Abstract

BSM 消息广播是车联网通信的最主要内容, 直接影响到车辆的行驶安全, 发送车辆会对每条 BSM 计算数字签名以防范消息伪造. 相关文献指出, 车辆在 1 s 内最多会收到千余条 BSM 消息, 且验证延迟不能超过 100 ms, 现有的车载设备很难达到要求. 本文结合 ECQV 隐式证书和Schnorr 签名, 提出了一种基于车联网 SCMS (security credential management system) 证书服务体系, 用于车联网 BSM 消息的签名聚合方案, 支持聚合验证, 能够显著减小签名验证的计算消耗. 在有消息签名验证错误的情况下, 提出了一种快速检测错误签名的方法: 首先将待验证的 BSM 消息根据发送车辆证书的 CA 进行分组, 对每一个分组进行分组验证, 每一轮分组验证将待验证的消息分为 θ 组, 逐组地聚合验证, 检测到验证错误的分组, 然后再对其进行新一轮迭代分组验证, 直至检测到验证出错的消息. 讨论了使验证计算消耗最小的最优分组数, 并根据验证车辆的不同预计算配置, 分别分析了最优分组数和计算消耗. 所提方案的计算消耗显著优于逐一验证的检错方法.

Alternate abstract:

The BSM broadcast between vehicles is the most common method of communication in Internet of vehicles (IoV), which has a direct impact on the safety of vehicles. To resist against message forging attacks, the message sender is required to create a digital signature for each BSM. It was pointed out in public literatures that, a vehicle will receive up to more than one thousand BSM to verify within one second, hence the verification delay cannot exceed one hundred milliseconds, which is difficult to achieve for current existing in-vehicle equipments. To solve the problem above, by combining ECQV implicit certificate and Schnorr signature, this paper proposes a signature aggregation scheme based on SCMS (security credential management system) for BSM of IoV, which supports aggregation verification and can reduce the computational consumption of the signature verification significantly. In the proposed scheme, a method is proposed to quickly detect invalid signatures. First, those messages with signatures to be verified are divided into groups according to the CA of the senders' certificates, then the group verification will be performed on each group. The messages to be verified are divided into θ groups in each round of group verification, which will be verified aggregately group by group until a group with an invalid signature is detected. Then, a new round of iterative grouping verification is performed on the group until the message with an invalid signature is detected. Moreover, this paper discusses the optimal number of groups to minimize the computational cost of the verification, and analyzes the optimal number of groups and computational cost respectively according to different pre-computing configurations of the verifier. The analysis results show that the computational cost of the proposed scheme is significantly better than that of the one-by-one verification error detection method.