车载自组网中可撤销的聚合签名认证方案

为解决车载自组网(VANET)面临的通信安全和隐私保护方面的问题,提出了一种车载自组网中可撤销的聚合签名认证方案.该方案通过匿名认证保障用户隐私,通过使用防篡改设备和聚合签名技术提高认证效率.为实现车辆撤销,要求车辆使用路边单元发放的成员密钥生成签名,当车辆进入路边单元的通信范围时,路边单元实时审查车辆身份,拒绝为撤销...     

面向车载自组网的高效位置隐私保护查询方案

随着车载自组网应用对安全性要求的提高,用户和服务提供商对各自私有信息保密性的要求也越来越高。针对现有查询方案无法同时保护车辆身份、位置及服务提供商数据隐私的问题,利用私有信息检索技术,提出一种高效的位置服务查询方案。采用匿名认证的方法进行车辆间的相互认证与车辆及路边基站的认证。在此基础上,使用安全硬件对数据库的数据进行混淆处理,通过代理重加密完成车辆对数据库服务数据的检索,从而实现车辆和数据库双方的隐私保护。分析结果表明,该方案可实现车辆身份匿名查询,能够保护车辆位置隐私和服务提供商的数据库信息,且只需两轮通信,具有较高的通信效率。     

车载自组网中基于无证书的密钥隔离批量消息认证方案

针对车载自组网(VANET)中匿名认证存在的安全性问题,提出了一种高效的车载自组网的匿名认证方案。该方案将无证书密码体制和密钥隔离技术结合应用在车载自组网的环境中,通过更新协助器RSU与车辆用户OBUi的密钥,使得某时间段的临时私钥的泄漏不会影响到前向和后向的安全性,并在随机预言模型下证明了该方案的安全性。最后,性能分析结果表明,该方案不仅提高了消息签名匿名认证的效率,而且降低了整个系统运算的开销,具有较好的理论意义与实用价值。     

车载自组织网络中基于身份的匿名认证方案

针对于车载自组织网络中的身份认证问题,提出一种新颖的基于身份的匿名认证方案,该方案在保护了车辆的身份隐私信息的同时不仅满足了车辆节点与路边单元节点间的身份认证的需求,而且确保了车辆节点之间的身份认证。该方案利用基于身份的密码技术,减少了系统管理公钥证书的工作量和对节点证书认证的代价。最后通过安全性和复杂性分析,结果表明该方案不仅易于实现,而且安全可靠并具有较低的计算复杂度及通信开销。     

车载自组织网络中新颖的无加密匿名认证方案

针对车载自组织网(VANET)身份认证中的隐私信息保护问题,提出了一种新的基于线性方程组理论的匿名认证方案。该方案不使用传统的任何对称或非对称加密算法,而是利用线性方程组的求解理论,构建了一种匿名身份认证模型,在保证节点身份可认证的同时又防止了节点身份信息在非安全传输信道上泄露。此外,方案不仅满足了车辆单元节点(OBU)与路边单元节点(RSU)间的身份认证的需求,而且确保了车辆节点之间的身份认证。安全性和复杂性分析结果表明,所提方案安全可靠,且有较低的计算和通信开销。     

一种基于签密的移动自组网络身份认证方案

移动自组网是一种有特殊用途的对等式网络,具有无中心、自组织、可快速展开、可移动等特点,这些特点使得它在战场、救灾等特殊场合的应用日渐受到人们的重视。对移动自组织网络节点间的认证技术进行了研究。分析了目前移动自组网络中适用的认证协议和方法,提出一种基于签密的无线Ad Hoc网络身份认证方案。通过分析证明,该方案在无线Ad Hoc网络环境中有较高的安全性。     

车载自组织网络中一种有效的匿名认证方法

针对现有车载自组织网络（Vehicular Ad-hoc Network,VANET）匿名认证方案在网络规模较大时存在复杂性和执行效率方面的问题,提出了一种基于盲签名和组合公钥（Combined Public Key,CPK）算法的认证方案,并对该方案所包含的认证协议进行了详细描述。安全性和执行效率分析表明,与现有方案相比提出的匿名认证方案在保证用户匿名性的同时还具有较高的执行效率。     

基于城市公交的车载自组网隐私保护协议

针对车载自组网中存在的隐私泄露问题,提出了一种基于城市公交的车载自组网隐私保护协议。该协议利用可信度高的公交车来广播路况信息和应答车辆路况信息的查询,有效地减少普通车辆需认证消息的数量;公交车利用安全认证中心颁发的数字证书与其他车辆建立起信任关系,解决了用户假冒的问题;车辆之间利用Diffie-Hellman算法生成会话密钥对消息进行对称加密,有效地保护了用户的身份信息,同时提高了消息认证的效率。安全性证明和分析表明,该协议在语义上是安全的,能抵抗现有各种攻击,并且可以实时处理用户的请求。     

基于区块链的车载自组网车与基础设施快速切换认证方案

针对车载自组网（VANET）中车辆通信面临的安全风险挑战以及车辆进入新的基础设施覆盖范围时需要进行复杂的身份重新认证问题,提出基于区块链的车载自组网V2I(Vehicle-to-Infrastructure)快速切换认证方案。该方案利用区块链去中心化、分布式和防篡改的特性,实现车辆认证信息的存储与查询;使用令牌机制,减少区块链查询次数,简化路边单元（RSU）切换认证阶段的认证过程,在后续的认证过程中只需检查令牌的有效性,实现了RSU的快速切换认证;采用了批量认证方法,能有效减少认证过程中的计算开销,提高消息认证效率;另外,可以实现对恶意车辆的追溯与撤销,并及时更新车辆的匿名身份,保证车辆的匿名性。相较于匿名批量认证方案、全聚合认证方案、无证书聚合签名方案、基于区块链的认证方案,所提方案在消息认证耗时上缩短了约51.1%、77.45%、77.56%和76.01%。实验结果表明,该方案能够有效降低车载自组网中的计算开销和通信开销。     

一种适用于车载自组网的无证书签名方案

车载自组网通过车辆与路边基础设施共享交通信息,从而提供各类安全服务,改善了人们的出行体验.但是,车载自组网中的通信安全和车辆的隐私保护等问题亟待解决.针对这些问题,首先,证明Thumbur等人的方案无法抵抗公钥替换攻击.其次,基于零信任架构提出一种适用于车载自组网的无证书签名方案,该方案中的可信中心与车辆通过公共信道协...     

Restricted usage of anonymous credentials in vehicular ad hoc networks for misbehavior detection

The automobile industry is entering a new era of digitalization with major impact on human mobility and transportation infrastructures. A result of such a convergence between the automobile and information technologies is vehicular ad hoc network (VANET), a type of mobile ad hoc networks that has recently enjoyed a lot of attention from the industry, the research community, lawmakers and privacy activists. In VANET, vehicles frequently broadcast various types of messages, including location data. This enables innovative applications and improvements in safety and driving experience. As messages broadcasted in the VANET are digitally signed and the receiver must be able to verify the sender’s authentication and message integrity, there is a need to ensure broadcast authentication and protect driver’s anonymity. However, communication in VANETs takes place with high frequency, and malicious vehicles can hide behind anonymity in order to duplicate packets and get advantage over other vehicles in the network. Indeed, state-of-the-art approaches to privacy-preserving messages broadcast in the VANET typically ensure that each vehicle has a number of pseudonymous certificates that are changed regularly in order to thwart an automated tracing of its activities. However, the possibility of uncontrolled simultaneous use of pseudonyms by misbehaving vehicles remain unaddressed. This paper proposes a set of anonymous credential system based protocols for VANET that enables the detection and limitation of pseudonym/credential overspending. The revocation of the misbehaving vehicle can be also achieved through the proposed solutions. With the prototypical implementation of the proposed protocols, it has been shown that the successful detection of fraud, i.e., pseudonyms overspending and the subsequent revocation of credentials are possible in VANET.     

一种无线Ad Hoc网络动态混淆匿名算法

无线Ad Hoc网络的特殊性决定了它要受到多种网络攻击的威胁,现有的加密和鉴别机制无法解决流量分析攻击.在比较了抗流量分析的匿名技术基础上,提出混淆技术可以满足无线Ad Hoc网络的匿名需求,但现有的混淆算法在Ad Hoc网络下却存在安全与效率的问题.提出了一种动态混淆的RM(pseudo-random mix)算法,该算法主要对混淆器的管理部分进行重新设计.RM算法根据混淆缓冲区的情况进行决策,当缓冲区未满时采用时延转发方式,缓冲区满后采用随机数转发方式,这样既保证了无线Ad Hoc节点的匿名性,同时又解决了停等算法的丢包现象.对RM算法的安全性和效率进行了分析,仿真结果与理论分析相一致,表明RM算法在无线Ad Hoc网络下具有较好的自适应性和实用价值.     

An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network

Value-added applications in vehicular ad hoc network (VANET) come with the emergence of electronic trading. The restricted connectivity scenario in VANET, where the vehicle cannot communicate directly with the bank for authentication due to the lack of internet access, opens up new security challenges. Hence a secure payment protocol, which meets the additional requirements associated with VANET, is a must. In this paper, we propose an efficient and secure payment protocol that aims at the restricted connectivity scenario in VANET. The protocol applies self-certified key agreement to establish symmetric keys, which can be integrated with the payment phase. Thus both the computational cost and communication cost can be reduced. Moreover, the protocol can achieve fair exchange, user anonymity and payment security.     

Privacy addressing and autoconfiguration for mobile ad hoc networks

Allowing truly spontaneous and infrastructureless networking, mobile ad hoc networks (MANETs) are the future of wireless networks. However, most autoconfiguration proposals for MANETs lack privacy support, namely anonymity or pseudonymity and unlinkability aspects, which has become important considerations in many practical applications. This paper presents a novel privacy extension approach (PEA) for MANETs, which prevents eavesdroppers from identifying a particular mobile node by its address. In addition to privacy concerns, our scheme also brings some performance benefits, e.g., reducing the possibility of address conflict when the merging of separately configured networks occurs.     

基于无证书代理重签名的车载自组网消息认证方案

基于代理重签名和无证书公钥密码体制,提出了一个安全的车载自组网消息认证方案。认证中心利用代理重签名技术,可转换车载单元对消息的签名为路边单元的签名,从而降低了根据签名识别车辆身份的风险,实现通信消息的匿名性。采用无证书公钥密码体制将各实体的私钥分为两部分,有效解决了车载自组网中的证书管理与密钥托管问题。如果车辆发布虚假消息,认证中心能准确追溯到车辆的真实身份,并召回违法车辆。与Huang方案相比,新方案具有较高的安全性和较低的通信开销。     

The design of speedy seamless safe messaging mechanism in VANET

With the popularity of automobile, traffic safety and our lives are inseparable. In vehicular ad hoc networks (VANETs), the properties authenticity, privacy and traceability have already been considered in many previous researches. Many automotive systems combine their applications with smart life. In this paper, a speedy seamless safe (3-S) messaging mechanism for roadside-to-vehicle authentication and vehicle-to-vehicle communication is proposed. In addition to the essential requirements mentioned above, 3-S messaging mechanism is designed to reduce the computation cost and provide the seamless communication when the vehicle crosses the various regions. With better performance and availability, our scheme can be applied in various VANET applications, especially in safety systems to provide the drivers active safety.     

车载自组网中一种支持群签名认证的分布式密钥管理方案

群签名具备良好的匿名认证特性,满足车载自组网信息安全和隐私保护需求。但是,其作废开销较大,不适于在大规模网络环境中应用。为此,本文提出了一种支持群签名认证的分布式密钥管理方案DKM,将车载自组网的覆盖区域划分为若干子区域,车辆周期性地从所在子区域的群管理机构更新群密钥。这样,作废某个成员只需要在其拥有合法密钥的子区域内通告,而不是整个网络,有利于降低作废开销。同时,DKM中的密钥更新机制能够保证车辆的群密钥的私密性,从而避免了车辆与区域群管理机构的授权争议,保持了数字签名的不可否认性。性能分析表明DKM能够显著缩短作废列表长度,同时没有增加认证开销。     

RSU-based message authentication for vehicular ad-hoc networks

Message authentication that ensures a message is genuine and verifies the source of the sender is a key issue in vehicular ad hoc networks (VANETs). Because messages may provide life-critical traffic information or emergency messages transmitted by unfamiliar sources. Because the vehicle in a VANET transmits messages in real-time in a high-mobility environment, traditional PKI security schemes are not suitable for VANET. The use of roadside units (RSUs) makes message authentication in VANET easy, but it also causes two problems and needed to be solved: how to authenticate messages transmitted between two different RSU ranges, and how to hand off messages for the vehicles moving across different RSU communication ranges. This paper proposes a comprehensive message authentication scheme that enables the message authentication within intra and between inter RSU ranges and hand-off between different RSUs. The proposed scheme balances the overhead for computation and communication with security against attacks. Efficiency analysis and comparison with related works demonstrate that the proposed scheme is a superior message authentication method for VANET.