面向车联网的匿名组密钥分发方案

doi:10.11959/j.issn.2096-109x.2023070

摘要/Abstract

摘要：

车载自组织网络（VANET，vehicular ad hoc network）作为智能交通系统的重要组成部分，可在车辆行驶时提供驾驶信息等服务，如防止碰撞、提高交通效率等。在可信第三方（TTP，trusted third party ）和车辆进行交互时，难免会受到窃听、篡改和伪造等安全威胁。现有的方案多是在TTP和车辆间进行密钥协商来创建会话密钥以保证会话的安全。但系统过度依赖TTP可能会受到单点故障的影响，以及面临TTP向多个车辆发送相同信息时产生的信息冗余问题。同时，创建组会话密钥所使用的密钥协商方式相较于分发方式会产生更多的交互数据和交互次数。提出面向车联网的匿名组密钥分发方案，方案借助路侧单元（RSU， road side unit）来组织多个车辆创建组会话密钥，使用基于身份的公钥密码和改进的多接收者加密方案实现RSU和车辆间的双向认证与组会话密钥的分发。在密钥分发的过程中，只需要一次加密操作便可让所有组内成员获得一致的会话密钥。凭此可减少系统实体在认证和组通信时对TTP的过度依赖。通过形式化的安全性证明表明，所提方案满足基本的安全要求。同时，经过性能分析和对比，所提方案的计算开销和通信开销比同类方案更有优势。

关键词: 车联网, 认证, 组会话密钥

Abstract:

Vehicular ad hoc networks (VANET) play a crucial role in intelligent transportation systems by providing driving information and services such as collision prevention and improved traffic efficiency.However, when a trusted third party (TTP) interacts with a vehicle in VANET, it can be vulnerable to security threats like eavesdropping, tampering, and forgery.Many existing schemes rely heavily on TTP for key negotiation to establish session keys and ensure session security.However, this over-reliance on TTP can introduce a single point of failure and redundancy issues when TTP sends the same information to multiple vehicles.Additionally, key negotiation methods used for creating group session keys often result in increased interaction data and interaction times.An anonymous group key distribution scheme for the internet of vehicles was proposed to address these challenges.The Road Side Units (RSUs) were used to facilitate the creation of group session keys among multiple vehicles.Identity-based public key cryptography and an improved multi-receiver encryption scheme were utilized for communication between RSUs and vehicles, enabling two-way authentication and secure distribution of group session keys.During the key distribution process, a single encryption operation was sufficient to allow all group members to obtain a consistent session key.This reduced the reliance on TTP for authentication and group communication.Formal security proofs demonstrate that the proposed scheme satisfies basic security requirements.Furthermore, performance analysis and comparisons indicate that this scheme offers lower computational overhead and communication overhead compared to similar schemes.

Key words: internet of vehicles, authentication, group session key

中图分类号:

TP309

何智旺, 王化群. 面向车联网的匿名组密钥分发方案[J]. 网络与信息安全学报, 2023, 9(5): 127-137.

Zhiwang HE, Huaqun WANG. Anonymous group key distribution scheme for the internet of vehicles[J]. Chinese Journal of Network and Information Security, 2023, 9(5): 127-137.

图/表 6

图1

表1

参数说明Table 1 Parameters description"

参数	参数描述
$G_{1}, G_{2}$	$G_{1}$ 是加法循环群， $G_{2}$ 是乘法循环群
P	群G₁的生成元
$s \in Z_{q}^{*}$	TTP的私钥
$P_{pub} = s P$	TTP的公钥
${RID}_{RSU}$	RSU的真实身份
$u_{RSU}$	RSU的私钥
$β_{i}, t_{i}, r, {η_{1}, η_{2}, \dots, η_{n}}$	随机数
${VID}_{i}, {PID}_{i}$	车辆V_i的真实身份和假名
$d_{i}$	车辆V_i的私钥
$T_{cur}, {T^{'}}_{cur}, T_{curr}$	时间戳
$E_{sk} (m), D_{sk} (m)$	对信息m使用对称密钥进行加解密

表1

表2

运算操作所需的时间Table 2 Time required for operation"

符号	描述	时间/ms
$T_{b p}$	双线性配对运算所需的时间	8.97
$T_{\exp}$	在群上做一次幂运算所需的时间	15.5
$T_{s m - G_{1}}$	在群 $G_{1}$ 上做一次数点乘法运算所需的时间	15.42
$T_{m - G_{1}}$	在群 $G_{1}$ 上做一次点乘运算所需的时间	31.39
$T_{m - G_{T}}$	在群 $G_{T}$ 上做一次点乘运算所需的时间	2.21
$T_{h t p}$	做一次哈希到点运算所需的时间	34.47
$T_{s y}$	做一次对称加密算法所需的时间	0.69
$T_{g h}$	做一次一般哈希运算所需的时间	0.02
$T_{to Z}$	将数据映射到 $Z_{q}^{*}$ 所需要的时间	0.01

表2

表3

图2

表4

密文长度对比Table 4 Comparison of ciphertext lengths"

方案	密文格式	长度/byte
文献[21]方案	$({CT}_{IBBE}, S, T_{i}) 和 {BK}_{{ID}_{i}}$	148n+388
文献[24]方案	$(R_{1}, \dots, R_{n}, U_{1}, U_{2}, V)$	48n+272
本文方案	$(U_{1}, K_{1}, \dots, K_{n}, V, ρ)$	28n+164

表4

参考文献 26

[1]	LI X C . Blockchain-based group key agreement protocol for vehicular ad hoc networks[J]. Computer Communications, 2022,183: 107-120.
[2]	CHEN J N , HUANG Z J , ZHOU Y P ,et al. Efficient certificate-based aggregate signature scheme for vehicular ad hoc networks[J]. IET Networks, 2020,9(6): 290-297.
[3]	REN Y L , LI X Y,SUNSF ,et al. Privacy-preserving batch verification signature scheme based on blockchain for vehicular ad-hoc networks[J]. Journal of Information Security and Applications, 2021,58:102698.
[4]	YANG X D , LIU R , WANG M D ,et al. Identity-based aggregate signature scheme in vehicle ad-hoc network[C]// Proceedings of 2019 4th International Conference on Mechanical,Control and Computer Engineering (ICMCCE). 2020: 1046-10463.
[5]	MOHANTY S , JENA D , PANIGRAHY S K . A secure RSU-aided aggregation and batch-verification scheme for vehicular networks[C]// International Conference on Soft Computing and Its Applications (ICSCA’2012). 2012: 174-178.
[6]	BONEH D , GENTRY C , LYNN B ,et al. Aggregate and verifiably encrypted signatures from bilinear maps[M]// Lecture Notes in Computer Science. 2003: 416-432.
[7]	LI J , KIM K , ZHANG F G ,et al. Aggregate proxy signature and verifiably encrypted proxy signature[C]// Proceedings of the 1st International Conference on Provable Security. 2007: 208-217.
[8]	AHN J H , GREEN M , HOHENBERGER S . Synchronized aggregate signatures:new definitions,constructions and applications[C]// Proceedings of the 17th ACM Conference on Computer and Communications Security. 2010: 473-484.
[9]	NEVEN G . Efficient sequential aggregate signed data[J]. IEEE Transactions on Information Theory, 2011,57(3): 1803-1815.
[10]	CHEON J H . A new ID-based signature with batch verification[R]. Cryptology Eprint Archive Report, 2004.
[11]	SHEN L M , MA J F , LIUXM ,et al. A secure and efficient ID-based aggregate signature scheme for wireless sensor networks[J]. IEEE Internet of Things Journal, 2017,4(2): 546-554.
[12]	IWASAKI T , YANAI N , INAMURA M ,et al. Tightly-secure identity-based structured aggregate signature scheme under the computational Diffie-Hellman assumption[C]// Proceedings of 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA). 2016: 669-676.
[13]	YANG X D , LIU R , WANG M D ,et al. Identity-based aggregate signature scheme in vehicle ad-hoc network[C]// Proceedings of 2019 4th International Conference on Mechanical,Control and Computer Engineering (ICMCCE). 2020: 1046-10463.
[14]	CASTRO R , DAHAB R . Efficient certificate less signatures suitable for aggregation[J]. IACR Cryptol Eprint Arch,2007, 2007:454.
[15]	XIONG H , GUAN Z , CHEN Z ,et al. An efficient certificateless aggregate signature with constant pairing computations[J]. Information Sciences, 2013,219: 225-235.
[16]	HASHIMOTO K , OGATA W . Unrestricted and compact certificate less aggregate signature scheme[J]. Information Sciences, 2019,487: 97-114.
[17]	GUO Y M , ZHANG Z F , GUO Y J . Anonymous authenticated key agreement and group proof protocol for wearable computing[J]. IEEE Transactions on Mobile Computing, 2022,21(8): 2718-2731.
[18]	KUMAR V , KUMAR R , PANDEY S K . A computationally efficient centralized group key distribution protocol for secure multicast communications based upon RSA public key cryptosystem[J]. Journal of King Saud University-Computer and Information Sciences, 2020,32(9): 1081-1094.
[19]	SRINIVAS J , DAS A K , KUMAR N ,et al. Cloud centric authentication for wearable healthcare monitoring system[J]. IEEE Transactions on Dependable and Secure Computing, 2020,17(5): 942-956.
[20]	FIAT A , NAOR M . Broadcast encryption[C]// Annual International Cryptology Conference. 1993: 480-491.
[21]	ZHONG H , ZHANGS , CUIJ ,et al. Broadcast encryption scheme for V2I communication in VANETs[J]. IEEE Transactions on Vehicular Technology, 2022,71(3): 2749-2760.
[22]	GAO R H , ZENG J W , DENG L Z . Efficient certificate less anonymous multi-receiver encryption scheme without bilinear parings[J]. Mathematical Problems in Engineering, 2018,2018: 1-13.
[23]	张泽林, 王化群 . 基于区块链的工业互联网动态密钥管理[J]. 计算机研究与发展, 2023,60(2): 386-397.
	ZHANG Z L , WANG H Q . Dynamic key management of industrial Internet based on blockchain[J]. Journal of Computer Research and Development, 2023,60(2): 386-397.
[24]	WANG H Q . Provably secure anonymous multi-receiver identity-based encryption with shorter ciphertext[C]// Proceedings of 2014 IEEE 12th International Conference on Dependable,Autonomic and Secure Computing. 2014: 85-90.
[25]	BONEH D , FRANKLIN M . Identity-based encryption from the Weil pairing[M]// Advances in Cryptology — CRYPTO 2001. 2001: 213-229.
[26]	MIYAJI A , NAKABAYASHI M , TAKANO S . Characterization of elliptic curve traces under FR-reduction[M]// Lecture Notes in Computer Science. 2001: 90-108.

方案	加密时间/ms	解密时间/ms	总时间/ms
文献[21]方案	15.51n+57.68	46.89n+20.15	62.4n+77.83
文献[24]方案	59n+31.55	24.43t+0.73	71.22n+32.28
本文方案	59n+16.13	35.24	59n+51.37