CN117979284A - Message encryption transmission method and transmission device - Google Patents

Abstract

The present application relates to the field of information security technology, and provides a message encryption transmission method and transmission device. When a vehicle transmits a message to a verification unit, the method uses a first key generated by a subscribed user server, a second key generated by a trusted unit, and a pseudonym generated by the vehicle to digitally sign the message, thereby realizing the combination of a digital certificate signature algorithm and an encryption algorithm for identity authentication, which can not only ensure the security of identity information, but also significantly reduce the computational overhead and communication overhead of the message, and can achieve privacy protection on the basis of ensuring the integrity and real-time nature of the message, and ensure the non-repudiation and non-linkability of the message.

Description

Message encryption transmission method and transmission device

Technical Field

The present application relates to the field of information security technology, and in particular to a message encryption transmission method and transmission device.

Background technique

In the field of Internet of Vehicles (IoV), existing identity authentication methods usually rely on digital certificates provided by Certificate Authority (CA). These certificates are managed through Public Key Infrastructure (PKI), which has problems including complex certificate management, high communication overhead, and strong dependence on CA.

Summary of the invention

In view of this, an embodiment of the present application provides a message encryption transmission method and a transmission device to solve the problems of low security and complex certificate management in the prior art of vehicle identity authentication.

A first aspect of an embodiment of the present application provides a message encryption transmission method, comprising:

receiving a first key PSK _i sent by the home subscriber server, where the first key PSK _i is generated by the home subscriber server based on a public parameter sent by the trusted unit;

Obtain the unique identifier UID _i of the vehicle, and generate the vehicle pseudonym RID _i based on UID _i , public parameters, and summary information sent by the home subscriber server;

Obtain a message to be sent, and perform a digital certificate signature on the message to be sent based on the first key PSK _i and the vehicle pseudonym RID _i to obtain a message data packet containing the digital certificate signature;

Send a message data packet to the verification unit so that the verification unit can verify the identity of the vehicle.

A second aspect of the embodiments of the present application provides a message encryption transmission device, including:

a receiving module configured to receive a first key PSK _i sent by the home subscriber server, where the first key PSK _i is generated by the home subscriber server based on a public parameter sent by the trusted unit;

An acquisition module configured to acquire a unique identifier UID _i of the vehicle, and generate a pseudonym RID _i of the vehicle based on UID _i , public parameters, and summary information sent by the home subscriber server;

The acquisition module is further configured to acquire the message to be sent, and to perform a digital certificate signature on the message to be sent based on the first key PSK _i and the vehicle pseudonym RID _i , to obtain a message data packet containing the digital certificate signature;

The sending module is configured to send a message data packet to the verification unit so that the verification unit verifies the identity of the vehicle.

Compared with the prior art, the embodiments of the present application have the following beneficial effects: when a vehicle transmits a message to a verification unit, the embodiments of the present application use a first key generated by a contracted user server, a second key generated by a trusted unit, and a pseudonym generated by the vehicle to sign the message with a digital certificate, thereby combining the digital certificate signature algorithm with the encryption algorithm for identity authentication. This not only ensures the security of identity information, but also significantly reduces the computational overhead and communication overhead of the message. On the basis of ensuring the integrity and real-time nature of the message, it can achieve privacy protection and ensure the non-repudiation and non-linkability of the message.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings required for use in the embodiments or the description of the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present application. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying any creative work.

FIG1 is a schematic diagram of the structure of the LTE-V network model provided in an embodiment of the present application.

Figure 2 is a model diagram of a replay attack during IoV communication.

Figure 3 is a model diagram of a man-in-the-middle attack during Internet of Vehicles communication.

FIG4 is a flowchart of a man-in-the-middle attack.

FIG5 is a flow chart of a message encryption transmission method provided in an embodiment of the present application.

FIG6 is a flow chart of another message encryption transmission method provided in an embodiment of the present application.

FIG. 7 is a flow chart of a method for verifying the identity of a vehicle by a verification unit provided in an embodiment of the present application.

FIG8 is a flow chart of an algorithm for adding random numbers to defend against replay attacks provided in an embodiment of the present application.

FIG9 is a flow chart of another message encryption transmission method provided in an embodiment of the present application.

FIG10 is a signal interaction diagram of the message encryption transmission method provided in an embodiment of the present application.

FIG11 is a schematic diagram of a message encryption transmission device provided in an embodiment of the present application.

FIG12 is a schematic diagram of a message encryption transmission system provided in an embodiment of the present application.

FIG. 13 is a schematic diagram of an electronic device provided in an embodiment of the present application.

Detailed ways

In the following description, specific details such as specific system structures, technologies, etc. are provided for the purpose of illustration rather than limitation, so as to provide a thorough understanding of the embodiments of the present application. However, it should be clear to those skilled in the art that the present application may also be implemented in other embodiments without these specific details. In other cases, detailed descriptions of well-known systems, devices, circuits, and methods are omitted to prevent unnecessary details from obstructing the description of the present application.

A message encryption transmission method and device according to an embodiment of the present application will be described in detail below with reference to the accompanying drawings.

As mentioned above, in the IoV field, existing identity authentication methods usually rely on digital certificates provided by CA. Specifically, the existing vehicle identity authentication methods mainly include the following:

1) Certificate authentication method based on PKI. This method has the following disadvantages: the PKI system requires a trusted CA, which may become a single point of failure in the system. In addition, the issuance and management of certificates involve complex processes, which increases the system overhead.

2) Traditional symmetric key exchange method. This method has the following disadvantages: Traditional symmetric key exchange methods have problems in key distribution and management. In large-scale Internet of Vehicles, key management may become very complicated and may lead to system insecurity.

3) Identity authentication method based on asymmetric keys. This method has the following disadvantages: Although the asymmetric key method provides a certain degree of security, in large-scale applications in the Internet of Vehicles, traditional asymmetric key management may become inefficient and costly.

4) Method of using pre-shared keys: This method has the following disadvantages: using pre-shared keys may involve security issues because the pre-sharing and management of keys may be threatened.

In view of this, the embodiment of the present application provides an efficient and reliable vehicle network certificateless authentication method based on Elliptic Curve Cryptography (ECC). The method first improves the conventional vehicle network model and proposes a new vehicle network model LTE-V network model.

Figure 1 is a structural diagram of the LTE-V network model provided in an embodiment of the present application. As shown in Figure 1, the LTE-V network model includes a Trusted Authority (TA), a Road Side Unit (RSU), an On Board Unit (OBU) and a Home Subscriber Server (HSS). The solid bidirectional arrow represents a wired connection, the lightning symbol represents direct communication between two objects without passing through an intermediate base station, and the dotted bidirectional arrow represents communication between two objects through an intermediate base station. Through the LTE-V network, each OBU sends traffic-related messages to the RSU periodically (approximately 100ms to 300ms). Therefore, the message is transmitted to the traffic management center or the transportation application server through a secure wired channel for analysis and decision-making.

Among them, TA is assumed to be a trusted entity with sufficient computing power and storage capacity. It is responsible for system settings and trust management, which can link the real identity of the vehicle with the information and revoke malicious information.

The HSS is assumed to be trustworthy and has sufficient computing power and storage space, and it is responsible for the registration of vehicle OBUs and RSUs. To prevent non-repudiation, both TA and HSS can perform conditional tracking.

RSU is assumed to be semi-trusted with insufficient computing power and storage space. RSU located along the road or at the intersection uses LTE-V-Cell to communicate with OBU within its network coverage and communicates with TA and HSS through wired connection.

Since the OBU has limited computing power and storage space, it is assumed to be untrusted, allowing it to communicate directly with other OBUs and pedestrians through the LTE-V network, and with the RSU through the LTE-V-Cell technology.

In the LTE-V network model proposed in the embodiment of the present application, if a convenient identity authentication scheme is to be proposed, the scheme must meet the requirements of privacy protection, identity authentication and integrity, autonomy, non-repudiation and anti-attack.

Among them, privacy protection means that the privacy of OBU must be protected, including identity privacy, unlinkability, and conditional traceability. Identity privacy means that the real identity and location information of OBU must be protected to prevent illegal access. Attackers and other OBUs must not be able to extract the real identity and location information of OBU from the transmitted traffic-related messages. Conditional traceability means that trusted entities should be able to extract the identity of misbehaving vehicles in controversial messages and impose corresponding legal penalties. Unlinkability means that no other party except TA and HSS can trace a large number of signed messages to the source.

Authentication and integrity refer to the fact that the verifier must be able to check the authenticity of messages associated with the traffic to determine that the message came from the expected sender. In addition, the integrity of the received message must be investigated to detect any unauthorized modification.

Autonomy means that frequent or permanent contact with the registration center must be avoided. The OBU must request registration parameters from the HSS only once, and subsequently it should be able to communicate using a pseudo identity and keys without interacting with the HSS.

Non-repudiation means that after successful authentication and conditional traceability, the OBU shall not deny sending the disputed message.

Attack resistance means that the proposed solution must be able to resist common underlying communication attacks, such as replay and Man-in-the-Middle Attack (MITM).

Replay attack, also known as replay attack, playback attack or freshness attack, refers to the attacker sending a packet that has been received by the destination host to achieve the purpose of deceiving the system. It is mainly used in the identity authentication process to destroy the correctness of the authentication. Figure 2 is a model diagram of replay attack in the communication process of the Internet of Vehicles. As shown in Figure 2, the vehicle transmits its identity information to the RSU for authentication, but other malicious vehicles may obtain its identity information. Although the identity message has been encrypted, the attacker cannot obtain the original information of the encrypted information, but can resend the message to the RSU at the next time point, so that the RSU receives the same message repeatedly, making it wrong judgment and causing traffic accidents.

In order to make the Internet of Vehicles system more secure, it is necessary to resist replay attacks. Common methods of resisting replay attacks include:

1) Add a password value. The password value in each replay attack needs to be different. The advantage is that both parties do not need to keep time synchronized. The disadvantage is that the used random password values need to be saved additionally, which requires storage and query overhead.

2) Add timestamp. The timestamp represents the number of the current moment, and the replayed timestamp will be relatively far away from the current moment. The advantage is that no memory overhead is required, and the disadvantage is that the computer clocks of the communicating parties must be synchronized (the better the synchronization, the less likely it is to be attacked).

3) Add serial number. Both parties add a gradually increasing integer to the message. As long as a discontinuous serial number message (too large or too small) is received, it is considered a replay threat. The advantage is that time synchronization is not required and the amount of information stored is small. The disadvantage is that if the attacker successfully decrypts the message, the serial number is obtained and the data can be forged.

A man-in-the-middle attack is when an attacker creates independent connections with both ends of a communication and exchanges the data they receive, making both ends of the communication think that they are talking directly to each other through a private connection, but in fact the entire conversation is completely controlled by the attacker. In a man-in-the-middle attack, the attacker can intercept the conversation between the two parties and insert new content. A man-in-the-middle attack is an attack that lacks mutual authentication. Most encryption protocols have special authentication methods specifically added to prevent man-in-the-middle attacks. For example, the SSL protocol can verify whether the certificates used by one or both parties involved in the communication are issued by an authoritative and trusted digital certificate certification authority, and can perform two-way identity authentication.

Figure 3 is a model diagram of a man-in-the-middle attack during the communication process of the Internet of Vehicles. As shown in Figure 3, there is a malicious third party between the sender and the receiver to steal the requested information, so that the sender and the receiver are not communicating directly. The specific process of the man-in-the-middle attack is shown in Figure 4. A complete man-in-the-middle attack process:

1) A requests the public key from B, but it is intercepted by C.

2) C sends a public key request to B.

3) B sends the public key to C.

4) C intercepts B's public key, replaces it with his own public key and sends it to A.

5) A regards C's public key as B's public key, uses it to encrypt information, and sends it to B.

6) C intercepts the encrypted message, decrypts it with his own private key, and obtains the plain text. At the same time, he forges new information, encrypts it with B's public key, and sends it to B.

7) B obtains the encrypted information and decrypts it with his own private key, thereby obtaining A's information.

Common methods to defend against man-in-the-middle attacks include:

1) Use encryption technology. Encrypting the communication content can effectively prevent the middleman from stealing the communication content.

2) Use digital certificates. A digital certificate is an electronic document issued by a trusted third party that can be used to verify the identity of the communicating party. Using digital certificates can effectively prevent middlemen from posing as someone else.

3) Use Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocol. SSL and TLS are two commonly used network security protocols that can be used to protect the security of network communications.

4) Use Virtual Private Network (VPN) technology. VPN can provide users with a secure communication channel and effectively prevent man-in-the-middle attacks.

On this basis, an embodiment of the present application provides a message encryption transmission method. When a vehicle transmits a message to a verification unit, the message is digitally signed by a first key generated by a contracted user server, a second key generated by a trusted unit, and a pseudonym generated by the vehicle, thereby combining a digital certificate signature algorithm with an encryption algorithm for identity authentication. This not only ensures the security of identity information, but also significantly reduces the computational overhead and communication overhead of the message. On the basis of ensuring the integrity and real-time nature of the message, it can achieve privacy protection and ensure the non-repudiation and non-linkability of the message.

FIG5 is a flow chart of a message encryption transmission method provided by an embodiment of the present application. The message encryption transmission method of FIG5 can be executed by the vehicle of FIG1. As shown in FIG5, the message encryption transmission method includes the following steps:

In step S501, a first key PSK _i sent by a home subscriber server is received.

The first key PSK _i is generated by the home subscriber server based on the public parameters sent by the trusted unit.

In step S502, a unique identifier UID _i of the vehicle is obtained, and a pseudonym RID _i of the vehicle is generated based on UID _i , public parameters and summary information sent by the home subscriber server.

In step S503, a message to be sent is obtained, and a digital certificate signature is performed on the message to be sent based on the first key PSK _i and the vehicle pseudonym RID _i to obtain a message data packet containing the digital certificate signature.

In step S504, a message data packet is sent to a verification unit so that the verification unit verifies the identity of the vehicle.

In an embodiment of the present application, the vehicle may first receive the first key PSK _i sent by the home subscriber server. The vehicle may receive the first key PSK _i sent by the HSS through its OBU via the Internet of Vehicles. The first key PSK _i is generated by the HSS based on the public parameters sent by the TA. Furthermore, the OBU may also receive summary information from the HSS.

In the embodiment of the present application, the vehicle can also obtain the unique identifier UID _i of the vehicle, and generate the vehicle pseudonym RID _i based on the UID _i , public parameters and the received summary information. Furthermore, the vehicle can use the first key PSK _i and the vehicle pseudonym RID _i to digitally sign the message to be sent, and obtain a message data packet containing the digital certificate signature. In the message data packet, the message is encrypted using the vehicle key, and the digital certificate signature is calculated after the digital certificate signature is calculated on the message. In this way, the message is encrypted using a digital certificate signature algorithm combined with an encryption algorithm, thereby ensuring the security of the identity information.

In the embodiment of the present application, the vehicle may send the message data packet of the generated message to be sent to the verification unit, so that the verification unit verifies the message and receives the message after the verification is passed. The verification unit may be an RSU.

According to the technical solution provided in the embodiment of the present application, when the vehicle transmits a message to the verification unit, the message is digitally signed by the first key generated by the affiliated contracted user server, the second key generated by the trusted unit, and the pseudonym generated by the vehicle, thereby realizing the combination of the digital certificate signature algorithm and the encryption algorithm for identity authentication. This not only ensures the security of identity information, but also significantly reduces the computing overhead and communication overhead of the message. On the basis of ensuring the integrity and real-time nature of the message, it can achieve privacy protection and ensure the non-repudiation and non-linkability of the message.

In the embodiment of the present application, the public parameters may include the base point P in the elliptic curve y ² =x ³ +ax+bmodp, large prime numbers p and q, the system public key P _pub generated by the trusted unit, the hash functions h ₀ , h ₁ , h ₂ and h ₃ selected by the trusted unit, and the time difference function f(t _c ). Wherein, the base point P∈G, G is the additive group of order q generated by the point P on the elliptic curve, a,b∈F _q , F _q is the finite field of the large prime number q; h ₀ :{0,1} ^* →Z _q , h ₁ : h ₂ :/> h ₃ : {0,1} ^* represents the set of all possible binary strings, including the empty string, → is the mapping symbol, Z is the set of integers _q modulo q, /> is the multiplicative group modulo q, which contains all integers that are coprime with q.

That is, TA can define an elliptic curve y ² = x ³ + ax + bmodp and select a base point P. On the other hand, TA randomly generates Let P _pub = sP, s is the system private key, and P _pub is the system public key. TA can also choose 4 hash functions (h ₀ , h ₁ , h ₂ , h ₃ ), which are used to map information of different lengths into a fixed-length summary. h ₀ :{0,1} ^* →Z _q represents a mapping or hash function from the set of binary strings {0,1}* to the set of integers Zq modulo q, where h ₀ represents the name of the hash function, which is usually used to represent the symbol of this mapping; {0,1}* represents the set of all possible binary strings, including the empty string, which is the input domain, that is, the input accepted by the hash function; → represents the arrow of the mapping or function, indicating the mapping relationship from input to output; Zq represents the set of integers modulo q, that is, the output domain of the hash function, which means that the hash function maps the binary string to an element in the set of integers modulo q.

The TA selects a function f(t _c ) to determine the time interval on the network, where t c is the current time, which allows the TA to manage the generation of vehicle pseudonyms. It also selects a random variable TA can/> Save in TA's database and send /> To HSS, and publish public parameters params={P,p,q, _Ppub , _h0 , _h1 , _h2 , _h3 ,f( _tc )}.

In the embodiment of the present application, the first key _PSKi is calculated by the home subscriber server using the following formula: Among them, A _i = α _i P _i ,/> x is an integer randomly generated by the home subscriber server, and

Furthermore, α _i =h ₁ (x, UID _i , P _pub ), β _i =h ₁ (ID _i , UID _i , params, T _pub ), where params is a public parameter, params={P, p, q, P _pub , h ₀ , h ₁ , h ₂ , h ₃ , f(t _c )}, ID _i is the vehicle identification, and T _pub =xP.

Furthermore, the summary information sent by the home subscriber server includes first summary information, and the first summary information includes K _i and Λ _i ; wherein K _i =β _i A _i , Represents a set of hash functions with ID _i information.

That is to say, unlike the traditional solution, the vehicle's key in the embodiment of the present application is not entirely generated by the TA, but part of it is generated by the TA and the other part is generated by the vehicle itself. The process of the vehicle generating part of the key by itself is as follows:

The vehicle OBU selects a unique identifier UID _i for the vehicle, which can be _, for example, the vehicle registration information, including the vehicle user's identity information and the vehicle identification number (VIN), and submits the vehicle ID _i and UID _i to the HSS, which randomly generates And calculate T _pub =xP, (x, T _pub ) is the key pair of HSS.

HSS calculates the first key of the vehicle OBU through the following formula α _i =h ₁ (x, UID _i , P _pub ), β _i =h ₁ (ID _i , UID _i , params, T _pub ), K _i =β _i A _i ,/> Among them, A _i = α _i P _i , HSS sends /> To the vehicle, send (ID _i ,UID _i ,K _i ) to TA through a secure channel, save (x,ID _i ,UID _i ,K _i ) in its database, and publish its public key T _pub .

FIG6 is a flow chart of another message encryption transmission method provided by an embodiment of the present application. Among them, steps S605 to S607 in the embodiment shown in FIG6 are basically the same as steps S502 to S504 in the embodiment shown in FIG5, and are not repeated here. As shown in FIG6, the message encryption transmission method also includes the following steps:

In step S601, a first key _PSKi and first summary information sent by a home subscriber server are received.

In step S602 , the vehicle generates second summary information.

In step S603, in response to the verification based on the first summary information, the second summary information, the first key and the public parameter that the identity of the vehicle is valid, a time period is obtained through a time difference function.

In step S604, in response to determining that the time period is a valid time period, it is determined that the pseudonym generation condition is satisfied.

In the embodiment of the present application, the vehicle may first receive the first key PSK _i and the first summary information sent by the home subscriber server. As mentioned above, the first summary message may include K _i and Λ _i . Further, the vehicle may also generate the second summary information based on the information such as ID _i , UID _i , public parameters and the public key T _pub of the HSS obtained by itself. and/> in, Then, the vehicle verification and/> Is it true? If so, continue to verify the equation/> Is it true? If true, it means that the vehicle's identity is valid, and the vehicle can receive the parameter set sent by HSS. The time period T _s is obtained by the time difference function f(t _c ). Finally, if the time period T _s is determined to be a valid time period, it can be determined that the condition for generating a pseudonym is currently met.

When the above conditions for generating pseudonyms are met, the vehicle can use the formula Generate vehicle pseudonyms, where ⊕ is the XOR operator.

As mentioned above, in the embodiment of the present application, part of the key of the vehicle is generated by the TA, and the other part is generated by the vehicle itself. In the embodiment of the present application, the TA can generate the second key of the vehicle in the following way: obtain a random number Determine PK _i = _yi P as the public key in the second key of the vehicle, /> is the private key in the second key of the vehicle. Subsequently, the vehicle can receive the second key from TA.

In the embodiment of the present application, the vehicle can digitally sign the message to be sent based on the received first key PSK _i , the second key and the vehicle pseudonym RID _i to obtain a message data packet containing the digital certificate signature. Specifically, the digital certificate signature of the message to be sent can be performed in the following manner:

First, obtain random numbers _ri ¹ and _ri ² , where Then calculate h _2i =h ₂ (m _i ,ID _i ,UID _i ,SK _i ,T _pub ), where _mi is the message to be sent and h _2i represents hash calculation of the message. Next calculate θ _i = _ri ¹ +h _2i r _i ² , D _i =θ _i P, and calculate R _i =D _i +K _i ,/> Wherein, h _3i =h ₃ (m _i .R _i ,RID _i ,PK _i , _ti ), θ _i ,D _i ,R _i and δ _i are all intermediate calculation parameters, and h _3i represents hash calculation of the message. Finally, σ _i =(R _i ,δ _i ) is determined to be the digital certificate signature, and (m _i ,σ _i ,RID _i ,PK _i , _ti ) is determined to be the message data packet, where _ti is the current timestamp.

In the embodiment of the present application, the verification unit can verify the identity of the vehicle. FIG. 7 is a flow chart of a method for verifying the identity of the vehicle by the verification unit provided in the embodiment of the present application. The verification method of FIG. 7 can be executed by the RSU of FIG. 1. As shown in FIG. 7, the message encryption transmission method includes the following steps:

In step S701, a message data packet sent by a vehicle is received.

The message data packet at least includes a timestamp.

In step S702, in response to the verification determining that the timestamp is valid, the digital certificate signature of the message data packet is verified.

In step S703, in response to the verification determining that the digital certificate signature is valid, a message is received.

In the embodiment of the present application, the RSU may first receive a message data packet (m _i , σ _i , RID _i , PK _i , t _i ) sent by the vehicle, wherein m _i is the message sent by the vehicle, σ _i is the digital certificate signature of the vehicle, RID _i is the vehicle pseudonym, PK _i is the public key of the vehicle, and t _i is the current timestamp when the vehicle sends the message data packet. Next, the RSU may verify the timestamp in the message data packet, and when the verification determines that the timestamp is valid, the digital certificate signature of the message data packet may be further verified. If the verification determines that the digital certificate signature is valid, the message m _i is received.

In the embodiment of the present application, verifying that the timestamp _ti is valid may be: determining the arrival time T of the message data packet; and in response to the difference between the arrival time T and the timestamp _ti being less than a preset time difference threshold, determining that the timestamp _ti is valid.

In the embodiment of the present application, the message data packet may be a single message data packet, or may include n message data packets, where n is a positive integer greater than 1. When the message data packet is a single message data packet, the digital certificate signature of the message data packet may be verified in the following manner:

Get h _3i =h ₃ (m _i ,R _i ,RID _i ,PK _i ,t _i ), where h _3i represents hash calculation of the message, h ₃ is the hash function, h ₃ : {0,1} ^* represents the set of all possible binary strings, including the empty string, → is the mapping symbol, Z is the set of integers _q modulo q, /> is the multiplication group under the modulus q, which includes all integers that are relatively prime to q, q is a large prime number in the elliptic curve y ² =x ³ +ax+bmodp, R _i is an intermediate parameter when the vehicle calculates the digital certificate signature for the message, and R _i is included in σ _i ;

In response to the verification determination δ _i P＝R _i +h _3i (PK _i )+T _pub , it is determined that the digital certificate signature is valid, wherein δ _i is an intermediate parameter when the vehicle performs digital certificate signature calculation on the message, δ _i is also included in σ _i , P is a base point in the elliptic curve y ² =x ³ +ax+bmodp, P∈G, G is an additive group of order q generated by the point P on the elliptic curve, T _pub =xP, x is an integer randomly generated by the home subscriber server, and

When a message data packet includes n message data packets, the digital certificate signature of the message data packet is verified, which can be implemented in the following manner:

Get a random vector {ξ _i } _1≤i≤n , where {ξ _i }∈[1,2 ^l ], l is the word length;

Calculate h _3i =h ₃ (m _i ,R _i ,RID _i ,PK _i , _ti ) _1≤i≤n ;

In response to the verification determination Determine whether the digital certificate signature is valid.

In this way, due to the complexity of elliptic curve algorithms, the verifier needs to use the equation δ _i P = R _i + h _3i (PK _i ) + T _pub and To verify the integrity and validity of the identity message (m _i ,σ _i ,RID _i ,PK _i ,t _i ). Because the identity information is hashed to obtain a summary, according to the properties of the hash function, if the message changes a little, the above two equations will not hold, and the message contains timestamp information. If the message is resent or the delay is too high, the authentication will fail. Therefore, the technical solution of the embodiment of the present application can meet the message integrity and real-time requirements.

On the other hand, the vehicle OBU transmits a set of messages (m _i ,σ _i ,RID _i ,PK _i ,t _i ) through which the pseudonym is generated Therefore, in order to obtain the real identity information through the pseudonym, the attacker must know/> UID _i and K _i , because the hash function is irreversible and these messages are protected, the attacker cannot get the real ID of the vehicle OBU, thus achieving privacy protection.

Furthermore, since in the technical solution provided in the embodiment of the present application, the TA and the HSS can trace the true identity of the OBU through the message, no OBU can refuse to sign the message, thereby achieving non-repudiation.

Furthermore, since each communication session uses a dynamically changing pseudonym, any attacker cannot track the vehicle's location information from the transmitted messages. In addition, since there are different random values _ri ¹ , _ri ² , _yi and h _2i , these random values are used to generate the vehicle's signature, which cannot be used for two different communications. Therefore, any attacker cannot track the vehicle's messages, thus achieving unlinkability.

Going further, message signature operation In the example, a timestamp t _i is added to the message and a hash operation is performed. At this time, the receiver will first check whether the timestamp is expired. If it is expired, the message will be discarded, thereby resisting replay attacks. However, the timestamp has high requirements for time synchronization of different machines. Therefore, the embodiment of the present application also combines the generation of random numbers to resist replay attacks.

Based on the digital signature, the embodiment of the present application further proposes an algorithm for adding random numbers to defend against replay attacks. FIG8 is a flow chart of the algorithm for adding random numbers to defend against replay attacks provided by the embodiment of the present application. As shown in FIG8, the method includes the following steps:

1) Set a random number. A random function can be used to generate a random number so that the message contains the random number to ensure the uniqueness and freshness of the message.

2) The sender sends the generated random number to the receiver when transmitting data.

3) After receiving the message and the random number, the receiver checks in its own database whether the random number requested by the message has appeared before. If it is detected that the random number is repeated with the data carried by a previous transmission, it can be considered that a replay attack has occurred.

4) The receiver creates a corresponding index for each random number received and stores it in the database.

The technical solution provided by the embodiment of the present application, when using random numbers to resist replay attacks, first uses a hash function encryption algorithm to extract a digital summary of the transmitted plaintext data, and then sends it together with the generated random number to the receiver. After receiving the information, the receiver first uses the sender's public key to decrypt the plaintext data to obtain the plaintext data, compares the decrypted data with the original plaintext data, and then detects whether the random number appears for the first time, thereby ensuring the integrity of the data and effectively resisting replay attacks.

At the same time, since the middleman can obtain the sender's public key to impersonate the sender, if a signature certificate is added to the sender's public key, the public key cannot be used by others, so the use of digital signatures can effectively prevent middleman attacks. Therefore, the technical solution provided in the embodiment of the present application can resist middleman attacks.

FIG9 is a flow chart of another message encryption transmission method provided in an embodiment of the present application. The message encryption transmission method of FIG9 can be performed by the TA, HSS, RSU and OBU of FIG1 together. As shown in FIG9, the message encryption transmission method includes the following steps:

In step S901, the trusted unit generates public parameters and sends the public parameters to the home subscriber server, the verification unit and the vehicle.

In step S902, the home subscriber server generates a first key PSK _i and summary information based on the public parameters, and sends the first key PSK _i and the summary information to the vehicle.

In step S903 , the vehicle generates a vehicle pseudonym RID _i based on the vehicle's unique identifier UID _i , public parameters, and summary information.

In step S904, the vehicle obtains the second key from the trusted unit, and performs a digital certificate signature on the message to be sent based on the first key PSK _i , the second key and the vehicle pseudonym RID _i to obtain a message data packet containing the digital certificate signature.

In step S905, the verification unit receives the message data packet, and after verifying the timestamp and digital certificate signature in the message data packet, receives the message.

In an embodiment of the present application, the trusted unit first generates public parameters and sends the public parameters to the home subscriber server, the verification unit and the vehicle. The home subscriber server generates a first key PSK _i and summary information based on the public parameters, and sends the first key PSK _i and the summary information to the vehicle. The vehicle generates a vehicle pseudonym RID _i based on the vehicle's unique identifier UID _i , the public parameters and the summary information. At the same time, the vehicle obtains a second key from the trusted unit, and digitally signs the message to be sent based on the first key PSK _i , the second key and the vehicle pseudonym RID _i , to obtain a message data packet containing the digital certificate signature. The verification unit receives the message data packet, and receives the message after verifying the timestamp and digital certificate signature in the message data packet.

Figure 10 is a signal interaction diagram of the message encryption transmission method provided by the embodiment of the present application. As shown in Figure 10, TA first generates and sends public parameters to HSS, RSU and OBU; HSS generates a first key based on the public parameters and sends the first key to OBU; TA also generates a second key and sends it to OBU; OBU receives the first key and the second key after identity authentication is passed, and generates a pseudonym; OBU digitally authenticates and signs the message based on the first key, the second key and the pseudonym to obtain a message data packet; OBU sends the message data packet to RSU, and RSU receives the message after successfully authenticating the timestamp and digital authentication signature in the message data packet.

By adopting the technical solution of the embodiment of the present application, there is no need to rely on traditional certificate authorities, which reduces the complex certificate management process and reduces the communication and computing overhead. By using the ECC key negotiation algorithm, a fast and efficient key negotiation process is achieved, which accelerates the establishment of communication, facilitates timely communication between Internet of Vehicles devices, and improves communication efficiency. By utilizing the high security of ECC, the strength of identity authentication is improved, and attacks and security risks existing in some traditional identity authentication methods are prevented. The certificate-free design reduces the reliance on centralized certificate management, making this method more suitable for scenarios where the Internet of Vehicles is deployed on a large scale, and maintaining the flexibility and scalability of the system. At the same time, this method does not require the prior distribution and management of certificates, simplifies the deployment process of vehicles, reduces the complexity of maintenance and management, and makes the system easier to implement and maintain.

All the above optional technical solutions can be arbitrarily combined to form optional embodiments of the present application, which will not be described one by one here.

The following are device embodiments of the present application, which can be used to execute the method embodiments of the present application. For details not disclosed in the device embodiments of the present application, please refer to the method embodiments of the present application.

FIG11 is a schematic diagram of a message encryption transmission device provided in an embodiment of the present application. As shown in FIG11 , the device includes:

The receiving module 1101 is configured to receive a first key PSK _i sent by a home subscriber server, where the first key PSK _i is generated by the home subscriber server based on a public parameter sent by a trusted unit.

The acquisition module 1102 is configured to acquire a unique identifier UID _i of the vehicle, and generate a pseudonym RID _i of the vehicle based on UID _i , public parameters and summary information sent by the home subscriber server.

The acquisition module 1102 is further configured to acquire the message to be sent, perform a digital certificate signature on the message to be sent based on the first key PSK _i and the vehicle pseudonym RID _i , and obtain a message data packet containing the digital certificate signature.

The sending module 1103 is configured to send a message data packet to the verification unit so that the verification unit verifies the identity of the vehicle.

According to the technical solution provided in the embodiment of the present application, when the vehicle transmits a message to the verification unit, the message is digitally signed by the first key generated by the affiliated contracted user server, the second key generated by the trusted unit, and the pseudonym generated by the vehicle, thereby realizing the combination of the digital certificate signature algorithm and the encryption algorithm for identity authentication. This not only ensures the security of identity information, but also significantly reduces the computing overhead and communication overhead of the message. On the basis of ensuring the integrity and real-time nature of the message, it can achieve privacy protection and ensure the non-repudiation and non-linkability of the message.

In the embodiment of the present application, the public parameters include the base point P in the elliptic curve y ² =x ³ +ax+bmodp, large prime numbers p and q, the system public key P _pub generated by the trusted unit, the hash functions h ₀ , h ₁ , h ₂ and h ₃ selected by the trusted unit, and the time difference function f(t _c ); wherein the base point P∈G, G is the additive group of order q generated by the point P on the elliptic curve, a,b∈F _q , F _q is the finite field of the large prime number q; h ₀ :{0,1} ^* →Z _q , h ₁ : h ₂ :/> h ₃ : {0,1} ^* represents the set of all possible binary strings, including the empty string, → is the mapping symbol, Z is the set of integers _q modulo q, /> is the multiplicative group modulo q, which contains all integers that are coprime with q.

In the embodiment of the present application, the first key _PSKi is calculated by the home subscriber server using the following formula: Among them, A _i = α _i P _i ,/> x is an integer randomly generated by the home subscriber server, and α _i =h ₁ (x, UID _i , P _pub ); β _i =h ₁ (ID _i , UID _i , params, T _pub ), where IDi is the vehicle identification, params is the public parameter, params={P, p, q, P _pub , h ₀ , h ₁ , h ₂ , h ₃ , f(t _c )}, and T _pub =xP.

In an embodiment of the present application, the summary information sent by the home subscriber server includes first summary information; before generating a vehicle pseudonym, it also includes: the vehicle generates second summary information; in response to verifying that the identity of the vehicle is valid based on the first summary information, the second summary information, the first key and the public parameter verification, a time period is obtained through a time difference function; in response to determining that the time period is a valid time period, a vehicle pseudonym is generated.

In the embodiment of the present application, before obtaining the message to be sent, the method further includes: obtaining a second key sent by a trusted institution; wherein the second key is generated by the trusted unit in the following manner: obtaining a random number Determine PK _i = _yi P as the public key in the second key of the vehicle, /> It is the private key in the second key of the vehicle.

In the embodiment of the present application, a message to be sent is digitally signed based on the first key PSK _i and the vehicle pseudonym RID _i to obtain a message data packet containing the digital certificate signature, including: obtaining random numbers r _i ¹ and r _i ² , wherein: Calculate h _2i =h ₂ (m _i ,ID _i ,UID _i ,SK _i ,T _pub ), where _{mi is} the message to be sent and h _2i represents the hash calculation of the message; calculate θ _i = _ri ¹ +h _2i r _i ² ,D _i =θ _i P; calculate R _i =D _i +K _i ,/> Among them, h _3i =h ₃ (m _i .R _i ,RID _i ,PK _i , _ti ), θ _i ,D _i ,R _i and δ _i are all intermediate calculation parameters, h _3i represents hash calculation of the message; σ _i =(R _i ,δ _i ) is determined to be the digital certificate signature; (m _i ,σ _i ,RID _i ,PK _i , _ti ) is determined to be the message data packet, where _ti is the current timestamp.

In the embodiment of the present application, the verification unit verifies the identity of the vehicle, including: receiving a message data packet (m _i , σ _i , RID _i , PK _i , t _i ) sent by the vehicle, wherein _mi is the message sent by the vehicle, σ _i is the digital certificate signature of the vehicle, RID _i is the vehicle pseudonym, PK _i is the public key of the vehicle, and t _i is the current timestamp when the vehicle sends the message data packet; in response to the verification determining that the timestamp t _i is valid, verifying the digital certificate signature of the message data packet; in response to the verification determining that the digital certificate signature is valid, receiving the message m _i .

In the embodiment of the present application, in response to the message data packet being a single message data packet, verifying the digital certificate signature of the message data packet includes: obtaining h _3i =h ₃ (m _i ,R _i ,RID _i ,PK _i ,t _i ), wherein h _3i represents hash calculation of the message, h ₃ is a hash function, and h ₃ : {0,1} ^* represents the set of all possible binary strings, including the empty string, → is the mapping symbol, Z is the set of integers _q modulo q, /> is a multiplication group under modulo q, the multiplication group set includes all integers that are relatively prime to q, q is a large prime number in the elliptic curve y ² =x ³ +ax+bmodp, R _i is an intermediate parameter when the vehicle performs digital certificate signature calculation on the message, and R _i is included in σ _i ; in response to the verification, δ _i P =R _i +h _3i (PK _i )+T _pub is determined, and the digital certificate signature is determined to be valid, wherein δ _i is an intermediate parameter when the vehicle performs digital certificate signature calculation on the message, and δ _i is also included in σ _i , P is a base point in the elliptic curve y ² =x ³ +ax+bmodp, P∈G, G is an additive group of order q generated by the point P on the elliptic curve, T _pub =xP, x is an integer randomly generated by the home subscriber server, and/>

In the embodiment of the present application, in response to a message data packet including n message data packets, where n is a positive integer greater than 1, verifying the digital certificate signature of the message data packet includes: obtaining a random vector {ξ _i } _1≤i≤n , where {ξ _i }∈[1,2 ^l ], where l is the word length; calculating h _3i ＝h ₃ (m _i ,R _i ,RID _i ,PK _i ,t _i ) _1≤i≤n ; and determining in response to the verification Make sure the digital certificate signature is valid.

FIG12 is a schematic diagram of a message encryption transmission system provided in an embodiment of the present application. As shown in FIG12 , the system includes:

The trusted unit is configured to generate public parameters and send the public parameters to the home subscriber server, the verification unit and the vehicle.

The home subscriber server is configured to generate a first key PSK _i and summary information based on the public parameters, and send the first key PSK _i and the summary information to the vehicle.

The vehicle is configured to generate a vehicle pseudonym RID _i based on a unique identifier UID _i of the vehicle, public parameters and summary information.

The vehicle is also configured to obtain a second key from a trusted unit, and to perform a digital certificate signature on the message to be sent based on the first key PSK _i , the second key and the vehicle pseudonym RID _i , to obtain a message data packet containing the digital certificate signature.

The verification unit is configured to receive a message data packet, and receive the message after verifying the timestamp and digital certificate signature in the message data packet.

It should be understood that the size of the serial numbers of the steps in the above embodiments does not mean the order of execution. The execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present application.

FIG13 is a schematic diagram of an electronic device provided in an embodiment of the present application. As shown in FIG13 , the electronic device 13 of this embodiment includes: a processor 1301, a memory 1302, and a computer program 1303 stored in the memory 1302 and executable on the processor 1301. When the processor 1301 executes the computer program 1303, the steps in the above-mentioned various method embodiments are implemented. Alternatively, when the processor 1301 executes the computer program 1303, the functions of each module/unit in the above-mentioned various device embodiments are implemented.

The electronic device 13 may be a desktop computer, a notebook, a PDA, a cloud server, or other electronic device. The electronic device 13 may include, but is not limited to, a processor 1301 and a memory 1302. Those skilled in the art will appreciate that FIG. 13 is merely an example of the electronic device 13 and does not constitute a limitation on the electronic device 13, and may include more or fewer components than shown in the figure, or different components.

The processor 1301 may be a central processing unit (CPU), or other general-purpose processors, digital signal processors (DSP), application-specific integrated circuits (ASIC), field-programmable gate arrays (FPGA), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.

The memory 1302 may be an internal storage unit of the electronic device 13, for example, a hard disk or memory of the electronic device 13. The memory 1302 may also be an external storage device of the electronic device 13, for example, a plug-in hard disk, a smart media card (SMC), a secure digital (SD) card, a flash card (FlashCard), etc. equipped on the electronic device 13. The memory 1302 may also include both an internal storage unit of the electronic device 13 and an external storage device. The memory 1302 is used to store computer programs and other programs and data required by the electronic device.

Those skilled in the art can clearly understand that for the convenience and simplicity of description, only the division of the above-mentioned functional units and modules is used as an example for illustration. In actual applications, the above-mentioned functions can be distributed and completed by different functional units and modules as needed, that is, the internal structure of the device is divided into different functional units or modules to complete all or part of the functions described above. The functional units and modules in the embodiments can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The above-mentioned integrated unit can be implemented in the form of hardware or in the form of software functional units.

If the integrated module/unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the present application implements all or part of the processes in the above-mentioned embodiment method, and can also be completed by instructing the relevant hardware through a computer program. The computer program can be stored in a computer-readable storage medium, and the computer program can implement the steps of the above-mentioned various method embodiments when executed by the processor. The computer program may include computer program code, which may be in source code form, object code form, executable file or some intermediate form. Computer-readable media may include: any entity or device capable of carrying computer program code, recording medium, U disk, mobile hard disk, disk, optical disk, computer memory, read-only memory (ROM), random access memory (RAM), electric carrier signal, telecommunication signal and software distribution medium, etc.

The above embodiments are only used to illustrate the technical solutions of the present application, rather than to limit them. Although the present application has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that they can still modify the technical solutions described in the aforementioned embodiments, or make equivalent replacements for some of the technical features therein. These modifications or replacements do not deviate the essence of the corresponding technical solutions from the spirit and scope of the technical solutions of the embodiments of the present application, and should all be included in the protection scope of the present application.

Claims (10)

1. A message encryption transmission method, characterized in that the method is executed by a vehicle, and the method comprises: receiving a first key PSK _i sent by a home subscriber server, where the first key PSK _i is generated by the home subscriber server based on a public parameter sent by a trusted unit; Obtaining a unique identifier UID _i of the vehicle, and generating a vehicle pseudonym RID _i based on the UID _i , the public parameters and the summary information sent by the home subscriber server; Obtain a message to be sent, and perform a digital certificate signature on the message to be sent based on the first key PSK _i and the vehicle pseudonym RID _i to obtain a message data packet containing the digital certificate signature; The message data packet is sent to a verification unit so that the verification unit verifies the identity of the vehicle. 2. The method according to claim 1, characterized in that the public parameters include a base point P in the elliptic curve y ² =x ³ +ax+bmodp, large prime numbers p and q, a system public key P _pub generated by a trusted unit, hash functions h ₀ , h ₁ , h ₂ and h ₃ selected by the trusted unit, and a time difference function f(t _c ); Wherein, the base point P∈G, G is the additive group of order q generated by the point P on the elliptic curve, a, _b∈Fq , _Fq is the finite field of large prime number q; h ₀ :{0,1} ^* →Z _q , {0,1} ^* represents the set of all possible binary strings, including the empty string, → is the mapping symbol, Z is the set of integers _q modulo q, /> is the multiplicative group modulo q, which contains all integers that are coprime with q. 3. The method according to claim 2, wherein the first key PSK _i is calculated by the home subscriber server using the following formula: Among them, A _i = α _i P _i ,/> x is an integer randomly generated by the home subscriber server, and/> α _i =h ₁ (x, UID _i , P _pub ); β _i =h ₁ (ID _i ,UID _i ,params,T _pub ), where ID _i is the vehicle identification, params is the public parameter, params＝{P,p,q, _Ppub , _h0 , _h1 , _h2 , _h3 ,f( _tc )}，Tpub＝xP. 4. The method according to claim 1, wherein the summary information sent by the home subscriber server comprises first summary information; Before generating the vehicle pseudonym, the method further includes: The vehicle generates second summary information; In response to verifying that the identity of the vehicle is valid based on the first summary information, the second summary information, the first key and the public parameter, obtaining a time period through a time difference function; In response to determining that the time period is a valid time period, it is determined that a pseudonym generation condition is satisfied. 5. The method according to claim 3, characterized in that before obtaining the message to be sent, the method further comprises: Obtain a second key sent by a trusted institution; The second key is generated by the trusted unit in the following manner: Get random numbers Determine PK _i = _yi P as the public key in the second key of the vehicle, is a private key in the second key of the vehicle. 6. The method according to claim 5, characterized in that the step of performing a digital certificate signature on the message to be sent based on the first key PSK _i and the vehicle pseudonym RID _i to obtain a message data packet containing the digital certificate signature comprises: Get random numbers and/> Among them,/> Calculate h _2i =h ₂ (m _i , ID _i , UID _i , SK _i , T _pub ), where _mi is the message to be sent and h _2i represents hash calculation of the message; calculate D _i = θ _i P; Calculate R _i = D _i + K _i , Wherein, h _3i =h ₃ (m _i .R _i ,RID _i ,PK _i ,t _i ), θ _i ,D _i ,R _i and δ _i are all intermediate calculation parameters, and h _3i represents hash calculation of the message; Determine σ _i =(R _i ,δ _i ) as the digital certificate signature; Determine (m _i ,σ _i ,RID _i ,PK _i , _ti ) as the message data packet, where _ti is the current timestamp. 7. The method according to claim 1, characterized in that the verification unit verifies the identity of the vehicle, comprising: Receive a message data packet (m _i , σ _i , RID _i , PK _i , t _i ) sent by the vehicle, where _mi is the message sent by the vehicle, σ _i is the digital certificate signature of the vehicle, RID _i is the vehicle pseudonym, PK _i is the public key of the vehicle, and t _i is the current timestamp when the vehicle sends the message data packet; In response to the verification determining that the timestamp ti _is valid, verifying the digital certificate signature of the message data packet; The message _mi is received in response to the verification determining that the digital certificate signature is valid. 8. The method according to claim 7, characterized in that, in response to the message data packet being a single message data packet, the verifying the digital certificate signature of the message data packet comprises: Get h _3i =h ₃ (m _i ,R _i ,RID _i ,PK _i , _ti ), where h _3i represents the hash calculation of the message, h ₃ is the hash function, {0,1} ^* represents the set of all possible binary strings, including the empty string, → is the mapping symbol, Z is the set of integers _q modulo q, /> is the multiplication group under the modulus q, which includes all integers that are relatively prime to q, q is a large prime number in the elliptic curve y ² =x ³ +ax+bmodp, R _i is an intermediate parameter when the vehicle calculates the digital certificate signature for the message, and R _i is included in σ _i ; In response to the verification determination δ _i P＝R _i +h _3i (PK _i )+T _pub , it is determined that the digital certificate signature is valid, wherein δ _i is an intermediate parameter when the vehicle performs digital certificate signature calculation on the message, δ _i is also included in σ _i , P is a base point in the elliptic curve y ² =x ³ +ax+bmodp, P∈G, G is an additive group of order q generated by the point P on the elliptic curve, T _pub =xP, x is an integer randomly generated by the home subscriber server, and 9. The method according to claim 7, characterized in that, in response to the message data packet comprising n message data packets, where n is a positive integer greater than 1, the verifying the digital certificate signature of the message data packet comprises: Get a random vector {ξ _i } _1≤i≤n , where {ξ _i }∈[1,2 ^l ], l is the word length; Calculate h _3i =h ₃ (m _i ,R _i ,RID _i ,PK _i , _ti ) _1≤i≤n ; In response to the verification determination Determine whether the digital certificate signature is valid. 10. A message encryption transmission device, comprising: a receiving module configured to receive a first key PSK _i sent by a home subscriber server, where the first key PSK _i is generated by the home subscriber server based on a public parameter sent by a trusted unit; an acquisition module configured to acquire a unique identifier UID _i of the vehicle, and generate a vehicle pseudonym RID _i based on the UID _i , the public parameters and the summary information sent by the home subscriber server; The acquisition module is further configured to acquire a message to be sent, and to perform a digital certificate signature on the message to be sent based on the first key PSK _i and the vehicle pseudonym RID _i , to obtain a message data packet containing the digital certificate signature; The sending module is configured to send the message data packet to the verification unit so that the verification unit verifies the identity of the vehicle.