CN116455578A - Vehicle mobile ad hoc network security authentication method based on blockchain technology - Google Patents
Vehicle mobile ad hoc network security authentication method based on blockchain technology Download PDFInfo
- Publication number
- CN116455578A CN116455578A CN202310336909.3A CN202310336909A CN116455578A CN 116455578 A CN116455578 A CN 116455578A CN 202310336909 A CN202310336909 A CN 202310336909A CN 116455578 A CN116455578 A CN 116455578A
- Authority
- CN
- China
- Prior art keywords
- block
- certificate
- communication node
- hoc network
- byte
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000005516 engineering process Methods 0.000 title claims abstract description 13
- 230000006854 communication Effects 0.000 claims abstract description 139
- 238000004891 communication Methods 0.000 claims abstract description 138
- 238000013461 design Methods 0.000 claims abstract description 9
- 230000007246 mechanism Effects 0.000 claims description 18
- 230000008901 benefit Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000012550 audit Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 241000549435 Pria Species 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a vehicle mobile ad hoc network security authentication method based on a blockchain technology. The method designs a double chain comprising a universal blockchain and a certificate revocation list chain and a double-block hybrid architecture type CA blockchain comprising a certificate newly-added block and a certificate revoked block. The certificate newly-added block is used for recording the digital identity certificate of the newly-accessed communication node in the mobile ad hoc network of the vehicle, and the certificate revocation block is used for recording the digital identity certificate of the revoked communication node evacuated in the network. The universal blockchain directly connects adjacent blocks and the certificate revocation list chain connects adjacent certificate revocation blocks. When the communication node in the network performs security authentication, the certificate revocation list chain in the block chain is queried to query the certificate revocation state, and the certificate newly-added block is utilized to rapidly confirm the authenticity of the certificate, so that the security authentication is completed. The method can rapidly complete the safety authentication and safety communication of the identity, and ensure the safety and reliability of the mobile ad hoc network communication environment of the vehicle.
Description
Technical Field
The invention belongs to the field of vehicle mobile ad hoc network communication safety, and particularly relates to a vehicle mobile ad hoc network safety authentication method based on a block chain technology.
Background
The vehicle mobile ad hoc network is gradually expanded from an early military battlefield environment to scenes such as emergency communication, underground garage communication and the like, and the application field of the vehicle mobile ad hoc network is gradually wide and open. Unlike a mobile communication system with infrastructure, nodes in a vehicle mobile ad hoc network all have the ability to participate in the network. On the premise of this, the authentication result of the node is not only related to whether the node is allowed to access the network and use network resources according to the authority regulation, but also is more important to confirm the legal identity of the node, thereby ensuring the impersonation and non-repudiation of the communication process in the mobile ad hoc network of the vehicle. Therefore, a safe and effective authentication communication mechanism is always one of the core demands of the mobile ad hoc network of the vehicle.
The vehicle mobile ad hoc network is a movable peer-to-peer network consisting of tens to hundreds of mobile nodes, forms any network topology structure through the connection of wireless links, generally lacks a central centralized management mechanism, and has the characteristics of dispersibility and dynamic multi-hop change. Limited by the complex space network environment, the distributed network has the characteristics of loose structure, multiple exposure links and the like, and the traditional internet networking service and technology cannot be easily transplanted into a vehicle mobile ad hoc network scene. The vehicle mobile ad hoc network lacks infrastructure support, does not have a central authorization and authentication mechanism, and the node network topology is dynamically changed, so that reliable trust relationship is difficult to establish between nodes, and the conventional encryption and authentication mechanism is difficult to take care of in the vehicle mobile ad hoc network.
The characteristics of decentralization of the blockchain, a consensus mechanism for synchronization, tamper resistance and the like provide a new thought for the development of a vehicle mobile ad hoc network, and aiming at the inapplicability of the existence of a centralized identity authentication system, many schemes arrange traditional CA on a plurality of nodes of the blockchain to realize distributed authentication. The introduction of blockchains brings many benefits: first, the consensus mechanism of the blockchain originally supports the data consistency of multiple nodes, and related data can be stored in the blockchain by using a high-level programming language intelligent contract running on the blockchain, so that a user can apply for and inquire certificates under multiple nodes; second, the blockchain has trust basis due to its decentralization and non-tamperable properties, and different users can perform secure information interaction. Therefore, how to reasonably and efficiently apply the blockchain technology to the field of vehicle mobile ad hoc network communication security is a problem to be considered.
Disclosure of Invention
In order to solve the problems, the invention discloses a vehicle mobile ad hoc network safety authentication method based on a blockchain technology, which can rapidly complete safety authentication and safety communication of identities and ensure safety and reliability of a vehicle mobile ad hoc network communication environment.
In order to achieve the above purpose, the technical scheme of the invention is as follows:
a vehicle mobile ad hoc network safety authentication method based on a blockchain technology comprises double chains of a general blockchain and a certificate revocation list chain and a CA blockchain of a double-block mixed structure type comprising a certificate newly-added block and a certificate revocation block, and safety authentication among communication nodes in the vehicle mobile ad hoc network is realized according to the CA blockchain of the mixed structure, so that safety communication is further carried out. The certificate newly-added block is used for recording the digital identity certificate of the newly-accessed communication node in the vehicle mobile ad hoc network, the certificate revocation block is used for recording the digital identity certificate of the communication node evacuated from the vehicle mobile ad hoc network, and the blocks are generated by consensus of the communication nodes in the vehicle mobile ad hoc network. The universal blockchain directly connects adjacent blocks and the certificate revocation list chain connects adjacent certificate revocation blocks. Before network communication, the new communication node links the digital identity certificate through the common identification mechanism of the original communication node; when the communication node withdraws from the revocation, the certificate of the communication node can link the serial number of the digital identity certificate through the consensus mechanism of the existing communication node; when the communication node in the mobile ad hoc network of the vehicle is authenticated safely, the certificate revocation state is queried through querying a certificate revocation list chain in the block chain, and the certificate authenticity is rapidly confirmed by using the certificate newly-added block, so that the safety communication is completed.
Further, the connection mode between the certificate newly-added block and the certificate revoke block is topological connection, and each block is designed as follows:
(1) The certificate newly added block consists of a 428-byte block header and a variable length block, wherein the block header field comprises a 4-byte current block Version number Version, a 32-byte last block hash value PreHash, a 32-byte local block MerkleRootHash value MerkleRootHash, an 8-byte block generation TimeStamp TimeStamp, a 128-byte local block generator public key AutPubKey, a 128-byte block Signature, a 32-byte block serial number Block num and a 32-byte communication node number Connum in the mobile ad hoc network of the vehicle; the block body of the newly added block of the certificate contains a newly added certificate record within a certain period of time, and as a single block can record a large number of certificates, the certificates ensure the legal validity of the certificates through one-time collective signature of legal communication nodes, and the security of the certificates through the non-falsifiability of a block chain;
(2) The certificate revocation block consists of a 428-byte block header and a variable-length block, and the block header field comprises a 4-byte current block Version number Version, a 32-byte last block hash value preslash, a 32-byte local block content hash value ConHash, an 8-byte block generation TimeStamp TimeStamp, a 128-byte local block generator public key AutPubKey, a 128-byte block Signature, a 32-byte last certificate revocation block hash LastcrlHash, a 32-byte block serial number Blocknum and a communication node number Connum in a 32-byte vehicle mobile ad hoc network. The block of the certificate revocation block contains the serial number of the newly added revoked certificate.
Further, when a new communication node in the vehicle mobile ad hoc network needs to be registered in the network, the communication node submits registration information to any nearby communication node in the network, the communication node in the network audits the registration information, generates a corresponding public key and a private key after auditing, encrypts and sends the encrypted registration information to the registered communication node; the communication node in the network stores all the digital certificates of the communication nodes which are successfully audited in a period in the block body of the newly added block of the certificate in a Merkle tree mode, signs the digital certificates and then attaches the digital certificates in the block head, then the newly added block of the certificate is uplink through a common identification mechanism of the communication node in the mobile ad hoc network of the vehicle, and after the block uplink is successful, the digital certificates of the communication nodes are sent to the communication nodes which are newly registered in the network to be registered for success information.
Further, when a certain communication node needs to evacuate the vehicle mobile ad hoc network, the communication node digital certificate needs to be revoked in the vehicle mobile ad hoc network. The communication node stores the serial number of the self certificate in the block body of the certificate revocation block, signs the serial number and then attaches the serial number in the block head, and then uplinks the certificate revocation block through a consensus mechanism of the communication node in the mobile ad hoc network of the vehicle.
Further, for a communication node whose digital identity certificate has been booted and has not been revoked, the legitimacy of its digital identity certificate has been verified on the blockchain. The communication node in the mobile ad hoc network downloads the blockchain data and becomes a new consensus node after the digital certificate is successfully registered, and then periodically updates the certificate revocation list according to the latest certificate revocation block content in an idle stage so as to authenticate and inquire. Under the general condition, the communication node can query the blockchain in the self database, query the certificate revocation state by using the certificate revocation list chain, quickly confirm the authenticity of the certificate by using the newly added block of the certificate, finish the security authentication, and perform quick security authentication and security communication based on the blockchain.
Further, the digital identity certificate in the block in the certificate newly-added block is designed as follows:
the digital identity certificate consists of 496 bytes including a 32-byte certificate number serial number, a 128-byte certificate public key subpubkey, and a related public description of a 336-byte certificate subdiscipline. Because the certificates of the communication nodes are stored in the area blocks of the newly added blocks of the certificates in batches, the integrity and the difficulty in tampering of the certificates can be ensured through the non-tampering of the Merkel tree. And because the legal communication nodes sign the blocks, the validity and the credibility of the certificates in the blocks are ensured in batches, so that each certificate does not need to be signed independently, and the efficiency of issuing the certificates by the communication nodes is greatly improved.
The invention has the technical advantages that:
(1) In the safety communication flow between the communication nodes in the mobile ad hoc network of the vehicle, because the certificates in the block are signed and then are uplinked, the communication parties can quickly confirm the authenticity and the validity of the certificates by only inquiring on the block chain based on the non-tamper property of the block chain, and compared with the traditional identity authentication system based on PKI, the invention reduces the verification and calculation delay of the validity of the certificates and has certain advantages in time performance.
(2) In the invention, the certificate newly-added block stores the certificate content in the Merkle tree form, so that a single block can record a large number of certificates. Therefore, the communication nodes can register in batches to access the network, and the quick grid connection between the two vehicle mobile ad hoc networks is convenient to realize.
(3) The distributed CA block chain is constructed based on the block chain technology, the distributed CA block chain has the properties of decentralization and non-falsification, the communication nodes in the vehicle mobile ad hoc network still have trust basis on the basis of non-decentralization CA, and different communication nodes can perform safe information interaction, so that the problems that the established single CA is attacked or the CA itself is a wrought node and the like are effectively prevented, and the distributed CA block chain has certain advantages in safety performance.
Drawings
FIG. 1 is a CA block chain structure design of a double-chain, double-block type hybrid structure of the method of the present invention;
FIG. 2 is a schematic diagram of a new certificate block structure according to the present invention;
FIG. 3 is a schematic diagram of a certificate revocation block according to the present invention;
FIG. 4 is a diagram of a CA blockchain sample of a double-chain, double-block type hybrid structure of the method of the present invention;
fig. 5 is a flowchart of a method for secure authentication of a mobile ad hoc network of a vehicle based on a blockchain technique according to the present invention.
Description of the embodiments
The present invention is further illustrated in the following drawings and detailed description, which are to be understood as being merely illustrative of the invention and not limiting the scope of the invention.
Description of the preferred embodiments
The invention provides a vehicle mobile ad hoc network security authentication method based on a blockchain technology, which designs a double chain comprising a universal blockchain and a certificate revocation list chain and a CA blockchain comprising a double-block mixed structure type of a certificate newly-added block and a certificate revocation block. The CA blockchain design of the double-chain and double-block type mixed structure is shown in figure 1, a certificate newly added block is used for recording the digital identity certificate of a newly-accessed communication node in the vehicle mobile ad hoc network, a certificate revoked block is used for recording the digital identity certificate of a revoked communication node evacuated in the vehicle mobile ad hoc network, and the blocks are generated by consensus of the communication nodes in the vehicle mobile ad hoc network. The universal blockchain directly connects adjacent blocks and the certificate revocation list chain connects adjacent certificate revocation blocks. Before network communication, the new communication node links the digital identity certificate through the common identification mechanism of the original communication node; when the communication node withdraws from the revocation, the certificate of the communication node can link the serial number of the digital identity certificate through the consensus mechanism of the existing communication node; when the communication node in the mobile ad hoc network of the vehicle is authenticated safely, the certificate revocation state is queried through querying a certificate revocation list chain in the block chain, and the certificate authenticity is rapidly confirmed by using the certificate newly-added block, so that the safety communication is completed.
The blocks in the blockchain consist of a certificate newly added block and a certificate revoked block double-type block. The design of each block is as follows:
(1) The newly added certificate block consists of a 428-byte block header and a variable-length block, and the design is shown in fig. 2, wherein the block header field comprises a 4-byte current block Version number Version, a 32-byte last block hash value PreHash, a 32-byte local block MerkleRoot hash value merkleroothhash, an 8-byte block generation time stamp TimeStamp, a 128-byte local block generator public key AutPubkey, a 128-byte block Signature, a 32-byte block serial number Blocknum and a 32-byte communication node number Connum in the mobile ad hoc network of the vehicle; the zone block of the certificate newly-added block comprises a certificate record newly-added in a certain period of time, and the digital identity certificate is designed as shown in the following table 1; because a single block can record a large number of certificates, the certificates ensure the legal validity of the certificates through one collective signature of legal communication nodes, and ensure the safety of the certificates through the non-falsifiability of a block chain;
table 1 communication node certificate field design
(2) The certificate revocation block is composed of a 428-byte block header and a variable-length block, and the design is shown in fig. 3, and the block header field comprises a 4-byte current block Version number Version, a 32-byte last block hash value PreHash, a 32-byte local block content hash value ConHash, an 8-byte block generation TimeStamp, a 128-byte local block generator public key authpubkey, a 128-byte block Signature, a 32-byte last certificate revocation block hash LastcrlHash, a 32-byte block serial number Blocknum and a 32-byte vehicle mobile ad hoc network communication node number Connum. The block of the certificate revocation block contains the serial number of the newly added revoked certificate.
The connection mode between the certificate newly-added block and the certificate revocation block is topological connection. Because the certificate newly-added block needs legal communication nodes to carry out signature authentication, the creation block is a certificate newly-added block, and digital certificates of all communication nodes in the initial vehicle mobile ad hoc network are recorded. The first 8 blocks are listed in detail, with the connection topology overview shown in fig. 4, and the overview content of each block is shown in table 2 below.
Table 2 CA block content overview
The certificate content is directly replaced by a variable name, and the certificate is defined in the format of a table 1 in actual operation. White in the figure indicates a certificate newly added block, and gray indicates a certificate revoke block. The blocks with code numbers of Block-05, block-06 and Block-08 are the certificate revocation blocks, and the other 5 blocks are the certificate newly-added blocks. Unlike conventional blockchains, because there are two types of blocks within the CA blockchain designed herein, there is actually one or two chains per block that connect to the past block. In the figure, the solid arrow is connected to the last block of the block through the PreHash field, and the difference value between the two block numbers is fixed to be 1; the dashed arrow is connected to the last certificate revocation block by LastcrlHash. The vehicle-mounted communication node A and the node B belong to two communication nodes in a vehicle mobile ad hoc network, a certificate 4 of the A node is in a Block-01, and a certificate 12 of the B node is in a Block-03.
Detailed description of the preferred embodiments
When a new communication node in the vehicle mobile ad hoc network needs to be registered in the network, the specific flow of the registration node registering a certificate to the vehicle mobile ad hoc network is as follows:
(1) The registration node acquires a legal communication node public key P1 of any nearby vehicle mobile ad hoc network;
(2) Encrypting information M1 (comprising a unique identification code) submitted during registration and a random number R1 by using a public key P1, and sending an encryption result EP1 (R1M 1) to a legal communication node in the network;
(3) After receiving the message, the legal communication node in the network decrypts by using the private key K1 to obtain R1 and M1, and audits the content, if the content is true, the corresponding public key P2 and private key K2 are generated, encrypted by using the random number R1 and then sent to the registration node;
(4) The legal communication nodes in the network store all the digital certificates of the communication nodes which are successfully checked in a period in the block body of the newly-added block of the certificate in a Merkle tree mode, sign the digital certificates and attach the digital certificates in the block head, then uplink the newly-added block of the certificate through a consensus mechanism of the communication nodes in the mobile ad hoc network of the vehicle, and send registration success information to the registered communication nodes after the block uplink is successful.
Description of the preferred embodiments
When a certain communication node in the vehicle mobile ad hoc network needs to evacuate, or when the self certificate is found to be no longer safe, for example, after the public key of the certificate is cracked and the private key is revealed, the self digital certificate needs to be revoked in the vehicle mobile ad hoc network. The concrete flow of the cancellation node applying for the cancellation certificate to the vehicle mobile ad hoc network is as follows:
(1) The revocation node stores the serial number of the certificate in the block body of the certificate revocation block, signs the serial number and then attaches the serial number to the block head to generate the certificate revocation block;
(2) The cancellation node uplinks the certificate cancellation block through a consensus mechanism of the communication nodes in the mobile ad hoc network of the vehicle, and if the block uplinks successfully, the cancellation of the certificate is successful.
Description of the preferred embodiments
For a communication node whose digital identity certificate has been linked up and not revoked in the vehicle mobile ad hoc network, the legitimacy of its digital identity certificate has been verified on the blockchain. The communication node in the mobile ad hoc network downloads the blockchain data and becomes a new consensus node after the digital certificate is successfully registered, and then periodically updates the certificate revocation list according to the latest certificate revocation block content in an idle stage so as to authenticate and inquire. In general, the communication nodes in the vehicle mobile ad hoc network can perform fast security authentication and security communication based on the blockchain by querying the blockchain, as shown in the flowchart of the vehicle mobile ad hoc network security authentication method based on the blockchain technology in fig. 5, it is assumed that the vehicle communication node a and the node B belong to two communication nodes in the vehicle mobile ad hoc network, the certificate 4 of the a node is in the Block-01, and the certificate 12 of the node B is in the Block-03. When the A node sends a communication request to the node B node, the safety communication flow comprises the following steps:
(1) The node A queries the digital identity certificate 12 of the node B in the block chain, checks the validity period of the certificate 12 to judge whether the certificate is invalid, and if the certificate is invalid, the communication is ended; otherwise, searching the certificate revocation list to check whether the certificate 12 is revoked, and ending communication if the certificate is revoked; otherwise, generating a random number r1, encrypting a data string formed by cascading the random number r1, a time stamp t1, a block serial number m1 where a node certificate is positioned and a certificate serial number 4 by using a public key pubB of the node B to generate a reply message C1, and sending the reply message C1 to the node B;
(2) After receiving the message, the node B decrypts the ciphertext C1 by using the private key PriB of the node B, calculates the difference value between the current time and the sending time stamp, judges whether the current time and the sending time stamp are in a preset effective time stamp, and ends communication if the current time and the sending time stamp are not in the preset effective time stamp; otherwise, rapidly inquiring the content of the certificate 4 through the block serial number m1 and the certificate serial number 4, checking the validity period of the certificate 4 to judge whether the certificate is invalid, and ending communication if the certificate is invalid; otherwise, searching a certificate revocation list to check whether the certificate 4 is revoked, and ending communication if the certificate is revoked; otherwise, generating a random number r2, encrypting a data string formed by cascading the random numbers r1 and r2 and a time stamp t2 by using a public key pubA of the node A to generate a reply message C2, and sending the reply message C2 to the node A;
(3) After receiving the message, the node A decrypts the ciphertext C2 by using the private key PrIA of the node A, calculates the difference value between the current time and the sending time stamp, judges whether the current time and the sending time stamp are in a preset effective time stamp, and ends communication if the current time and the sending time stamp are not in the preset effective time stamp; otherwise, checking the random number r1, if both the random number r1 and the random number r1 are correct and valid, successfully authenticating the identity of the node B, otherwise, ending the communication;
(4) After the identity authentication is successful, the node A and the node B calculate a common session key k through r1 and r2 based on a key negotiation algorithm, and key negotiation is completed; after the key agreement is completed, the node A and the node B can carry out encrypted communication through the key k and a well-defined encryption algorithm.
It should be noted that the foregoing merely illustrates the technical idea of the present invention and is not intended to limit the scope of the present invention, and that a person skilled in the art may make several improvements and modifications without departing from the principles of the present invention, which fall within the scope of the claims of the present invention.
Claims (6)
1. A vehicle mobile ad hoc network safety authentication method based on a block chain technology is characterized in that: the method designs a double chain comprising a general block chain and a certificate revocation list chain and a CA block chain comprising a certificate newly-added block and a certificate revocation block, wherein the CA block chain of the mixed structure realizes safety authentication among communication nodes in a mobile ad hoc network of a vehicle so as to perform safety communication; the certificate newly-added block is used for recording the digital identity certificate of a newly-accessed communication node in the vehicle mobile ad hoc network, the certificate revocation block is used for recording the digital identity certificate of a communication node revoked in the vehicle mobile ad hoc network, and the blocks are generated by consensus of the communication nodes in the vehicle mobile ad hoc network; the universal block chain is directly connected with the adjacent blocks, and the certificate revocation list chain is connected with the adjacent certificate revocation blocks; before network communication, the new communication node links the digital identity certificate through the common identification mechanism of the original communication node; when the communication node withdraws from the revocation, the certificate of the communication node can link the serial number of the digital identity certificate through the consensus mechanism of the existing communication node; when the communication node in the mobile ad hoc network of the vehicle is authenticated safely, the certificate revocation state is queried through querying a certificate revocation list chain in the block chain, and the certificate authenticity is rapidly confirmed by using the certificate newly-added block, so that the safety communication is completed.
2. The method for secure authentication of a mobile ad hoc network of a vehicle based on the blockchain technique as in claim 1, wherein: the connection mode between the certificate newly-added block and the certificate revoke block is topological connection, and each block is designed as follows:
(1) The certificate newly added block consists of a 428-byte block header and a variable length block, wherein the block header field comprises a 4-byte current block Version number Version, a 32-byte last block hash value PreHash, a 32-byte local block MerkleRootHash value MerkleRootHash, an 8-byte block generation TimeStamp TimeStamp, a 128-byte local block generator public key AutPubKey, a 128-byte block Signature, a 32-byte block serial number Block num and a 32-byte communication node number Connum in the mobile ad hoc network of the vehicle; the block body of the newly added block of the certificate contains newly added certificate records in a certain period of time, the certificate records are stored in a Merkle tree form, and as a large number of certificates can be recorded in a single block, the certificates ensure the legal validity of the certificates through one-time collective signature of legal communication nodes, and the security of the certificates is ensured through the non-falsifiability of a block chain;
(2) The certificate revocation block consists of a 428-byte block header and a variable-length block, wherein the block header field comprises a 4-byte current block Version number Version, a 32-byte last block hash value preslash, a 32-byte local block content hash value ConHash, an 8-byte block generation TimeStamp TimeStamp, a 128-byte block generator public key AutPubKey, a 128-byte block Signature, a 32-byte last certificate revocation block hash LastcrlHash, a 32-byte block serial number Blocknum and a communication node number Connum in a 32-byte vehicle mobile ad hoc network; the block of the certificate revocation block contains the serial number of the newly added revoked certificate.
3. The method for secure authentication of a mobile ad hoc network of a vehicle based on the blockchain technique as in claim 1, wherein: when a new communication node in the vehicle mobile ad hoc network needs to be registered in the network, the communication node submits registration information to any nearby communication node in the network, the communication node in the network carries out auditing on the registration information, generates a corresponding public key and a private key after auditing, encrypts and sends the public key and the private key to the registered communication node; the communication node in the network stores all the digital certificates of the communication nodes which are successfully audited in a period in the block body of the newly added block of the certificate in a Merkle tree mode, signs the digital certificates and then attaches the digital certificates in the block head, then the newly added block of the certificate is uplink through a common identification mechanism of the communication node in the mobile ad hoc network of the vehicle, and after the block uplink is successful, the digital certificates of the communication nodes are sent to the communication nodes which are newly registered in the network to be registered for success information.
4. The method for secure authentication of a mobile ad hoc network of a vehicle based on the blockchain technique as in claim 1, wherein: when a certain communication node needs to evacuate the vehicle mobile ad hoc network, the communication node digital certificate needs to be revoked in the vehicle mobile ad hoc network; the communication node stores the serial number of the self certificate in the block body of the certificate revocation block, signs the serial number and then attaches the serial number in the block head, and then uplinks the certificate revocation block through a consensus mechanism of the communication node in the mobile ad hoc network of the vehicle.
5. The method for secure authentication of a mobile ad hoc network of a vehicle based on the blockchain technique as in claim 1, wherein: for a communication node whose digital identity certificate has been linked and has not been revoked, the validity of its digital identity certificate has been verified on the blockchain; the communication node in the vehicle mobile ad hoc network downloads the blockchain data and becomes a new consensus node after the digital certificate is successfully registered, and then periodically updates a certificate revocation list according to the latest certificate revocation block content in an idle stage so as to authenticate and inquire; under the general condition, the communication node queries a blockchain in a database of the communication node, queries a certificate revocation state by using a certificate revocation list chain, rapidly confirms the authenticity of a certificate by using a certificate newly-added block, completes security authentication, and performs rapid security authentication and security communication based on the blockchain.
6. The method for safety authentication of the mobile ad hoc network of the vehicle based on the blockchain technology as in claim 2, wherein the method comprises the following steps: the digital identity certificate in the certificate newly-added block is designed as follows:
the digital identity certificate consists of 496 bytes, including a 32-byte certificate number serial number, a 128-byte certificate public key subpubkey, and a related public description of a 336-byte certificate subDescribe; because the certificates of the communication nodes are stored in the block body of the newly added block of the certificates in batches, the integrity and difficulty in tampering are ensured through the non-tampering of the Merkel tree; and because the legal communication nodes sign the blocks, the validity and the credibility of the certificates in the blocks are ensured in batches, so that each certificate does not need to be signed independently, and the efficiency of issuing the certificates by the communication nodes is greatly improved.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310336909.3A CN116455578A (en) | 2023-03-31 | 2023-03-31 | Vehicle mobile ad hoc network security authentication method based on blockchain technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310336909.3A CN116455578A (en) | 2023-03-31 | 2023-03-31 | Vehicle mobile ad hoc network security authentication method based on blockchain technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116455578A true CN116455578A (en) | 2023-07-18 |
Family
ID=87126818
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310336909.3A Pending CN116455578A (en) | 2023-03-31 | 2023-03-31 | Vehicle mobile ad hoc network security authentication method based on blockchain technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116455578A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117156440A (en) * | 2023-10-27 | 2023-12-01 | 中电科网络安全科技股份有限公司 | Certificate authentication method, system, storage medium and electronic equipment |
-
2023
- 2023-03-31 CN CN202310336909.3A patent/CN116455578A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117156440A (en) * | 2023-10-27 | 2023-12-01 | 中电科网络安全科技股份有限公司 | Certificate authentication method, system, storage medium and electronic equipment |
| CN117156440B (en) * | 2023-10-27 | 2024-01-30 | 中电科网络安全科技股份有限公司 | Certificate authentication method, system, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112073379B (en) | Lightweight Internet of things security key negotiation method based on edge calculation | |
| CN113194469B (en) | 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain | |
| CN108400872B (en) | Block chain information transmission method and system based on satellite-ground cooperation | |
| CN110430061B (en) | Vehicle networking equipment identity authentication method based on block chain technology | |
| CN111771390A (en) | Self-organizing network | |
| CN112039872A (en) | Cross-domain anonymous authentication method and system based on block chain | |
| CN101222331B (en) | Authentication server, method and system for bidirectional authentication in mesh network | |
| CN113746632B (en) | Multi-level identity authentication method for Internet of things system | |
| CN111262692B (en) | Key distribution system and method based on block chain | |
| CN110046521A (en) | Decentralization method for secret protection | |
| CN113824563B (en) | Cross-domain identity authentication method based on block chain certificate | |
| CN110059503A (en) | The retrospective leakage-preventing method of social information | |
| CN114884698B (en) | Kerberos and IBC security domain cross-domain authentication method based on alliance chain | |
| CN113672942B (en) | PKI certificate cross-domain authentication method based on blockchain | |
| WO2023236551A1 (en) | Decentralized trusted access method for cellular base station | |
| CN110572819B (en) | Block chain-based multi-domain wireless Mesh network cross-domain authentication method and system | |
| CN115378604A (en) | Identity authentication method of edge computing terminal equipment based on credit value mechanism | |
| CN108882238A (en) | A kind of lightweight rotation ca authentication method in mobile ad hoc network based on common recognition algorithm | |
| CN116455578A (en) | Vehicle mobile ad hoc network security authentication method based on blockchain technology | |
| CN114531680A (en) | Lightweight IBC bidirectional identity authentication system and method based on quantum key | |
| CN115002717A (en) | Internet of vehicles cross-domain authentication privacy protection model based on block chain technology | |
| CN111245613B (en) | Identity-based three-level key negotiation method for in-vehicle and out-vehicle networks | |
| CN110752934B (en) | Method for network identity interactive authentication under topological structure | |
| CN110717760A (en) | One-stop efficient PKI authentication service method based on block chain | |
| Forne et al. | Certificate status validation in mobile ad hoc networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |