HOTLINE: 0086-021 52710299
Partners Partners & Customers
News Delegates’Testimonials

Car network privacy protection

日期: 2019-08-28
浏览次数: 14

The generalized information security network can be divided into two parts: the in-vehicle network and the off-board network. The vehicle network is isolated by the gateway from the internal network and the external network. The internal network is mainly various imaging networks, including LIN network, MOST network and CAN network. The external network is more complex, including related networks such as clouds, tubes, terminals, and sensors.

The car networking structure consists of three parts, namely the roadside unit, the onboard unit and a third-party trusted authority.

Because the Internet of Vehicles has the characteristics of flexible networking, unbalanced network scale, unstable network topology, poor reliability of wireless channel and transmission quality, and certain characteristics of sensing, computing and storage, and limited energy consumption. The broadcasted message contains a large amount of private information and predictability of vehicle motion trajectory, resulting in car network privacy issues.

 

 

 

Car network privacy protection

At the '2019 The 4th China Automotive Cyber Security Summit', we invited Zhang Haichun, a senior researcher at the Open Network Security Network of the Internet Security Lab, to explain the security of the privacy of the Internet.

The current identity privacy protection scheme is: an asymmetric authentication scheme based on symmetric cryptography, public key infrastructure, identity based signature, certificateless signature based, group signature based, etc. These scenarios create problems such as opaque behavior of trusted authorities, excessive overhead for revocation lists, and low authentication efficiency. Location privacy protection schemes such as anonymous schemes, hybrid regional schemes, and fuzzy-based schemes all have corresponding problems. Based on these problems, Zhang proposed a blockchain-based identity privacy and location privacy protection scheme.

By carrying a vehicle tracking attack platform to solve the problem of full anonymization is not enough to protect vehicle privacy, according to some goals of identity privacy and location privacy, an anonymous authentication scheme based on blockchain is added, based on blockchain and queue. Communication vehicle privacy protection scheme. This solution can protect vehicle identity privacy and location privacy, resist vehicle tracking attacks, not affect the service quality of the Internet of Vehicles application, achieve conditional privacy, and facilitate the division and arbitration of responsibilities in the event of a dispute. Then Mr. Zhang gave a detailed introduction to how the program protects identity privacy and location privacy:

 

Car network privacy protection

The blockchain-based identity privacy protection solution solves the problem of authority transparency, guarantees authentication security, achieves conditional privacy, and efficient authentication efficiency. The overall structure of the program is divided into three major institutions: automobile organizations, law enforcement agencies and digital certification agencies. Automotive organizations provide a certain amount of computing power to implement a consensus mechanism based on proof of engineering. The law enforcement agency audits the identity information from the vehicle, and after the audit is passed, it authorizes the digital certification authority to issue a certificate or revoke the certificate to the vehicle. The digital certification body performs the issuance or cancellation of the certificate. The specific steps are as follows: First, the car generates a message that can prove its identity according to its private key, and then submits the information material that proves its identity to the law enforcement agency. After the law enforcement agency audits, it will authorize the digital certification authority to issue a certificate, and all certificates are promulgated. Both cloth and undo are stored as a transaction in the blockchain, and the data in the entire blockchain is stored by the extended blockchain structure.

In the location-based privacy protection scheme based on blockchain: through the privacy scheduling algorithm, a large number of cars in the same direction of the same lane form a queue, so that the front car becomes the captain, and all the members of the queue do not send the message to the unit, but The message is sent to the captain, who collects the message and then packages it and sends it to each unit periodically. In this case, the entire queue has no difference to the members of the malicious attacker. He cannot distinguish the differences among the members, thus achieving the purpose of privacy protection. The privacy scheduling algorithm ensures that the communication process is secure. The specific steps are as follows: the vehicle is queued for identity authentication. First, the captain establishes a ready message for the surrounding broadcast queue. After receiving the message, the member sends the relevant private key and other information to the captain to express the join request, and the captain receives the request. After that, the corresponding car to which the request is added is given a number, and the private key of the team and the related planning key are sent to the members of the team. After receiving the message, the members of the team send their other messages to the captain as a reply, indicating Has been confirmed to join the queue. The entire data is signed to ensure that the entire communication is secure enough.Car network privacy protection

 

Finally, Mr. Zhang showed us the specific practices and cases of the program.

“2019 4th China Automotive Network Information Security Summit” Organizer: Shanghai Locka Automotive Technology Co., Ltd. (GRCC) is a technology development, technology transfer, technology consulting exhibition service, conference service and other business development in the field of automotive technology. Technical consulting company. The company provides industry information, business innovation development solutions, market research, business cooperation and network development platforms, personal career development, investment and financing consulting services to senior decision-makers at leading domestic and foreign companies (mainly Fortune 500 companies).


Copyright ©2010 - 2016 

GENESIS RESOURCING CONSULTING CHINA

犀牛云提供企业云服务