CN103338444B - Vehicle location privacy protection method in vehicle ad hoc network - Google Patents

Abstract

The invention discloses a kind of vehicle position privacy protection method of vehicular ad hoc network; First the privacy model of the current location privacy for assessment of different vehicle is set, for reflecting reputation model and the Mixed Zone criterion of the degree of cooperation of Current vehicle; Any vehicle in vehicular ad hoc network, according to send pseudo-name request vehicle i current fame and in the Mixed Zone of vehicle i, whether determine whether that cooperation is changed pseudo-name and protected vehicle i from car; And can according to from the current location privacy of car, pseudo-name dynamic conditioning remaining time from the fame of car.The present invention has while the current location of satisfied protection vehicle requires, significantly can reduce energy expense; More vehicles participate in the change of pseudo-name, the feature that the location privacy fail safe of vehicular wireless network is higher.

Description

Vehicle location privacy protection method in vehicle ad hoc network

technical field

The present invention relates to the field of wireless communication technology, in particular to a vehicle location privacy protection for a vehicle ad hoc network that can effectively protect the location privacy of vehicles; can encourage more vehicles to participate in pseudonym changes, thereby significantly improving the location privacy security of the network method.

Background technique

With the rapid development of key technologies such as wireless communication technology, on-board embedded computing, and various on-board sensors, Vehicular ad hoc network (VANET) is considered to be a very large-scale mobile ad hoc network with high practicality. The vehicle-mounted ad hoc network is a safe, fast, effective, and open-structured vehicle-to-vehicle communication intelligent transportation system composed of vehicles and vehicles, vehicles and roadside units (Roadside Units, RSUs), which can realize accident warning, assisted driving, etc. application. For example, in the application of accident warning, the driver can rely on vehicle communication to obtain the vehicle conditions of other vehicles (such as vehicle speed, direction, position, brake pedal pressure, etc.) Make vehicle traffic safer and faster. Due to its broad application prospects and huge social and economic benefits, VANET has been highly valued by governments, academia and industry.

However, in vehicle ad hoc network accident warning and assisted driving applications, vehicles need to broadcast heartbeat messages frequently. These heartbeat messages include position, time, direction, speed, acceleration/deceleration and other information. Attackers can use these heartbeat messages to track interested vehicles or restore their driving trajectories, seriously endangering people's privacy.

Although anonymous heartbeat messages can be sent with the help of pseudonym technology, global attackers can still use the spatiotemporal correlation between position, time, and speed to link these messages to obtain the location privacy of the target vehicle. Some scholars use the mixed zone (Mix-zone) to solve the location privacy problem, the idea is that all vehicles change their pseudonyms before leaving the mixed zone. If the mixing area is large, the vehicle needs to wait at least a long time before sending a heartbeat message. If the mixing area is small, it is easy for an attacker to guess the association between location and pseudonym. Scholars such as Sampigethaya proposed a proxy communication strategy, that is, a communication group is formed between adjacent vehicles, and the group leader issues heartbeat messages on behalf of the group members. Due to the fast driving of the vehicle and the great change of members in the group, this method requires very high query processing time and communication time. Scholars such as Carianha proposed to deploy encrypted mixed areas established by RSUs in areas with dense vehicles. When the vehicle is in a mixed area, all communications must be encrypted. However, the mixed area position is pre-fixed, and if the vehicle's old alias lifetime expires, the vehicle may be outside the mixed area.

In view of the disadvantages of the above-mentioned mixed areas, some scholars have proposed a dynamic mixed area location privacy protection method, that is, the vehicle dynamically establishes a mixed area according to its own privacy requirements. For example, when the pseudonym is about to expire or the location privacy is low, the vehicle automatically establishes a dynamic mixed area and requires all vehicles in the mixed area to change the pseudonym. Because in the mixed area, changing the pseudonym will lose a pseudonym certificate and generate additional energy costs, some selfish vehicles can choose not to cooperate, that is, not to change the pseudonym to maximize their own interests. If there is no correct and effective incentive and punishment mechanism in the system, selfish vehicles will consider maximizing their own privacy and will not actively change their pseudonyms. For a vehicle whose pseudonym is about to expire, the pseudonym must be changed in the mixed area. If other vehicles choose not to cooperate, the attacker can easily speculate the mapping relationship between the old and new pseudonyms of the vehicle.

Chinese Patent Authorized Publication No.: CN101720059A, authorized public date on June 2, 2010, discloses a method for realizing routing of a vehicle-mounted mobile ad-hoc network, including the following steps: setting nodes at each intersection, and when the source node forwards data packets , it can forward the data packet to the node closer to the destination node at one end of the road segment where it is located; when the node forwards the data packet, it first judges whether there is a node closer to the destination node in the neighbor list, and if so, directly forwards the data packet to the corresponding node Otherwise, according to the section selection algorithm, select the adjacent section that is not the section that just received the data packet, and the section direction is close to the destination node, and then designate the other end node on the selected section as the section receiving node; the routing node receives the data packet from different sections When the same data packet is sent from the same source node, an optimal path with a higher success rate of receiving data packets and a shorter delay time is selected, and those non-optimal receiving paths are disabled at the same time. The disadvantage is that the function is single and there is no location privacy protection function.

Contents of the invention

The present invention aims to overcome the problems caused by selfish vehicles not cooperating in the location privacy protection process of the vehicle-mounted ad hoc network in the prior art, resulting in a decrease in vehicle location privacy security; or vehicles in the vehicle-mounted ad hoc network frequently changing pseudonyms The lack of increased energy consumption provides a vehicle location privacy protection method for vehicle ad hoc networks that can effectively protect the location privacy of vehicles; can encourage more vehicles to participate in pseudonym changes, thereby significantly improving the location privacy security of the network.

In order to achieve the above object, the present invention adopts the following technical solutions:

A vehicle location privacy protection method for a vehicle-mounted ad hoc network, the vehicle-mounted ad hoc network uses a terminal installed on a vehicle as a mobile node, and the terminal includes a wireless transceiver module, a microprocessor, and a memory; the mobile node communicates with several A vehicle-mounted server is wirelessly connected, and the vehicle-mounted server and the control server are connected wirelessly or wiredly; including the following steps:

(1-1) There is a mixed area criterion for vehicle i in the vehicle server, and the mixed area criterion is that there are at least Vehicle; where, i is the serial number of any vehicle in the vehicle ad hoc network; kΔT-Δt≤t<(k+1)ΔT; ΔT is the life cycle of the pseudonym, Δt is the change threshold of the pseudonym; P _chp is the probability of changing the pseudonym of each vehicle in the mixed area, and DL _i (t) is The set vehicle location privacy threshold; k is the number of pseudonym changes;

Determined by DL _i (t) and P _chp , for example: DL _i (t) = 2, P _chp = 0.5, then The value of is related to the reputation value of vehicle i, the reputation value of vehicles in the mixed area of vehicle i, and the location privacy.

The location privacy model in the terminal is:

$B_i\left(t\right)=\left\{\begin{array}{cc}{A}_i^k,& (k-1)\mathrm{\&Delta;T}\&le;t<(k+1)\mathrm{\&Delta;T}-\mathrm{\&Delta;t}\\ 0,& \mathrm{k\&Delta;T}-\mathrm{\&Delta;t}\&le;t<(k+1)\mathrm{\&Delta;T}\end{array}\right.,$ in is the location privacy level, α is the old pseudonym serial number of vehicle i, b is the new pseudonym serial number of vehicle i; is the total number of vehicles whose pseudonyms have been changed in the mixed area; B _i (t) is location privacy, and P _a→b is the probability that vehicle i’s old pseudonym serial number α is replaced with a new pseudonym serial number b;

With the reputation model inside the terminal: $R_i^k=\underset{j=1}{\overset{k}{\mathrm{\&Sigma;}}}\frac{-\underset{b=1}{\overset{N_i^j}{\mathrm{\&Sigma;}}}{P}_{a\&Right\; Arrow;b}{\log }_2{P}_{a\&Right\; Arrow;b}}{-\underset{b=1}{\overset{{\mathrm{NT}}_i^j}{\mathrm{\&Sigma;}}}{P}_{a\&Right\; Arrow;b}{\log }_2{P}_{a\&Right\; Arrow;b}},$ is the prestige value of vehicle i after changing the pseudonym for k times; is the total number of vehicles in the mixed area; set the reputation threshold as DR _i (t);

(1-2) Before vehicle i enters the vehicle ad hoc network for the first time, it registers with the control server to obtain a public-private key pair and a certificate corresponding to the public-private key pair; set the initial reputation value of vehicle i to 0 , the initial location privacy of vehicle i is 2;

(1-3) The microprocessor of vehicle i calculates the remaining time of the fake name of vehicle i when Vehicle i sends an encrypted pseudonym request message RNP to the vehicle server;

(1-4) After receiving the pseudonym request message RNP, the vehicle-mounted server establishes the mixed area of vehicle i according to the mixed area establishment criterion, and the vehicle-mounted server broadcasts the encrypted command message COMMAND;

(1-5) Set other vehicles other than vehicle i in the vehicle ad hoc network as vehicle j, when vehicle j receives the command message COMMAND, the microprocessor of vehicle j will mix the received command message COMMAND The area size and location information are compared with the location of the self-vehicle. When the vehicle j falls in the mixed area of the vehicle i, the vehicle j broadcasts the command message COMMAND; when Then the pseudonym of vehicle j is changed; the microprocessor of vehicle j uses the reputation model to calculate its reputation value The microprocessor of vehicle j calculates the location privacy B _j (t) of vehicle j, and puts and B _j (t) are stored in the memory of vehicle j;

(1-6) When vehicle j falls in the mixing area of vehicle i, and and the current reputation value of vehicle j Then vehicle j changes its pseudonym; when vehicle j falls in the mixed area of vehicle i, and And vehicle j's location privacy B _j (t)<DL _j (t), then vehicle j changes the pseudonym; the microprocessor of vehicle j calculates the reputation value of vehicle j and location privacy B _j (t), and put and B _j (t) are stored in the memory of vehicle j;

(1-7) When the vehicle j receives the command message COMMAND and the vehicle j is not in the mixed area of the vehicle i, the vehicle j discards the command message COMMAND.

Since in the mixed area, changing the pseudonym will lose a pseudonym certificate and generate additional energy costs, for selfish vehicles, they can choose not to cooperate or change the pseudonym to maximize their own interests. If the system lacks a correct and effective incentive and punishment mechanism, selfish vehicles will consider maximizing their own privacy and will not actively change their pseudonyms. For vehicles whose pseudonym is about to expire, the pseudonym must be changed in the mixed area. If other vehicles choose not to cooperate, the attacker can easily speculate the mapping relationship between the new and old pseudonyms of the vehicle.

Aiming at the above problems, the present invention firstly sets up a privacy model for evaluating the current location privacy of different vehicles, a reputation model and a mixed area criterion for reflecting the cooperation degree of the current vehicle.

Any vehicle in the vehicle-mounted ad hoc network of the present invention decides whether to cooperate to change the pseudonym to protect vehicle i according to the current reputation value of the vehicle i that sends the pseudonym request and whether the self-vehicle is in the mixed area of vehicle i; The current location privacy of the own car and the remaining time of the pseudonym dynamically adjust the reputation value of the own car.

The simulation results show that the location privacy protection method of the vehicle ad hoc network of the present invention can significantly reduce the energy consumption while meeting the requirement of protecting the current location privacy of the vehicle. At the same time, due to the introduction of the reputation value, more vehicles participate in the pseudonym change, thereby improving the security of the location privacy of the entire vehicle ad hoc network.

As preferably, step (1-4) also includes the following steps:

When the vehicle-mounted server receives the pseudonym request message RNP of vehicle i, and then receives the pseudonym request message RNP sent by vehicle j and vehicle j is in the mixed area of vehicle i, the vehicle-mounted server will receive the pseudonym request message RNP of vehicle j The pseudonym request packet is discarded by RNP.

As preferably, the pseudonym request message RNP in described step (1-3) comprises the remaining time of current pseudonym New alias, prestige value Reputation value threshold DR _i (t), current location and vehicle speed.

Preferably, the command message COMMAND in the step (1-4) includes the location of the mixing area of vehicle i, the size of the mixing area, the time when the vehicle changed its pseudonym, and the reputation value and reputation value threshold DR _i (t).

Preferably, the pseudonym request message RNP in the step (1-3) is encrypted using a broadcast encryption method.

Preferably, the message COMMAND in the step (1-4) is encrypted using a broadcast encryption method.

Preferably, ΔT is from 5 minutes to 30 minutes.

Preferably, Δt is from 1 second to 45 seconds.

Therefore, the present invention has the following beneficial effects: (1) while meeting the requirements of protecting the current position of the vehicle, energy consumption can be significantly reduced; (2) more vehicles participate in the change of pseudonym, and the location privacy security of the vehicle wireless network is higher .

Description of drawings

Fig. 1 is a kind of location privacy model figure of vehicle i of the present invention;

Fig. 2 is a kind of flowchart of the present invention;

Fig. 3 is the average location privacy of the present invention and pseudonym life cycle ΔT relation figure;

Fig. 4 is a graph showing the relationship between average energy expenditure and pseudo-name life cycle ΔT;

Fig. 5 is a graph showing the relationship between the average energy cost and the location privacy threshold;

Figure 6 is a graph showing the relationship between average location privacy and reputation threshold.

Detailed ways

The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

The embodiment as shown in Fig. 2 is a vehicle position privacy protection method of a vehicular ad hoc network. The vehicular ad hoc network uses a terminal installed on a car as a mobile node, and the terminal includes a wireless transceiver module, a microprocessor and a memory; The processor is electrically connected to the wireless transceiver module and the memory respectively; the mobile node is wirelessly connected to four vehicle-mounted servers, and the vehicle-mounted server and the control server are connected wirelessly; including the following steps:

Step 100, the mixed area criterion of vehicle i is set in the on-board server as that there are at least Vehicle; where, i is the serial number of any vehicle in the vehicle ad hoc network; The value range of is: kΔT-Δt≤t<(k+1)ΔT; ΔT=25 minutes, Δt=0.5 minutes; P _chp =0.5, DL _i (t)=2.0; k=50;

There is a location privacy model shown in Figure 1 in the terminal, and the location privacy model is:

$B_i\left(t\right)=\left\{\begin{array}{cc}{A}_i^k,& (k-1)\mathrm{\&Delta;T}\&le;t<(k+1)\mathrm{\&Delta;T}-\mathrm{\&Delta;t}\\ 0,& \mathrm{k\&Delta;T}-\mathrm{\&Delta;t}\&le;t<(k+1)\mathrm{\&Delta;T}\end{array}\right.,$ in is the location privacy level, α is the old pseudonym serial number of vehicle i, b is the new pseudonym serial number of vehicle i; is the total number of vehicles whose pseudonyms have been changed in the mixed area; B _i (t) is location privacy, and P _a→b is the probability that vehicle i’s old pseudonym serial number α is replaced by a new pseudonym serial number b; for example, before vehicle i enters the mixed area The pseudo-name serial number of vehicle i is α, there are 3 vehicles in the mixed area changed to new pseudo-names, and their new pseudo-name serial numbers are b, c, and d respectively, and the new pseudo-name serial number of vehicle i may be one of b, c, and d ; P _a→b = 1/3; B _i (t) value and t, k, relevant;

With the reputation model inside the terminal: $R_i^k=\underset{j=1}{\overset{k}{\mathrm{\&Sigma;}}}\frac{-\underset{b=1}{\overset{N_i^j}{\mathrm{\&Sigma;}}}{P}_{a\&Right\; Arrow;b}{\log }_2{P}_{a\&Right\; Arrow;b}}{-\underset{b=1}{\overset{{\mathrm{NT}}_i^j}{\mathrm{\&Sigma;}}}{P}_{a\&Right\; Arrow;b}{\log }_2{P}_{a\&Right\; Arrow;b}},$ is the prestige value of vehicle i after changing the pseudonym for k times; is the total number of vehicles in the mixed area; set the reputation threshold as DR _i (t) is 2.0;

Step 200, before the vehicle i enters the vehicle-mounted ad hoc network for the first time, register with the control server to obtain a public-private key pair and a certificate corresponding to the public-private key pair; set the initial reputation value of vehicle i to 0, and the vehicle i The initial location privacy of i is 2;

Step 300, the microprocessor of vehicle i calculates the remaining time of the false name of vehicle i when Vehicle i sends an encrypted pseudonym request message RNP to the vehicle server;

Step 400, after receiving the pseudonym request message RNP, the vehicle-mounted server establishes the hybrid zone of vehicle i according to the mixed zone establishment criterion, and the vehicle-mounted server broadcasts the encrypted command message COMMAND; the pseudonym request message RNP includes the remainder of the current pseudonym time New alias, prestige value Reputation value threshold DR _i (t), current location and vehicle speed.

Step 500, setting other vehicles other than vehicle i in the vehicle ad-hoc network as vehicle j, when vehicle j receives the command message COMMAND, the microprocessor of vehicle j converts the mixed area size in the received command message COMMAND and location information are compared with the location of the self-vehicle. When vehicle j falls in the mixed area of vehicle i, vehicle j broadcasts the command message COMMAND; when Then the pseudonym of vehicle j is changed; the microprocessor of vehicle j uses the reputation model to calculate its reputation value The microprocessor of vehicle j calculates the location privacy B _j (t) of vehicle j, and puts and B _j (t) are stored in the memory of vehicle j;

The command message COMMAND includes the position of the mixed area of vehicle i, the size of the mixed area, the time when the vehicle changed its pseudonym, and the reputation value and reputation value threshold DR _i (t).

Step 600, when vehicle j falls in the mixed area of vehicle i, and and the current reputation value of vehicle j Then vehicle j changes its pseudonym; when vehicle j falls in the mixed area of vehicle i, and And vehicle j's location privacy B _j (t)<DL _j (t), then vehicle j changes the pseudonym; the microprocessor of vehicle j calculates the reputation value of vehicle j and location privacy B _j (t), and put and B _j (t) are stored in the memory of vehicle j;

Step 700, when vehicle j receives the command message COMMAND and vehicle j is not in the mixed area of vehicle i, then vehicle j discards the command message COMMAND.

The following are the simulation test results:

The configuration of the simulation experiment is shown in Table 1. The vehicle runs on a 2-lane suburban road, the vehicle speed is limited to 40 km/h to 80 km/h, the communication radius of the vehicle is 250 meters, and Δt is 0.5 minutes.

Table 1 Experimental parameter configuration

parameter value Lane 2 lanes lane width 3.5 meters Minimum safe driving distance 5 meters Driving speed [40 km/h 80 km/h] Vehicle Communication Radius 250 meters Send an RNP energy cost 1mJ Energy cost of changing pseudonym once 0.1mJ Δt 0.5 seconds k 50

Figure 3 shows the relationship between the average location privacy of a vehicle and the pseudonym lifetime ΔT. Among them, the Swap method is that when the location privacy of a certain vehicle is less than the location privacy threshold or the remaining time of the pseudonym is less than Δt, the vehicle enters the process of changing the pseudonym.

The Non-Reputation method is that if the location privacy of a vehicle in the mixed area meets the location privacy threshold, the vehicle will not change its pseudonym. In this embodiment, the location privacy threshold DL _i (t) is log ₂ (5), and the reputation threshold DR _i (t) is 2.0.

It can be seen from Fig. 3 that the location privacy of the present invention and the Swap method is higher than the location privacy threshold log ₂ (5), while the location privacy value of the Non-Reputation method remains at 2.3. The reason is: in the Non-Reputation method, once the selfish vehicle meets the location privacy threshold, the pseudonym will not be changed, so that the location privacy value of vehicle i decreases, resulting in a decrease in the average location privacy of the entire system.

In addition, it can be seen from Figure 3 that the life cycle of the pseudonym has little effect on the average location privacy, the reason is that if the remaining time of the pseudonym All vehicles have changed pseudonyms.

Figure 4 shows the relationship between the average energy cost of the system and the pseudonym lifetime. Among them, the location privacy threshold DL _i (t) is log ₂ (5), and the reputation threshold of DR _i (t) is 2.0.

It can be seen from Fig. 4 that the energy expenditure of the present invention is about 2.5mJ, while that of the Swap method is about 37mJ, the main reason being that compared with the Swap method, the present invention reduces the number of pseudonym changes. Compared with the present invention, the Non-Reputation method causes more vehicles to send RNP messages due to low average location privacy, resulting in greater energy consumption than the present invention.

Table 2 presents the average location privacy of the three methods with different location privacy thresholds. Compared with the Swap method, the average location privacy of the present invention is low because the selfish vehicle does not actively change the pseudonym, but the present invention can meet the location privacy threshold of the vehicle. Compared with the Non-Reputation method, the present invention increases the average location privacy due to the introduction of reputation incentives.

Table 2 Relationship between average location privacy and threshold

Figure 5 shows the relationship between the average energy cost and the location privacy threshold. It can be seen from Figure 5 that the average energy cost of the present invention and the Non-Reputation method increases with the increase of the location privacy threshold, while the Swap method is the opposite. The reason is as follows: when the mixed area is small, it is difficult for the vehicle to reach the position privacy threshold in the Swap method and thus continuously send RNP messages to request to enter the process of changing the pseudonym; and in the present invention and the Non-Reputation method, due to part of the vehicles changing the pseudonym in the mixed area As the location privacy threshold increases, more vehicles need to change their pseudonyms to meet the location privacy threshold.

Figure 6 presents the relationship between average location privacy and reputation threshold.

It can be seen from Fig. 6 that as the reputation threshold increases, the average location privacy of the present invention also increases. This is mainly due to the increase of the prestige threshold, resulting in more vehicles needing to change their pseudonyms to improve their own prestige value.

It should be understood that this embodiment is only used to illustrate the present invention but not to limit the scope of the present invention. In addition, it should be understood that after reading the teachings of the present invention, those skilled in the art can make various changes or modifications to the present invention, and these equivalent forms also fall within the scope defined by the appended claims of the present application.

Claims (8)

1. a vehicle position privacy protection method for vehicular ad hoc network, described vehicular ad hoc network is using the terminal be located on automobile as mobile node, and described terminal comprises radio receiving transmitting module, microprocessor and memory; Described mobile node and several onboard servers wireless connections, onboard servers and Control Server wirelessly or wired mode be connected; It is characterized in that, comprise the steps:

(1-1) in onboard servers, be provided with the Mixed Zone criterion of vehicle i, Mixed Zone criterion is have at least in the Mixed Zone of vehicle i car; Wherein, i is the numbering of any one vehicle in vehicular ad hoc network; k Δ T-Δ t≤t < (k+1) Δ T; Δ T is the life cycle of pseudo-name, and Δ t is the change threshold value of pseudo-name; P _chpfor in Mixed Zone, the probability of pseudo-name changed by each car, DL _it () is the vehicle location privacy threshold value of setting; K is pseudo-name change number of times;

In terminal, be provided with location privacy model is:

$B_i\left(t\right)=\left\{\begin{array}{cc}{A}_i^k,& (k-1)\mathrm{\&Delta;T}\&le;t<(k+1)\mathrm{\&Delta;T}-\mathrm{\&Delta;t}\\ 0,& \mathrm{k\&Delta;T}-\mathrm{\&Delta;t}\&le;t<(k+1)\mathrm{\&Delta;T}\end{array}\right.,$ Wherein for location privacy grade, a is the old pseudo-name sequence number of vehicle i, and b is the new pseudo-name sequence number of vehicle i; for changing the vehicle fleet of pseudo-name in Mixed Zone; B _it () is location privacy, P _{a → b}for the old pseudo-name sequence number a of vehicle i is replaced by the probability of new pseudo-name sequence number b;

Reputation model is provided with in terminal: $R_i^k=\underset{j=1}{\overset{k}{\mathrm{\&Sigma;}}}\frac{-\underset{b=1}{\overset{N_i^j}{\mathrm{\&Sigma;}}}{P}_{a\&RightArrow;b}{\log }_2{P}_{a\&RightArrow;b}}{-\underset{b=1}{\overset{{{\mathrm{NT}}_i}^j}{\mathrm{\&Sigma;}}}{P}_{a\&RightArrow;b}{\log }_2{P}_{a\&RightArrow;b}},$ for after k the pseudo-name of change, the fame of vehicle i; NT _i ^jfor vehicle fleet in Mixed Zone; Setting fame threshold value is DR _i(t);

(1-2) before vehicle i enters vehicular ad hoc network first, public, private key pair is obtained to Control Server registration, with public affairs, private key to corresponding certificate; The initial fame of setting vehicle i is 0, and the initial position privacy of vehicle i is 2;

(1-3) microprocessor of vehicle i calculates the pseudo-name remaining time of vehicle i when vehicle i sends the pseudo-name request message RNP after an encryption to onboard servers;

(1-4) after receiving pseudo-name request message RNP, onboard servers sets up according to Mixed Zone the Mixed Zone that criterion sets up vehicle i, the command message COMMAND after onboard servers broadcast enciphering;

(1-5) other vehicle set outside the vehicle i in vehicle self-organizing network is vehicle j, when vehicle j receives orders message COMMAND, the microprocessor of vehicle j is by Mixed Zone size and location information in the command message COMMAND received and compare from car present position, when in the Mixed Zone that vehicle j drops on vehicle i, vehicle j broadcasting command message COMMAND; When then vehicle j changes pseudo-name; The microprocessor of vehicle j utilizes reputation model to calculate its fame the microprocessor of vehicle j calculates the location privacy B of vehicle j _j(t), and handle and B _jt () is stored in the memory of vehicle j;

(1-6) when in the Mixed Zone that vehicle j drops on vehicle i and and the current fame of vehicle j then vehicle j changes pseudo-name; When in the Mixed Zone that vehicle j drops on vehicle i and and the location privacy B of vehicle j _j(t) < DL _j(t), then vehicle j changes pseudo-name; The microprocessor of vehicle j calculates the fame of vehicle j with location privacy B _j(t), and handle and B _jt () is stored in the memory of vehicle j;

(1-7) when vehicle j receives orders message COMMAND and vehicle j not in the Mixed Zone of vehicle i, then command message COMMAND abandons by vehicle j.

2. the vehicle position privacy protection method of vehicular ad hoc network according to claim 1, is characterized in that, step (1-4) also comprises the steps:

After onboard servers receives the pseudo-name request message RNP of vehicle i, receive again the pseudo-name request message RNP that vehicle j sends, and vehicle j is in the Mixed Zone of vehicle i, then the pseudo-name request message RNP of the vehicle j received abandons by onboard servers.

3. the vehicle position privacy protection method of vehicular ad hoc network according to claim 1, is characterized in that, the pseudo-name request message RNP in described step (1-3) comprises the remaining time of current pseudo-name new pseudo-name, fame fame threshold DR _i(t), current location and the speed of a motor vehicle.

4. the vehicle position privacy protection method of vehicular ad hoc network according to claim 1; it is characterized in that, the command message COMMAND in described step (1-4) comprises the position, Mixed Zone of vehicle i, pseudo-name changed by Mixed Zone size, vehicle time, fame with fame threshold DR _i(t).

5. the vehicle position privacy protection method of vehicular ad hoc network according to claim 1, is characterized in that, the pseudo-name request message RNP in described step (1-3) adopts broadcast encryption method encryption.

6. the vehicle position privacy protection method of vehicular ad hoc network according to claim 1, is characterized in that, the message COMMAND in described step (1-4) adopts broadcast encryption method encryption.

7. the vehicle position privacy protection method of the vehicular ad hoc network according to claim 1 or 2 or 3 or 4 or 5 or 6, it is characterized in that, Δ T is 5 minutes to 30 minutes.

8. the vehicle position privacy protection method of the vehicular ad hoc network according to claim 1 or 2 or 3 or 4 or 5 or 6, it is characterized in that, Δ t is 1 second to 45 seconds.