Cloud Privacy Data Deduplication in the Internet of Vehicles | Construction of Blind Signature Scheme for IoV Data

Cloud Privacy Data Deduplication in the Internet of Vehicles | Construction of Blind Signature Scheme for IoV Data

1

Introduction

1.1 Research Background and Industry Status

Currently, the global Internet of Vehicles (IoV) industry is in a period of rapid development and strategic opportunity. According to Gartner’s forecast, the number of connected vehicles worldwide will exceed 350 million by 2026. As a core market, China’s IoV penetration rate has jumped from 30% in 2020 to 68% in 2024, with applications such as intelligent connected vehicles and vehicle-road collaboration accelerating their implementation. The IoV significantly enhances traffic efficiency and travel experience through the deep integration of six elements: “people – vehicles – roads – clouds – networks – maps”. However, issues of data security and privacy protection have become increasingly prominent, posing a core bottleneck to the large-scale development of the industry.

The data of the IoV has three main characteristics: multi-source, sensitivity, and real-time. Multi-source refers to data covering in-vehicle sensors (LiDAR, millimeter-wave radar, etc.), roadside devices (RSUs, cameras, etc.), user terminals, and cloud platforms; sensitivity indicates that the data includes core privacy such as vehicle trajectories, driving habits, and identity information; real-time requires that data transmission and processing delays must be controlled at the millisecond level. In recent years, security incidents involving IoV data have occurred frequently: in 2023, a European automotive company experienced a data breach of over 100,000 users’ vehicle location data due to a cloud platform vulnerability; in 2024, a domestic autonomous driving test vehicle suffered a data tampering attack, resulting in a minor traffic accident. Traditional security technologies such as symmetric encryption and conventional digital signatures struggle to meet the dual demands of “privacy protection” and “identity verification,” necessitating innovative technical solutions to break through these bottlenecks.

1.2 Core Value of Blind Signature Technology

Blind signature technology was proposed by cryptographer Chaum in 1983. Its essence is a special digital signature technology where the “signer cannot see the content of the message.” Its core value lies in achieving a “coordinated unity of privacy protection and verifiability.” Compared to traditional digital signatures, blind signatures have three key characteristics: first, blindness, where the signer cannot know the specific content of the signed message; second, non-repudiation, where only legitimate signers can generate valid signatures; and third, non-repudiation, where the signer cannot deny the signature that has been generated.

In the IoV scenario, blind signature technology can effectively resolve three core contradictions: first, it addresses the contradiction between “data verification needs” and “user privacy protection,” ensuring that the cloud platform can verify the legality of data without accessing sensitive information; second, it resolves the contradiction between “limited terminal resources” and “complex security algorithms,” as lightweight blind signature algorithms can be adapted to in-vehicle embedded devices; third, it addresses the contradiction between “data lifecycle security” and “multi-party collaborative applications,” providing trusted support for data sharing and transactions.

1.3 Research Objectives and Framework of the Report

The core research objective of this report is to construct an efficient, secure, and scalable blind signature scheme suitable for IoV scenarios, addressing security and privacy issues throughout the entire process of data collection, transmission, and verification.

The report adopts a logical framework of “problem presentation – technology adaptation – scheme construction – performance verification – application promotion,” divided into six chapters: the first chapter elaborates on the research background and value; the second chapter analyzes the security needs of IoV data and the adaptability of blind signature technology; the third chapter details the design of the scheme architecture and core mechanisms; the fourth chapter verifies the security and performance of the scheme through experiments; the fifth chapter expands application scenarios and proposes promotion strategies; the sixth chapter summarizes research results and looks forward to future directions.

2

IoV Data Security Needs and

Adaptability Study of Blind Signature Technology

2.1 Classification of IoV Data and Security Risk Map

Based on the data lifecycle and functional attributes, IoV data can be divided into four categories, each facing differentiated security risks:

Cloud Privacy Data Deduplication in the Internet of Vehicles | Construction of Blind Signature Scheme for IoV Data

Through risk map analysis, it can be seen that IoV data security risks exhibit characteristics of chain transmission and cross-impact: a security vulnerability at a single node may trigger system-wide risks, such as data being forged at roadside units potentially leading to regional traffic paralysis, or vehicle terminal identities being impersonated, which may trigger a series of fraud incidents.

2.2 Core Security Demand Indicator System for IoV Data

Based on risk analysis, a security demand indicator system for IoV data has been constructed, covering quantitative and qualitative requirements across six dimensions:

Privacy Protection: It must meet the dual requirements of “data being non-traceable” and “identity being non-associated,” with the signer’s knowledge of the original data being 0, and third parties unable to reverse-engineer user identities through signatures.

Identity Verifiability: Data source verification accuracy must be ≥99.99%, supporting rapid identity confirmation in batch verification scenarios.

Data Integrity: The data tampering detection rate must be 100%, with tampering localization accuracy reaching the field level, supporting dual verification through hash values and digital signatures.

Non-repudiation: Signature validity must have a judicial recognition rate of ≥99%, supporting signature traceability based on public key systems.

Real-time Performance: Signature generation time must be ≤2ms, verification time ≤1ms, meeting the C-V2X communication delay requirement of 50ms.

Attack Resistance: It must withstand more than 10 common attacks, including forgery, tampering, replay, and denial of service, with key cracking difficulty ≥2^128.

2.3 Blind Signature Technology System and Adaptability Analysis

2.3.1 Comparison of Mainstream Blind Signature Technologies

Current mainstream blind signature technologies are built on different cryptographic foundations, with significant differences in security, efficiency, and resource consumption:

Cloud Privacy Data Deduplication in the Internet of Vehicles | Construction of Blind Signature Scheme for IoV Data

2.3.2 Adaptability Matching Analysis

Elliptic Curve Blind Signature (ECBS) technology is highly compatible with IoV data security needs, with specific adaptability reflected in three aspects:

Efficiency Adaptation: The ECBS algorithm’s signature length is only 1/4 of RSA, with computational complexity at a linear level, meeting the resource constraints of in-vehicle terminals with a 1.2GHz clock speed and 512MB memory.

Security Adaptation: Based on the computational irreversibility of the elliptic curve discrete logarithm problem, ECBS’s anti-cracking capability reaches a security strength of 2^128, meeting attack resistance requirements.

Functional Adaptation: The blinding processing mechanism can achieve data privacy protection, while the public key verification mechanism ensures identity verifiability and non-repudiation, perfectly fitting the dual requirements.

3

Detailed Design of the IoV Data Blind Signature Scheme

3.1 Scheme Design Philosophy and Principles

The scheme is designed with the philosophy of “security as the foundation, efficiency as a priority, privacy at the core, and compatibility for expansion,” adhering to five principles:

Depth Defense Principle: Build a three-layer protection system of “terminal security – transmission security – cloud security” to avoid system-wide risks caused by the failure of a single link.

Lightweight Design Principle: The core algorithm adopts a combination of hardware acceleration and software optimization to reduce terminal resource consumption.

Privacy Enhancement Principle: Integrate blind signature and zero-knowledge proof technologies to achieve “data usable but invisible.”

Standard Compatibility Principle: Compatible with IoV communication standards such as IEEE 802.11p and 3GPP C-V2X, supporting mainstream hardware interfaces.

Dynamic Expandability Principle: Adopt a modular architecture to support algorithm upgrades, functional expansions, and scenario extensions.

3.2 Overall Architecture Design of the Scheme

The scheme adopts a “four-level linkage, distributed trust” architecture, covering four core nodes: Key Management Center (KMC), On-Board Unit (OBU), Roadside Unit (RSU), and Cloud Platform, with the functions and trust relationships of each node as follows:

Key Management Center (KMC): As the root of system trust, responsible for key generation, distribution, updating, and revocation, employing a security protection mechanism of “physical isolation + multi-factor authentication,” with the core root key stored in quantum encryption hardware.

On-Board Unit (OBU): The main body for data collection and blinding, integrating sensor data collection modules, blind signature processing modules, and secure communication modules, supporting hardware acceleration for the ECBS algorithm.

Roadside Unit (RSU): The signing and forwarding node, deploying edge computing capabilities, responsible for generating blind signatures, initial verification of terminal identities, and data forwarding, supporting concurrent signing processing for multiple terminals.

Cloud Platform: The verification and data management center, deploying a distributed verification engine, anomaly detection module, and data security storage module, supporting efficient verification and management of hundreds of millions of data.

Each node collaborates through secure channels and trust chains: KMC distributes trusted keys to RSU and OBU, RSU provides signing services to OBU based on trusted keys, and the cloud platform verifies signature validity based on the public key system, forming a closed-loop trust system.

3.3 Core Mechanism Innovation Design

3.3.1 Hierarchical Key Management Mechanism

Innovatively designed a four-level hierarchical key system of “root key – node key – session key – application key” to achieve refined and dynamic management of keys:

Root Key (SK_root): Generated and physically stored by KMC, with a lifecycle consistent with the system’s duration, used to derive node keys.

Node Keys: Including RSU signing key (SK_RSU) and OBU identity key (SK_OBU), SK_RSU is dynamically updated every 7 days, while SK_OBU is bound to device hardware and automatically revoked after device scrapping.

Session Key (SK_session): Real-time negotiated by OBU and RSU through the ECDH algorithm, updated for each communication session, used for encrypting blind messages and blind signature transmission.

Application Key: Special keys generated for different application scenarios (e.g., autonomous driving, traffic scheduling) to achieve “scenario isolation and controllable risks.”

Key distribution adopts an “encrypted transmission + two-way authentication” mechanism: KMC encrypts and transmits node keys through a hardware security module (HSM), and RSU and OBU must verify the legitimacy of the keys through a challenge-response mechanism after receiving them.

3.3.2 Lightweight Elliptic Curve Blind Signature Algorithm Optimization

Based on the secp256r1 elliptic curve, three key optimizations are made to the traditional ECBS algorithm:

Dynamic Generation of Blinding Factor Optimization: Using a three-element seed of “device unique identifier (IMEI) + timestamp + random number,” the blinding factor r is generated through the SHA-384 hash function, avoiding the risk of blinding factor leakage caused by fixed seeds, shortening the blinding processing time by 30%.

Signature Compression and Fast Verification: Utilizing elliptic curve point compression technology, the signature result is compressed from 128Bytes to 64Bytes, while designing a “pre-computation + batch verification” algorithm, improving cloud platform verification efficiency by over 40%.

Resistance to Side-Channel Attack Reinforcement: Randomized signature paths and constant-time execution mechanisms are introduced in the algorithm implementation to resist timing attacks, power analysis, and other side-channel attacks, enhancing security strength to 2^192.

3.3.3 Multi-Dimensional Identity Authentication Mechanism

Designed a three-dimensional identity authentication mechanism of “hardware fingerprint + key authentication + behavioral features” to ensure the uniqueness and legitimacy of terminal identities:

Hardware Fingerprint Authentication: Extracting hardware features such as the CPU serial number and memory ID of the OBU to generate a unique hardware fingerprint, serving as the basis for identity authentication.

Key Challenge Authentication: RSU sends a random challenge factor to OBU, which returns a signature through SK_OBU, and RSU verifies the signature’s validity to confirm identity.

Behavioral Feature Assisted Authentication: Collecting behavioral features such as communication frequency and data sending cycle of the OBU to establish a behavioral model, providing risk warnings for abnormal behaviors.

The synergistic effect of the three-dimensional authentication mechanism achieves an identity authentication accuracy rate of 99.999%, effectively resisting identity forgery attacks.

3.4 Full Process Implementation Steps of the Scheme

3.4.1 System Initialization Phase (T0)

KMC generates a root key pair (SK_root, PK_root), with SK_root stored in HSM, and PK_root publicly distributed to each node.

RSU sends a registration request to KMC, including device identifier (ID_RSU) and hardware fingerprint. After verification by KMC, RSU key pair (SK_RSU, PK_RSU) is derived based on SK_root and ID_RSU, encrypted and transmitted to RSU, and PK_RSU is synchronized to the cloud platform’s public key database.

When the OBU is first powered on, it generates a hardware fingerprint and identity key pair (SK_OBU, PK_OBU), sending a registration request to KMC. After verification, KMC includes PK_OBU in the trusted public key database.

Cloud Privacy Data Deduplication in the Internet of Vehicles | Construction of Blind Signature Scheme for IoV Data

3.4.2 Data Blinding and Signing Phase (T1-T3)

Data Collection and Preprocessing (T1): OBU collects vehicle data D = {speed v, position P, timestamp t, sensor data S}, calculates data hash value H = SHA-384 (D), generating the original message M = {ID_OBU, H, t}.

Blinding Processing (T2): OBU generates a three-element seed Seed = {IMEI, t, R} (R is a random number), calculates the blinding factor r = SHA-384 (Seed), and performs blinding processing on M: M_blind = M * r mod n (n is the order of the elliptic curve).

Identity Authentication and Session Establishment (T2.5): OBU sends an authentication request to RSU, and after three-dimensional authentication, both parties negotiate the session key SK_session.

Blind Signature Generation (T3): OBU encrypts M_blind using SK_session and sends it to RSU. RSU decrypts it and uses SK_RSU to sign M_blind, generating the blind signature S_blind = Sign (SK_RSU, M_blind), which is encrypted and returned to OBU.

Unblinding Processing (T3.5): OBU calculates the inverse of r, r⁻¹, and unblinds S_blind: S = S_blind * r⁻¹ mod n, obtaining the final signature data package Pkg = {M, S, PK_RSU}.

3.4.3 Signature Verification and Data Application Phase (T4-T5)

Signature Verification (T4): OBU uploads Pkg to the cloud platform, which performs three-step verification:

Verify the trustworthiness of PK_RSU (query the public key database);

Verify whether Sign (PK_RSU, M, S) holds;

Verify the timeliness of the timestamp t (valid for 5 minutes).

Data Storage and Application (T5): After verification, the cloud platform stores data D and Pkg, allowing authorized users to access the data after identity authentication; if verification fails, it is marked as abnormal data, triggering an alarm mechanism and logging.

4

Security and Performance Experimental Verification of the Scheme

4.1 Security Verification Experiments

4.1.1 Formal Verification (Based on GNY Logic)

GNY logic is used to formally verify the authentication protocol of the scheme, defining the following core logical predicates:

P |≡ X: Subject P believes proposition X;

P ⊢ X: Subject P possesses message X;

P ← X: Subject P receives message X;

{X} K: Encrypt X with key K;

[X] K: Sign X with key K.

Initial Assumptions:

KMC |≡ (SK_root ↔ KMC): KMC believes SK_root belongs to itself;

RSU |≡ (PK_root ↔ KMC): RSU believes PK_root belongs to KMC;

OBU |≡ (PK_root ↔ KMC): OBU believes PK_root belongs to KMC;

Cloud Platform |≡ (PK_RSU ↔ RSU): The cloud platform believes PK_RSU belongs to RSU.

Protocol Derivation:

RSU ← [ID_OBU, N1] SK_OBU, RSU ⊢ PK_OBU (from the public key database);

By GNY signing rules, RSU |≡ OBU ~ (ID_OBU, N1), meaning RSU believes OBU sent (ID_OBU, N1);

Cloud Platform ← [M, S] PK_RSU, cloud platform ⊢ PK_RSU;

By GNY verification rules, cloud platform |≡ RSU ~ (M, S), meaning the cloud platform believes RSU signed M.

Verification Conclusion: The authentication protocol of the scheme meets the security objectives of “identity trustworthiness and message authenticity” without logical vulnerabilities.

4.1.2 Attack Scenario Resistance Experiments

Six typical attack scenarios are designed to simulate real attack environments and verify the scheme’s defensive capabilities:

Privacy Leakage Attack Test:

Attack Method: The attacker disguises as RSU, receiving M_blind sent by OBU, attempting to reverse-engineer the original message M;

Experimental Result: Due to the randomness and irreversibility of the blinding factor r, the attacker cannot reverse-engineer M from M_blind, achieving a 100% privacy protection rate, successfully resisting privacy leakage attacks.

Signature Forgery Attack Test:

Attack Method: The attacker uses a forged private key to generate a false signature S_fake, attempting to verify it through the cloud platform;

Experimental Result: The cloud platform determines the signature is invalid due to the mismatch with PK_RSU and the forged private key, achieving a forgery success rate of 0, effectively resisting signature forgery attacks.

Data Tampering Attack Test:

Attack Method: The attacker intercepts the data package Pkg, tampering with the vehicle speed data v in the original message M;

Experimental Result: The cloud platform detects the hash value H does not match the tampered data’s hash value during verification, achieving a 100% tampering detection rate, successfully resisting data tampering attacks.

Replay Attack Test:

Attack Method: The attacker intercepts a legitimate data package Pkg_old from 7 minutes ago and attempts to re-upload it to the cloud platform;

Experimental Result: The cloud platform detects that the timestamp t has exceeded the 5-minute validity period, determining the data package is invalid, achieving a replay attack success rate of 0, effectively resisting replay attacks.

Man-in-the-Middle Attack Test:

Attack Method: The attacker intercepts communication between OBU and RSU, attempting to forge messages from both parties;

Experimental Result: Due to communication using SK_session encryption and both parties verifying identities through a challenge-response mechanism, the attacker cannot forge valid messages, resulting in a failed man-in-the-middle attack.

Denial of Service Attack Test:

Attack Method: The attacker sends 100,000 invalid signed data packages to the cloud platform, attempting to exhaust server resources;

Experimental Result: The cloud platform activates traffic filtering and batch verification optimization mechanisms, maintaining CPU usage ≤70% and memory usage ≤60% during peak traffic, with no service interruptions, effectively resisting denial of service attacks.

4.2 Performance Verification Experiments

4.2.1 Experimental Environment Setup

To comprehensively assess the performance of the scheme, a vehicle networking experimental environment close to actual applications is established, with the following hardware and software configurations:

Cloud Privacy Data Deduplication in the Internet of Vehicles | Construction of Blind Signature Scheme for IoV Data

4.2.2 Performance Evaluation Indicators and Testing Scheme

Four core evaluation indicators are set, using a combination of “single-node testing + system joint debugging testing”:

Computational Performance Indicators: Test the OBU blinding processing time, RSU signature generation time, and cloud platform verification time, averaging 1000 repetitions for each test.

Communication Performance Indicators: Test the packet size and transmission delay between OBU-RSU and OBU-cloud platform, and statistically analyze the transmission performance of 10,000 data.

Resource Occupation Indicators: Test the CPU usage and memory consumption of OBU during blinding processing, using the Perf tool for real-time monitoring.

Concurrent Processing Indicators: Test the throughput, response time, and packet loss rate of the cloud platform under concurrent requests of 1000-10000 TPS.

4.2.3 Experimental Results and Analysis

Computational Performance Analysis:

The computational performance test results are shown in the following table, with all nodes’ processing times meeting real-time requirements:

| Processing Stage | Average Time (ms) | Standard Deviation (ms) | Maximum Time (ms) | Meets Requirements (≤2ms/≤1ms) |

|——————|—————-|————–|—————-|—————————|

| OBU Blinding Processing | 0.72 | 0.15 | 1.13 | Yes |

| RSU Blind Signature Generation | 0.98 | 0.21 | 1.45 | Yes |

| Cloud Platform Single Verification | 0.45 | 0.10 | 0.78 | Yes |

| Cloud Platform Batch Verification (100 items) | 28.6 | 3.2 | 35.2 | Yes (equivalent single 0.286ms) |

Analysis shows that the lightweight design of the ECBS algorithm and the hardware acceleration module significantly enhance computational performance, especially the batch verification algorithm, which improves cloud platform verification efficiency by nearly 4 times.

Communication Performance Analysis:

The communication performance test results are shown in the following table, with the scheme’s communication overhead significantly reduced compared to traditional schemes:

| Communication Link | Packet Size (Byte) | Average Transmission Delay (ms) | Transmission Success Rate (%) | Optimization Rate Compared to RSA (%) |

|——————|——————-|——————–|—————-|———————-|

| OBU-RSU (Blind Message) | 112 | 32.5 | 99.98 | Communication volume reduced by 60% |

| OBU – Cloud Platform (Signature Package) | 224 | 45.8 | 99.97 | Communication volume reduced by 50% |

The reason is that elliptic curve point compression technology reduces the signature length from 128Bytes to 64Bytes, while optimizing the packet structure reduces redundant information.

Resource Occupation Analysis:

OBU resource occupation test results show that the scheme is well adapted to resource-constrained devices:

CPU Usage: Average 11.2%, Peak 17.8%, far below the 20% resource reservation threshold for in-vehicle terminals;

Memory Usage: Stabilized at 7.5MB, only occupying 1.46% of the total memory of OBU, with no memory leakage issues.

Concurrent Processing Analysis:

The cloud platform concurrent processing test results are shown in the following table, with the scheme supporting large-scale concurrent requests:

| Concurrent Request Volume (TPS) | Throughput (TPS) | Average Response Time (ms) | 99th Percentile Response Time (ms) | Packet Loss Rate (%) |

|——————-|—————|——————–|———————-|————-|

| 1000 | 992 | 0.98 | 1.85 | 0.02 |

| 3000 | 2945 | 1.25 | 2.32 | 0.15 |

| 5000 | 4812 | 1.86 | 3.15 | 0.32 |

| 10000 | 9236 | 3.28 | 5.86 | 0.78 |

Analysis shows that the distributed verification engine and load balancing mechanism of the cloud platform effectively enhance concurrent processing capabilities, maintaining high throughput and low packet loss rates even under 10,000 TPS requests.

5

Expansion of Application Scenarios and Promotion Strategies for the Scheme

5.1 Core Application Scenario Implementation Path

5.1.1 Secure Data Transmission for Autonomous Driving

Application Demand: Autonomous vehicles need to upload sensor data such as LiDAR and cameras to the cloud platform in real-time for model training and path planning, while protecting privacy information such as vehicle location and travel trajectory.

Implementation Path:

Integrate the ECBS algorithm hardware acceleration module into the on-board terminal for real-time blinding processing of sensor data;

Deploy edge signing services at roadside units to provide low-latency signing services for passing autonomous vehicles;

Build a distributed verification engine on the cloud platform to support concurrent verification and secure storage of millions of vehicle data.

Expected Effect: Data transmission delay ≤50ms, privacy protection rate 100%, signature verification accuracy rate ≥99.99%.

5.1.2 Intelligent Traffic Dynamic Scheduling

Application Demand: Traffic management departments collect traffic flow data through roadside units, implementing dynamic scheduling of traffic lights based on data, ensuring data authenticity and preventing false data from causing scheduling errors.

Implementation Path:

Roadside units, as signing parties, perform blind signatures on collected traffic flow data to ensure data integrity;

The traffic scheduling cloud platform verifies the signature’s validity before using the data for traffic light timing optimization algorithms;

Establish an abnormal data alarm mechanism to automatically mark forged data and trigger manual verification.

Expected Effect: Traffic flow data accuracy rate ≥99.9%, traffic light scheduling response time ≤10 seconds, regional traffic efficiency improvement of 15%-20%.

5.1.3 IoV Data Element Trading

Application Demand: Data service providers need to sell IoV data to research institutions and automotive companies, ensuring data source legality, privacy protection, and safeguarding the rights of both parties in the transaction.

Implementation Path:

Data providers (OBU/RSU) perform blind signatures on data, generating non-repudiable signature certificates;

The data trading platform verifies the signature’s validity and confirms data legality before listing for trade;

After data purchasers obtain the data, they verify data integrity through signatures to avoid transaction disputes.

Expected Effect: Data transaction success rate ≥99%, privacy leakage risk 0, transaction dispute rate ≤0.1%.

5.2 Large-Scale Promotion Strategies

5.2.1 Establishment of Technical Standard System

Lead the formulation of industry standards: Collaborate with the China Society of Automotive Engineers and the China Communications Standards Association to lead the formulation of industry standards such as “IoV Data Blind Signature Technology Specification” and “On-Board Unit Blind Signature Algorithm Interface Standard,” unifying technical parameters and interface protocols.

Participate in the formulation of international standards: Promote the core technologies of the scheme to be included in the IoV security standard system of international standard organizations such as ISO/TC22 and IEEE 802, enhancing international discourse power.

Establish a standard compliance testing platform: Build a standard compliance testing platform to provide scheme adaptability testing services for automotive companies and equipment manufacturers, ensuring standard implementation.

Cloud Privacy Data Deduplication in the Internet of Vehicles | Construction of Blind Signature Scheme for IoV Data

5.2.2 Collaborative Ecosystem Construction in the Industry Chain

Chip-level collaboration: Collaborate with chip manufacturers such as Huawei HiSilicon and Qualcomm to integrate the ECBS algorithm hardware acceleration module into in-vehicle chips, reducing adaptation costs for terminal manufacturers.

Terminal-level collaboration: Collaborate with automotive terminal manufacturers such as Bosch and Continental to pre-install the scheme into OBU and RSU devices, achieving “plug-and-play.”

Application-level collaboration: Collaborate with IoV platforms such as Baidu Apollo and Alibaba Zebra to develop scheme adaptation plugins, supporting rapid integration into existing application systems.

5.2.3 Pilot Demonstration and Promotion Implementation

Phased pilot: The first phase (2025-2026) will conduct pilots in autonomous driving demonstration areas such as Suzhou and Guangzhou to verify the feasibility of the scheme in closed scenarios; the second phase (2026-2027) will promote in intelligent traffic pilot cities such as Shenzhen and Hangzhou, covering open road scenarios; the third phase (after 2027) will scale up nationwide.

Breakthrough in typical scenarios: Prioritize breakthroughs in autonomous driving data transmission and intelligent traffic scheduling, forming replicable cases before expanding to other scenarios.

Policy and funding support: Apply for the National Development and Reform Commission’s “New Infrastructure” special fund and the Ministry of Industry and Information Technology’s IoV security special subsidies to provide funding support for pilot projects; promote local governments to introduce tax incentives and market access policies.

5.2.4 Talent Cultivation and Technological Innovation

School-enterprise cooperation for talent cultivation: Collaborate with Tsinghua University and Shanghai Jiao Tong University to establish a “IoV Security” specialization, setting up corporate scholarships to cultivate interdisciplinary talents.

Investment in technological research and development: Invest no less than 15% of revenue annually in technological research and development, focusing on breakthroughs in quantum-resistant blind signatures and AI-driven anomaly detection technologies.

Industry-academia-research collaborative innovation: Co-establish an “IoV Security Joint Laboratory” with research institutions such as the Chinese Academy of Sciences and the China Academy of Information and Communications Technology to promote the transformation of technological achievements.

6

Conclusion and Outlook

6.1 Main Research Achievements

This report focuses on the issues of IoV data security and privacy protection, constructing a data security scheme based on elliptic curve blind signatures, with the following main research achievements:

Constructed an IoV data security demand indicator system: Clarified six core demands such as privacy protection and identity verifiability, providing quantitative basis for scheme design.

Designed a four-level linked distributed architecture: Integrating KMC, OBU, RSU, and cloud platform into a closed-loop trust system, ensuring security throughout the process.

Innovated three core mechanisms: The hierarchical key management mechanism achieves refined key management, optimized ECBS algorithm enhances efficiency and security, and the three-dimensional identity authentication mechanism ensures trusted terminal identities.

Passed comprehensive security and performance verification: The scheme can resist six typical attacks, with computational, communication performance, and resource occupation meeting IoV demands, supporting large-scale concurrent processing.

6.2 Innovations of the Scheme

Technological innovation: Combining elliptic curve blind signatures with hardware acceleration and point compression technology achieves a coordinated optimization of “security and efficiency,” with signature verification efficiency improved by over 40% compared to traditional schemes.

Architectural innovation: Adopting a distributed trust architecture avoids the risk of failure of a single trust node while supporting dynamic expansion of nodes, adapting to the large-scale development needs of the IoV.

Application innovation: The scheme is not only applicable to data transmission security scenarios but can also be extended to emerging scenarios such as data trading and sharing, providing security support for the marketization of data elements.

6.3 Future Research Directions

Research on quantum-resistant blind signature technology: Addressing the threat of quantum computing to traditional cryptographic systems, researching quantum-resistant blind signature algorithms based on lattice cryptography and hash signatures to ensure long-term security of the scheme.

Integration of AI and blind signatures: Introducing artificial intelligence technology to build anomaly signature detection models based on deep learning, enhancing the scheme’s defense capabilities against unknown attacks; utilizing federated learning technology to achieve multi-node collaborative training while protecting data privacy.

Lightweight and adaptive optimization: Designing a more lightweight blind signature algorithm for low-cost in-vehicle terminals; developing an adaptive parameter adjustment mechanism to dynamically adjust algorithm parameters based on terminal performance and network conditions, balancing security and efficiency.

Cross-domain application expansion: Extending the scheme to vehicle-road collaboration, V2X communication authentication, in-vehicle payments, etc., to build a comprehensive IoV security protection system; exploring cross-industry applications of the scheme in industrial internet and IoT fields.

The IoV, as the core carrier of future intelligent transportation, requires data security and privacy protection as prerequisites for healthy industry development. This scheme provides a feasible technical path to address IoV data security issues and will continue to iterate and optimize, helping the IoV industry move towards a safer and smarter new stage of development.

Cloud Privacy Data Deduplication in the Internet of Vehicles | Construction of Blind Signature Scheme for IoV Data

Disclaimer: This article is a review of relevant literature on intelligent networking and information security, disseminating knowledge related to automotive network information security; if there are any related infringement disputes, please contact us in a timely manner for negotiation or deletion.

To obtain the latest research reports and information on network security, please scan the QR code to add customer service WeChat, join the group for free to receive important reports related to automotive network security.

Cloud Privacy Data Deduplication in the Internet of Vehicles | Construction of Blind Signature Scheme for IoV Data

Leave a Comment