Privacy‐preserving authentication schemes for vehicular ad hoc networks: a survey

Vehicular ad hoc networks (VANETs) are expected in improving road safety and traffic conditions, in which security is essential. In VANETs, the authentication of the vehicular access control is a crucial security service for both inter‐vehicle and vehicle–roadside unit communications. Meanwhile, vehicles also have to be prevented from the misuse of the private information and the attacks on their privacy. There is a number of research work focusing on providing the anonymous authentication with preserved privacy in VANETs. In this paper, we specifically provide a survey on the privacy‐preserving authentication (PPA) schemes proposed for VANETs. We investigate and categorize the existing PPA schemes by their key cryptographies for authentication and the mechanisms for privacy preservation. We also provide a comparative study/summary of the advantages and disadvantages of the existing PPA schemes. Lastly, the open issues and future objectives are identified for PPA in VANETs. Copyright © 2014 John Wiley & Sons, Ltd.     

Privacy‐preserving registration protocol for mobile network

In this paper, we propose a novel privacy‐preserving registration protocol that combines the verifier local revocation group signature with mobile IP. The protocol could achieve strong security guarantee, such as user anonymity via a robust temporary identity, local user revocation with untraceability support, and secure key establishment against home server and eavesdroppers. Various kinds of adversary attacks can be prevented by the proposed protocol, especially that deposit‐case attack does not work here. Meanwhile, a concurrent mechanism and a dynamical revocation method are designed to minimize the handover authentication delay and the home registration signals. The theoretical analysis and simulation results show that the proposed scheme could provide high security level besides lightweight computational cost and efficient communication performance. For instance, compared with Yang's scheme, the proposed protocol could decrease the falling speed of handover authentication delay up to about 40% with privacy being preserved. Copyright © 2012 John Wiley & Sons, Ltd.     

A secure mutual authentication scheme with non‐repudiation for vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) have been a research focus in recent years. VANETs are not only used to enhance the road safety and reduce the traffic accidents earlier but also conducted more researches in network value‐added service. As a result, the security requirements of vehicle communication are given more attention. In order to prevent the security threat of VANETs, the security requirements, such as the message integrity, availability, and confidentiality are needed to be guaranteed further. Therefore, a secured and efficient verification scheme for VANETs is proposed to satisfy these requirements and reduce the computational cost by combining the asymmetric and symmetric cryptology, certificate, digital signature, and session key update mechanism. In addition, our proposed scheme can resist malicious attacks or prevent illegal users' access via security and performance analysis. In summary, the proposed scheme is proved to achieve the requirements of resist known attacks, non‐repudiation, authentication, availability, integrity, and confidentiality. Copyright © 2015 John Wiley & Sons, Ltd.     

Privacy‐preserving multireceiver ID‐based encryption with provable security

Multireceiver identity (ID) based encryption and ID‐based broadcast encryption allow a sender to use the public identities of multiple receivers to encrypt messages so that only the selected receivers or a privileged set of users can decrypt the messages. It can be used for many practical applications such as digital content distribution, pay‐per‐view and multicast communication. For protecting the privacy of receivers or providing receiver anonymity, several privacy‐preserving (or anonymous) multireceiver ID‐based encryption and ID‐based broadcast encryption schemes were recently proposed, in which receiver anonymity means that nobody (including any selected receiver), except the sender, knows who the other selected receivers are. However, security incompleteness or flaws were found in these schemes. In this paper, we propose a new privacy‐preserving multireceiver ID‐based encryption scheme with provable security. We formally prove that the proposed scheme is semantically secure for confidentiality and receiver anonymity. Compared with the previously proposed anonymous multireceiver ID‐based encryption and ID‐based broadcast encryption schemes, the proposed scheme has better performance and robust security. Copyright © 2012 John Wiley & Sons, Ltd.     

A secure and efficient password‐authenticated group key exchange protocol for mobile ad hoc networks

Password‐authenticated group key exchange protocols enable communication parties to establish a common secret key (a session key) by only using short secret passwords. Such protocols have been receiving significant attention. This paper shows some security weaknesses in some recently proposed password‐authenticated group key exchange protocols. Furthermore, a secure and efficient password‐authenticated group key exchange protocol in mobile ad hoc networks is proposed. It only requires constant round to generate a group session key under the dynamic scenario. In other words, the overhead of key generation is independent of the size of a total group. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. Security and performance analyses show that, compared with other related group key exchange schemes, the proposed protocol is also efficient for real‐world applications in enhancing the security over wireless communications. Copyright © 2011 John Wiley & Sons, Ltd.     

QoS‐aware broadcasting in VANETs based on fuzzy logic and enhanced kinetic multipoint relay

Vehicular ad hoc networks (VANETs) are emergent concepts in terms of infrastructure‐less communication. The data dissemination is usually done using broadcast schemes. Data broadcast in VANETs is a challenging issue due to the high mobility vehicles and the varying density. On one hand, these vehicles have to share and disseminate the safety‐critical information, in real time, to other intended vehicles. On the other hand, the existing broadcast solutions do not succeed, till now, to fulfill VANETs requirements especially in terms of performance and QoS. In this paper, we propose a new QoS‐aware broadcast method in order to face VANETs communications challenges. We choose to adapt a concept originally devoted to mobile ad hoc networks (MANETs) and join it to other specific VANET techniques to introduce a new broadcasting protocol in the aim of optimizing QoS fulfilment. The proposed solution is fundamentally based on enhanced kinetic strategy assisted with fuzzy logic for QoS‐aware multipoint relay (MPR). The protocol efficiency is eventually tested through an experimental study and compared with existing methods. The results prove the over‐performance of the proposed solution.     

Privacy‐preserving authentication scheme for on‐road on‐demand refilling of pseudonym in VANET

Privacy in Vehicular Ad Hoc Networks (VANET) is fundamental because the user's safety may be threatened by the identity and the real‐time spatiotemporal data exchanged on the network. This issue is commonly addressed by the use of certified temporal pseudonyms and their updating strategies to ensure the user's unlinkability and anonymity. IEEE 1609.2 Standard specified the process of certifying pseudonym along with certificates structure. However, the communication procedure between the certifying authority and the requesting vehicle was not defined. In this paper, a new privacy‐preserving solution for pseudonym on‐road on‐demand refilling is proposed where the vehicle anonymously authenticates itself to the regional authority subsidiary of the central trusted authority to request a new pseudonyms pool. The authentication method has two phases, the first one uses anonymous tickets, and the second one is a challenge‐based authentication. The anonymous tickets are certificates that do not include the identity of the user. Instead, it contains a reference number and the certifying authority signature. The challenge authentication is identity‐less to preserve the privacy, yet it is used to prevent the misuse of tickets and the impersonation of its owner. Our proposed scheme is analyzed by the use of Burrows, Abadi and Needham (BAN) logic to demonstrate its correctness. It is also specified and checked by using the Security Protocol ANimator (SPAN) and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tools. The logical demonstration proved that this privacy‐preserving authentication is assured. The SPAN and AVISPA tools illustrated that it is resilient to security attacks.     

SOS: Self‐organized secure framework for VANET

While authentication is a necessary requirement to provide security in vehicular ad hoc networks, user's personal information such as identity and location must be kept private. The reliance on road side units or centralized trusted authority nodes to provide security services is critical because both are vulnerable, thus cannot be accessed by all users, which mean security absence. In this paper, we introduce a self‐organized secure framework, deployed in vehicular ad hoc networks. The proposed framework solution is designed not only to provide an effective, integrated security and privacy‐preserving mechanism but also to retain the availability of all security services even if there are no road side units at all and/or the trusted authority node is compromised. A decentralized tier‐based security framework that depends on both trusted authority and some fully trusted nodes cooperated to distribute security services is presented. Our approach combines the useful features of both Shamir secret sharing with a trust‐based technique to ensure continuity of achieving all security services. Mathematical analysis of security issues that the proposed framework achieves as well as the availability of offering security services is provided. Proposed framework examination was done to show the performance in terms of storage, computation complexity, and communication overhead as well as its resilience against various types of attacks. Comparisons with different types of security schemes showed that the protocol developed gave better results in most comparison parameters while being unique ensuring continuity of security services delivery.     

An effective back‐off selection technique for reliable beacon reception in VANETs

In safety‐critical scenarios, reliable reception of beacons transmitted by a subject vehicle is critical to avoid vehicle collision. According to the employed contention window sizes in IEEE 802.11p, beacons are transmitted with a small contention window size. As a result, multiple vehicles contend for the shared channel access by selecting the same back‐off slot. This is a perfect recipe for synchronous collisions wherein reliable beacon delivery cannot be guaranteed for any vehicle. We consider the problem of selecting the back‐off slots from the current contention window to provide reliable delivery of beacons transmitted by a subject vehicle to its neighbors. Given a safety scenario, we propose a Pseudo‐Random Number Generator (PRNG)‐inspired back‐off selection (PBS) technique. The proposed technique works on the hypothesis that synchronous collisions of beacons transmitted by a subject vehicle can be reduced if all its neighbors select different back‐off slots (ie, not the back‐off slot selected by the subject vehicle). The discrete‐event simulations demonstrate that PBS can increase the overall message reception from a subject vehicle, in comparison with the uniform random probability back‐off selection in IEEE 802.11p.     

A mobicast routing protocol with carry‐and‐forward in vehicular ad hoc networks

In vehicular networks, safety and comfort applications are two quite different kinds of applications to avoid the emergency traffic accident and enjoy the non‐emergency entertainment. The comfort application drives the challenges of new non‐emergency entertainments for vehicular ad hoc networks (VANETs). The comfort application usually keeps the delay‐tolerant capability; that is, messages initiated from a specific vehicle at time t can be delivered through VANETs to some vehicles within a given constrained delay time λ. In this paper, we investigate a new mobicast protocol to support comfort applications for a highway scenario in VANETs. All vehicles are located in a geographic zone (denoted as zone of relevance (ZOR)) at time t; the mobicast routing must disseminate the data message initiated from a specific vehicle to all vehicles that have ever appeared in ZOR at time t. This data dissemination must be performed before time t + λ through the carry‐and‐forward technique. In addition, the temporary network fragmentation problem is considered in our protocol design. Also, the low degree of channel utilization is kept to reserve the resource for safety applications. To illustrate the performance achievement, simulation results are examined in terms of message overhead, dissemination success rate, and accumulative packet delivery delay. Copyright © 2012 John Wiley & Sons, Ltd.     

A delay‐bounded routing protocol for vehicular ad hoc networks with traffic lights

In vehicular ad hoc networks, vehicles may use a routing protocol to inform emergent events, for example, car accidents or traffic jams. Hence, many of the researchers are focused on minimizing the end‐to‐end delay of the routing protocol. However, some applications, for example, email or ftp, are not time critical, and radio spectrum is a limited resource. Hence, delay‐bounded routing protocol, whose goal is to deliver messages to the destination within user‐defined delay and minimize the usage of radio, has become an important issue. The delay‐bounded routing protocols deliver message to the destination by the hybrid of data muling (carried by the vehicle) and forwarding (transmitted through radio). When the available time is enough, the message will be delivered by muling; otherwise, it will be delivered by forwarding. However, in an urban area, there are many traffic lights, which may greatly affect the performance of the delay‐bounded routing protocols. Existing works do not consider the effect of traffic lights, and hence, it may adopt an improper delivery strategy and thus wastes much available time. To improve previous works, we propose a novel delay‐bounded routing protocol, which has considered the effect of traffic lights. Whenever a vehicle passes an intersection, it will gather the information of the traffic light and traffic load of the next road section, and thus, it can make a more accurate prediction and adopt a more proper strategy to deliver message. Simulation results show that the proposed protocol can make a better usage of the available time and uses less radio resource to deliver the message in time. Copyright © 2013 John Wiley & Sons, Ltd.     

Linear regression‐based delay‐bounded routing protocols for VANETs

Routing protocols for vehicular ad hoc networks (VANETs) have attracted a lot of attention recently. Most of the researches emphasize on minimizing the end‐to‐end delay without paying attention to reducing the usage of radio. This paper focuses on delay‐bounded routing, whose goal is to deliver messages to the destination within user‐defined delay and to minimize the usage of radio because radio spectrum is a limited resource. The messages can be delivered to the destination by the hybrid of data muling (carried by the vehicle) and forwarding (transmitted through radio). In the existing protocol, a vehicle may only switch the delivery strategy (muling or forwarding) at an intersection according to the available time of the next road segment, which is between the current intersection and the next intersection. To improve previous works, our protocol uses linear regression to predict the available time and the traveling distance, and thus, the vehicle can switch to a proper delivery strategy at a proper moment and can reduce the number of relays by radio. Our protocol contains two schemes: the greedy and centralized schemes. The greedy scheme uses only the current sampling data to predict the available time and decide when to switch the delivery strategy, whereas the centralized scheme uses the global statistical information to choose a minimum‐cost path. Simulation results justify the efficiency of the proposed protocol. Copyright © 2011 John Wiley & Sons, Ltd.     

车载自组织网络中基于椭圆曲线零知识证明的匿名安全认证机制

依据车载自组织网络的特点,提出了一种基于椭圆曲线零知识证明的匿名安全认证机制,利用双向匿名认证算法避免消息收发双方交换签名证书,防止节点身份隐私在非安全信道上泄露;利用基于消息认证码的消息聚合算法,通过路边单元协助对消息进行批量认证,提高消息认证速度,避免高交通密度情形下大量消息因得不到及时认证而丢失。分析与仿真实验表明,该机制能实现车辆节点的隐私保护和可追踪性,确保消息的完整性。与已有车载网络匿名安全认证算法相比,该机制具有较小的消息延迟和消息丢失率,且通信开销较低。     

Sparsely‐deployed relay node assisted routing algorithm for vehicular ad hoc networks

In this paper, we study the issue of routing in a vehicular ad hoc network with the assistance of sparsely deployed auxiliary relay nodes at some road intersections in a city. In such a network, vehicles keep moving, and relay nodes are static. The purpose of introducing auxiliary relay nodes is to reduce the end‐to‐end packet delivery delay. We propose a sparsely deployed relay node assisted routing (SRR) algorithm, which differs from existing routing protocols on how routing decisions are made at road intersections where static relay nodes are available such that relay nodes can temporarily buffer a data packet if the packet is expected to meet a vehicle leading to a better route with high probability in certain time than the current vehicles. We further calculate the joint probability for such a case to happen on the basis of the local vehicle traffic distribution and also the turning probability at an intersection. The detailed procedure of the protocol is presented. The SRR protocol is easy to implement and requires little extra routing information. Simulation results show that SRR can achieve high performance in terms of end‐to‐end packet delivery latency and delivery ratio when compared with existing protocols. Copyright © 2013 John Wiley & Sons, Ltd.     

Hybrid seagull and thermal exchange optimization algorithm‐based NLOS nodes detection technique for enhancing reliability under data dissemination in VANETs

The reliability of data dissemination in vehicular ad hoc network (VANET) necessitates maximized cooperation between the vehicular nodes and the least degree of congestion. However, non‐line of sight (NLOS) nodes prevent the establishment and sustenance of connectivity between the vehicular nodes. In this paper, a hybrid seagull and thermal exchange optimization (TEO) algorithm‐based NLOS node detection technique is proposed for enhancing cooperative data dissemination in VANETs. It inherits three different versions of the proposed hybridized algorithm; three different approaches for localization of NLOS nodes depending upon its distance from the reference nodes are incorporated. It is considered as a reliable attempt in effective NLOS node localization as it is predominant in maintaining the balancing the degree of exploration and exploitation in the search process. In the first variant, the method of the roulette wheel is utilized for selecting one among the two optimization algorithm. In the second adoption, this hybridization algorithm combines TEO algorithm only after the iteration of SEOA algorithm. In the final adoption, the predominance of the seagull attack mode is enhanced by including the heat exchange formula of TEO algorithms for improving exploitation capability. The simulation experiments of the proposed HS‐TEO‐NLOS‐ND scheme conducted using EstiNet 8.1 exhibited its reliability in improving the emergency message delivery rate by 14.86%, a neighborhood awareness rate by 13%, and the channel utilization rate by 11.24%, compared to the benchmarked techniques under the evaluation done with different number of vehicular nodes and NLOS nodes in the network.     

Multifold node authentication in mobile ad hoc networks

An ad hoc network is a collection of nodes that do not need to rely on a predefined infrastructure to keep the network connected. Nodes communicate amongst each other using wireless radios and operate by following a peer‐to‐peer network model. In this article, we propose a multifold node authentication approach for protecting mobile ad hoc networks. The security requirements for protecting data link and network layers are identified and the design criteria for creating secure ad hoc networks using multiple authentication protocols are analysed. Such protocols, which are based on zero‐knowledge and challenge‐response techniques, are presented through proofs and simulation results. Copyright © 2007 John Wiley & Sons, Ltd.     

k‐strong privacy for radio frequency identification authentication protocols based on physically unclonable functions

This paper examines Vaudenay's privacy model, which is one of the first and most complete privacy models that featured the notion of different privacy classes. We enhance this model by introducing two new generic adversary classes, k‐strong and k‐forward adversaries where the adversary is allowed to corrupt a tag at most k times. Moreover, we introduce an extended privacy definition that also covers all privacy classes of Vaudenay's model. In order to achieve highest privacy level, we study low cost primitives such as physically unclonable functions (PUFs). The common assumption of PUFs is that their physical structure is destroyed once tampered. This is an ideal assumption because the tamper resistance depends on the ability of the attacker and the quality of the PUF circuits. In this paper, we have weakened this assumption by introducing a new definition k‐resistant PUFs. k‐PUFs are tamper resistant against at most k attacks; that is, their physical structure remains still functional and correct until at most k^th physical attack. Furthermore, we prove that strong privacy can be achieved without public‐key cryptography using k PUF‐based authentication. We finally prove that our extended proposal achieves both reader authentication and k‐strong privacy. Copyright © 2014 John Wiley & Sons, Ltd.     

Two‐factor authentication scheme using attribute and password

In this study, based on attribute and password, we introduce a new kind of two‐factor authentication protocol that has various applications such as anonymous authentication and privacy protection. Specifically, our proposal is constructed by introducing password authentication into the generic framework of attribute‐based authentication. Consequently, it not only achieves two‐factor authentication, but also enjoys the advantages of attribute authentication and password authentication simultaneously. Furthermore, to formally evaluate the security of the proposed protocol, we present the corresponding security model, within which the detailed security proof of the proposal is given. Copyright © 2014 John Wiley & Sons, Ltd.     

Secure multicast routing protocols in mobile ad‐hoc networks

A mobile ad‐hoc network (MANET) is a collection of autonomous nodes that communicate with each other by forming a multi‐hop radio network. Routing protocols in MANETs define how routes between source and destination nodes are established and maintained. Multicast routing provides a bandwidth‐efficient means for supporting group‐oriented applications. The increasing demand for such applications coupled with the inherent characteristics of MANETs (e.g., lack of infrastructure and node mobility) have made secure multicast routing a crucial yet challenging issue. Recently, several multicast routing protocols (MRP) have been proposed in MANETs. Depending on whether security is built‐in or added, MRP can be classified into two types: secure and security‐enhanced routing protocols, respectively. This paper presents a survey on secure and security‐enhanced MRP along with their security techniques and the types of attacks they can confront. A detailed comparison for the capability of the various routing protocols against some known attacks is also presented and analyzed. Copyright © 2013 John Wiley & Sons, Ltd.     

An adjusted K‐medoids clustering algorithm for effective stability in vehicular ad hoc networks

Recently, the routing problem in vehicular ad hoc networks is one of the most vital research. Despite the variety of the proposed approaches and the development of communications technologies, the routing problem in VANET suffers from the high speed of vehicles and the repetitive failures in communications. In this paper, we adjusted the well‐known K‐medoids clustering algorithm to improve the network stability and to increase the lifetime of all established links. First, the number of clusters and the initial cluster heads will not be selected randomly as usual, but based on mathematical formula considering the environment size and the available transmission ranges. Then the assignment of nodes to clusters in both k‐medoids phases will be carried out according to several metrics including direction, relative speed, and proximity. To the best of our knowledge, our proposed model is the first that introduces the new metric named “node disconnection frequency.” This metric prevents nodes with volatile and suspicious behavior to be elected as a new CH. This screening ensures that the new CH retains its property as long as possible and thus increases the network stability. Empirical results confirm that in addition to the convergence speed that characterizes our adjusted K‐medoids clustering algorithm (AKCA), the proposed model achieves more stability and robustness when compared with most recent approaches designed for the same objective.