智能车载自组织网络中匿名在线注册与安全认证协议

随着智能交通系统(ITS)的建立,车载自组织网络(VANETs)在提高交通安全和效率方面发挥着重要的作用。由于车载自组织网络具有开放性和脆弱性特点,容易遭受各种安全威胁与攻击,这将阻碍其广泛应用。针对当前车载自组织网络传输中数据的认证性与完整性,以及车辆身份的隐私保护需求,该文提出一种智能车载自组织网络中的匿名在线注册与安全认证协议。协议让智能车辆在公开信道以匿名的方式向交通系统可信中心(TA)在线注册。可信中心证实智能车辆的真实身份后,无需搭建安全信道,在开放网络中颁发用于安全认证的签名私钥。车辆可以匿名发送实时交通信息到附近路边基站单元(RSU),并得到有效认证与完整性检测。该协议使得可信中心可以有效追踪因发送伪造信息引起交通事故的匿名车辆。协议可以让路边基站单元同时对多个匿名车辆发送的交通信息进行批量认证。该协议做了详细的安全性分析和性能分析。性能比较结果表明,该协议在智能车辆端的计算开销以及在路边基站单元端的通信开销都具有明显优势,而且无需搭建安全信道就能够实现匿名在线注册,因此可以安全高效地部署在智能车载自组织网络环境。     

<Emphasis Type="Italic">EIAS-CP:</Emphasis> new efficient identity-based authentication scheme with conditional privacy-preserving for VANETs

In VANETs, vehicles broadcast traffic-related messages periodically according to Dedicated Short Range Communication protocol. To ensure the reliability and integrity of messages, authentication schemes are involved in VANETs. As traffic-related messages are time-sensitive, they must be verified and processed timely, or it may cause inestimable harm to the traffic system. However, the OBUs and the RSUs are limited in computation ability and cannot afford vast messages’ verification. Recently, some identity-based authentication schemes using bilinear pairing have been proposed to improve the efficiency of message verification for VANETs. Nevertheless, the bilinear pairing is not suited for VANETs due to its complex operations. The design of an efficient and secure authentication scheme with low computation cost for VANETs still is a rewarding challenge. To settle this challenge, a new efficient identity-based authentication scheme is proposed in this paper. The proposed scheme ensures reliability and integrity of messages and provides conditional privacy-preserving. Compared with the most recent proposed authentication schemes for VANETs, the computation costs of the message signing and verification in the proposed scheme reduce by 88 and 93 % respectively, while security analysis demonstrates that our proposed scheme satisfies all security and privacy requirements for VANETs.     

一种可证安全的车联网无证书聚合签名改进方案

车联网(VANETs)是组织车－X(X：车、路、行人及互联网等)之间的无线通信和信息交换的大型网络,是智慧城市重要组成部分。其消息认证算法的安全与效率对车联网至关重要。该文分析王大星等人的VANETs消息认证方案的安全不足,并提出一种改进的可证安全的无证书聚合签名方案。该文方案利用椭圆曲线密码构建了一个改进的安全无证书聚合认证方案。该方案降低了密码运算过程中的复杂性,同时实现条件隐私保护功能。严格安全分析证明该文方案满足VANETs的安全需求。性能分析表明该文方案相比王大星等人方案,较大幅度地降低了消息签名、单一验证以及聚合验证算法的计算开销,同时也减少了通信开销。

     

Secure and distributed certification system architecture for safety message authentication in VANET

Vehicular Ad hoc NETworks (VANETs) are a burgeoning research focus, aimed at creating communication among vehicles to improve the road safety and enhance driving conditions. For such networks, security is one of the most challenging issues due to their nature of wireless transmission and high topology changing frequency. In this paper, we propose a secure and distributed certification system architecture for safety message authentication in VANET, which resists against false public-key certification. To increase the availability of the authentication service, our proposal is designed through a decentralized system, supervised by a root authority. The latter authority delegates to a set of regional certification authorities the privilege of issuing public-key certificates to the vehicles. Each regional certification authority cooperates with its subordinates RSUs to sign public-key certificates using threshold signature. The main purpose of our solution is to ensure the messages authentication while respecting the imposed constraints by the real-time aspect and the nodes mobility. We demonstrate through the practical analysis and simulation results the efficiency of our solution with comparison to other concurrent protocols.     

新的基于变色龙的车载通信安全与隐私保护

在车载自组网（VANET）中许多服务和应用需要保护数据通信的安全,为提高驾驶的安全性和舒适性,一些与交通状况有关的信息就要被周期性地广播并分享给司机,如果用户的身份和信息没有隐私和安全的保证,攻击者就会通过收集和分析交通信息追踪他们感兴趣的车辆,因此,匿名消息身份验证是VANET中不可或缺的要求。另一方面,当车辆参与纠纷事件时,证书颁发机构能够恢复车辆的真实身份。为解决车载通信这一问题,郭等人在传统方案的基础上提出一种基于椭圆曲线的变色龙散列的隐私保护验证协议。虽然此方案较之前方案具有车辆身份可追踪性和高效率性,但分析表明此方案不满足匿名性。对郭等人的方案进行安全性分析并在此基础上做出改进。     

Privacy‐preserving authentication schemes for vehicular ad hoc networks: a survey

Vehicular ad hoc networks (VANETs) are expected in improving road safety and traffic conditions, in which security is essential. In VANETs, the authentication of the vehicular access control is a crucial security service for both inter‐vehicle and vehicle–roadside unit communications. Meanwhile, vehicles also have to be prevented from the misuse of the private information and the attacks on their privacy. There is a number of research work focusing on providing the anonymous authentication with preserved privacy in VANETs. In this paper, we specifically provide a survey on the privacy‐preserving authentication (PPA) schemes proposed for VANETs. We investigate and categorize the existing PPA schemes by their key cryptographies for authentication and the mechanisms for privacy preservation. We also provide a comparative study/summary of the advantages and disadvantages of the existing PPA schemes. Lastly, the open issues and future objectives are identified for PPA in VANETs. Copyright © 2014 John Wiley & Sons, Ltd.     

车联网中可证安全的分布式匿名高效边缘认证协议

针对当前车联网(IoV)中的分布式认证协议直接依赖于半可信路边单元(RSU)的问题,该文提出一种新的分布式认证模型。该模型中的RSU通过3阶段广播自发建立边缘认证区,利用区域内的RSU同步保存车辆的认证记录,RSU可以通过校验节点同步保存的认证记录来防止恶意RSU的异常认证行为。然后,利用切比雪夫混沌映射设计了IoV中的分布式匿名认证协议,通过车辆发送消息不直接携带身份信息的方式来避免假名机制所带来的存储负担。最后,利用随机预言机对协议安全性进行了证明。仿真结果表明所提方案具有更低的认证时延和通信成本。     

A Privacy-Preserving Location Assurance Protocol for Location-Aware Services in VANETs

A location-aware service on a vehicular ad hoc networks (VANETs) is to provide services that distribute on-demand information for a certain geographic area of interest by taking advantage of vehicular communications. In this paper, we propose a secure and location assurance protocol in order to guarantee privacy preservation in vehicular communications and trustworthiness of location-aware services over VANETs. The proposed protocol enables a message verifier to have confidence that the location-aware information was responded from the vehicles passing through the target location area of interest without violating location privacy of the responders. To achieve our security objectives, we consider a pseudonym-based privacy-preserving authentication and a hierarchical identity-based cryptographic scheme. Furthermore, we demonstrate experimental results to confirm the efficiency and effectiveness of the proposed protocol.     

A Secure Ambulance Communication Protocol for VANET

Vehicular ad hoc networks (VANETs) have been a research focus in recent years. VANET’s main applications are enhancing road safety and reducing traffic accidents. Moreover, the VANET system can also reduce the time it takes for emergency vehicles to arrive at the accident location. The security of the transmission messages is of utmost importance, and to protect the transmission messages we propose a secure ambulance communication protocol for VANET to ensure that messages will not be revealed or stolen. The proposed scheme combines symmetric encryption, message authentication codes and digital signature mechanisms, and thereby achieves non-repudiation, availability, integrity, confidentiality, mutual authentication, session key security, known-key security and the ability to prevent known attacks. Finally, with NS2 simulation results that are based on realistic vehicle density statistics and the Taipei city road map, we argue that our secure ambulance communication protocol is effective in real VANET scenarios.     

Optimal solution for malicious node detection and prevention using hybrid chaotic particle dragonfly swarm algorithm in VANETs

Vehicular ad hoc networks (VANETs) have the ability to make changes in travelling and driving mode of people and so on, in which vehicle can broadcast and forward the message related to emergency or present road condition. The safety and efficiency of modern transportation system is highly improved using VANETs. However, the vehicular communication performance is weakened with the sudden emergence of distributed denial of service (DDoS) attacks. Among other attacks, DDoS attack is the fastest attack degrading the VANETs performance due to its node mobility nature. Also, the attackers (cyber terrorists, politicians, etc.) have now considered the DDoS attack as a network service degradation weapon. In current trend, there is a quick need for mitigation and prevention of DDoS attacks in the exploration field. To resolve the conflict of privacy preservation, we propose a fast and secure HCPDS based framework for DDoS attack detection and prevention in VANETs. The Road Side Units (RSUs) have used HCPDS algorithm to evaluate the fitness values of all vehicles. This evaluation process is done for effective detection of spoofing and misbehaving nodes by comparing the obtained fitness value with the statistical information (packet factors, RSU zone, and vehicle dynamics) gathered from the vehicles. The credentials of all worst nodes are cancelled to avoid further communication with other vehicles. In HCPDS algorithm, the PSO updation strategy is added to Dragon fly algorithm to improve the search space. In addition, Chaos theory is applied to tune the parameters of proposed HCPDS algorithm. From the experimental results, it proved that the HCPDS based proposed approach can efficiently meet the requirements of security and privacy in VANETs.

     

Dynamic anonymous identity authentication (DAIA) scheme for VANET

With the development of the vehicular ad hoc network, the security and privacy are now becoming vital concerns, especially when the attacker owns more and more resources. In order to address these concerns, a dynamic anonymous identity authentication scheme is proposed using Elliptic Curve Discrete Logarithm Problem and blockchain method, which guarantees the security and fast off‐line authentication for vehicle‐to‐infrastructure. Specifically, a dynamic pseudonym key is generated using tamper proof device (TPD) for off‐line authentication and anonymity when a vehicle roams among different roadside units' (RSUs) communication ranges. Even if all RSUs are compromised, vehicle's identity is still privacy. Moreover, two additional design goals are more suitable for the practical environment: (1) the reduced assumption of TPD; (2) certification authority can trace vehicle under the authorization by law.     

A roadside unit‐based localization scheme for vehicular ad hoc networks

Vehicular Ad Hoc Networks (VANETs), designed to ensure the safety and comfort of passengers via the exchange of information amongst nearby vehicles or between the vehicles and Roadside Units (RSUs), have attracted particular attention. However, the success of many VANET applications depends on their ability to estimate the vehicle position with a high degree of precision, and thus, many vehicle localization schemes have been proposed. Many of these schemes are based on vehicle‐mounted Global Positioning System (GPS) receivers. However, the GPS signals are easily disturbed or obstructed. Although this problem can be resolved by vehicle‐to‐vehicle communication schemes, such schemes are effective only in VANETs with a high traffic density. Accordingly, this paper presents a VANET localization scheme in which each vehicle estimates its location on the basis of beacon messages broadcast periodically by pairs of RSUs deployed on either side of the road. In addition, three enhancements to the proposed scheme are presented for the RSU deployment, RSU beacon collisions, and RSU failures. Overall, the ns‐2 simulation results show that the localization scheme achieves a lower localization error than existing solutions on the basis of vehicle‐to‐vehicle communications and is robust toward changes in the traffic density and the vehicle speed. Copyright © 2012 John Wiley & Sons, Ltd.     

Efficient and Secure Authentication Scheme with Conditional Privacy-Preserving for VANETs

The goal of authentication scheme for Vehicular ad hoc networks (VANETs) is to ensure reliability and integrity of message.Due to the timeliness of traffic-related messages and the highly dynamic nature of VANETs,it still is a challenge to solve the three key issues simultaneously,i.e.security,efficiency and conditional privacy-preserving,on the design of authentication scheme for VANETs.To address this challenge,an efficient Conditional privacy-preserving authentication (CPPA) scheme is proposed in this paper.Compared with the most recent proposed CPPA schemes,our proposed scheme markedly decreases the computation costs of the message-signing phase and the message verification phase,while satisfies all security requirements of VANETs and provides conditional privacy-preserving.     

An efficient voting based decentralized revocation protocol for vehicular ad hoc networks

Vehicular Ad-hoc NETworks (VANETs) enable cooperative behaviors in vehicular environments and are seen as an integral component of Intelligent Transportation Systems (ITSs). The security of VANETs is crucial for their successful deployment and widespread adoption. A critical aspect of preserving the security and privacy of VANETs is the efficient revocation of the ability of misbehaving or malicious vehicles to participate in the network. This is usually achieved by revoking the validity of the digital certificates of the offending nodes and by maintaining and distributing an accurate Certificate Revocation List (CRL). The immediate revocation of misbehaving vehicles is of prime importance for the safety of other vehicles and users. In this paper, we present a decentralized revocation approach based on Shamir’s secret sharing to revoke misbehaving vehicles with very low delays. Besides enhancing VANETs’ security, our proposed protocol limits the size of the revocation list to the number of the revoked vehicles. Consequently, the authentication process is more efficient, and the communication overhead is reduced. We experimentally evaluate our protocol to demonstrate that it provides a reliable solution to the scalability, efficiency and security of VANETs.     

A new type of blockchain for secure message exchange in VANET

In the Vehicular Ad-hoc NETworks (VANET), the collection and dissemination of life-threatening traffic event information by vehicles are of utmost importance. However, traditional VANETs face several security issues. We propose a new type of blockchain to resolve critical message dissemination issues in the VANET. We create a local blockchain for real-world event message exchange among vehicles within the boundary of a country, which is a new type of blockchain suitable for the VANET. We present a public blockchain that stores the node trustworthiness and message trustworthiness in a distributed ledger that is appropriate for secure message dissemination.     

Conditional privacy protection authentication scheme based on bilinear pairings for VANET

To solve the problem of security and efficiency of anonymous authentication in the vehicle Ad-hoc network（VANET）, a conditional privacy protection authentication scheme for vehicular networks is proposed based on bilinear pairings. In this scheme, the tamper-proof device in the roadside unit (RSU) is used to complete the message signature and authentication process together with the vehicle, which makes it more secure to communicate between RSU and trusted authority (TA) and faster to update system parameters and revoke the vehicle. And this is also cheaper than installing tamper-proof devices in each vehicle unit. Moreover, the scheme provide provable security proof under random oracle model (ROM), which shows that the proposed scheme can meet the security requirements such as conditional privacy, unforgeability, traceability etc. And the results of simulation experiment demonstrate that this scheme not only of achieves high efficiency, but also has low message loss rate.     

A lightweight anonymous two‐factor authentication protocol for wireless sensor networks in Internet of Vehicles

Internet of Vehicles (IoV), as the next generation of transportation systems, tries to make highway and public transportation more secure than used to be. In this system, users use public channels for their communication so they can be the victims of passive or active attacks. Therefore, a secure authentication protocol is essential for IoV; consequently, many protocols are presented to provide secure authentication for IoV. In 2018, Yu et al proposed a secure authentication protocol for WSNs in vehicular communications and claimed that their protocol could satisfy all crucial security features of a secure authentication protocol. Unfortunately, we found that their protocol is susceptible to sensor capture attack, user traceability attack, user impersonation attack, and offline sink node's secret key guessing attack. In this paper, we propose a new authentication protocol for IoV which can solve the weaknesses of Yu et al's protocol. Our protocol not only provides anonymous user registration phase and revocation smart card phase but also uses the biometric template in place of the password. We use both Burrow‐Abadi‐Needham (BAN) logic and real‐or‐random (ROR) model to present the formal analysis of our protocol. Finally, we compare our protocol with other existing related protocols in terms of security features and computation overhead. The results prove that our protocol can provide more security features and it is usable for IoV system.     

Secure Authentication Schemes for Vehicular Adhoc Networks: A Survey

Vehicular Adhoc Network (VANET) is based on the principles of Mobile Adhoc NETwork (MANET) where vehicles are considered as nodes and secure communication is established to provide a safe driving experience. Due to its unique characteristics, it has various issues and challenges. These issues can be resolved by ensuring security requirements like authentication, privacy preservation, message integrity, non-repudiation, linkability, availability etc. Authentication plays a vital role since it is the first step to establish secure communication in the vehicular network. It also distinguishes malicious vehicles from legitimate vehicles. Different authentication schemes have been proposed to establish secure vehicular communications. A survey of the existing authentication schemes is given in this paper. At first, the existing authentication schemes are broadly classified based on message signing and verification methods. Then, each category is clearly explained with its sub-categories. At last, the existing schemes in each category are compared based on security requirements, security attacks and performance parameters.

     

An enhanced secure delegation-based anonymous authentication protocol for PCSs

Rapid development of wireless networks brings about many security problems in portable communication systems (PCSs), which can provide mobile users with an opportunity to enjoy global roaming services. In this regard, designing a secure user authentication scheme, especially for recognizing legal roaming users, is indeed a challenging task. It is noticed that there is no delegation-based protocol for PCSs, which can guarantee anonymity, untraceability, perfect forward secrecy, and resistance of denial-of-service (DoS) attack. Therefore, in this article, we put forward a novel delegation-based anonymous and untraceable authentication protocol, which can guarantee to resolve all the abovementioned security issues and hence offer a solution for secure communications for PCSs.     

车联网环境下无证书匿名认证方案

通过信息共享,车联网(IoV)为车辆提供各种应用,以提高道路安全和交通效率。然而,车辆之间的公开通信导致了车辆隐私泄露和各种攻击。因而,安全且保护隐私的信息共享方法是非常必要的,并且对车辆间通信的安全性和保密性提出了更高的要求,所以该文提出了一种支持批量验证的非线性对的无证书匿名认证方案。在该方案中,首先,采用无证书签名机制避免了证书管理和密钥托管问题;其次结合区域管理局生成的长期伪身份和自己生成的短期伪身份保证车辆的强匿名性和签名的新鲜性,避免路侧单元计算伪身份造成的身份泄露和时延;再次,采用无对的聚合签名提供批验证,减少车联网环境中路侧单元的计算量;最后,当发生恶意事件时,区域管理局可以追踪车辆的真实身份并由可信中心撤销该用户。安全性证明和分析表明,该方案具有高的安全性,并满足完整性、可追踪性、匿名性、可撤销性等安全要求。将该方案与现有的方案进行了比较,效率分析表明该方案更有效。