Professional Documents
Culture Documents
)), , ( (
i i
S V
Q S e H and sends ) , , , (
*
i i V V
SID AC Q
i i
to
i
S .
Step 2: After receiving the message from V
i
, S
i
checks to see whether =
i
V
)) , (
i i
S V
S Q e H . If it holds, S
i
selects a random number
*
q
Z k e ,
16
computes kP R =
1
, P AC k S i
* 1
1
= ,
i
S
S k S
1
2
= , and =
i
S
)) , (
i i
S V
kS eQ H . S
i
then sends R
1
, S
1
, S
2
,
i
S
kQ ,
i
S
and SID
i
to V
i
.
Step 3: After receiving the message from S
i
, V
i
checks to see whether =
i
S
)) , (
i i
S V
kQ eS H holds or not. If it holds, he computes the signature of
AC
i
as (R, S), where
1
R R = and + =
1
1 1
( S S ) ) (
2 1
S R H .
Everyone can verify (R, S) by computing whether the equation e(R, S) =
) (
1
) , ( ) , (
R H
S pub
AC
i
i
Q P e P P e holds. Here, we give the correctness of this
equation by using the following deduction.
) (
1
1
* 1 1
2 1 1
1
2 1 1
1 1
1
1
) , ( ) , (
) ) ( , ( ) , (
) ) ( , ( ) , (
)) ) ( ( , (
) , (
R H
S pub
AC
S i
i
i
i
Q P e P P e
S k R H kP e P AC k kP e
S R H kP e S kP e
S R H S R e
S R e
=
=
=
+ =
17
Figure 6. Access credential phase
(b) Access service phase
In this phase, V
i
must use the authorized credential to anonymously access the
service provide by S
i
via R
j
. They together perform the following steps (as depicted in
figure 7).
Step 1: When V
i
wants to access the pay-service from the roadside device R
j
, he
selects a random number a, computes )) , ( (
i i i i
S V S V
Q aS e H h = ,
)) , ( (
i i i i
S V S V
Q aS e H k = , || || (
i
V
T request E = )
i
V
aQ ,
) || || || ( S R AC E f k h A
i S V S V
i i i i
= , ) , , ( S R AC E B
i k
i
S
i
V
= . Then, he sends
the request message ) , , , (
i i
V V
T requestaQ B A to R
j
.
Step 2: After receiving the message from V
i
, R
j
forms
E=( ) || ) ( || ||
2
i i i i
v v V
aQ P a f T request and selects a random number b , and
computes )) , ( (
i j
S R
Q bS e H D = and ) || || (
j j
R R RS j
bQ T E f D h = .
He forwards , , ), ( , , , , , ,
j i i i i
R V V V V j
T aQ aIP f T aQ request B A D and
j
R
bQ to S
i
.
Step 3: After receiving the message from R
j
, S
i
forms
E
= ) || ) ( || ||
2
i i i i
v v V
aQ P a f T request ,and uses
j
R
bQ to compute
)) , ( ( '
i j
S R
S bQ e H D = and ) || || ( ' '
j j
R R j RS
bQ T E f D h = . He then uses
'
RS
h to search his receiving pseudonym table. If he finds the item, he is
the destination node. He computes )) , ( (
i i i i
S V S V
S aQ e H k = to decrypt B,
obtaining ) , , ( S R AC
i
. He then verifies the validity of the authorized
credential by checking whether the equation
18
) (
1
) , ( ) ( ) (
R H
S pub
AC
i
i
Q P e P,P e R,S e = holds or not(see Figure 8_continued).
If it holds, S
i
selects a random
*
q R
Z c e and computes
)) , ( (
i j j i
S R R S
cS bQ e H U = . Then, S
i
computes )) , ( (
i i i i
S V V S
cS aQ e H = ,
|| || (
i j i j i
S R S SR R S
T U f h = )
i
S
cQ , and ) ))( , ( (
i i i i i i
S V S V V S
h S aQ e H h = = ,
and sends permission,
, , , , , ,
j i i j i i i i i i i
R V S R S V S S S V V
bcQ h cQ T caQ aQ to R
j
.
Step 4: After receiving the message from S
i
, R
j
computes , ( ( '
j j i
R R S
bS e H U =
)
i
S
cQ to form ) || || (
i i j i
s S R S
cQ T U f to X
or
j i
R S
, obtaining ) (
SR RS
h h = .
He then uses
RS
h to search his receiving pseudonym table to check
whether he is the destination node and
i
S
T is in time. If so, he can obtain
the temporary service key by computing ))) , ( ( (
i i j i
R V R V
bS caQ e H f k = .
After that, he selects a random number b
2
and sends permission,
, , ,
i i i i
V S S V
cQ aQ ) , , ( ,
2
j
j
R
i
V j i i
R j k R V S
T b RID E bcQ h to V
i
.
Step 5: After receiving the message from R
j
, V
i
checks to see whether
)) , ( (
i i i i
S V V S
cQ aS e H = holds or not. If it holds, he uses
i i
S V
h to XOR
j i i
R s v
bcQ h ' , obtaining
j
R
bcQ . He then computes
) )) , ( ( ( ( '
j i j i j i
R V R V R V
k bcQ aS e H f k = = to decrypt ) , , (
2
j
j
R
i
V
R j k
T b RID E ,
obtaining ) , , (
2
j
R j
T b RID . Then, he computes MAC = ) 1 , ' (
2
+ b k f
j i
R V
and sends it to R
j
.
Step 6: After receiving the message from V
i
, R
j
checks to see whether MAC=
) 1 , (
2
+ b k f
j i
R V
. If it holds, V
i
and R
j
can use , ( ( (
i j i
V R V
aS e H f k =
19
)
j
R
bcQ to secure the subsequent data transfer in the access service
phase.
Vehicular user V
i
Roadside device R
j
Service provider S
i
). , , (
, || ||
)), , ( (
)), , ( (
computes ,
*
S R AC E B
||R||S), f(E||AC k h A
aQ T request E
Q aS e H k
Q aS e H h
Z a
i k
i S V S V
V V
S V S V S V
S V S V
q R
i S i V
i i i i
i i
i i i i i i
i i i i
=
=
=
= =
=
e
1.
i i V V
T aQ request B A , , , ,
)). , ( (
computes
*
i j S R
q R
Q bS e H D
Z b
=
e
2.
), || || ( , ,
j R j R RS
bQ T E f D h B A D
j j i i R R V V
bQ T T aQ request , , , ,
3.
). , , ( obtaining , decrypt
to )) , ( (
computes
. node n destinatio
the is he knows , table
search to uses , obtaining
), || || (
and ) , (
computes
S R AC B
S aQ e H k
S
h h
bQ T E f
S bQ H D
i
S V S V
i
RS RS
R R
S R
i i i i
j j
i j
=
=
Figure 7. Access service phase
20
j i i j i i i
i i i i
R S V R S V S
S S V V
bcQ h
cQ T caQ aQ permission
, ,
, , , , ,
4.
). , , ( ,
))), , ( ( (
computes
n. destinatio the is he knows
table search the to uses
. obtaining
), , ( ( '
computes
2
*
2 R j k q R
R V R V
j
SR
SR
S R
R
S
T b RID E Z b
bS caQ e H f k
R
h
h
cQ bS e H U
j R i V
j i j i
i j
j
i
e
=
=
) , , ( ,
, , , ,
2 j j R i V j i i
i i i i
R j R S V
V S S V
T b RID E bcQ h
cQ aQ permission
k
5.
). 1 , ' ( sends ). 4 (
). , , ( obtaining
))), , ( ( ( '
es (3).comput
. obtaining , .uses ) 2 (
)). , ( (
? checks ). 1 (
2
2
+ =
=
=
b k f MAC
T b RID
bcQ aS e H f k
bcQ h
cQ V aS e H
j i
j
j i j i
j i i
i i
i
R V
R j
R V R V
R S V
S i V
S
MAC
6. ). 1 , ( ? verifies
2
+ = b k f MAC
j i R V
)). , ( (
), || || (
)), , ( (
)), , ( (
,
. ) , ( ) , (
? ) , ( verifies
*
) (
i i i i
i i j i j i
i i i i
i j j i
i
i
S V S V
S s R S SR R S
S V V S
s R R S
q R
R H
S pub
AC
S aQ e H h
cQ T U f h
cS aQ e H
cS bQ e H U
Z c
Q P e P P e
S R e
=
=
=
=
e
=