A-VIP: Anonymous Verification and Inference of Positions in Vehicular Networks

MiniconferenceInternational audienceKnowledge of the location of vehicles and tracking of the routes they follow are a requirement for a number of applications, including e-tolling and liability attribution in case of accidents. However, public disclosure of the identity and position of drivers jeopardizes user privacy, and securing the tracking through asymmetric cryptography may have an exceedingly high computational cost. Additionally, there is currently no way an authority can verify the correctness of the position information provided by a potentially misbehaving car. In this paper, we address all of the issues above by introducing A-VIP, a lightweight framework for privacy preserving and tracking of vehicles. A-VIP leverages anonymous position beacons from vehicles, and the cooperation of nearby cars collecting and reporting the beacons they hear. Such information allows an authority to verify the locations announced by vehicles, or to infer the actual ones if needed. We assess the effectiveness of A-VIP through both realistic simulation and testbed implementation results, analyzing also its resilience to adversarial attacks

A lightweight and secure multilayer authentication scheme for wireless body area networks in healthcare system

Wireless body area networks (WBANs) have lately been combined with different healthcare equipment to monitor patients' health status and communicate information with their healthcare practitioners. Since healthcare data often contain personal and sensitive information, it is important that healthcare systems have a secure way for users to log in and access resources and services. The lack of security and presence of anonymous communication in WBANs can cause their operational failure. There are other systems in this area, but they are vulnerable to offline identity guessing attacks, impersonation attacks in sensor nodes, and spoofing attacks in hub node. Therefore, this study provides a secure approach that overcomes these issues while maintaining comparable efficiency in wireless sensor nodes and mobile phones. To conduct the proof of security, the proposed scheme uses the Scyther tool for formal analysis and the Canetti–Krawczyk (CK) model for informal analysis. Furthermore, the suggested technique outperforms the existing symmetric and asymmetric encryption-based schemes

Information management and security protection for internet of vehicles

Considering the huge number of vehicles on the roads, the Internet of Vehicles is envisioned to foster a variety of new applications ranging from road safety enhancement to mobile entertainment. These new applications all face critical challenges which are how to handle a large volume of data streams of various kinds and how the secure architecture enhances the security of the Internet of Vehicles systems. This dissertation proposes a comprehensive message routing solution to provide the fundamental support of information management for the Internet of Vehicles. The proposed approach delivers messages via a self-organized moving-zone-based architecture formed using pure vehicle-to-vehicle communication and integrates moving object modeling and indexing techniques to vehicle management. It can significantly reduce the communication overhead while providing higher delivery rates. To ensure the identity and location privacy of the vehicles on the Internet of Vehicles environment, a highly efficient randomized authentication protocol, RAU+ is proposed to leverage homomorphic encryption and enable individual vehicles to easily generate a new randomized identity for each newly established communication while each authentication server would not know their real identities. In this way, not any single party can track the user. To minimize the infrastructure reliance, this dissertation further proposes a secure and lightweight identity management mechanism in which vehicles only need to contact a central authority once to obtain a global identity. Vehicles take turns serving as the captain authentication unit in self-organized groups. The local identities are computed from the vehicle's global identity and do not reveal true identities. Extensive experiments are conducted under a variety of Internet of Vehicles environments. The experimental results demonstrate the practicality, effectiveness, and efficiency of the proposed protocols.Includes bibliographical references

Randomized and Efficient Authentication in Mobile Environments

In a mobile environment, a number of users act as a network nodes and communicate with one another to acquire location based information and services. This emerging paradigm has opened up new business opportunities and enables numerous applications such as road safety enhancement, service recommendations and mobile entertainment. A fundamental issue that impacts the success of these applications is the security and privacy concerns raised regarding the mobile users. In that, a malicious user or service provider can track the locations of a user traveled so that other malicious act can be carried out more effectively against the user. Therefore, the challenge becomes how to authenticate mobile users while preserving their actual identity and location privacy. In this work, we propose a novel randomized or privacy-preserving authentication protocol based on homomorphic encryption. The protocol allows individual users to self generate any number of authenticated identities to achieve full anonymity in mobile environment. The proposed protocol prevents users being tracked by any single party including peer users, service providers, authentication servers, and other infrastructure. Meanwhile, our protocol also provides traceability in case of any dispute. We have conducted experimental study which demonstrates the efficiency of our protocol. Another advantage of the proposed protocol is lightweight computation and storage requirement, particularly suitable for any mobile devices with limited computation power and storage space