VANET安全和隐私保护机制研究
|
摘要
车载自组织网络(Vehicular Ad Hoc Network,VANET)通过V2V(Vehicle to Vehicle)和V2I(Vehicle to Infrastructure)的无线通信,提高了车辆对周围环境的感知能力,从而在碰撞告警、路面安全、协作驾驶等方面具有广泛的应用。但是,由于VANET网络规模巨大、无线信道开放和移动轨迹可预见等特点,使其更易遭受安全和隐私威胁。攻击者可能窃听无线信道中广播消息、分析数据、预测轨迹、跟踪车辆;可能篡改黑匣子数据以逃避事故责任;可能伪造安全告警消息引起交通混乱;可能冒充基础设施发布虚假路况以满足特定需要。因此解决安全与隐私保护问题是成功部署VANET的前提。
论文分析了VANET的安全和隐私方面面临的威胁、需求以及挑战,针对VANET中车载设备安全、通信安全、身份隐私保护、位置隐私保护四个关键问题展开深入研究,主要研究工作如下:
(1)提出基于无可信中心的车载黑匣子安全编码与协同解码模型。
目前黑匣子设计时较少考虑数据安全性,为此,论文提出高安全的黑匣子编码与解码模型。模型由秘密分发、安全编码、协同解码、秘密份额更新、联合颁发份额五个协议组成,采用AES加密、HMAC消息认证、椭圆曲线加密与签名、秘密共享等密码算法。在不影响黑匣子使用的前提下,模型保证了数据的机密性和完整性,实现了无可信中心的多个成员的协同解码,解决了解码组成员份额泄露和成员变更等问题。安全性分析表明,模型具有公平性、完备性、动态性、后向保密和前向保密性。
(2)设计轻量级可扩展的VANET安全通信框架。
针对当前VANET数字签名机制引起过高的通信和计算开销的问题,提出轻量级可扩展的VANET安全通信框架。框架面向V2I点到点通信、V2V点到点通信、V2V广播通信,兼顾RSU部署的情况,设计5个安全协议。两方密钥的分发与协商、群密钥的分发与协商被融入到5个协议的设计中。引入异或、HASH、HMAC等轻量级密码学原语,4个协议的计算和通信开销不随节点个数呈线性增长,体现良好的性能和扩展性。安全性分析表明,协议簇具有保密、认证等安全属性,特别是V2V群密钥协商协议的提出,解决了已有协议节点加入和退出导致密钥暴露的问题,实现了密钥的独立性。
(3)提出基于盲签名和秘密共享的车辆假名管理方案。
假名是实现隐私保护的有效方法,交通事故责任判定要求假名是可揭露的。大多数假名方案中权威不仅可以揭露假名,也可以伪造假名。为此,给出了基于盲签名和秘密共享的车辆假名管理方案。设计新的部分盲签名协议以满足盲签时嵌入ID,验证时不公开ID的新需求;尝试盲签名与Cut-Choose相结合、部分盲签名两种方法颁发假名证书;改进RSA密钥共享方法,设计完全分布式假名追踪协议;寻找携带假名证书的最优消息数,设计有效的假名认证协议,降低了通信开销。追踪组可直接打开假名,节省了追踪组假名存储和搜索的开销。安全性分析表明,方案除了满足匿名、可追踪和可撤销性,在强不可伪造性、健壮性方面要优于已有方案。
(4)提出基于群签名和不经意传输的车辆身份隐私保护方案。
在大多数的基于群签名的安全和隐私保护协议中,私钥由群管理员产生,分发者知道每个用户的私钥,容易遭受私钥泄露的攻击。针对这一问题,提出一种基于群签名和不经意传输的车辆身份隐私保护方案,方案由系统初始化、车辆注册、消息签名、批验证、联合追踪、车辆撤销六部分组成。车辆注册时,一部分私钥由自己产生,另一部分基于不经意传输协议由管理权威颁发,管理权威只能以较低的概率获得车辆私钥。验证时,采用批验证方法,判断签名集合中是否包含无效签名。追踪时,基于秘密共享方案,实现权威的联合追踪。撤销时,由管理权威对撤销列表预处理后发布,节省单个车辆的计算时间。安全性分析表明,方案具有强不可伪造性、匿名性、可追踪性、健壮性和可撤销性。性能分析表明,批验证和撤销预处理减少了签名消息验证和处理撤销列表时间,方案整体的通信和计算代价与已有方案相近。
(5)设计面向基于位置服务的车辆位置隐私保护协议。
具有TTP结构的k匿名导致TTP成为性能瓶颈,已有无TTP匿名协议不能抵抗多用户和LBS提供者P的合谋攻击以及不诚实用户的主动攻击。为此,论文提出两个无TTP的位置隐私保护协议。论文首先讨论了匿名度k的选取,建议根据所在城市的汽车密度、用户所希望的匿名区域面积、网络延迟及跳数限制等因素,动态确定匿名度k,减少组建同伴集合的等待时延。论文借鉴可验证秘密共享的思想,设计安全多方计算协议,实现车辆对同伴集合中心位置的保密计算。利用Paillier同态密码和密钥协商技术,设计位置隐私保护协议,实现服务提供商对中心位置的保密计算;伪装位置时添加的扰动整体可消除,LBS服务质量不受扰动影响。两个协议都无需TTP,避免了性能瓶颈和单点失败问题;不仅具有匿名性,而且可抵抗多用户和P的合谋攻击。
Vehicle to vehicle (V2V) and vehicle to infrastructure (V2I) communications improvevehicle’s perception from the surrounding environment. Vehicular ad hoc network (VANET)will beused widely in collision avoidance, road-hazard notification and coordinated driving systems.Because it has characteristics of a huge-scale network, an open wireless channel and a predictablemobile trajectory, it is more vulnerable to security and privacy threats. For example, an attackermight eavesdrop on broadcast messages, analyze data, predict the trajectory and track a vehicle; itmight tamper with the data in event data record to evade accident liability; it might forge warningmessages to cause traffic chaos; it might impersonate an emergency vehicle to mislead othervehicles to slow down. So how to solve security and privacy issues is the premise of a successfuldeployment of VANET.
Based on the deep understanding of the threats, the requirements and the challenges ofsecurity and privacy in VANET, we focus on four key issues in VANET: on-board device security,communication security, identity privacy preservation and location privacy preservation. Our mainresearch works are summarized as follows:
(1) Propose an encoding and decoding model of vehicle black box based on secret sharingwithout a trusted center.
Because data security is rarely considered in the current design of a black box, we propose ahigh security model of a black box. The model is composed of five protocols including distributionof secrets, secure coding, collaborative decoding, secret share updating and jointly issuing share.Cryptograph primitives, such as AES encryption, HMAC message authentication, elliptic curvecryptograph and secret sharing, are adopted. On the precise that the work of the black box is notinfluenced, the model can ensure the confidentiality and integrity of vehicle data, achievecollaborative decoding without a trust center, and solve some problems such as the disclosure ofsecret shadow and the change of members. So it has the characteristic of completeness, fairness,dynamic adaptability, backward secrecy and forward secrecy.
(2) Design a lightweight scalable framework of vehicular secure communication.
Nowadays, the digital signature mechanism produces high communication and computation costs. Therefore we design a lightweight scalable framework of vehicular secure communication.Considering whether RSUs are deployed or not, the five protocols are given respectively for pointto point and broadcast communications in V2V and V2I. The distribution and agreement protocolsof two-party key and group key are integrated into the five protocols. The lightweight cryptographyprimitives, such as XOR, HASH and HMAC, are introduced. Furthermore, the computation andcommunication costs of the four protocols don’t increase linearly with the number of nodes. Sothey have good performance and scalability. The security analysis shows these protocols havesecurity attributes such as confidentiality and authentication. Especially the group key agreementprotocol for V2V is provided, and it solves the problem that the keys are disclosed due to the nodewhen joining or leaving the group. So it realizes key independence.
(3) Propose a pseudonym management scheme for VANET based on blind signature and secretsharing.
Pseudonym is an effective way to achieve privacy protection, and it sometimes requires to bedisclosed for determining traffic liability. In most pseudonym schemes, an authority not onlydisclosed a pseudonym, but also forged a pseudonym. Therefore we give a distributed pseudonymmanagement scheme for VANET. In this scheme, a new partial blind signature protocol is proposedin order to meet the requirement that ID is explicitly included in the blind signature, and ID is notexposed for verification. The blind signature with cut-choose method and the partially blindsignature method are used to issue pseudonym certificates. Based on the improved method ofshared RSA keys, we design a distributed pseudonym tracking protocol. To reduce thecommunication cost, an efficient pseudonym authentication mechanism is proposed by finding theoptimal number of messages with the pseudonym certificate. A pseudonym can be opened bytracking authorities directly, resulting in no search cost and little storage cost for tracking. Securityanalysis shows that the scheme has the characteristic of anonymity, traceability and revocability.And it is superior to the existing schemes in terms of robustness and unforgeability againstauthority forge attack.
(4)Propose a privacy protection scheme for VANET based on oblivious transfer and groupsignature.
Most protocols based on group signature are vulnerable to the attack from authority forgerybecause the private key of a group member is produced by a group manager. To resolve theproblem, a strong privacy protection scheme is proposed. The protocol is composed of initialization,registration, signature, verification, joint tracking and revocation. During registration, one part ofthe private key is generated by a member; the other part is generated by a manager using theoblivious transfer method; the manager obtains the private key with a low probability. Batch verification method is used to decide whether a set of messages signed contains an invalid signature.Joint tracking is adopted based on secret sharing and a revocation list is preprocessed beforebroadcast. Security analysis shows that the scheme has the characteristic of anonymity, traceability,unforgeability and robustness. Performance analysis shows the costs for verification and revocationare reduced due to the operations of batch verification and preprocessing revocation. And theoverall costs of communication and computation in our scheme is similar to the existing schemes.
(5)Design two location privacy preserving protocols for LBS in VANET.
Location k-anonymity methods with a trusted third party (TTP) enable the TTP to become theperformance bottleneck. The methods without a TTP avoid the problem. But the existing protocolscannot resist passive attacks from multiple users colluded with the LBS provider (P) and activeattacks from dishonest users. Therefore we give two location privacy preserving protocols forVANET. Considering the vehicle density in city, the expected anonymous area size and the networktopology, an anonymity parameter k is determined dynamically and a companion set is generatedwith less delay. Based on verifiable secret share, a secure multi-party computation protocol is given,in which a vehicle can calculate privately the center position of the companion set. In order that aLBS provider can calculate the center position privately, another protocol is suggested based onPaillier homomorphic encryption and Diffile-Hellman key agreement; the perturbation fordisguising the true position can be removed in whole. The both protocols without a TTP not onlyavoid performance bottleneck and single point of failure, but also resist passive attacks frominsiders and outsiders.
论文分析了VANET的安全和隐私方面面临的威胁、需求以及挑战,针对VANET中车载设备安全、通信安全、身份隐私保护、位置隐私保护四个关键问题展开深入研究,主要研究工作如下:
(1)提出基于无可信中心的车载黑匣子安全编码与协同解码模型。
目前黑匣子设计时较少考虑数据安全性,为此,论文提出高安全的黑匣子编码与解码模型。模型由秘密分发、安全编码、协同解码、秘密份额更新、联合颁发份额五个协议组成,采用AES加密、HMAC消息认证、椭圆曲线加密与签名、秘密共享等密码算法。在不影响黑匣子使用的前提下,模型保证了数据的机密性和完整性,实现了无可信中心的多个成员的协同解码,解决了解码组成员份额泄露和成员变更等问题。安全性分析表明,模型具有公平性、完备性、动态性、后向保密和前向保密性。
(2)设计轻量级可扩展的VANET安全通信框架。
针对当前VANET数字签名机制引起过高的通信和计算开销的问题,提出轻量级可扩展的VANET安全通信框架。框架面向V2I点到点通信、V2V点到点通信、V2V广播通信,兼顾RSU部署的情况,设计5个安全协议。两方密钥的分发与协商、群密钥的分发与协商被融入到5个协议的设计中。引入异或、HASH、HMAC等轻量级密码学原语,4个协议的计算和通信开销不随节点个数呈线性增长,体现良好的性能和扩展性。安全性分析表明,协议簇具有保密、认证等安全属性,特别是V2V群密钥协商协议的提出,解决了已有协议节点加入和退出导致密钥暴露的问题,实现了密钥的独立性。
(3)提出基于盲签名和秘密共享的车辆假名管理方案。
假名是实现隐私保护的有效方法,交通事故责任判定要求假名是可揭露的。大多数假名方案中权威不仅可以揭露假名,也可以伪造假名。为此,给出了基于盲签名和秘密共享的车辆假名管理方案。设计新的部分盲签名协议以满足盲签时嵌入ID,验证时不公开ID的新需求;尝试盲签名与Cut-Choose相结合、部分盲签名两种方法颁发假名证书;改进RSA密钥共享方法,设计完全分布式假名追踪协议;寻找携带假名证书的最优消息数,设计有效的假名认证协议,降低了通信开销。追踪组可直接打开假名,节省了追踪组假名存储和搜索的开销。安全性分析表明,方案除了满足匿名、可追踪和可撤销性,在强不可伪造性、健壮性方面要优于已有方案。
(4)提出基于群签名和不经意传输的车辆身份隐私保护方案。
在大多数的基于群签名的安全和隐私保护协议中,私钥由群管理员产生,分发者知道每个用户的私钥,容易遭受私钥泄露的攻击。针对这一问题,提出一种基于群签名和不经意传输的车辆身份隐私保护方案,方案由系统初始化、车辆注册、消息签名、批验证、联合追踪、车辆撤销六部分组成。车辆注册时,一部分私钥由自己产生,另一部分基于不经意传输协议由管理权威颁发,管理权威只能以较低的概率获得车辆私钥。验证时,采用批验证方法,判断签名集合中是否包含无效签名。追踪时,基于秘密共享方案,实现权威的联合追踪。撤销时,由管理权威对撤销列表预处理后发布,节省单个车辆的计算时间。安全性分析表明,方案具有强不可伪造性、匿名性、可追踪性、健壮性和可撤销性。性能分析表明,批验证和撤销预处理减少了签名消息验证和处理撤销列表时间,方案整体的通信和计算代价与已有方案相近。
(5)设计面向基于位置服务的车辆位置隐私保护协议。
具有TTP结构的k匿名导致TTP成为性能瓶颈,已有无TTP匿名协议不能抵抗多用户和LBS提供者P的合谋攻击以及不诚实用户的主动攻击。为此,论文提出两个无TTP的位置隐私保护协议。论文首先讨论了匿名度k的选取,建议根据所在城市的汽车密度、用户所希望的匿名区域面积、网络延迟及跳数限制等因素,动态确定匿名度k,减少组建同伴集合的等待时延。论文借鉴可验证秘密共享的思想,设计安全多方计算协议,实现车辆对同伴集合中心位置的保密计算。利用Paillier同态密码和密钥协商技术,设计位置隐私保护协议,实现服务提供商对中心位置的保密计算;伪装位置时添加的扰动整体可消除,LBS服务质量不受扰动影响。两个协议都无需TTP,避免了性能瓶颈和单点失败问题;不仅具有匿名性,而且可抵抗多用户和P的合谋攻击。
Vehicle to vehicle (V2V) and vehicle to infrastructure (V2I) communications improvevehicle’s perception from the surrounding environment. Vehicular ad hoc network (VANET)will beused widely in collision avoidance, road-hazard notification and coordinated driving systems.Because it has characteristics of a huge-scale network, an open wireless channel and a predictablemobile trajectory, it is more vulnerable to security and privacy threats. For example, an attackermight eavesdrop on broadcast messages, analyze data, predict the trajectory and track a vehicle; itmight tamper with the data in event data record to evade accident liability; it might forge warningmessages to cause traffic chaos; it might impersonate an emergency vehicle to mislead othervehicles to slow down. So how to solve security and privacy issues is the premise of a successfuldeployment of VANET.
Based on the deep understanding of the threats, the requirements and the challenges ofsecurity and privacy in VANET, we focus on four key issues in VANET: on-board device security,communication security, identity privacy preservation and location privacy preservation. Our mainresearch works are summarized as follows:
(1) Propose an encoding and decoding model of vehicle black box based on secret sharingwithout a trusted center.
Because data security is rarely considered in the current design of a black box, we propose ahigh security model of a black box. The model is composed of five protocols including distributionof secrets, secure coding, collaborative decoding, secret share updating and jointly issuing share.Cryptograph primitives, such as AES encryption, HMAC message authentication, elliptic curvecryptograph and secret sharing, are adopted. On the precise that the work of the black box is notinfluenced, the model can ensure the confidentiality and integrity of vehicle data, achievecollaborative decoding without a trust center, and solve some problems such as the disclosure ofsecret shadow and the change of members. So it has the characteristic of completeness, fairness,dynamic adaptability, backward secrecy and forward secrecy.
(2) Design a lightweight scalable framework of vehicular secure communication.
Nowadays, the digital signature mechanism produces high communication and computation costs. Therefore we design a lightweight scalable framework of vehicular secure communication.Considering whether RSUs are deployed or not, the five protocols are given respectively for pointto point and broadcast communications in V2V and V2I. The distribution and agreement protocolsof two-party key and group key are integrated into the five protocols. The lightweight cryptographyprimitives, such as XOR, HASH and HMAC, are introduced. Furthermore, the computation andcommunication costs of the four protocols don’t increase linearly with the number of nodes. Sothey have good performance and scalability. The security analysis shows these protocols havesecurity attributes such as confidentiality and authentication. Especially the group key agreementprotocol for V2V is provided, and it solves the problem that the keys are disclosed due to the nodewhen joining or leaving the group. So it realizes key independence.
(3) Propose a pseudonym management scheme for VANET based on blind signature and secretsharing.
Pseudonym is an effective way to achieve privacy protection, and it sometimes requires to bedisclosed for determining traffic liability. In most pseudonym schemes, an authority not onlydisclosed a pseudonym, but also forged a pseudonym. Therefore we give a distributed pseudonymmanagement scheme for VANET. In this scheme, a new partial blind signature protocol is proposedin order to meet the requirement that ID is explicitly included in the blind signature, and ID is notexposed for verification. The blind signature with cut-choose method and the partially blindsignature method are used to issue pseudonym certificates. Based on the improved method ofshared RSA keys, we design a distributed pseudonym tracking protocol. To reduce thecommunication cost, an efficient pseudonym authentication mechanism is proposed by finding theoptimal number of messages with the pseudonym certificate. A pseudonym can be opened bytracking authorities directly, resulting in no search cost and little storage cost for tracking. Securityanalysis shows that the scheme has the characteristic of anonymity, traceability and revocability.And it is superior to the existing schemes in terms of robustness and unforgeability againstauthority forge attack.
(4)Propose a privacy protection scheme for VANET based on oblivious transfer and groupsignature.
Most protocols based on group signature are vulnerable to the attack from authority forgerybecause the private key of a group member is produced by a group manager. To resolve theproblem, a strong privacy protection scheme is proposed. The protocol is composed of initialization,registration, signature, verification, joint tracking and revocation. During registration, one part ofthe private key is generated by a member; the other part is generated by a manager using theoblivious transfer method; the manager obtains the private key with a low probability. Batch verification method is used to decide whether a set of messages signed contains an invalid signature.Joint tracking is adopted based on secret sharing and a revocation list is preprocessed beforebroadcast. Security analysis shows that the scheme has the characteristic of anonymity, traceability,unforgeability and robustness. Performance analysis shows the costs for verification and revocationare reduced due to the operations of batch verification and preprocessing revocation. And theoverall costs of communication and computation in our scheme is similar to the existing schemes.
(5)Design two location privacy preserving protocols for LBS in VANET.
Location k-anonymity methods with a trusted third party (TTP) enable the TTP to become theperformance bottleneck. The methods without a TTP avoid the problem. But the existing protocolscannot resist passive attacks from multiple users colluded with the LBS provider (P) and activeattacks from dishonest users. Therefore we give two location privacy preserving protocols forVANET. Considering the vehicle density in city, the expected anonymous area size and the networktopology, an anonymity parameter k is determined dynamically and a companion set is generatedwith less delay. Based on verifiable secret share, a secure multi-party computation protocol is given,in which a vehicle can calculate privately the center position of the companion set. In order that aLBS provider can calculate the center position privately, another protocol is suggested based onPaillier homomorphic encryption and Diffile-Hellman key agreement; the perturbation fordisguising the true position can be removed in whole. The both protocols without a TTP not onlyavoid performance bottleneck and single point of failure, but also resist passive attacks frominsiders and outsiders.
引文
[1] Raya M, Hubaux J P. Securing vehicular ad hoc networks [J]. Journal of Computer Security,2007,15(1):39-68.
[2] Federal Communications Commission. News Release, October1999.[on-line] Available at:http://www.fcc.gov/Bureaus/Engineering Technology/News Releases/1999/nret9006.html.
[3] CAR2CAR Communication Consortium, CAR2CAR communication consortium manifesto,overview of the C2C-CC system, version1.1, August2007.
[4] Xiang W, Richardson P, Guo J. Introduction and preliminary experimental results of wirelessaccess for vehicular environments (WAVE) systems[C]. Mobile and UbiquitousSystems-Workshops,2006.3rd Annual International Conference on. IEEE,2006:1-8.
[5] IEEE1609-Family of Standards for Wireless Access in Vehicular Environments (WAVE).U.S. Department of Transportation. January9,2006. http://www.standards.its.dot.gov/Factsheets/Factsheet/80.
[6]802.11p-2010-IEEE Standard for Information technology. http://standards.ieee.org/findstds/standard/802.11p-2010.html.
[7] Blum J, Eskandarian A, Hoffman L. Challenges of intervehicle adhoc networks. IEEE Trans.Intell. Transp. Syst., vol.5, no.4, pp.347–351, Dec.2004.
[8] Yousefi S, Mousavi M S, Fathy M. Vehicular ad hoc networks (VANETs): challenges andperspectives [C]. In ITS Telecommunications Proceedings,20066th International Conferenceon. IEEE,2006:761-766.
[9] Borgonovo F, Capone A, Cesana M, et al. ADHOC MAC: new MAC architecture for ad hocnetworks providing efficient and reliable point-to-point and broadcast services [J]. WirelessNetworks,2004,10(4):359-366.
[10] Biswas S, Tatchikou R, Dion F. Vehicle-to-vehicle wireless communication protocols forenhancing highway traffic safety [J]. Communications Magazine, IEEE,2006,44(1):74-82.
[11] Fukuhara T, Warabino T, Ohseki T, et al. Broadcast methods for inter-vehiclecommunications system [C]. In Wireless Communications and Networking Conference,2005IEEE. IEEE,2005,4:2252-2257.
[12] Li X, Nguyen T D, Martin R P. Using adaptive range control to maximize1-hop broadcastcoverage in dense wireless networks [C].In Sensor and Ad Hoc Communications andNetworks,2004. IEEE SECON2004.2004First Annual IEEE Communications SocietyConference on. IEEE,2004:397-405.
[13] Artimy M M, Robertson W, Phillips W J. Assignment of dynamic transmission range based onestimation of vehicle density[C]. In Proceedings of the2nd ACM international workshop onVehicular ad hoc networks. ACM,2005:40-48.
[14] Davis J A, Fagg A H, Levine B N. Wearable computers as packet transport mechanisms inhighly-partitioned ad-hoc networks [C]. In Wearable Computers,2001Proceedings. FifthInternational Symposium on. IEEE,2001:141-148.
[15] Bose P, Morin P, Stojmenovi I, et al. Routing with guaranteed delivery in ad hoc wirelessnetworks [J]. Wireless networks,2001,7(6):609-616.
[16] Niculescu D, Nath B. Trajectory based forwarding and its applications [C]. In Proceedings ofthe9th annual international conference on Mobile computing and networking. ACM,2003:260-272.
[17] Little T D C, Agarwal A. An information propagation scheme for VANETs [C]. In IntelligentTransportation Systems,2005. Proceedings.2005IEEE. IEEE,2005:155-160.
[18] Wu H, Fujimoto R, Guensler R, et al. MDDV: a mobility-centric data dissemination algorithmfor vehicular networks [C]. In Proceedings of the1st ACM international workshop onVehicular ad hoc networks, ACM,2004:47-56.
[19] Choffnes D R, Bustamante F E. An integrated mobility and traffic model for vehicularwireless networks[C]. Proceedings of the2nd ACM international workshop on Vehicular adhoc networks. ACM,2005:69-78.
[20] Eichler S, Ostermaier B, Schroth C, et al. Simulation of car-to-car messaging: Analyzing theimpact on road traffic[C].Modeling, Analysis, and Simulation of Computer andTelecommunication Systems,2005.13th IEEE International Symposium on. IEEE,2005:507-510.
[21] Parno B, Perrig A. Challenges in securing vehicular networks. In: Proceedings of the fourthworkshop on hot topics in networks (HotNets-IV),2005.
[22] D tzer F. Privacy issues in vehicular ad hoc networks. Workshop on privacy enhancingtechnologies, Cavtat, Croatia,2005,197-209.
[23] Raya M, Hubaux J P. The security of vehicular ad hoc networks [C]. In Proceedings of the3rdACM workshop on Security of ad hoc and sensor networks, Alexandria, USA,2005,11-21.
[24]陈辰,韩伟力,王新. VANET安全技术综述[J].小型微型计算机系统,2011,32(5):896-904.
[25] Furgel I, Lemke K. A review of the digital tachograph system [M]. Embedded Security inCars. Springer Berlin Heidelberg,2006:69-94.
[26] Intelligent Transportation Systems Committee. IEEE trial-use standard for wireless access invehicular environments-security services for applications and management messages[J]. IEEEVehicular Technology Society Standard,2006,1609:2006.
[27] M. Raya, A. Aziz, J.P. Hubaux, Efficient secure aggregation in VANETs, in: Proceedings ofVANET’06,2006.
[28] Tseng H R, Jan R H, Yang W, et al. A Secure Aggregated message authentication scheme forVehicular Ad-Hoc Networks[C]//18th World congress on Intelligent Transportation systems.2011.
[29] Zhang C, Lin X, Lu R, et al. An efficient message authentication scheme for vehicularcommunications[J]. Vehicular Technology, IEEE Transactions on,2008,57(6):3357-3368.
[30] Wang N W, Huang Y M, Chen W M. A novel secure communication scheme in vehicular adhoc networks [J]. Computer communications,2008,31(12):2827-2837.
[31] Hu C, Chim T W, Yiu S M, et al. Efficient HMAC-based secure communication forVANETs[J]. Computer Networks,2012,56(9):2292-2303.
[32] Hu Y C, Laberteaux K P. Strong VANET security on a budget [C]. Proceedings of Workshopon Embedded Security in Cars (ESCAR).2006.
[33] Boyd C, Mathuria A. Protocols for authentication and key establishment[M]. Springer,2003.
[34] Harney H. Group key management protocol (GKMP) architecture[J]. Group,1997.
[35] Burmester M, Desmedt Y. A secure and efficient conference key distribution system[C].Advances in Cryptology—EUROCRYPT'94. Springer Berlin Heidelberg,1995:275-286.
[36] Wang J, Pan J, Zhu H W. ID-Based Authenticated Dynamic Group Key Agreement[J]. Journalof Shanghai Jiaoting University (Science),2005,10(3):236-241.
[37] Dutta R, Barua R. Provably secure constant round contributory group key agreement indynamic setting[J]. Information Theory, IEEE Transactions on,2008,54(5):2007-2025.
[38] Deepakumara J, Heys H M, Venkatesan R. Performance comparison of messageauthentication code (MAC) algorithms for Internet protocol security (IPSEC)[C].Proc.Newfoundland Electrical and Computer Engineering Conf.2003.
[39]朱建明,马建峰.一种高效的具有用户匿名性的无线认证协议[J].通信学报,2004,25(6):12-18.
[40]彭华熹,冯登国.匿名无线认证协议的匿名性缺陷和改进[J].通信学报,2006,27(9):78-85.
[41] Brickell E, Camenisch J, Chen L. Direct anonymous attestation [C]. Proceedings of the11thACM conference on Computer and communications security. ACM,2004:132-145.
[42]于爱民,初晓博,冯登国.基于可信芯片的终端平台匿名身份建立方法研究[J].计算机学报,2010,33(9):1703-1712.
[43]吴振强,周彦伟,乔子芮.一种可控可信的匿名通信方案[J].计算机学报,2010,33(9):1686-1702.
[44] Van Den Berg E, Zhang T, Pietrowicz S. Blend-in: a privacy-enhancing certificate-selectionmethod for vehicular communication [J]. IEEE Transactions on Vehicular Technology,2009,58(9):5190-5199.
[45] Raya M, Hubaux J P. The security of vehicular ad hoc networks [C]. In Proceedings of the3rdACM workshop on Security of ad hoc and sensor networks, Alexandria, USA,2005:11-21.
[46] Raya M, Hubaux J P. Securing vehicular ad hoc networks [J]. Journal of Computer Security,2007,15(1):39-68.
[47] Lin X, Sun X, Ho P, Shen X. GSIS: Secure vehicular communications with privacypreserving [J]. IEEE Transactions on vehicular technology,2007,56(6):3442–3456.
[48] Calandriello G, Papadimitratos P, Hubaux J P, Lioy A. Efficient and robust pseudonymousauthentication in VANET [C]. In Proceedings of the fourth ACM international workshop onVehicular ad hoc networks, Montreal, Canada, Sept.2007:19-28.
[49] Calandriello G, Papadimitratos P, Hubaux J P, Lioy A. On the performance of securevehicular communication systems[J]. IEEE Transactions on Dependable and SecureComputing,2011,8(6):898-912.
[50] Lu R, Lin X, Zhu H, et al. ECPP: Efficient conditional privacy preservation protocol forsecure vehicular communications [C]. In IEEE INFOCOM, Phoenix, AZ,2008:1229–1237.
[51] Zhang L, Wu Q, Solanas A. A scalable robust authentication protocol for secure vehicularcommunications [J]. IEEE Transactions on Vehicular Technology,2010,59(4):1606–1617.
[52] Hao Y, Chen Y, Zhou C, et al. A distributed key management framework with cooperativemessage authentication in VANETs [J]. IEEE Journal on Selected Areas in Communications,2011,29(3):616-629.
[53] Boneh D, Boyen X, Shacham H. Short group signatures [C]. In Advances in Crypto’04,LNCS3152,2004:41-55.
[54]田子健,王继林,伍云霞.一个动态的可追踪匿名认证方案[J].电子与信息学报,2005,27(11):1737-1740.
[55]李梦东,杨义先.无可信第三方的离线电子现金匿名性控制[J].电子学报,2005,33(3):456-458.
[56] Schaub F, Kargl F, Ma Z, and Weber M. V-tokens for conditional pseudonymity in VANETs.in IEEE Wireless Communications&Networking Conference, Sydney, NSW,2010:1-6.
[57]贾金营,张凤荔.位置隐私保护技术综述[J].计算机应用研究,2013,30(3):641-646.
[58]张建明,赵玉娟,江浩斌等.车辆自组网的位置隐私保护技术研究[J].通信学报,2012,33(8):180-189.
[59] Buttyan L, Holczer T, Vajda I. On the effectiveness of changing pseudonyms to providelocation privacy in VANET. Proceedings of ESAS’07[C].2007:129-141.
[60] Beresford A R, Stajano F. Location Privacy in Pervasive Computing [J]. IEEE PervasiveComputing,2003,2(1):46–55.
[61] Huang L, Matsuura K, Yamane H, et al. Enhancing wireless location privacy using silentperiod [C]. In Proc. IEEE WCNC2005. March2005.
[62] Buttyán L, Holczer T, Weimerskirch A, et al. Slow: A practical pseudonym changing schemefor location privacy in vanets[C]. Vehicular Networking Conference (VNC),2009IEEE.IEEE,2009:1-8.
[63] Freudiger J, Raya M, Félegyházi M, et al. Mix-zones for location privacy in vehicularnetworks [C]. In Proceedings of the first international workshop on wireless networking forintelligent transportation systems (Win-ITS).2007.
[64] Dok H, Fu H, Echevarria R, Weerasinghe H. Privacy Issues of Vehicular Ad-HocNetworks[J]. International Journal of Future Generation Communication and Networking,2010,3(1):17-32.
[65] Wasef A, Shen X. REP: Location Privacy for VANETs Using Random Encryption Periods [J].Mobile Netw Appl,2010,15:172–185.
[66] Xue X, Ding J. LPA: a new location-based privacy-preserving authentication protocol inVANET[J]. Security Comm. Networks,2012:69–78.
[67] Sweeney L, k-anonymity: a model for protecting privacy[J]. International Journal ofUncertainty, Fuzziness and Knowledge Based Systems,2002,10(5):557–570.
[68] Gruteser M, Grunwald D. Anonymous Usage of Location-Based Services through Spatial andTemporal Cloaking [C]. In Proceedings ACM Int’l Conf. Mobile Systems, Applications, andServices (Mo-biSys’03),2003.
[69] Gedik B, Liu L. Protecting location privacy with personalized k-anonymity: Architecture andalgorithms[J]. IEEE Transactions on Mobile Computing.2008,7(1):1–18.
[70]周傲英,杨彬,金澈清,马强.基于位置的服务:架构与进展[J].计算机学报,2011,34(7):1155-1171.
[71] Solanas A, Mart′nez-Balleste A. Privacy protection in location-based services through apublic-key privacy homomorphism[C]. EuroPKI2007:362–368,2007.
[72] Solanas A, Mart′nez-Balleste A. A TTP-free protocol for location privacy in location-basedservices [J]. Computer Communications Journal,2008,31:1181–1191.
[73] Hashem T, Kulik L. Don't trust anyone: Privacy protection for location-based services [J].Journal of Pervasive Mobile Computing,2011,7:44-59.
[74] Ashouri-Talouki M, Baraani-Dastjerdi A, Sel uk A A. GLP: A cryptographic approach forgroup location privacy [J]. Computer Communications,2012,35(12):1527-1533.
[75]黄毅,霍峥,孟小峰. CoPrivacy:一种用户协作无匿名区域的位置隐私保护方法[J].计算机学报,2011,34(10):1976-1985.
[76] Chor B, Kushilevitz E, Goldreich O, et al. Private information retrieval[J]. Journal of theACM (JACM),1998,45(6):965-981.
[77] Ghinita G, Kalnis P, Khoshgozaran A, et al. Private queries in location based services:anonymizers are not necessary[C]. Proceedings of the2008ACM SIGMOD internationalconference on Management of data. ACM,2008:121-132.
[78] Yi X, Kaosar M, Paulet R, et al. Single-Database Private Information Retrieval from FullyHomomorphic Encryption[J].2013.
[79] Johnson D, Menezes A, Vanstone S. The elliptic curve digital signature algorithm(ECDSA)[J]. International Journal of Information Security,2001,1(1):36-63.
[80] Shamir A. How to share a secret[J]. Communications of the ACM,1979,22(11):612-613.
[81] Blakley G R. Safeguarding cryptographic keys[C]. Managing Requirements Knowledge,International Workshop on. IEEE Computer Society,1899:313.
[82] Asmuth C, Bloom J. A modular approach to key safeguarding[J]. Information Theory, IEEETransactions on,1983,29(2):208-210.
[83]熊焰,苗付友,张伟超,王行甫.移动自组网中基于多跳步加密签名函数签名的分布式认证[J].电子学报,2003,31(2):161-165.
[84] Feldman P. A practical scheme for non-interactive verifiable secret sharing[C]. Foundationsof Computer Science,1987,28th Annual Symposium on. IEEE,1987:427-438.
[85] Pedersen T P. Non-interactive and information-theoretic secure verifiable secret sharing[C].In Advances in Cryptology—CRYPTO’91. Springer Berlin Heidelberg,1992:129-140.
[86] Chaum D, VAN H. Group signtures[C]. In: Advances in Cryptology EUROCRYPT’91.LNCS547. Berlin: Springer-Verlag,1991:257-265.
[87] Camenisch J, Stadler M. Effient group signature schemes for large groups[C]. In Proceedingsof CRYPT'97, Lecture Notes in Computer Science, Berlin: Springer-Verlag,1997.1296:410-424.
[88] Ateniese G, Song D, Tsusdik G. Quasi-efficient revocation of group signatures [C]. InFinancial Cryptography, LNCS2357. Springer-Verlag,2002.183-197.
[89] Bellare M, Miner S. A Forward-secure Digital Signature Scheme[C]. Advances inCryptology-Crypto’99Proceedings, Berlin: SpringerVerlag,1999:143-156.
[90] Chaum D. Blind Signatures for Untraceable Payments [C]. In Crypto.1982,82:199-203.
[91] Chaum D. Blind Signature System. Crypto’83[J].1984:153-158.
[92] Okamoto T. Provably secure and practical identification schemes and corresponding signatureschemes [C]. Advances in Cryptology-CRYPTO’92. Springer Berlin Heidelberg,1993:31-53.
[93] Camenisch J L, Piveteau J M, Stadler M A. Blind signatures based on the discrete logarithmproblem [C]. Advances in Cryptology-EUROCRYPT'94. Springer Berlin Heidelberg,1995:428-432.
[94] Mohammed E, Emarah A E, El-Shennaway K. A blind signature scheme based on ElGamalsignature[C]. Radio Science Conference,2000.17th NRSC'2000. Seventeenth National. IEEE,2000: C25/1-C25/6:51-53.
[95] Fan C I, Lei C L. Efficient blind signature scheme based on quadratic residues [J]. ElectronicsLetters,1996,32(9):811-813.
[96] Lysyanskaya A, Ramzan Z. Group blind digital signatures: A scalable solution to electroniccash [C]. Financial Cryptography. Springer Berlin Heidelberg,1998:184-197.
[97] Lin W D, Jan J K. A security personal learning tools using a proxy blind signature scheme [C].In Proceedings of International Conference on Chinese Language Computing. Illinois, USA,2000:273-277.
[98] Camenisch J, Koprowski M, Warinschi B. Efficient blind signatures without random oracles
[M]. Security in Communication Networks. Springer Berlin Heidelberg,2005:134-148.
[99] Kiayias A, Zhou H S. Concurrent blind signatures without random oracles [M]. Security andCryptography for Networks. Springer Berlin Heidelberg,2006:49-62.
[100] Abe M, Fujisaki E. How to date blind signatures[C]. Advances in Cryptology-ASIACRYPT'96. Springer Berlin Heidelberg,1996:244-251.
[101] Kim J, Kim K, Lee C. An efficient and provably secure threshold blind signature [M].Information Security and Cryptology-ICISC2001. Springer Berlin Heidelberg,2002:318-327.
[102]曹珍富,朱浩瑾,陆荣幸.可证安全的强壮门限部分肓签名[J].中国科学E辑:信息科学.2005.35(12):1254—1265.
[103] Vo D L, Zhang F, Kim K. A new threshold blind signature scheme from pairings [C].SCIS2003, ltaya, Japan,2003,1(2):233-238.
[104] Cao T, Lin D, Xue R. A randomized RSA-based partially blind signature scheme forelectronic cash [J]. Computers&Security,2005,24(1):44-49.
[105] Martinet G, Poupard G, Sola P. Cryptanalysis of a partially blind signature scheme or how tomake$100bills with$1and$2ones [M]. Financial Cryptography and Data Security.Springer Berlin Heidelberg,2006:171-176.
[106]宁超.安全多方计算底层基本运算研究[D].山东大学,2011:1-11
[107] Yao A C C. Protocols for secure computations [C]. FOCS.1982,82:160-164.
[108] Ben-Or M, Goldwasser S, Wigderson A. Completeness theorems for non-cryptographicfault-tolerant distributed computation [C]. Proceedings of the twentieth annual ACMsymposium on Theory of computing. ACM,1988:1-10.
[109] Goldreich O, Micali S, Wigderson A. How to play any mental game [C]. Proceedings of thenineteenth annual ACM symposium on Theory of computing. ACM,1987:218-229.
[110] Maurer U. Secure multi-party computation made simple [M]. Security in CommunicationNetworks. Springer Berlin Heidelberg,2003:14-28.
[111] Chor B, Goldwa sser S, Micali S, et al. Verifiable secret sharing and achieving simultaneityin the presence of faults [C]. Foundations of Computer Science,1985.26th AnnualSymposium on. IEEE,1985:383-395.
[112] Gennaro R, Micali S. Verifiable secret sharing as secure computation[C]. Advances inCryptology—Eurocrypt’95. Springer Berlin Heidelberg,1995:168-182.
[113] Hirt M, Lucas C, Maurer U, et al. Passive corruption in statistical multi-party computation
[M]. Information Theoretic Security. Springer Berlin Heidelberg,2012:129-146.
[114] Rivest R L, Adleman L, Dertouzos M L. On data banks and privacy homomorphisms [J].Foundations of secure computation,1978,32(4):169-178.
[115] Sander T, Tschudin C F. Protecting mobile agents against malicious hosts [M]. Mobile agentsand security. Springer Berlin Heidelberg,1998:44-60.
[116] Paillier P. Public-key cryptosystems based on composite degree residuosity classes [C].Advances in cryptology—EUROCRYPT’99. Springer Berlin Heidelberg,1999:223-238.
[117] Diffie W, Hellman M. New directions in cryptography[J]. IEEE Transactions on InformationTheory,1976,22(6):644-654.
[118] Lawrence J M, King D J, et al. The Accuracy and Sensitivity of Event Data Recorders inLow-Speed Collisions[C]. SAE2002World Congress&Exhibition. Detroit, MI, USA,2002:Paper No.01-0679.
[119] Gabler H C, Hinch J A, Steiner J. Event Data Recorders[C]. SAE,2008: Paper No. PT-139.
[120] Niehoff P, Gabler H C, Brophy J, et al. Evaluation of event data recorders in full systemscrash tests [C]. Proceedings of the19th International Conference on the Enhanced Safety ofVehicles.2005.
[121] Bahouth J. Characteristics and Crash Factors Producing High-Severity Injuries in MultipleImpact Crashes [D]. Washington, DC, USA: The George Washington University,2004.
[122] Young C P, Chang B R, Wei T Y. Highway vehicle accident reconstruction using CooperativeCollision Warning based Motor Vehicle Event Data Recorder [C]. Intelligent VehiclesSymposium,2009IEEE. Xi'an,2009:1131-1136
[123] Bahouth J, Digges K. Characteristics of Multiple Impact Crashes That Produce SeriousInjuries[C]. Proceedings of the19th International Technical Conference on the EnhancedSafety of Vehicles, Washington DC, USA.2005.
[124] CHIDESTER A, HINCH J, ROSTON T. Real World Experience With Event Data Recorders
[C]. Proceedings of the Seventeenth International Technical Conference on the EnhancedSafety of Vehicles. Amsterdam, Netherlands,2001:Paper No.247.
[125] Comeau J L, Dalmotas D J, German A. Event Data Recorders in Toyota Vehicles [C].Proceedings of the21st Canadian Multidisciplinary Road Safety Conference, Halifax NovaScotia.2011.
[126] John J M, Richard P, Christopher J B. Mobile Vehicle Accident Data System [P]. US:2003/0028298A1,2003-2-6.
[127] Troncoso C, Danezis G, Kosta E, et al. Pri-PAYD: Privacy Friendly Pay-As-You-DriveInsurance[C]. Proceedings of the2007ACM Workshop on Privacy in Electronic Society. KULeuven,2007:99-107.
[128] Pedersen T P. A threshold cryptosystem without a trusted party [C]. Advances inCryptology—EUROCRYPT’91. Springer Berlin Heidelberg,1991:522-526.
[129] Herzberg A, Jarecki S, Krawczyk H, et al. Proactive secret sharing or: How to cope withperpetual leakage[M]. Advances in Cryptology—CRYPT0’95. Springer Berlin Heidelberg,1995:339-352.
[130]冯涛,彭伟,马建峰.安全的无可信PKG的部分盲签名方案[J].通信学报,2010,31(1):12-18.
[131] Solo D, Housley R, Ford W. Internet X.509public key infrastructure certificate and CRLprofile [EB/OL]. http://www.ietf.org/rfc/rfc2459.txt.
[132] Schoch E, Kargl F. On the efficiency of secure beaconing in VANETs [C]. Proceedings of thethird ACM conference on Wireless network security. ACM,2010:111-116.
[133] Feiri M, Petit J, Kargl F. Congestion-based certificate omission in VANETs[C]. Proceedingsof the ninth ACM international workshop on Vehicular inter-networking, systems, andapplications. ACM,2012:135-138.
[134] Boneh D, Franklin M. Efficient generation of shared RSA keys [M]. Advances inCryptology—CRYPTO'97. Springer Berlin Heidelberg,1997:425-439.
[135] Cocks C. Split knowledge generation of RSA parameters [M]. Crytography and Coding.Springer Berlin Heidelberg,1997:89-95..
[136] Malkin M, Wu T D, Boneh D. Experimenting with Shared Generation of RSA keys [C].Internet Society’s Symposium on Network and Distributed System Security, San Diego,California,1999,43–56.
[137] OpenSSL. The Open Source Toolkit for SSL/TLS [EB/OL]. http://openssl.org.
[138] SCOTT M. Efficient implementation of cryptographic pairings [EB/OL].ftp://ftp.disi.unige.it/pub/person/MoraF/CRYPTO/PARING/mscott-samos07.pdf,2007.
[139] Chen L, Ng S L, Wang G. Threshold anonymous announcement in VANETs [J]. SelectedAreas in Communications, IEEE Journal on,2011,29(3):605-615.
[140] Boneh D, Franklin M. Identity-based encryption from the Weil pairing [C]. In Advances inCryptology-CRYPTO2001.2001:213–229.
[141] Scott M. Computing the Tate pairing [C]. In Topics in Cryptology-CT-RSA2005.2005:293–304.
[142] Rabin M O. How To Exchange Secrets with Oblivious Transfer [J]. IACR Cryptology ePrintArchive,2005,2005:187.
[143] Even S, Goldreich O, Lempel A. A randomized protocol for signing contracts [J].Communications of the ACM,1985,28(6):637-647.
[144] Naor M, Pinkas B. Oblivious transfer with adaptive queries [C]. Advances inCryptology-CRYPTO’99. Springer Berlin Heidelberg,1999:573-590.
[145] Tzeng W. Efficient1-out-of-n oblilvious transferschemes with universally usableparameters[J]. IEEE Transactions on Computers,2004,53(2):232-240.
[146] Mu Y, Zhang J, Varadharajan V. m out of n Oblivious Transfer [C]. Information Security andPrivacy. Springer Berlin Heidelberg,2002:395-405.
[147] Bennett C H, Brassard G, Crépeau C, et al. Practical quantum oblivious transfer [C].Advances in Cryptology-CRYPTO’91. Springer Berlin Heidelberg,1992:351-366.
[148] Naor M, Pinkas B. Distributed oblivious transfer [M]. Advances in Cryptology-ASIACRYPT2000. Springer Berlin Heidelberg,2000:205-219.
[149]郭栋梁,秦静,李鹏程.一个基于OT协议的电子选举方案[J].计算机应用,2008,28(5):1335-1337.
[150] Ferrara A, Green M, Hohenberger S, and Pedersen M. On the practicality of short signaturebatch verification [C/OL]. CT-RSA2009. http://eprint.iacr.org/2008/015.
[151] Kim K, Yie I, Lim S, et al. Batch verification and finding invalid signatures in a groupsignature scheme [J]. International Journal of Network Security,2011,12(3):229-238.
[152]林欣,李善平,杨朝晖. LBS中连续查询攻击算法及匿名性度量[J].软件学报,2009,20(4):1058-1068.
[153] Mokbel M F, Chow C Y, Aref W G. The new Casper: query processing for location serviceswithout compromising privacy [C]. Proceedings of the32nd international conference on Verylarge data bases. VLDB Endowment,2006:763-774.
[154] Kalnis P, Ghinita G, Mouratidis K, et al. Preventing location-based identity inference inanonymous spatial queries [J]. Knowledge and Data Engineering, IEEE Transactions on,2007,19(12):1719-1733.
[155] Bamba B, Liu L, Pesti P, et al. Supporting anonymous location queries in mobileenvironments with privacygrid [C]. Proceedings of the17th international conference onWorld Wide Web. ACM,2008:237-246.
[156] Chow C Y, Mokbel M F, Liu X. A peer-to-peer spatial cloaking algorithm for anonymouslocation-based service[C]. Proceedings of the14th annual ACM international symposium onAdvances in geographic information systems. ACM,2006:171-178.
[157] Ghinita G, Kalnis P, Skiadopoulos S. MOBIHIDE: a mobilea peer-to-peer system foranonymous location-based queries [M]. Advances in Spatial and Temporal Databases.Springer Berlin Heidelberg,2007:221-238.
[158]张厚粲.现代心理与教育统计学[M].北京:北京师范大学出版社,2003:176-181.
[159]国家统计局.城市人口密度[EB/OL]. http://219.235.129.58/indicatorYearQuery.do?id=050210300000000.
[160]仲红,黄刘生,罗永龙.基于安全多方求和的多候选人电子选举方案[J].计算机研究与发展,2006,43(8):1405-1410.
[2] Federal Communications Commission. News Release, October1999.[on-line] Available at:http://www.fcc.gov/Bureaus/Engineering Technology/News Releases/1999/nret9006.html.
[3] CAR2CAR Communication Consortium, CAR2CAR communication consortium manifesto,overview of the C2C-CC system, version1.1, August2007.
[4] Xiang W, Richardson P, Guo J. Introduction and preliminary experimental results of wirelessaccess for vehicular environments (WAVE) systems[C]. Mobile and UbiquitousSystems-Workshops,2006.3rd Annual International Conference on. IEEE,2006:1-8.
[5] IEEE1609-Family of Standards for Wireless Access in Vehicular Environments (WAVE).U.S. Department of Transportation. January9,2006. http://www.standards.its.dot.gov/Factsheets/Factsheet/80.
[6]802.11p-2010-IEEE Standard for Information technology. http://standards.ieee.org/findstds/standard/802.11p-2010.html.
[7] Blum J, Eskandarian A, Hoffman L. Challenges of intervehicle adhoc networks. IEEE Trans.Intell. Transp. Syst., vol.5, no.4, pp.347–351, Dec.2004.
[8] Yousefi S, Mousavi M S, Fathy M. Vehicular ad hoc networks (VANETs): challenges andperspectives [C]. In ITS Telecommunications Proceedings,20066th International Conferenceon. IEEE,2006:761-766.
[9] Borgonovo F, Capone A, Cesana M, et al. ADHOC MAC: new MAC architecture for ad hocnetworks providing efficient and reliable point-to-point and broadcast services [J]. WirelessNetworks,2004,10(4):359-366.
[10] Biswas S, Tatchikou R, Dion F. Vehicle-to-vehicle wireless communication protocols forenhancing highway traffic safety [J]. Communications Magazine, IEEE,2006,44(1):74-82.
[11] Fukuhara T, Warabino T, Ohseki T, et al. Broadcast methods for inter-vehiclecommunications system [C]. In Wireless Communications and Networking Conference,2005IEEE. IEEE,2005,4:2252-2257.
[12] Li X, Nguyen T D, Martin R P. Using adaptive range control to maximize1-hop broadcastcoverage in dense wireless networks [C].In Sensor and Ad Hoc Communications andNetworks,2004. IEEE SECON2004.2004First Annual IEEE Communications SocietyConference on. IEEE,2004:397-405.
[13] Artimy M M, Robertson W, Phillips W J. Assignment of dynamic transmission range based onestimation of vehicle density[C]. In Proceedings of the2nd ACM international workshop onVehicular ad hoc networks. ACM,2005:40-48.
[14] Davis J A, Fagg A H, Levine B N. Wearable computers as packet transport mechanisms inhighly-partitioned ad-hoc networks [C]. In Wearable Computers,2001Proceedings. FifthInternational Symposium on. IEEE,2001:141-148.
[15] Bose P, Morin P, Stojmenovi I, et al. Routing with guaranteed delivery in ad hoc wirelessnetworks [J]. Wireless networks,2001,7(6):609-616.
[16] Niculescu D, Nath B. Trajectory based forwarding and its applications [C]. In Proceedings ofthe9th annual international conference on Mobile computing and networking. ACM,2003:260-272.
[17] Little T D C, Agarwal A. An information propagation scheme for VANETs [C]. In IntelligentTransportation Systems,2005. Proceedings.2005IEEE. IEEE,2005:155-160.
[18] Wu H, Fujimoto R, Guensler R, et al. MDDV: a mobility-centric data dissemination algorithmfor vehicular networks [C]. In Proceedings of the1st ACM international workshop onVehicular ad hoc networks, ACM,2004:47-56.
[19] Choffnes D R, Bustamante F E. An integrated mobility and traffic model for vehicularwireless networks[C]. Proceedings of the2nd ACM international workshop on Vehicular adhoc networks. ACM,2005:69-78.
[20] Eichler S, Ostermaier B, Schroth C, et al. Simulation of car-to-car messaging: Analyzing theimpact on road traffic[C].Modeling, Analysis, and Simulation of Computer andTelecommunication Systems,2005.13th IEEE International Symposium on. IEEE,2005:507-510.
[21] Parno B, Perrig A. Challenges in securing vehicular networks. In: Proceedings of the fourthworkshop on hot topics in networks (HotNets-IV),2005.
[22] D tzer F. Privacy issues in vehicular ad hoc networks. Workshop on privacy enhancingtechnologies, Cavtat, Croatia,2005,197-209.
[23] Raya M, Hubaux J P. The security of vehicular ad hoc networks [C]. In Proceedings of the3rdACM workshop on Security of ad hoc and sensor networks, Alexandria, USA,2005,11-21.
[24]陈辰,韩伟力,王新. VANET安全技术综述[J].小型微型计算机系统,2011,32(5):896-904.
[25] Furgel I, Lemke K. A review of the digital tachograph system [M]. Embedded Security inCars. Springer Berlin Heidelberg,2006:69-94.
[26] Intelligent Transportation Systems Committee. IEEE trial-use standard for wireless access invehicular environments-security services for applications and management messages[J]. IEEEVehicular Technology Society Standard,2006,1609:2006.
[27] M. Raya, A. Aziz, J.P. Hubaux, Efficient secure aggregation in VANETs, in: Proceedings ofVANET’06,2006.
[28] Tseng H R, Jan R H, Yang W, et al. A Secure Aggregated message authentication scheme forVehicular Ad-Hoc Networks[C]//18th World congress on Intelligent Transportation systems.2011.
[29] Zhang C, Lin X, Lu R, et al. An efficient message authentication scheme for vehicularcommunications[J]. Vehicular Technology, IEEE Transactions on,2008,57(6):3357-3368.
[30] Wang N W, Huang Y M, Chen W M. A novel secure communication scheme in vehicular adhoc networks [J]. Computer communications,2008,31(12):2827-2837.
[31] Hu C, Chim T W, Yiu S M, et al. Efficient HMAC-based secure communication forVANETs[J]. Computer Networks,2012,56(9):2292-2303.
[32] Hu Y C, Laberteaux K P. Strong VANET security on a budget [C]. Proceedings of Workshopon Embedded Security in Cars (ESCAR).2006.
[33] Boyd C, Mathuria A. Protocols for authentication and key establishment[M]. Springer,2003.
[34] Harney H. Group key management protocol (GKMP) architecture[J]. Group,1997.
[35] Burmester M, Desmedt Y. A secure and efficient conference key distribution system[C].Advances in Cryptology—EUROCRYPT'94. Springer Berlin Heidelberg,1995:275-286.
[36] Wang J, Pan J, Zhu H W. ID-Based Authenticated Dynamic Group Key Agreement[J]. Journalof Shanghai Jiaoting University (Science),2005,10(3):236-241.
[37] Dutta R, Barua R. Provably secure constant round contributory group key agreement indynamic setting[J]. Information Theory, IEEE Transactions on,2008,54(5):2007-2025.
[38] Deepakumara J, Heys H M, Venkatesan R. Performance comparison of messageauthentication code (MAC) algorithms for Internet protocol security (IPSEC)[C].Proc.Newfoundland Electrical and Computer Engineering Conf.2003.
[39]朱建明,马建峰.一种高效的具有用户匿名性的无线认证协议[J].通信学报,2004,25(6):12-18.
[40]彭华熹,冯登国.匿名无线认证协议的匿名性缺陷和改进[J].通信学报,2006,27(9):78-85.
[41] Brickell E, Camenisch J, Chen L. Direct anonymous attestation [C]. Proceedings of the11thACM conference on Computer and communications security. ACM,2004:132-145.
[42]于爱民,初晓博,冯登国.基于可信芯片的终端平台匿名身份建立方法研究[J].计算机学报,2010,33(9):1703-1712.
[43]吴振强,周彦伟,乔子芮.一种可控可信的匿名通信方案[J].计算机学报,2010,33(9):1686-1702.
[44] Van Den Berg E, Zhang T, Pietrowicz S. Blend-in: a privacy-enhancing certificate-selectionmethod for vehicular communication [J]. IEEE Transactions on Vehicular Technology,2009,58(9):5190-5199.
[45] Raya M, Hubaux J P. The security of vehicular ad hoc networks [C]. In Proceedings of the3rdACM workshop on Security of ad hoc and sensor networks, Alexandria, USA,2005:11-21.
[46] Raya M, Hubaux J P. Securing vehicular ad hoc networks [J]. Journal of Computer Security,2007,15(1):39-68.
[47] Lin X, Sun X, Ho P, Shen X. GSIS: Secure vehicular communications with privacypreserving [J]. IEEE Transactions on vehicular technology,2007,56(6):3442–3456.
[48] Calandriello G, Papadimitratos P, Hubaux J P, Lioy A. Efficient and robust pseudonymousauthentication in VANET [C]. In Proceedings of the fourth ACM international workshop onVehicular ad hoc networks, Montreal, Canada, Sept.2007:19-28.
[49] Calandriello G, Papadimitratos P, Hubaux J P, Lioy A. On the performance of securevehicular communication systems[J]. IEEE Transactions on Dependable and SecureComputing,2011,8(6):898-912.
[50] Lu R, Lin X, Zhu H, et al. ECPP: Efficient conditional privacy preservation protocol forsecure vehicular communications [C]. In IEEE INFOCOM, Phoenix, AZ,2008:1229–1237.
[51] Zhang L, Wu Q, Solanas A. A scalable robust authentication protocol for secure vehicularcommunications [J]. IEEE Transactions on Vehicular Technology,2010,59(4):1606–1617.
[52] Hao Y, Chen Y, Zhou C, et al. A distributed key management framework with cooperativemessage authentication in VANETs [J]. IEEE Journal on Selected Areas in Communications,2011,29(3):616-629.
[53] Boneh D, Boyen X, Shacham H. Short group signatures [C]. In Advances in Crypto’04,LNCS3152,2004:41-55.
[54]田子健,王继林,伍云霞.一个动态的可追踪匿名认证方案[J].电子与信息学报,2005,27(11):1737-1740.
[55]李梦东,杨义先.无可信第三方的离线电子现金匿名性控制[J].电子学报,2005,33(3):456-458.
[56] Schaub F, Kargl F, Ma Z, and Weber M. V-tokens for conditional pseudonymity in VANETs.in IEEE Wireless Communications&Networking Conference, Sydney, NSW,2010:1-6.
[57]贾金营,张凤荔.位置隐私保护技术综述[J].计算机应用研究,2013,30(3):641-646.
[58]张建明,赵玉娟,江浩斌等.车辆自组网的位置隐私保护技术研究[J].通信学报,2012,33(8):180-189.
[59] Buttyan L, Holczer T, Vajda I. On the effectiveness of changing pseudonyms to providelocation privacy in VANET. Proceedings of ESAS’07[C].2007:129-141.
[60] Beresford A R, Stajano F. Location Privacy in Pervasive Computing [J]. IEEE PervasiveComputing,2003,2(1):46–55.
[61] Huang L, Matsuura K, Yamane H, et al. Enhancing wireless location privacy using silentperiod [C]. In Proc. IEEE WCNC2005. March2005.
[62] Buttyán L, Holczer T, Weimerskirch A, et al. Slow: A practical pseudonym changing schemefor location privacy in vanets[C]. Vehicular Networking Conference (VNC),2009IEEE.IEEE,2009:1-8.
[63] Freudiger J, Raya M, Félegyházi M, et al. Mix-zones for location privacy in vehicularnetworks [C]. In Proceedings of the first international workshop on wireless networking forintelligent transportation systems (Win-ITS).2007.
[64] Dok H, Fu H, Echevarria R, Weerasinghe H. Privacy Issues of Vehicular Ad-HocNetworks[J]. International Journal of Future Generation Communication and Networking,2010,3(1):17-32.
[65] Wasef A, Shen X. REP: Location Privacy for VANETs Using Random Encryption Periods [J].Mobile Netw Appl,2010,15:172–185.
[66] Xue X, Ding J. LPA: a new location-based privacy-preserving authentication protocol inVANET[J]. Security Comm. Networks,2012:69–78.
[67] Sweeney L, k-anonymity: a model for protecting privacy[J]. International Journal ofUncertainty, Fuzziness and Knowledge Based Systems,2002,10(5):557–570.
[68] Gruteser M, Grunwald D. Anonymous Usage of Location-Based Services through Spatial andTemporal Cloaking [C]. In Proceedings ACM Int’l Conf. Mobile Systems, Applications, andServices (Mo-biSys’03),2003.
[69] Gedik B, Liu L. Protecting location privacy with personalized k-anonymity: Architecture andalgorithms[J]. IEEE Transactions on Mobile Computing.2008,7(1):1–18.
[70]周傲英,杨彬,金澈清,马强.基于位置的服务:架构与进展[J].计算机学报,2011,34(7):1155-1171.
[71] Solanas A, Mart′nez-Balleste A. Privacy protection in location-based services through apublic-key privacy homomorphism[C]. EuroPKI2007:362–368,2007.
[72] Solanas A, Mart′nez-Balleste A. A TTP-free protocol for location privacy in location-basedservices [J]. Computer Communications Journal,2008,31:1181–1191.
[73] Hashem T, Kulik L. Don't trust anyone: Privacy protection for location-based services [J].Journal of Pervasive Mobile Computing,2011,7:44-59.
[74] Ashouri-Talouki M, Baraani-Dastjerdi A, Sel uk A A. GLP: A cryptographic approach forgroup location privacy [J]. Computer Communications,2012,35(12):1527-1533.
[75]黄毅,霍峥,孟小峰. CoPrivacy:一种用户协作无匿名区域的位置隐私保护方法[J].计算机学报,2011,34(10):1976-1985.
[76] Chor B, Kushilevitz E, Goldreich O, et al. Private information retrieval[J]. Journal of theACM (JACM),1998,45(6):965-981.
[77] Ghinita G, Kalnis P, Khoshgozaran A, et al. Private queries in location based services:anonymizers are not necessary[C]. Proceedings of the2008ACM SIGMOD internationalconference on Management of data. ACM,2008:121-132.
[78] Yi X, Kaosar M, Paulet R, et al. Single-Database Private Information Retrieval from FullyHomomorphic Encryption[J].2013.
[79] Johnson D, Menezes A, Vanstone S. The elliptic curve digital signature algorithm(ECDSA)[J]. International Journal of Information Security,2001,1(1):36-63.
[80] Shamir A. How to share a secret[J]. Communications of the ACM,1979,22(11):612-613.
[81] Blakley G R. Safeguarding cryptographic keys[C]. Managing Requirements Knowledge,International Workshop on. IEEE Computer Society,1899:313.
[82] Asmuth C, Bloom J. A modular approach to key safeguarding[J]. Information Theory, IEEETransactions on,1983,29(2):208-210.
[83]熊焰,苗付友,张伟超,王行甫.移动自组网中基于多跳步加密签名函数签名的分布式认证[J].电子学报,2003,31(2):161-165.
[84] Feldman P. A practical scheme for non-interactive verifiable secret sharing[C]. Foundationsof Computer Science,1987,28th Annual Symposium on. IEEE,1987:427-438.
[85] Pedersen T P. Non-interactive and information-theoretic secure verifiable secret sharing[C].In Advances in Cryptology—CRYPTO’91. Springer Berlin Heidelberg,1992:129-140.
[86] Chaum D, VAN H. Group signtures[C]. In: Advances in Cryptology EUROCRYPT’91.LNCS547. Berlin: Springer-Verlag,1991:257-265.
[87] Camenisch J, Stadler M. Effient group signature schemes for large groups[C]. In Proceedingsof CRYPT'97, Lecture Notes in Computer Science, Berlin: Springer-Verlag,1997.1296:410-424.
[88] Ateniese G, Song D, Tsusdik G. Quasi-efficient revocation of group signatures [C]. InFinancial Cryptography, LNCS2357. Springer-Verlag,2002.183-197.
[89] Bellare M, Miner S. A Forward-secure Digital Signature Scheme[C]. Advances inCryptology-Crypto’99Proceedings, Berlin: SpringerVerlag,1999:143-156.
[90] Chaum D. Blind Signatures for Untraceable Payments [C]. In Crypto.1982,82:199-203.
[91] Chaum D. Blind Signature System. Crypto’83[J].1984:153-158.
[92] Okamoto T. Provably secure and practical identification schemes and corresponding signatureschemes [C]. Advances in Cryptology-CRYPTO’92. Springer Berlin Heidelberg,1993:31-53.
[93] Camenisch J L, Piveteau J M, Stadler M A. Blind signatures based on the discrete logarithmproblem [C]. Advances in Cryptology-EUROCRYPT'94. Springer Berlin Heidelberg,1995:428-432.
[94] Mohammed E, Emarah A E, El-Shennaway K. A blind signature scheme based on ElGamalsignature[C]. Radio Science Conference,2000.17th NRSC'2000. Seventeenth National. IEEE,2000: C25/1-C25/6:51-53.
[95] Fan C I, Lei C L. Efficient blind signature scheme based on quadratic residues [J]. ElectronicsLetters,1996,32(9):811-813.
[96] Lysyanskaya A, Ramzan Z. Group blind digital signatures: A scalable solution to electroniccash [C]. Financial Cryptography. Springer Berlin Heidelberg,1998:184-197.
[97] Lin W D, Jan J K. A security personal learning tools using a proxy blind signature scheme [C].In Proceedings of International Conference on Chinese Language Computing. Illinois, USA,2000:273-277.
[98] Camenisch J, Koprowski M, Warinschi B. Efficient blind signatures without random oracles
[M]. Security in Communication Networks. Springer Berlin Heidelberg,2005:134-148.
[99] Kiayias A, Zhou H S. Concurrent blind signatures without random oracles [M]. Security andCryptography for Networks. Springer Berlin Heidelberg,2006:49-62.
[100] Abe M, Fujisaki E. How to date blind signatures[C]. Advances in Cryptology-ASIACRYPT'96. Springer Berlin Heidelberg,1996:244-251.
[101] Kim J, Kim K, Lee C. An efficient and provably secure threshold blind signature [M].Information Security and Cryptology-ICISC2001. Springer Berlin Heidelberg,2002:318-327.
[102]曹珍富,朱浩瑾,陆荣幸.可证安全的强壮门限部分肓签名[J].中国科学E辑:信息科学.2005.35(12):1254—1265.
[103] Vo D L, Zhang F, Kim K. A new threshold blind signature scheme from pairings [C].SCIS2003, ltaya, Japan,2003,1(2):233-238.
[104] Cao T, Lin D, Xue R. A randomized RSA-based partially blind signature scheme forelectronic cash [J]. Computers&Security,2005,24(1):44-49.
[105] Martinet G, Poupard G, Sola P. Cryptanalysis of a partially blind signature scheme or how tomake$100bills with$1and$2ones [M]. Financial Cryptography and Data Security.Springer Berlin Heidelberg,2006:171-176.
[106]宁超.安全多方计算底层基本运算研究[D].山东大学,2011:1-11
[107] Yao A C C. Protocols for secure computations [C]. FOCS.1982,82:160-164.
[108] Ben-Or M, Goldwasser S, Wigderson A. Completeness theorems for non-cryptographicfault-tolerant distributed computation [C]. Proceedings of the twentieth annual ACMsymposium on Theory of computing. ACM,1988:1-10.
[109] Goldreich O, Micali S, Wigderson A. How to play any mental game [C]. Proceedings of thenineteenth annual ACM symposium on Theory of computing. ACM,1987:218-229.
[110] Maurer U. Secure multi-party computation made simple [M]. Security in CommunicationNetworks. Springer Berlin Heidelberg,2003:14-28.
[111] Chor B, Goldwa sser S, Micali S, et al. Verifiable secret sharing and achieving simultaneityin the presence of faults [C]. Foundations of Computer Science,1985.26th AnnualSymposium on. IEEE,1985:383-395.
[112] Gennaro R, Micali S. Verifiable secret sharing as secure computation[C]. Advances inCryptology—Eurocrypt’95. Springer Berlin Heidelberg,1995:168-182.
[113] Hirt M, Lucas C, Maurer U, et al. Passive corruption in statistical multi-party computation
[M]. Information Theoretic Security. Springer Berlin Heidelberg,2012:129-146.
[114] Rivest R L, Adleman L, Dertouzos M L. On data banks and privacy homomorphisms [J].Foundations of secure computation,1978,32(4):169-178.
[115] Sander T, Tschudin C F. Protecting mobile agents against malicious hosts [M]. Mobile agentsand security. Springer Berlin Heidelberg,1998:44-60.
[116] Paillier P. Public-key cryptosystems based on composite degree residuosity classes [C].Advances in cryptology—EUROCRYPT’99. Springer Berlin Heidelberg,1999:223-238.
[117] Diffie W, Hellman M. New directions in cryptography[J]. IEEE Transactions on InformationTheory,1976,22(6):644-654.
[118] Lawrence J M, King D J, et al. The Accuracy and Sensitivity of Event Data Recorders inLow-Speed Collisions[C]. SAE2002World Congress&Exhibition. Detroit, MI, USA,2002:Paper No.01-0679.
[119] Gabler H C, Hinch J A, Steiner J. Event Data Recorders[C]. SAE,2008: Paper No. PT-139.
[120] Niehoff P, Gabler H C, Brophy J, et al. Evaluation of event data recorders in full systemscrash tests [C]. Proceedings of the19th International Conference on the Enhanced Safety ofVehicles.2005.
[121] Bahouth J. Characteristics and Crash Factors Producing High-Severity Injuries in MultipleImpact Crashes [D]. Washington, DC, USA: The George Washington University,2004.
[122] Young C P, Chang B R, Wei T Y. Highway vehicle accident reconstruction using CooperativeCollision Warning based Motor Vehicle Event Data Recorder [C]. Intelligent VehiclesSymposium,2009IEEE. Xi'an,2009:1131-1136
[123] Bahouth J, Digges K. Characteristics of Multiple Impact Crashes That Produce SeriousInjuries[C]. Proceedings of the19th International Technical Conference on the EnhancedSafety of Vehicles, Washington DC, USA.2005.
[124] CHIDESTER A, HINCH J, ROSTON T. Real World Experience With Event Data Recorders
[C]. Proceedings of the Seventeenth International Technical Conference on the EnhancedSafety of Vehicles. Amsterdam, Netherlands,2001:Paper No.247.
[125] Comeau J L, Dalmotas D J, German A. Event Data Recorders in Toyota Vehicles [C].Proceedings of the21st Canadian Multidisciplinary Road Safety Conference, Halifax NovaScotia.2011.
[126] John J M, Richard P, Christopher J B. Mobile Vehicle Accident Data System [P]. US:2003/0028298A1,2003-2-6.
[127] Troncoso C, Danezis G, Kosta E, et al. Pri-PAYD: Privacy Friendly Pay-As-You-DriveInsurance[C]. Proceedings of the2007ACM Workshop on Privacy in Electronic Society. KULeuven,2007:99-107.
[128] Pedersen T P. A threshold cryptosystem without a trusted party [C]. Advances inCryptology—EUROCRYPT’91. Springer Berlin Heidelberg,1991:522-526.
[129] Herzberg A, Jarecki S, Krawczyk H, et al. Proactive secret sharing or: How to cope withperpetual leakage[M]. Advances in Cryptology—CRYPT0’95. Springer Berlin Heidelberg,1995:339-352.
[130]冯涛,彭伟,马建峰.安全的无可信PKG的部分盲签名方案[J].通信学报,2010,31(1):12-18.
[131] Solo D, Housley R, Ford W. Internet X.509public key infrastructure certificate and CRLprofile [EB/OL]. http://www.ietf.org/rfc/rfc2459.txt.
[132] Schoch E, Kargl F. On the efficiency of secure beaconing in VANETs [C]. Proceedings of thethird ACM conference on Wireless network security. ACM,2010:111-116.
[133] Feiri M, Petit J, Kargl F. Congestion-based certificate omission in VANETs[C]. Proceedingsof the ninth ACM international workshop on Vehicular inter-networking, systems, andapplications. ACM,2012:135-138.
[134] Boneh D, Franklin M. Efficient generation of shared RSA keys [M]. Advances inCryptology—CRYPTO'97. Springer Berlin Heidelberg,1997:425-439.
[135] Cocks C. Split knowledge generation of RSA parameters [M]. Crytography and Coding.Springer Berlin Heidelberg,1997:89-95..
[136] Malkin M, Wu T D, Boneh D. Experimenting with Shared Generation of RSA keys [C].Internet Society’s Symposium on Network and Distributed System Security, San Diego,California,1999,43–56.
[137] OpenSSL. The Open Source Toolkit for SSL/TLS [EB/OL]. http://openssl.org.
[138] SCOTT M. Efficient implementation of cryptographic pairings [EB/OL].ftp://ftp.disi.unige.it/pub/person/MoraF/CRYPTO/PARING/mscott-samos07.pdf,2007.
[139] Chen L, Ng S L, Wang G. Threshold anonymous announcement in VANETs [J]. SelectedAreas in Communications, IEEE Journal on,2011,29(3):605-615.
[140] Boneh D, Franklin M. Identity-based encryption from the Weil pairing [C]. In Advances inCryptology-CRYPTO2001.2001:213–229.
[141] Scott M. Computing the Tate pairing [C]. In Topics in Cryptology-CT-RSA2005.2005:293–304.
[142] Rabin M O. How To Exchange Secrets with Oblivious Transfer [J]. IACR Cryptology ePrintArchive,2005,2005:187.
[143] Even S, Goldreich O, Lempel A. A randomized protocol for signing contracts [J].Communications of the ACM,1985,28(6):637-647.
[144] Naor M, Pinkas B. Oblivious transfer with adaptive queries [C]. Advances inCryptology-CRYPTO’99. Springer Berlin Heidelberg,1999:573-590.
[145] Tzeng W. Efficient1-out-of-n oblilvious transferschemes with universally usableparameters[J]. IEEE Transactions on Computers,2004,53(2):232-240.
[146] Mu Y, Zhang J, Varadharajan V. m out of n Oblivious Transfer [C]. Information Security andPrivacy. Springer Berlin Heidelberg,2002:395-405.
[147] Bennett C H, Brassard G, Crépeau C, et al. Practical quantum oblivious transfer [C].Advances in Cryptology-CRYPTO’91. Springer Berlin Heidelberg,1992:351-366.
[148] Naor M, Pinkas B. Distributed oblivious transfer [M]. Advances in Cryptology-ASIACRYPT2000. Springer Berlin Heidelberg,2000:205-219.
[149]郭栋梁,秦静,李鹏程.一个基于OT协议的电子选举方案[J].计算机应用,2008,28(5):1335-1337.
[150] Ferrara A, Green M, Hohenberger S, and Pedersen M. On the practicality of short signaturebatch verification [C/OL]. CT-RSA2009. http://eprint.iacr.org/2008/015.
[151] Kim K, Yie I, Lim S, et al. Batch verification and finding invalid signatures in a groupsignature scheme [J]. International Journal of Network Security,2011,12(3):229-238.
[152]林欣,李善平,杨朝晖. LBS中连续查询攻击算法及匿名性度量[J].软件学报,2009,20(4):1058-1068.
[153] Mokbel M F, Chow C Y, Aref W G. The new Casper: query processing for location serviceswithout compromising privacy [C]. Proceedings of the32nd international conference on Verylarge data bases. VLDB Endowment,2006:763-774.
[154] Kalnis P, Ghinita G, Mouratidis K, et al. Preventing location-based identity inference inanonymous spatial queries [J]. Knowledge and Data Engineering, IEEE Transactions on,2007,19(12):1719-1733.
[155] Bamba B, Liu L, Pesti P, et al. Supporting anonymous location queries in mobileenvironments with privacygrid [C]. Proceedings of the17th international conference onWorld Wide Web. ACM,2008:237-246.
[156] Chow C Y, Mokbel M F, Liu X. A peer-to-peer spatial cloaking algorithm for anonymouslocation-based service[C]. Proceedings of the14th annual ACM international symposium onAdvances in geographic information systems. ACM,2006:171-178.
[157] Ghinita G, Kalnis P, Skiadopoulos S. MOBIHIDE: a mobilea peer-to-peer system foranonymous location-based queries [M]. Advances in Spatial and Temporal Databases.Springer Berlin Heidelberg,2007:221-238.
[158]张厚粲.现代心理与教育统计学[M].北京:北京师范大学出版社,2003:176-181.
[159]国家统计局.城市人口密度[EB/OL]. http://219.235.129.58/indicatorYearQuery.do?id=050210300000000.
[160]仲红,黄刘生,罗永龙.基于安全多方求和的多候选人电子选举方案[J].计算机研究与发展,2006,43(8):1405-1410.