On the Security of the Automatic Dependent Surveillance-Broadcast Protocol

Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next generation air transportation systems. As the heart of modern air traffic control, it will play an essential role in the protection of two billion passengers per year, besides being crucial to many other interest groups in aviation. The inherent lack of security measures in the ADS-B protocol has long been a topic in both the aviation circles and in the academic community. Due to recently published proof-of-concept attacks, the topic is becoming ever more pressing, especially with the deadline for mandatory implementation in most airspaces fast approaching. This survey first summarizes the attacks and problems that have been reported in relation to ADS-B security. Thereafter, it surveys both the theoretical and practical efforts which have been previously conducted concerning these issues, including possible countermeasures. In addition, the survey seeks to go beyond the current state of the art and gives a detailed assessment of security measures which have been developed more generally for related wireless networks such as sensor networks and vehicular ad hoc networks, including a taxonomy of all considered approaches.Comment: Survey, 22 Pages, 21 Figure

Formal Analysis of V2X Revocation Protocols

Research on vehicular networking (V2X) security has produced a range of security mechanisms and protocols tailored for this domain, addressing both security and privacy. Typically, the security analysis of these proposals has largely been informal. However, formal analysis can be used to expose flaws and ultimately provide a higher level of assurance in the protocols. This paper focusses on the formal analysis of a particular element of security mechanisms for V2X found in many proposals: the revocation of malicious or misbehaving vehicles from the V2X system by invalidating their credentials. This revocation needs to be performed in an unlinkable way for vehicle privacy even in the context of vehicles regularly changing their pseudonyms. The REWIRE scheme by Forster et al. and its subschemes BASIC and RTOKEN aim to solve this challenge by means of cryptographic solutions and trusted hardware. Formal analysis using the TAMARIN prover identifies two flaws with some of the functional correctness and authentication properties in these schemes. We then propose Obscure Token (OTOKEN), an extension of REWIRE to enable revocation in a privacy preserving manner. Our approach addresses the functional and authentication properties by introducing an additional key-pair, which offers a stronger and verifiable guarantee of successful revocation of vehicles without resolving the long-term identity. Moreover OTOKEN is the first V2X revocation protocol to be co-designed with a formal model.Comment: 16 pages, 4 figure

The Meeting of Acquaintances: A Cost-efficient Authentication Scheme for Light-weight Objects with Transient Trust Level and Plurality Approach

Wireless sensor networks consist of a large number of distributed sensor nodes so that potential risks are becoming more and more unpredictable. The new entrants pose the potential risks when they move into the secure zone. To build a door wall that provides safe and secured for the system, many recent research works applied the initial authentication process. However, the majority of the previous articles only focused on the Central Authority (CA) since this leads to an increase in the computation cost and energy consumption for the specific cases on the Internet of Things (IoT). Hence, in this article, we will lessen the importance of these third parties through proposing an enhanced authentication mechanism that includes key management and evaluation based on the past interactions to assist the objects joining a secured area without any nearby CA. We refer to a mobility dataset from CRAWDAD collected at the University Politehnica of Bucharest and rebuild into a new random dataset larger than the old one. The new one is an input for a simulated authenticating algorithm to observe the communication cost and resource usage of devices. Our proposal helps the authenticating flexible, being strict with unknown devices into the secured zone. The threshold of maximum friends can modify based on the optimization of the symmetric-key algorithm to diminish communication costs (our experimental results compare to previous schemes less than 2000 bits) and raise flexibility in resource-constrained environments.Comment: 27 page

Security models in Vehicular ad-hoc networks: a survey

The security and privacy issues of vehicular ad-hoc networks (VANETs) must be addressed before they are implemented. For this purpose, several academic and industrial proposals have been developed. Given that several of them are intended to co-exist, it is necessary that they consider compatible security models. This paper presents a survey on the underlying security models of 41 recent proposals. Four key aspects in VANET security are studied, namely trust on vehicles, trust on infrastructure entities, existence of trusted third parties and attacker features. Based on the survey analysis, a basic mechanism to compare VANET security models is also proposed, thus highlighting their similarities and differences.This work is partially founded by Ministerio de Ciencia e Innovacion of Spain under grant TIN2009-13461 (project E-SAVE).Publicad

On Board unit based authentication for V2V communication in VANET

The recent developments in wireless communication technologies along with the plummeting costs of hardware allow both V2V and V2I communications for information exchange. Such a network is called Vehicular ad Hoc Network (VANET) which is very important for various road safety and non-safety related applications. However, Due to the wireless nature of communication in VANETs, it is also prone to various security attacks which are originally present in wireless networks. Hence to realize the highest potential of VANET, the network should be free from attackers, there by all the information exchanged in the network must be reliable i.e. should be originated from authenticated source. However, authentication of vehicles using a PKI based architecture which is mostly based on V2I communication and solely depends on Road side Units, might fail in case of absence of proper infrastructure. Moreover PKI based solutions incur more communication overhead due to repeated connections with the Trusted Authority every time you want to authenticate a vehicle. Hence, this thesis work gives an OBU based authentication mechanism which allows the vehicle to authenticate each other for V2V communication when there is lack of proper infrastructure. Here each vehicle is capable of generating a pair of self-certified public/private key pair which can be verified by any other vehicle using a predefined secret key given by Trusted Authority. The grouping concept used in order to lower the communication overheads. The Vehicle in close proximity of each other form a group. A vehicle can obtain the group key by authenticating itself to the group leader. Our proposed scheme also preserves the privacy of the vehicle but can reveal the identity in liability issues. The security analysis of the proposed scheme shows that it can indeed operate with limited support of infrastructure and can become a fully self-organized system

Vehicle Authentication in Vehicular Ad-hoc Network using RSU Based Approach

Vehicular Ad Hoc Network (VANET) is a pervasive network where vehicles communicate with nearby vehicles and infrastructure nodes, such as Road-side unit (RSU). VANET is the subclass of Mobile Ad Hoc Network (MANET) in which nodes move randomly and are connected wirelessly. Information sharing among vehicles is an essential component of an intelligent traffic system (ITS), but security and privacy concerns must be taken into consideration. Security of the network can be improved by granting access only to authenticated vehicles. This research proposes an RSU based approach to authenticate vehicles and notify vehicles about unauthorized messages/vehicles. It helps in preventing other vehicles in the network from being influenced by the malicious vehicle. In this approach, Blockchain has been used to securely maintain the identity of all vehicles in the network. The use of this RSU based approach helps to reduce the computational overhead on the On-board unit (OBU) of individual vehicles and reduces the processing delay

A Computational Analysis of ECC Based Novel Authentication Scheme in VANET

A recent development in the adhoc network is a vehicular network called VANET (Vehicular Adhoc Network). Intelligent Transportation System is the Intelligent application of VANET. Due to open nature of VANET attacker can launch various kind of attack. As VANET messages are deal with very crucial information’s which may save the life of passengers by avoiding accidents, save the time of people on a trip, exchange of secret information etc., because of this security is must be in the VANET. To ensure the highest level of security the network should be free from attackers, there by all information pass among nodes in the network must be reliable i.e. should be originated by an authenticated node. Authentication is the first line of security in VANET; it avoids nonregistered vehicle in the network. Previous research come up with some Cryptographic, Trust based, Id based, Group signature based authentication schemes. A speed of authentication and privacy preservation is important parameters in VANET authentication. This paper addresses the computational analysis of authentication schemes based on ECC. We started analysis from comparing plain ECC with our proposed AECC (Adaptive Elliptic Curve Cryptography) and EECC (Enhanced Elliptic Curve Cryptography). The result of analysis shows proposed schemes improve speed and security of authentication. In AECC key size is adaptive i.e. different sizes of keys are generated during key generation phase. Three ranges are specified for key sizes small, large and medium. In EECC we added an extra parameter during transmission of information from the vehicle to RSU for key generation. Schemes of authentications are evaluated by comparative analysis of time required for authentication and key breaking possibilities of keys used in authentication