厚势按:针对现有的假冒汽车身份攻击方法和多服务器身份认证问题,分析并总结了车联网安全和身份认证的相关研究和成果,基于区块链技术的特征和原理,将区块链技术与车联网相结合,应用在汽车身份认证中,提出适用于车联网身份认证的区块链系统框架,并基于该框架设计了汽车与多服务器、汽车及路边设施单元(RSU)之间的认证,分析了其可行性。
is based on : Analysis and summary of research and results related to vehicle network security and identification, based on the characteristics and rationale of block chain technology, integration of block chain technology with vehicle connectivity, application in vehicle identification, presentation of a framework for block chain systems applicable to vehicle network identity certification, and design and feasibility of certification between vehicles and multiserver, vehicle and roadside facility units (RSU) based on this framework.
本文来自 2018 年 5 月 21 日出版的《 汽车技术 》,作者是成都信息工程大学刘勇、李飞、高路路和徐翔。
This paper is from Automobile Technology, published on 21 May 2018, by Chengdu Information Engineering University Liu Yong, Li Fei, High Road and Seo-Sun.
1. 前言
1. Foreword
智慧城市 [1] 是城市发展的高级产物,其核心理念是实现城市中各个物体的互联、动态感知、智慧管理,为未来城市提供了一种新的发展方向。智慧交通作为智慧城市的核心之一,涉及物联网、云计算、大数据等多项综合技术,使人、车、路协调运转 [2]。而车联网作为智慧交通的核心领域,以车内网、车际网和车载移动互联网为基础 [3],实现车与车、车与建筑物、车与基础设施单元之间的信息交换,甚至可以帮助实现汽车与行人、汽车与非机动车之间的「对话」[4]。
Smart cities [1] are high-level products of urban development whose core concept is to achieve connectivity, dynamic perception, intelligent management of every object in a city, providing a new direction for future cities. Smart traffic, as one of the core technologies of intelligent cities, involves a combination of things-networking, cloud computing, big data, etc., making people, cars and roads work together [2]. Car-networking, as the core area of intelligent traffic, is based on in-car networks, inter-vehicle networks and mobile on-board Internets [3], enabling the exchange of information between cars and vehicles, vehicles and buildings, vehicles and infrastructure units, and even helping to achieve a "dialogue" between cars and pedestrians, cars and non-motorized vehicles.[4]
在车联网中,由于车辆自身的移动特性,车载通信具有移动区域受限、网络拓扑变化快、网络频繁接入和中断、节点覆盖范围大、通信环境复杂等特点[5]。基于这些特点,目前车联网的发展面临几个主要问题:
In the case of car connections, because of their own mobile features, vehicle-borne communications have several major problems in the development of such features as restricted mobile areas, fast-paced networks, frequent network access and interruptions, high node coverage, and complex communications environments.[5] On the basis of these characteristics, there are currently several major problems:
a. 建设成本和能源消耗。在车载移动互联网中,路边设施单元(Road Side Unit,RSU)作为车辆自组织网(Vehicular Ad-hoc Network,VANET)无线接入点,将车辆和道路等信息上传至互联网并发布,这种车与基础设施(Vehicle to Infrastructure,V2I)的协作通信模型需要大量的 RSU 支撑,增加了建设的成本和能源消耗 [6-7]。
a. Construction costs and energy consumption. In mobile on-board Internet, roadside facility units (Road Side Unit, RSU) serve as wireless access points for Vehicular Ad-hocNetwork, VANET, uploading and distributing information such as vehicles and roads to the Internet, a collaborative communications model with infrastructure (Vehicle to Infrastructure, V2I) requiring significant RSU support, increasing construction costs and energy consumption [6-7].
b. 通信协议标准不统一。在车联网中存在着多种网络通信协议,不同网络数据传输需要进行协议转换,影响通信效率。此外,由于车辆高速行驶,需要快速可靠的网络连接和数据传输,这对网络通信时延有着极高的要求。
b. Communications protocol standards are not uniform. has multiple network communications protocols in the car network, and different network data transmissions require conversion protocols that affect the efficiency of communications. In addition, rapid and reliable network connections and data transmission are required because of the high speed of vehicles, which is a very high demand for delay in network communications.
c. 安全问题。由于车联网采用无线通信,因此存在数据破坏、重放、假冒和监听等安全及个人隐私问题 [8-9],可能造成财产损失甚至危及驾乘人员的人身安全。
c. Security issues. . Security and personal privacy issues such as data damage, re-entry, counterfeiting and wiretapping [8-9] may result in damage to property and even endanger the safety of driving personnel as a result of the use of wireless communications on the vehicle network.
2. 车联网身份认证研究现状
2. Current status of research on the identification of vehicle networks
V2X(Vehicle to X)是自动驾驶的必要技术和智慧交通的重要一环,其中 X 可以表示基础设施、车辆、行人或道路等。目前 V2X 技术的两大阵营分别是由国内企业推动的车间通信长期演进(Long Term Evolution-Vehicle,LTE-V)技术和美国主导的专用短程通信(Dedicated Short Range Communications,DSRC)技术(基于 IEEE 802.11p)。
V2X (Vehicle to X) is an important part of the necessary technology and intelligent traffic for autopilot, in which X can mean infrastructure, vehicles, pedestrians, roads, etc. The two main camps of V2X technology are now long-term evolution of workshop communications (Long Term Evolution-Vehicle, LTE-V) and United States-led short-range communications (Dedicated Short Range Corporations, DSRC) technologies (based on IEEE 802.11p).
现有的车联网通信中依旧存在很多安全性问题,例如,Sybil 攻击 [10-11] 是一种基于假冒身份的车联网攻击方法,假冒节点通过伪造汽车身份标识控制车辆,发送虚假信息,伪造交通场景从而影响车辆的正常判断,导致交通网络运行瘫痪或引发交通事故等。
There are still many security problems in existing car-networked communications, such as the
所有的用户系统都有认证与授权功能 [12]。在车辆身份认证领域,学者们提出了一些安全认证方案。
All user systems at
王群 [13] 提出了基于射频识别(Radio Frequency Identification,RFID)的车辆身份信息识别方法,车辆经过阅读器覆盖区域时,其电子标签被激活并被读写器识别,读写器将识别的车辆信息通过网络发送到中心数据库进行身份识别和验证。
The Wang Qun [13] proposes a method for identifying vehicles based on radio frequency identification (Radio Frequency Identification, RFID), whose electronic labels are activated and recognized by the readers when the vehicles pass through the reader over the area, and the readers send the identified vehicle information via the network to the central database for identification and validation.
Z Gao 等人提出了基于公钥基础设施(Public Key Infrastructure,PKI)的认证方法[14],满足了不同用户甚至同一用户在不同场景下的安全需求。
Z Gao et al. proposed a certification method based on public key infrastructure (Public Key Infrastructure, PKI) [14], which met the security needs of different users and even of the same user in different settings.
王文骏提出了基于证书的车辆身份认证方法[15],车辆在区域服务器完成注册后获取证书,实现车辆身份匿名认证,并能够独立检测 Sybil 攻击,恶意车辆身份撤销由区域服务器完成,避免使用撤销列表,使车辆省去查找撤销列表的开销。
Wang Wenjun proposed a certificate-based vehicle identification method [15], that vehicles obtain a certificate after the regional server has been registered, that vehicles are anonymously authenticated and capable of independently detecting Sybil attacks, that malicious vehicle identification is withdrawn from the regional server, that the cancellation list is avoided, and that vehicles are prevented from identifying the costs of the cancellation list.
Calandriello G 等人提出了基于身份签名(Identity-Based Signature,IBS)的认证方法[16],以确保合法节点可以匿名和更容易生成化名。此外还有基于群签名(Group Signature)的认证方法 [17-21] 等。
Calandriello G. et al. proposed authentication methods based on identity-Based Signature, IBS[16] to ensure that legal nodes can be anonymous and easier to generate aliases. There are also authentication methods based on group signatures [17-21], etc.
但这些认证方法适用于简单通信环境,无法满足复杂环境中多信道的安全需求。
However, these authentication methods apply to simple communications environments and do not meet the security needs of multi-channels in complex environments.
文献 [22] 基于双线性映射理论设计出能实现复杂通信场景认证的会话密钥,通过优化通信负载、减少交互环节实现低时延的认证协议,使可信中心(Trusted Center,TC)能够验证车辆的合法性或对其授权。
Documentation [22] Based on a dual-linear mapping theory, session keys are designed to achieve the certification of complex communications scenarios, enabling the Trusted Centre (TC) to verify the legitimacy or authorization of the vehicle by optimizing the communications load and reducing the interaction.
文献 [23] 提出了一个轻量级的自愈群密钥分配方案,该方案访问控制多项式和群密钥以指数的形式广播,并在广播消息中增加消息验证码,实现了群密钥的保密性和广播认证,利用滑动窗口机制恢复丢失的群会话密钥,缓解了通信开销,并针对车联网的子群和群间通信场景,提出子群自愈群密钥分配和安全群间通信方案,实现了子群之间的信息共享和信息保密。
The literature [23] proposes a lightweight self-repair key allocation programme, which controls multiple and group keys broadcast in index form and adds message authentication codes to broadcast messages, achieves the confidentiality and broadcasting authentication of group keys, restores lost group session keys using a slide window mechanism, eases communication costs, and sets up sub- and inter-group communication scenes for vehicle networking, presents a sub-reoval key allocation and secure inter-group communication programmes, and achieves information sharing and information confidentiality between sub-groups.
随着云计算和大数据技术的快速发展,为车辆提供的各种云服务不断出现,但通常不同的云服务产品由不同的服务器维护,在传统的单一服务注册机制中,用户使用任一服务前必须在相应服务提供商注册,凭账号和密码登录。但这需要用户记住在每个服务商处的账号信息才能通过相应系统的身份认证,这给用户带来了极大的困扰。因此,一般用户为了避免记住大量的账号和密码,通常在众多服务器中使用相同的账号和密码。
With the rapid development of cloud computing and big data technology, various cloud services for vehicles are emerging, but often different cloud service products are maintained by different servers. In the traditional single service registration mechanism, users must register with the appropriate service provider and log in by account number and password before using any service. This requires users to remember the account number information in each service provider in order to authenticate through the corresponding system, which creates serious problems for users. Therefore, in order to avoid remembering the large number and password of accounts, general users usually use the same account number and password in many servers.
然而,这产生了另外 2 个问题:
However, this raises two other questions:
如果某一服务器出现账户信息泄露,很可能导致用户在其他服务器上的信息泄露 [24];
If account information is leaked on a particular server, it is likely to result in disclosure of information from the user on other servers [24];
随着用户数量的急剧增加,每个服务器需要维护海量的账户信息,造成众多服务器在用户管理方面出现资源叠加浪费,也可能因此导致服务器性能瓶颈 [25]。
As the number of users increases dramatically, each server is required to maintain a large amount of account information, resulting in a waste of resources in user management for a large number of servers, which may also result in server performance bottlenecks [25].
区块链技术的去中心化、数据不可篡改等特点,可以使多个服务提供商共同维护一个账户信息账本,用户只需要记住该账本上的账户信息便可在多个服务器上完成身份认证,因此,汽车身份认证可以借鉴区块链技术。
Decentralization of block chain technology, data non-rotability, etc., allows multiple service providers to jointly maintain an account information book, and users simply need to remember the account information on the account book to complete identification on multiple servers, so vehicle identification can draw on block chain technology.
3. 区块链技术特点及应用场景
3. Technical characteristics and applications of block chains
3.1 区块链技术特点
区块链作为比特币系统的底层技术,主要包括对等网络(Peer-to-Peer,P2P)技术、分布式账本技术、非对称加密技术、公式机制技术和智能合约技术 [26-28]。区块链目前分为公有链、联盟链和私有链 [29],其共同特点是公开透明、不可篡改、可追溯、时间序列和加密等 [30],不同点在于去中心化的程度不同,共识机制和信任机制也不同。如图 1 所示,区块链系统由数据层、网络层、共识层、激励层、合约层和应用层组成 [31-32]。
Block chains are currently divided into public, union and private chains [29], with common features such as open transparency, non-falseability, traceability, time series and encryption [30], depending on the degree of decentralisation and the mechanisms of consensus and trust. As shown in figure 1, block chain systems consist of data layers, network layers, consensus layers, incentive layers, contract layers and application layers [31-32].
图 1 区块链技术的基础架构模型
图 1 中,
In figure 1,
数据层包含数据的加密、封装及区块的打包;
(a)
data layer containing encryption, encapsulation and packing of blocks; 网络层包含数据的传播、验证机制,如比特币系统中采用拜占庭算法保证数据传播的一致性;
network level contains data dissemination, validation mechanisms such as Byzantine algorithms in Bitcoin to ensure consistency in data dissemination;
共识层主要解决记账权问题,所有参与记账节点都通过共识机制选出一个记账节点,目前主要的共识机制有工作量证明(Proof-of-Work,PoW)、权益证明(Proof-of-Stake,PoS)、瑞波共识(Ripple Consensus)算法等 [33];
Consensus level mainly addresses the issue of rights to bookkeeping, and all participating nodes are selected through a consensus mechanism, with the main consensus mechanisms currently being certified workload (Proof-of-Work, PoW), Proof-of-Stake, PoS, Ripple Consensus algorithms, etc. [33];
激励层主要用于设计奖励机制,在比特币系统中,矿工记入一个有效区块时,系统会奖励一定的比特币作为奖励,此外还有该区块中所有的手续费作为奖励转给该矿工;
The
incentive layer is used primarily to design incentive mechanisms, and in the Bitcoin system, when miners are entered into a valid block, the system rewards a certain bitcoin as an incentive, in addition to all fees in the block being transferred to the miner as an incentive; 合约层主要包含各类脚本、算法和智能合约,满足合约的触发条件时,系统会自动执行合约中的内容;
The
contract layer contains, inter alia, various scripts, algorithms and smart contracts, the content of which is automatically enforced by the system when the trigger conditions of the contract are met; 应用层则封装了区块链的各种应用场景和案例。
application layers encapsulates the various application scenarios and cases of block chains.
3.2 区块链应用场景
区块链的特点使其可以应用到数字货币、数据存储、数据鉴证、金融交易、资产管理和选举投票等场景。目前,区块链技术主要应用在金融领域,如跨境支付、股权众筹等。近年,有学者提出区块链在物联网中的相关研究 [34-38],由于两者都具有去中心化、分布式的特点,基于这些特点,将区块链应用到物联网中可以解决传统中心化物联网管理方案的弊端,提高物联网的安全性:
The characteristics of the block chain make it possible to apply to digital money, data storage, data forensics, financial transactions, asset management and electoral voting. At present, block chain technology is mainly applied in the financial field, such as cross-border payments, equity fund-raising, etc. In recent years, scholars have suggested relevant research on block chains in object networking [34-38], and because both have decentralised and distributed features, the application of block chains in object networking can address the disadvantages of traditional centralized network management programmes and enhance the safety of the network:
文献 [39] 将 Dist Block Net 模型与软件定义网络(Software Defined Network,SDN)和区块链相结合,提出了一种基于 SDN 架构的分布式区块链安全物联网网络,在该网络中,系统能够自动适应危险环境。
The literature [39] combines the Dist Block Net model with the software definition network (Software Defined Network, SDN) and block chains and proposes a distributed block chain security network based on the SDN structure, in which the system can automatically adapt to hazardous environments.
文献 [40] 提出了一种基于区块链的固件更新方案,嵌入式设备要求在区块链网络节点得到固件是否最新的确定信息,它可以安全地检查固件版本,验证固件的正确性,并能够在物联网环境中下载最新的嵌入式设备固件。
The literature [40] proposes a consolidation update based on the block chain, where the embedded equipment requires up-to-date confirmation of whether the solid is up to date at the block chain network node, that it can safely check the solid version, verify the validity of the solid and be able to download the latest embedded device solid in the object network environment.
车联网作为物联网的一部分,国内外目前暂无车联网与区块链结合的相关研究,本文对区块链技术应用在车联网汽车身份认证方面进行研究和分析。
Car-networking as part of the object-networking, and a study on the integration of vehicle-connected networks with block chains at home and abroad, this paper examines and analyses the application of block-chain technology in the identification of vehicle-connected cars.
4. 基于区块链的车联网汽车身份认证
4. Car-networked car identification based on block chains
4.1 车联网区块链系统架构设计
汽车正在向智能化、无人驾驶的方向发展,对车辆进行管理,实现汽车安全行驶是车联网的重要课题 [41]。车联网属于物联网一部分,同样具有分布式、去中心化等特点,因此,区块链技术可以解决车联网去中心化管理、隐私保护等问题。
Cars are moving in the direction of intelligence, unmanned, vehicle management, and car safety is an important subject of car networking [41]. Car connectivity is part of the network of things, and is equally distributed and decentralized, so block chain technology can address issues such as car network centralization, privacy protection, etc.
图 2 车联网区块链系统架构
本文设计的车联网区块链系统架构如图 2 所示,将车、RSU、可信中心(云服务提供商)三者构建成一个区块网络,在该网络中车辆节点不承担数据计算工作,不参与工作量机制证明,只进行数据的加密和传输,把数据作为区块链交易向 RSU(或通信基站)进行传输,RSU(或通信基站)对接收到的数据进行验证,通过后将数据传送给可信中心,可信中心再根据共识机制选取其中一个中心进行记账,其余可信中心负责校验账本信息。
The structure of the Car Networked Block Chain System, which is designed here, is shown in figure 2 and consists of a network of vehicles, RSUs, credible centres (the cloud service provider), in which the vehicle nodes are not responsible for the computation of data, are not involved in the documentation of workload mechanisms, are only encrypted and transmitted data, are transmitted to RSU (or the communications base station) as a block chain transaction, are validated by RSU (or the communications base station) for the data received, are then transmitted to a credible centre, are then accounted for by one of the centres selected in accordance with the consensus mechanism, and the rest are responsible for verifying the bookbook information.
图 3 新节点加入的智能合约
设现有的主要汽车生产商、政府管理机构为创世节点。为了保证新加入节点(如新加入的汽车生产商、云服务提供商等)身份的真实性、可靠性,共识机制采用瑞波共识算法。记账节点对发起申请的节点身份资料进行审核,审核通过则进行签名,当签名数大于等于本系统中节点个数的 51% 时,系统自动认为该申请节点通过审核,将该节点加入记账节点,并记录到区块链中,否则此次申请请求无效,可有效防止恶意节点随意加入。新节点加入的智能合约设计如图 3 所示。
In order to ensure the authenticity and reliability of the identity of the newly added nodes (e.g., new car manufacturers, cloud service providers, etc.), the consensus mechanism uses the Ribo Consensus algorithm. The account nodes verify the identity of the node in which the application is launched, and the signature is signed when the signature is greater than 51% of the number of nodes in the system, the system automatically considers the application node to be cleared, added to the account node and recorded in the block chain, otherwise the application is invalid, effectively preventing the malicious node from being added.
图 4 区块链结构
本文区块链结构设计如图 4 所示,包括区块头和区块体两部分内容。
The structure of this block chain is designed as shown in Figure 4 and includes two parts: the head of the block and the body of the block.
4.2 基于区块链技术的汽车身份认证
图 5 集中式密钥分配方案
chart 5 Central key allocation
传统的 PKI 认证技术的密钥分配方案分为集中式和分散式两种,其中集中式密钥分配方案如图 5 所示,由一个可信的中心节点负责密钥的产生并分配给各通信方,其主要任务是数字证书的颁发和管理。
The traditional PKI authentication technology key allocation scheme is centralized and decentralized, with a centralized key allocation scheme, as shown in Figure 5, with a credible central node responsible for the generation of the key and assigned to the various communicators, whose main task is to issue and manage digital certificates.
图 6 改进的密钥分配方案
基于区块链的车联网汽车身份认证可在上述集中式密钥分配方案基础上进行改进。在图 2 所示的框架中,上层各云服务提供商通过共识机制,代替传统 PKI中的密钥分配中心(Key Distribution Center,KDC)进行数字证书的发放和管理,改进后的分配方案如图 6 所示,其中发起方 A 为 RSU,发起方 B 为汽车,创世节点和各服务商作为记账节点,各节点之间通过共识机制构成「1 个密钥分配中心」。
In the framework shown in figure 2, top-level cloud service providers use a consensus mechanism to replace the traditional Key Distribution Centre (KDC) in PKI for issuing and managing digital certificates, and the improved distribution scheme is shown in figure 6, where the initiator A is RSU, the initiator B is the car, the creation node and the service provider are the account nodes.
例如,汽车首先向具有记账权的云服务商提交注册申请,该服务商通过共识机制核实汽车身份后,自动产生包含汽车公钥的数字证书并记入自己的账本中,它包含汽车的真实身份,并证明汽车公钥的有效期和作用范围(交换密钥或数字签名),再将该信息通过 P2P 网络发送给其他服务商节点,其他服务商节点只要能验证证书的真实性,并信任所颁发证书的记账者身份,就将该条信息记录到自己的账本。这种方案可以避免用户多次在各服务器注册身份信息,同时也避免了集中式密钥分配带来的效率低、管理难等问题。
For example, a vehicle first submits a registration application to a cloud service provider with the right to bookkeeping, which automatically produces a digital certificate containing the car’s public key and records it in its own account book after verifying the identity of the vehicle through a consensus mechanism. It contains the true identity of the vehicle and proves the validity and scope of the vehicle’s public key (exchange keys or digital signatures), and then sends the information to other service provider nodes via the P2P network. Other service provider nodes record this information in their own books as long as they can verify the authenticity of the certificate and trust the identity of the account holder of the certificate issued.
车辆 B 向该系统注册的具体流程为:
Vehicle B The specific processes for registering with the system are:
B→KDC:E_PKDC(R1||M1),车辆 B 利用 KDC 的公钥 P_KDC 加密其注册时提交的信息 M1(包括唯一识别码 ID)和随机数 R1,并将加密结果发送给 KDC;
(a) BÇKDC: E_PKDC(R1M1), vehicle B encrypts the information submitted by KDC at the time of registration with P_KDC's public key M1 (including unique identifier ID) and random R1 and sends the encryption results to KDC;
KDC→B:E_R1(KB||PB),KDC 得到信息后,利用自己的私钥 K_KDC 进行解密,得到 R_1和 M_1,并对内容进行审核,若内容为真,则生成对应的公钥 P_B 和私钥 KB,并用随机数R1加密后发送给车辆 B。
KDC—B: E_R1 (KBPB), KDC obtained information, decrypted K_KDC using its own private key, obtained R_1 and M_1 and reviewed the content and, if true, generated the corresponding public key P_B and private key KB, encrypted with random R1 and sent to vehicle B.
其中,E 为加密函数。此时,车辆 B 的注册尚未完成,还需要同步至其他云服务提供商。
Of which, E is an encryption function. At this point, the registration of vehicle B has not yet been completed and it needs to be synchronized to other cloud service providers.
KDC 将信息发送给车辆B后,会将该注册信息写入记录,并广播给其他记账节点。区块链认证记录信息数据格式设置如表 1 所示。
When KDC sends information to vehicle B, the registration information is recorded and broadcast to other account nodes. Block chain authentication records data formats are set as shown in table 1.
表 1 记录信息的区块数据格式
table 1 Block data format for recording information
其他记账节点收到该条记录时,会对其中的内容进行检查,核实版本信息、认证者列表信息的真实性等,若信息正确,将该条信息发送给其他节点,同时放入记录队列等待打包计入账本区块中,否则丢弃该记录。
When the record is received at other account points, the contents are checked to verify the trueness of the version information, the authenticator's list information, etc., and, if the information is correct, the information is sent to other nodes, and placed in the record queue pending packing for entry into this block, or the record is discarded.
汽车身份认证分为汽车与云服务器之间的认证、汽车与 RSU 之间的认证和汽车与汽车之间的认证。汽车与云服务提供商(亦密钥分配中心)之间的认证流程为:
The certification process between the automobile and the cloud service provider (the key distribution centre) is as follows:
B→KDC:E_PKDC(P_B||M_1||R||time),车辆 B 向云服务提供商发送自己的公钥 PB和请求的服务内容 M1,并加随机数 R 和时间戳 time,利用对应服务商的公钥 PKDC加密这些内容,并发送出去;
(b) BKDC: E_PKDC (P_BM_1Rtime), vehicle B sends its public key PB and requested service content M1 to cloud service providers, plus random numbers of Rs and time stampes, encrypts the content using the public key PKDC of the counterpart service provider and sends it out;
KDC→B:E_PB(M_2||R),云服务提供商用私钥 K_KDC进行解密,判断时间戳time 是否正确,并利用 P_B 在区块链上查找该汽车的身份信息,若信息核实为真,则利用 P_B 加密返回服务内容 M_2 和随机数 R,否则丢弃。
KDCB: E_PB(M_2R) The cloud service provider decrypts the private key K_KDC to determine whether the time stamptime is correct and uses P_B to search for the car's identity on the block chain or, if the information is authentic, returns the service content M_2 and random R using P_B encryption, or discards it.
汽车与 RSU 之间的初始化认证流程为:
The initialization authentication process between the vehicle and RSU is as follows:
A→KDC:P_A||P_B||R_1,RSU 发送自己和车辆 B 的公钥 P_A、P_B 以及随机数 R_1 给 KDC;
(a) KDC: P_AP_BR_1, RSU sends the public key P_A, P_B and random R_1 to KDC;
KDC→A:E_PA[K_s||P_A||P_B||R_1||E_PB[K_s||P_A]],KDC 收到 2 个公钥,并在区块链上查找对应信息,若核实为真,则产生会话密钥 K_s,并将该次认证记录内容添加到区块中,发送给 RSU;
KDCÇA: E_PA [K_sP_AP_BR_1E_PB[K_sP_A], KDC receives 2 public keys and searches the corresponding information on the block chain and, if verified, produces the session key K_s and adds the content of the authentication record to the block and sends it to RSU;
A→B:EPB[K_s||P_A]||E_Ks[R_2],RSU 用私钥解密后得到会话密钥 K_s、P_B和 E_PB[K_s||P_A],此时完成了对车辆 B 的认证,用Ks加密随机数 R_2,一起发送给车辆 B;
(a) AXXXB: EPB [K_sP_A]E_Ks[R_2], RSU decrypted with a private key and obtained session keys K_s, P_B and E_PB [K_sP_A], at which time the authentication of vehicle B was completed and the random number R_2 encrypted with Ks was sent to vehicle B;
B→A:E_Ks[f(R2)],车辆 B 用自己的私钥解密得到 K_s 和 P_A,即完成了对 RSU 的认证。
BA: E_Ks[f (R2]], vehicle B was deciphered by K_s and P_A using its own private key, i.e. completed authentication of RSU.
汽车和 RSU 初始化认证后,得到两者之间的会话密钥 K_s,可设置 K_s 的有效时长,即每隔一定时间汽车和 RSU 更新一次 K_s。
After the initialization authentication of the automobile and RSU, the session key K_s is given to set the valid K_s duration, that is, to update the car and RSU every other time.
汽车与汽车之间的认证流程为:
The certification process between cars is as follows:
B→C:P_B||E_KB(M_1||R||time),汽车 B 向汽车 C 发送自己的公钥PB和用自己的私钥 K_B 加密的请求服务内容 M1、随机数 R 和当前时间戳 time;
BC: P_BE_KB(M_1Rtime), car B sends its public key PB to car C and its own private key K_B encrypted request service content M1, random R and current time stamp time;
C→B:P_C||E_KC(M_2||R),汽车 C 用汽车 B 的公钥 PB进行解密,得到 P_B、M1、随机数 R 和当前时间戳 time,并判断 P_B 和 time 是否正确,若正确,则利用自己的私钥 K_C 加密返回服务内容 M_2 和随机数 R,将公钥 P_C 一起发送给汽车 B,并将该次记录发送到区块链网络中,等待记账节点写入区块中,否则丢弃。
CB: P_CE_KC(M_2R), car C decrypts the PB using the public key of car B, obtains P_B, M1, random R and current time stamp and determines whether the P_B and time are correct and, if correct, uses its own private K_C encryption return service content M_2 and random R to send the public key P_C together to car B and send the record to the block chain network, waiting for the account node to be written into the block or discarded.
综上所述,区块链技术结合 PKI 认证机制可以解决车联网中汽车与服务器和 RSU 的身份认证问题,同时也解决了用户账号管理问题,可以实现同一账号多处登录。此外,区块链自带的加密技术可用于对汽车身份信息的加密,防止用户信息泄露。总的来说,应用区块链技术可以解决车联网中多服务系统的身份认证问题和身份假冒问题。
In general, the application of block chain technology can solve the problem of the identification of vehicles and servers and RSU in the car network, as well as the problem of user account management, which allows multiple login of the same account number. In addition, the encryption technology attached to the block chain can be used to encrypt car identification information and prevent the disclosure of user information. In general, the application of block chain technology can solve the problem of the identification of multiple service systems in the car network and the problem of identity counterfeiting.
5. 结束语
5. Concluding remarks
目前,区块链技术多应用于金融领域,现有的区块链数据结构不能直接应用在车联网中,本文研究了基于区块链技术的车联网汽车身份认证的可行性,总结了现有的车联网认证方案,分析其各自的特点和不足,结合区块链技术特点设计出车联网区块链系统架构和相关区块链结构、完成节点加入的相关智能合约,在该框架上结合现有的 PKI 认证机制提出了新的修改思路,完成车辆的注册、汽车与汽车、服务器和 RSU 相关认证功能,为车联网区块链技术的后续研究提供参考。
Currently, block chain technology is mostly applied in the financial sector, and existing block chain data structures cannot be applied directly in the car network. This paper examines the feasibility of vehicle-connected vehicle identification, based on block-chain technology. It summarizes the existing car-networking certification programmes, analyses their respective characteristics and deficiencies, designs the structure of the car-connected block-link system and related smart contracts for the associated block-chain structure, completes node additions, and proposes new modifications in the framework in conjunction with the existing PKI certification mechanism, completes vehicle registration, vehicle-to-car, server- and RSU-related certification functions, and provides a reference for subsequent research on vehicle-connected block-link technology.
将区块链技术应用于车联网汽车身份认证,还需要解决汽车认证中的隐私保护问题。每个汽车在区块链网络中只拥有唯一的公钥 P 和对应的私钥K,虽然本文采用联盟链,对加入的记账节点进行严格审查,以确保账本的机密性,但汽车在认证或提供服务时,需要暴露自己的公钥 P,存在位置跟踪的危险,如何保护汽车公钥P,是解决隐私保护问题的首要任务。
Applying block chain technology to car-connected car identification also requires addressing privacy protection issues in automobile certification. Each vehicle has only one public key P in the block chain network and its corresponding private key K. While using a federal chain, the added account nodes are scrutinized to ensure the confidentiality of the accounts, vehicles need to expose their public key P in authentication or service provision, there is a risk of location tracking, and how to protect public car key P is the first priority in addressing privacy protection issues.
此外,由于汽车数量多,通信频繁,因此对身份认证的请求次数较多,建立高效的、快速的共识机制是必然选择,不过随着区块链技术的快速发展,交易处理速度不断加快,目前可达到每秒处理百万笔交易,未来,更多针对车联网的研究将满足更多场景的需求。
In addition, given the large number of vehicles and the frequency of communications, the number of requests for identification is high, and the establishment of an efficient and rapid consensus mechanism is an inevitable option, although with the rapid development of block chain technology, transaction processing has accelerated and now reaches millions of transactions per second, and in the future more research on vehicle connectivity will meet the need for more scenarios.
参考文献
References
编辑整理:厚势分析师盖布林
Edition: Geblin, Thick Analyst
转载请注明来自厚势和厚势公号:iHoushi
Please indicate if you are from a thick and thick sign: iHouchi
-END-
文章精选
Select Article
企业家
马斯克和贾跃亭 |福特CEO下台|正道汽车仰融
Mask and Jajoutin.
任正非裁员|电池大牛凯尔提离开特斯拉
Let's get rid of Tesla.
智能驾驶
Smart Driving >/strang
BBC自动驾驶纪录片
BBC Auto-Driving Documentary
为什么说百度阿波罗画虎不成反类犬?
Why do you say that Pado Apollo is not an anti-dog?
基于集成式电子液压制动系统的横摆稳定性控制策略研究
Study of horizontal stability control strategies based on integrated electronic fluid suppression systems
车载以太网的研究与分析
Research and analysis on Ethernet
上海交大:汽车线控转向系统研究进展综述
Shanghai: An overview of the progress of research on the transfer of car lines to the system
新能源汽车
New Energy Vehicle
全国50个新能源汽车项目大盘点
A major inventory of 50 new energy automobile projects across the country
锂电池发展趋势|中国汽车产业电动化进程
Lithium battery development trends..................................................................................................................................
苹果收购特斯拉?|丰田和特斯拉决裂
Apple buys Tesla Toyota and Tesla splits.
我国电动汽车动力电池回收利用问题剖析及对策建议
Our proposal for an analysis of and response to the recycling of electric car-powered batteries
2017年电动物流车行业分析
Analysis of the electric animal drifting industry in 2017
李骏院士:氢燃料电池汽车——汽车动力的革命
Li Jianxian: Hydrogen Fuel Cell Vehicle - Automotive Revolution
项目和评论
Item
以色列最强10家自动驾驶创业公司
Israel's top 10 autopilot start-ups
37个汽车分时项目盘点|百度投资蔚来汽车
Thirty-seven car-hours projects to take stock of cars with 100% investment.
马化腾或为共享单车最大赢家|汽车产业3大趋势
Main trends in the motor vehicle industry, or the largest single-car winner of shared bicycles
Momenta获\$4000万B轮
Momenta got $40 million in B wheels.
百度系自动驾驶初创公司 Pony.ai 的突围之路
The 100-degree autopilot route to Pony.ai.
这些大神从Google出走,创办了五家(命运各异的)无人车公司
These great gods ran away from Google and founded five unmanned vehicle companies.
无需基础知识,理解自动驾驶高精度行车定位技术
There is no need for basic knowledge to understand auto-drive high-precision locator technology
厚
Huge
势
Position
汽
Gas.
车
Car
为您对接资本和产业
新能源汽车 自动驾驶 车联网
New Energy Car Auto-Driving Network
联系邮箱
Contact Mailbox
sasa@ihoushi.com
点击阅读原文,查看文章「自动驾驶汽车运行安全性测试评价体系研究」
Click on to read the original text to view the article "Study of the Safety Test Evaluation System for Auto-Driving Motors"
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论