Research On Distributed Authentication For Vehicular Networks

In recent years,with the gradual development of intelligent transportation system and automatic driving,Vehicular Networks(VN)have attracted extensive attentions from academia and industry.The security problem is one of the most important issues in VN,whereas authentication technologies are essential tools to solve security problems in VN.To develop efficient authentication method and ensure the security of VN plays a vital role for the rapid development and deployment of VN.Now there are many challenges for VN in the aspect of authentication method.On the one hand,as basic travel tools,vehicles carry much private information about the driver.Thus,it is important to provide privacypreserving ability for VN.In the context of privacy preservation,the security functions that the authentication method needs to provide in VN become complex and comprehensive,which requires to guarantee trust,anonymity and traceability simultaneously.On the other hand,as vehicles have high mobility and close relationship with human lives and properties,VN have extremely rigorous performance requirements on authentication method,which require high reliability and low latency.Besides,the requirements for multidimensional functions of security also have negative influence on the authentication performance for VN.Existing authentication methods for VN cannot satisfy the complicated function requirements and the rigorous performance requirements simultaneously.This dissertation mainly focuses on the distributed authentication methods for VN,aiming at satisfying the requirements of security functions and authentication performance for VN.This dissertation mainly solves three problems: vehicle authentication,authentication domain division,and certificate revocation list management.The problem of vehicle authentication is the main body of research for distributed authentication for VN,to solve the problem of authentication domain division is the essential precondition for the implement of distributed authentication for VN,and to manage certificate revocation list in a distributed way is the inherent requirement for distributed authentication for VN.The main contributions and innovations of this dissertation are as follows:(1)For the problem of vehicle authentication in VN,a privacy-preserving lowlatency vehicle authentication method is proposed.Firstly,an edge computing-based distributed authentication framework is proposed.In the framework,the whole vehicular networks are divided into multiple authentication domains.The scalability and robustness of the authentication system can be improved due to this distributed authentication framework.And the delay in process of authentication can be reduced by decreasing the number of revoked vehicles that are required to check.Secondly,in the distributed framework,a distributed authentication mechanisms based on group signature are designed.The group signature technology can provide conditional privacy preservation for VN.Transition area mechanism is introduced to solve the authentication problem in the border of authentication domain,and efficient distributed authentication group maintenance method is proposed to improve authentication efficiency.Then,the security analyses for the proposed authentication method are conducted and the results indicate that the proposed method can satisfy the complicated authentication function requirements in VN.Finally,theoretical analysis and simulation analysis are performed in the aspect of delay performance for the proposed method.The results show that,the theoretical results of signature check delay in transition area match well to the simulation experimental results,and the proposed method can reduce the verification delay efficiently.(2)For the problem of authentication domain division in VN,a delay-aware authentication domain division method is proposed.The problem of authentication domain division is an essential problem for distributed authentication.To solve this problem efficiently is also the precondition for the deployment of distributed authentication method in VN.As the delay is one of the most important performance indicators in VN,it’s very meaningful to take delay factor into consideration in the process of authentication domain division.Firstly,taking into consideration management overheads and delay performance,the authentication domain problem is modeled as optimization problem,in which the overheads for the management of authentication domain are minimized in the condition of satisfying the delay performance.Secondly,a method for calculating the average length of certificate revocation list based on queueing theory is proposed,which establishes mathematical relationship between the size of the authentication domain and the verification delay and provides basic support for dividing authentication domain based on delay factor.Then,a heuristic algorithm is proposed to solve the authentication domain division problem.Finally,a simulation platform based on realistic road topology data is established to validate the feasibility and efficiency of the proposed method.(3)For the problem of Certificate Revocation List(CRL)management,a blockchainbased distributed CRL management method is proposed.Firstly,to alleviate the revocation check burden,partial revocation tasks are offloaded to the edge network.Based on dual-certificate model,a two-tier CRL defense mechanism is designed to guarantee that the revocation task can be offloaded securely.Secondly,to ensure that the CRL management is trusted,scalable and robust,the blockchain-based CRL management method is designed.The blockchain data structure provides support for ensuring the data integrity of CRL.For the time-consuming problem of proof-of-work based consensus in traditional blockchain,permissioned blockchain paradigm and deterministic consensus mechanism are employed to improve the consensus efficiency and implement quick revocation.Then,a distributed revocation behavior supervision method is designed to prevent the illegal revocation behaviors in certificate management authority.By using this method,it is guaranteed that the historical revocation information cannot be changed and the newly added revocation information can be correct,thus the data integrity of CRL can be achieved.Finally,a prototype is established to evaluate the performance of the proposed method.The evaluation results show that,comparing with proof-of-work based method,the proposed method has advantages in revocation delay and can achieve quick revocation.