車聯網中具隱私保護與服務權限管理之機制研究;A Study on Privacy-Preserving Authentication and Service Rights Management for the Internet of Vehicles

NCUIR > School of Management at National Central University > Graduate Institute of Information Management > Electronic Thesis & Dissertation > Item 987654321/72210

Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/72210

Title:	車聯網中具隱私保護與服務權限管理之機制研究;A Study on Privacy-Preserving Authentication and Service Rights Management for the Internet of Vehicles
Authors:	吳威震;Wu,Wei-Chen
Contributors:	資訊管理學系
Keywords:	車聯網;服務權限管理;服務權限管理;訊息認證碼;金鑰管理;IoV;SRM;Privacy Preserving;MAC;Key Management
Date:	2016-08-16
Issue Date:	2016-10-13 14:32:33 (UTC+8)
Publisher:	國立中央大學
Abstract:	現今寬頻與無線通訊網路的普及促進了車聯網(IoV, Internet of Vehicles)的興起；相較於傳統車載網路(VANET, Vehicular Ad hoc NETworks)，車聯網需要更多安全考量且所提供的服務必須有效管理，例如某些車輛必須允許讓不同的人駕駛，並分別給予不同的權限或服務(在計程車車隊中，同一輛車可能由不同的人輪班駕駛)，同時在這樣的車聯網環境中駕駛人與車輛仍需受到匿名保護。在上述車聯網安全需求下，本論文提出一個具隱私保護與服務權限管理的機制來滿足此需求。本研究使用單向雜湊函數為每輛車設定一個假名並用盲簽章為每一位駕駛人產生一個匿名身分，在傳遞的訊息驗證上本研究使用訊息認證碼(MAC, Message Authentication Code)來驗證，並透過雜湊鏈來產生會議金鑰。只有在有爭議的情況下，公正單位(CA, Certificate Authority)才去揭露或廢止該車輛或駕駛人的服務權限，也只有CA可以追蹤車聯網上任何訊息的來源；在服務權限管理上，本研究也擴充權限管理機制提出一個新的服務權限管理(SRM, Service Right Management)，透過不同的駕駛人在不同的車輛中給予不同的服務權限，以達到服務與權限分開管理的目的。為分析本研究所提機制在網路安全的保護功能，我們分析各個節點間所傳送的網路封包來說明機制如何抵禦相關的網路攻擊，在效能分析上以三個部分來分析，第一是分析每一個安全訊息的所需處理的時間，其中以訊息簽章和驗證來計算每一秒所能處理的訊息數量；第二是分析每輛車輛認證所花費的時間；第三是分析在分享多媒體檔案所花費的回合數。最後的分析結果顯示本研究在每一秒所能簽章和驗證的訊息高達59880個數量，而每輛車輛認證平均等待時間為0.01秒，且在分享多媒體檔案時所用到的訊息回合數遠小於其他機制。最後我們將這些結果與近幾年的相關研究做一個比較。;Due to the growth of the broadband and wireless communications network, it has been increasingly popular in recent years to promote the Internet of Vehicles (IoV) as a research topic. The IoV is different from Vehicular Ad hoc NETworks (VANETs). The IoV requires more security considerations than a VANET would. For example, the services provided must be effectively managed. Some vehicles must allow different drivers to use them, and are given different service rights (In a taxi fleet, the same car is driven by different people in shifts) and the identities of vehicles and drivers must be protected by anonymity. Given the above security considerations, we present a method of privacy-preserving authentication and services access control in the IoV. In this system, only the Certificate Authority (CA) can perform the revocation process when a vehicle or driver is judged as invalid. To achieve this purpose of services access control, we propose a new Service Rights Management (SRM) scheme that is given their different services depending on the different objects and then assign different digital rights for managing services and access rights separately.Our system carries out analysis and verification in a three-step process: First, it determines the overhead required for the safety message and the number of signing/verification messages per second. Second, it determines the computational load required for authentication and access verification. Third, it determines the number of rounds of multimedia file sharing. The final analysis results are 59880 messages per second of signing/verification, the average waiting time is about 0.01 s and the number of rounds is less than those of other mechanisms. In threats and attacks analysis, our scheme is compared to other mechanisms of preventing all kinds of wireless network attacks.
Appears in Collections:	[Graduate Institute of Information Management] Electronic Thesis & Dissertation

Files in This Item:

File	Description	Size	Format
index.html		0Kb	HTML	970	View/Open

社群 sharing

Loading...