【作者】 朱晓玲；

【导师】 陆阳； 侯整风；

【作者基本信息】 合肥工业大学 ， 计算机应用技术， 2013， 博士

【摘要】 车载自组织网络（Vehicular Ad Hoc Network，VANET）通过V2V（Vehicle to Vehicle）和V2I（Vehicle to Infrastructure）的无线通信，提高了车辆对周围环境的感知能力，从而在碰撞告警、路面安全、协作驾驶等方面具有广泛的应用。但是，由于VANET网络规模巨大、无线信道开放和移动轨迹可预见等特点，使其更易遭受安全和隐私威胁。攻击者可能窃听无线信道中广播消息、分析数据、预测轨迹、跟踪车辆；可能篡改黑匣子数据以逃避事故责任；可能伪造安全告警消息引起交通混乱；可能冒充基础设施发布虚假路况以满足特定需要。因此解决安全与隐私保护问题是成功部署VANET的前提。论文分析了VANET的安全和隐私方面面临的威胁、需求以及挑战，针对VANET中车载设备安全、通信安全、身份隐私保护、位置隐私保护四个关键问题展开深入研究，主要研究工作如下：（1）提出基于无可信中心的车载黑匣子安全编码与协同解码模型。目前黑匣子设计时较少考虑数据安全性，为此，论文提出高安全的黑匣子编码与解码模型。模型由秘密分发、安全编码、协同解码、秘密份额更新、联合颁发份额五个协议组成，采用AES加密、HMAC消息认证、椭圆曲线加密与签名、秘密共享等密码算法。在不影响黑匣子使用的前提下，模型保证了数据的机密性和完整性，实现了无可信中心的多个成员的协同解码，解决了解码组成员份额泄露和成员变更等问题。安全性分析表明，模型具有公平性、完备性、动态性、后向保密和前向保密性。（2）设计轻量级可扩展的VANET安全通信框架。针对当前VANET数字签名机制引起过高的通信和计算开销的问题，提出轻量级可扩展的VANET安全通信框架。框架面向V2I点到点通信、V2V点到点通信、V2V广播通信，兼顾RSU部署的情况，设计5个安全协议。两方密钥的分发与协商、群密钥的分发与协商被融入到5个协议的设计中。引入异或、HASH、HMAC等轻量级密码学原语，4个协议的计算和通信开销不随节点个数呈线性增长，体现良好的性能和扩展性。安全性分析表明，协议簇具有保密、认证等安全属性，特别是V2V群密钥协商协议的提出，解决了已有协议节点加入和退出导致密钥暴露的问题，实现了密钥的独立性。（3）提出基于盲签名和秘密共享的车辆假名管理方案。假名是实现隐私保护的有效方法，交通事故责任判定要求假名是可揭露的。大多数假名方案中权威不仅可以揭露假名，也可以伪造假名。为此，给出了基于盲签名和秘密共享的车辆假名管理方案。设计新的部分盲签名协议以满足盲签时嵌入ID，验证时不公开ID的新需求；尝试盲签名与Cut-Choose相结合、部分盲签名两种方法颁发假名证书；改进RSA密钥共享方法，设计完全分布式假名追踪协议；寻找携带假名证书的最优消息数，设计有效的假名认证协议，降低了通信开销。追踪组可直接打开假名，节省了追踪组假名存储和搜索的开销。安全性分析表明，方案除了满足匿名、可追踪和可撤销性，在强不可伪造性、健壮性方面要优于已有方案。（4）提出基于群签名和不经意传输的车辆身份隐私保护方案。在大多数的基于群签名的安全和隐私保护协议中，私钥由群管理员产生，分发者知道每个用户的私钥，容易遭受私钥泄露的攻击。针对这一问题，提出一种基于群签名和不经意传输的车辆身份隐私保护方案，方案由系统初始化、车辆注册、消息签名、批验证、联合追踪、车辆撤销六部分组成。车辆注册时，一部分私钥由自己产生，另一部分基于不经意传输协议由管理权威颁发，管理权威只能以较低的概率获得车辆私钥。验证时，采用批验证方法，判断签名集合中是否包含无效签名。追踪时，基于秘密共享方案，实现权威的联合追踪。撤销时，由管理权威对撤销列表预处理后发布，节省单个车辆的计算时间。安全性分析表明，方案具有强不可伪造性、匿名性、可追踪性、健壮性和可撤销性。性能分析表明，批验证和撤销预处理减少了签名消息验证和处理撤销列表时间，方案整体的通信和计算代价与已有方案相近。（5）设计面向基于位置服务的车辆位置隐私保护协议。具有TTP结构的k匿名导致TTP成为性能瓶颈，已有无TTP匿名协议不能抵抗多用户和LBS提供者P的合谋攻击以及不诚实用户的主动攻击。为此，论文提出两个无TTP的位置隐私保护协议。论文首先讨论了匿名度k的选取，建议根据所在城市的汽车密度、用户所希望的匿名区域面积、网络延迟及跳数限制等因素，动态确定匿名度k，减少组建同伴集合的等待时延。论文借鉴可验证秘密共享的思想，设计安全多方计算协议，实现车辆对同伴集合中心位置的保密计算。利用Paillier同态密码和密钥协商技术，设计位置隐私保护协议，实现服务提供商对中心位置的保密计算；伪装位置时添加的扰动整体可消除，LBS服务质量不受扰动影响。两个协议都无需TTP，避免了性能瓶颈和单点失败问题；不仅具有匿名性，而且可抵抗多用户和P的合谋攻击。更多还原

【Abstract】 Vehicle to vehicle (V2V) and vehicle to infrastructure (V2I) communications improvevehicle’s perception from the surrounding environment. Vehicular ad hoc network (VANET）will beused widely in collision avoidance, road-hazard notification and coordinated driving systems.Because it has characteristics of a huge-scale network, an open wireless channel and a predictablemobile trajectory, it is more vulnerable to security and privacy threats. For example, an attackermight eavesdrop on broadcast messages, analyze data, predict the trajectory and track a vehicle; itmight tamper with the data in event data record to evade accident liability; it might forge warningmessages to cause traffic chaos; it might impersonate an emergency vehicle to mislead othervehicles to slow down. So how to solve security and privacy issues is the premise of a successfuldeployment of VANET.Based on the deep understanding of the threats, the requirements and the challenges ofsecurity and privacy in VANET, we focus on four key issues in VANET: on-board device security,communication security, identity privacy preservation and location privacy preservation. Our mainresearch works are summarized as follows:(1) Propose an encoding and decoding model of vehicle black box based on secret sharingwithout a trusted center.Because data security is rarely considered in the current design of a black box, we propose ahigh security model of a black box. The model is composed of five protocols including distributionof secrets, secure coding, collaborative decoding, secret share updating and jointly issuing share.Cryptograph primitives, such as AES encryption, HMAC message authentication, elliptic curvecryptograph and secret sharing, are adopted. On the precise that the work of the black box is notinfluenced, the model can ensure the confidentiality and integrity of vehicle data, achievecollaborative decoding without a trust center, and solve some problems such as the disclosure ofsecret shadow and the change of members. So it has the characteristic of completeness, fairness,dynamic adaptability, backward secrecy and forward secrecy.(2) Design a lightweight scalable framework of vehicular secure communication.Nowadays, the digital signature mechanism produces high communication and computation costs. Therefore we design a lightweight scalable framework of vehicular secure communication.Considering whether RSUs are deployed or not, the five protocols are given respectively for pointto point and broadcast communications in V2V and V2I. The distribution and agreement protocolsof two-party key and group key are integrated into the five protocols. The lightweight cryptographyprimitives, such as XOR, HASH and HMAC, are introduced. Furthermore, the computation andcommunication costs of the four protocols don’t increase linearly with the number of nodes. Sothey have good performance and scalability. The security analysis shows these protocols havesecurity attributes such as confidentiality and authentication. Especially the group key agreementprotocol for V2V is provided, and it solves the problem that the keys are disclosed due to the nodewhen joining or leaving the group. So it realizes key independence.(3) Propose a pseudonym management scheme for VANET based on blind signature and secretsharing.Pseudonym is an effective way to achieve privacy protection, and it sometimes requires to bedisclosed for determining traffic liability. In most pseudonym schemes, an authority not onlydisclosed a pseudonym, but also forged a pseudonym. Therefore we give a distributed pseudonymmanagement scheme for VANET. In this scheme, a new partial blind signature protocol is proposedin order to meet the requirement that ID is explicitly included in the blind signature, and ID is notexposed for verification. The blind signature with cut-choose method and the partially blindsignature method are used to issue pseudonym certificates. Based on the improved method ofshared RSA keys, we design a distributed pseudonym tracking protocol. To reduce thecommunication cost, an efficient pseudonym authentication mechanism is proposed by finding theoptimal number of messages with the pseudonym certificate. A pseudonym can be opened bytracking authorities directly, resulting in no search cost and little storage cost for tracking. Securityanalysis shows that the scheme has the characteristic of anonymity, traceability and revocability.And it is superior to the existing schemes in terms of robustness and unforgeability againstauthority forge attack.（4）Propose a privacy protection scheme for VANET based on oblivious transfer and groupsignature.Most protocols based on group signature are vulnerable to the attack from authority forgerybecause the private key of a group member is produced by a group manager. To resolve theproblem, a strong privacy protection scheme is proposed. The protocol is composed of initialization,registration, signature, verification, joint tracking and revocation. During registration, one part ofthe private key is generated by a member; the other part is generated by a manager using theoblivious transfer method; the manager obtains the private key with a low probability. Batch verification method is used to decide whether a set of messages signed contains an invalid signature.Joint tracking is adopted based on secret sharing and a revocation list is preprocessed beforebroadcast. Security analysis shows that the scheme has the characteristic of anonymity, traceability,unforgeability and robustness. Performance analysis shows the costs for verification and revocationare reduced due to the operations of batch verification and preprocessing revocation. And theoverall costs of communication and computation in our scheme is similar to the existing schemes.（5）Design two location privacy preserving protocols for LBS in VANET.Location k-anonymity methods with a trusted third party (TTP) enable the TTP to become theperformance bottleneck. The methods without a TTP avoid the problem. But the existing protocolscannot resist passive attacks from multiple users colluded with the LBS provider (P) and activeattacks from dishonest users. Therefore we give two location privacy preserving protocols forVANET. Considering the vehicle density in city, the expected anonymous area size and the networktopology, an anonymity parameter k is determined dynamically and a companion set is generatedwith less delay. Based on verifiable secret share, a secure multi-party computation protocol is given,in which a vehicle can calculate privately the center position of the companion set. In order that aLBS provider can calculate the center position privately, another protocol is suggested based onPaillier homomorphic encryption and Diffile-Hellman key agreement; the perturbation fordisguising the true position can be removed in whole. The both protocols without a TTP not onlyavoid performance bottleneck and single point of failure, but also resist passive attacks frominsiders and outsiders.更多还原