication method based on block chain Download PDFInfo
- Publication number
- CN115102695A CN115102695A CN202210689218.7A CN202210689218A CN115102695A CN 115102695 A CN115102695 A CN 115102695A CN 202210689218 A CN202210689218 A CN 202210689218A CN 115102695 A CN115102695 A CN 115102695A
- Authority
- CN
- China
- Prior art keywords
- obu
- certificate
- node
- vehicle node
- cer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000006855 networking Effects 0.000 title claims abstract description 31
- 238000000034 method Methods 0.000 title claims abstract description 25
- 230000002776 aggregation Effects 0.000 claims abstract description 10
- 238000004220 aggregation Methods 0.000 claims abstract description 10
- 238000012795 verification Methods 0.000 claims description 24
- 230000006870 function Effects 0.000 claims description 9
- 125000004122 cyclic group Chemical group 0.000 claims description 8
- 230000007246 mechanism Effects 0.000 claims description 6
- 238000013507 mapping Methods 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 claims description 4
- 230000004044 response Effects 0.000 claims description 3
- 230000000694 effects Effects 0.000 claims description 2
- 238000004806 packaging method and process Methods 0.000 claims description 2
- 206010063385 Intellectualisation Diseases 0.000 abstract description 2
- 230000002457 bidirectional effect Effects 0.000 abstract description 2
- 230000006854 communication Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000007257 malfunction Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a vehicle networking certificate authentication method based on a block chain, which mainly solves the problem that in the prior art, single-point faults, certificate revocation and cross-center nodes are not mutually trusted, and the implementation scheme is as follows: initializing network parameters, distributing a private key, an aggregation public key and a public key certificate for vehicle nodes and roadside unit nodes managed by each central node, and storing the public key certificate into a block chain; the sending request vehicle node sends an authentication request message to the receiving request vehicle node; the method comprises the steps that the identity of a request vehicle node is received and authenticated; and the identity identifications of the receiving request vehicle node and the sending request vehicle node are exchanged, and identity authentication is carried out to complete bidirectional identity authentication of the Internet of vehicles equipment. The invention improves the urban traffic efficiency and the driving feeling of the user, improves the cross-domain identity authentication efficiency of the Internet of vehicles and reduces the identity authentication cost on the premise of not providing services in real time by trusting a third party, and can be used for automobile intellectualization and automatic driving.
Description
Technical Field
The invention belongs to the technical field of information safety, and particularly relates to an identity authentication method for Internet of vehicles equipment, which can be used in the fields of automobile intellectualization and automatic driving and can improve urban traffic efficiency and driving feeling of users.
Background
The car networking is a network system which realizes the all-round network connection of an in-car network, an inter-car network and a vehicle-mounted mobile internet by means of a new generation of information communication technology, and is used for improving the intelligent level and the automatic driving capability of the car, thereby improving the traffic efficiency and the driving experience. The internet of vehicles is actually a supporting infrastructure of the unmanned automobile, not only provides important information elements such as vehicle position, speed and route information, driver information, road congestion and accident information and various multimedia application fields for vehicles in the network, but also realizes networked interactive control through big data and cloud computing.
Due to the unique properties of the internet of vehicles VANET, such as high mobility and volatility, it is vulnerable to various influences. Security, privacy and trust issues need to be considered at the beginning of the design of VANET. The forged information of the outside vehicle may not only reduce the authentication efficiency of the certificate, but may also cause human life threatening accidents in the worst case. Although this problem can be defended against external attackers by providing a secure communication channel, trust management and private vehicle protection remain outstanding issues for the internet of vehicles VANET.
The certificate authority CA center is the core of the public key infrastructure PKI and is responsible for issuing public key certificates for the user nodes. The public key certificate is electronic data containing identity information of a vehicle node held by the certificate, generally comprises the identity information of a user node, a public key of the user node, signature and other information generated by a trusted center, has functions similar to those of an identity card in real life, and can provide public keys necessary for cryptographic services such as encryption, digital signature and the like for identity authentication and communication processes between the user node or between the user node and other entity nodes.
In the internet of vehicles, the internet of vehicles equipment comprises an On Board Unit (OBU) and a roadside unit (RSU). In order to ensure the security of the communication process between different pieces of car networking equipment, identity authentication needs to be performed before the car networking equipment communicates, so that various attack behaviors in the network are prevented. On the premise of ensuring safety, the higher the identity authentication efficiency of the Internet of vehicles equipment is, the better the identity authentication efficiency is. The main factors influencing the identity authentication efficiency include communication overhead, transmission delay and the like in the identity authentication process. Vehicle networking certificate management based on a PKI system is one of the most mainstream certificate management mechanisms at present, wherein a vehicle management mechanism serves as a certificate authority CA, issues public key certificates for vehicle nodes OBU and roadside unit nodes RSU managed by the vehicle management mechanism, and is responsible for updating and revoking node certificates and maintaining revoking lists. However, the security problem existing in the current vehicle networking identity authentication protocol based on the PKI system mainly has the following three aspects:
one is the single point of failure problem: the security of a PKI certificate is completely dependent on the security of the certificate authority CA, which poses a risk to certificate management since the certificate authority CA may be dishonest, may be subject to attacks, signs fraudulent certificates, malfunctions, uses outdated or defective cryptographic algorithms;
secondly, the certificate is lifted and sold: the certificate verifier needs to identify the binding relationship between the public key of the network entity and the certificate, and also needs to confirm whether the verified certificate is within the validity period, i.e., whether the verified certificate has been revoked. The certificate verifier needs to regularly maintain a certificate revocation list CRL containing certificates issued by the certificate authority CA and that have been revoked. Whether the certificate is in a revoke state is checked by executing the CRL, but since the update of the CRL is not real-time, the risk is brought to certificate verification;
thirdly, mutual trust between Certificate Authority (CA) problems: under a PKI system, in the face of complex requirements of an actual car networking application scenario, the mutual trust problem between cross CAs needs to be solved. In the car networking, a cross-certification mode is usually adopted, and trust relationships are established among different root CAs by mutually issuing certificates. In the certificate authentication stage, the verification of the terminal entity certificate is realized by searching a trust chain from the terminal entity certificate to a trust root. When the number of CAs is large, a complex network structure is formed by using the cross-authentication method, and the discovery process of the certificate chain becomes complicated. The cross-CA authentication can be realized by arranging a bridge CA among the trust domains, the bridge CA is used as a connecting bridge, and the trust relationship is established with the trust domains by a method of mutually issuing cross-authentication certificates. Compared with cross mutual authentication among multiple CAs, the method for establishing the bridge CA is convenient for discovering the trust chain path, but a large number of certificates with different structures need to be maintained, and the management is complex.
The blockchain is a distributed database which can be used for managing data in a time recording sequence and ensuring that the data cannot be tampered, and is divided into a public chain, a private chain and a federation chain. The public chain means that any node can participate in use and maintenance, and information is completely disclosed; the private chain is managed and limited by an administrator on the basis of the public chain, only a few internal nodes can participate in use and maintenance, and information is not disclosed; the alliance chain is arranged between the public chain and the private chain, a block chain is maintained by a plurality of organizations together, the block chain is a decentralization with semi-open admission authority, the voting authority for adding a new node and generating a new block is on a preset node, and the nodes which are not set can only participate in transactions. Although the related information in the federation chain can be protected, because the query authority is open, even if the entity is not in the federation chain, the entity can query through a preset open interface.
In recent years, in order to solve the common problems of single point failure, difficult cross-domain authentication, difficult maintenance of overhead tables and the like in the vehicle networking identity authentication protocol based on the PKI system, some scholars propose a method for combining the traditional PKI technology with the block chain idea. The patent application with the application publication number of CN 112929179A and the name of 'block chain-based vehicle networking equipment identity authentication and key agreement method' discloses a block chain-based vehicle networking equipment identity authentication and key agreement method. Although the method can complete the identity security authentication without relying on a third party under an insecure network environment, the constructed distributed block chain CA system has certain advantages in security compared with the traditional distributed CA system, the vehicle networking equipment needs to acquire huge data on double chains when performing certificate verification, and the vehicle networking equipment needs to synchronize the latest block hash value on the double chains in real time, so that the vehicle networking equipment has higher authentication cost.
Disclosure of Invention
The invention aims to provide a block chain-based vehicle networking certificate authentication method aiming at overcoming the defects in the prior art, and aims to maintain a revocation list in certificate management in real time on the premise of ensuring the identity authentication security of vehicle networking equipment, improve the cross-domain identity authentication efficiency and reduce the authentication cost.
In order to achieve the purpose, the technical scheme of the invention comprises the following steps:
(1) initialization:
with N certificate authorities CA ═ { CA ═ CA n N is more than or equal to 1 and less than or equal to N is taken as a central node, wherein, CA n Representing the nth central node, wherein N is more than or equal to 2;
all central nodes CA are generated by a consensus mechanism (q, G) 1 ,G 2 ,G t ,e,g 1 ,g 2 ,H 0 ,H 1 ) Parameter, wherein q is a large prime number, G 1 Is a first q-order cyclic addition group, G 2 Is a second q-order cyclic addition group, G t Is a cyclic multiplicative group of order q, g 1 Is G 1 Generating element of (1), g 2 Is G 2 Generator, e is G 1 、G 2 To G t Bilinear mapping of (2): g 1 ×G 2 →G t ,H 0 Is mapped to G 1 Hash function of H 1 Is mapped to Z q Hash function of, Z q Is a set of integers modulo q;
(2) each central node CA n Vehicle section managed thereforThe point and roadside unit nodes distribute a private key Pri, an aggregation public key apk and a public key certificate Cer, and simultaneously store the public key certificate into a block chain;
(3) in an unsecured network environment, a central node CA n Managed ith vehicle node OBU n,i To a central node CA m Managed jth to-be-communicated vehicle node OBU m,j Sending an authentication request message Req n,i N is more than or equal to 1 and less than or equal to N, M is more than or equal to 1 and less than or equal to N, and i is more than or equal to 1 and less than or equal to M n ,1≤j≤M n And when n ≠ M, M n Is the number of vehicle nodes, R, managed by the nth central node n The number of roadside unit nodes managed by the nth central node;
(4) receiving a requesting vehicle node OBU m,j By authentication request message Req n,i To sending request vehicle node OBU n,i The identity of (2) is authenticated:
(4a) receiving a requesting vehicle node OBU m,j Determining a message Req n,i Whether in the valid period: if yes, executing step 4 b); otherwise, for sending the request vehicle node OBU n,i The identity authentication of (3) fails;
(4b) receiving a requesting vehicle node OBU m,j By means of the nearest central node CA x Managed y-th roadside unit node RSU x,y Containing Cer on the acquisition Block chain n,i Authentication message Mes of certificates x_n,i The verification message comprises a Block Block d Merkle root hash value MerkleroHash d Block of d Block certificate BlockCer stored in n,i And hash values of q certificates CerHash d ={CerHash d_r R is more than or equal to 1 and less than or equal to q }, wherein x is more than or equal to 1 and less than or equal to N, and y is more than or equal to 1 and less than or equal to R n D is more than or equal to 0 and less than or equal to l, q is more than or equal to 1, and l is the total height of the block on the current main chain;
(4c) receiving a requesting vehicle node OBU m,j Judgment of Mes x_n,i Whether or not to include the public key certificate Cer n,i The verification value sequence of (2): if yes, executing step 4 d); otherwise, for sending the request vehicle node OBU n,i Wherein x is more than or equal to 1 and less than or equal to N, and y is more than or equal to 1 and less than or equal to R n ,Cer n,i For request messages Req n,i In-transit requesting vehicle node OBU n,i The public key certificate of (1);
(4d) receiving a requesting vehicle node OBU m,j For public key certificate Cer n,i And (4) carrying out verification:
(4d1) receiving a requesting vehicle node OBU m,j Mes judgment by verifying hash value k_n,i Whether tampered by other malicious nodes: if yes, the OBU is carried out on the vehicle node which sends the request n,i Fails the identity authentication; otherwise, execute 4d 2);
(4d2) receiving a requesting vehicle node OBU m,j Validating Mes x_n,i Block certificate BlockCer in (1) n,i Aggregate signature Sig of aggCer Whether e (Sig) is satisfied aggCer ,g 2 )=e(H 0 (Cer n,i ) Apk): if yes, the block certificate BlockCer n,i Not tampered with, execute step 4d 3); otherwise, to the sending requesting vehicle OBU n,i Fails the identity authentication;
(4d3) receiving a requesting vehicle node OBU m,j Verifying the block certificate BlockCer n,i Whether it is a revocation certificate: if yes, the OBU is carried out on the node of the vehicle sending the request n,i The identity authentication fails; otherwise, execute 4 e);
(4e) receiving a requesting vehicle node OBU m,j Judging the decrypted signature information DSig n,i And request message Req n,i Whether the concatenated data in (1) is consistent: if yes, the OBU is carried out on the node of the vehicle sending the request n,i The identity authentication is successful, and 5) is executed; otherwise, authentication fails;
(5) will accept the requesting vehicle node OBU m,j And sending request vehicle node OBU n,i The identity marks are exchanged, and identity authentication is carried out;
(5a) sending a request vehicle node OBU in an unsecure network environment m,j To the accepting requesting vehicle node OBU to be answered n,i Sending an authentication response message Rep m,j ;
(5b) Vehicle node OBU accepting request n,i Replying to a message Rep by authentication m,j To the vehicle node OBU sending the request m,j The identity of (2) is authenticated: if the identification is successful, executing 5 c); whether or notThen, the key agreement fails;
(5c) receiving a requesting vehicle node OBU n,i And sending the requesting vehicle node OBU m,j And calculating a key agreement result to finish the certification of the Internet of vehicles.
Compared with the prior art, the invention has the following advantages:
1. the invention combines the PKI technology with the block, takes a plurality of different authorization centers as the central nodes of the alliance chain, and can manage the certificates among the different authorization centers, thereby solving the problems of single point failure and certificate revocation in a PKI certificate management system and effectively improving the identity authentication efficiency of the vehicle networking equipment.
2. The invention combines the aggregation signature technology with the block chain, adds the signatures of all the central nodes CA in the block certificate stored in the block chain, can verify the identity certificates of other vehicle networking equipment in an unsafe environment for the vehicle networking equipment, does not need a third-party trust authority to provide online service, and effectively reduces the authentication cost of the identity of the vehicle networking equipment.
Drawings
FIG. 1 is a flow chart of an implementation of the present invention.
Fig. 2 is a diagram illustrating a structure of a alliance-link network in the present invention.
Detailed Description
Embodiments of the present invention are described in further detail below with reference to the accompanying drawings.
Referring to fig. 1, the implementation steps of this example are as follows:
and step 1, establishing a alliance chain network.
Building 5 certificate authority centers CA (CA) n L 1 is more than or equal to n is less than or equal to 5 is taken as a central node,
Individual vehicle equipment OBU and
the RSU is a federation blockchain network of common nodes, and the structure of the RSU is shown in fig. 2.
All in FIG. 2The central node CA generates (q, G) by a consensus mechanism 1 ,G 2 ,G t ,e,g 1 ,g 2 ,H 0 ,H 1 ) These parameters and generate respective public and private key pairs (pk) n ,sk n ) Each Block stores 5 Block certificates packaged into Block chain transaction, each vehicle node OBU and roadside unit node RSU have both transmitting function and receiving function,
wherein, CA n Denotes the nth central node, M n Representing a central node CA n Number of vehicle nodes in charge of management, R n Representing a central node CA n The number of roadside unit nodes in charge of management,
q is a large prime number, G 1 、G 2 Is a cyclic addition group of order q, G t Is a cyclic multiplicative group of order q, g 1 Is G 1 Generating element of (1), g 2 Is G 2 Generator, e is G 1 、G 2 To G t Bilinear mapping of (2): g 1 ×G 2 →G t ,H 0 Is mapped to G 1 Hash function of H 1 Is mapped to Z q Hash function of, Z q Is a set of integers modulo q, pk n Representing a central node CA n Of the public key sk n Representing a central node CA n The private key of (1); the block certificate consists of a certificate standard domain, a certificate extension domain and an aggregated signature, wherein the certificate standard domain comprises a certificate version number, a certificate serial number, a revoke identification bit, an aggregated signature algorithm identifier, a certificate validity end time, a vehicle networking equipment main body name, vehicle networking equipment main body public key information, a unique identifier of an issuer CA and a unique identity of the vehicle networking equipment main body, the certificate extension domain comprises a public key application, a certificate strategy, strategy mapping, a vehicle networking equipment main body alternative name and a basic constraint in the certificate, the revoke identification bit value is 0 to indicate that the certificate is revoked, and the revoke identification bit value is 1 to indicate that the certificate is not revokedAnd (4) a pin.
2.1) Each Central node CA n Generating a public key Pub and a private key Pri according to the identity Iden of each managed vehicle node OUB and roadside unit RSU:
the identity identifier Iden is information of the Internet of vehicles equipment when a relevant government regulatory agency registers and records, and comprises the name of the Internet of vehicles equipment main body and the unique identity identifier of the Internet of vehicles equipment main body;
since the SM2 algorithm is more secure and faster in encryption and decryption, CA in this example n Generating a public key Pub and a private key Pri by adopting an SM2 algorithm based on the identity Iden;
2.2) generating a public key certificate Cer according to the identity Iden and the public key Pub, and generating an aggregation public key according to g public keys of all the central nodes:
wherein, pk i Is a central node CA i The public key of (2);
2.3) Central node CA n Broadcasting public key certificate Cer to other nodes CA on alliance chain j Other nodes CA j Verifying the public key certificate Cer after receiving the public key certificate Cer, signing the public key certificate Cer after the verification is successful, and signing the signature information Sig cer,j =sk j ·H 0 (Cer) Return to Central node CA n Wherein, sk j Is CA j J is more than or equal to 1 and less than or equal to N;
2.4) Central node CA n Generating an aggregated signature upon receipt of signature information from other nodes
According to the public key Cer and the aggregate signature Sig aggCer Generates a block certificate BlockCer, and compares the block certificate BlockCer encoding and packaging into a transaction Tr n Then transacting the transaction Tr n Broadcasting to other central nodes in the alliance chain network, and waiting for other central nodes to perform transaction Tr n Writing the block chain after verification;
2.5) Central node CA n Learning of transaction Tr n And after the data are written into the block chain, the aggregation public key apk, the private key Pri and the certificate Cer are safely distributed to the corresponding Internet of vehicles equipment nodes through an offline channel.
Step 3, vehicle node OBU 1,3 To vehicle node OBU waiting to communicate 4,1 Sending an authentication request message Req 1,3 。
3.1) sending request vehicle node OBU 1,3 Generating a random number r 1,3 And request timestamp T 1,3 And using the private key Pri 1,3 Public key certificate Cer 1,3 A random number r 1,3 And request timestamp T 1,3 Signature Sig of the formed data string 1,3 ;
3.2) by public key certificate Cer 1,3 A random number r 1,3 Request time stamp T 1,3 And signature Sig of data string 1,3 Composing an authentication request message Req 1,3 ={Cer 1,3 ||r 1,3 ||T 1,3 ||Sig 1,3 };
3.3) sending request vehicle node OBU 1,3 Will request message Req 1,3 Sending to the vehicle node OBU accepting the request 4,1 。
In this example, each common node has a random number generator locally, and the random number generator can generate a random number, all nodes in the block chain of the alliance are synchronized in clock, and a timestamp r is provided 1,3 Is to resolve the system current time to a Unix timestamp.
Step 4, receiving the request vehicle node OBU 4,1 By authentication request message Req 1,3 To request sending vehicle node OBU 1,3 The identity of (2) is authenticated.
4.1) accepting the requesting vehicle node OBU 4,1 Determining a message Req 1,3 Whether in the valid period:
4.1.1) accepting the request during communicationVehicle node OBU of asking 4,1 Setting effective threshold T of time stamp according to network environment max ;
4.1.2) accepting a requesting vehicle node OBU 4,1 Calculating the current time T now_4,1 And authentication request Req 1,3 Middle transmission time stamp T 1,3 Difference of (a) T 1,3 =T now_4,1 -T 1,3 ;
4.1.3) will separate Δ T 1,3 And T max And (3) comparison:
if Δ T 1,3 ≤T max Then authenticate the request Req 1,3 In effect, perform step 4.2)
Otherwise, for sending the request vehicle node OBU 1,3 Fails the authentication.
4.2) accepting the requesting vehicle node OBU 4,1 By means of the nearest central node CA 2 Managed 1 st roadside unit node RSU 2,1 Containing Cer on the acquisition Block chain 1,3 Authentication message Mes of certificates 2_1,3 The verification message comprises a Block d Merkle root hash value MerkleroHash d Block d Block certificate BlockCer stored in 1,3 And hash value of 5 certificates CerHash d ={CerHash d_r L 1 is more than or equal to r and less than or equal to 5, wherein d is more than or equal to 0 and less than or equal to l, and l is the total height of the block on the current main chain;
4.2.1) accepting a requesting vehicle node OBU 4,1 Will send the public key certificate Cer of the requesting vehicle node 1,3 Sends to the roadside unit node RSU nearest to the self 2,1 ;
4.2.2) roadside Unit node RSU 2,1 Public key certificate Cer 1,3 Forward to the central node CA to which it belongs 2 ;
4.2.3) Central node CA 2 At receiving unit node RSU 2,1 Transmitted public key certificate Cer 1,3 Then, whether there is Block is searched from the last Block of the Block chain to the front in sequence 10 Therein stores and contains Cer 1,3 The transaction of (2):
if yes, returning a message Mes 2_1,3 Execution 4.2.4);
otherwise, query Cer 1,3 Failure, CA 2 To RSU 2,1 Returning messages Mes whose content is a sequence of all 0 s 2_1,3 ;
4.2.4) Unit node RSU 2,1 Mes message to be received 2_1,3 Returning to the OBU receiving the request vehicle node 4,1 。
4.3) accepting the requesting vehicle node OBU 4,1 Authentication messages Mes 2_1,3 Whether or not to include the public key certificate Cer 1,3 The verification value sequence of (1):
if Mes 2_1,3 Is a full 0 sequence, then the message Mes 2_1,3 Not including verification value, for sending request vehicle node OBU 1,3 Fails the identity authentication;
otherwise, message Mes 2_1,3 Including the verification value, perform step 4.4);
4.4) accepting the requesting vehicle node OBU 4,1 For public key certificate Cer 1,3 And (4) carrying out verification:
4.4.1) accepting a requesting vehicle node OBU 4,1 Firstly, according to 5 Hash values CerHash 10 Calculating a Merkle tree root hash value MRHash; then, it is combined with the Block 10 Merkle root hash value MerkleroHash 10 And (3) comparison:
if MRHash is MerkLeRootHash 10 Then Block 10 The transaction stored in (1) is not tampered, and step 4.4.2) is executed;
otherwise, the transaction is tampered, and the OBU is used for sending the request 1,3 Fails the identity authentication;
4.4.2) accepting requesting vehicle node OBU 4,1 Validating Mes 2_1,3 Block certificate BlockCer in (1) 1,3 Aggregate signature Sig of aggCer Whether e (Sig) is satisfied aggCer ,g 2 )=e(H 0 (Cer 1,3 ),apk):
If yes, the block certificate BlockCer 1,3 Not tampered, executing step 4.4.3);
otherwise, to the sending requesting vehicle OBU 1,3 Fails the identity authentication;
4.4.3) accepting a requesting vehicle node OBU 4,1 According to the judgment block certificate Block Cer 1,3 Verifying the block certificate BlockCer by the value of the revocation flag bit in (1) 1,3 Whether it is a revocation certificate:
if the certificate revoking flag bit is 1, the block certificate BlockCer 1,3 Step 4.5) is executed for a valid certificate;
otherwise, the block certificate BlockCer 1,3 To revoke the certificate, the requesting vehicle OBU is sent 1,3 Fails the authentication.
4.5) accepting the requesting vehicle node OBU 4,1 Judging the decrypted signature information DSig 1,3 And request message Req 1,3 Whether the concatenated data in (1) is consistent:
4.5.1) Accept message vehicle node OBU 4,1 By Cer 1,3 Public key Pub in (1) 1,3 For Req 1,3 Signature Sig in (1) 1,3 Decrypting to obtain a decryption result DSig 1,3 ={DCer 1,3 ||Dr 1,3 ||DT 1,3 }, wherein; DCer 1,3 Is to the signature Sig 1,3 Cer certificate 1,3 Is decrypted, Dr 1,3 Is to the signature Sig 1,3 Middle random number r 1,3 Decryption result of (D), DT 1,3 Is to the signature Sig 1,3 Middle time stamp T 1,3 The decryption result of (2);
4.5.2) decryption result DCer 1,3 ||Dr 1,3 ||DT 1,3 And Req 1,3 Data string { Cer in (1) 1,3 ||r 1,3 ||T 1,3 Comparing:
if { DCer 1,3 ||Dr 1,3 ||DT 1,3 }={Cer 1,3 ||r 1,3 ||T 1,3 }, the signature information DSig is decrypted 1,3 And request message Req 1,3 Step 5) is executed when the cascade data in the step (5) are consistent;
otherwise, the signature information DSig is decrypted 1,3 And request message Req 1,3 In the event of cascade data inconsistency, the OBU of the vehicle sending the request 1,3 Fails the authentication.
Step 5, receiving the request vehicle node OBU 4,1 And sending request vehicle node OBU 1,3 Of (2)And exchanging and performing identity authentication.
5.1) sending request vehicle node OBU in unsafe network environment 4,1 To the accepting requesting vehicle node OBU to be answered 1,3 Sending an authentication response message Rep 4,1 :
5.1.1) sending request vehicle node OBU 4,1 Generating a random number r 4,1 And request timestamp T 4,1 And using the private key Pri 4,1 Public key certificate Cer 4,1 A random number r 4,1 And request timestamp T 4,1 The cascade connection is carried out to form a signature Sig of the data string 4,1 ;
5.1.2) by public key certificate Cer 4,1 A random number r 4,1 Request time stamp T 4,1 And signature Sig of data string 4,1 Composing an authentication request message: req 4,1 ={Cer 4,1 ||r 4,1 ||T 4,1 ||Sig 4,1 };
5.1.3) sending a request vehicle node OBU 4,1 Will request message Req 4,1 Sending to the vehicle node OBU accepting the request 1,3 ;
5.2) vehicle node OBU accepting request 1,3 Responding to message Rep by authentication 4,1 To the vehicle node OBU sending the request 4,1 The identity of (2) is authenticated:
5.2.1) accepting a requesting vehicle node OBU 1,3 Judging message Rep 4,1 Whether in the validity period:
5.2.1a) vehicle node OBU accepting requests during communication 1,3 Setting effective threshold T of time stamp according to network environment max ;
5.2.1b) acceptance of requesting vehicle node OBU 1,3 Calculating the current time T now_1,3 And authentication request Req 4,1 Middle transmission time stamp T 4,1 The difference of (a): delta T 4,1 =T now_1,3 -T 4,1 ;
5.2.1c) will Δ T 4,1 And T max And (3) comparison:
if Δ T 4,1 ≤T max Then authenticate the request Req 4,1 Within the effective, executing step5.2.2)
Otherwise, for sending the request vehicle node OBU 4,1 Fails the authentication.
5.2.2) accepting requesting vehicle node OBU 1,3 By means of the nearest central node CA 3 Managed 2 nd roadside unit node RSU 3,2 Including Cer on the acquisition Block chain 4,1 Authentication message Mes of certificates 3_4,1 :-
5.2.2a) Accept requesting vehicle node OBU 1,3 Will send the public key certificate Cer of the requesting vehicle node 4,1 Sending to the roadside unit node RSU nearest to the node RSU 3,2 ;
5.2.2b) roadside Unit node RSU 3,2 Public key certificate Cer 4,1 Forwards to the central node CA to which it belongs 3 ;
5.2.2c) Central node CA 3 At receiving unit node RSU 3,2 Transmitted public key certificate Cer 4,1 Then, whether there is Block is searched from the last Block of the Block chain to the front in sequence 15 Therein storing a solution containing Cer 4,1 The transaction of (2):
if yes, returning a message Mes 3_4,1 ;
Otherwise, query Cer 4,1 Failure, CA 3 To RSU 3,2 Returning messages Mes whose content is a sequence of all 0 s 3_4,1 ;
5.2.2d) Unit node RSU 3,2 Mes message to be received 3_4,1 Returning to the OBU receiving the request vehicle node 1,3 。
5.2.3) accepting the requesting vehicle node OBU 1,3 Authentication messages Mes 3_4,1 Whether or not to include the public key certificate Cer 4,1 The verification value sequence of (1):
if Mes 3_4,1 Is a full 0 sequence, then the message Mes 3_4,1 Not containing verification value, for sending request vehicle node OBU 4,1 Fails the identity authentication;
otherwise, message Mes 3_4,1 Including the verification value, step 5.2.4) is performed.
5.2.4) accepting the requesting vehicle node OBU 1,3 To public keyCertificate Cer 4,1 And (4) carrying out verification:
5.2.4a) Accept requesting vehicle node OBU 1,3 Firstly, according to 5 Hash values CerHash 15 Calculating MRHash value of Merkle tree root, and then combining the MRHash value with Block Block 15 Merkle root hash value MerkleroHash 15 And (3) comparison:
if MRHash is MerkleroHash 15 Then Block 15 The transaction stored in (1) has not been tampered with, step 5.2.4b) is performed;
otherwise, the transaction is tampered, and the OBU is used for sending the request 4,1 Fails the identity authentication;
5.2.4b) accepting the requesting vehicle node OBU 1,3 Validating Mes 3_4,1 Block certificate in (BlockCer) 4,1 Aggregate signature Sig of aggCer Whether e (Sig) is satisfied aggCer ,g 2 )=e(H 0 (Cer 4,1 ),apk):
If yes, the block certificate BlockCer 4,1 Not tampered, executing step 5.2.4 c);
otherwise, to the sending requesting vehicle OBU 4,1 Fails the identity authentication;
5.2.4c) accepting the requesting vehicle node OBU 1,3 According to the judgment block certificate Block Cer 4,1 Verifying the block certificate BlockCer by the value of the revocation flag bit in (1) 4,1 Whether it is a revocation certificate:
if the certificate revoke flag bit is 1, the block certificate BlockCer 4,1 Step 5.2.5) is executed for a valid certificate;
otherwise, the block certificate BlockCer 4,1 To revoke the certificate, the requesting vehicle OBU is sent 4,1 Fails the authentication.
5.2.5) accepting a requesting vehicle node OBU 1,3 Judging the decrypted signature information DSig 4,1 And request message Req 4,1 Whether the concatenated data in (1) is consistent:
5.2.5a) Accept message vehicle node OBU 1,3 By Cer 4,1 Public key Pub in (1) 4,1 For Req 4,1 Signature Sig in (1) 4,1 Decrypting to obtain a decryption result DSig 4,1 ={DCer 4,1 ||Dr 4,1 |DT 4,1 }, wherein; DCer 4,1 Is to the signature Sig 4,1 Cer certificate 4,1 Is decrypted, Dr 4,1 Is to the signature Sig 4,1 Middle random number r 4,1 Decryption result of (D), DT 4,1 Is to the signature Sig 4,1 Middle time stamp T 4,1 The decryption result of (2);
5.2.5b) decryption result DCer 4,1 ||Dr 4,1 |DT 4,1 And Req 4,1 Data string { Cer in (1) } 4,1 ||r 4,1 ||T 4,1 -comparing:
if { DCer 4,1 ||Dr 4,1 |DT 4,1 }={Cer 4,1 ||r 4,1 ||T 4,1 }, the signature information DSig is decrypted 4,1 And request message Req 4,1 Step 5.3) is executed if the cascade data in the step are consistent;
otherwise, the signature information DSig is decrypted 4,1 And request message Req 4,1 In the cascade data inconsistency, to the sending requesting vehicle OBU 4,1 Fails the authentication.
5.3) accepting the requesting vehicle node OBU 1,3 And sending the requesting vehicle node OBU 4,1 Are respectively based on r 1,3 、r 4,1 And calculating a common session key by using a key negotiation algorithm to complete the bidirectional identity authentication of the Internet of vehicles equipment.
The key negotiation algorithm has various types of RSA, DH and PSK, and the PSK algorithm performance is superior to that of the RSA and DH algorithms, so that the PSK algorithm is adopted but not limited in the embodiment, and the calculation formula is as follows:
wherein,
is to accept the request vehicle node OBU 1,3 And sending the requesting vehicle node OBU 4,1 Is shared with the key.
Claims (10)
1. A vehicle networking certificate authentication method based on a block chain is characterized by comprising the following steps:
(1) initialization:
with N certificate authorities CA ═ { CA ═ CA n N is more than or equal to 1 and less than or equal to N is taken as a central node, wherein, CA n Representing the nth central node, wherein N is more than or equal to 2;
all central nodes CA are generated by a consensus mechanism (q, G) 1 ,G 2 ,G t ,e,g 1 ,g 2 ,H 0 ,H 1 ) Parameter, wherein q is a large prime number, G 1 Is a first q-order cyclic addition group, G 2 Is a second q-order cyclic addition group, G t Is a cyclic multiplicative group of order q, g 1 Is G 1 Generating element of (1), g 2 Is G 2 A generator, e is G 1 、G 2 To G t Bilinear mapping of (2): g 1 ×G 2 →G t ,H 0 Is mapped to G 1 Hash function of H 1 Is mapped to Z q Hash function of, Z q Is a set of integers modulo q;
(2) each central node CA n Distributing a private key Pri, an aggregation public key apk and a public key certificate Cer for vehicle nodes and roadside unit nodes managed by the system, and storing the public key certificate into a block chain;
(3) in an unsecured network environment, a central node CA n Managed ith vehicle node OBU n,i To a central node CA m Managed jth to-be-communicated vehicle node OBU m,j Sending an authentication request message Req n,i N is more than or equal to 1 and less than or equal to N, M is more than or equal to 1 and less than or equal to N, and i is more than or equal to 1 and less than or equal to M n ,1≤j≤M n And when n ≠ M, M n Is the number of vehicle nodes, R, managed by the nth central node n The number of roadside unit nodes managed by the nth central node;
(4) receiving a requesting vehicle node OBU m,j By authentication request message Req n,i To sending request vehicle node OBU n,i The identity of (2) is authenticated:
(4a) receiving a requesting vehicle node OBU m,j Determining a message Req n,i Whether in the valid period: if yes, executing step 4 b); otherwise, for sending the request vehicle node OBU n,i Fails the identity authentication;
(4b) receiving a requesting vehicle node OBU m,j By means of the nearest central node CA x Managed y-th roadside unit node RSU x,y Containing Cer on the acquisition Block chain n,i Authentication messages Mes for certificates x_n,i The verification message comprises a Block d Merkle root hash value MerkleroHash d Block of d Block certificate BlockCer stored in n,i And hash values of q certificates CerHash d ={CerHash d_r R is more than or equal to 1 and less than or equal to q, wherein x is more than or equal to 1 and less than or equal to N, and y is more than or equal to 1 and less than or equal to R n D is more than or equal to 0 and less than or equal to l, q is more than or equal to 1, and l is the total height of the block on the current main chain;
(4c) receiving a requesting vehicle node OBU m,j Judgment of Mes x_n,i Whether or not to include the public key certificate Cer n,i The verification value sequence of (1): if yes, executing step 4 d); otherwise, for sending the request vehicle node OBU n,i Wherein x is more than or equal to 1 and less than or equal to N, and y is more than or equal to 1 and less than or equal to R n ,Cer n,i For request messages Req n,i In-transit requesting vehicle node OBU n,i The public key certificate of (1);
(4d) receiving a requesting vehicle node OBU m,j For public key certificate Cer n,i And (4) carrying out verification:
(4d1) receiving a requesting vehicle node OBU m,j Mes judgment by verifying hash value k_n,i Whether tampered by other malicious nodes: if yes, the OBU is carried out on the vehicle node which sends the request n,i Fails the identity authentication; otherwise, execute 4d 2);
(4d2) receiving a requesting vehicle node OBU m,j Validating Mes x_n,i Block certificate in (BlockCer) n,i Aggregate signature Sig of aggCer Whether e (Sig) is satisfied aggCer ,g 2 )=e(H 0 (Cer n,i ) Apk): if yes, the block certificate BlockCer n,i Not tampered with, go to step 4d 3); otherwise, to the sending requesting vehicle OBU n,i Fails the identity authentication;
(4d3) receiving a requesting vehicle node OBU m,j Verify block certificate BlockCer n,i Whether it is a revocation certificate: if yes, the OBU is carried out on the node of the vehicle sending the request n,i The identity authentication fails; otherwise, execute 4 e);
(4e) receiving a requesting vehicle node OBU m,j Judging the decrypted signature information DSig n,i And request message Req n,i Whether the concatenated data in (1) is consistent: if yes, the OBU is carried out on the node of the vehicle sending the request n,i The identity authentication is successful, and 5) is executed; otherwise, authentication fails;
(5) will accept the requesting vehicle node OBU m,j And sending request vehicle node OBU n,i The identity marks are exchanged, and identity authentication is carried out;
(5a) sending a request vehicle node OBU in an unsecure network environment m,j To the accepting requesting vehicle node OBU to be answered n,i Sending an authentication response message Rep m,j ;
(5b) Vehicle node OBU accepting requests n,i Responding to message Rep by authentication m,j To the vehicle node OBU sending the request m,j The identity of (2) is authenticated: if the identification is successful, executing 5 c); otherwise, the key negotiation fails;
(5c) receiving a requesting vehicle node OBU n,i And sending the requesting vehicle node OBU m,j And calculating a key agreement result to complete the certification of the Internet of vehicles.
2. The method of claim 1, wherein each of the central nodes CA in step (2) n Distributing a private key Pri, an aggregation public key apk and a public key certificate Cer for a vehicle node and a roadside unit node managed by the system, and realizing the following steps:
(2a) each central node CA n Generating a public key Pub and a private key Pri according to the identity Iden of each managed vehicle node OUB and roadside unit RSU, generating a public key certificate Cer according to the identity Iden and the public key Pub, and generating an aggregated public key according to the public keys of all central nodes
Wherein pk i Is a central node CA i The public key of (2);
(2b) central node CA n Broadcasting public key certificates Cer to other nodes CA on a federation chain j Other nodes CA j Verifying the public key certificate Cer after receiving the public key certificate Cer, signing the public key certificate Cer after the verification is successful, and signing the signature information Sig cer,j =sk j ·H 0 (Cer) Return to Central node CA n Wherein, sk j Is CA j J is more than or equal to 1 and less than or equal to N;
(2c) central node CA n Generating an aggregated signature upon receipt of signature information from other nodes
According to the public key Cer and the aggregate signature Sig aggCer Generating a block certificate BlockCer, encoding and packaging the block certificate BlockCer into a transaction Tr n Then transacting the transaction Tr n Broadcasting to other central nodes in the alliance chain network, and waiting for other central nodes to perform transaction Tr n Writing the block chain after verification;
(2d) central node CA n Learning of transaction Tr n And after the data are written into the block chain, the aggregation public key apk, the private key Pri and the certificate Cer are safely distributed to the corresponding Internet of vehicles equipment nodes through an offline channel.
3. The method of claim 1, wherein vehicle node OBU in step (3) n,i To waiting to communicate vehicle node OBU m,j Transmitted authentication request message Req n,i Expressed as follows:
Req n,i ={Cer n,i ||r n,i ||T n,i ||Sig n,i }
wherein, Cer n,i Is to send a request vehicle node OBU n,i Public key certificate of r n,i Is to send a request vehicle node OBU n,i Generated random number, T n,i Is to send a request vehicle node OBU n,i Request time stamp of n,i Is to send a requestVehicle node OBU n,i To Cer n,i 、r n,i And T n,i Signatures of concatenated data strings, N is greater than or equal to 1 and less than or equal to N, i is greater than or equal to 1 and less than or equal to M n 。
4. The authentication method according to claim 1, wherein the request vehicle node OBU is accepted in step (4a) m,j Determining authentication messages Req n,i Whether in the validity period, the following is realized:
(4a1) setting a valid threshold T for a timestamp max ;
(4a2) Receiving a requesting vehicle node OBU m,j Calculating the current time T now_m,j And authentication request Req n,i Middle transmission time stamp T n,i Difference of (a) T n,i =T now_m,j -T n,i ;
(4a3) Will be Delta T n,i And T max And (3) comparison:
if Δ T n,i ≤T max Then Req n,i In effect
Otherwise, the time does not fall within the validity period.
5. The method of claim 1, wherein accepting the requesting vehicle node OBU in step (4b) is performed by a vehicle node OBU receiving the request m,j By the nearest roadside unit node RSU x,y Obtaining a public key certificate Cer contained in a block chain n,i Has been verified to be the Mes x_n,i The implementation is as follows:
(4b1) receiving a requesting vehicle node OBU m,j Will send the public key certificate Cer of the requesting vehicle node n,i Sending to the roadside unit node RSU nearest to the node RSU x,y ;
(4b2) Roadside unit node RSU x,y Forwarding public key certificate to its affiliated central node CA x ;
(4b3) Central node CA x At receiving unit node RSU x,y Transmitted public key certificate Cer n,i Then, whether there is Block is searched from the last Block of the Block chain to the front in sequence d Therein storing a solution containing Cer n,i The transaction of (2):
if so,then return the message Mes x_n,i ,
Otherwise, query Cer n,i Failure, CA x To RSU x,y Returning messages Mes whose content is a sequence of all 0 s x_n,i Wherein d is more than or equal to 1 and less than or equal to l, and l is the total height of the blocks on the current block chain;
(4b4) unit node RSU x,y Mes message to be received x_n,i Returning to the OBU receiving the request vehicle node m,j 。
6. The method of claim 1, wherein accepting the requesting vehicle node OBU in step (4b) is performed by a vehicle node OBU receiving the request m,j Authentication messages Mes x_n,i Whether or not to include the public key certificate Cer n,i Is based on the message Mes x_n,i The sequence judgment of (1):
if Mes x_n,i Is a full 0 sequence, then the message Mes x_n,i No verification value is included.
Otherwise, message Mes x_n,i Including the verification value.
7. The method of claim 1, wherein step (4d1) accepts the requesting vehicle node OBU m,j Mes judgment by verifying hash value k_n,i Whether the node is tampered by other malicious nodes is determined by the OBU (on board unit) of the vehicle receiving the request m,j Firstly according to q hash values CerHash d Calculating a Merkle tree root hash value MRHash; then, it is combined with the Block d Merkle root hash value MerkleroHash d And (3) comparison:
if MRHash is MerkleroHash d Then Block d The transaction stored in (1) has not been tampered with:
otherwise, the transaction is tampered.
8. The method of claim 1, wherein the block certificate BlockCer of step (4d2) n,i The system consists of a certificate standard domain, a certificate extension domain and an aggregated signature;
the certificate standard domain comprises a certificate version number, a certificate serial number, an expense identification bit, an aggregation signature algorithm identifier, a certificate validity end time, a vehicle networking equipment main body name, vehicle networking equipment main body public key information, an issuer CA unique identifier and a vehicle networking equipment main body unique identity identifier; when the revoke flag value is 0, it indicates that the certificate has been revoked, and when it is 1, it indicates that the certificate has not been revoked.
The certificate extension domain comprises public key usage in a certificate, certificate strategies, strategy mapping, alternative names of vehicle networking equipment bodies and basic constraints.
9. The method of claim 1, wherein accepting the requesting vehicle node OBU in step (4d3) m,j Verifying the block certificate BlockCer n,i Whether the certificate is a revoke certificate is judged according to the block certificate BlockCer n,i The certificate revoking flag bit value in (1) is carried out:
if the certificate revoke flag bit is 1, the block certificate BlockCer n,i Is a valid certificate;
otherwise, the block certificate BlockCer n,i To revoke the certificate.
10. The method of claim 1, wherein accepting the requesting vehicle node OBU in step (4e) is performed by a vehicle node OBU receiving the request m,j Judging the decrypted signature information DSig n,i And request message Req n,i Whether the concatenated data in (1) are consistent is realized as follows:
(4e1) receiving message vehicle node OBU m,j By Cer n,i Public key Pub in (1) n,i For Req n,i Signature Sig in (1) n,i Decrypting to obtain a decryption result DSig n,i ={DCer n,i ||Dr n,i ||DT n,i }, wherein; DCer n,i Is to the signature Sig n,i Cer certificate n,i Is decrypted, Dr n,i Is to the signature Sig n,i Middle random number r n,i Decryption result of (D), DT n,i Is to the signature Sig n,i Middle time stamp T n,i The decryption result of (2);
(4e2) decoding result DCer n,i ||Dr n,i ||DT n,i And Req n,i Data string { Cer in (1) } n,i ||r n,i ||T n,i Comparing:
if { DCer n,i ||Dr n,i ||DT n,i }={Cer n,i ||r n,i ||T n,i }, the signature information DSig is decrypted n,i And request message Req n,i The cascade data in (1) are consistent;
otherwise, the signature information DSig is decrypted n,i And request message Req n,i The concatenated data in (1) is inconsistent.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210689218.7A CN115102695B (en) | 2022-06-16 | Block chain-based internet of vehicles certificate authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210689218.7A CN115102695B (en) | 2022-06-16 | Block chain-based internet of vehicles certificate authentication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115102695A true CN115102695A (en) | 2022-09-23 |
| CN115102695B CN115102695B (en) | 2024-09-24 |
Family
ID=
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115567228A (en) * | 2022-12-07 | 2023-01-03 | 北京邮电大学 | Data transmission method and device, electronic equipment and storage medium |
| CN117676580A (en) * | 2023-12-14 | 2024-03-08 | 上海博汽智能科技有限公司 | Safety authentication method based on vehicle-mounted gateway |
| CN118509251A (en) * | 2024-07-12 | 2024-08-16 | 中汽数据(天津)有限公司 | Method and system for protecting vehicle privacy data based on collective signature |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110446183A (en) * | 2019-06-01 | 2019-11-12 | 西安邮电大学 | Car networking system and working method based on block chain |
| CN111372248A (en) * | 2020-02-27 | 2020-07-03 | 南通大学 | Efficient anonymous identity authentication method in Internet of vehicles environment |
| CN112153608A (en) * | 2020-09-24 | 2020-12-29 | 南通大学 | Vehicle networking cross-domain authentication method based on side chain technology trust model |
| CN112437108A (en) * | 2020-10-09 | 2021-03-02 | 天津大学 | Decentralized identity authentication device and method for privacy protection of Internet of vehicles |
| CN112929179A (en) * | 2021-01-22 | 2021-06-08 | 西安电子科技大学 | Vehicle networking equipment identity authentication and key agreement method based on block chain |
| US20210288819A1 (en) * | 2019-03-07 | 2021-09-16 | Tencent Technology (Shenzhen) Company Limited | Method for issuing identity certificate to blockchain node and related apparatus |
| CN114125773A (en) * | 2021-11-23 | 2022-03-01 | 上海交通大学 | Vehicle networking identity management system and management method based on block chain and identification password |
| US20220094546A1 (en) * | 2020-09-24 | 2022-03-24 | Huawei Technologies Co., Ltd. | Authentication method and system |
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20210288819A1 (en) * | 2019-03-07 | 2021-09-16 | Tencent Technology (Shenzhen) Company Limited | Method for issuing identity certificate to blockchain node and related apparatus |
| CN110446183A (en) * | 2019-06-01 | 2019-11-12 | 西安邮电大学 | Car networking system and working method based on block chain |
| CN111372248A (en) * | 2020-02-27 | 2020-07-03 | 南通大学 | Efficient anonymous identity authentication method in Internet of vehicles environment |
| CN112153608A (en) * | 2020-09-24 | 2020-12-29 | 南通大学 | Vehicle networking cross-domain authentication method based on side chain technology trust model |
| US20220094546A1 (en) * | 2020-09-24 | 2022-03-24 | Huawei Technologies Co., Ltd. | Authentication method and system |
| CN112437108A (en) * | 2020-10-09 | 2021-03-02 | 天津大学 | Decentralized identity authentication device and method for privacy protection of Internet of vehicles |
| CN112929179A (en) * | 2021-01-22 | 2021-06-08 | 西安电子科技大学 | Vehicle networking equipment identity authentication and key agreement method based on block chain |
| CN114125773A (en) * | 2021-11-23 | 2022-03-01 | 上海交通大学 | Vehicle networking identity management system and management method based on block chain and identification password |
Non-Patent Citations (4)
| Title |
|---|
| J. JEONG, ED.; Y. SHEN; SUNGKYUNKWAN UNIVERSITY;J. PARK;ETRI;: "Basic Support for Security and Privacy in IP-Based Vehicular Networks draft-jeong-ipwave-security-privacy-01", IETF, 7 May 2020 (2020-05-07) * |
| 关振宇;陈永江;李大伟;刘玮;余丹;: "一种基于区块链的车联网跨域认证方案", 网络空间安全, no. 09, 16 September 2020 (2020-09-16) * |
| 张勖;马欣;: "基于区块链的轻量化移动自组网认证方案", 网络与信息安全学报, no. 04, 15 August 2020 (2020-08-15) * |
| 王春东 等: "车联网互信认证与安全通信综述", 计算机科学, 31 December 2020 (2020-12-31) * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115567228A (en) * | 2022-12-07 | 2023-01-03 | 北京邮电大学 | Data transmission method and device, electronic equipment and storage medium |
| CN115567228B (en) * | 2022-12-07 | 2023-03-24 | 北京邮电大学 | Data transmission method and device, electronic equipment and storage medium |
| CN117676580A (en) * | 2023-12-14 | 2024-03-08 | 上海博汽智能科技有限公司 | Safety authentication method based on vehicle-mounted gateway |
| CN117676580B (en) * | 2023-12-14 | 2024-05-17 | 上海博汽智能科技有限公司 | Safety authentication method based on vehicle-mounted gateway |
| CN118509251A (en) * | 2024-07-12 | 2024-08-16 | 中汽数据(天津)有限公司 | Method and system for protecting vehicle privacy data based on collective signature |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111372248B (en) | Efficient anonymous identity authentication method in Internet of vehicles environment | |
| CN106789090B (en) | Public key infrastructure system based on block chain and semi-random combined certificate signature method | |
| CN112153608B (en) | Vehicle networking cross-domain authentication method based on side chain technology trust model | |
| CN108599954B (en) | Identity verification method based on distributed account book | |
| CN114186248B (en) | Zero-knowledge proof verifiable certificate digital identity management system and method based on block chain intelligent contracts | |
| CN109698754B (en) | Fleet safety management system and method based on ring signature and vehicle management platform | |
| CN112399382A (en) | Vehicle networking authentication method, device, equipment and medium based on block chain network | |
| CN109788482A (en) | Message anonymous authentication method and system under a kind of car networking environment between vehicle | |
| CN112929179B (en) | Vehicle networking equipment identity authentication and key agreement method based on block chain | |
| CN112543106B (en) | Vehicle privacy anonymous protection method based on block chain and group signature | |
| US20030126085A1 (en) | Dynamic authentication of electronic messages using a reference to a certificate | |
| CN112039870A (en) | Privacy protection-oriented vehicle-mounted network authentication method and system based on block chain | |
| CN101262342A (en) | Distributed authorization and validation method, device and system | |
| CN105516119A (en) | Cross-domain identity authentication method based on proxy re-signature | |
| CN112565294B (en) | Identity authentication method based on block chain electronic signature | |
| CN114430552B (en) | Vehicle networking v2v efficient communication method based on message pre-authentication technology | |
| CN114125773A (en) | Vehicle networking identity management system and management method based on block chain and identification password | |
| CN115580488A (en) | Vehicle-mounted network message authentication method based on block chain and physical unclonable function | |
| CN115515127A (en) | Vehicle networking communication privacy protection method based on block chain | |
| CN115002717A (en) | Internet of vehicles cross-domain authentication privacy protection model based on block chain technology | |
| CN117793670A (en) | Internet of vehicles secure communication method under block chain architecture | |
| CN114091009A (en) | Method for establishing secure link by using distributed identity | |
| CN114944953B (en) | Certificate-free anonymous authentication method for road condition monitoring in Internet of vehicles environment | |
| CN116828451A (en) | Block chain-based network connection motorcade identity authentication method, device and medium | |
| CN114462061B (en) | System and method for protecting double authentications based on privacy of Internet of vehicles |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |