KR20170065172A - Method and apparatus for generating certificate of vehicle in vehicular ad-hoc network - Google Patents
Method and apparatus for generating certificate of vehicle in vehicular ad-hoc network Download PDFInfo
- Publication number
- KR20170065172A KR20170065172A KR1020150171285A KR20150171285A KR20170065172A KR 20170065172 A KR20170065172 A KR 20170065172A KR 1020150171285 A KR1020150171285 A KR 1020150171285A KR 20150171285 A KR20150171285 A KR 20150171285A KR 20170065172 A KR20170065172 A KR 20170065172A
- Authority
- KR
- South Korea
- Prior art keywords
- vehicle
- certificate
- authentication
- generating
- authentication server
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Abstract
A method for generating a vehicle certificate in a vehicle ad hoc network (VANET) according to an embodiment of the present invention includes the steps of: (a) requesting a certificate issuing unit to issue a new certificate to an authentication server via an RS ; (b) generating an authentication key using the additional authentication device that is not physically replicable by the authentication server; And (c) generating, by the authentication server, a new certificate for the vehicle based on the authentication key and transmitting the generated new certificate to the vehicle via the roadside apparatus, : Physically Unclonable Function) and generates a certificate based on the generated authentication key, there is no need to store a separate authentication key in the authentication server, and there is no possibility that the authentication key is leaked, A certificate can be generated and provided.
Description
The present invention relates to a method and apparatus for generating vehicle certificates in a vehicular ad hoc network.
Vehicle Ad-hoc Network (VANET) is a wireless network technology for vehicle-to-vehicle or vehicle-to-infrastructure wireless communication with an on-board unit (OBU) It is a technology that can provide various services such as traffic problem solving or car accident prevention.
Because VANETs exchange information between vehicles or between vehicles and infrastructure through wireless communication, there is a security problem due to unauthorized vehicle security threats.
As a method for solving such a security problem, there is a method of generating and issuing a certificate for a vehicle to be authenticated based on a public key infrastructure (PKI).
FIG. 1 illustrates a VANET environment in which a certificate is generated and issued based on a general PKI scheme.
The authentication server A 100 is responsible for area A and the
Currently, the technology for generating and operating the authentication key of the VANET authentication server is not standardized, and the generation and operation of the authentication key is a technology field specific to each company by country.
Authentication and security in the VANET requires enterprise-level data center security when considering the risk of accidents.
1, the
Since the area A and the area B are overlapped with each other in the intermediate area between the second RSE2 and the third RSE3, the overlapping area is a certificate received from the
Therefore, it is required to define the generation, renewal, and discarding of the certificate caused by the movement of the vehicle between the regions.
In addition, the
A problem to be solved by the present invention is to generate an authentication key using a physical unclonable function (PUF) and generate a certificate based on the generated authentication key so that it is not necessary to store a separate authentication key in the authentication server The present invention provides a method of generating a vehicle certificate in a vehicle ad hoc network having a very strong security strength because there is no possibility that an authentication key is leaked.
A problem to be solved by the present invention is to generate an authentication key using a physical unclonable function (PUF) and generate a certificate based on the generated authentication key so that it is not necessary to store a separate authentication key in the authentication server There is no possibility that the authentication key will be leaked, and a vehicle certificate generating device in a vehicle ad hoc network having a very strong security strength is provided.
According to an aspect of the present invention, there is provided a method of generating a vehicle certificate in a vehicle ad hoc network (VANET), the method including generating an On Board Unit (OBU) (RSU) for relaying communication between the vehicle and the authentication server, which is installed in the vicinity of the road and that is installed in the vicinity of the road, A method for generating a vehicle certificate in a network (VANET: Vehicular Ad-hoc Network)
(a) requesting the certification subject vehicle to issue a new certificate to the authentication server via the roadside apparatus;
(b) generating an authentication key using the additional authentication device that is not physically replicable by the authentication server; And
(c) the authentication server generates a new certificate for the vehicle based on the authentication key and transmits the generated new certificate to the vehicle via the roadside apparatus.
In the method of generating a vehicle certificate in a vehicle ad hoc network (VANET) according to an embodiment of the present invention, the additional authentication device may physically And a physical unclonable function (PUF) module that outputs non-replicating output values.
In the method of generating a vehicle certificate in a vehicle ad hoc network (VANET) according to an embodiment of the present invention, in the step (a), the vehicle to be authenticated is moved from the first area to the second area The vehicle to be authenticated may request issuance of a new certificate to the authentication server of the second area.
In addition, in the method of generating a vehicle certificate in a vehicle ad hoc network (VANET) according to an embodiment of the present invention, in the step (a) When requesting issuance, the vehicle to be authenticated transmits its vehicle identification information to the authentication server through the RSE,
The step (b)
(b-1) generating an initial vector used by the authentication server only for a predetermined period of time;
(b-2) the authentication server performs an XOR operation on the initial vector and the identification information of the vehicle; And
(b-3) the authentication server inputs the result of the exclusive-OR operation as an input value of the physical unclonable function module (PUF), and uses an output value output from the physical copy protection function as an authentication key And generating a new certificate for the vehicle.
In addition, the method of generating a vehicle certificate in a vehicle ad hoc network (VANET) according to an embodiment of the present invention may further include: (d) after the step (c) And discarding the existing certificate.
According to another aspect of the present invention, there is provided an apparatus for generating a vehicle certificate in a vehicle ad hoc network (VANET)
A control unit for receiving the vehicle identification information and generating a new certificate when the vehicle to be authenticated transmits its own vehicle identification information and requests a new certificate issuance; And
And an additional authentication device for outputting an output value that is not physically replicable according to an input value,
Wherein,
An initial vector generating unit for generating an initial vector used only for a predetermined period;
An exclusive OR operation unit that performs an exclusive OR operation on the initial vector and the vehicle identification information to provide the input vector to the additional authentication apparatus as an input value; And
And a certificate generating unit for generating a new certificate for the vehicle using the output value of the additional authentication device as an authentication key.
In an apparatus for generating a vehicle certificate in a vehicle ad hoc network (VANET) according to an embodiment of the present invention,
The additional authentication apparatus may include a physical unclonable function (PUF) module for outputting an output value that is physically non-replicable according to input values using inherent hardware characteristics.
In addition, in a vehicle certificate generating apparatus in a vehicle ad hoc network (VANET) according to an embodiment of the present invention,
The control unit may further include a controller for controlling operations of the initial vector generation unit, the exclusive-OR computation unit, and the certificate generation unit.
According to the method and apparatus for generating a vehicle certificate in a vehicular ad hoc network according to an embodiment of the present invention, an authentication key is generated using a physical unlockable function (PUF), and based on the generated authentication key, It is not necessary to store a separate authentication key in the authentication server and there is no possibility that the authentication key will be leaked, so that a certificate having a very strong security strength can be generated and provided.
1 illustrates a VANET environment for generating and issuing certificates based on a general PKI scheme.
2 is a view for explaining a method and apparatus for generating a vehicle certificate in a vehicle ad hoc network according to an embodiment of the present invention;
3 is a flowchart of a method of generating a vehicle certificate in a vehicle ad hoc network according to an embodiment of the present invention.
4 is a block diagram of an apparatus for generating a vehicle certificate in a vehicle ad hoc network according to an embodiment of the present invention.
BRIEF DESCRIPTION OF THE DRAWINGS The objectives, specific advantages and novel features of the present invention will become more apparent from the following detailed description taken in conjunction with the accompanying drawings, in which: FIG.
Prior to that, terms and words used in the present specification and claims should not be construed in a conventional and dictionary sense, and the inventor may properly define the concept of the term in order to best explain its invention Should be construed in accordance with the principles and the meanings and concepts consistent with the technical idea of the present invention.
It should be noted that, in the present specification, the reference numerals are added to the constituent elements of the drawings, and the same constituent elements are assigned the same number as much as possible even if they are displayed on different drawings.
Also, the terms "first", "second", "one side", "other side", etc. are used to distinguish one element from another, It is not.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS In the following description of the present invention, a detailed description of known arts which may unnecessarily obscure the gist of the present invention will be omitted.
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.
2 is a view for explaining a method and apparatus for generating a vehicle certificate in a vehicle ad hoc network according to an embodiment of the present invention.
It is assumed in FIG. 2 that the
When the
When the
The
The newly generated certificate is transmitted to the
The physical copy protection function (PUF)
A physical copy protection module (PUF) module may be included in every authentication server present in the vehicle ad hoc network for authentication key generation.
As described above, since the
As described above, since the
Further, according to an embodiment of the present invention, when the certificate is updated and discarded due to the local movement of the vehicle, it can be processed quickly without complicated procedures.
3 is a flowchart of a method of generating a vehicle certificate in a vehicle ad hoc network according to an embodiment of the present invention.
Referring to FIGS. 2 and 3, in step S300, the vehicle to be authenticated 224 senses the movement from area A to area B.
In the next step S302, the
When the
In the next step S306, the
In step S308, the
In a next step S310, the
In the next step S312, the
In the next step S314, the
4 is a block diagram of an apparatus for generating a vehicle certificate in a vehicle ad hoc network according to an embodiment of the present invention.
The certificate generating apparatus shown in FIG. 4 is a certificate generating apparatus included in the
Referring to FIG. 4, a vehicle certificate generating apparatus in a vehicle ad hoc network (VANET) according to an embodiment of the present invention is configured so that the vehicle to be authenticated 224 has its own vehicle identification information (VID) A
The
The
When the vehicle identification information (VID) and the new certificate issue request are received from the
The physical copy protection function (PUF)
The
The apparatus for generating a vehicle certificate in a vehicle ad hoc network (VANET) according to an embodiment of the present invention shown in FIG. 4 generates an authentication key using the physical copy
As described above, the
According to an embodiment of the present invention, when a certificate is renewed and discarded due to inter-area movement of a vehicle, it can be processed quickly without complicated procedures.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments. It is clear that the present invention can be modified or improved.
It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
100, 220:
104, 224: vehicle 226: physical copy protection function
400: control unit 402: PUF module
404: Exclusive OR operation unit 406: Initial vector generating unit
408: Certificate generation unit 410:
IV: initial vector RSU1 to RSU4:
VID: vehicle identification information
Claims (8)
(a) requesting the certification subject vehicle to issue a new certificate to the authentication server via the roadside apparatus;
(b) generating an authentication key using the additional authentication device that is not physically replicable by the authentication server; And
(c) generating, by the authentication server, a new certificate for the vehicle based on the authentication key and transmitting the generated new certificate to the vehicle via the roadside apparatus. A Vehicle Certificate Generation Method in Vehicular Ad-hoc Network.
The additional authentication device includes a physical ad hoc network (VANET) module including a physical unclonable function (PUF) module for outputting an output value that is physically non-reproducible in accordance with an input value using inherent hardware characteristics. Ad-hoc Network).
In the step (a)
(VANET: Vehicular Ad-hoc Network (VANET)) requesting issuance of a new certificate to the authentication server of the second area when the vehicle to be authenticated detects movement from the first area to the second area. hoc Network).
In the step (a), when the authentication subject vehicle requests a new certificate issuance to the authentication server, the authentication subject vehicle transmits its vehicle identification information to the authentication server through the roadside apparatus,
The step (b)
(b-1) generating an initial vector used by the authentication server only for a predetermined period of time;
(b-2) the authentication server performs an XOR operation on the initial vector and the identification information of the vehicle; And
(b-3) the authentication server inputs the result of the exclusive-OR operation as an input value of the physical unclonable function module (PUF), and uses an output value output from the physical copy protection function as an authentication key And generating a new certificate for the vehicle. ≪ Desc / Clms Page number 20 >
After the step (c)
(d) the vehicle further receiving the new certificate and discarding the existing certificate. < Desc / Clms Page number 20 >
A control unit for receiving the vehicle identification information and generating a new certificate when the vehicle to be authenticated transmits its own vehicle identification information and requests a new certificate issuance; And
And an additional authentication device for outputting an output value that is not physically replicable according to an input value,
Wherein,
An initial vector generating unit for generating an initial vector used only for a predetermined period;
An exclusive OR operation unit that performs an exclusive OR operation on the initial vector and the vehicle identification information to provide the input vector to the additional authentication apparatus as an input value; And
And a certificate generating unit for generating a new certificate for the vehicle using the output value of the additional authentication device as an authentication key.
The additional authentication device includes a physical ad hoc network (VANET) module including a physical unclonable function (PUF) module for outputting an output value that is physically non-reproducible in accordance with an input value using inherent hardware characteristics. Ad-hoc Network).
Wherein the control unit further comprises a controller for controlling the operations of the initial vector generating unit, the exclusive-OR calculating unit, and the certificate generating unit. The vehicle certificate generating apparatus in a vehicle ad hoc network (VANET) .
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150171285A KR101782483B1 (en) | 2015-12-03 | 2015-12-03 | Method and apparatus for generating certificate of vehicle in vehicular ad-hoc network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150171285A KR101782483B1 (en) | 2015-12-03 | 2015-12-03 | Method and apparatus for generating certificate of vehicle in vehicular ad-hoc network |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20170065172A true KR20170065172A (en) | 2017-06-13 |
KR101782483B1 KR101782483B1 (en) | 2017-10-23 |
Family
ID=59218986
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150171285A KR101782483B1 (en) | 2015-12-03 | 2015-12-03 | Method and apparatus for generating certificate of vehicle in vehicular ad-hoc network |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101782483B1 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021172603A1 (en) * | 2020-02-24 | 2021-09-02 | 엘지전자 주식회사 | Method for protecting v2x communication using server in wireless communication system |
US11218330B2 (en) | 2019-03-25 | 2022-01-04 | Micron Technology, Inc. | Generating an identity for a computing device using a physical unclonable function |
US11233650B2 (en) * | 2019-03-25 | 2022-01-25 | Micron Technology, Inc. | Verifying identity of a vehicle entering a trust zone |
US11323275B2 (en) | 2019-03-25 | 2022-05-03 | Micron Technology, Inc. | Verification of identity using a secret key |
US11361660B2 (en) | 2019-03-25 | 2022-06-14 | Micron Technology, Inc. | Verifying identity of an emergency vehicle during operation |
US11962701B2 (en) | 2021-12-21 | 2024-04-16 | Micron Technology, Inc. | Verifying identity of a vehicle entering a trust zone |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2015023307A (en) | 2013-07-16 | 2015-02-02 | 株式会社デンソー | Authentication device and authentication system |
-
2015
- 2015-12-03 KR KR1020150171285A patent/KR101782483B1/en active IP Right Grant
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11218330B2 (en) | 2019-03-25 | 2022-01-04 | Micron Technology, Inc. | Generating an identity for a computing device using a physical unclonable function |
US11233650B2 (en) * | 2019-03-25 | 2022-01-25 | Micron Technology, Inc. | Verifying identity of a vehicle entering a trust zone |
US11323275B2 (en) | 2019-03-25 | 2022-05-03 | Micron Technology, Inc. | Verification of identity using a secret key |
US11361660B2 (en) | 2019-03-25 | 2022-06-14 | Micron Technology, Inc. | Verifying identity of an emergency vehicle during operation |
WO2021172603A1 (en) * | 2020-02-24 | 2021-09-02 | 엘지전자 주식회사 | Method for protecting v2x communication using server in wireless communication system |
US11962701B2 (en) | 2021-12-21 | 2024-04-16 | Micron Technology, Inc. | Verifying identity of a vehicle entering a trust zone |
Also Published As
Publication number | Publication date |
---|---|
KR101782483B1 (en) | 2017-10-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9602290B2 (en) | System and method for vehicle messaging using a public key infrastructure | |
JP6065113B2 (en) | Data authentication apparatus and data authentication method | |
KR101782483B1 (en) | Method and apparatus for generating certificate of vehicle in vehicular ad-hoc network | |
CN103731469A (en) | In-vehicle communication system | |
US9608808B2 (en) | Mobile terminal, control method thereof, onboard unit, control method thereof, backend server, and control method thereof | |
CN108141444B (en) | Improved authentication method and authentication device | |
JP5380583B1 (en) | Device authentication method and system | |
KR101829304B1 (en) | Method of secure communications in vehicular cloud | |
CN104219663A (en) | A method and system for certificating vehicle identity | |
CN113596778A (en) | Vehicle networking node anonymous authentication method based on block chain | |
KR20200091689A (en) | Security management system for vehicle communication and operating method thereof, messege processing method of vehicle communication service providing system having the same | |
CN104010302A (en) | Vehicle-mounted self-organizing network traffic data trust evaluation method | |
CN104053149A (en) | Method and system for realizing security mechanism of vehicle networking equipment | |
Fan et al. | Strongly privacy-preserving communication protocol for VANETs | |
CN112448812A (en) | Method for protected communication of a vehicle with an external server | |
CN108933665A (en) | Lightweight V2I group communications identities indentification protocol applies the method in VANETs | |
Funderburg et al. | Pairing-free signatures with insider-attack resistance for vehicular ad-hoc networks (VANETs) | |
Shawky et al. | Efficient blockchain-based group key distribution for secure authentication in VANETs | |
Sakhreliya et al. | PKI-SC: Public key infrastructure using symmetric key cryptography for authentication in VANETs | |
Suresh et al. | A TPM-based architecture to secure VANET | |
AU2020220129A1 (en) | Method of enrolling a device into a pki domain for certificate management using factory key provisioning | |
CN113923651B (en) | Vehicle pseudonym replacement method, apparatus and computer-readable storage medium | |
Kleberger et al. | Protecting vehicles against unauthorised diagnostics sessions using trusted third parties | |
Hathal et al. | Token-based lightweight authentication scheme for vehicle to infrastructure communications | |
CN111656729B (en) | System and method for computing escrow and private session keys for encoding digital communications between two devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |