Dynamic anonymous identity authentication (DAIA) scheme for VANET

With the development of the vehicular ad hoc network, the security and privacy are now becoming vital concerns, especially when the attacker owns more and more resources. In order to address these concerns, a dynamic anonymous identity authentication scheme is proposed using Elliptic Curve Discrete Logarithm Problem and blockchain method, which guarantees the security and fast off‐line authentication for vehicle‐to‐infrastructure. Specifically, a dynamic pseudonym key is generated using tamper proof device (TPD) for off‐line authentication and anonymity when a vehicle roams among different roadside units' (RSUs) communication ranges. Even if all RSUs are compromised, vehicle's identity is still privacy. Moreover, two additional design goals are more suitable for the practical environment: (1) the reduced assumption of TPD; (2) certification authority can trace vehicle under the authorization by law.     

LPPA: Lightweight privacy‐preservation access authentication scheme for massive devices in fifth Generation (5G) cellular networks

Because of the requirements of stringent latency, high‐connection density, and massive devices concurrent connection, the design of the security and efficient access authentication for massive devices is the key point to guarantee the application security under the future fifth Generation (5G) systems. The current access authentication mechanism proposed by 3rd Generation Partnership Project (3GPP) requires each device to execute the full access authentication process, which can not only incur a lot of protocol attacks but also result in signaling congestion on key nodes in 5G core networks when sea of devices concurrently request to access into the networks. In this paper, we design an efficient and secure privacy‐preservation access authentication scheme for massive devices in 5G wireless networks based on aggregation message authentication code (AMAC) technique. Our proposed scheme can accomplish the access authentication between massive devices and the network at the same time negotiate a distinct secret key between each device and the network. In addition, our proposed scheme can withstand a lot of protocol attacks including interior forgery attacks and DoS attacks and achieve identity privacy protection and group member update without sacrificing the efficiency. The Burrows Abadi Needham (BAN) logic and the formal verification tool: Automated Validation of Internet Security Protocols and Applications (AVISPA) and Security Protocol ANimator for AVISPA (SPAN) are employed to demonstrate the security of our proposed scheme.     

An improved EAAP scheme for vehicular ad hoc networks

Recently, Maria Azees et al proposed an “EAAP: efficient anonymous authentication with conditional privacy‐preserving scheme for Vehicular Ad Hoc Networks.” Their scheme is mainly to solve the problem of high computation time of anonymous certificate and signature authentication, as well as the tracking problem of malicious vehicles. However, some improvements are needed in the protection of anonymous identity and the effective tracking of malicious vehicles. In this paper, our scheme realizes mutual authentication between OBU and RSU, and the RSU is authenticated without using certificate. In order to prevent the anonymous identity of the vehicles from being monitored and tracked, we use the negotiated short‐time key to encrypt the anonymous identity in the vehicle certificates. In addition, our scheme uses a new tracking method for malicious vehicles. Then, we prove the scheme through BAN logic, and it has the properties of authentication, anonymity, unlinkability, privacy protection, and traceability. Finally, we compare the computation cost and communication cost with other schemes, and the scheme has been greatly improved.     

Location Privacy with Dynamic Pseudonym-Based Multiple Mix-Zones Generation over Road Networks

According to the recent studies, application related with safety associated with road networks must need verification of entities and messages. However, security of road network users like vehicles and drivers needs to be dealt with. Unique identity like pen names and certificates might get useful to ensure security. Pseudonym names and the special certificates are being considered as the basic building blocks to ensure security requirements for road networks. Nevertheless, apart from the seen advantages, road network communication might also generate certain privacy issues by giving opportunity to invader to track vehicles. One and for most basic technique is to solve this issue by means of using pen names by the vehicles and alter them time to time. Since executing the procedure of changing pen names has to increase overhead. By looking at such type of limitations, our given technique will produce top privacy level for the road network users by using dynamic pseudonyms based multiple mix zones scenario. This pseudonym based procedure will base upon vehicle’s acceleration, heading and displacement to execute dynamic pseudonym alteration. We have performed simulation by applying SUMO simulator. After having a detailed comparison with the current pseudonym change techniques, it has been verified that our given technique has shown enhanced performance in terms of acquiring top level privacy rate having few numbers of pseudonyms alteration; broad level of simulations and analysis has been elaborated the efficiency of the given technique.     

Distance and clustering‐based energy‐efficient pseudonyms changing strategy over road network

To improve the fairness, the energy consumption changing pseudonyms needs to be taken into account. Existing works focus on changing velocity‐based pseudonyms changing strategy and short changes interval with limited coverage, but due to similar velocity and short changes, internal attacker guesses easily known communication and location information due to location information of vehicle on tracking, which may expose adversary private information, and frequently, pseudonyms changing occurs due to movement of vehicles' similar velocity and short coverage, which may cause serious attack of vehicle. To overcome this problem, distance and cluster can be performed. In this work, we proposed distance and cluster‐based energy pseudonyms changing method for road network. We proposed distance and energy‐based clustering routing service over road network, the cluster head elected to depend on random number of distance and energy to change pseudonyms of vehicles. An each interval to be establish cluster head vehicle deployed while selects the operation mode and informs the cluster members of the selected mode through beacon signal. The cluster head vehicle node performs the pseudonyms changing based on the predicted distance and energy of the cluster member to use clustering optimization. The data of whole network send to report server through these nodes while near the RSU, and the vehicles in this area will use less energy to change the pseudonyms. The simulation results show that the proposed method enhances pseudonyms changing strategy less consumption and delays sufficient privacy level each vehicle also our method has outperform compare with existing methods than we use Sumo simulation and Matlab tools to verify our proposed method. Our proposed method outperformed in terms of pseudonym changing energy efficiency to careful attention during the cluster formation process, stable and balanced clusters that prolong the network lifetime, increases distances to more CH vehicles connectivity to makes clustering group and changing their pseudonyms in terms of high level privacy and finally, CH nodes use Dijkstra's algorithm use MST among the vehicles nodes depend on existing road networks to follow shortest path selection roads in terms of high connectivity probability of CH and stable structure of the network decreases the topology changes and thus,the clustering overhead is reduced.     

A pairing‐free identity‐based handover AKE protocol with anonymity in the heterogeneous wireless networks

Nowadays, seamless roaming service in heterogeneous wireless networks attracts more and more attention. When a mobile user roams into a foreign domain, the process of secure handover authentication and key exchange (AKE) plays an important role to verify the authenticity and establish a secure communication between the user and the access point. Meanwhile, to prevent the user's current location and moving history information from being tracked, privacy preservation should be also considered. However, existing handover AKE schemes have more or less defects in security aspects or efficiency. In this paper, a secure pairing‐free identity‐based handover AKE protocol with privacy preservation is proposed. In our scheme, users' temporary identities will be used to conceal their real identities during the handover process, and the foreign server can verify the legitimacy of the user with the home server's assistance. Besides, to resist ephemeral private key leakage attack, the session key is generated from the static private keys and the ephemeral private keys together. Security analysis shows that our protocol is provably secure in extended Canetti‐Krawczyk (eCK) model under the computational Diffie‐Hellman (CDH) assumption and can capture desirable security properties including key‐compromise impersonation resistance, ephemeral secrets reveal resistance, strong anonymity, etc. Furthermore, the efficiency of our identity‐based protocol is improved by removing pairings, which not only simplifies the complex management of public key infrastructure (PKI) but also reduces the computation overhead of ID‐based cryptosystem with pairings. It is shown that our proposed handover AKE protocol provides better security assurance and higher computational efficiency for roaming authentication in heterogeneous wireless networks.     

A secure n-secret based client authentication protocol for 802.11 WLANs

Authentication has strong impact on the overall security model of every information system. Various authentication techniques are available for restricting the access of unauthorized users to the enterprise scale networks. IEEE 802.1X defines a secure and reliable authentication framework for 802.11 WLANs, where Extensible Authentication Protocol (EAP) provides the base to this architecture. EAP is a generic architectural framework which supports extensibility by incorporating the new and improved authentication schemes, which are based on different types of credentials. Currently there exist a number of EAP and Non-EAP methods with varying level of security and complexity. In this work, we have designed a new n-secret based authentication scheme referred here as Personal Dialogue Based Authentication, for the client authentication to the network. It is a Transport Layer Security (TLS) protected authentication protocol, which will be executed inside the secure TLS tunnel for providing the privacy and credential security to the wireless client. The developed authentication protocol has a reasonable set of features like; strong security, user privacy, simplicity and extensibility. For the formal analysis of the protocol we have used SPAN–AVISAP model checker on Ubuntu platform for validating the realization of the specified security goals. The experimental results obtained by simulation performed with the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool shows that our protocol is efficient and secured.

     

Privacy‐preserving authentication schemes for vehicular ad hoc networks: a survey

Vehicular ad hoc networks (VANETs) are expected in improving road safety and traffic conditions, in which security is essential. In VANETs, the authentication of the vehicular access control is a crucial security service for both inter‐vehicle and vehicle–roadside unit communications. Meanwhile, vehicles also have to be prevented from the misuse of the private information and the attacks on their privacy. There is a number of research work focusing on providing the anonymous authentication with preserved privacy in VANETs. In this paper, we specifically provide a survey on the privacy‐preserving authentication (PPA) schemes proposed for VANETs. We investigate and categorize the existing PPA schemes by their key cryptographies for authentication and the mechanisms for privacy preservation. We also provide a comparative study/summary of the advantages and disadvantages of the existing PPA schemes. Lastly, the open issues and future objectives are identified for PPA in VANETs. Copyright © 2014 John Wiley & Sons, Ltd.     

车联网环境下无证书匿名认证方案

通过信息共享,车联网(IoV)为车辆提供各种应用,以提高道路安全和交通效率.然而,车辆之间的公开通信导致了车辆隐私泄露和各种攻击.因而,安全且保护隐私的信息共享方法是非常必要的,并且对车辆间通信的安全性和保密性提出了更高的要求,所以该文提出了一种支持批量验证的非线性对的无证书匿名认证方案.在该方案中,首先,采用无证书签...     

A chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card

Authenticated key agreement protocols play an important role for network‐connected servers to authenticate remote users in Internet environment. In recent years, several authenticated key agreement protocols for single‐server environment have been developed based on chaotic maps. In modern societies, people usually have to access multiple websites or enterprise servers to accomplish their daily personal matters or duties on work; therefore, how to increase user's convenience by offering multi‐server authentication protocol becomes a practical research topic. In this study, a novel chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card is proposed. In this protocol, a legal user can access multiple servers using only a single secret key obtained from a trusted third party, known as the registration center. Security analysis shows this protocol is secure against well‐known attacks. In addition, protocol efficiency analysis is conducted by comparing the proposed protocol with two recently proposed schemes in terms of computational cost during one authentication session. We have shown that the proposed protocol is twice faster than the one proposed by Khan and He while preserving the same security properties as their protocol has. Copyright © 2014 John Wiley & Sons, Ltd.     

Pseudonym changing strategy with multiple mix zones for trajectory privacy protection in road networks

In road network, vehicles' location may be identified, and their transmissions may even tracked by eavesdrops (eg, safety messages) that contain sensitive personal information such as identity and location of the vehicle. This type of communication leads to breaking the users' trajectory privacy. Frequently changing pseudonyms are widely accepted as a solution that protects the trajectory privacy of users in road networks. However, this solution may become invalid if a vehicle changes its pseudonym at an improper occasion. To cope with this issue, we presented an efficient pseudonym change strategy with multiple mix zones scheme to provide trajectory privacy for road network. In addition, we protected vehicles against linkability attack by cheating mechanism. Henceforth, we constructed a cheating detection mechanism which allows the vehicles to verify whether the pseudonym change process is successful or not and also detect to malicious vehicles. In this way, users' trajectory privacy can be improved. Finally, by taking the anonymity set size (ASS) as the trajectory privacy metric, we exhibit by means of simulations that the proposed scheme is effective in multiple networks scenarios.     

基于票据的车联网安全和隐私保护方案

随着车联网的发展,车辆通信将在提高行车安全,驾驶效率和舒适度方面发挥重要作用。车辆将访问多种应用,考虑到现有行车安全应用面临的严峻威胁,加之对用户验证、授权和计费的需求,攻击防护安全对于车载自组网来说尤为重要。在车辆使用基于位置的服务或行车安全服务时,攻击者可能会窃听通信内容,获取用户身份信息和位置隐私。为了提高车载自组织网安全,提出了一种采用分布式车辆公钥基础设施(VPKI)对车辆通信安全、位置隐私和身份匿名进行保护的方案。该方案采用票据为应用服务提供匿名访问控制和认证,并且可以解析和撤销不法车辆身份。最后,通过实验分析方案的效率来证明VPKI的可实施性。     

新的基于变色龙的车载通信安全与隐私保护

在车载自组网（VANET）中许多服务和应用需要保护数据通信的安全,为提高驾驶的安全性和舒适性,一些与交通状况有关的信息就要被周期性地广播并分享给司机,如果用户的身份和信息没有隐私和安全的保证,攻击者就会通过收集和分析交通信息追踪他们感兴趣的车辆,因此,匿名消息身份验证是VANET中不可或缺的要求。另一方面,当车辆参与纠纷事件时,证书颁发机构能够恢复车辆的真实身份。为解决车载通信这一问题,郭等人在传统方案的基础上提出一种基于椭圆曲线的变色龙散列的隐私保护验证协议。虽然此方案较之前方案具有车辆身份可追踪性和高效率性,但分析表明此方案不满足匿名性。对郭等人的方案进行安全性分析并在此基础上做出改进。     

Provable analysis and improvement of smart card–based anonymous authentication protocols

Nowadays, authentication protocols are essential for secure communications specially for roaming networks, distributed computer networks, and remote wireless communication. The numerous users in these networks rise vulnerabilities. Thus, privacy‐preserving methods have to be run to provide more reliable services and sustain privacy. Anonymous authentication is a method to remotely authenticate users with no revelation about their identity. In this paper, we analyze 2 smart card–based protocols that the user's identity is anonymous. However, we represent that they are vulnerable to privileged insider attack. It means that the servers can compromise the users' identity for breaking their privacy. Also, we highlight that the Wen et al protocol has flaws in both stolen smart card and stolen server attacks and the Odelu et al protocol is traceable. Then, we propose 2 modified anonymous authentication protocols. Finally, we analyze our improved protocols with both heuristic and formal methods.     

SOS: Self‐organized secure framework for VANET

While authentication is a necessary requirement to provide security in vehicular ad hoc networks, user's personal information such as identity and location must be kept private. The reliance on road side units or centralized trusted authority nodes to provide security services is critical because both are vulnerable, thus cannot be accessed by all users, which mean security absence. In this paper, we introduce a self‐organized secure framework, deployed in vehicular ad hoc networks. The proposed framework solution is designed not only to provide an effective, integrated security and privacy‐preserving mechanism but also to retain the availability of all security services even if there are no road side units at all and/or the trusted authority node is compromised. A decentralized tier‐based security framework that depends on both trusted authority and some fully trusted nodes cooperated to distribute security services is presented. Our approach combines the useful features of both Shamir secret sharing with a trust‐based technique to ensure continuity of achieving all security services. Mathematical analysis of security issues that the proposed framework achieves as well as the availability of offering security services is provided. Proposed framework examination was done to show the performance in terms of storage, computation complexity, and communication overhead as well as its resilience against various types of attacks. Comparisons with different types of security schemes showed that the protocol developed gave better results in most comparison parameters while being unique ensuring continuity of security services delivery.     

Privacy‐preserving multireceiver ID‐based encryption with provable security

Multireceiver identity (ID) based encryption and ID‐based broadcast encryption allow a sender to use the public identities of multiple receivers to encrypt messages so that only the selected receivers or a privileged set of users can decrypt the messages. It can be used for many practical applications such as digital content distribution, pay‐per‐view and multicast communication. For protecting the privacy of receivers or providing receiver anonymity, several privacy‐preserving (or anonymous) multireceiver ID‐based encryption and ID‐based broadcast encryption schemes were recently proposed, in which receiver anonymity means that nobody (including any selected receiver), except the sender, knows who the other selected receivers are. However, security incompleteness or flaws were found in these schemes. In this paper, we propose a new privacy‐preserving multireceiver ID‐based encryption scheme with provable security. We formally prove that the proposed scheme is semantically secure for confidentiality and receiver anonymity. Compared with the previously proposed anonymous multireceiver ID‐based encryption and ID‐based broadcast encryption schemes, the proposed scheme has better performance and robust security. Copyright © 2012 John Wiley & Sons, Ltd.     

Blockchain-inspired lightweight trust-based system in vehicular networks

A decentralized application runs on the blockchain network without the intervention of a central authority. Transparency in transactions and security in vehicular networks are the issues for central systems. The proposed system uses blockchain-based smart contracts, which eliminate the requirement for any third-party verification. Additionally, with signature verification and reduced overhead, smart contracts also help in a fast and secure transaction. This study suggests a trust-based system paradigm where certificate authority (CA) is employed for vehicle registration. We also propose a blockchain-based system that provides efficient two-way authentication and key agreement through encryption and digital signatures. The analysis of the proposed model reveals that it is an efficient way of establishing distributed trust management, which helps in preserving vehicle privacy. The proposed scheme is tested in Automated Validation of Internet Security-sensitive Protocols (AVISPA), and security parameters verification in Network Simulator 2(NS2) also shows that the proposed scheme is more effective in comparison with existing schemes in terms of authentication cost, storage cost, and overhead.     

Research on pairing-free certificateless batch anonymous authentication scheme for VANET

To solve the problem of security and efficiency of anonymous authentication in vehicular ad hoc network,a pairing-free certificateless batch anonymous authentication scheme was proposed.The public and private keys and pseudonyms were jointly generated by the trusted third party and vehicle,so the system security didn't depend on the tamper device.The scheme can realize authentication,anonymity,traceability,unforgeability,forward or backward security,and so on.Furthermore,under the random oracle model,the scheme can resist Type I and Type II attacks.Because there is no need to use certificates during authentication,the system storage load is effectively reduced.At the same time,the scheme realizes the batch message authentication on the basis of pairing-free operation,so the authentication efficiency is improved.Therefore,the scheme has important theoretical significance and application value in the resource-limited internet of things or embedded environment.     

Preserving User Anonymity in Context‐Aware Location‐Based Services: A Proposed Framework

Protecting privacy is an important goal in designing location‐based services. Service providers want to verify legitimate users and allow permitted users to enjoy their services. Users, however, want to preserve their privacy and prevent tracking. In this paper, a new framework providing users with more privacy and anonymity in both the authentication process and the querying process is proposed. Unlike the designs proposed in previous works, our framework benefits from a combination of three important techniques: k‐anonymity, timed fuzzy logic, and a one‐way hash function. Modifying and adapting these existing schemes provides us with a simpler, less complex, yet more mature solution. During authentication, the one‐way hash function provides users with more privacy by using fingerprints of users' identities. To provide anonymous authentication, the concept of confidence level is adopted with timed fuzzy logic. Regarding location privacy, spatial k‐anonymity prevents the users' locations from being tracked. The experiment results and analysis show that our framework can strengthen the protection of anonymity and privacy of users by incurring a minimal implementation cost and can improve functionality.