Privacy‐preserving authentication schemes for vehicular ad hoc networks: a survey

Vehicular ad hoc networks (VANETs) are expected in improving road safety and traffic conditions, in which security is essential. In VANETs, the authentication of the vehicular access control is a crucial security service for both inter‐vehicle and vehicle–roadside unit communications. Meanwhile, vehicles also have to be prevented from the misuse of the private information and the attacks on their privacy. There is a number of research work focusing on providing the anonymous authentication with preserved privacy in VANETs. In this paper, we specifically provide a survey on the privacy‐preserving authentication (PPA) schemes proposed for VANETs. We investigate and categorize the existing PPA schemes by their key cryptographies for authentication and the mechanisms for privacy preservation. We also provide a comparative study/summary of the advantages and disadvantages of the existing PPA schemes. Lastly, the open issues and future objectives are identified for PPA in VANETs. Copyright © 2014 John Wiley & Sons, Ltd.     

Compressive Sensing Node Localization Method Using Autonomous Underwater Vehicle Network

This framework attempts to introduce a new Distributed denial-of-service (DDoS) attack detection and mitigation model. It is comprised of two stages, namely DDoS attack detection and mitigation. The first stage consists of three important phases like feature extraction, optimal feature selection, and classification. In order to optimally select the features of obtained feature sets, a new improved algorithm is implanted named Improved Update oriented Rider Optimization Algorithm (IU-ROA), which is the modification of the Rider Optimization Algorithm (ROA) algorithm. The optimal features are subjected to classification using the Deep Convolutional Neural Network (CNN) model, in which the presence of network attacks can be detected. The second stage is the mitigation of the attacker node. For this, a bait detection mechanism is launched, which provides the effective mitigation of malicious nodes having Distributed Denial-of-Service (DDoS) attacks. The experimentation is done on the KDD cup 99 dataset and the experimental analysis proves that the proposed model generates a better result which is 90.06% in mitigation analysis and the overall performance analysis of the proposed model on DDoS Attack Detection is 96% better than conventional methods.

     

Shield Techniques for Application Layer DDoS Attack in MANET: A Methodological Review

In today’s world of wireless networks the mobile ad-hoc networks are widely preferred as a communication medium as these are infrastructure less networks. The application layer of these networks is targeted by attackers because it is responsible for actual data exchange with end users. As human dependency on wireless networks is increasing the DDoS attacks i.e. distributed denial of service attack which becomes a nightmare for the researchers. This attack is one of the most devastating attacks that can be executed on web-servers and congest the network keys like socket connections, CPU cycles, and memory database. In this current mobile computing world the necessity of DDOS attack management is significantly increased because this attack can degrade the entire web experience. Further, this DDOS attack is commenced along with the legitimate requests so it is also important to differentiate DDoS attack from other similar Events. This review endeavors to explore with more emphasis on application layer DDoS attack and its management stages like prevention, detection, mitigation and Differentiation along with comparative statement of prominent techniques discovered in each stage. This methodological survey report shall lead the way to researchers and network designers to suit the specific management scheme to provide the complete protection of wireless networks from DDoS attack.

     

DDoS攻击恶意行为知识库构建

针对分布式拒绝服务（distributed denial of service,DDoS）网络攻击知识库研究不足的问题,提出了DDoS攻击恶意行为知识库的构建方法。该知识库基于知识图谱构建,包含恶意流量检测库和网络安全知识库两部分：恶意流量检测库对 DDoS 攻击引发的恶意流量进行检测并分类;网络安全知识库从流量特征和攻击框架对DDoS 攻击恶意行为建模,并对恶意行为进行推理、溯源和反馈。在此基础上基于DDoS 开放威胁信号（DDoS open threat signaling,DOTS）协议搭建分布式知识库,实现分布式节点间的数据传输、DDoS攻击防御与恶意流量缓解功能。实验结果表明,DDoS攻击恶意行为知识库能在多个网关处有效检测和缓解DDoS攻击引发的恶意流量,并具备分布式知识库间的知识更新和推理功能,表现出良好的可扩展性。     

Efficient Privacy-Preserving Anonymous Authentication Protocol for Vehicular Ad-Hoc Networks

Vehicular ad-hoc network (VANET) has been considered as one of the most promising wireless sensor technologies, which could enhance driving convenience and traffic efficiency through real-time information interaction. Nevertheless, emerging security issues (e.g., confidentiality, integrity, identity privacy, message authentication) will hinder the widespread deployment of VANETs. To address these issues, in this paper, we propose an efficient privacy-preserving anonymous authentication protocol for VANETs. We first design an identity-based signature algorithm, and exploit it with an account information of a vehicle to propose our anonymous authentication protocol. The protocol enables each vehicle to anonymously send an authenticated message to nearby roadside units (RSUs) in a confidential way, and efficiently check the feedback information from nearby RSUs. Simultaneously, the protocol achieves key-exchange functionality, which could produce a session key for later secure communication between vehicles and RSUs. Finally, we give the security analysis of the proposed protocol and conduct a comprehensive performance evaluation, the results demonstrate its feasibility in the secure deployment of VANETs.

     

An efficient voting based decentralized revocation protocol for vehicular ad hoc networks

Vehicular Ad-hoc NETworks (VANETs) enable cooperative behaviors in vehicular environments and are seen as an integral component of Intelligent Transportation Systems (ITSs). The security of VANETs is crucial for their successful deployment and widespread adoption. A critical aspect of preserving the security and privacy of VANETs is the efficient revocation of the ability of misbehaving or malicious vehicles to participate in the network. This is usually achieved by revoking the validity of the digital certificates of the offending nodes and by maintaining and distributing an accurate Certificate Revocation List (CRL). The immediate revocation of misbehaving vehicles is of prime importance for the safety of other vehicles and users. In this paper, we present a decentralized revocation approach based on Shamir’s secret sharing to revoke misbehaving vehicles with very low delays. Besides enhancing VANETs’ security, our proposed protocol limits the size of the revocation list to the number of the revoked vehicles. Consequently, the authentication process is more efficient, and the communication overhead is reduced. We experimentally evaluate our protocol to demonstrate that it provides a reliable solution to the scalability, efficiency and security of VANETs.     

Analysis of area-congestion-based DDoS attacks in ad hoc networks

Increased instances of distributed denial of service (DDoS) attacks on the Internet have raised questions on whether and how ad hoc networks are vulnerable to such attacks. This paper studies the special properties of such attacks in ad hoc networks. We examine two types of area-congestion-based DDoS attacks – remote and local attacks – and present in-depth analysis on various factors and attack constraints that an attacker may use and face. We find that (1) there are two types of congestion – self congestion and cross congestion – that need to be carefully monitored; (2) the normal traffic itself causes significant packet loss in addition to the attack impacts in both remote and local attacks; (3) the number of flooding nodes has major impacts on remote attacks while, the load of normal traffic and the position of flooding nodes are critical to local attacks; and (4) given the same number of flooding nodes and attack loads, a remote DDoS attack can cause more damage to the network than a local DDoS attack.     

Efficient DDoS attack detection and prevention scheme based on SDN in cloud environment

For addressing the problem of two typical types of distributed denial of service (DDoS) attacks in cloud environment,a DDoS attack detection and prevention scheme called SDCC based on software defined network (SDN) architecture was proposed.SDCC used a combination of bandwidth detection and data flow detection,utilized confidence-based filtering (CBF) method to calculate the CBF score of packets,judged the packet of CBF score below the threshold as an attacking packet,added its attribute information to the attack flow feature library,and sent the flow table to intercept it through SDN controller.Simulation results show that SDCC can detect and prevent different types of DDoS attacks effectively,and it has high detection efficiency,reduces the controller’s computation overhead,and achieves a low false positive rate.     

基于SNMP和神经网络的DDoS攻击检测

DDoS（Distributed Denial of Service）已经严重威胁计算机网络安全。对DDoS攻击检测的关键是找到能反映攻击流和正常流区别的特征,设计简单高效的算法,实时检测。通过对攻击特点的分析,总结出15个基于SNMP（Simple Network Management Protocol）的检测特征。利用BP神经网络高效的计算性能,设计了基于SNMP和神经网络的DDoS攻击检测模型,提高了检测实时性和准确性。实验表明：该检测模型对多种DDoS攻击都具有很好的检测效果。     

一种新的DDoS攻击检测算法

为了准确及时的进行DDoS攻击检测,提出了一种新的DDoS攻击检测算法。该算法在基于传统的小波分析检测DDoS攻击的基础上融入了主成分分析法和小波分析法中DDoS检测方法,并根据该算法设计相应的模型和算法来检测 DDoS 攻击,并且引入信息论中的信息熵对源IP地址的分散程度进行度量,根据初始阶段Hurst指数及熵值的变化自适应地设定阈值以检测攻击的发生。实验结果表明,该方法大幅度的提高了DDoS检测的速度。     

车联网环境下基于Cuckoo过滤器的轻量V2I认证算法

基于假名认证机制是保护车与路边设施间通信(V2I)隐私的有效方法,传统的基于证书撤销清单(CRL)方法存在通信和计算开销大的问题。为此,提出基于布谷鸟(Cuckoo)过滤器的轻量V2I认证算法(CFLA)。CFLA算法通过局部信任中心(LTA)给其覆盖内的车辆分配假名,并利用Merkle散列树(MHT)存储车辆假名,每辆车维持一棵独立MHT。同时,采用布谷鸟过滤器(CF)数据结构,降低存储、计算和通信开销。安全性能分析表明,提出的CFLA算法能够具有防御中间攻击、重放攻击的能力。相比于相关的同类算法,CFLA算法降低了认证开销。     

新网络环境下应用层DDoS攻击的剖析与防御

针对新网络环境下近两年新出现的应用层分布式拒绝服务攻击,本文将详细剖析其原理与特点,并分析现有检测机制在处理这种攻击上的不足.最后,本文提出一种基于用户行为的检测机制,它利用Web挖掘的方法通过Web访问行为与正常用户浏览行为的偏离程度检测与过滤恶意的攻击请求,并通过应用层与传输层的协作实现对攻击源的隔离.     

Fast randomized algorithm for 2-hops clustering in vehicular ad-hoc networks

Vehicular Ad-Hoc Networks (VANETs) enable inter vehicle wireless communication as well as communication with road side equipment. Warning messages can be exchanged among nearby vehicles, helping to predict dangerous situations, and thus improving road safety. Such safety messages require fast delivery and minimal delay to local areas, in order for them to be effective. Therefore, a fast and efficient channel access scheme is required. A feasible solution, derived from the Mobile Ad-Hoc Networks (MANETs) field, groups nodes into smaller manageable sections called clusters. Such an approach can be beneficial for locally delivering messages under strict time constraints. In this paper, a Hierarchical Clustering Algorithm (HCA) is presented. HCA is a distributed randomized algorithm, which manages channel access by forming three hierarchy clusters. The proposed channel access scheme enables delay bounded reliable communication. Unlike other common clustering algorithm for VANETs, HCA does not require the knowledge of the vehicles’ locations. This feature guarantees accurate operation even when localization systems such as GPS are not available. The running time and message complexity were analyzed and simulated. Simulation results show that the algorithm behaves well especially under realistic mobility patterns; therefore, it is a suitable solution for channel access scheme for VANETs.     

IP address allocation protocols in vehicular ad hoc networks

In vehicular ad hoc networks (VANETs), communication takes place between vehicles to vehicles, the vehicles to the road side units, and vice-versa. The basic purpose of these communications is to share and exchange tremendous amount of data and information. For efficient information sharing, a systematic and structured connection establishment algorithm is needed. In VANETs, each connected node of the network need to be assigned a unique address. Hence, an algorithm is needed for the proper assignment of unique address to all nodes in the network. This paper explains different types of IP address protocols in VANETs. We have also explained advantage and disadvantage of existing IP address allocation protocols in VANETs.     

Using discriminant analysis to detect intrusions in external communication for self-driving vehicles

Security systems are a necessity for the deployment of smart vehicles in our society. Security in vehicular ad hoc networks is crucial to the reliable exchange of information and control data. In this paper, we propose an intelligent Intrusion Detection System (IDS) to protect the external communication of self-driving and semi self-driving vehicles. This technology has the ability to detect Denial of Service (DoS) and black hole attacks on vehicular ad hoc networks (VANETs). The advantage of the proposed IDS over existing security systems is that it detects attacks before they causes significant damage. The intrusion prediction technique is based on Linear Discriminant Analysis (LDA) and Quadratic Discriminant Analysis (QDA) which are used to predict attacks based on observed vehicle behavior. We perform simulations using Network Simulator 2 to demonstrate that the IDS achieves a low rate of false alarms and high accuracy in detection.     

Trust based authentication technique for cluster based vehicular ad hoc networks (VANET)

Since Vehicular ad hoc networks (VANETs) are vulnerable to various kinds of attacks, there is a need to fulfill the security requirements like message privacy, integrity, and authentication. The authentication technique is said to be efficient if it detects compromised nodes accurately with less complexity, reduced authentication delay, and keying overhead. In this paper, a trust-based authentication scheme for cluster-based VANETs is proposed. The vehicles are clustered, and the trust degree of each node is estimated. The trust degree is a combination of direct trust degree and indirect trust degree. Based on this estimated trust degree, cluster heads are selected. Then, each vehicle is monitored by a set of verifiers, and the messages are digitally signed by the sender and encrypted using a public/ private key as distributed by a trusted authority and decrypted by the destination. This verifies the identity of sender as well as receiver thus providing authentication to the scheme. By simulation results, we prove that the proposed technique provides high security with less overhead and delay.     

A Profile-Based Novel Framework for Detecting EDoS Attacks in the Cloud Environment

The future of information technology mainly depends upon cloud computing. Hence security in cloud computing is highly essential for the consumers as well as the service providers of the particular cloud environment. There are many security threats are challenging the current cloud environment. One of the important security threat ever in cloud environment is considered to be the Distributed Denial of Service (DDoS) attack. Where cloud is of greater benefit in terms of providing on-demand services, a certain kind of attack named as Economic Denial of Sustainability (EDoS) occurs in pay per use payment model. Due to the occurrence of this attack the consumers are forced to pay additional amount for the services offered. EDoS attacks are similar to that of DDoS attacks Which is classified as-attacks associated with bandwidth consuming, application targeted attacks and the exhaustion of the connection layer. The main objective of the proposed work is to design a profile-based novel framework for maximizing the detection of various types of EDoS attacks. During this process, the proposed framework consisting Feature Classification (FC) algorithm ensures that false positives and negatives along with bandwidth and memory consumption are highly minimized. The proposed algorithm allows only the limited resources for allocation to the available virtual machines which increases the chances of the detecting the attack and preventing the misuse propagation of resources. The accuracy and efficiency of this approach is proven to be higher with lesser computational complexity when compare to the existing approaches.

     

一种可证安全的车联网无证书聚合签名改进方案

车联网(VANETs)是组织车－X(X:车、路、行人及互联网等)之间的无线通信和信息交换的大型网络,是智慧城市重要组成部分。其消息认证算法的安全与效率对车联网至关重要。该文分析王大星等人的VANETs消息认证方案的安全不足,并提出一种改进的可证安全的无证书聚合签名方案。该文方案利用椭圆曲线密码构建了一个改进的安全无证书聚合认证方案。该方案降低了密码运算过程中的复杂性,同时实现条件隐私保护功能。严格安全分析证明该文方案满足VANETs的安全需求。性能分析表明该文方案相比王大星等人方案,较大幅度地降低了消息签名、单一验证以及聚合验证算法的计算开销,同时也减少了通信开销。     

VANET中抗被动和主动攻击的位置隐私保护方案(英文)

Existing location privacypreserving methods,without a trusted third party,cannot resist conspiracy attacks and active attacks.This paper proposes a novel solution for location based service(LBS) in vehicular ad hoc network(VANET).Firstly,the relationship among anonymity degree,expected company area and vehicle density is discussed.Then,a companion set V is set up by k neighbor vehicles.Based on secure multi-party computation,each vehicle in V can compute the centroid,not revealing its location to each other.The centroid as a cloaking location is sent to LBS provider(P)and P returns a point of interest(POI).Due to a distributed secret sharing structure,P cannot obtain the positions of non-complicity vehicles by colluding with multiple internal vehicles.To detect fake data from dishonest vehicles,zero knowledge proof is adopted.Comparing with other related methods,our solution can resist passive and active attacks from internal and external nodes.It provides strong privacy protection for LBS in VANET.     

DDoS attack detection and defense based on hybrid deep learning model in SDN

Software defined network (SDN) is a new kind of network technology,and the security problems are the hot topics in SDN field,such as SDN control channel security,forged service deployment and external distributed denial of service (DDoS) attacks.Aiming at DDoS attack problem of security in SDN,a DDoS attack detection method called DCNN-DSAE based on deep learning hybrid model in SDN was proposed.In this method,when a deep learning model was constructed,the input feature included 21 different types of fields extracted from the data plane and 5 extra self-designed features of distinguishing flow types.The experimental results show that the method has high accuracy,it’s better than the traditional support vector machine (SVM) and deep neural network (DNN) and other machine learning methods.At the same time,the proposed method can also shorten the processing time of classification detection.The detection model is deployed in SDN controller,and the new security policy is sent to the OpenFlow switch to achieve the defense against specific DDoS attack.