Shanghai control and security information security Xuanyuan LaboratoryThis paper proposes a collaborative and decentralized authentication protocol based on blockchain trust management in the Internet of vehicles. By building an authentication agent group for some edge traffic infrastructure (RSU or base station), a collaborative decentralized authentication system is realized. The trust evaluation is carried out by calculating the trust value, and the final authentication result is aggregated through multi-party negotiation, thus avoiding the authentication arbitration of a single central node.

1、 Introduction

As the underlying supporting technology of bitcoin, blockchain plays an important role in anti tampering and decentralization. Now the application of blockchain is not limited to bitcoin. Blockchain technology itself can be used for trust problems in a variety of scenarios. The essence of blockchain is a decentralized tamper proof distributed ledger. By building a peer-to-peer network, blockchain can solve the centralized trust problem.



As a distributed system, blockchain plays a great potential in solving the centralized trust in the point-to-point system of wireless sensor networks by using its decentralized and tamper resistant characteristics. The entities of the Internet of vehicles (IOT) with multiple interaction modes rely on mobile edge computing. Through data sharing and interactive cooperation, the efficiency of the transportation network can be improved to a certain extent, the occurrence of traffic accidents can be reduced, and then the intelligent transportation system can be constructed. However, in the edge computing of the Internet of vehicles, traffic entities always need to have identity authentication as their security guarantee before they carry out real-time data interaction tasks. Sharing traffic information with illegal vehicles may cause the risk of data privacy leakage and even traffic network paralysis. In v2x mode, the edge computing of Internet of vehicles needs to carry out identity authentication before data interaction to ensure the security of data transmission and sharing. The point-to-point (P2P) network constructed by multiple edge computing nodes provides a blockchain trust management platform for the Internet of vehicles.

49.jpg

V2x interaction in Internet of vehicles

Before a vehicle driving on the road requests road condition information from roadside facilities, they need to carry out identity authentication in order to ensure the authenticity of each other’s identities. Traditional identity authentication protocol is mainly one-to-one centralized authentication mode. For example, the car arriving at a certain road section needs to authenticate with a roadside unit (RSU) or base station in the road section. As a fixed edge computing unit, the location of a RSU or base station is generally fixed and unique, and the centralized geographical location makes a RSU dictatorial To decide whether the traffic is legal or not. There are two main problems in traditional certification

1. The central authentication server is overloadedWhen multiple vehicles authenticate with the same roadside infrastructure, due to the limited resources of edge computing nodes, the load of central server is too large.

2. A single central server is more vulnerable to malicious attacks.

50.jpg

Traditional centralized authentication mode

2、 System model

Wireless sensor networks in the Internet of vehicles can construct a collaborative decentralized security authentication protocol by using P2P communication and blockchain. The roadside unit (RSU) located in a certain road section first splits the original secret into n sub Secrets under PKI (public key infrastructure) system through secret sharing technology, and distributes them to multiple vehicles around. The vehicles receiving the sub secrets can act as agents of RSU, and multiple agents can pass through (T, n) The threshold mechanism can reconstruct the original secret value, and then combine the information of the vehicles entering the current road and other authentication information as the credentials to participate in the construction of cooperative agent authentication group. A truck driving into a certain road section corresponds to a certification group, and a surrogate vehicle can participate in multiple certification groups.

51.jpg

System model diagram

1. Identity authentication in edge computing mode

Multiple vehicles can carry out direct edge authentication for the same arriving freight vehicle, that is to say, V2V edge computing mode is used for direct interactive authentication to produce their own authentication results without uploading authentication information to the cloud, so as to reduce the system delay. If an agent thinks that the current vehicle is legal, it will produce result + 1; if it thinks that it is illegal, it will produce result – 1; if it does not participate in the certification or the certification process fails, it will produce result 0. Each agent car broadcasts the authentication results of its own asymmetric encryption to the same group of members and requests the authentication results of other group members, so as to construct the authentication table rlist for a certain truck.

52.jpg

Certification Form

2. Aggregate authentication results to calculate trust value

Every agent car will be targeted at a certain carThe certification group that they participate in maintains a rlist certification table, which contains the certification results of each sub member of the Certification Group for the same certified freight car. If the number of + 1 is greater than the number of – 1, the agent car will pass the certification of the freight car and produce its own final aggregate result + 1. Otherwise, the agent car will fail the certification and produce aggregate result – 1.

1)Calculate trust offset

Each agent car will use sigmoid function to calculate its own trust offset value and the trust offset value of other agent group members. Where I is the index number of a certain agent vehicle, and j is the index number of the truck entering the current road section. M and N are the number of result + 1 and result – 1, respectively. If the authentication result of a group member is + 1, it will be classified into + 1 category, otherwise it will be classified into – 1 category. If the authentication result is 0, the offset value is set to 0. Bring m and n into the following sigmoid function to calculate the trust offset of each member of the authentication group. Other team members can also build their own rlist and carry out the same trust calculation process after communicating in P2P mode. In the process of mutual authentication results and trust value calculation, we can think that the authentication team members jointly conduct public accounting. Any team member who modifies the authentication result categories of other team members will cause inconsistency between himself and other team members, thus affecting the evaluation of their trust.

55.jpg

2)Aggregate normalized trust offset

After each agent car calculates the trust offset value of each group member, it aggregates the trust value of all group members, and then takes the average value and finally normalizes it, so that the offset value can be controlled in a certain range and the adverse effect of singular trust value on the aggregation result can be eliminated.

3)Aggregate trust values

A proxy car may participate in multiple authentication groups. According to the trust offset value calculated by each trust group it participates in, all normalized trust offset values are aggregated into its own final trust value. Agent cars with large trust value may be elected as miners. Due to P2P broadcast and public key cryptography technology, the trust value of each agent car can be calculated and verified by other agents, so as to complete the mining consensus. The system can use the combination of proof of work (proof of work) and proof of trust (proof of trust) to campaign for miners, which balances the simple consensus mechanism of POW and the increasing probability of block bifurcation caused by the same trust value of multiple agents.

4)Building consensus mechanism, electing miners, creating new blocks

The main process of mining is to find a suitable random value nonce to calculate a hash value, which is less than a given threshold. The difficulty value of the threshold can be dynamically adjusted according to the overall change of the trust value of the agent group vehicles, so that the difficulty value is inversely proportional to the larger value. The mining process of the members of the agent fleet is to compare who is the first to find the random value nonce that meets the condition. The process is to continuously test randomly until a valid number is found. After finding the appropriate random value nonce for hash calculation, the agent car with a small target threshold may be elected as a miner, and the threshold can be combined to control the difficulty coefficient and correlation. The successful miners in the election first broadcast, which can write the trust degree information and authentication transaction record of the agent car that updates the trust value in this period of time into the new block, and finally link to the blockchain. The structure design of the blockchain is as follows. The block contains authentication transaction data record (AD), current block root hash (hash), previous block root hash, timestamp, nonce value and other information.

53.jpg

Block structure

The authentication transaction data records are stored in the form of Merkel tree, and the block root hash is actually the root node hash of the data record tree, which is calculated from bottom to top by hash algorithms such as SHA-256.

54.jpg

5)RSUIt will indirectly complete the authentication of vehicles through the records of the blockchain

Therefore, the agent vehicle authentication group entrusted by RSU in a certain road section can maintain an authentication blockchain. RSU can know the legal situation of the trucks driving into the current road section by querying the agent vehicles with high trust and referring to their authentication results, so as to indirectly complete the authentication of the trucks. Ta (trusted authority) can assign some false identification of RSU and the road condition and geographical location information of RSU to its agent car, so as to facilitate the truck to complete the road section authentication of RSU.

3、 Problems solved by blockchain

Decentralization:Multiple agent car edge computing nodes maintain a block chain together, and the authentication records are stored in a distributed way, independent of the central processing node (RSU or base station), so as to realize the distributed recording, storage and update of data.

transparentThe data records of the blockchain system are transparent to the nodes of the whole network, and all nodes can review and trace the historical authentication records.

No tamperingThe blockchain uses digital signature and hash operation to store the information in the blockchain in a distributed and unified way. Once the information in the blockchain is authenticated and written, it will be stored permanently and cannot be changed.

Leave a Reply

Your email address will not be published. Required fields are marked *