Trust Negotiation In Vehicular Cloud And Fog Services

In order to solve the computing and storage related problems faced by vehicle autonomous driving and in-vehicle applications,the VANETs(Vehicular Ad Hoc Networks)and edge intelligence are combined to construct vehicular cloud computing and vehicular fog computing.However,there are some major security challenges in vehicular cloud services,including user identity authentication and verification of messages'integrity under the background of high mobility of vehicles;ensuring the confidentiality of sensitive information;ensuring the privacy of location since most applications in the vehicle system rely on location-based information;providing data isolation to ensure the security of data stored on the cloud;securing data access to protect the data stored on the cloud from unauthorized access,etc.The vehicular fog computing is a supplement to the vehicular cloud computing.It uses the idle resources of parked vehicles to build a vehicular fog computing closer to the user.Its security challenges are similar to those of the vehicular cloud,but it also has some differences with vehicular cloud computing in terms of distance,geographic distribution method,communication,and computing capability,deployment cost,etc.Aiming at the issue of trust negotiation in vehicular cloud services and vehicular fog services,this dissertation combines the specific architecture of vehicular cloud services and vehicular fog services to design new secure and privacy-preserving mechanisms for them according to their expected characteristics and service requirements.The main research content and contributions of this dissertation include the following four aspects:(1)A lightweight anonymous authentication mechanism for vehicular cloud services is proposed.Vehicular cloud service is proposed to accelerate computation and storage by integrating conventional cloud services into vehicular networks.Vehicle authentication is one of the critical security challenges in the widespread deployment of vehicular cloud service.The high dynamicity of vehicles and the limited communication range of vehicular networks necessitate the lower overhead in communication and computation during the authentication process.Therefore,due to the large number of vehicles,traffic congestion and large amount of communication information,it is easy to become the bottleneck of network communication.Aiming at the problem of identity authentication in vehicular cloud services,this work proposes a lightweight anonymous authentication mechanism based on the European Telecommunications Standards Institute standardized vehicle-to-everything public key infrastructure to lay the foundation for the widespread deployment of vehicular cloud services.This mechanism has the following advantages:?It satisfies the security requirements of the European Telecommunications Standards Institute standardized vehicle-to-everything public key infrastructure,and also realizes the asynchronous key agreement,forward secrecy and backward secrecy.?It is lightweight.We conduct experiments on Arduino Mega 2560 to illustrate that our mechanism is feasible and practical and the mechanism has a small overhead in communication calculation and storage.(2)The lightweight and privacy-preserving ID-as-a-Service(IDaaS)model in vehicular cloud computing is constructed.In recent years,the vehicle ownership has continued to grow,and vehicle identity management has become more and more complex.In order to facilitate the management of vehicle identities,various identity management models have emerged.The most representative is the IDaaS model,which is related to cloud computing.The existed studies on IDaaS are not suitable for vehicular cloud computing.Because the high mobility of vehicles will cause frequent cross-domain problems,and the existing IDaaS model needs to send the vehicle identity information from the local domain to the vehicle access domain,which will not only cause the communication delay,but also is not friendly to the modification of vehicle private information.This work first proposes an improved ciphertext-policy attribute-based encryption(CP-ABE)technology.Utilizing the improved CP-ABE technology and the permissioned blockchain technology,we propose a lightweight and privacy-preserving IDaaS architecture for vehicular cloud computing.It realizes lightweight and privacy-preserving access control of vehicles' personally identifiable information in a large distributed vehicular cloud computing system.(3)A reliable and secure vehicular fog service provision mechanism is proposed.Vehicular fog computing complements vehicular cloud computing as a promising solution for accommodating the surge of mobile traffic and reducing latency.This work considers vehicular fog service provided by vehicular fog computing which is formed on-the-fly by integrating computing and storage resources of parked vehicles.The dynamicity of vehicular fog computing,due to vehicles' random arrivals and departures,poses a number of challenges for reliable and secure vehicular fog service provision to client vehicles.We propose a novel mechanism which consists of a vehicular fog construction method and a vehicular fog service access method to ensure vehicular fog service reliability and security without sacrificing performance.The reliability and security of vehicular fog service under our mechanism are discussed in detail.Moreover,we investigate the impact of the proposed mechanism on vehicular fog throughput and show that the mechanism is lightweight enough to be used in the latency-sensitive vehicular fog computing.(4)A blockchain-assisted lightweight anonymous authentication mechanism for distributed vehicular fog services is proposed.As modern vehicles and distributed fog services advance apace,vehicular fog services are being expected to span across multiple geo-distributed datacenters,which inevitably leads to cross-datacenter authentication.Traditional cross-datacenter authentication models are not suitable for the scenario of high-speed moving vehicles accessing vehicular fog services,because these models either ignored user privacy,or ignored the delay requirement of driving vehicles.This work proposes a blockchain-assisted lightweight anonymous authentication mechanism for distributed vehicular fog services,which is provisioned to driving vehicles.The mechainsm can achieve the following advantages:?Realizing a flexible cross-datacenter authentication,in which a vehicle can decide whether to be re-authenticated or not when it enters a new datacenter of vehicular fog computing;?Achieving anonymity,and granting vehicle users the responsibility of preserving their privacy;?It is lightweight by achieving non-interactivity between vehicles and service managers,and eliminating the communication between service managers in the authentication process,which significantly reduces communication delay;?Resisting the attack that the database governed by one datacenter is tampered with.The proposed mechanism achieves these advantages by effectively combining modern cryptographical technology and blockchain technology.