车载自组网中一种支持群签名认证的分布式密钥管理方案

群签名具备良好的匿名认证特性,满足车载自组网信息安全和隐私保护需求。但是,其作废开销较大,不适于在大规模网络环境中应用。为此,本文提出了一种支持群签名认证的分布式密钥管理方案DKM,将车载自组网的覆盖区域划分为若干子区域,车辆周期性地从所在子区域的群管理机构更新群密钥。这样,作废某个成员只需要在其拥有合法密钥的子区域内通告,而不是整个网络,有利于降低作废开销。同时,DKM中的密钥更新机制能够保证车辆的群密钥的私密性,从而避免了车辆与区域群管理机构的授权争议,保持了数字签名的不可否认性。性能分析表明DKM能够显著缩短作废列表长度,同时没有增加认证开销。

A Distributed Key Management Scheme for the Group Signature Based on Authentication in VANETs

Group-signature based authentication is a promising approach for addressing the security and privacy issues in vehicular ad hoc networks(VANETs).However,it is prone to causing huge revocation overhead in VANETs with millions of nodes and serious security risks.To solve this problem,we develop a distributed key management scheme(DKM) where the whole domain of VANET is divided into several sub-regions,and any vehicle has to update its group secret key periodically from the regional group manager who manages the region where the vehicle stays.In this way,a revoked membership is just notified in a sub-region but not the whole domain.Therefore,the average size of the revocation list in each sub-region decreases.Moreover,the proposed key updating process which guarantees a vehicle can obtain an updated group secret key from a regional authority without leaking the value of the group secret key to the regional authority.Performance analysis demonstrates that DKM can reduce the revocation cost significantly while keeping the authentication overhead the same as the the original group signature algorithm.