| 摘要: | 如何保證車輛之服務下載請求安全性是一項重要的安全議題。為了解決車輛移動性問題,協作式下載方案被提出,透過中繼車輛的輔助下載來降低路邊基礎設施的負載,但是中繼車輛的選擇機制並不明確,且無法支援複數個中繼車輛;再者,車輛的下載請求通常涉及身分與服務內容的隱私,因此需要透過加密手段確保內容安全,但是過於複雜的加解密方案並不適用於車載環境;最後,異質化服務的QoS 需求也必須在佈署暫存內容時一併考慮。
本論文提出 ECDSA-based 的匿名協作式下載機制,藉由 ECDSA 數位簽章及 ECC 加密方案來確保下載請求的安全性。設計適用於車載網路的中繼車輛選舉機制,藉由行車速度、儲存空間及路邊距離來選出合適的中繼車人選,且中繼車輛會不定期重選,以因應時刻改變的車流。同時,車輛下載過程中運用輕量級的ECDSA 數位簽章方案來為下載請求簽章及加密,確保訊息之完整性、隱私性及不可否認性。請求驗證通過後,需要制定服務暫存至中繼車輛的佈署策略,透過 802.11 的規範將服務類別分類,並各別設定下載順序及資料傳送時的優先級別,同時確保延遲敏感類型的服務可優先暫存至鄰近使用者的中繼車輛中,達到服務QoS 規範。
模擬結果顯示,本論文提出的機制能有效提高服務下載效率。經由 ECDSA簽章相較於 RSA 簽章平均的訊息傳輸時間減少約 78.7%,證明該方案是輕量級的;此外,複數台中繼車輛的機制也可滿足大多數車輛下載需求,證明選舉策略的有效性;再加上服務內容的暫存佈署策略,平均可減少23.5%的下載時間,尤其是延遲敏感類型的服務提升更加顯著,平均減少 34.5%下載時間。;It is an important security issue on how to guarantee the security of service download requests from vehicles. In order to solve the problem of vehicle mobility, a cooperative download scheme was proposed, which reduces the load of roadside units through the auxiliary download with proxy vehicles, but the election mechanism of proxy vehicles is not clear and only support single proxy vehicles. Furthermore, the download request of a vehicle usually involves the privacy of identity and service content, so encryption methods are needed to ensure the security and privacy, but overly complex encryption and decryption schemes are not suitable for VANETs environments. Finally, the QoS requirements for heterogeneous services must be considered during deploying temporary content.
This dissertation proposes an ECDSA-based anonymous cooperative download mechanism, which uses ECDSA digital signature and ECC encryption scheme to guarantee the security of download requests. Design a proxy vehicle election mechanism suitable for VANETs. Appropriate candidates for proxy vehicles are elected based on driving speed, storage space and distance between RSU and itself, and proxy vehicles will be re-elected from time to time in response to the changing of traffic flows. Moreover, the lightweight ECDSA digital signature scheme is used to sign and encrypt the download request during the vehicle download process to ensure the integrity, privacy and non-repudiation of the message. After the request is verified, it is necessary to formulate a deployment strategy for temporarily storing the service to the proxy vehicle, classify the service category according to the 802.11 specification, and set the download order and the priority level of data transmission respectively. At the same time, it is ensured that delay-sensitive services can be temporarily stored in the proxy vehicles which closing to users so that can meet the quality of service.
The simulation results show the proposed mechanism can effectively improve the efficiency of service downloads. The average message transmission time of ECDSA signature is reduced by around 78.7% compared with that of RSA, which proves that the solution is lightweight. In addition, the proposed mechanism can support multiple proxy vehicles. The mechanism of multiple proxy vehicles can also meet the download requirements of most vehicles. Coupled with the temporary storage and deployment strategy of service content, the average download time can be reduced by 23.5%, especially on those services which is delay-sensitive, with an average reduction over 34.5%. |
