CN102065003A - Method, system and equipment for realizing trusted secure routing of vehicular information system - Google Patents
Method, system and equipment for realizing trusted secure routing of vehicular information system Download PDFInfo
- Publication number
- CN102065003A CN102065003A CN2010102605072A CN201010260507A CN102065003A CN 102065003 A CN102065003 A CN 102065003A CN 2010102605072 A CN2010102605072 A CN 2010102605072A CN 201010260507 A CN201010260507 A CN 201010260507A CN 102065003 A CN102065003 A CN 102065003A
- Authority
- CN
- China
- Prior art keywords
- node
- routing protocol
- credible
- inter
- information system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The invention provides a method, a system and equipment for realizing trusted secure routing of a vehicular information system, which are characterized in that trusted safe routing nodes are defined and standardized and TPM (Trusted Platform Module) chip based trusted safe routing protocol framework, system and equipment are configured. A trusted communication platform is established on a base layer and a trusted communication channel is established on a core layer by nodes of the vehicular information system. When a trusted safe routing protocol is started and a routing table is modified, the safety and the integrity of the routing protocol are verified, and the routing table modifying operation and the modified content are checked. Before the internal malicious nodes attempt to cause substantial disruption to the network routing, the illegal modification is detected in advance. Therefore, the unsafe nodes are effectively isolated, the normal network routing is maintained, and the trusted communication channel is guaranteed. The method for realizing the trusted secure routing of the vehicular information system does not increase the communication overhead.
Description
Technical field
The invention belongs to the in-vehicle wireless communication security fields, relate to onboard wireless network, network service, network service standard, computer program, relate in particular to (Trusted Platform Module with TPM, reliable platform module) chip is incorporated in the Routing Protocol of inter-vehicle information system, constitutes a kind of new credible secure routing method based on the TPM chip.
Background technology
In the current information age, the application of computer network is omnipresent, in recent years, mobile network's the quick evolution and the emerge in multitude of mobile communication product, promoted the mobile computer wireless access technology, particularly the radio mobile self-organizing network development of technologies makes inter-vehicle communication communicate by letter with bus or train route simultaneously and becomes a reality in radio mobile self-organizing network, produced vehicular ad hoc network (VANET, Vehicular Ad-hoc Network).The VANET network is as a kind of special shape of MANET network, by the mobile unit on a series of dynamic vehicles autonomous multi-hop wireless network temporarily that forms, it can not rely on hypothesis is good in advance network infrastructure and independent existence.VANET is as the important foundation of intelligent transportation system ITS (Intelligent Transportation System), and its appearance is the road traffic accident that to grow with each passing day and become global public safety problem in order to tackle.The inter-vehicle communication of vehicular ad hoc network is communicated by letter with bus or train route and is made the driver can know other vehicle condition and traffic under the situation of over the horizon, thereby improve the vehicle drive condition, improve road traffic efficient, for the driver provides reliable and secure driving environment and multiple facility.The VANET network is considered to be hopeful most in the following inter-vehicle information system adopted terminal network, the vehicle node translational speed is fast in the network, network topology change is fast, the path life-span is short, also can some higher requirements be proposed, for example robustness of Chuan Shu low delay, high reliability and network etc. to Ad Hoc technology.And route technology is the key technology and the core part of inter-vehicle information system, and it has become one of research object of emphasis in the vehicular ad hoc network technology.
All nodes are equal in the vehicular ad hoc network, can move freely in network, and each node all served as main frame and two kinds of roles of router simultaneously.Yet, in inter-vehicle information system, usually can run into that DoS (Denial of Service) attacks, (Message Suppression Attacks) attacked in the message compacting, make up attack, the multiple attack forms such as changing attack of writing.And the Routing Protocol of route layer is being born the important task that node is connected networking, the operation of whole network is played crucial effects, so Routing Protocol is again the most great challenge that inter-vehicle information system safety faces.
The attack that the Routing Protocol of inter-vehicle information system faces is mainly from two aspects: distort route agreement itself and correlation function and data (1); (2) distorting topology information in the route information exchange and control information.Owing to destroy normal route, thereby destroy the message transmission of whole network.The threat source of implementing these two kinds of attacks can be divided into two kinds again: (1) external attack source by inserting mistake, expired routing iinformation or revising routing iinformation and destroy network, perhaps produces a large amount of retransmission information and invalid route and waits and strengthen offered load; (2) inner dangerous node attack source, this category node is not broadcasted routing iinformation or is broadcasted incorrect routing iinformation.
In order to prevent first kind of threat source, can adopt encryption mechanism and digital signature to protect routing iinformation, current safe Routing Protocol can not stop the attack from inner malicious node basically.Though preventing to internal attack simple being difficult on protocol layer realizes, but because the proposition of credible calculating notion, meet the appearance of the TPM chip of TPM1.2 standard fully, can utilize the function of TPM chip to design a brand-new safe routing protocol mechanism thus, make corresponding the attack improve.
The TPM safety chip is meant the safety chip that meets the TPM standard, is carried on the mainboard; help to monitor and the control program startup; and, prove the platform identity to other participants secret information and platform configuration binding, can protect PC effectively, prevent that the disabled user from visiting.The TPM chip has an only main KEY to be called approval KEY (EK) as the core of TCG (Trusted Computing Group, credible computation organization) design on the chip.This is a pair of RSAkeys, stores this KEY can guarantee chip in the TPM chip safety.EK is produced by the constructor of TPM chip, and its public part is operable in the approval credential.Simultaneously, the TPM chip internal comprised a group platform configuration register (Platform Configuration Registers, PCR), they are used to integrity measurement, the data of tolerance can be platform configuration information or running state of programs; And hardware based RNG (Random Number Generator, randomizer) etc.The TPM chip also has the hardware lock function, can know when its platform that place is installed starts; And can carry out operation of SHA-1 Hash and RSA operation.The service of a kind of TPM of being independent of chip that TSS (TPM Software Stack, TPM software stack) provides is the key storage.The permanent storage of key (or registration) is called the zone of system's persistent storage at the disk lastblock.
The TPM chip provides multiple function, as protection storage, credible startup, platform configuration prove, security signature and externally authenticate etc., wherein three most important function:
(1) one of primary goal of credible startup: TCG just provides the environment that a kind of believable method removes to measure and report platform.When guaranteeing that platform starts, system and software are not wherein distorted, " credible startup " must guarantee integrality of whole startup chain, comprises that MBR, bootstrap loader and the file of using between all starting periods or carry out are complete with believable;
(2) integrity measurement: the hashed value of the configuration information in the homing sequence is stored on the platform configuration register PCR of chip.In the trusted bootstrap process, data (as the cryptographic Hash of Routing Protocol) are sealed on PCR, in case platform starts, then the present configuration information of appointment done the Hash operation, only when cryptographic Hash is identical with sealing value among the PCR, and could be by deblocking.Therefore, if start system under the abnormal condition or the software in the system, perhaps they are distorted, because the value of PCR can't be mated, then can not deblocking, thus the assurance system can be in normal operating condition, software wherein is not by malicious modification, and data are not visited by malice.
(3) protection storage: second Safety Design target of TCG just provides a kind of safe storage to data and signature key.It is by encrypting the safety of protecting the TPM chip data; different with the conventional cryptography mode is; it controls the visit to data by RTS (Root of Trust for Storage) engine, and the SRK (Storage Root Key) that carries with the TPM chip encrypts data.
TCG 1.4 architecture standard stipulate that clearly a credible platform based on the TPM chip should be able to provide 3 basic capacities at least: protective capability, integrity measurement ability and integrity report ability.
A kind of inter-vehicle information system credible secure routing method, system and equipment based on the TPM chip provided by the invention can be safeguarded the fail safe that participates in routing node, routing iinformation and node neighbor table in the inter-vehicle information system effectively.Malicious node in network increases the performance generation considerable influence of Shi Buhui to network gradually, and the common method for routing delivery of packets rate of comparing in the inter-vehicle information system has significant advantage.And credible secure routing method can prevent the attack of inner malicious node effectively, provides double shielding to the neighbor table of routing node in the network.
Summary of the invention
The invention provides method, system and the equipment of realizing the credible and secure route of inter-vehicle information system, comprising: the definition of credible and secure routing node and standard in the inter-vehicle information system; TPM (Trusted Platform Module, reliable platform module) chip is incorporated in the Routing Protocol of inter-vehicle information system; Credible secure routing method based on the TPM chip.Therefore, the present invention has realized setting up the communication trusted platform module architecture in the inter-vehicle information system between the node on basal layer, sets up communication by validation of information and trust passage on core layer.When credible and secure Routing Protocol starts and revise routing table, the route agreement is carried out the safety integrity checking, the operation of modification routing table and the content of modification are tested.Thereby the normal route of maintaining network guarantee believable communication trust passage, and this safety routing method does not increase communication overhead effectively.Simultaneously, this safety routing method is for introducing the TPM chip the credible and secure Routing Protocol framework that standard is provided in the Routing Protocol, and constituted the credible and secure route system of standard in the inter-vehicle information system, thereby also provide general solution for the safety of inter-vehicle information system.
Realize method, system and the equipment of the credible and secure route of inter-vehicle information system, its feature comprises:
(1) each node in the inter-vehicle information system all is equipped with the TPM chip;
(2) trusted node that allows in the inter-vehicle information system to carry out route must satisfy 3 requirements;
(3) before the Routing Protocol of trusted node starts, must guarantee the integrality and the fail safe of agreement operation;
(4) after trusted node adds network,, must verify the integrality and the fail safe of credible and secure Routing Protocol this moment once more neighbor table being added and delete before neighbor node operates, and to neighbor table add, the correctness of deletion action;
(5) intermediate steps from the integrity measurement to the integrity report is the integrality record, credible and secure inter-vehicle information system can be stored the integrity measurement value of Routing Protocol, and to the metric of neighbor table retouching operation legitimacy in a daily record, examine inquiry after being convenient to;
Further, described (1) is: each node in the inter-vehicle information system all is equipped with the TPM chip, and the mobile unit that adds the TPM chip has enough abilities to carry out that credible calculating and sending is sent and reception information.And, in the PCR of TPM chip, store the characteristic measure standard of credible and secure Routing Protocol: can be parameter, beacon value of credible and secure Routing Protocol etc., or the core code of credible and secure Routing Protocol.The numbering of TPM chip and EK thereof can be used as the global only sign of node in the inter-vehicle information system, and the numbering of chip and driver's driving license are bound;
Further, described (2) are: the trusted node that allow to participate in route in the inter-vehicle information system must satisfy 3 requirements: 1. there are not break the bank, Area Node density enough intensive, thereby but guarantee that there is neighbor node really in node in its communication range; 2. be mounted with the TPM chip, can utilize the protection memory technology of TPM chip effectively to protect Routing Protocol and neighbor table, prevent illegal visit and modification; 3. can utilize credible and secure Routing Protocol to ensure that information can arrive destination node safely.
Further, described (3) are: before the Routing Protocol of trusted node starts, must guarantee the integrality and the fail safe of agreement operation.Because the node in the inter-vehicle information system, after satisfying above-mentioned 3 requirements, selected as before the message transmission node, the present invention is the correctness that will prove its Routing Protocol function, but not the authenticity of identity.The main idea of avoiding the information exchange that makes a mistake is to differentiate the program rather than the vehicle itself of transmission information.If can proof information be that program by the trusted identity vehicle is sent, and program do not distorted, and could be sure of tentatively that this node is believable, its information is reliable.
Credible secure routing method, system and equipment carry out work on two-layer.Two nodes in the inter-vehicle information system all are satisfied with, and the other side is loaded with the TPM chip, trust is being moved the safe Routing Protocol of not distorted to Founder, and do not have the graunch of agreement and have a mind to and attack, the basal layer of inter-vehicle information system then allows the passage that breaks the wall of mistrust between any two nodes.The second layer is the core layer of inter-vehicle information system, and purpose is validation of information.It breaks the wall of mistrust passage not comprise error message in the information of guaranteeing node switching.Step by the credible and secure Routing Protocol of TPM chip checking is:
Step 2, TPM chip will require Routing Protocol that some protocol parameters or core code or current running status are provided;
After step 3, Routing Protocol were submitted to the TPM chip with protocol parameter or core code or current running status, the TPM chip carried out integrity measurement and comparison with these required metrics and the gauge value that is stored among the PCR;
Step 4; after confirming that Routing Protocol is in predetermined state; inter-vehicle information system can be defined as this Routing Protocol credible and secure Routing Protocol; control visit by RTS (Root of Trust for Storage) engine to data; with the key EK that stores among the TSS (Encrypted Key to the neighbor table) neighbor table is decrypted; provide the place (as hard disk) of storage protection to read in internal memory from the TPM chip neighbor table after the deciphering, send credible and secure Routing Protocol again to.If it is different with the PCR metric to calculate the cryptographic Hash of Routing Protocol; the inter-vehicle information system platform that has the TPM chip just can be found the existence of the undesired or rogue program of Routing Protocol, the startup of order TPM chip refusal Routing Protocol and to the deciphering and the accessing operation of neighbor table.Refuse this node simultaneously and participate in route.
Further, described (4) are: after trusted node adds network, before neighbor table being added and deletes neighbor node operation, must verify the integrality and the fail safe of credible and secure Routing Protocol this moment once more, and to neighbor table add, the correctness of deletion action.Because the inter-vehicle information system that is loaded with the TPM chip is with respect to existing inter-vehicle information system, neighbor table has been increased two-layer protection: 1. in the inter-vehicle information system running, neighbor table is added and deleted before the neighbor node operation, verified the integrality and the fail safe of credible and secure Routing Protocol this moment once more, and to neighbor table add, the correctness of deletion action, thereby avoided Routing Protocol by the neighbor table that causes after illegally distorting by malicious modification; 2. confirm that at the TPM chip credible and secure Routing Protocol is in predetermined state, and its retouching operation to neighbor table is after the legal operation, need verify that also interpolation, deletion of node that credible and secure Routing Protocol is submitted to are the neighbor node of present node really, thereby avoid the malicious modification of the false network information neighbours position table.
Like this, inter-vehicle information system credible secure routing method of the present invention, system and equipment can not only prevent unintentionally mistake, as: when agreement starts under improper situation and the unexpected mistake that causes; And can prevent mistake intentionally, as: Routing Protocol is distorted causes agreement normally not start, so just this node is got rid of outside trusted node, perhaps need send wrong information, when the neighbor table of vehicle is carried out malicious modification, can detect its malicious act and denial of service at node.So, must be in integrality and the fail safe of neighbor table being added, verify once more before the deletion action credible and secure Routing Protocol, with and the correctness of operation.The steps include:
Step 2, TPM chip will require credible and secure Routing Protocol that some protocol parameters or core code or current running status are provided;
After step 3, credible and secure Routing Protocol were submitted to the TPM chip with protocol parameter or core code or current running status, the TPM chip carried out integrity measurement and comparison with these required metrics and the gauge value that is stored among the PCR;
Step 4, after confirming that credible and secure Routing Protocol is in predetermined state, inter-vehicle information system will be notified credible and secure Routing Protocol once more, requires it to submit the core code of interpolation and deletion action to, carries out integrity measurement and comparison with the gauge value that is stored among the PCR;
Step 5 confirms that at the TPM chip credible and secure Routing Protocol is in predetermined state, and its retouching operation to neighbor table is after the legal operation, need verify that also the interpolation deletion of node that credible and secure Routing Protocol is submitted to is the neighbor node of present node really;
Step 6; credible and secure Routing Protocol is by after the above 3 steps card; the TPM chip is controlled visit to data by the RTS engine; with the key EK that stores among the TSS neighbor table is decrypted; provide the place (as hard disk) of storage protection to read in internal memory from the TPM chip neighbor table after the deciphering, send credible and secure Routing Protocol again to, allow credible and secure Routing Protocol that neighbor table is made amendment; deposit in then in the protection storage, make it to be upgraded.If it is different with the PCR metric to calculate the cryptographic Hash of credible and secure Routing Protocol, it is incorrect perhaps to add deletion action, the node that perhaps needs to add deletion is not the neighbor node of present node, and the inter-vehicle information system that then has the TPM chip will order the TPM chip to refuse deciphering and the accessing operation of credible and secure Routing Protocol to neighbor table.Forbid that simultaneously this node participates in the network route.
Further, described (5) are: the intermediate steps from the integrity measurement to the integrity report is the integrality record, credible and secure inter-vehicle information system can be stored the integrity measurement value of Routing Protocol, and to the metric of neighbor table retouching operation legitimacy in a daily record, examine inquiry after being convenient to.If no daily record record, then malicious node might be made excuses or appeal after be rejected service.So, after upgrading, integrity measurement and neighbor table all this metric of present node is write in the daily record carrying out at every turn, and there is ample evidence to prove the malicious act of this node after being convenient to.
Description of drawings
Fig. 1 is the building-block of logic of the TPM chip of the present invention's introducing;
Fig. 2 is the work frame chart of credible secure routing method among the present invention;
Fig. 3 is the credible and secure startup and the access process figure of credible secure routing method among the present invention;
Fig. 4 is the workflow diagram of credible secure routing method protection routing table among the present invention;
Fig. 5 is the workflow diagram of integrality record among the present invention.
Embodiment
The invention provides method, system and the equipment of realizing the credible and secure route of inter-vehicle information system, comprising: the definition of credible and secure routing node and standard in the inter-vehicle information system; The TPM chip is incorporated in the Routing Protocol of inter-vehicle information system; Credible secure routing method, system and equipment based on the TPM chip.
The definition of credible and secure routing node and standard in the inter-vehicle information system: each node in the inter-vehicle information system all is equipped with the TPM chip; The mobile unit that adds the TPM chip has enough abilities to carry out that credible calculating and sending is sent and reception information.And, in the PCR of TPM chip, store the characteristic measure standard of credible and secure Routing Protocol: can be parameter, beacon value of credible and secure Routing Protocol etc., or the core code of credible and secure Routing Protocol.The numbering of TPM chip and EK thereof can be used as the global only sign of node in the inter-vehicle information system thus, and the numbering of chip and driver's driving license are bound;
Shown in the accompanying drawing 1 is the building-block of logic of the TPM chip introduced of the present invention.The TPM chip has an only main KEY to be called approval KEY (EK).Simultaneously, the TPM chip internal has comprised a group platform configuration register PCR, and they are used to integrity measurement, and the data of tolerance can be platform configuration information or running state of programs; And hardware based randomizer RNG etc.The TPM chip also has the hardware lock function, can know when its platform that place is installed starts; And can carry out operation of SHA-1 Hash and RSA operation.The service of a kind of TPM of being independent of chip that TPM software stack TSS provides is the key storage.The permanent storage of key (or registration) is called the zone of system's persistent storage at the disk lastblock.
The present invention has used three most important function of TPM chip:
(1) one of primary goal of credible startup: TCG just provides the environment that a kind of believable method removes to measure and report platform.When guaranteeing that platform starts, system and software are not wherein distorted, " credible startup " must guarantee integrality of whole startup chain, comprises that MBR, bootstrap loader and the file of using between all starting periods or carry out are complete with believable;
(2) integrity measurement: the hashed value of the configuration information in the homing sequence is stored on the platform configuration register PCR of chip.In the trusted bootstrap process, data (as the cryptographic Hash of Routing Protocol) are sealed on PCR, in case platform starts, then the present configuration information of appointment done the Hash operation, only when cryptographic Hash is identical with sealing value among the PCR, and could be by deblocking.Therefore, if start system under the abnormal condition or the software in the system, perhaps they are distorted, because the cryptographic Hash and the pre-stored values among the PCR that calculate can't be mated, then can not deblocking, thereby the assurance system can be in normal operating condition, and software wherein is not by malicious modification, and data are not visited by malice.
(3) protection storage: second Safety Design target of TCG just provides a kind of safe storage to data and signature key.It is by encrypting the safety protect data in the TPM chip, and different with the conventional cryptography mode is, it controls visit to data by the RTS engine, and the storage root key SRK that carries with the TPM chip encrypts data.
The TPM chip is incorporated in the Routing Protocol of inter-vehicle information system, credible secure routing method of the present invention, system and equipment provide 3 base attributes:
(1) each node has a unique identifier, i.e. TPM chip number and EK thereof.The node that reaches this condition just can be called authorization node, this is the precondition that node adds inter-vehicle information system, can guarantee that thus unauthorized node can not participate in that route is calculated and route discovery, the network topological information that comprises in the routing iinformation can not be exposed to malicious node or unauthorized node simultaneously;
(2) add inter-vehicle information system at the vehicle of identifying identity, select it as after the message transmission node, the present invention is the correctness that will prove its Routing Protocol function, but not the authenticity of testing vehicle register.The main idea of avoiding the information exchange that makes a mistake is to differentiate the program rather than the vehicle of transmission information.If can proof information be that program by the vehicle with trusted identity is sent, and program do not distorted, and can confirm tentatively that then this information is reliable.Therefore, the TPM chip must differentiate that guarantee the integrality and the fail safe of agreement operation, Routing Protocol is the conformance with standard regulation, is not distorted to the Routing Protocol of each trusted node operation;
(3) credibility of the information content must be confirmed, after the function of TPM chip introduced credible and secure Routing Protocol, before neighbours position table being added and deletes neighbor node, must verify the route agreement, also need neighbours' retouching operation is confirmed, and confirm that needing the node of interpolation or deletion is the neighbours of present node really.So can stop routing iinformation and the hop count of revising routing iinformation, generation error that malicious node insert to forge to the deception of route signal, in network, from shortest path, redirect.
Shown in the accompanying drawing 2 is credible secure routing method work frame chart among the present invention.After satisfying above 3 base attributes, credible secure routing method, system and equipment carry out work on two-layer.Two nodes in the inter-vehicle information system all are satisfied with, and the other side is loaded with the TPM chip, trust is being moved the safe Routing Protocol of not distorted to Founder, and do not have the graunch of agreement and have a mind to and attack, the basal layer of inter-vehicle information system then allows the passage that breaks the wall of mistrust between any two nodes.The second layer is the core layer of inter-vehicle information system, and purpose is validation of information.It breaks the wall of mistrust passage not comprise error message in the information of guaranteeing node switching.
Shown in the accompanying drawing 3 is the credible and secure startup and the access process figure of credible secure routing method among the present invention.Step by the credible startup of the credible and secure Routing Protocol of TPM chip checking is:
Step 2, TPM chip will require Routing Protocol that some protocol parameters or core code or current running status are provided;
After step 3, Routing Protocol were submitted to the TPM chip with protocol parameter or core code or current running status, the TPM chip carried out integrity measurement and comparison with these required metrics and the gauge value that is stored among the PCR;
Step 4; after confirming that Routing Protocol is in predetermined state; inter-vehicle information system can be defined as this Routing Protocol credible and secure Routing Protocol; control visit by RTS (Root of Trust for Storage) engine to data; with the key EK that stores among the TSS (Encrypted Key to the neighbor table) neighbor table is decrypted; provide the place (as hard disk) of storage protection to read in internal memory from the TPM chip neighbor table after the deciphering, send credible and secure Routing Protocol again to.If it is different with the PCR metric to calculate the cryptographic Hash of Routing Protocol; the inter-vehicle information system platform that has the TPM chip just can be found the existence of the undesired or rogue program of Routing Protocol, the startup of order TPM chip refusal Routing Protocol and to the deciphering and the accessing operation of neighbor table.Refuse this node simultaneously and participate in route.
Shown in the accompanying drawing 4 is the workflow diagram of credible secure routing method protection routing table among the present invention.The steps include:
Step 2, TPM chip will require credible and secure Routing Protocol that some protocol parameters or core code or current running status are provided;
After step 3, credible and secure Routing Protocol were submitted to the TPM chip with protocol parameter or core code or current running status, the TPM chip carried out integrity measurement and comparison with these required metrics and the gauge value that is stored among the PCR;
Step 4, after confirming that credible and secure Routing Protocol is in predetermined state, inter-vehicle information system will be notified credible and secure Routing Protocol once more, requires it to submit the core code of interpolation and deletion action to, carries out integrity measurement and comparison with the gauge value that is stored among the PCR;
Step 5 confirms that at the TPM chip credible and secure Routing Protocol is in predetermined state, and its retouching operation to neighbor table is after the legal operation, need verify that also the interpolation deletion of node that credible and secure Routing Protocol is submitted to is the neighbor node of present node really;
Step 6; credible and secure Routing Protocol is by after the above 3 steps card; the TPM chip is controlled visit to data by the RTS engine; with the key EK that stores among the TSS neighbor table is decrypted; provide the place (as hard disk) of storage protection to read in internal memory from the TPM chip neighbor table after the deciphering, send credible and secure Routing Protocol again to, allow credible and secure Routing Protocol that neighbor table is made amendment; deposit in then in the protection storage, make it to be upgraded.If it is different with the PCR metric to calculate the cryptographic Hash of credible and secure Routing Protocol, it is incorrect perhaps to add deletion action, the node that perhaps needs to add deletion is not the neighbor node of present node, and the inter-vehicle information system that then has the TPM chip will order the TPM chip to refuse deciphering and the accessing operation of credible and secure Routing Protocol to neighbor table.Forbid that simultaneously this node participates in the network route.
Shown in the accompanying drawing 5 is the workflow diagram of integrality record among the present invention.Intermediate steps from the integrity measurement to the integrity report is the integrality record, credible and secure inter-vehicle information system can be stored the integrity measurement value of Routing Protocol, and to the metric of the legitimacy of neighbor table retouching operation in a daily record, examine inquiry after being convenient to.If no daily record record, then malicious node might be made excuses or appeal after be rejected service.So, after upgrading, integrity measurement and neighbor table all the metric of present node is write in the daily record carrying out at every turn, and there is ample evidence to prove the malicious act of this node after being convenient to.
The present invention writes code in order to verify that comprehensively credible and secure Routing Protocol has better credibility and fail safe than common Routing Protocol in the inter-vehicle information system under emulation tool NS2, the present invention has been carried out the analog simulation experiment.Simulated safety and two kinds of environment of non-safety, and credible and secure Routing Protocol and former Routing Protocol have been weighed comparison based on shared nine indexs of quality of service requirement.The simulation experiment result proves that fully realization inter-vehicle information system credible secure routing method, system and equipment that the present invention proposes are correct, reasonable and effective.For the Routing Protocol in the inter-vehicle information system provides comprehensive safeguard protection, can reduce the possibility that inner malicious node destroys normal route and network effectively, and network performance not produced too much influence, kept router efficiency preferably.Simultaneously, the present invention also provides general solution for the safety of Routing Protocol in the inter-vehicle information system.
It should be noted that at last, above embodiment is only unrestricted in order to technical scheme of the present invention to be described, although the present invention is had been described in detail with reference to preferred embodiment, those of ordinary skill in the art is to be understood that, can make amendment or be equal to replacement technical scheme of the present invention, and not breaking away from the spirit and scope of technical solution of the present invention, it all should be encompassed in the middle of the claim scope of the present invention.
Claims (6)
1. realize method, system and the equipment of the credible and secure route of inter-vehicle information system, its feature comprises:
Node in the 1-1 inter-vehicle information system all is equipped with TPM (Trusted Platform Module, reliable platform module) chip;
The trusted node that participates in route in the 1-2 inter-vehicle information system must satisfy 3 requirements;
Before the Routing Protocol of 1-3 trusted node starts, must guarantee the integrality and the fail safe of agreement operation;
After the 1-4 trusted node adds network,, must verify the integrality and the fail safe of credible and secure Routing Protocol this moment once more neighbor table being added and delete before neighbor node operates, and to neighbor table add, the correctness of deletion action;
The intermediate steps of 1-5 from the integrity measurement to the integrity report is the integrality record, credible and secure inter-vehicle information system can be stored the integrity measurement value of Routing Protocol, and to the metric of neighbor table retouching operation legitimacy in a daily record, examine inquiry after being convenient to;
2. the TPM chip all is equipped with according to the node in the described inter-vehicle information system of claim 1-1, it is characterized in that: 1. each node in the inter-vehicle information system all is equipped with the TPM chip, and the mobile unit that adds the TPM chip has enough abilities to carry out that credible calculating and sending is sent and reception information; 2. in the PCR of TPM chip, store the characteristic measure standard of credible and secure Routing Protocol: can be parameter, beacon value of credible and secure Routing Protocol etc., or the core code of credible and secure Routing Protocol; 3. the numbering of TPM chip and EK thereof can be used as the global only sign of node in the inter-vehicle information system, and the numbering of chip and driver's driving license are bound;
3. must satisfy 3 requirements according to the trusted node that participates in route in the described inter-vehicle information system of claim 1-2, it is characterized in that: 1. there are not break the bank, Area Node density enough intensive, thereby but guarantee that there is neighbor node really in node in its communication range; 2. be mounted with the TPM chip, can utilize the protection memory technology of TPM chip effectively to protect Routing Protocol and neighbor table, prevent illegal visit and modification; 3. can utilize credible and secure Routing Protocol to ensure that information can arrive destination node safely;
4. before the Routing Protocol startup according to the described trusted node of claim 1-3, must guarantee the integrality and the fail safe of agreement operation, it is characterized in that: the node in the inter-vehicle information system, after satisfying above-mentioned 3 requirements, selected as before the message transmission node, the present invention is the correctness that will prove its Routing Protocol function, but not the authenticity of identity; The main idea of avoiding the information exchange that makes a mistake is to differentiate the program rather than the vehicle itself of transmission information, if can proof information be that program by the trusted identity vehicle is sent, and program is not distorted, and could be sure of tentatively that this node is believable, and its information is reliable;
Credible secure routing method, system and equipment carry out work on two-layer; Two nodes in the inter-vehicle information system all are satisfied with, and the other side is loaded with the TPM chip, trust is being moved the safe Routing Protocol of not distorted to Founder, and do not have the graunch of agreement and have a mind to and attack, the basal layer of inter-vehicle information system then allows the passage that breaks the wall of mistrust between any two nodes; The second layer is the core layer of inter-vehicle information system, and purpose is validation of information, and it breaks the wall of mistrust passage not comprise error message in the information of guaranteeing node switching;
5. after adding network according to the described trusted node of claim 1-4, before neighbor table being added and deletes the neighbor node operation, must verify the integrality and the fail safe of credible and secure Routing Protocol this moment once more, and neighbor table added, the correctness of deletion action, it is characterized in that: the inter-vehicle information system that is loaded with the TPM chip is with respect to existing inter-vehicle information system, neighbor table has been increased two-layer protection: 1. in the inter-vehicle information system running, neighbor table is added and deleted before the neighbor node operation, verified the integrality and the fail safe of credible and secure Routing Protocol this moment once more, and neighbor table added, the correctness of deletion action, thus avoided Routing Protocol by the neighbor table that causes after illegally distorting by malicious modification; 2. confirm that at the TPM chip credible and secure Routing Protocol is in predetermined state, and its retouching operation to neighbor table is after the legal operation, need verify that also interpolation, deletion of node that credible and secure Routing Protocol is submitted to are the neighbor node of present node really, thereby avoid the malicious modification of the false network information neighbours position table;
Like this, inter-vehicle information system credible secure routing method of the present invention, system and equipment can not only prevent unintentionally mistake, as: when agreement starts under improper situation and the unexpected mistake that causes; And can prevent mistake intentionally, as: Routing Protocol is distorted causes agreement normally not start, so just this node is got rid of outside trusted node, perhaps need send wrong information, when the neighbor table of vehicle is carried out malicious modification, can detect its malicious act and denial of service at node.
6. be the integrality record according to the described intermediate steps from the integrity measurement to the integrity report of claim 1-5, credible and secure inter-vehicle information system can be stored the integrity measurement value of Routing Protocol, and to the metric of neighbor table retouching operation legitimacy in a daily record, examine inquiry after being convenient to.If no daily record record, then malicious node might be made excuses or appeal after be rejected service.So, after upgrading, integrity measurement and neighbor table all this metric of present node is write in the daily record carrying out at every turn, and there is ample evidence to prove the malicious act of this node after being convenient to.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102605072A CN102065003A (en) | 2010-08-24 | 2010-08-24 | Method, system and equipment for realizing trusted secure routing of vehicular information system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102605072A CN102065003A (en) | 2010-08-24 | 2010-08-24 | Method, system and equipment for realizing trusted secure routing of vehicular information system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102065003A true CN102065003A (en) | 2011-05-18 |
Family
ID=44000110
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102605072A Pending CN102065003A (en) | 2010-08-24 | 2010-08-24 | Method, system and equipment for realizing trusted secure routing of vehicular information system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102065003A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103647654A (en) * | 2013-12-25 | 2014-03-19 | 国家电网公司 | Trusted computing based power distribution terminal key management method |
| CN103957525A (en) * | 2014-05-12 | 2014-07-30 | 江苏大学 | Malicious node detection method based on clustering trust evaluation in internet of vehicles |
| CN104363626A (en) * | 2014-11-07 | 2015-02-18 | 中国人民武装警察部队工程大学 | Bayesian theory based credible routing method for VANET (vehicular ad-hoc network) |
| CN104410580A (en) * | 2014-11-28 | 2015-03-11 | 深圳市华威世纪科技股份有限公司 | Trusted security WiFi (Wireless Fidelity) router and data processing method thereof |
| CN105897713A (en) * | 2016-04-11 | 2016-08-24 | 福州华鹰重工机械有限公司 | Method and device for designing inter vehicle communication system security protocol |
| CN107026843A (en) * | 2015-12-08 | 2017-08-08 | 松下航空电子公司 | Method, system and medium for monitoring the computing device on the vehicles |
| CN108400973A (en) * | 2018-02-02 | 2018-08-14 | 中原工学院 | Spoofing detection method based on traffic flow model in vehicular ad hoc network |
| CN109561432A (en) * | 2019-01-24 | 2019-04-02 | 深圳市腾远智拓电子有限公司 | Remote ad hoc network wireless transmitting system based on WIFI COFDM |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20010044905A1 (en) * | 2000-05-15 | 2001-11-22 | Recyfer, Inc. | System and method for secure data communications |
| CN1960286A (en) * | 2006-11-06 | 2007-05-09 | 吉林大学 | Kernel devices of credible network |
-
2010
- 2010-08-24 CN CN2010102605072A patent/CN102065003A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20010044905A1 (en) * | 2000-05-15 | 2001-11-22 | Recyfer, Inc. | System and method for secure data communications |
| CN1960286A (en) * | 2006-11-06 | 2007-05-09 | 吉林大学 | Kernel devices of credible network |
Non-Patent Citations (2)
| Title |
|---|
| 吴静等: "《车载自组网的可信认证与信任评估框架》", 《通信学报》 * |
| 邓钧忆等: "《车载自组网可信节点与可信路由分析及实现》", 《武汉大学学报·信息科学版》 * |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103647654B (en) * | 2013-12-25 | 2017-07-14 | 国家电网公司 | A kind of power distribution terminal key management method based on trust computing |
| CN103647654A (en) * | 2013-12-25 | 2014-03-19 | 国家电网公司 | Trusted computing based power distribution terminal key management method |
| CN103957525B (en) * | 2014-05-12 | 2018-02-27 | 江苏大学 | Malicious node detection method based on sub-clustering trust evaluation in car networking |
| CN103957525A (en) * | 2014-05-12 | 2014-07-30 | 江苏大学 | Malicious node detection method based on clustering trust evaluation in internet of vehicles |
| CN104363626A (en) * | 2014-11-07 | 2015-02-18 | 中国人民武装警察部队工程大学 | Bayesian theory based credible routing method for VANET (vehicular ad-hoc network) |
| CN104363626B (en) * | 2014-11-07 | 2017-09-19 | 中国人民武装警察部队工程大学 | A kind of VANET credible routing methods based on bayesian theory |
| CN104410580A (en) * | 2014-11-28 | 2015-03-11 | 深圳市华威世纪科技股份有限公司 | Trusted security WiFi (Wireless Fidelity) router and data processing method thereof |
| CN104410580B (en) * | 2014-11-28 | 2018-09-14 | 深圳市华威世纪科技股份有限公司 | Credible and secure WiFi routers and its data processing method |
| CN107026843A (en) * | 2015-12-08 | 2017-08-08 | 松下航空电子公司 | Method, system and medium for monitoring the computing device on the vehicles |
| CN105897713A (en) * | 2016-04-11 | 2016-08-24 | 福州华鹰重工机械有限公司 | Method and device for designing inter vehicle communication system security protocol |
| CN108400973A (en) * | 2018-02-02 | 2018-08-14 | 中原工学院 | Spoofing detection method based on traffic flow model in vehicular ad hoc network |
| CN108400973B (en) * | 2018-02-02 | 2020-09-25 | 中原工学院 | False message detection method based on traffic flow model in vehicle-mounted self-organizing network |
| CN109561432A (en) * | 2019-01-24 | 2019-04-02 | 深圳市腾远智拓电子有限公司 | Remote ad hoc network wireless transmitting system based on WIFI COFDM |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Lin et al. | Cyber-security for the controller area network (CAN) communication protocol | |
| Kohnhäuser et al. | Salad: Secure and lightweight attestation of highly dynamic and disruptive networks | |
| CN102065003A (en) | Method, system and equipment for realizing trusted secure routing of vehicular information system | |
| US8484486B2 (en) | Integrated cryptographic security module for a network node | |
| Xu et al. | BAGKD: A batch authentication and group key distribution protocol for VANETs | |
| JP5651615B2 (en) | In-vehicle network system | |
| CN113923044B (en) | Cross-chain system and method based on trusted execution environment | |
| CN112651037B (en) | Out-of-chain data access method and system for block chain system | |
| CN115550069B (en) | Intelligent charging system of electric automobile and safety protection method thereof | |
| Van Der Heijden | Security architectures in V2V and V2I communication | |
| Ahmad et al. | A novel context-based risk assessment approach in vehicular networks | |
| Tbatou et al. | Security of communications in connected cars modeling and safety assessment | |
| CN114139203A (en) | Block chain-based heterogeneous identity alliance risk assessment system and method and terminal | |
| Weimerskirch et al. | Data security in vehicular communication networks | |
| Luo et al. | Security mechanisms design for in-vehicle network gateway | |
| Tiwari et al. | A novel secure authentication scheme for VANETs | |
| CN109474438B (en) | Intelligent terminal access authentication method based on selective leakage | |
| Bouassida | Authentication vs. Privacy within Vehicular Ad Hoc Networks. | |
| Lau et al. | Blockchain‐based authentication and secure communication in IoT networks | |
| CN117278214A (en) | Network safety communication method for power system | |
| Furtado et al. | Threat analysis of the security credential management system for vehicular communications | |
| Sharma et al. | Secure authentication and session key management scheme for Internet of Vehicles | |
| Chen et al. | Security in vehicular ad hoc networks (vanets) | |
| CN112806034A (en) | Device, method and computer program for providing communication for a control device of a vehicle, method, central device and computer program for providing an update, control device and vehicle | |
| US12028350B2 (en) | Apparatus for electronic control of vehicle, apparatus for gateway and vehicle including the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110518 |
|
| WD01 | Invention patent application deemed withdrawn after publication |