Survey on IoV routing protocols: Security and network architecture

As today, vehicles are equipped with wireless sensors and on‐board computers capable of collecting and processing a large amount of data; they can communicate to each other via different communication types and through different relay nodes. Internet of Vehicles (IoV) routing protocols are deployed to monitor these communications with various strategies to achieve a high availability of communication. In this paper, we propose to extend an existing taxonomy representing the necessary criteria to build IoV routing algorithms, by adding two new important criteria: security aspect and network architecture. Enhanced vehicular routing protocols with different security mechanisms have been studied, compared, and classified with respect to the authentication, the integrity, the confidentiality, the nonrepudiation, and the availability of data and communications. Routing protocols using the software‐defined networking (SDN) paradigm have also been reviewed in order to compare with those with traditional network architectures. Three types of SDN routing protocols, namely, centralized, decentralized, and hybrid control planes, have been analyzed. This survey will be useful for the choice of IoV routing protocols that take into account the flexibility, the scalability, and the intelligence of vehicular networks, as well as the security mechanisms against cyberattacks while being cost aware.     

An efficient two‐party authentication key exchange protocol for mobile environment

The primary goal of this research is to ensure secure communications by client‐server architectures in mobile environment. Although various two‐party authentication key exchange protocols are proposed and claimed to be resistant to a variety of attacks, studies have shown that various loopholes exist in these protocols. What's more, many two‐party authentication key exchange protocols use timestamp to prevent the replay attack and transmit the user's identity in plaintext form. Obviously, these methods will lead to the clock synchronization problem and user's anonymity problem. Fortunately, the three‐way challenged‐response handshake technique and masking user's original identity with a secret hash value used in our study address these problems well. Of course, the proposed protocol based on elliptic curve cryptography supports flawless mutual authentication of participants, agreement of session key, impersonation attack resistance, replay attack resistance, and prefect forward secrecy, as well. The analyses in the aspects of efficiency and security show that the proposed protocol is a better choice for mobile users.     

PUF‐based solutions for secure communications in Advanced Metering Infrastructure (AMI)

Advanced metering infrastructure (AMI) provides 2‐way communications between the utility and the smart meters. Developing authenticated key exchange (AKE) and broadcast authentication (BA) protocols is essential to provide secure communications in AMI. The security of all existing cryptographic protocols is based on the assumption that secret information is stored in the nonvolatile memories. In the AMI, the attackers can obtain some or all of the stored secret information from memories by a great variety of inexpensive and fast side‐channel attacks. Thus, all existing AKE and BA protocols are no longer secure. In this paper, we investigate how to develop secure AKE and BA protocols in the presence of memory attacks. As a solution, we propose to embed a physical unclonable function (PUF) in each party, which generates the secret values as required without the need to store them. By combining PUFs and 2 well‐known and secure protocols, we propose PUF‐based AKE and BA protocols. We show that our proposed protocols are memory leakage resilient. In addition, we prove their security in the standard model. Performance analysis of both protocols shows their efficiency for AMI applications. The proposed protocols can be easily implemented.     

Technical Investigation on V2G,S2V,and V2I for Next Generation Smart City Planning

The paper investigates a few of the major areas of the next generation technological advancement, “smart city planning concept”. The areas that the paper focuses are vehicle to grid (V2G), sun to vehicle (S2V), and vehicle to infrastructure (V2I). For the bi-directional crowd energy single entity concept, V2G and building to grid (B2G) are the primary parts of distributed renewable generation (DRG) under smart living. This research includes an in-depth overview of this three major areas. Next, the research conducts a case analysis of V2G, S2V, and V2I along with their possible limitations in order to find out the novel solutions for future development both for academia and industry levels. Lastly, few possible solutions have been proposed to minimize the limitations and to develop the existing system for future expansion.     

A lightweight anonymous two‐factor authentication protocol for wireless sensor networks in Internet of Vehicles

Internet of Vehicles (IoV), as the next generation of transportation systems, tries to make highway and public transportation more secure than used to be. In this system, users use public channels for their communication so they can be the victims of passive or active attacks. Therefore, a secure authentication protocol is essential for IoV; consequently, many protocols are presented to provide secure authentication for IoV. In 2018, Yu et al proposed a secure authentication protocol for WSNs in vehicular communications and claimed that their protocol could satisfy all crucial security features of a secure authentication protocol. Unfortunately, we found that their protocol is susceptible to sensor capture attack, user traceability attack, user impersonation attack, and offline sink node's secret key guessing attack. In this paper, we propose a new authentication protocol for IoV which can solve the weaknesses of Yu et al's protocol. Our protocol not only provides anonymous user registration phase and revocation smart card phase but also uses the biometric template in place of the password. We use both Burrow‐Abadi‐Needham (BAN) logic and real‐or‐random (ROR) model to present the formal analysis of our protocol. Finally, we compare our protocol with other existing related protocols in terms of security features and computation overhead. The results prove that our protocol can provide more security features and it is usable for IoV system.     

Survey of software defined D2D and V2X communication

The related D2D (device-to-device) and V2X (vehicle-to-everything) are regarded as vital components of 5G communication system,which providing alternative network services and multiple application services for cellular network.In the meanwhile,SDN (software defined networking) can improve the compatibilities and flexibilities of D2D and V2X.SD-D2D (software defined D2D communication) and SD-V2X (software defined V2X communication) technologies were reviewed.Based on their similarities and respective characteristics,their state-of-arts and architectures were reviewed accordingly,and the key technologies such as D2D location/discovery management,D2D routing control,D2D flow table management,V2V path scheduling,and V2V path recovery were analyzed.Finally,it was pointed out that the SD-D2D architecture was approaching mature and the SD-V2X framework had been preliminarily determined,the existing problems of interference management,mobile management and routing management in D2D/V2X communication could be effectively solved.Furthermore,it was also pointed out that the disconnection between the existing SD-D2D/V2X studies and the actual application needed to be overcome.     

Strong roaming authentication technique for wireless and mobile networks

When one considers the broad range of wirelessly connected mobile devices used today, it is clear that integrating such network‐enabled devices into secure roaming over wireless networks is of essential importance. Over the years, many authentication protocols have been suggested to address this issue. Among these protocols, the recently proposed privacy‐preserving universal authentication protocol, Priauth, exceeds the security and efficiency of other authentication techniques. This paper studies the existing roaming authentication protocols and shows that they are not strong enough to provide secure roaming services in three aspects. Further, using Priauth as an example, we propose efficient remedies that fix the weaknesses. The experimental results show that the proposed approaches are feasible in practice. Copyright © 2012 John Wiley & Sons, Ltd.     

An improved mutual authentication protocol based on perfect forward secrecy for satellite communications

As the mobile network progresses fast, mobile communications have a far‐reaching influence in our daily life. In order to guarantee the communication security, a myriad of experts introduced many authentication protocols. Recently, Qi et al presented an enhanced authentication with key agreement protocol for satellite communications, and they proclaimed that their protocol could defend various attacks and support varied security requirements. Regrettably, in this paper, we prove that their protocol was fruitless in resisting smart card stolen or loss attack, supporting perfect forward secrecy and had a fundamental error. To solve these problems, we present an improved protocol based on perfect forward secrecy. In addition, the analysis of our improved protocol suggests that it gets possession of faultless security properties and overcomes the flaws in the protocol of Qi et al perfectly. Thus, our improved protocol can be appropriated for the mobile communications.     

The KryptoKnight family of light-weight protocols forauthentication and key distribution

An essential function for achieving security in computer networks is reliable authentication of communicating parties and network components. Such authentication typically relies on exchanges of cryptographic messages between the involved parties, which in turn implies that these parties be able to acquire shared secret keys or certified public keys. Provision of authentication and key distribution functions in the primitive and resource-constrained environments of low-function networking mechanisms, portable, or wireless devices presents challenges in terms of resource usage, system management, ease of use, efficiency, and flexibility that are beyond the capabilities of previous designs such as Kerberos or X.509. This paper presents a family of light-weight authentication and key distribution protocols suitable for use in the low layers of network architectures. All the protocols are built around a common two-way authentication protocol. The paper argues that key distribution may require substantially different approaches in different network environments and shows that the proposed family of protocols offers a flexible palette of compatible solutions addressing many different networking scenarios. The mechanisms are minimal in cryptographic processing and message size, yet they are strong enough to meet the needs of secure key distribution for network entity authentication. The protocols presented have been implemented as part of comprehensive security subsystem prototype called KryptoKnight     

第二、三代移动通信系统安全体系的分析与比较

随着通信技术的飞速发展,通信系统尤其是第二、三代移动通信系统中的信息安全与通信保密已显得越来越为重要.详细地探讨了第二、三代移动通信系统的安全体制,重点分析了鉴权(认证)与密钥分配、加密与完整性保护的过程及其安全性.同时对2G与3G移动通信系统中相应的安全技术进行了详细的比较与分析.     

Doppler-resistant column-wise complementary coded CDMA technology for V2V communications

In Vehicle-to-Vehicle (V2V) communications, the relatively large Doppler-spread poses a great thread to the system performance. In this paper, we propose a new physical layer air-link technology, which combines the advantages of CDMA and OFDM technologies. More specifically, we apply the column-wise complementary codes to the original OFDM-based physical layer design, which can effectively mitigate the Doppler effect under high-speed communication scenarios. The superiority of the new architecture is demonstrated by mathematical analysis and extensive computer simulations. The main contribution of this paper is two-fold. First, the presented analysis provides a more deep insight into the key performance bottleneck in the emerging short-range communications (DSRC) technology. Second, the proposed air link architecture can be implemented with a relatively low implementation complexity, which is desirable for practical applications.     

HIMALIS-VI: Fast and Secure Mobility Management Scheme Based on HIMALIS for V2I Services in Future Networks

To overcome the inherent limitations of the current Internet architecture, such as lack of mobility support and security mechanism, research has begun on future Internet based on ID/locator split architecture. For the realization of future networks, it is necessary to consider the characteristics of their services and applications, as well as research on their basic architectures. The representative services include Cooperative Intelligent Transportation System (C-ITS) applications based on vehicle-to-vehicle/vehicle-to-infrastructure (V2V/V2I) communication which can prevent vehicular accidents, increase the efficiency of transportation systems, and reduce environmental pollution, all while improving passenger convenience. Since C-ITS services using V2I communication are tightly connected to both passenger and pedestrian safety, they require not only continuous network access but also secure communication regardless of the vehicle mobility. To provide continuous network access and secure communication to moving vehicles in future networks based on an ID/locator split approach, authentication and location updates of moving vehicles should be frequently performed, which results in significant signaling overhead. Therefore, to integrate V2I communication with an ID/locator split approach based on the (R1) HIMALIS architecture, in this paper we propose a novel mobility management scheme, called HIMALIS-VI, which can contribute to a delay reduction for the authentication and mitigating handover procedures at both the mobile hosts and network entities in an edge network.     

A secure and robust group key distribution and authentication protocol with efficient rekey mechanism for dynamic access control in secure group communications

In today's Internet era, group communications have become more and more essential for many emerging applications. Given the openness of today's networks, efficient and secure distribution of common key is an essential issue for secure communications in the group. To maintain confidentiality during communication in the group, all authorized members require a common key called the group key in advance. This paper proposes a group key distribution and authentication protocol for dynamic access control in secure group communication using Chinese remainder theorem (CRT), which is highly secure and computationally efficient. The proposed protocol (1) has drastically reduced the computation complexity of group controller ( GC ) and members, (2) has provided intense security by means of an additional secret parameter used by GC and members, (3) has minimized storage and communication overheads, (4) has been decentralized for higher scalability so that it can efficiently handle large‐scale changes in the group membership, and (5) is suitable for many practical applications due to intense security along with low computation and storage overheads. Detailed security analysis proves that our protocol can guarantee the privacy and security requirements of group communications. Moreover, performance analysis also verifies the efficiency and effectiveness of the proposed protocol. The proposed protocol has been experimented on star topology‐based key distribution system and observed that the protocol significantly reduces the computation cost and minimizes the communication and storage overheads.     

An ID‐based mutual authentication with key agreement protocol for multiserver environment on elliptic curve cryptosystem

Mutual authentication is used to validate the legitimacy of a remote login user and a server. Conventional user authentication protocols are suited to solve the privacy and security problems for the single client/server architecture environment. However, the use of computer networks and information technology has grown spectacularly. More and more network architectures are used in multi‐server environments. Recently, several authentication schemes for multi‐server environments have been proposed. However, the performance of these schemes is not suitable for applications. To improve the performance, we propose a new ID‐based mutual authentication protocols for multi‐server environment without bilinear pairings. We also show that the proposed scheme is provable secure in the random oracle model. Copyright © 2012 John Wiley & Sons, Ltd.     

Secure Authentication Schemes for Vehicular Adhoc Networks: A Survey

Vehicular Adhoc Network (VANET) is based on the principles of Mobile Adhoc NETwork (MANET) where vehicles are considered as nodes and secure communication is established to provide a safe driving experience. Due to its unique characteristics, it has various issues and challenges. These issues can be resolved by ensuring security requirements like authentication, privacy preservation, message integrity, non-repudiation, linkability, availability etc. Authentication plays a vital role since it is the first step to establish secure communication in the vehicular network. It also distinguishes malicious vehicles from legitimate vehicles. Different authentication schemes have been proposed to establish secure vehicular communications. A survey of the existing authentication schemes is given in this paper. At first, the existing authentication schemes are broadly classified based on message signing and verification methods. Then, each category is clearly explained with its sub-categories. At last, the existing schemes in each category are compared based on security requirements, security attacks and performance parameters.

     

Server‐less RFID authentication and searching protocol with enhanced security

This paper focuses on two interesting radio‐frequency identification (RFID) cryptographic protocols: the server‐less RFID authentication protocol that allows readers to authenticate tags without the help of any online backend servers, and the RFID searching protocol in which the verifier explicitly specifies the target tag to be searched and authenticated. These two kinds of RFID protocols play important roles in many RFID applications; however, the existing protocols either had security weaknesses or exhibited poor efficiency. This paper shows the weaknesses, and then proposes our server‐less RFID authentication protocol and RFID searching protocol. The proposed protocols greatly enhance the security using one more hashing. Copyright © 2011 John Wiley & Sons, Ltd.     

移动互联网安全接入机制研究

文中关注移动互联网网络接入安全性,介绍移动互联网面临的安全威胁,研究移动互联网的网络结构和接口协议,提出跨网系的统一认证与授权管理技术,阐述网络接入安全需求,针对EAPSIM和EAP-AKA两种安全机制,分析网络接入鉴权与密钥协商流程,以及演进分组核心网络各网元设备功能,实现用户和网络之间的认证性、机密性和完整性的安全防护,为移动互联网网络安全体制建设提供理论依据与技术支撑。     

Provable analysis and improvement of smart card–based anonymous authentication protocols

Nowadays, authentication protocols are essential for secure communications specially for roaming networks, distributed computer networks, and remote wireless communication. The numerous users in these networks rise vulnerabilities. Thus, privacy‐preserving methods have to be run to provide more reliable services and sustain privacy. Anonymous authentication is a method to remotely authenticate users with no revelation about their identity. In this paper, we analyze 2 smart card–based protocols that the user's identity is anonymous. However, we represent that they are vulnerable to privileged insider attack. It means that the servers can compromise the users' identity for breaking their privacy. Also, we highlight that the Wen et al protocol has flaws in both stolen smart card and stolen server attacks and the Odelu et al protocol is traceable. Then, we propose 2 modified anonymous authentication protocols. Finally, we analyze our improved protocols with both heuristic and formal methods.     

Privacy‐preserving authentication schemes for vehicular ad hoc networks: a survey

Vehicular ad hoc networks (VANETs) are expected in improving road safety and traffic conditions, in which security is essential. In VANETs, the authentication of the vehicular access control is a crucial security service for both inter‐vehicle and vehicle–roadside unit communications. Meanwhile, vehicles also have to be prevented from the misuse of the private information and the attacks on their privacy. There is a number of research work focusing on providing the anonymous authentication with preserved privacy in VANETs. In this paper, we specifically provide a survey on the privacy‐preserving authentication (PPA) schemes proposed for VANETs. We investigate and categorize the existing PPA schemes by their key cryptographies for authentication and the mechanisms for privacy preservation. We also provide a comparative study/summary of the advantages and disadvantages of the existing PPA schemes. Lastly, the open issues and future objectives are identified for PPA in VANETs. Copyright © 2014 John Wiley & Sons, Ltd.