Efficient Conditional Privacy-Preserving and Authentication Scheme for Secure Service Provision in VANET

Vehicle Ad hoc NETworks(VANET) can enhance traffic safety and improve traffic efficiency through cooperative communication among vehicles, roadside infrastructure, and traffic management centers. To guarantee secure service provision in VANET, message authentication is important. Moreover, a vehicle user's private information can also be leaked during service provision. A protection mechanism is needed to prevent such leakage. Therefore, we propose a conditional privacy-preserving and authentication scheme for secure service provision in VANETs. The proposed scheme not only satisfies the security requirements of VANETs, but also optimizes the calculation process of signature generation and verification. We carry out a detailed comparative analysis. The result shows that the proposed scheme is more efficient than existing schemes in terms of communication overhead and computational cost. Therefore, our scheme is suitable for secure service provision in VANETs.     

基于D2D技术的V2V中断模式的信息传输机制

针对车联网中节点高速移动性特点,以及信息传递低时延与可靠性高的需求,多网络融合已成为部署车联网架构的必然趋势。由于车联网的信息传递往往只需在一定范围内的车辆之间发生,将D2D技术的通信模式引入车联网中进行消息传输,在车辆的覆盖范围内联合完全自组网与混合车联网两种通信模式,提出了一种中断模式的信息传输机制,只有当车辆的行驶状态发生改变时才向其他车辆发送,其他时间只需一定时间间隔向其他车辆发送一个确认信息,以此来判断车辆是否仍处于保护圈内或链路是否通畅。仿真数据显示：该中断传输机制可以有效地提高互传信息的车辆数目,节省了信令开销从而避免网络堵塞,也提高了覆盖圈内所有节点的信道容量。     

Lattice-Based Double-Authentication-Preventing Ring Signature for Security and Privacy in Vehicular Ad-Hoc Networks

Amidst the rapid development of the Internet of Things(IoT), Vehicular Ad-Hoc NETwork(VANET), a typical IoT application, are bringing an ever-larger number of intelligent and convenient services to the daily lives of individuals. However, there remain challenges for VANETs in preserving privacy and security. In this paper, we propose the first lattice-based Double-Authentication-Preventing Ring Signature(DAPRS) and adopt it to propose a novel privacy-preserving authentication scheme for VANETs, offering the potential for security against quantum computers. The new construction is proven secure against chosen message attacks. Our scheme is more efficient than other ring signature in terms of the time cost of the message signing phase and verification phase, and also in terms of signature length. Analyses of security and efficiency demonstrate that our proposed scheme is provably secure and efficient in the application.     

车联网中基于路边设施的广播协议研究

针对车联网中的网络断开问题,在已有的携带转发机制的基础上,提出利用固定设施RSU旨在缩短节点间的重新愈合时间的广播协议.分2种情况详细分析了消息的传递过程和重新愈合时间的计算方法,并通过仿真实验与SCB、SCF机制进行对比.结果表明:基于路边设施的广播协议能够明显减少网络断开情形中的重新愈合时间.     

VANET中面向安全通信的隐私保护协议

车载网VANETs(vehicular ad hoc networks)的隐私安全问题,提出隐私保护安全通信协议PPSCP(privacy preserving secure communication protocol)。PPSCP匿名地认证安全消息,从而保护车辆隐私,阻止非法车辆跟踪,并且平衡了隐私与身份识别的关系。同时PPSCP采用了有效的撤销机制,降低了撤销列表的尺寸。此外,PPSCP能够防御重放攻击和拒绝服务攻击。通过与S3P的安全性能对比分析,结果表明,PPSCP有效地降低了安全消息处理时延,减少了撤销列表尺寸,占用带宽少,提高数据传输率。     

面向停泊车辆的VANET高效数据分发方案

针对VANET车辆节点的高移动性、间歇连通性等独特性质,提出了一种面向停泊车辆的VANET高效数据分发方案,利用路边停泊车辆缓冲并执行数据分发。同时还提出了一种便于分发数据报文至路边停泊车辆的路由方案,并将发布/订阅方案引入到最后阶段的数据分发。理论分析和仿真比较结果表明面向停泊车辆的数据分发方案的优越性,即该方案能以较低网络开销和合理延迟实现更高数据传送率。     

VANET运动模型解析解与数值解的比照分析

依据车载自组织网络(VANET)的高移动性特征分别建立VANET运动解析模型与运动仿真模型.通过两种运动模型得到VANET度分布的解析解与数值解.对它们进行比照分析,发现两种度分布曲线均呈现出小度值的节点个数众多、大度值节点个数较少的特点,符合幂律函数分布,由此证明VANET是一个无标度网络.另外,从理论分析与仿真实验两个角度证明,VANET对随机性攻击具有较高的鲁棒性,但对针对性攻击则表现出网络的脆弱性.     

A contention-based efficient-information perception algorithm （CEiPA） for vehicular ad hoc networks

The problem of information dissemination is researched for vehicular ad-hoc networks (VANET) in this paper, and a contention-based efficient-information perception algorithm (CEiPA) is proposed. The idea of CEiPA is that beacons are delivered over VANET with limited lifetime and efficient information. CEiPA consists of two phases. The first one is initialization phase, during which the count timers Tcycle and Tlocal are set to start beacon delivery while Tcycle is also used to monitor and restart beaconing. The second one is beacon delivery phase. An elaborate distance function is employed to set contention delay for beacons of each vehicle. In this way beacons will be sent in order, which decreases the collision of beacons. Simulation results show that CEiPA enables each beacon to carry more efficient information and spread them over more vehicles with lower network overhead than the periodic beacon scheme. CEiPA is also flexible and scalable because the efficient information threshold it employs is a balance among the freshness of information, network overhead and perception area of a vehicle.     

基于SOA的SOAP消息交换安全的研究

在基于SOA的系统集成中,SOAP消息交换是一种必需的核心服务之一.在SOA架构中,关键是要提供消息级别的安全,当多个系统通过SOAP相互通信时,没有一个足够好的方法来避免XML重写攻击.现提出了一个保护SOAP信息完整性的方法.这种方法是基于消息结构信息(SOAP Account)来提供消息完整性的保护.另外,将从当前Web Service的一些安全规范来分析SOAP Account的完整性特点,提出了如何解决SOAP Account本身的安全方法.     

基于GSM短信的信息管理系统开发

阐述了基于GSM短信的信息管理系统开发．SMS（信息服务）是GSM提供的一项增值业务，无需附加其他终端设备，只需GSM模块便可达到中、英文信息传输的目的．本系统是通过数据线将手机与计算机相连接，利用GSMAT指令控制手机收发短信，并应用数据库对手机短信进行管理，本系统具有人员管理和信息管理功能，可用于发布通知、人员联系等．     

基于以太坊的格上属性基可搜索加密方案

提出了一种基于以太坊的安全、灵活、高效的格上属性基可搜索加密方案.方案基于格密码体制提出,解决了传统基于双线性配对技术的属性基可搜索加密方案存在的不可抗量子攻击安全问题.方案使用基于以太坊技术的分散存储方法解决了传统云存储系统中单点故障问题,并且方案中数据拥有者代替私钥生成器为用户生成私钥,这避免传统方案由于密钥托管问题造成的密钥滥用以及隐私泄露.采用以太坊的智能合约解决了以往属性基可搜索加密方案中云服务提供商不可信情况下关键字搜索结果的可靠性问题.与传统属性基可搜索加密方案相比,方案不仅可实现对加密关键字的细粒度检索,并且可抵抗量子攻击,增强了方案的安全性.在容错学习问题(learning with errors,LWE)假设下,证明了方案的安全性.     

基于反馈方式的车辆间合作下载方法研究

车联网中基于商业数据内容服务的下载越来越受到重视,如车载办公（office-on-wheels）和车载娱乐（entertainment-on-wheels）.由于路边接入点AP（access point）在道路上分布稀疏相互间隔较远（一般间隔几公里以上）,通过V2I（vehicle-to-infrastructure）车辆到路边接入点的通信下载一直处于一种断断续续的情况.考虑到地理位置相近的车辆可以形成“车辆簇”,文中提出了一种基于反馈方法的簇内车辆合作进行文件下载的机制,分析推导了该方法下载完整个文件所需循环次数的概率分布和均值.最后仿真验证了理论推导分析的正确性,与基于随机方式的车辆合作下载对比大大缩短了单个车辆下载文件的时间.     

An Improved ID-Based Group Key Agreement Protocol

ID-based constant-round group key agreement protocols are efficient in both computation and communication, but previous protocols did not provide valid message authentication. An improvement based on attack analysis is proposed in this paper. The improved method takes full advantage of the data transmitted at various stages of the protocol. By guaranteeing the freshness of authentication messages, the authenticity of the generator of authentication messages, and the completeness of the authenticator, the improved protocol can resist various passive and active attacks. The forward secrecy of the improved protocol is proved under a Katz-Yung （KY） model. Compared with existing methods, the improved protocol is more effective and applicable.     

基于大数据分析的车辆安全检测系统研究

为了检测车辆实时状态和预防交通事故,应采取相应的措施减小交通事故的危害.该文通过物联网与大数据技术,利用Arduino+传感器实现数据整理和采集、MQTT协议+中国移动OneNET云平台消息服务、后端数据处理与感知数据库以及前端实时可视化等技术,对大数据进行数据的清洗及多维度归类,从而达到集预警、报警、分析为一体的服务框架,实现自动预警并发送至用户.     

UPnP服务发现算法性能分析与改进

针对目前可用的U PnP服务发现算法在普适计算环境中存在大量服务时响应消息严重丢失的问题,通过仿真试验分析认为原因在于根设备瞬间发送响应消息和相互独立地随机选择发送延时而产生的响应消息拥塞。进一步地给出了U PnP改进算法,采用根设备断续发送响应消息或(和)综合考虑整个U PnP网络来选择发送延时以减少响应消息拥塞的发生。实验表明改进算法可以明显地降低响应消息的丢失率。同时,改进算法还可以减少控制点对响应消息缓冲区大小的要求。     

一种新的有效数字指纹生成方案

基于计算离散对数困难性与退化的矩阵乘法的单向性，给出了一种面向字安全的、高效的消息指纹生成方案，与二进制位的数字指纹生成方案相比，其主要特点是能够很好地适应非字母文字消息的指纹生成，能适应不同消息长度和指纹长度要求。此外，还进行了安全性与运行效率分析，结果表明，该方案安全，运行效率高。     

A Practical Approach to Attaining Chosen Ciphertext Security

Strong security in public key cryptography is not enongh; the encryption has to be achieved in an efficient way. OAEP or SAEP is only suitable for special applications （e. g. key transport）, and securely transporting message of any length is a challenge. Motivated by the hybrid encryption, we present a practical approach to achieve the （adaptively） chosen eiphertext security. The time cost of encryption/decryption of proposed scheme is similar to OAEP and the bandwidth of message recovery is 92% for standard security parameter, while RSA-OAEP is 84%. The scheme is also provably secure against adaptively chosen ciphertext attacks in the random oracle model. We conclude that the approach is practical in more extensive application.     

A New Proxy Signature Scheme with Message Recovery Using Self-Certified Public Key

A proxy signature scheme with message recovery using self-certified public key is proposed, which withstands public key substitution attacks, active attacks, and forgery attacks. The proposed scheme accomplishes the tasks of public key verification, proxy signature verification, and message recovery in a logically single step. In addition, the proposed scheme satisfies all properties of strong proxy signature and does not use secure channel in the communication between the original signer and the proxy signature signer.     

城市车联网中紧急消息的快速广播路由研究

研究了车载自组织网络(VANET)中紧急安全消息的多跳广播协议,针对城市场景的特点提出了一种基于最小期望剩余时延转发的广播算法(BP-MEDF).该算法综合考虑了信号衰落、排队时延、广播干扰和车辆快速移动等因素,提出基于最小期望剩余时延的中继优选模型,结合城市道路的静态和动态路由属性,协议规定发送端首先指定最佳中继快速转发消息,当指定的中继转发失败时其他接收节点协作转发以确保路由可靠性.通过NS2仿真表明,相比于传统的协议, BP-MEDF在满足一定广播可靠性的前提下,降低了广播时延,具有更高的广播效率.     

无线传感网抗DDoS攻击的广播认证协议研究及应用

为了提高无线传感网络（WSN）广播认证抗DDoS（distributed denial of service）攻击的性能,构建了一种基于DBP-MSP和安全路径检测机制的广播认证协议.通过引入puzzle的难度等级k,合理控制广播节点的广播能耗;通过引入广播状态表,接收节点验证发送节点的puzzle解答,基于这种弱验证排除虚假数据包,防止了针对广播认证协议的DDoS攻击.性能分析表明：在无线传感网中,基于DBP-MSP（dynamic bit pattern-MSP）和安全路径检测的广播认证协议不仅具有抗DDoS性能,还能解决一般MSP（message specific puzzle）协议要求广播节点具有较强计算能力、充足的能源供应、较多的内存资源的问题,扩大其在一般无线传感网中的使用范围.