Privacy‐preserving authentication schemes for vehicular ad hoc networks: a survey

Vehicular ad hoc networks (VANETs) are expected in improving road safety and traffic conditions, in which security is essential. In VANETs, the authentication of the vehicular access control is a crucial security service for both inter‐vehicle and vehicle–roadside unit communications. Meanwhile, vehicles also have to be prevented from the misuse of the private information and the attacks on their privacy. There is a number of research work focusing on providing the anonymous authentication with preserved privacy in VANETs. In this paper, we specifically provide a survey on the privacy‐preserving authentication (PPA) schemes proposed for VANETs. We investigate and categorize the existing PPA schemes by their key cryptographies for authentication and the mechanisms for privacy preservation. We also provide a comparative study/summary of the advantages and disadvantages of the existing PPA schemes. Lastly, the open issues and future objectives are identified for PPA in VANETs. Copyright © 2014 John Wiley & Sons, Ltd.     

An efficient voting based decentralized revocation protocol for vehicular ad hoc networks

Vehicular Ad-hoc NETworks (VANETs) enable cooperative behaviors in vehicular environments and are seen as an integral component of Intelligent Transportation Systems (ITSs). The security of VANETs is crucial for their successful deployment and widespread adoption. A critical aspect of preserving the security and privacy of VANETs is the efficient revocation of the ability of misbehaving or malicious vehicles to participate in the network. This is usually achieved by revoking the validity of the digital certificates of the offending nodes and by maintaining and distributing an accurate Certificate Revocation List (CRL). The immediate revocation of misbehaving vehicles is of prime importance for the safety of other vehicles and users. In this paper, we present a decentralized revocation approach based on Shamir’s secret sharing to revoke misbehaving vehicles with very low delays. Besides enhancing VANETs’ security, our proposed protocol limits the size of the revocation list to the number of the revoked vehicles. Consequently, the authentication process is more efficient, and the communication overhead is reduced. We experimentally evaluate our protocol to demonstrate that it provides a reliable solution to the scalability, efficiency and security of VANETs.     

Review on Identity-Based Batch Verification Schemes for Security and Privacy in VANETs

The study of vehicular ad-hoc networks (VANETs) has received significant attention among academia; even so, its security and privacy still become a central issue that is wide-open to discuss. The authentication schemes deployed in VANETs have a substantial impact on its security and privacy. Many researchers have proposed a variety of schemes related to the information verification and efficiency improvement in VANETs. In recent years, many papers have proposed identity-based batch verification (IBV) schemes in regard to diminishing overhead in the message verification process in VANETs. This survey begins with providing background information about VANETs and clarifying its security and privacy, as well as performance requirements that must be satisfied. After presenting an outlook of some relevant surveys of VANETs, a brief review of some IBV schemes published in recent years is conferred. The detailed approach of each scheme, with a comprehensive comparison between them, has been provided afterward. Finally, we summarize those recent studies and possible future improvements.     

Optimal solution for malicious node detection and prevention using hybrid chaotic particle dragonfly swarm algorithm in VANETs

Vehicular ad hoc networks (VANETs) have the ability to make changes in travelling and driving mode of people and so on, in which vehicle can broadcast and forward the message related to emergency or present road condition. The safety and efficiency of modern transportation system is highly improved using VANETs. However, the vehicular communication performance is weakened with the sudden emergence of distributed denial of service (DDoS) attacks. Among other attacks, DDoS attack is the fastest attack degrading the VANETs performance due to its node mobility nature. Also, the attackers (cyber terrorists, politicians, etc.) have now considered the DDoS attack as a network service degradation weapon. In current trend, there is a quick need for mitigation and prevention of DDoS attacks in the exploration field. To resolve the conflict of privacy preservation, we propose a fast and secure HCPDS based framework for DDoS attack detection and prevention in VANETs. The Road Side Units (RSUs) have used HCPDS algorithm to evaluate the fitness values of all vehicles. This evaluation process is done for effective detection of spoofing and misbehaving nodes by comparing the obtained fitness value with the statistical information (packet factors, RSU zone, and vehicle dynamics) gathered from the vehicles. The credentials of all worst nodes are cancelled to avoid further communication with other vehicles. In HCPDS algorithm, the PSO updation strategy is added to Dragon fly algorithm to improve the search space. In addition, Chaos theory is applied to tune the parameters of proposed HCPDS algorithm. From the experimental results, it proved that the HCPDS based proposed approach can efficiently meet the requirements of security and privacy in VANETs.

     

Efficient Privacy-Preserving Anonymous Authentication Protocol for Vehicular Ad-Hoc Networks

Vehicular ad-hoc network (VANET) has been considered as one of the most promising wireless sensor technologies, which could enhance driving convenience and traffic efficiency through real-time information interaction. Nevertheless, emerging security issues (e.g., confidentiality, integrity, identity privacy, message authentication) will hinder the widespread deployment of VANETs. To address these issues, in this paper, we propose an efficient privacy-preserving anonymous authentication protocol for VANETs. We first design an identity-based signature algorithm, and exploit it with an account information of a vehicle to propose our anonymous authentication protocol. The protocol enables each vehicle to anonymously send an authenticated message to nearby roadside units (RSUs) in a confidential way, and efficiently check the feedback information from nearby RSUs. Simultaneously, the protocol achieves key-exchange functionality, which could produce a session key for later secure communication between vehicles and RSUs. Finally, we give the security analysis of the proposed protocol and conduct a comprehensive performance evaluation, the results demonstrate its feasibility in the secure deployment of VANETs.

     

一种可证安全的车联网无证书聚合签名改进方案

车联网(VANETs)是组织车－X(X：车、路、行人及互联网等)之间的无线通信和信息交换的大型网络,是智慧城市重要组成部分。其消息认证算法的安全与效率对车联网至关重要。该文分析王大星等人的VANETs消息认证方案的安全不足,并提出一种改进的可证安全的无证书聚合签名方案。该文方案利用椭圆曲线密码构建了一个改进的安全无证书聚合认证方案。该方案降低了密码运算过程中的复杂性,同时实现条件隐私保护功能。严格安全分析证明该文方案满足VANETs的安全需求。性能分析表明该文方案相比王大星等人方案,较大幅度地降低了消息签名、单一验证以及聚合验证算法的计算开销,同时也减少了通信开销。

     

Wireless Location Privacy Protection in Vehicular Ad-Hoc Networks

Advances in mobile networks and positioning technologies have made location information a valuable asset in vehicular ad-hoc networks (VANETs). However, the availability of such information must be weighted against the potential for abuse. In this paper, we investigate the problem of alleviating unauthorized tracking of target vehicles by adversaries in VANETs. We propose a vehicle density-based location privacy (DLP) scheme which can provide location privacy by utilizing the neighboring vehicle density as a threshold to change the pseudonyms. We derive the delay distribution and the average total delay of a vehicle within a density zone. Given the delay information, an adversary may still be available to track the target vehicle by some selection rules. We investigate the effectiveness of DLP based on extensive simulation study. Simulation results show that the probability of successful location tracking of a target vehicle by an adversary is inversely proportional to both the traffic arrival rate and the variance of vehicles’ speed. Our proposed DLP scheme also has a better performance than both Mix-Zone scheme and AMOEBA with random silent period.     

Privacy Addressing-Based Anonymous Communication for Vehicular Ad Hoc Networks

Vehicle ad-hoc network (VANET) technology is a basic component of the future intelligent transportation system. With the advances in modern information society, privacy issues have become important considerations. However, most routing proposals for VANETs lack privacy support, namely anonymity or pseudonymity and unlinkability aspects. This paper presents a novel privacy addressing-based anonymous communication approach for VANETs, which prevents eavesdroppers from identifying a particular vehicle by its address. The proposed scheme is a kind of end-to-end solution, so it can potentially be extended to work with many traditional routing protocols. Finally, the simulation results show that the proposed scheme outperforms previous approaches with privacy support in terms of protocol overhead and packet latency.     

Trust based authentication technique for cluster based vehicular ad hoc networks (VANET)

Since Vehicular ad hoc networks (VANETs) are vulnerable to various kinds of attacks, there is a need to fulfill the security requirements like message privacy, integrity, and authentication. The authentication technique is said to be efficient if it detects compromised nodes accurately with less complexity, reduced authentication delay, and keying overhead. In this paper, a trust-based authentication scheme for cluster-based VANETs is proposed. The vehicles are clustered, and the trust degree of each node is estimated. The trust degree is a combination of direct trust degree and indirect trust degree. Based on this estimated trust degree, cluster heads are selected. Then, each vehicle is monitored by a set of verifiers, and the messages are digitally signed by the sender and encrypted using a public/ private key as distributed by a trusted authority and decrypted by the destination. This verifies the identity of sender as well as receiver thus providing authentication to the scheme. By simulation results, we prove that the proposed technique provides high security with less overhead and delay.     

SafeAnon: a safe location privacy scheme for vehicular networks

In most safety applications within vehicle ad-hoc networks (VANETs), vehicles need to periodically broadcast messages with information of their precise positions to others. These broadcast messages, however, make it easy to track vehicles and will likely lead to violations of personal privacy. Unfortunately, most of the current location privacy enhancement methodologies in VANETs suffer some shortcomings and do not take driving safety into consideration. In this paper, we propose a safe distance based location privacy scheme called SafeAnon, which can significantly enhance location privacy as well as traffic safety. By simulating vehicular mobility in a cropped Manhattan map, we evaluate the performance of the proposed scheme under various conditions. The mean entropy, warning broadcast ratio, and mean silent period of SafeAnon scheme are increasing 58%, 281%, and 50% respectively than the random silent period (RSP) scheme. The total broadcast ratio is also 33% less than that in the RSP scheme.     

A Privacy-Preserving Location Assurance Protocol for Location-Aware Services in VANETs

A location-aware service on a vehicular ad hoc networks (VANETs) is to provide services that distribute on-demand information for a certain geographic area of interest by taking advantage of vehicular communications. In this paper, we propose a secure and location assurance protocol in order to guarantee privacy preservation in vehicular communications and trustworthiness of location-aware services over VANETs. The proposed protocol enables a message verifier to have confidence that the location-aware information was responded from the vehicles passing through the target location area of interest without violating location privacy of the responders. To achieve our security objectives, we consider a pseudonym-based privacy-preserving authentication and a hierarchical identity-based cryptographic scheme. Furthermore, we demonstrate experimental results to confirm the efficiency and effectiveness of the proposed protocol.     

车载网中可证安全的无证书聚合签名算法

为了实现车载自组织网络中车辆节点之间信息传输的安全认证,该文设计了一种无证书聚合签名方案。提出的方案采用无证书密码体制,消除了复杂的证书维护成本,同时也解决了密钥托管问题。通过路侧单元生成的假名与周围节点进行通信,实现了车辆用户的条件隐私保护。在随机预言模型下,证明了方案满足自适应选择消息攻击下的存在性不可伪造。然后,分析了方案的实现效率,并模拟实现了车载自组网(VANET)环境中车流密度与消息验证的时间延迟之间的关系。结果表明,该方案满足消息的认证性、匿名性、不可伪造性和可追踪性等性质,并且通信效率高、消息验证的时延短,更适合于动态的车载自组织网络环境。     

<Emphasis Type="Italic">EIAS-CP:</Emphasis> new efficient identity-based authentication scheme with conditional privacy-preserving for VANETs

In VANETs, vehicles broadcast traffic-related messages periodically according to Dedicated Short Range Communication protocol. To ensure the reliability and integrity of messages, authentication schemes are involved in VANETs. As traffic-related messages are time-sensitive, they must be verified and processed timely, or it may cause inestimable harm to the traffic system. However, the OBUs and the RSUs are limited in computation ability and cannot afford vast messages’ verification. Recently, some identity-based authentication schemes using bilinear pairing have been proposed to improve the efficiency of message verification for VANETs. Nevertheless, the bilinear pairing is not suited for VANETs due to its complex operations. The design of an efficient and secure authentication scheme with low computation cost for VANETs still is a rewarding challenge. To settle this challenge, a new efficient identity-based authentication scheme is proposed in this paper. The proposed scheme ensures reliability and integrity of messages and provides conditional privacy-preserving. Compared with the most recent proposed authentication schemes for VANETs, the computation costs of the message signing and verification in the proposed scheme reduce by 88 and 93 % respectively, while security analysis demonstrates that our proposed scheme satisfies all security and privacy requirements for VANETs.     

智能车载自组织网络中匿名在线注册与安全认证协议

随着智能交通系统(ITS)的建立,车载自组织网络(VANETs)在提高交通安全和效率方面发挥着重要的作用。由于车载自组织网络具有开放性和脆弱性特点,容易遭受各种安全威胁与攻击,这将阻碍其广泛应用。针对当前车载自组织网络传输中数据的认证性与完整性,以及车辆身份的隐私保护需求,该文提出一种智能车载自组织网络中的匿名在线注册与安全认证协议。协议让智能车辆在公开信道以匿名的方式向交通系统可信中心(TA)在线注册。可信中心证实智能车辆的真实身份后,无需搭建安全信道,在开放网络中颁发用于安全认证的签名私钥。车辆可以匿名发送实时交通信息到附近路边基站单元(RSU),并得到有效认证与完整性检测。该协议使得可信中心可以有效追踪因发送伪造信息引起交通事故的匿名车辆。协议可以让路边基站单元同时对多个匿名车辆发送的交通信息进行批量认证。该协议做了详细的安全性分析和性能分析。性能比较结果表明,该协议在智能车辆端的计算开销以及在路边基站单元端的通信开销都具有明显优势,而且无需搭建安全信道就能够实现匿名在线注册,因此可以安全高效地部署在智能车载自组织网络环境。     

A secure mutual authentication scheme with non‐repudiation for vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) have been a research focus in recent years. VANETs are not only used to enhance the road safety and reduce the traffic accidents earlier but also conducted more researches in network value‐added service. As a result, the security requirements of vehicle communication are given more attention. In order to prevent the security threat of VANETs, the security requirements, such as the message integrity, availability, and confidentiality are needed to be guaranteed further. Therefore, a secured and efficient verification scheme for VANETs is proposed to satisfy these requirements and reduce the computational cost by combining the asymmetric and symmetric cryptology, certificate, digital signature, and session key update mechanism. In addition, our proposed scheme can resist malicious attacks or prevent illegal users' access via security and performance analysis. In summary, the proposed scheme is proved to achieve the requirements of resist known attacks, non‐repudiation, authentication, availability, integrity, and confidentiality. Copyright © 2015 John Wiley & Sons, Ltd.     

Using discriminant analysis to detect intrusions in external communication for self-driving vehicles

Security systems are a necessity for the deployment of smart vehicles in our society. Security in vehicular ad hoc networks is crucial to the reliable exchange of information and control data. In this paper, we propose an intelligent Intrusion Detection System (IDS) to protect the external communication of self-driving and semi self-driving vehicles. This technology has the ability to detect Denial of Service (DoS) and black hole attacks on vehicular ad hoc networks (VANETs). The advantage of the proposed IDS over existing security systems is that it detects attacks before they causes significant damage. The intrusion prediction technique is based on Linear Discriminant Analysis (LDA) and Quadratic Discriminant Analysis (QDA) which are used to predict attacks based on observed vehicle behavior. We perform simulations using Network Simulator 2 to demonstrate that the IDS achieves a low rate of false alarms and high accuracy in detection.     

Conditional privacy protection authentication scheme based on bilinear pairings for VANET

To solve the problem of security and efficiency of anonymous authentication in the vehicle Ad-hoc network（VANET）, a conditional privacy protection authentication scheme for vehicular networks is proposed based on bilinear pairings. In this scheme, the tamper-proof device in the roadside unit (RSU) is used to complete the message signature and authentication process together with the vehicle, which makes it more secure to communicate between RSU and trusted authority (TA) and faster to update system parameters and revoke the vehicle. And this is also cheaper than installing tamper-proof devices in each vehicle unit. Moreover, the scheme provide provable security proof under random oracle model (ROM), which shows that the proposed scheme can meet the security requirements such as conditional privacy, unforgeability, traceability etc. And the results of simulation experiment demonstrate that this scheme not only of achieves high efficiency, but also has low message loss rate.     

An Improved Privacy-Aware Handoff Authentication Protocol for VANETs

Vehicles handover from one road-side unit to another is a common phenomenon in vehicular ad-hoc networks (VANETs). Authenticating vehicles effectively is the key to success of VANETs. Li and Liu et al. proposed a lightweight identity authentication protocol (LIAP) for VANTEs recently, which is based on the concept of dynamic session secret process instead of conventional cryptographic schemes. LIAP possesses many advantages of againsting major existing attacks and performing well at efficiency and low consumption. However, we have demonstrated that the protocol LIAP doesn’t provide user location privacy protection and the resistance of parallel session attack is weak. Therefore, to enhance security of the protocol LIAP, we concatenate the terminal’s pseudo-identity with a random number, then encrypt the connected information by using quadratic residues operation, the generated dynamic identity can against the user location tracking attack. Furthermore, in order to against the parallel session attack during the handover procedure, a new road side unit regenerated a new session secret sequence and computed a challenge sequence with the terminal user’s pseudo-identity through XOR encryption. Through security analysis and experiments, our scheme has higher efficiency and better performance to be applicable to VANETS compared with other existing schemes.     

Unified security architecture and protocols using third party identity in V2V and V2I networks

VANETs have been developed to improve the safety and efficiency of transportation systems (V2V communications) and to enable various mobile services for the traveling public (V2I communications). For VANET technologies to be widely available, security issues concerning several essential requirements should be addressed. The existing security architectures and mechanisms have been studied separately in V2V and V2I networks, which results in duplicated efforts, security modules, and more complex security architectures. In this paper, we propose a unified security architecture and its corresponding security protocols that achieve essential security requirements such as authentication, conditional privacy, non‐repudiation, and confidentiality. To the best of our knowledge, this paper is the first study that deals with the security protocol in V2V as well as the handover authentication in V2I communications. Our proposal is characterized by a low‐complexity security framework, owing to the design and unification of the security architectures and modules. Furthermore, the evaluation of the proposed protocols proves them to be more secure and efficient than existing schemes. Copyright © 2010 John Wiley & Sons, Ltd.     

基于票据的车联网安全和隐私保护方案

随着车联网的发展,车辆通信将在提高行车安全,驾驶效率和舒适度方面发挥重要作用。车辆将访问多种应用,考虑到现有行车安全应用面临的严峻威胁,加之对用户验证、授权和计费的需求,攻击防护安全对于车载自组网来说尤为重要。在车辆使用基于位置的服务或行车安全服务时,攻击者可能会窃听通信内容,获取用户身份信息和位置隐私。为了提高车载自组织网安全,提出了一种采用分布式车辆公钥基础设施(VPKI)对车辆通信安全、位置隐私和身份匿名进行保护的方案。该方案采用票据为应用服务提供匿名访问控制和认证,并且可以解析和撤销不法车辆身份。最后,通过实验分析方案的效率来证明VPKI的可实施性。