ES2372841B2 - SECURE COMMUNICATIONS SYSTEM IN AN AD-HOC SPONTANEOUS AND SELF-MANAGED VEHICLE NETWORK. - Google Patents

Abstract

Secure communications system in a spontaneous and self-managed ad-hoc vehicular network, without infrastructures either on the road or in vehicles, using only mobile devices with a receiver of a global satellite navigation system, and wireless and computing communication capabilities, such as mobile phones, PDAs and laptops. The mode of operation provided for in the invention is fully distributed and decentralized, and takes into account the protection of drivers' privacy and defense against possible attacks.

Description

Secure communications system in a spontaneous and self-managed vehicular ad-hoc network.

The present invention relates to a secure communications system in a spontaneous and self-managed ad-hoc vehicular (or V ANET) network.

The invention is applicable in the field of telecommunications, especially in mobile and wireless communications between vehicles

Background of the invention

The present invention relates to the security of communications in ad-hoc vehicular networks or VANETs (Vehicular Ad-hoc NETworks). This security currently represents a challenge to be solved since it is anticipated that these networks will be an important revolution for the safety and comfort of road transport in the not too distant future.

In the V ANETs the messages exchanged between the vehicles will influence the behavior of their drivers as these, for example, will reduce speed and / or choose alternative routes depending on the information received. Any malicious user could try to exploit this situation, carrying out any of the following attacks:

-

Injection of false information, modified or repeated, spreading erroneous data that may affect the rest of the vehicles, either for the benefit of the attacker, for example, when a road is released, or simply for bad intention, for example, to produce a traffic jam.

-

Forgery of identity (posing as for example an emergency vehicle) or manipulation of the information sent (altering data such as position, address, speed, etc.) for example to try to escape responsibilities when an accident has been caused.

-

Tracking drivers and / or vehicles, threatening their privacy and anonymity. -Denial of service, causing loss of network connectivity.

Therefore, the security of communications is an essential factor in preventing such threats and enabling the deployment of V ANETs.

There are various initiatives both from the industry and from the academic environment aimed at making possible the future exploitation of the V ANETs. However, all existing proposals have in common the hypothetical prior existence of an infrastructure on the road or RSU (Road-Side Unit) and / or the use of mobile telephony, and / or Internet and / or devices on board the vehicles or OBUs (On-Board Units).

For example, the draft communications standard for V ANETs, IEEE 802.11 p WA VE (Wireless Access for Vehicular Environments, http://grouper.ieee.org/groups/802/II/Reports) that is being developed by the Car consortium -2-Car (http://www.car-to-car.org) presupposes that VANETs will combine several wireless technologies such as Cellular, Satellite, WiMAX (Worldwide Interoperabi; ity for Microwave ACCess, http: //www.ieee802. org / l6) and DSR (Dedicated Short Range) communications.

Similarly, the CALM architecture (Communications, Air interface, Long and Medium range, http://www.isotc204wg16.org/concept), also in the process of standardization by the International Organization for Standardization (ISO), intends to support to communications in mobile environments and in particular in ITSs (Intelligent Transportation Systems), through the combined use of various wireless technologies such as WAVE, UMTS (Universal Mobile Telecommunications System, http://www.30PP.org), WiMAX or RFID (Radio Frequency IDentification), and the application of various international standards, interfaces and media, such as IEEE 802.11, 802.11p, 802.15, 802.16e, 802.20, mobile telephony 20/30/40, and national ITSs.

In both standards, the security of communications is based on the combination of the mentioned technologies, in general assuming the use of public key infrastructure with certification based on centralized authorities, which implies the need for prior implementation of MSWs on roads and OBUs in vehicles.

On the other hand, the solutions proposed in various research projects are based on the availability of OBUs in vehicles, and / or RSUs on the road, which would imply a large initial outlay by the State and / or by users. In fact, most of the research efforts in this field are being made from the automobile companies, so that in the proposals it is normally assumed that in the OBUs integrated in the vehicles there is a black box, a certified identity, sensors to detect obstacles, a human-machine interface, and a counterfeit-proof device for calculations, in addition to a receiver of a Global Satellite Navigation System and a Wi-Fi device.

Among the scientific publications related to safety in V ANETs, the following stand out:

-

[Philippe Golle, Dan Greene and Jessica Staddon, "Detecting and correcting malicious data in VANETs", 1st ACM international workshop on Vehicular ad hoc networks pp. 29-37. 2004}. Proposes the use of sensors to detect incorrect information.

-

[Maxim Raya and Jean-Pierre Hubaux, "The security 01 vehicular ad hoc networks", 3rd ACM workshop on Security 01 ad hoc and sensor networks pp. 11-21. 2005}. It assumes the existence of certification authorities to issue certificates to vehicles, proposing that they be government authorities or vehicle manufacturers.

-

[Florian Dotzer, "Privacy Issues in Vehicular Ad Hoc Networks", Lecture Notes in Computer Science 3856 pp. 197-209. 2006}. It involves the participation of vehicle manufacturers since during the production of each vehicle a secure connection must be established with a certifying authority that validates the OBo.

Among the patents, the following documents related to the V ANETs stand out.

-

US2008002635 AND US2008002574 propose a method to manage communications traffic, measuring local levels and defining a microutility of the data to be transmitted to select the transmission medium.

-

US20080279141 describes a method of assigning channels to communications

multihop between one node and another, for sending information through routing. -W02008092475 proposes the dissemination of information through unicast. -W02008104673 proposes the estimation of the density of nodes by dividing into

geographical cells in which the node closest to the center is responsible for adding and retransmitting the information. -W02008119948 is based on the use of mobile telephony to define an information routing algorithm between two nodes. -W02009024945 describes a method for synchronizing radio-communicated devices using periodic beacons that include clock signals.

-

W02009053657 proposes that in the intersections of roads the diffusion of information is carried out through a node chosen within a group based on the estimated time to reach the intersection. W02010020260 presents a method for sending information from a source node to a destination node by routing through intermediate nodes.

-

W020 1 0040372 presupposes the use of an infrastructure on the road to control the communications load of the wireless channel, defining priorities over the messages to establish its sending characteristics.

However, no precedent has been found that describes a safe and cheaper solution than the proposals so far.

Description of the invention

From the above described, it is an objective of the present invention to provide a secure and self-managed ad-hoc vehicular (or V ANET) network of secure communications.

This objective is achieved through a secure communications system in an ad network

spontaneous and self-managed vehicular hoc comprising: a module for generating identity and digital signature keys. a module that contains client / server architecture with the possibility of connecting to multiple users at the same time.

a module for multicast sending and wireless reception of beacons with variable pseudonyms, a module for mutual authentication of nodes, with exchange of fixed public keys, temporary secret keys, and public key stores based on an interactive challenge-response scheme. an update module for public key stores. a node reputation module, which deletes dishonest nodes from stores, by deleting their public key from certificate stores. an encrypted data exchange module on static and dynamic elements of the road, through the use of a temporary secret key of the sender a data authentication module by checking matches with other messages received by aggregating data

In this sense, our invention avoids the need to install any type of infrastructure either in the vehicle or on the road, which implies savings in economic investment and waiting time for the development of the multiple applications of vehicle networks, allowing to put VANETs are underway without any investment from governments, car companies or telephone companies.

A safe communication system is presented here in a spontaneous and self-managed ad-hoc vehicular network, without infrastructures either on the road or in vehicles, using only mobile devices with a receiver of a global satellite navigation system, and wireless communication capability and computing, such as mobile phones, PDAs and laptops.

The mode of operation provided for in the invention is fully distributed and decentralized, and takes into account the protection of drivers' privacy and defense against possible attacks. Both issues imply the possibility of progressive deployment with effective functionality and security from the start.

The key factors of the proposed design are: scalability and economy, authentication of nodes and information, privacy, promotion of cooperation, and low delay and stability of the communities.

A system is proposed that can be integrated into specific mobile devices, or implemented in existing devices such as mobile phones with appropriate software.

The first fundamental element of the present invention is a self-managed authentication method, which does not require the intervention of certification authorities since it is the nodes themselves that certify the validity of the public keys of the nodes they trust, issuing the corresponding ones certificates, which are stored in local stores and updated using an algorithm described here. In addition, the proposal of authentication of nodes includes a cryptographic protocol, which allows each node to convince another node of the possession of a certain secret without allowing the transmitted information to discover anything about said secret, preventing possible impersonation attacks.

A second fundamental element of this invention is a symmetric encryption algorithm used in different phases. For its design, all known parameters that guarantee the safety of non-linear filtering in flow ciphers were contemplated. Encryption and decryption are performed with an XOR between the generated encryption sequence and the information.

Finally, the present invention also contemplates as a third fundamental element an aggregation scheme of data that includes the generation of aggregated packages from groups created ad-hoc for it, and the verification of digital signatures in a probabilistic way, preventing possible attacks of distribution of false content and avoiding network saturation due to sending messages with the same content.

It is assumed that each node of the network is characterized by the following parameters: ID, (KUro, KRro), {IDi, KUroi, Cert (KUro¡)} roi E Warehouse including:

-

a unique IDentifier (denoted ID), obtained by applying a unidirectional function over a unique value. For example, if the device used is a telephone

mobile number can be used, while in other cases you can use an email address. The unidirectional function could be a hash function, such as MD5.

-

a fixed pair of public / private keys (denoted (KU, KR) and key calls of

identity to use in an asymmetric cryptosystem, such as RSA. -a store containing several IDs, and corresponding public keys KUs and certificates, which the node keeps at all times updated, in the form:

IDI KUID1, Cert (KUID1) ID2 KUID2, Cert (KU1D2) ID3 KUID3, Cert (KUID3)

IDlím KUIDlím, Cert (KUIDlím)

In accordance with a preferred embodiment of the invention, the communication system

It can be used to reduce road jams in which: the module for generating identity and digital signature keys is based on the generation of the decimal value of the binary representation corresponding to the upper triangular submatrix of the adjacent symmetric matrix containing

15 the elements corresponding to a Hamiltonian circuit in a graph; the module for multicast sending and wireless reception of beacons with variable pseudonyms is based on the hash of the list of IDs of the nodes present in your public keystore at that time; the module for mutual authentication of nodes is based on a node B that you want

To establish contact with a node A first, ask for the list of IDs of your warehouse at that time, check the coincidence of your hash with the pseudonym sent by A on your beacon, and respond by indicating an X key present at the intersection of both warehouses Then, a demonstration of mutual null knowledge about the public key X is carried out so that

each node builds from this key, considering it as a Hamiltonian circuit, a graph G in which X is a solution to the difficult circuit problem

Hamiltonian, and sends it to the other node. Then at least two iterations of the demonstration are performed so that in a first step each node sends an isomorphic GI graph to the other as a compromise to the previously sent graph. Each node then sends the other a random challenge indicating whether it wishes to receive from the other node the isomorphism between both graphs or a Hamiltonian circuit in the isomorphic graph. At the end of the demonstration of null knowledge, both nodes know that they share the public key X, which they use to encrypt using the symmetric encryption described below, and send their own public identity key to the other node. Then they exchange their encrypted temporary secret keys with the public key of the other node and finally each uses their own temporary secret key to encrypt with the symmetric encryption described below, and send encrypted their keystore, which is contrasted against the pseudonym forwarded in the beacon and the list of IDs sent in the first step of the authentication; The module for updating public key stores is based on using an algorithm in which each node chooses to store in its store those public key certificates of the nodes that have issued or received more valid certificates. The certificates and nodes of the store are treated in said algorithm respectively as edges and vertices of a graph. The node reputation module is based on reflecting the behavior of a dishonest node by assigning in the warehouse a negative weight to the edges corresponding to certificates issued or received by it, so that upon receiving said certificates a negative weight, the vertex will leave progressively of being present in the updated stores. This scheme is combined in the warehouse update algorithm with an assignment of weights to edges in the warehouse, according to the following criteria: 2 for certificates issued or received directly by the node, 1 for other certificates, -2 for denounced certificates directly by the node, and -1 for certificates denounced by other nodes. The data encryption exchange module is based on a binary flow encryption using as decipher sequence generator a declined and linear non-linear filtering of a shift register with primitive feedback polynomial on GF (2) of degree L equal to the length of the key used in each

moment, fed with the seed formed by said key, and with feedback polynomial given by the primitive polynomial of lower non-zero coefficients and number of said coefficients given by the smallest possible number greater than 0.01 * L. The nonlinear function of filtering has as its order the prime number p closest and smaller than Ll2, it includes a linear term corresponding to its order, in addition to a number of terms of each order i = 2, ..., p given by the whole part of Lli, obtained by multiplying successive and disjoint stages. The output of said non-linear filtering is irregularly clogged so that the output of the register determines at any time whether the corresponding output of the filtrate is used or discarded, being introduced in the first case in a buffer of size 4; The data authentication module is based on a data aggregation scheme based on reactive groups in which each leader is responsible for building the package and adding the signatures of all the vehicles in their group, and where the verification is carried out according to a probabilistic protocol that depends on the geographical area in which each vehicle is located; An automatic anomalous condition detection module is added for speed calculation, based on the information received from a receiver of a global satellite navigation system.

Brief description of the figures

For a better understanding of what has been exposed, it is accompanied by drawings in which, schematically only by way of non-limiting example, a practical case of embodiment is represented.

The figures are briefly described below.

Figure 1 shows a conceptual scheme of the communications system according to the invention including its 8 basic modules of Key Generation and Signature (el), Client / Server Architecture (e2), Sending and Receiving Beacons (e3), Authentication of nodes (e4), Warehouse Update (eS), Reputation Scheme (e6), Encrypted Exchange (e7) and Data Authentication (e8). The execution of these modules is not necessarily sequential, since it is and e6 do not require interaction between nodes, while

C7 and C8 yes, so that CS and C6 can run in parallel with C7 and C8. In fact, in the proposed embodiment described, two modes are proposed that in one of them the execution of modules C7 and C8 is not required. Figure 2 shows a scheme that represents the client / server architecture with connection to multiple users at the same time, and also the multicast sending and wireless reception of the beacons. Figure 3 shows a mutual authentication scheme based on an interactive demonstration of null knowledge between a pair of nodes A and B. In the step of sending beacons B, it commits to node A with the object to be demonstrated by sending a witness (DI ). If A wishes to establish contact with B, it sends a random challenge (D2). Finally B returns the answer (D3) corresponding to the challenge and the witness. Figure 4 shows a scheme that represents the ownership of the six degrees of separation in the environment of the certification of public keys between vehicles. Figure S shows a diagram showing the proposed embodiment of the invention using the mobile phone first associated with the hands-free device of a vehicle, so that before starting the vehicle the user enters his destination and route preference , and when the mobile receives information about abnormal speeds from its neighbors, it recalculates the recommended route and suggests it to the driver. Figure 6 shows an exemplification of the proposed generation of the public identity key KUID from a graph and its adjacency matrix, using the elements of the upper triangular submatrix corresponding to a Hamiltonian circuit in the graph. Figure 7 shows a scheme that represents all the interactions between two nodes A and B. First A sends the hash {VDIDEA Warehouse} (PI) to B, in step (P2) B requests node A to list its store IDs , then A sends to B the set {VIDEA WarehouseA} (P3), B checks if there is an XE key {WarehouseAll WarehouseB} and in that case it is sent to node A, (P4). Then A builds and sends a graph GA (X) (PS) to B. Then at least two three-step iterations are performed in which first A sends a graph GIA (X) (P6) isomorphic to graph GA (X), then B sends a random binary challenge (P7) to node A, and according to its value A returns to B the isomorphism between both graphs or a Hamiltonian circuit in GIA (X) (P8). At the end, A uses X to encrypt its KU key A and send the result Ex (KU A) (P9) to B, then B uses the KU key A to encrypt its KB key and send the result KU A (KB to node A) ) (P 10).

Finally, A uses its KA key to encrypt its warehouse and send EKA (WarehouseA) encryption to B (P 11).

Figure 8 shows an encryption sequence generator based on a shift register with primitive coefficient feedback polynomial (CL, CL-1, ..., Cl) of lower non-zero values, such as the weight of said coefficient vector It is the lowest value greater than O, 07 * L. It includes a filtering function f of order equal to the prime number p closest to L / 2, corresponding linear term ap, and number of terms of each order i = 1,2, ..., p equal to [L / i] . The output of said filtrate is decimated according to the output of the register, and the decimated output is introduced in a size 4 buffer. Figure 9 shows a formation of reactive group generated ad-hoc from the detection of a jam. Figure 10 shows a scheme representing the three geographical areas defined for the authentication of data called danger zone (Z 1), uncertainty zone (Z2) and security zone (Z3). Figure 11 shows a graphical representation of the use of velocity calculation from the distance s traveled in a time t by a node, allowing the device to automatically recalculate the estimated time for the initially recommended route and compare it with time th initially estimated for that route, so if you, and there is an alternative route with estimated time, the device recommends this route to the driver.

Description of a preferred embodiment of the invention

Although the general approach of the invention can be used in different applications of V ANETs, the analyzes carried out and the concrete embodiment described as an embodiment are focused on the objective of reducing road jams.

In this case, mobile phones are used as mobile devices, so that the node representing the vehicle within the vehicular network at all times is the passenger's mobile phone first associated with the hands-free device of the vehicle. This last assumption avoids the possibility that in a vehicle there are several devices of its passengers that may be appearing in the V ANET, since this would lead to erroneous conclusions about the density of vehicles on the road. In addition, when the mobile phone is synchronized as the first device associated with the hands-free device, the mobile phone automatically changes from 'pedestrian mode' to 'vehicle mode'. In 'pedestrian mode' the mobile phone has only active components C2, C3, C4, CS and C6, which allow you to update your keystore.

To use this invention the user does not have to perform any specific action while driving. Before starting the vehicle, enter your destination and route preference into the device. Our proposal implies that the device receives and sends information automatically, using only the vehicle network and without requiring the driver's collaboration at any time (see Figure 5). When the device detects that the vehicle is traveling at an abnormal speed with respect to the road, it generates a warning and sends it to all its neighbors via broadcast. With the information received, the device automatically recalculates the recommended route and suggests it to the driver.

Figure 1 shows a preferred embodiment of the secure communication system according to the invention. In this preferred embodiment, the secure communications system in a spontaneous and self-managed vehicular ad-hoc network comprises the following modules:

C l. Generation of identity and digital signature keys It is part of the first fundamental element of the invention. Such generation is necessary since the authentication of nodes proposed in this invention is based on self-managed public key cryptography without requiring certification authorities at any time. Instead, each node is responsible for generating its own public-private key pairs, which are essential for authentication processes, and for digital signature of the messages it sends once authenticated. Each node has a fixed pair of public-private keys (identity keys) whose validity is certified in a self-managed way through the public key stores of the nodes themselves.

C2 Client / server architecture with the possibility of connecting to multiple users at the same time It is necessary for the first fundamental element of the invention. It is that each node (client) makes requests to another node (server), which responds to it (see Figure 2). This idea is very useful in distributed multi-user systems such as the vehicular network object of this invention because thus the process capacity is shared between the clients and the servers. In particular in this invention this component is necessary for the interconnection of the nodes since it allows sending and receiving messages from many clients and to many servers at the same time as each user is both client and server.

e3. Multicast sending and wireless reception of beacons with variable pseudonyms It is part of the first fundamental element of the invention. The sending / receiving of beacons messages containing variable pseudonyms of the sending nodes is necessary for the process of discovering active nodes, and avoiding possible follow-ups (see Figure 2).

e4. Mutual authentication of nodes, with exchange of fixed public keys, temporary secret keys, and public key stores It is the basis of the first fundamental element of the invention. The exchange of messages between pairs of nodes is intended to show each other that he knows a secret without revealing anything about it. The proposed scheme is based on an interactive challenge-response scheme, as shown in Figure 3. In the step of sending beacons each node commits itself to its neighbors with what it intends to demonstrate, sending them a witness (DI). If a node A wishes to establish contact with another node B, it sends a random challenge (D2). Then B returns the answer (D3) corresponding to the challenge and the witness. After these steps, both nodes share a key that they use to encrypt and send their public identity key to the other. Their encrypted temporary secret keys are then exchanged with the public key of the other node. Finally each uses its own secret key to encrypt and send encrypted keystore. This module allows to guarantee to each node the authenticity of the other, as well as to exchange the secret keys that are used in the module e7, and to update the stores of public keys necessary for the later verification of the validity of the public keys of identity used for the Message signing

e5. Optimal updating of public key stores It is an important part of the first fundamental element of the invention. It allows to limit the number of stored keys to a value denoted limit, so that said value is generally lower than the number of users that form the vehicular network, and equal to the minimum number that allows, taking advantage of the property of the six degrees of consistent separation in which any node can connect to any other through a chain with no more than six links (see Figure 4), store only the keys necessary to authenticate any other node with a high probability.

C6 Node reputation scheme, which erases dishonest nodes from warehouses It is part of the first fundamental element of the invention. It allows to isolate those nodes for which incorrect or corrupt behaviors have been detected, by deleting their public key from the certificate stores.

C7 Encrypted exchange of data on static and dynamic road elements This module constitutes the second fundamental element of the invention. The encrypted exchange of information obtained on the road and traffic, which nodes have stored at that time is necessary to avoid passive behavior of users who intend to take advantage of the V ANET without cooperating for its operation. The use of a secret key cryptosystem is recommended given the size of the data file. Our invention proposes to use a temporary secret key of the issuer.

C8 Data authentication The third fundamental element of the invention is part of this module. For the proper functioning of the network it is essential to verify the integrity and origin of the data received by digital signature, evaluation of verifiable characteristics (freshness, location, relevance, correction, etc.) and verification of coincidences with aggregation, since it is due check at all times that the retransmitted information is authentic, current and valid. In this self-managed invention this is only possible by combining techniques of integrity and origin verification, evaluation of verifiable characteristics, and verification of matches with other messages received through data aggregation.

The following describes various concepts and algorithms proposed as a preferred embodiment of the invention, with the specific objective mentioned.

For module C 1 it is proposed as a particular embodiment, that the public identity key be generated as a decimal value of the binary representation corresponding to the upper triangular submatrix of the adjacent symmetric matrix containing the elements corresponding to a Hamiltonian circuit in a graph (see Figure 6).

In module C3 we propose in this specific embodiment, that the variable pseudonym of each node be the hash of the list of IDs of the nodes present in its public keystore at that time. Since this store varies, the pseudonym also varies. In addition, it is possible to verify that the IDs sent in the first authentication step correspond to the hash sent in the corresponding beacon.

In module C4 we propose for this specific embodiment, as shown in Figure 7, that a node B that wishes to establish contact with a node A first asks you to list its store IDs at that time, check its match hash with the pseudonym sent by A in your beacon, and respond by indicating an X key present at the intersection of both stores. Then, the demonstration of mutual null knowledge is carried out on the public key X so that each node builds from said key, considering it as a Hamiltonian circuit, a graph G in which X is a solution to the difficult problem of the Hamiltonian circuit, and what Send to the other node. Then at least two iterations of the demonstration are performed so that in a first step each node sends an isomorphic GI graph to the other as a compromise to the previously sent graph. Each node then sends the other a random challenge indicating whether it wishes to receive from the other node the isomorphism between both graphs or a Hamiltonian circuit in the isomorphic graph. At the end of the demonstration of null knowledge, both nodes know that they share the public key X, which they use to encrypt using the symmetric encryption described below, and send their own public identity key to the other node. Then they exchange their encrypted temporary secret keys with the public key of the other node and finally each uses their own temporary secret key to encrypt with the symmetric encryption described below, and send encrypted their keystore, which is contrasted against the pseudonym forwarded in the beacon and the list of IDs sent in the first authentication step.

For the implementation of the CS module we propose that the warehouse update algorithm described below be used. In it, each node chooses to store in its warehouse those public key certificates of the nodes that have issued or received more valid certificates, since this maximizes the probability of intersection between warehouses, required in module C4. The certificates and nodes of the store are treated in said algorithm respectively as edges and vertices of a graph.

.

Update Function _StoreO

Initialize data structures;

u: = B;

For each (u, ID) E Warehouse Warehouse B

If grade rounded (lD »maximum (grade rounded (WarehouseA or WarehouseB)

If cardinal (WarehouseB) <Limit

rounded grade (lD »maximum (rounded grade (WarehouseB»

Add (u, ID) to WarehouseB;

u: = ID;

End yes End yes End for Finfunction

For the implementation of module C6 we propose that the dishonest node, instead of directly deleting its public key from the warehouse after improper behavior, reflects its conduct by assigning a negative weight to the edges corresponding to certificates issued or received by it, so that when these certificates receive a negative weight, the vertex will progressively cease to be present in the updated warehouses. This scheme is combined in the warehouse update algorithm with an assignment of weights to edges in the warehouse, according to the following criteria: 2 for certificates issued or received directly by the node, 1 for other certificates, -2 for denounced certificates directly by the node, and -1 for certificates denounced by other nodes.

For use in the C7 module, as well as for the secret key encryption contemplated in the C4 module we propose efficient symmetric encryption. This efficiency is essential since in its first use in module C4 the length of the key used, as it is a public key, is generally greater than that established as safe for symmetric encryption, while in its second use in C4 , the keystore in general is a very large file. Also in the C7 module itself the file to be encrypted containing the traffic and road data will in general be very large. Thus, we propose as symmetric encryption the binary flow encryption using as an encrypted sequence generator the one described in Figure 8, which is based on a shift register with primitive feedback polynomial on GF (2), 1 + c¡x + C2X2 + . + CLX \ of degree L equal to the length of the key used at any time, and fed with the seed formed by said key. The register feedback polynomial is given by the primitive polynomial of lower non-zero coefficients and number of said coefficients given by the smallest possible number greater than 0.01 * L, to improve efficiency. The order of the filtering function is the prime number p closest and smaller than Ll2, to ensure large linear complexity. This function includes a linear term corresponding to its order, in addition to a number of terms of each order i = 2, ..., p given by the integer part of Lli, obtained by multiplying successive disjoint stages, to achieve pseudo-randomness and confusion. To avoid correlation attacks, the output of said non-linear filtering is irregularly declined so that the log output determines at any time whether the corresponding filter output is used or discarded. Finally, in order to guarantee a stable output, a size 4 buffer is included.

As a specific proposal for the implementation of the C8 module, we propose that the verification of matches by aggregation of data be carried out according to a probabilistic protocol based on reactive groups, that is, generated ad-hoc to produce an aggregate package (see Figure 9). There are three situations in which vehicles can be found in relation to an incident: Vehicles that are capable of detecting an obstacle or incident on the road and are responsible for generating the corresponding warning messages; Vehicles that receive warning messages and can confirm that the information is true because they have direct contact with the incident; and Vehicles that receive warning messages but are not able to confirm or deny such information since they are out of range. On the other hand, since in most cases the information generated at a given point is of interest to us outside a certain distance radius from that point, three geographical areas are considered in relation to an incident (see Figure 10): Danger (Zl) or central area of the area where the hazard can be detected directly by the vehicle; Zone of uncertainty (Z2) that surrounds the danger zone and where it is not possible to confirm the information directly but where the decision-making must be quick and efficient because in a short period of time the vehicle will enter the danger zone; and Security Zone (Z3), where the nodes behave following the store-and-carry paradigm gathering evidence about the same danger obtained through different packages. We also propose the establishment of reactive groups when a hazard is detected, so that vehicles cooperate forming groups within their

~ _ ~ _ ~~~ ~~

range, in the same geographic cell and generating aggregate information avoiding collisions,

delays, network overloads and repetitions of information. With the use of groups

We intend to prevent the number of packages generated in a danger zone to warn

from a problem grow infinitely, in addition to allowing the reduction of the number of signatures

5

contained in a package. The center of the geographical area corresponds to the location of the

existing danger and from this the different groups are generated. In each group there is a

leader in charge of building the package and adding the signatures of all the vehicles of his

group. Verification of an aggregation message is only performed on those vehicles that

they are unable to directly verify the information, that is, when a vehicle receives a

the

warning message about an incident that is outside the coverage of your antenna and you want

Confirm the authenticity of the message received. The verification carried out by the vehicles

It depends on the direction of travel and the geographical area in which it is located. In the zone

of uncertainty, if a vehicle receives an aggregation message containing n signatures, use the

offset register of length n defined in module C7 fed with the first

fifteen

bit of each of the signatures to generate n bits and verify only the signatures indicated by that

exit. In the security zone, the vehicles check a series of signatures contained in

the package as described in the previous case, but in addition the vehicles will be able to make

other verifications that provide a higher level of reliability on the information

received Thus, being in this area, it is possible to receive several packages added

twenty

corresponding to the same danger but coming from different groups.

To the 8 basic modules of the system described, a final one is added for the concrete realization

module that allows automatic detection of anomalous road conditions with the

in order to notify drivers in advance to avoid or reduce traffic jams.

25

C9. Speed calculation, anomalous traffic conditions and alternative routes

This module uses the information received from a receiver of a global navigation system

by satellite It is necessary to be able to use the network in order to help driving without having

to install any type of infrastructure either in the vehicle or on the road (see Figure 11).

30

Although a specific embodiment of the present has been described and represented

invention, it is clear that the person skilled in the art will be able to introduce variants and

modifications, or replace the details with technically equivalent ones, without departing from the scope of protection defined by the appended claims.

Claims (1)

1. Secure communications system in a spontaneous and self-managed vehicular ad-hoc network for the reduction of road traffic jams, comprising: -a module for generating identity and digital signature keys, based on the generation of the decimal value of the Binary representation corresponding to the upper triangular submatrix of the symmetric adjacency matrix containing the elements corresponding to a Hamiltonian circuit in a graph. -a module for multicast sending and wireless reception of beacons with variable pseudonyms, based on the hash of the list of IDs of the nodes present in your public keystore at that time.

-

a module for mutual authentication of nodes, based on the fact that a node B that wishes to establish contact with a node A first asks for a list of its store IDs at that time, check its hash with the pseudonym sent by A in your beacon, and respond by indicating an X key present at the intersection of both stores. Then, a demonstration of mutual null knowledge about the public key X is carried out so that each node builds from said key, considering it as a Hamiltonian circuit, a graph G in which X is a solution to the difficult problem of the Hamiltonian circuit, and what Send to the other node. Then at least two iterations of the demonstration are performed so that in a first step each node sends an isomorphic GI graph to the other as a compromise to the previously sent graph. Each node then sends the other a random challenge indicating whether it wishes to receive from the other node the isomorphism between both graphs or a Hamiltonian circuit in the isomorphic graph. At the end of the demonstration of null knowledge, both nodes know that they share the public key X, which they use to encrypt using the symmetric encryption described below, and send their own public identity key to the other node. Then they exchange their encrypted temporary secret keys with the public key of the other node and finally each uses their own temporary secret key to encrypt with the symmetric encryption described below, and send encrypted their keystore, which is contrasted against the pseudonym forwarded in the beacon and the list of IDs sent in the first authentication step.

-

a module for updating public key stores, based on using an algorithm in which each node chooses to store in its store those public key certificates of the nodes that have issued or received more valid certificates. The certificates and nodes of the store are treated in said algorithm respectively as edges and vertices of a graph.

-

a module of reputation of nodes, based on reflecting the behavior of a dishonest node by assigning in the warehouse a negative weight to the edges corresponding to certificates issued or received by it, so that upon receiving said certificates a negative weight, the vertex will leave progressively of being present in the updated stores. This scheme is combined in the warehouse update algorithm with an assignment of weights to edges in the warehouse, according to the following criteria: 2 for certificates issued or received directly by the node, 1 for other certificates, -2 for denounced certificates directly by the node, and -1 for certificates denounced by other nodes. -a module of encrypted exchange of data on static and dynamic elements of the road, through the use of a temporary secret key of the sender, and based on a binary flow encryption using a declined and non-linear filtering as buffer generator , of a shift register with primitive feedback polynomial on GF (2) of degree L equal to the length of the key used at any time, fed with the seed formed by said key, and with feedback polynomial given by the primitive polynomial of lower non-zero coefficients and number of said coefficients given by the smallest possible number greater than 0.01 * L. The nonlinear function of filtering has as its order the prime number p closest to and less than L / 2, includes a linear term corresponding to its order, in addition to a number of terms of each order i = 2, ..., p given for the entire part of L / i, obtained by multiplying successive and disjoint stages. The output of said non-linear filtering is irregularly declined so that the output of the register determines at any time whether the corresponding output of the filtrate is used or discarded, being introduced in the first case in a buffer of size 4. -a authentication module of data by checking matches with other messages received through a data aggregation scheme based on reactive groups in which each leader is responsible for building the package and

add the signatures of all the vehicles in your group, and where the verification is carried out according to a probabilistic protocol that depends on the geographical area in which each vehicle is located.

-

a module for automatic detection of anomalous conditions for speed calculation, based on the information received from a receiver of a global satellite navigation system.