| Cellular Vehicle-to-Everything(C-V2X)technology can greatly improve the traffic efficiency and traffic safety,is an important support technology for the development of smart transportation and smart car in the future.The C-V2X system,which links people,vehicles,roads and other traffic participants,is a special network and faces many network security threats.At the same time,the network nodes are moving quickly,the topology is dynamically changing and there are various equipment types,the C-V2X system face many new network security threats,such as unclear security boundaries,untrustworthy equipment identities,and the need for lightweight security measures.Ensuring the C-V2X system security is necessary for commercial application of C-V2X technology and support the development of China’s intelligent connected vehicle industry.This dissertation has analysed the existing security problems of the C-V2X system and the corresponding measures of security protection,pointed out that the C-V2X security schemes are lack of unified security management method and equipment initial identity authentication method.Aggregation authentication method,lightweight authentication method are required in some important application scenarios.This dissertation focuses on the key technologies of C-V2X security authentication,propose a C-V2X equipment security management method based on unified identity identification,a C-V2X equipment initial identity authentication method based on vehicle identity module,a C-V2X equipment aggregation authentication method based on authentication status identification,a C-V2X equipment lightweight identity authentication and key agreement method based on Identity-based Cryptograph.(1)There are various types and a large number of equipment in the CV2X system,lead to complex and severe security problems.This dissertation design a unified security management scheme,which achieves unified security management of all equipment in the C-V2X system based on unified identity identification.The scheme abstracts the attributes of various types of C-V2X equipment,fully considering the management needs of equipment manufacturers,operators,etc.,and propose a unified coding method for C-V2X equipment,can assign a unique identity identifier to each equipment and implement unified management for all equipment;design a C-V2X equipment security management protocol to achieve security monitoring and situational awareness of all equipment in the C-V2X system.(2)The C-V2X equipment cannot prove its identity to the C-V2X system before obtaining a digital certificate from the certification authority,resulting in a security risk in the management of the equipment digital certificate.This dissertation propose an C-V2X equipment initial identity authentication method.When the C-V2X equipment need access to the CV2X system,it carries out a challenge response identity authentication with the C-V2X system,confirm each other’s identities.It can ensures that the identity of the C-V2X equipment is trusted before the equipment applying for a digital certificate.The initial identity authentication method for equipment based on vehicle identity module,achieves independent encapsulation of the authentication functions,which has little impact on equipment structure and is suitable for various types of equipment.(3)In typical C-V2X application scenarios such as formation driving and collaborative driving,a large number of grouped equipment are separately access to the C-V2X system for authentication,resulting in waste of system resources and decrease service capabilities.This dissertation propose a C-V2X equipment authentication identification roaming and transmission method.The C-V2X system grant an authentication status identification to the C-V2X equipment when the equipment successful authentication.The C-V2X equipment can access another C-V2X system not need the whole access authentication again.The C-V2X equipment also can transfer the authentication status identification to the other members of the group,reduce more than 60%communication interactions between the equipment and the system,greatly saving the communication resources and computing resources.(4)In small and medium-sized C-V2X application scenarios such as airports,mines,and parks,building complex CA systems based on Public Key Infrastructure(PKI)mechanism for equipment identity authentication is a difficult work.This dissertation propose an efficient authentication and key agreement method based on Identity-Based Cryptograph for small and medium-size C-V2X system.The C-V2X equipment use VID as its public key,encrypts and transmits secret data with other equipment using IdentityBased Cryptograph algorithm.This method not need to establish a CA system,not need key distribution process,also not need certificate management and certificate verification process,save computing resource,reduce communication delay,meet the requirement of flat and lightweight security measure for small and medium-sized C-V2X systems.This dissertation analyze the security of the C-V2X security method described above,and the results show that the scheme is security and feasible.This dissertation build an experimental verification environment,simulate the process of the equipment initial identity authentication,equipment lightweight authentication and key agreement,equipment aggregation authentication through self-developed software.It is confirmed that the scheme is feasible and effective. |