THE APPLICATION OF IMPROVED-DAA FOR THE VEHICLE NETWORK NODE SECURITY IN SINGLE-AND MULTI-TRUSTED DOMAIN

. Similar to network, vehicle-mounted system has its own vulnerability, which can be used by the attackers. Diﬀerent from the traditional network security technologies, node security is one of the most important technologies of the vehicle network and it is diﬃcult to achieve because of the mobility and ﬂexibility. In this paper, trusted computing and direct anonymous attestation theories are adopted to establish protocol system of trusted vehicle information authentication, thus the security of authentication process for nodes in vehicle network can be improved. First, we use DAA to achieve the identity authentication for the accessor in single-trusted domain. Second, the improved-DAA will be used to try to promote the security situation in multi-trusted domain. It is illustrated that the eﬃciency of veriﬁcation can be increased and the possibility of being attacked can be decreased in single-trusted domain. And the execution eﬃciency in multi-trusted domain can be improved theoretically.


1.
Introduction. Vehicle networks (VN, for short) become more and more important in most of the vehicle electronic systems. It can not only solve the problems of circuit complexity and wiring harness increasing, but also provide the technical basis for the application of novel electronic and computer technologies in communication and resource sharing. As a result, vehicle network can be the support for vehicle-mounted information and control system [13].
Different from traditional communication network, there are not any fixed infrastructures in vehicle network. Vehicle network can still provide the solution for wireless communication network: communication within specific vehicles (or some mobile nodes) can be achieved by wireless connections, and communication within vehicles (or some mobile nodes) far apart from each other can be realized by information routing of the vehicle in the middle of the interval [10]. Ever-changing topological structure of the network is resulted by the keep moving nodes in vehicle network, so the security authentication cant be guaranteed. And it is very easy to be invaded by illegal nodes, which will destroy some applications in specific region of vehicle network [7] [14]. At the same time, the requirements of transmission rate and quality of communication and bandwidth increase with the development of more new and complex applications in the vehicle, for example, enhanced safety and entertainment solutions. The terminal users expect the same level of entertainment functions and data in the vehicle as know from home. Existing vehicle control networks, based on the LIN (the Local Interconnect), CAN (the Controller Area Network), and FlexRay standards, are not designed to cover these increasing demands in terms of bandwidth and scalability that we see with various kinds of ADAS (the Advanced Driver Assistant Systems) [16]. Worse yet, these existing schemes or standards can't satisfy an ever-growing demand for security.
In this paper, trusted computing [11] will be applied in order to identify the nodes in vehicle network. At the same time, DDA (Direct Anonymous Attestation) [2][3] will be used to set up a node security authentication part, in order to improve the security of the whole vehicle network. This paper is structured as follows: The first section will introduce the background of topics, research significance. The second section will introduce the related research ideas and methods of vehicle networks, and it will also present the existing security problems of vehicle networks. The third section will illustrate the details proposed by this paper for vehicle networks nodes security by trusted computing and direct anonymous attestation. The fourth section will give the results of security analysis and conclusions of verification procedure. The fifth section is the research conclusions for this article. And the last section will represent the acknowledgments.
2. Vehicle network and security problems. The emergence and development of vehicle network bring us not only obvious security vulnerabilities, but also the flexibility increase of wireless access. So some inherent characteristics of vehicle network are actually the potential vulnerabilities, which are shown in the table (1).
As a self-organized network without centrality, cooperation between nodes is necessary for finding and maintaining routing of vehicle network. Limited resource and ability and insufficient effective physical protection of vehicle network are all resulted by the mobility of nodes. The main categories of threaten to routing security are shown in table (2).
Considering the vulnerability and insecurity, it is necessary to solve the problem of wireless node authentication. This paper will introduce trusted computing theory. It is the important characteristic of trusted computing to achieve high security level authentication of vehicle network at a lower cost, which will be mainly used in this paper.

Trusted solutions for VN nodes.
3.1. Trusted computing and direct anonymous attestation. Trusted computing is actually a hardware Trusted Platform Module, TPM for short. TPM can provide hardware basis for the connection from network nodes to trusted environment by physics. TPM security chip is the trusted root to avoid being tampered. The function of trusted root based on TPM is to achieve security authentication when accessing the network by direct anonymous attestation (DAA for short). DAA is a strategy to provide security assurance for authentication, it can also achieve remote authentication and authorized authentication without revealing its identify. The principle of DAA is shown in Figure 1. Camenisch-Lysyanskaya digital signature mechanism is adopted by DAA [9] to issue certificates for TPM member public keys. This mechanism can be divided into four steps: Step 1. Issue four public keys n,a,b and d by DAA publisher, where n is the modulus of RSA algorithm. The signature on the information can be represented by x, which can meet the requirements of the following formula:c e = a x b s d mod n Step 2. The public key signed by TPM is DAA = a x mod n , where x is the secret key of TPM; Step 3. s is picked as a random number to compute c = cb s mod n , and c is sent to the verifier; Step 4. The verifier should operate the following formula s + es = s , and d ≡ c e a −x b −s mod n is put in this formula. If the equation is true, it means that TPM really knows c, e, s .
Zero-knowledge proof [5], which is the basis of DAA, can prove its identification without disclosure of protected information. A zero-knowledge proof system of knowledge is actually a protocol between two parties called the prover and the verifier. The prover has some information that she wants to prove to Victor, but she doesn't want to tell the secret itself to Victor. The verifier asks the prover a series of questions, trying to find out if the prover really knows the secret or not. The verifier does not learn anything of the secret itself, even if he would cheat or not adhere to the protocol [12].
The mathematical basis of zero-knowledge proof is the difficulty and congruence class problem based on discrete logarithm. Two main kinds of typical methods to achieve zero-knowledge proof are Schnorr authentication scheme and Fiat-Shamir protocol, which are based on difficulty problem of discrete logarithm. These authentication schemes are all based on the traditional zero-knowledge proof schemes, which are as Fiugre 2 and Figure 3 [8]: 3.1.1. Schnorr authentication scheme. Zero-knowledge proof system has two parameters p and q, which are two prime numbers. And q is the prime factor of p-1, g = 1,and g p ≡ 1 mod q.The certifier takes x p to operate y p ≡ g xp mod p.Certifier P has known x p , y p , p, q, g and verifier V has known p, q, g.Then Schnorr authentication can be divided into four steps: Step 1. P generates a random number r 1 ∈ GF (p), where r 1 = 0 and S ≡ g r1 mod p is operated. And P sends (y p , S) to V ; Step 2. V generates a random number r 2 , and r 2 is sent to P ; Step 3. P operates v = r 1 + r 2 x p mod p and sends v to V ; Step 4. V verifies whether g v is equal to S(y p ) r2 .If g v is equal to S(y p ) r2 , should accept P , otherwise refuse.

3.1.2.
Protocol of Fiat-Shamir. This protocol was proposed by Fiat and Shamir as an identification scheme which is based on the difficulty of extracting square roots mod n when the factors of n are unknown. There is, however, a trade-off between the transmitted information size and memory size. The traditional Fiat-Shamir protocol may lead to a higher probability of forgery [4]. K.Ohta and T.Okamoto extended the original Fiat-Shamir scheme to overcome the above mentioned problem. And  in this paper, this improved Fiat-Shamir scheme will be used to achieve the zeroknowledge proof process.
It is supposed that there are k numbers about the identification of P , and the k numbers are x p1 , x p2 , · · · x pk . It is set that n = pq, and then it is necessary to operate y pi ≡ x 2 pi mod n . In the public document, the identity recorders of P can be represented by ID. And ID is a sequence such as y p1 , y p2 , · · · y pk . The implementation steps are the following: Step 1. A random number represented as r will be chosen byP , and r ∈ Z n . After that, it is necessary to compute r 2 mod n . And (P, r 2 ) will be assigned to V as an array by P ; Step 2. b = (b 1 , b 2 , · · · b k ) will be assigned to V as a sequence by P , and the value of b i can be zero or one, which is obtained randomly. So it is easily to extract that b i ∈ {0, 1}, i = 1, 2, · · · , k.
Step 3. It will be reasonable for P to operate y = rc 1 c 2 · · · c k . And the result value of y will be sent to V , where c i = 1, b i = 0 0, b i = 1 ; Step 4. Verification will be carried out by V . And if y 2 = r 2 k i=1 y bi pi mod m, the result will be accepted, otherwise it will be rejected by V . 3.2. VN security solutions based on trusted computing. In the existing vehicle networks, potential security risks are resulted by lack of trusted authentication interlinkage. Trusted computing can provide a high level trusted proxy mechanism for mobile agents. By trusted computing, a trust management for mobile agent running environment can be given. The core component of trust management is the keys generation which is based on the low level TPM [6]. Based on trusted computing, the original authentication and network trusted verification system should be improved firstly, thus the nodes trust problem of vehicle network can be solved.

3.2.1.
Upgrade scheme of VN based on trusted computing. The first improvement is to connect nodes of network users to TPM, which is the basis for achieving trusted installation. Terminal of TPM, one single security module and its endorsement key (EK for short) are used to generate the only DAA EK of independent group. This is the first step for issuing trusted certification based on trusted computing in vehicle network.
The second improvement is to add DAA issuing mechanism of third-party. Network nodes (TPM) of the third-party publisher are responsible for the verification efficiency and the transmitting of DAA secret key signature to network nodes.
The last transformation is to adopt new and special authentication servers. Because DAA private key x may be obtained from TPM, the authentication servers are used to monitor and detect fake TPM effectively.

3.2.2.
Authentication mechanism for VN based on trusted computing. The process of this mechanism can be divided into the following three steps: Step 1. The authenticated party is asked to operate N V = ζ x mod Γ , where P is a fake name.
Step 2. If the extracted data x is issued, the verifier will use this useless data to compute the above formula and compare with the N V from the authenticated party. If these two values are the same, the TPM is a fake one.
Step 3. If many same N V authentication requests are received at the same time or continuously, it should be determined whether or not the negative authentication will be given by specific applications and risk management strategy in order to satisfy some special situation such as the extracted data x has not been discovered.
In the above mechanism, the verifier is allowed to detect the fake TPM. And when using the different value changed in a certain frequency for every authenticated party, the verifiers can get some chance based on N V . Thus, the permission server should be divided into two parts, and one of them is used to authorize checking and accessing verification. According to the changes in three aspects, structure of vehicle network based on trusted computing is shown in Figure 4. 3.2.3. Certification system of VN based on trusted computing. There are three parts of this certification system. First, the user should generate a pair of DAA EKs and apply to the issuer for DAA public key certification before the application to license server. Second, DAA issuer will send the secret signature to the user after the verification. Last, the user apply to the license server again to produce a signature related to AIKi, verifier and time and to certify the possessing a signature related to DAA secret key from DAA issuer.

Security analysis and verification conclusions.
4.1. Security analysis. The most fundamental function of vehicle network based on trusted computing is to protect the reverse of equipment secret key. In the above simulation environment, zero-knowledge proof of TPM can solve secret key reverse and ensure the security of system because it is based on discrete logarithm difficulty. It is illustrated that the user has used EK public key only once when applying for DAA public verification to the issuer. At the same time, the user uses the group signature to ensure the users in the same DRMA group use the same DAA public key. DAA issuer can only identify the trusted legal users and make sure they have a pair of legal DAA secret key by EK public key and zero-knowledge proof. But both the issuer and verifier can't determine the accurate identify information of users by DAA public key, hence the anonymous attestation is achieved. The procedure of Figure 4 can be extracted and the steps of it are shown as Figure 5. At last, the security steps based on authorization check and verification of accessing nodes attestation server are in the following: (1) Interacting with TPM, Check-verifier can do frequency analysis and blacklist detection for it. Check-verifier can also sign and issue the one-time certificate and frequency certificate by binding DAA to TPM.
(2) Interacting with TPM, Access-verifier can determine whether the TPM accessing is permitted according to frequency certificate by using random number ζ.  4.2. Verification conclusions. According to the above analysis, trusted computing is an effective mechanism for vehicle network in order to satisfy the dependence on network nodes. The advantages of this mechanism can be concluded as follows: (1) It is impossible to identify a node by DAA public key, which can be used to ensure the reliability of this node, so the privacy of the node and the security of the accessing can be assured.
(2) Simulation experiment has verified DRMS of trusted computing. And there is no bottleneck problem in system because DAA certificate will be issued only for once.
(3) DAA certificate can be issued to manufacture and purchased platform. This characteristic is helpful to improve the security of vehicle network based on trusted computing.

5.
Conclusions. Vehicle network security is a new research filed with weakness, such as existent malicious nodes, which will result bigger hidden troubles on transportation based on vehicle network. And the offenders will not be investigated and held accountable most of the time. In this scheme, trusted computing theory is used to verify and monitor the network before the accessing of nodes to network. This theory can make sure the reliability of network nodes and the security of vehicle network. The future research will focus on authentication and assessment of vehicle network, TPM and other similar platforms.