车载自组织网络中基于椭圆曲线零知识证明的匿名安全认证机制

依据车载自组织网络的特点,提出了一种基于椭圆曲线零知识证明的匿名安全认证机制,利用双向匿名认证算法避免消息收发双方交换签名证书,防止节点身份隐私在非安全信道上泄露;利用基于消息认证码的消息聚合算法,通过路边单元协助对消息进行批量认证,提高消息认证速度,避免高交通密度情形下大量消息因得不到及时认证而丢失。分析与仿真实验表明,该机制能实现车辆节点的隐私保护和可追踪性,确保消息的完整性。与已有车载网络匿名安全认证算法相比,该机制具有较小的消息延迟和消息丢失率,且通信开销较低。     

分布式智能车载网联系统的匿名认证与密钥协商协议

智能车载网联系统作为智慧城市建设的重要组成部分,近年来受到学术界与工业界越来越多的关注。智能车载网联系统中提升了智能车辆的行驶安全性与出行效率,但在开放的环境下数据传输容易被截取,造成敏感信息泄漏。因此需要实现匿名认证并且协商正确的会话密钥,来确保智能车载网联系统敏感信息的安全。该文提出面向分布式智能车载网联系统架构的匿名认证与密钥协商协议。该协议基于中国剩余定理秘密分享技术来保护认证标识符,智能车辆能够以线性的计算开销在不同的区域恢复出对应的标识符,该标识符能够长期安全使用且智能车辆能够在不使用防篡改设备的情况下完成安全认证,路侧通信基站能够检测信息的匿名性和完整性,并与智能车辆协商到后续安全通信的会话密钥,同时实现双向认证。此外,协议能够在复杂的分布式智能车载网联系统中拓展批量匿名认证、域密钥更新、车对车的匿名认证、匿名身份可追踪等实用性功能。安全性与性能分析表明该协议能够安全高效地部署在分布式智能车载网联环境。     

VANETs中一种隐私保护的高效批认证协议

车载自组网(Vehicular Ad Hoc Networks, VANETs)是一种自组织、自管理、快速移动的户外通信网络系统。车辆加入VANETs可以获取道路的交通状况信息,但是其与路侧单元进行通信时消息容易被窃取。为此,文章提出了一种基于假名和数字签名的批认证协议,实现了车辆身份的匿名和隐私保护。同时,该协议支持路侧单元(Road Side Unit, RSU)对多辆车辆的批量认证,极大地降低了身份验证的计算开销。     

VANET网络中一种新的认证方法

针对现有车载自组织网络（VANET,Vehicular Ad-hoc Network）存在的安全威胁及车辆与车辆之间,车辆与基础设施之间建立可信的连接问题,提出基于ECDH（Elliptic curve-Diffie-Hellman）公钥加密算法和UsbKey双因子身份鉴别的方案,设计出新的双向安全认证协议及详细算法,并对协议方案进行详细的安全分析,分析表明该认证协议具有更强的安全性、保密性及抗攻击能力。     

适用于车载边缘计算网络的高效匿名认证协议

为了解决车载边缘计算网络中无线网络传输特性导致的窃听、重放、拦截、篡改等安全威胁,考虑到车载终端资源有限的特点,提出了一种轻量级匿名高效身份认证协议。基于切比雪夫混沌映射算法,避免了多数方案所采用的指数、双线性映射等复杂算法,有效降低了身份认证与密钥协商过程中的计算复杂度。此外,在实现接入认证及切换认证的同时,能够实现终端匿名性及可追溯、可撤销等安全功能。通过Scyther工具验证结果表明该协议能够满足认证过程中的安全需求并且能够抵抗多种协议攻击。相比已有方案,所提接入认证方案总计算开销最低可节省67%,带宽开销最低可节省11%。此外,相比于接入认证方案,所提域内切换认证方案总计算开销可节省99.8%,带宽开销可节省52%;域间切换认证方案总计算开销可节省80%,带宽开销可节省37%。性能分析结果表明该协议具备更良好的计算和通信性能,因此可以解决车载边缘计算网络中的终端高效安全接入及切换问题。     

VANET中基于区块链的分布式匿名认证方案

身份认证是阻止恶意车辆传播虚假交通信息的第一道防线。然而由于车载自组网（VANET）中网络带宽和计算能力有限,现有方案不能满足对车辆身份的高效认证需求,也无法实现对恶意车辆的快速匿名追溯。鉴于此,提出一种基于区块链的分布式匿名认证方案。该方案利用零知识证明对VANET中车辆进行快速匿名认证,并采用非线性对的聚合签名实现快速批量认证,有效减少认证过程中产生的计算量。另外,区域性可信机构（RTA）可以实现对恶意车辆身份的匿名追溯,并基于区块链对其身份进行快速撤销;还可以基于本地密钥对车辆的短期匿名身份进行及时更新,保证车辆的匿名性和签名的新鲜性。安全分析与仿真实验表明,所提方案能够满足匿名性、不可链接性等多种安全需求,并能有效降低计算与通信开销,比同类方案在性能上至少提升27.28%。     

基于协议序列的车辆自组织网络信道接入控制算法

 针对如何提高车辆自组织网络无线信道资源利用率问题,提出了一种分布式车辆间通信信道接入控制算法,该算法具体表示为利用中国余数定理设计一种用户保障协议序列,车辆节点(亦称用户)依据该协议序列决定其对通信信道的接入,无需基站或中心节点的协调,所设计的协议序列确保每个车辆节点在一个序列周期内至少成功发送一次数据.仿真结果表明,采用本文提出的协议序列控制算法比无反馈时隙ALOHA接入控制算法具有更小的传输时延,能够满足车辆自组织网络通信实时性的要求.     

面向云服务的安全高效无证书聚合签名车联网认证密钥协商协议

针对目前车联网认证密钥协商协议效率低下以及车辆公私钥频繁更新的问题,提出一个基于无证书聚合签名的车联网匿名认证与密钥协商协议.本方案通过引入临时身份和预签名机制实现对车辆的隐私保护以及匿名认证,同时通过构建临时身份索引数据库,实现可信中心对可疑车辆的事后追查,满足车辆的条件匿名性要求.此外,本方案中车辆的公私钥不随其临时身份动态改变,有效避免了已有方案公私钥频繁更新带来的系统开销.同时,为了提供高效的批量认证,采用无双线性对的聚合签名技术,实现了车辆签名的动态聚合和转发,有效降低了签名传递的通信量和云服务器的验证开销.本文方案在eCK模型和CDH问题假设下被证明是形式化安全的.     

可证明安全的可信网络存储协议

提出了一种高效的可信网络存储协议,协议只需两轮交互就实现了服务器与用户间的身份认证和密钥协商,同时在协议的第一轮交互中实现了对客户端平台身份的认证和平台完整性校验,改进了原来系统服务器遭受攻击易导致整个系统瘫痪的缺点,提高了系统的可靠性和协议的执行效率,在此基础上建立了用户与智能磁盘间的安全信道。最后利用CK模型证明了协议是SK安全的,用户与磁盘间的信道是安全信道,提高了系统数据的保密性、完整性和不可抵赖性。     

车联网移动云安全与隐私保护技术研究

智能交通车联网的发展面临着无线网络通信安全与车载用户隐私保护等一系列具有挑战性的难题。针对该系列问题,文章提出了一种层次化的车联网移动云安全模型,车载移动终端使用其身份证书接入相应层次的云端进行身份认证,以确保获得安全稳定的车联网系统服务。同时,由于车载单元的快速移动性质,路侧设施难以支撑大密度的车载终端认证过程,结合云端充足的计算资源和强大的服务能力,可降低车载移动终端在身份合法性确认过程对于车联网路侧设施的处理性能要求,而使用匿名认证的方法可保护车辆的安全和位置隐私。     

Efficient Privacy-Preserving Anonymous Authentication Protocol for Vehicular Ad-Hoc Networks

Vehicular ad-hoc network (VANET) has been considered as one of the most promising wireless sensor technologies, which could enhance driving convenience and traffic efficiency through real-time information interaction. Nevertheless, emerging security issues (e.g., confidentiality, integrity, identity privacy, message authentication) will hinder the widespread deployment of VANETs. To address these issues, in this paper, we propose an efficient privacy-preserving anonymous authentication protocol for VANETs. We first design an identity-based signature algorithm, and exploit it with an account information of a vehicle to propose our anonymous authentication protocol. The protocol enables each vehicle to anonymously send an authenticated message to nearby roadside units (RSUs) in a confidential way, and efficiently check the feedback information from nearby RSUs. Simultaneously, the protocol achieves key-exchange functionality, which could produce a session key for later secure communication between vehicles and RSUs. Finally, we give the security analysis of the proposed protocol and conduct a comprehensive performance evaluation, the results demonstrate its feasibility in the secure deployment of VANETs.

     

<Emphasis Type="Italic">EIAS-CP:</Emphasis> new efficient identity-based authentication scheme with conditional privacy-preserving for VANETs

In VANETs, vehicles broadcast traffic-related messages periodically according to Dedicated Short Range Communication protocol. To ensure the reliability and integrity of messages, authentication schemes are involved in VANETs. As traffic-related messages are time-sensitive, they must be verified and processed timely, or it may cause inestimable harm to the traffic system. However, the OBUs and the RSUs are limited in computation ability and cannot afford vast messages’ verification. Recently, some identity-based authentication schemes using bilinear pairing have been proposed to improve the efficiency of message verification for VANETs. Nevertheless, the bilinear pairing is not suited for VANETs due to its complex operations. The design of an efficient and secure authentication scheme with low computation cost for VANETs still is a rewarding challenge. To settle this challenge, a new efficient identity-based authentication scheme is proposed in this paper. The proposed scheme ensures reliability and integrity of messages and provides conditional privacy-preserving. Compared with the most recent proposed authentication schemes for VANETs, the computation costs of the message signing and verification in the proposed scheme reduce by 88 and 93 % respectively, while security analysis demonstrates that our proposed scheme satisfies all security and privacy requirements for VANETs.     

A Secure Ambulance Communication Protocol for VANET

Vehicular ad hoc networks (VANETs) have been a research focus in recent years. VANET’s main applications are enhancing road safety and reducing traffic accidents. Moreover, the VANET system can also reduce the time it takes for emergency vehicles to arrive at the accident location. The security of the transmission messages is of utmost importance, and to protect the transmission messages we propose a secure ambulance communication protocol for VANET to ensure that messages will not be revealed or stolen. The proposed scheme combines symmetric encryption, message authentication codes and digital signature mechanisms, and thereby achieves non-repudiation, availability, integrity, confidentiality, mutual authentication, session key security, known-key security and the ability to prevent known attacks. Finally, with NS2 simulation results that are based on realistic vehicle density statistics and the Taipei city road map, we argue that our secure ambulance communication protocol is effective in real VANET scenarios.     

基于匿名认证的车联网安全技术研究

车联网相关应用需要基于实时、准确的交通信息。RSU会实时进行广播,同时车辆间要进行实时通信,包括车辆的身份信息、驾驶状态及位置信息等。攻击者可以利用车联网的开放性获取实时发送的空口数据,通过破解空口数据获得车辆的身份信息和位置信息,进而可以通过伪装、篡改或者植入恶意程序的方式对车辆进行攻击。因此,车联网通信过程中的信息安全问题必须得到有效的保护。基于区块链的匿名认证,车辆在V2V及V2I通信过程中将公钥作为假名进行认证,既保证了消息来源的真实性和消息的完整性,也避免了车辆身份信息的泄露。     

新的基于变色龙的车载通信安全与隐私保护

在车载自组网（VANET）中许多服务和应用需要保护数据通信的安全,为提高驾驶的安全性和舒适性,一些与交通状况有关的信息就要被周期性地广播并分享给司机,如果用户的身份和信息没有隐私和安全的保证,攻击者就会通过收集和分析交通信息追踪他们感兴趣的车辆,因此,匿名消息身份验证是VANET中不可或缺的要求。另一方面,当车辆参与纠纷事件时,证书颁发机构能够恢复车辆的真实身份。为解决车载通信这一问题,郭等人在传统方案的基础上提出一种基于椭圆曲线的变色龙散列的隐私保护验证协议。虽然此方案较之前方案具有车辆身份可追踪性和高效率性,但分析表明此方案不满足匿名性。对郭等人的方案进行安全性分析并在此基础上做出改进。     

Conditional privacy protection authentication scheme based on bilinear pairings for VANET

To solve the problem of security and efficiency of anonymous authentication in the vehicle Ad-hoc network（VANET）, a conditional privacy protection authentication scheme for vehicular networks is proposed based on bilinear pairings. In this scheme, the tamper-proof device in the roadside unit (RSU) is used to complete the message signature and authentication process together with the vehicle, which makes it more secure to communicate between RSU and trusted authority (TA) and faster to update system parameters and revoke the vehicle. And this is also cheaper than installing tamper-proof devices in each vehicle unit. Moreover, the scheme provide provable security proof under random oracle model (ROM), which shows that the proposed scheme can meet the security requirements such as conditional privacy, unforgeability, traceability etc. And the results of simulation experiment demonstrate that this scheme not only of achieves high efficiency, but also has low message loss rate.     

Efficient ID-based registration protocol featured with user anonymity in mobile IP networks

A secure and efficient ID-based registration protocol with user anonymity is proposed in this paper for IP-based mobile networks. The protocol minimizes the registration delay through a minimal usage of the identity (ID)-based signature scheme that eliminates expensive pairing operations. User anonymity is achieved via a temporary identity (TID) transmitted by a mobile user, instead of its true identity. Additional replay protection from a Foreign Agent (FA) is included in the registration messages to prevent a possible replay attack. A formal correctness proof of the protocol using Protocol Composition Logic (PCL) is presented. Numerical analysis and computer simulation results demonstrate that the proposed protocol outperforms the existing ones in terms of the registration delay, the registration signaling traffic, and the computational load on a Mobile Node (MN) while improving security. For example, the proposed protocol reduces the registration delay up to 49.3 percent approximately, comparing to Yang?s protocol.     

A roadside unit‐based localization scheme for vehicular ad hoc networks

Vehicular Ad Hoc Networks (VANETs), designed to ensure the safety and comfort of passengers via the exchange of information amongst nearby vehicles or between the vehicles and Roadside Units (RSUs), have attracted particular attention. However, the success of many VANET applications depends on their ability to estimate the vehicle position with a high degree of precision, and thus, many vehicle localization schemes have been proposed. Many of these schemes are based on vehicle‐mounted Global Positioning System (GPS) receivers. However, the GPS signals are easily disturbed or obstructed. Although this problem can be resolved by vehicle‐to‐vehicle communication schemes, such schemes are effective only in VANETs with a high traffic density. Accordingly, this paper presents a VANET localization scheme in which each vehicle estimates its location on the basis of beacon messages broadcast periodically by pairs of RSUs deployed on either side of the road. In addition, three enhancements to the proposed scheme are presented for the RSU deployment, RSU beacon collisions, and RSU failures. Overall, the ns‐2 simulation results show that the localization scheme achieves a lower localization error than existing solutions on the basis of vehicle‐to‐vehicle communications and is robust toward changes in the traffic density and the vehicle speed. Copyright © 2012 John Wiley & Sons, Ltd.     

An improved EAAP scheme for vehicular ad hoc networks

Recently, Maria Azees et al proposed an “EAAP: efficient anonymous authentication with conditional privacy‐preserving scheme for Vehicular Ad Hoc Networks.” Their scheme is mainly to solve the problem of high computation time of anonymous certificate and signature authentication, as well as the tracking problem of malicious vehicles. However, some improvements are needed in the protection of anonymous identity and the effective tracking of malicious vehicles. In this paper, our scheme realizes mutual authentication between OBU and RSU, and the RSU is authenticated without using certificate. In order to prevent the anonymous identity of the vehicles from being monitored and tracked, we use the negotiated short‐time key to encrypt the anonymous identity in the vehicle certificates. In addition, our scheme uses a new tracking method for malicious vehicles. Then, we prove the scheme through BAN logic, and it has the properties of authentication, anonymity, unlinkability, privacy protection, and traceability. Finally, we compare the computation cost and communication cost with other schemes, and the scheme has been greatly improved.     

Privacy‐preserving authentication schemes for vehicular ad hoc networks: a survey

Vehicular ad hoc networks (VANETs) are expected in improving road safety and traffic conditions, in which security is essential. In VANETs, the authentication of the vehicular access control is a crucial security service for both inter‐vehicle and vehicle–roadside unit communications. Meanwhile, vehicles also have to be prevented from the misuse of the private information and the attacks on their privacy. There is a number of research work focusing on providing the anonymous authentication with preserved privacy in VANETs. In this paper, we specifically provide a survey on the privacy‐preserving authentication (PPA) schemes proposed for VANETs. We investigate and categorize the existing PPA schemes by their key cryptographies for authentication and the mechanisms for privacy preservation. We also provide a comparative study/summary of the advantages and disadvantages of the existing PPA schemes. Lastly, the open issues and future objectives are identified for PPA in VANETs. Copyright © 2014 John Wiley & Sons, Ltd.