| In the field of Internet of Vehicles(IoV),the key management mechanism and security authentication technology have always been important issues that researchers pay attention to.With the substantial increase in vehicle population and the rapid expansion of the complexity of IoV,the key management and security certification in IoV would inevitably become more difficult to handle.The traditional solutions based on Public Key Infrastructure(PKI)technology usually use a centralized public key certificate management mechanism,but the performance of the system would be severely affected when the network is huge.The regularly updated Certificate Revocation List(CRL)would make it difficult to achieve the real-time revocation of the certificate,the centralized Certificate Authority(CA)would easily suffer in the failure of single point,the hierarchical structure of CA would introduce more serious confidence degradation problems,and complicated certificate chain would cause the difficulty of cross-domain authentication,which would introduce potential efficiency and security problems to the system.In order to improve or solve these problems in the traditional solutions,this paper has conducted research and analysis on the key management and security authentication protocol of IoV,and achieved the following results:First of all,we combined the traditional PKI technology with the consortium block chains technology,and proposed a novel key management mechanism for IoV.By introducing consortium block chains technology into IoV,we have proposed a novel consortium block chain network which is more suitable to key management of IoV.In this network,the CAs of different automobile manufacturers or related management organizations of IoV serve as the central node,and various IoV devices such as vehicles and roadside units are used as common nodes.The network realizes the registration of public key certificates of IoV devices,key management operations such as update and revocation.At the same time,we have also designed a lighter public key certificate and a novel double-blockchain structure,which solves the unverifiable problem for users to obtain public key certificates from the block chain,and helps to achieve low-overhead and fast authentication between connected car devices.This solution solves the problems of traditional key management technology in real-time certificate revocation difficulties,single-point failures,hierarchical confidence decline,and cross-domain authentication difficulties in practical applications.It improved the problem of low management efficiency of traditional solutions,and also greatly enhance the security of the key management system.Secondly,we simulated the designed key management system by python.The simulation fully implements all the functions of the key management system.These functions are composed of five threads: the ‘Cer’ thread which is used to generate public key certificates,the ‘Block’ thread which is used to generate main chain blocks,the ‘Sup Block’ which is used to generate auxiliary chain blocks,the ‘Search’ thread which is used to query public key certificates,and the ‘Verify’ thread which is used to verify the public key certificate.The simulation results showed that the designed key management system has shown excellent results in solving problems such as single point of failure and cross-domain authentication difficulties.At the same time,the efficiency and security of the key management system have also been greatly improved.Finally,we conducted the design and analysis of security authentication issues in different scenarios of the IoV communication.On the premise of ensuring resistance to various common network attacks such as eavesdropping attacks,replay attacks,and denial of service attacks,based on the proposed IoV key management mechanism,two common vehicle access and communication are designed for vehicle access and communication.The security authentication protocol in the network communication scenario,and the BAN formal logic analysis and security verification of the proposed protocol are carried out.The results suggested that this scheme could meet the security requirements in specific communication scenarios of IoV. |
