Privacy Preserving Cryptographic Protocols for Secure Heterogeneous Networks

Disertační práce se zabývá kryptografickými protokoly poskytující ochranu soukromí, které jsou určeny pro zabezpečení komunikačních a informačních systémů tvořících heterogenní sítě. Práce se zaměřuje především na možnosti využití nekonvenčních kryptografických prostředků, které poskytují rozšířené bezpečnostní požadavky, jako je například ochrana soukromí uživatelů komunikačního systému. V práci je stanovena výpočetní náročnost kryptografických a matematických primitiv na různých zařízeních, které se podílí na zabezpečení heterogenní sítě. Hlavní cíle práce se zaměřují na návrh pokročilých kryptografických protokolů poskytujících ochranu soukromí. V práci jsou navrženy celkově tři protokoly, které využívají skupinových podpisů založených na bilineárním párování pro zajištění ochrany soukromí uživatelů. Tyto navržené protokoly zajišťují ochranu soukromí a nepopiratelnost po celou dobu datové komunikace spolu s autentizací a integritou přenášených zpráv. Pro navýšení výkonnosti navržených protokolů je využito optimalizačních technik, např. dávkového ověřování, tak aby protokoly byly praktické i pro heterogenní sítě.The dissertation thesis deals with privacy-preserving cryptographic protocols for secure communication and information systems forming heterogeneous networks. The thesis focuses on the possibilities of using non-conventional cryptographic primitives that provide enhanced security features, such as the protection of user privacy in communication systems. In the dissertation, the performance of cryptographic and mathematic primitives on various devices that participate in the security of heterogeneous networks is evaluated. The main objectives of the thesis focus on the design of advanced privacy-preserving cryptographic protocols. There are three designed protocols which use pairing-based group signatures to ensure user privacy. These proposals ensure the protection of user privacy together with the authentication, integrity and non-repudiation of transmitted messages during communication. The protocols employ the optimization techniques such as batch verification to increase their performance and become more practical in heterogeneous networks.

Towards Cyber Security for Low-Carbon Transportation: Overview, Challenges and Future Directions

In recent years, low-carbon transportation has become an indispensable part as sustainable development strategies of various countries, and plays a very important responsibility in promoting low-carbon cities. However, the security of low-carbon transportation has been threatened from various ways. For example, denial of service attacks pose a great threat to the electric vehicles and vehicle-to-grid networks. To minimize these threats, several methods have been proposed to defense against them. Yet, these methods are only for certain types of scenarios or attacks. Therefore, this review addresses security aspect from holistic view, provides the overview, challenges and future directions of cyber security technologies in low-carbon transportation. Firstly, based on the concept and importance of low-carbon transportation, this review positions the low-carbon transportation services. Then, with the perspective of network architecture and communication mode, this review classifies its typical attack risks. The corresponding defense technologies and relevant security suggestions are further reviewed from perspective of data security, network management security and network application security. Finally, in view of the long term development of low-carbon transportation, future research directions have been concerned.Comment: 34 pages, 6 figures, accepted by journal Renewable and Sustainable Energy Review

Efficient HMAC-based secure communication for VANETs

Vehicular Ad Hoc Network (VANET) is an emerging type of network which facilitates vehicles on roads to communicate for driving safety. It requires a mechanism to help authenticate messages, identify valid vehicles, and remove malevolent vehicles which do not obey the rules. Most existing solutions either do not have an effective message verification scheme, or use the public key infrastructure (PKI). In this network, vehicles are able to broadcast messages to other vehicles and a group of known vehicles can also communicate securely among themselves. So group communication is necessary for the network. However, most existing solutions either do not consider this or use pairing operation to realize this. They are either not secure or not effective. In this paper, we provide a more comprehensive set of secure schemes with Hash-based Message Authentication Code (HMAC) in VANETs to overcome their shortcomings. Of course, we still need to use Pairing operation in some place. Our scheme is composed of three schemes: (1) Communications between Vehicles and Road-Side Units (RSUs), (2) One to One Communications within a Group, (3) One to One Communications without a Group. Based on our simulation study, we show that our schemes are effective and the delay caused is much lower. The average delay caused by our first scheme is nearly thousands of times lower than prior schemes. The average delay caused by our second scheme is 0.312 ms, while the delay caused by prior scheme is 12.3 ms. Meanwhile the average delay caused by our third scheme is 0.312 ms, and the delay caused by prior scheme is about 9 s. © 2012 Elsevier B.V. All rights reserved.postprin

A Novel Pseudonym Assignment and Encryption Scheme for Preserving the Privacy of Military Vehicles

In this digital era, security has become one of the important topics of concern, and things become more critical for military vehicles where safety plays a vital role. In this paper, we have discussed a pseudonym-based approach that preserves the real identity of military vehicles. This paper also focuses on military vehicles’ location privacy by deploying a novel pseudonym assignment and encryption schemes. The proposed security scheme is based on a hybrid approach of matrix array symmetric key and the intelligent water drop scheme. After implementing the proposed security scheme, each military vehicle will obtain its pseudonym for hiding their original identities. The proposed algorithm effectively manages pseudonym generation and change requests for the local region and inter-region environment. The proposed security scheme not only provides secure communication and preservation of location privacy of military vehicles but also ensures their security against various attacks. Finally, the time efficiency of proposed algorithms is obtained for both local and inter-region requests. Comparative analysis shows that the proposed scheme is more efficient than other existing techniques

On Achieving Secure Message Authentication for Vehicular Communications

Vehicular Ad-hoc Networks (VANETs) have emerged as a new application scenario that is envisioned to revolutionize the human driving experiences, optimize traffic flow control systems, etc. Addressing security and privacy issues as the prerequisite of VANETs' development must be emphasized. To avoid any possible malicious attack and resource abuse, employing a digital signature scheme is widely recognized as the most effective approach for VANETs to achieve authentication, integrity, and validity. However, when the number of signatures received by a vehicle becomes large, a scalability problem emerges immediately, where a vehicle could be difficult to sequentially verify each received signature within 100-300 ms interval in accordance with the current Dedicated Short Range Communications (DSRC) protocol. In addition, there are still some unsolved attacks in VANETs such as Denial of Service (Dos) attacks, which are not well addressed and waiting for us to solve. In this thesis, we propose the following solutions to address the above mentioned security related issues. First of all, to address the scalability issues, we introduce a novel roadside unit (RSU) aided message authentication scheme, named RAISE, which makes RSUs responsible for verifying the authenticity of messages sent from vehicles and for notifying the results back to vehicles. In addition, RAISE adopts the k-anonymity property for preserving user privacy, where a message cannot be associated with a common vehicle. Secondly, we further consider the situation that RSUs may not cover all the busy streets of a city or a highway in some situations, for example, at the beginning of a VANETs' deployment period, or due to the physical damage of some RSUs, or simply for economic considerations. Under these circumstances, we further propose an efficient identity-based batch signature verification scheme for vehicular communications. The proposed scheme can make vehicles verify a batch of signatures once instead of one after another, and thus it efficiently increases vehicles' message verification speed. In addition, our scheme achieves conditional privacy: a distinct pseudo identity is generated along with each message, and a trust authority can trace a vehicle's real identity from its pseudo identity. In order to find invalid signatures in a batch of signatures, we adopt group testing technique which can find invalid signatures efficiently. Lastly, we identify a DoS attack, called signature jamming attack (SJA), which could easily happen and possibly cause a profound vicious impact on the normal operations of a VANET, yet has not been well addressed in the literature. The SJA can be simply launched at an attacker by flooding a significant number of messages with invalid signatures that jam the surrounding vehicles and prevent them from timely verifying regular and legitimate messages. To countermeasure the SJA, we introduces a hash-based puzzle scheme, which serves as a light-weight filter for excluding likely false signatures before they go through relatively lengthy signature verification process. To further minimize the vicious effect of SJA, we introduce a hash recommendation mechanism, which enables vehicles to share their information so as to more efficiently thwart the SJA. For each research solution, detailed analysis in terms of computational time, and transmission overhead, privacy preservation are performed to validate the efficiency and effectiveness of the proposed schemes

An attribute-based framework for secure communications in vehicular ad hoc networks

In this paper, we introduce an attribute-based framework to achieve secure communications in vehicular ad hoc networks (VANETs), which enjoys several advantageous features. The proposed framework employs attribute-based signature (ABS) to achieve message authentication and integrity and protect vehicle privacy, which greatly mitigates the overhead caused by pseudonym/private key change or update in the existing solutions for VANETs based on symmetric key, asymmetric key, and identity-based cryptography and group signature. In addition, we extend a standard ABS scheme with traceability and revocation mechanisms and seamlessly integrate them into the proposed framework to support vehicle traceability and revocation by a trusted authority, and thus, the resulting scheme for vehicular communications does not suffer from the anonymity misuse issue, which has been a challenge for anonymous credential-based vehicular protocols. Finally, we implement the proposed ABS scheme using a rapid prototyping tool called Charm to evaluate its performance

SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems

Several years of academic and industrial research efforts have converged to a common understanding on fundamental security building blocks for the upcoming Vehicular Communication (VC) systems. There is a growing consensus towards deploying a special-purpose identity and credential management infrastructure, i.e., a Vehicular Public-Key Infrastructure (VPKI), enabling pseudonymous authentication, with standardization efforts towards that direction. In spite of the progress made by standardization bodies (IEEE 1609.2 and ETSI) and harmonization efforts (Car2Car Communication Consortium (C2C-CC)), significant questions remain unanswered towards deploying a VPKI. Deep understanding of the VPKI, a central building block of secure and privacy-preserving VC systems, is still lacking. This paper contributes to the closing of this gap. We present SECMACE, a VPKI system, which is compatible with the IEEE 1609.2 and ETSI standards specifications. We provide a detailed description of our state-of-the-art VPKI that improves upon existing proposals in terms of security and privacy protection, and efficiency. SECMACE facilitates multi-domain operations in the VC systems and enhances user privacy, notably preventing linking pseudonyms based on timing information and offering increased protection even against honest-but-curious VPKI entities. We propose multiple policies for the vehicle-VPKI interactions, based on which and two large-scale mobility trace datasets, we evaluate the full-blown implementation of SECMACE. With very little attention on the VPKI performance thus far, our results reveal that modest computing resources can support a large area of vehicles with very low delays and the most promising policy in terms of privacy protection can be supported with moderate overhead.Comment: 14 pages, 9 figures, 10 tables, IEEE Transactions on Intelligent Transportation System

Location Privacy in VANETs: Improved Chaff-Based CMIX and Privacy-Preserving End-to-End Communication

VANETs communication systems are technologies and defined policies that can be formed to enable ITS applications to provide road traffic efficacy, warning about such issues as environmental dangers, journey circumstances, and in the provision of infotainment that considerably enhance transportation safety and quality. The entities in VANETs, generally vehicles, form part of a massive network known as the Internet of Vehicles (IoV). The deployment of large-scale VANETs systems is impossible without ensuring that such systems are themselves are safe and secure, protecting the privacy of their users. There is a risk that cars might be hacked, or their sensors become defective, causing inaccurate information to be sent across the network. Consequently, the activities and credentials of participating vehicles should be held responsible and quickly broadcast throughout a vast VANETs, considering the accountability in the system. The openness of wireless communication means that an observer can eavesdrop on vehicular communication and gain access or otherwise deduce users' sensitive information, and perhaps profile vehicles based on numerous factors such as tracing their travels and the identification of their home/work locations. In order to protect the system from malicious or compromised entities, as well as to preserve user privacy, the goal is to achieve communication security, i.e., keep users' identities hidden from both the outside world and the security infrastructure and service providers. Being held accountable while still maintaining one's privacy is a difficult balancing act. This thesis explores novel solution paths to the above challenges by investigating the impact of low-density messaging to improve the security of vehicle communications and accomplish unlinkability in VANETs. This is achieved by proposing an improved chaff-based CMIX protocol that uses fake messages to increase density to mitigate tracking in this scenario. Recently, Christian \etall \cite{vaas2018nowhere} proposed a Chaff-based CMIX scheme that sends fake messages under the presumption low-density conditions to enhance vehicle privacy and confuse attackers. To accomplish full unlinkability, we first show the following security and privacy vulnerabilities in the Christian \etall scheme: linkability attacks outside the CMIX may occur due to deterministic data-sharing during the authentication phase (e.g., duplicate certificates for each communication). Adversaries may inject fake certificates, which breaks Cuckoo Filters' (CFs) updates authenticity, and the injection may be deniable. CMIX symmetric key leakage outside the coverage may occur. We propose a VPKI-based protocol to mitigate these issues. First, we use a modified version of Wang \etall's \cite{wang2019practical} scheme to provide mutual authentication without revealing the real identity. To this end, a vehicle's messages are signed with a different pseudo-identity “certificate”. Furthermore, the density is increased via the sending of fake messages during low traffic periods to provide unlinkability outside the mix-zone. Second, unlike Christian \etall's scheme, we use the Adaptive Cuckoo Filter (ACF) instead of CF to overcome the effects of false positives on the whole filter. Moreover, to prevent any alteration of the ACFs, only RUSs distribute the updates, and they sign the new fingerprints. Third, mutual authentication prevents any leakage from the mix zones' symmetric keys by generating a fresh one for each communication through a Diffie–Hellman key exchange. As a second main contribution of this thesis, we focus on the V2V communication without the interference of a Trusted Third Party (TTP)s in case this has been corrupted, destroyed, or is out of range. This thesis presents a new and efficient end-to-end anonymous key exchange protocol based on Yang \etall's \cite{yang2015self} self-blindable signatures. In our protocol, vehicles first privately blind their own private certificates for each communication outside the mix-zone and then compute an anonymous shared key based on zero-knowledge proof of knowledge (PoK). The efficiency comes from the fact that once the signatures are verified, the ephemeral values in the PoK are also used to compute a shared key through an authenticated Diffie-Hellman key exchange protocol. Therefore, the protocol does not require any further external information to generate a shared key. Our protocol also does not require interfacing with the Roadside Units or Certificate Authorities, and hence can be securely run outside the mixed-zones. We demonstrate the security of our protocol in ideal/real simulation paradigms. Hence, our protocol achieves secure authentication, forward unlinkability, and accountability. Furthermore, the performance analysis shows that our protocol is more efficient in terms of computational and communications overheads compared to existing schemes.Kuwait Cultural Offic

Identity, location and query privacy for smart devices

In this thesis, we have discussed three important aspects of users\u27 privacy namely, location privacy, identity privacy and query privacy. The information related to identity, location and query is very sensitive as it can reveal behavior patterns, interests, preferences and habits of the users. We have proposed several techniques in the thesis on how to better protect the identity, location and query privacy

Authentication enhancement in command and control networks: (a study in Vehicular Ad-Hoc Networks)

Intelligent transportation systems contribute to improved traffic safety by facilitating real time communication between vehicles. By using wireless channels for communication, vehicular networks are susceptible to a wide range of attacks, such as impersonation, modification, and replay. In this context, securing data exchange between intercommunicating terminals, e.g., vehicle-to-everything (V2X) communication, constitutes a technological challenge that needs to be addressed. Hence, message authentication is crucial to safeguard vehicular ad-hoc networks (VANETs) from malicious attacks. The current state-of-the-art for authentication in VANETs relies on conventional cryptographic primitives, introducing significant computation and communication overheads. In this challenging scenario, physical (PHY)-layer authentication has gained popularity, which involves leveraging the inherent characteristics of wireless channels and the hardware imperfections to discriminate between wireless devices. However, PHY-layerbased authentication cannot be an alternative to crypto-based methods as the initial legitimacy detection must be conducted using cryptographic methods to extract the communicating terminal secret features. Nevertheless, it can be a promising complementary solution for the reauthentication problem in VANETs, introducing what is known as “cross-layer authentication.” This thesis focuses on designing efficient cross-layer authentication schemes for VANETs, reducing the communication and computation overheads associated with transmitting and verifying a crypto-based signature for each transmission. The following provides an overview of the proposed methodologies employed in various contributions presented in this thesis. 1. The first cross-layer authentication scheme: A four-step process represents this approach: initial crypto-based authentication, shared key extraction, re-authentication via a PHY challenge-response algorithm, and adaptive adjustments based on channel conditions. Simulation results validate its efficacy, especially in low signal-to-noise ratio (SNR) scenarios while proving its resilience against active and passive attacks. 2. The second cross-layer authentication scheme: Leveraging the spatially and temporally correlated wireless channel features, this scheme extracts high entropy shared keys that can be used to create dynamic PHY-layer signatures for authentication. A 3-Dimensional (3D) scattering Doppler emulator is designed to investigate the scheme’s performance at different speeds of a moving vehicle and SNRs. Theoretical and hardware implementation analyses prove the scheme’s capability to support high detection probability for an acceptable false alarm value ≤ 0.1 at SNR ≥ 0 dB and speed ≤ 45 m/s. 3. The third proposal: Reconfigurable intelligent surfaces (RIS) integration for improved authentication: Focusing on enhancing PHY-layer re-authentication, this proposal explores integrating RIS technology to improve SNR directed at designated vehicles. Theoretical analysis and practical implementation of the proposed scheme are conducted using a 1-bit RIS, consisting of 64 × 64 reflective units. Experimental results show a significant improvement in the Pd, increasing from 0.82 to 0.96 at SNR = − 6 dB for multicarrier communications. 4. The fourth proposal: RIS-enhanced vehicular communication security: Tailored for challenging SNR in non-line-of-sight (NLoS) scenarios, this proposal optimises key extraction and defends against denial-of-service (DoS) attacks through selective signal strengthening. Hardware implementation studies prove its effectiveness, showcasing improved key extraction performance and resilience against potential threats. 5. The fifth cross-layer authentication scheme: Integrating PKI-based initial legitimacy detection and blockchain-based reconciliation techniques, this scheme ensures secure data exchange. Rigorous security analyses and performance evaluations using network simulators and computation metrics showcase its effectiveness, ensuring its resistance against common attacks and time efficiency in message verification. 6. The final proposal: Group key distribution: Employing smart contract-based blockchain technology alongside PKI-based authentication, this proposal distributes group session keys securely. Its lightweight symmetric key cryptography-based method maintains privacy in VANETs, validated via Ethereum’s main network (MainNet) and comprehensive computation and communication evaluations. The analysis shows that the proposed methods yield a noteworthy reduction, approximately ranging from 70% to 99%, in both computation and communication overheads, as compared to the conventional approaches. This reduction pertains to the verification and transmission of 1000 messages in total