Research On Access Control Mechanism For Software Defined Vehicular Networks

In the vehicular network,vehicles can obtain diversified services by accessing the data in the remote cloud or roadside units,which can improve traffic safety and travel efficiency and optimize the driving experience.With the increasing number of vehicles and roadside units and the continuous emergence of new vehicular applications,under the traditional network architecture in which device forwarding and control functions are tightly coupled,it is difficult to handle large-scale access requirements flexibly.And there are difficulties in deploying new protocols,scheduling resources,and managing networks.The existing research points out that under the software-defined network(SDN)architecture,the above problems can be effectively solved.In the SDN architecture,data forwarding and control functions are decoupled.Based on global network state information,the logic centralized SDN controller can flexibly formulate and deploy network protocols and flexibly manage and allocate network resources.However,the software-defined vehicular network(SDVN)inherits the security problems of the vehicular network under the traditional network architecture.The existing access control schemes have deficiencies such as insufficient security and low performance,which is difficult to ensure the secure and efficient access control of vehicles to the cloud(V2C)and vehicles to roadside units(V2R).This dissertation focuses on the core security issues in the SDVN,and designs efficient access control schemes to ensure the security of the vehicle data access process and realize reasonable access to data in the cloud and roadside units.Meanwhile,in view of the difficulties in deploying multicast protocol,scheduling cache resources,and selecting roadside units in the access control process,the corresponding solutions are proposed by using the flexibility of SDN to improve the efficiency of the vehicle data access process.The contributions of this dissertation are as follows:1.A multicast transmission-based access control scheme for the SDVN is proposed.Aiming at the problems of insufficient security and low performance in the existing multicast transmission-based access control schemes,this dissertation proposes a multicast transmission-based access control scheme suitable for the SDVN.The scheme defines the multicast process in the SDVN,and uses the SDN controller to verify the access requests in the vehicular network.The scheme supports batch verification to speed up the processing of access requests.In addition,the scheme realizes secure data content distribution based on broadcast encryption technology and ensures that only authorized vehicles can obtain the content plaintext.The security analysis shows that the scheme meets the security requirements in the vehicular network,resists common types of network attacks,and provides more comprehensive security protection.The scheme shows better performance in computational overhead,communication overhead,packet loss ratio and time delay.2.A proxy decryption-based access control scheme for the SDVN is proposed.Aiming at the weak security of existing proxy decryption-based vehicular network access control schemes and the lack of consideration of proxy decryption node selection,this dissertation proposes a proxy decryption-based access control scheme suitable for the SDVN.This scheme uses the Chameleon hash function and ciphertext-policy attribute-based encryption to realize anonymity and fine-grained access control for V2 C,and rapid revocation of access rights of vehicles.In addition,by using the proxy decryption technology and designing the SDN-based proxy node selection algorithm,the overall performance of the system can be further improved while reducing the decryption overhead of the vehicles.The scheme supports the vehicle to authenticate the proxy decryption result returned by the roadside unit.The security analysis shows that this scheme overcomes the weak security of existing related schemes,meets the security requirements in the vehicular network,and resists common types of network attacks.Compared with related schemes,this scheme achieves better performance in terms of computational overhead,communication overhead,and throughput.3.An edge cache-based access control scheme for the SDVN is proposed.Aiming at the problems that the existing edge cache-based access control scheme is difficult to support the direct and anonymous authentication between vehicles and roadside units,and does not consider the update of cache content,this dissertation proposes an edge cache-based access control scheme suitable for the SDVN.This scheme uses TESLA protocol and Pedersen commitment to realize direct and efficient fast authentication of vehicles and roadside units,as well as anonymous access of the V2 R.The scheme supports batch verification to speed up the processing of vehicle access requests.In addition,based on the flexibility of the SDN,the scheme designs a cooperative cache update mechanism to deal with the problem of limited cache space of roadside units.The scheme does not need a trusted third party to participate in each round of interaction,does not rely on the ideal assumption that the roadside unit is completely trusted,and does not need to store the system private key or access token in the roadside units.The Pro Verif-based formal verification and informal security analysis show that the scheme meets the security requirements in the vehicular network and can resist common types of network attacks.The scheme achieves lower computational overhead,communication overhead,and transmission time overhead.