Review on Identity-Based Batch Verification Schemes for Security and Privacy in VANETs

The study of vehicular ad-hoc networks (VANETs) has received significant attention among academia; even so, its security and privacy still become a central issue that is wide-open to discuss. The authentication schemes deployed in VANETs have a substantial impact on its security and privacy. Many researchers have proposed a variety of schemes related to the information verification and efficiency improvement in VANETs. In recent years, many papers have proposed identity-based batch verification (IBV) schemes in regard to diminishing overhead in the message verification process in VANETs. This survey begins with providing background information about VANETs and clarifying its security and privacy, as well as performance requirements that must be satisfied. After presenting an outlook of some relevant surveys of VANETs, a brief review of some IBV schemes published in recent years is conferred. The detailed approach of each scheme, with a comprehensive comparison between them, has been provided afterward. Finally, we summarize those recent studies and possible future improvements.     

<Emphasis Type="Italic">EIAS-CP:</Emphasis> new efficient identity-based authentication scheme with conditional privacy-preserving for VANETs

In VANETs, vehicles broadcast traffic-related messages periodically according to Dedicated Short Range Communication protocol. To ensure the reliability and integrity of messages, authentication schemes are involved in VANETs. As traffic-related messages are time-sensitive, they must be verified and processed timely, or it may cause inestimable harm to the traffic system. However, the OBUs and the RSUs are limited in computation ability and cannot afford vast messages’ verification. Recently, some identity-based authentication schemes using bilinear pairing have been proposed to improve the efficiency of message verification for VANETs. Nevertheless, the bilinear pairing is not suited for VANETs due to its complex operations. The design of an efficient and secure authentication scheme with low computation cost for VANETs still is a rewarding challenge. To settle this challenge, a new efficient identity-based authentication scheme is proposed in this paper. The proposed scheme ensures reliability and integrity of messages and provides conditional privacy-preserving. Compared with the most recent proposed authentication schemes for VANETs, the computation costs of the message signing and verification in the proposed scheme reduce by 88 and 93 % respectively, while security analysis demonstrates that our proposed scheme satisfies all security and privacy requirements for VANETs.     

一种可证安全的车联网无证书聚合签名改进方案

车联网(VANETs)是组织车－X(X:车、路、行人及互联网等)之间的无线通信和信息交换的大型网络,是智慧城市重要组成部分。其消息认证算法的安全与效率对车联网至关重要。该文分析王大星等人的VANETs消息认证方案的安全不足,并提出一种改进的可证安全的无证书聚合签名方案。该文方案利用椭圆曲线密码构建了一个改进的安全无证书聚合认证方案。该方案降低了密码运算过程中的复杂性,同时实现条件隐私保护功能。严格安全分析证明该文方案满足VANETs的安全需求。性能分析表明该文方案相比王大星等人方案,较大幅度地降低了消息签名、单一验证以及聚合验证算法的计算开销,同时也减少了通信开销。     

Efficient and Secure Authentication Scheme with Conditional Privacy-Preserving for VANETs

The goal of authentication scheme for Vehicular ad hoc networks (VANETs) is to ensure reliability and integrity of message.Due to the timeliness of traffic-related messages and the highly dynamic nature of VANETs,it still is a challenge to solve the three key issues simultaneously,i.e.security,efficiency and conditional privacy-preserving,on the design of authentication scheme for VANETs.To address this challenge,an efficient Conditional privacy-preserving authentication (CPPA) scheme is proposed in this paper.Compared with the most recent proposed CPPA schemes,our proposed scheme markedly decreases the computation costs of the message-signing phase and the message verification phase,while satisfies all security requirements of VANETs and provides conditional privacy-preserving.     

An efficient voting based decentralized revocation protocol for vehicular ad hoc networks

Vehicular Ad-hoc NETworks (VANETs) enable cooperative behaviors in vehicular environments and are seen as an integral component of Intelligent Transportation Systems (ITSs). The security of VANETs is crucial for their successful deployment and widespread adoption. A critical aspect of preserving the security and privacy of VANETs is the efficient revocation of the ability of misbehaving or malicious vehicles to participate in the network. This is usually achieved by revoking the validity of the digital certificates of the offending nodes and by maintaining and distributing an accurate Certificate Revocation List (CRL). The immediate revocation of misbehaving vehicles is of prime importance for the safety of other vehicles and users. In this paper, we present a decentralized revocation approach based on Shamir’s secret sharing to revoke misbehaving vehicles with very low delays. Besides enhancing VANETs’ security, our proposed protocol limits the size of the revocation list to the number of the revoked vehicles. Consequently, the authentication process is more efficient, and the communication overhead is reduced. We experimentally evaluate our protocol to demonstrate that it provides a reliable solution to the scalability, efficiency and security of VANETs.     

Trust-Based Fast Authentication for Multiowner Wireless Networks

In multiowner wireless networks, access points (APs) are owned and operated by different administrations, leading to significant authentication delays during handoff between APs. We propose to exploit the trust between the owners of neighboring APs for reducing the authentication delay. In the proposed authentication scheme, neighboring APs that trust each other share the security key for the visiting node to avoid lengthy authentication routines each time the visiting node switches APs. The performance of the proposed trust-based authentication scheme is evaluated using a Markov model. Using numerical experiments, we first study a basic scenario where mobile nodes are not aware of the trust networks that exist in a given neighborhood. Subsequently, we consider an advanced scenario where a mobile node functionality is augmented to discover the trust network so as to minimize roaming beyond the trusted APs. We find that, even with the basic implementation, the average number of full authentications needed for a roaming mobile reduces linearly as the likelihood of two neighboring APs trusting each other increases. With the advanced implementation, our experiments show that quadratic reduction is achieved. The Markov model is validated using discrete event simulation.     

车载网络中的数据分发策略

通过车载网络(VAETNs)能够有效提高交通管理系统(TMS)的数据传输。然而,由于通信距离短以及车辆的移动,完成VANETs中的数据传输是一项挑战任务。为此,提出基于复杂网络指标的数据传输(MCDD)策略。MCDD策略依据二跳邻居的信息,并通过介数中心性和度中心性两项性能指标选择转发节点,进而降低开销和缩短传输时延。仿真结果表明,相比于基于区划分的全-分布式流量管理系统(FTMS),MCDD策略的交通拥塞时间缩短了约48.95%,平均行驶速度提高了约8%。     

基于AAA认证的仓储移动网络安全关联转移方案

提出基于AAA认证的移动网络(NEMO)安全预接入通告方案,由无线传感器定位信息预判切换,触发安全关联等上下文转移,并告知对端节点或对端服务器的数据处理中心,提前实现安全验证。用?演算建模以保证与现有NEMO安全机制兼容。理论分析知其减少的不当路由开销可达一半,模拟显示延时和资源占用大为降低。     

A secure mutual authentication scheme with non‐repudiation for vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) have been a research focus in recent years. VANETs are not only used to enhance the road safety and reduce the traffic accidents earlier but also conducted more researches in network value‐added service. As a result, the security requirements of vehicle communication are given more attention. In order to prevent the security threat of VANETs, the security requirements, such as the message integrity, availability, and confidentiality are needed to be guaranteed further. Therefore, a secured and efficient verification scheme for VANETs is proposed to satisfy these requirements and reduce the computational cost by combining the asymmetric and symmetric cryptology, certificate, digital signature, and session key update mechanism. In addition, our proposed scheme can resist malicious attacks or prevent illegal users' access via security and performance analysis. In summary, the proposed scheme is proved to achieve the requirements of resist known attacks, non‐repudiation, authentication, availability, integrity, and confidentiality. Copyright © 2015 John Wiley & Sons, Ltd.     

Energy Efficient Enhanced OLSR Routing Protocol Using Particle Swarm Optimization with Certificate Revocation Scheme for VANET

In Vehicular ad-hoc networks (VANETs), routing and security are the mainchallenges. In our previous work, we have presented cluster-based secure communication with the certificate revocation scheme for securable communication between the vehicles.Cluster formation is done using the trust degree of each vehicle and this trust degree is calculated based on the direct and indirect trust degree of each vehicle. Information of eachvehicle is gathered by the corresponding cluster head (CH) in a cluster. This information is maintained by the Certificate Revocation List (CRL) in the Certificate Authority (CA). CA isolates a vehicle as an attacked node if it has less trust degree than the threshold trust value and it invalidates the certificate of attacked or revoked nodes. Before transmission, each vehicle in a cluster validates its certificate with the support of CA. After the validation, the other challenge of VANET i.e., efficient route is to be established so that Energy efficient enhanced OLSR routing protocol using Particle Swarm Optimization (PSO) algorithm is presented in this paper. After the establishment of the efficient route, the vehicle deploys the symmetric cryptography approach for securable transmission. Simulation results show that the performance of our proposed approach outperforms the performance of existing work in terms of energy efficiency.

     

Secure authentication and integrity techniques for randomized secured routing in WSN

As wireless sensor network is resource-constrained, reliability and security of broadcasted data become major issue in these types of network. In order to overcome security and integrity issues, a secure authentication and integrity technique is proposed. In this technique, shared keys are used for providing authentication. Here, mutual authentication technique allows the sender and recipient to share a common key matrix as an authentication key. Both sender and recipient chose a random noise matrix and verification is done based on hamming weight. To increase authentication and integrity, a hybrid offline and online signcryption technique is proposed which is a cryptographic method that satisfies both the function of digital signature and public key encryption in a logical single step. By simulation results, we show that the proposed technique provides security in terms of increased packet delivery ratio and reduced compromised communications.     

Efficient authentication scheme for double-layer satellite network

To solve the issue of networking authentication among GEO and LEO satellites in double-layer satellite network,a secure and efficient authenticated key agreement scheme was proposed.Based on symmetric encryption,the proposed scheme can achieve trust establishment and secure communication between satellites without the trusted third party.Meanwhile,considering characteristics of highly unified clock and predictable satellite trajectory in satellite networks,a pre-calculation method was designed,which can effectively improve the authentication efficiency of satellite networking.Moreover,formal proof and security analysis demonstrate that the scheme can satisfy various security requirements during satellite networking.Performance analysis and simulation results show that the scheme has low computation and communication overhead,which can achieve the authentication of satellite networking in resource-limited scenarios.     

智能车载自组织网络中匿名在线注册与安全认证协议

随着智能交通系统(ITS)的建立,车载自组织网络(VANETs)在提高交通安全和效率方面发挥着重要的作用。由于车载自组织网络具有开放性和脆弱性特点,容易遭受各种安全威胁与攻击,这将阻碍其广泛应用。针对当前车载自组织网络传输中数据的认证性与完整性,以及车辆身份的隐私保护需求,该文提出一种智能车载自组织网络中的匿名在线注册与安全认证协议。协议让智能车辆在公开信道以匿名的方式向交通系统可信中心(TA)在线注册。可信中心证实智能车辆的真实身份后,无需搭建安全信道,在开放网络中颁发用于安全认证的签名私钥。车辆可以匿名发送实时交通信息到附近路边基站单元(RSU),并得到有效认证与完整性检测。该协议使得可信中心可以有效追踪因发送伪造信息引起交通事故的匿名车辆。协议可以让路边基站单元同时对多个匿名车辆发送的交通信息进行批量认证。该协议做了详细的安全性分析和性能分析。性能比较结果表明,该协议在智能车辆端的计算开销以及在路边基站单元端的通信开销都具有明显优势,而且无需搭建安全信道就能够实现匿名在线注册,因此可以安全高效地部署在智能车载自组织网络环境。     

Hexagonal Clustered Trust Based Distributed Group Key Agreement Scheme in Mobile Ad Hoc Networks

Secure and efficient group communication among mobile nodes is one of the significant aspects in mobile ad hoc networks (MANETs). The group key management (GKM) is a well established cryptographic technique to authorise and to maintain group key in a multicast communication, through secured channels. In a secure group communication, a one-time session key is required to be shared between the participants by using distributed group key agreement (GKA) schemes. Due to the resource constraints of ad hoc networks, the security protocols should be communication efficient with less overhead as possible. The GKM solutions from various researches lacks in considering the mobility features of ad hoc networks. In this paper, we propose a hexagonal clustered one round distributed group key agreement scheme with trust (HT-DGKA) in a public key infrastructure based MANET environment. The proposed HT-DGKA scheme guarantees an access control with key authentication and secrecy. The performance of HT-DGKA is evaluated by simulation analysis in terms of key agreement time and overhead for different number of nodes. Simulation results reveal that the proposed scheme guarantees better performance to secure mobile ad hoc network. It is demonstrated that the proposed scheme possesses a maximum of 2250 ms of key agreement time for the higher node velocity of 25 m/s and lower key agreement overhead. Also, the HT-DGKA scheme outperforms the existing schemes in terms of successful message rate, packet delivery ratio, level of security, computation complexity, number of round, number of exponentiations and number of message sent and received that contribute to the network performance.

     

车载网中可证安全的无证书聚合签名算法

为了实现车载自组织网络中车辆节点之间信息传输的安全认证,该文设计了一种无证书聚合签名方案。提出的方案采用无证书密码体制,消除了复杂的证书维护成本,同时也解决了密钥托管问题。通过路侧单元生成的假名与周围节点进行通信,实现了车辆用户的条件隐私保护。在随机预言模型下,证明了方案满足自适应选择消息攻击下的存在性不可伪造。然后,分析了方案的实现效率,并模拟实现了车载自组网(VANET)环境中车流密度与消息验证的时间延迟之间的关系。结果表明,该方案满足消息的认证性、匿名性、不可伪造性和可追踪性等性质,并且通信效率高、消息验证的时延短,更适合于动态的车载自组织网络环境。     

A Scalable Information Security Technique: Joint Authentication-Coding Mechanism for Multimedia over Heterogeneous Wireless Networks

There have been increasing concerns about the security issues of wireless transmission of multimedia in recent years. Wireless networks, by their natures, are more vulnerable to external intrusions than wired ones. Therefore, many applications demand authenticating the integrity of multimedia content delivered wirelessly. In this work, we propose a framework for jointly authenticating and coding multimedia to be transmitted over heterogeneous wireless networks. We firstly provide a novel graph-based authentication scheme which can not only construct the authentication graph flexibly but also trade-off well among some practical requirements such as overhead, robustness and delay. And then, a rate-distortion optimized joint source-channel coding (JSCC) approach for error-resilient scalable encoded video is presented, in which the video is encoded into multiple independent streams and each stream is assigned forward error correction (FEC) codes to avoid error propagation. Furthermore, we consider integrating authentication with the specific JSCC scheme to achieve a satisfactory authentication results and end-to-end reconstruction quality by optimally applying the appropriate authentication and coding rate. Simulation results show the effectiveness of the proposed authentication-coding scheme for multimedia over wireless networks.     

Markov Chain Trust Model for Trust-Value Analysis and Key Management in Distributed Multicast MANETs

To increase efficiency in mobile ad hoc networks (MANETs), the multicast MANET is proposed for a sender that sends packets to several receivers through a multicast session. In MANETs, multicast group members frequently change due to node mobility; thus, supporting secure authentication and authorization in a multicast MANET is more critical than that in a wired network with a centralized certificate authentication (CA) server. This paper thus proposes a two-step secure authentication approach for multicast MANETs. First, a Markov chain trust model is proposed to determine the trust value (TV) for each one-hop neighbor. A node's TV is analyzed from its previous trust manner that was performed in this group. The proposed trust model is proven as an ergodic continuous-time Markov chain model. Second, the node with the highest TV in a group will be selected as the CA server. To increase reliability, the node with the second highest TV will be selected as the backup CA server that will take over CA when CA fails. The procedures of the secure authentication for group management are detailed. The security analysis of each procedure is analyzed to guarantee that the proposed approach achieves a secure reliable authentication in multicast MANETs. In addition, several famous attacks have been analyzed and discussed. Numerical results indicate that the analytical TV of each mobile node is very close to that of simulation under various situations. The speed of the convergence of the analytical TV shows that the analyzed result is independent of initial values and trust classes. This is a good feature of analytical models.     

Blockchain-inspired lightweight trust-based system in vehicular networks

A decentralized application runs on the blockchain network without the intervention of a central authority. Transparency in transactions and security in vehicular networks are the issues for central systems. The proposed system uses blockchain-based smart contracts, which eliminate the requirement for any third-party verification. Additionally, with signature verification and reduced overhead, smart contracts also help in a fast and secure transaction. This study suggests a trust-based system paradigm where certificate authority (CA) is employed for vehicle registration. We also propose a blockchain-based system that provides efficient two-way authentication and key agreement through encryption and digital signatures. The analysis of the proposed model reveals that it is an efficient way of establishing distributed trust management, which helps in preserving vehicle privacy. The proposed scheme is tested in Automated Validation of Internet Security-sensitive Protocols (AVISPA), and security parameters verification in Network Simulator 2(NS2) also shows that the proposed scheme is more effective in comparison with existing schemes in terms of authentication cost, storage cost, and overhead.     

Research on batch anonymous authentication scheme for VANET based on bilinear pairing

To solve the problem of efficiency of anonymous authentication in vehicular ad hoc network,a batch anonymous authentication scheme was proposed by using bilinear pairing on elliptic curves .The signature was generated by the roadside unit node (RSU) and the vehicle together.Thus,the burden of VANET certification center was reduced and the authentication efficiency was proved.Meanwhile,the difficulty of the attacker to extract the key was increased.Furthermore,security proofs were given to the scheme in the random oracle model.Analysis shows that the proposed scheme can meet the needs of many kinds of security requirements,the computational overhead is significantly reduced,and the authentication efficiency is improved effectively too.Therefore,the scheme has important theoretical significance and application value under computational capability constrained Internet of things (IoT) environment.     

Privacy‐preserving authentication schemes for vehicular ad hoc networks: a survey

Vehicular ad hoc networks (VANETs) are expected in improving road safety and traffic conditions, in which security is essential. In VANETs, the authentication of the vehicular access control is a crucial security service for both inter‐vehicle and vehicle–roadside unit communications. Meanwhile, vehicles also have to be prevented from the misuse of the private information and the attacks on their privacy. There is a number of research work focusing on providing the anonymous authentication with preserved privacy in VANETs. In this paper, we specifically provide a survey on the privacy‐preserving authentication (PPA) schemes proposed for VANETs. We investigate and categorize the existing PPA schemes by their key cryptographies for authentication and the mechanisms for privacy preservation. We also provide a comparative study/summary of the advantages and disadvantages of the existing PPA schemes. Lastly, the open issues and future objectives are identified for PPA in VANETs. Copyright © 2014 John Wiley & Sons, Ltd.