Certificate Based Scheme and Expedite Message Authentication Protocol for Vehicular Ad Hoc Networks

VANET security is major issue for researcher. Thus Ad-Hoc Networks embrace the Public Key Infrastructure (PKI) and Certificate Revocation Lists (CRLs) for their security purpose. EMAP was presented to overcome the problem of the long delay incurred in checking the revocation status of a certificate using a CRL. From the experimental analysis it was observed that it is resistant to common attacks while performing the authentication techniques. Therefore, EMAP can significantly decrease the message-loss ratio due to message verification delay as compared to the conventional authentication methods employing CRL checking. Thus to further address these issues along with EMAP protocol, new EMAP method is presented called as CEMAP (certificate based EMAP) which is intended to overcome the authentication delay in message processing by reducing the complexity in Authentication process. CEMAP authentication protocol is constructed based on the combination of the new signature scheme and EMAP. The proposed algorithm reduces the delay by 10% than EMAP. DOI: 10.17762/ijritcc2321-8169.15023

Vehicular Internet: Security & Privacy Challenges and Opportunities

The vehicular internet will drive the future of vehicular technology and intelligent transportation systems (ITS). Whether it is road safety, infotainment, or driver-less cars, the vehicular internet will lay the foundation for the future of road travel. Governments and companies are pursuing driver-less vehicles as they are considered to be more reliable than humans and, therefore, safer. The vehicles today are not just a means of transportation but are also equipped with a wide range of sensors that provide valuable data. If vehicles are enabled to share data that they collect with other vehicles or authorities for decision-making and safer driving, they thereby form a vehicular network. However, there is a lot at stake in vehicular networks if they are compromised. With the stakes so high, it is imperative that the vehicular networks are secured and made resilient to any attack or attempt that may have serious consequences. The vehicular internet can also be the target of a cyber attack, which can be devastating. In this paper, the opportunities that the vehicular internet offers are presented and then various security and privacy aspects are discussed and some solutions are presented

Certificate status information distribution and validation in vehicular networks

Vehicular ad hoc networks (VANETs) are emerging as an functional technology for providing a wide range of applications to vehicles and passengers. Ensuring secure functioning is one of the prerequisites for deploying reliable VANETs. The basic solution envisioned to achieve these requirements is to use digital certificates linked to a user by a trusted third party. These certificates can then be used to sign information. Most of the existing solutions manage these certificates by means of a central Certification Authority (CA). According to IEEE 1609.2 standard, vehicular networks will rely on the public key infrastructure (PKI). In PKI, a CA issues an authentic digital certificate for each node in the network. Therefore, an efficient certificate management is crucial for the robust and reliable operation of any PKI. A critical part of any certificate-management scheme is the revocation of certificates. The distribution of certificate status information process, as well as the revocation process itself, is an open research problem for VANETs.In this thesis, firstly we analyze the revocation process itself and develop an accurate and rigorous model for certificate revocation. One of the key findings of our analysis is that the certificate revocation process is statistically self-similar. As none of the currently common formal models for revocation is able to capture the self-similar nature of real revocation data, we develop an ARFIMA model that recreates this pattern. We show that traditional mechanisms that aim to scale could benefit from this model to improve their updating strategies.Secondly, we analyze how to deploy a certificate status checking service for mobile networks and we propose a new criterion based on a risk metric to evaluate cached status data. With this metric, the PKI is able to code information about the revocation process in the standard certificate revocation lists. Thus, users can evaluate a risk function in order to estimate whether a certificate has been revoked while there is no connection to a status checking server. Moreover, we also propose a systematic methodology to build a fuzzy system that assists users in the decision making process related to certificate status checking.Thirdly, we propose two novel mechanisms for distributing and validating certificate status information (CSI) in VANET. This first mechanism is a collaborative certificate status checking mechanism based on the use based on an extended-CRL. The main advantage of this extended-CRL is that the road-side units and repository vehicles can build an efficient structure based on an authenticated hash tree to respond to status checking requests inside the VANET, saving time and bandwidth. The second mechanism aims to optimize the trade- off between the bandwidth necessary to download the CSI and the freshness of the CSI. This mechanism is based on the use of a hybrid delta-CRL scheme and Merkle hash trees, so that the risk of operating with unknown revoked certificates remains below a threshold during the validity interval of the base-CRL, and CAs have the ability to manage this risk by setting the size of the delta-CRLs. Finally, we also analyze the impact of the revocation service in the certificate prices. We model the behavior of the oligopoly of risk-averse certificate providers that issue digital certificates to clients facing iden- tical independent risks. We found the equilibrium in the Bertrand game. In this equilibrium, we proof that certificate providers that offer better revocation information are able to impose higher prices to their certificates without sacrificing market share in favor of the other oligarchs.Las redes vehiculares ad hoc (VANETs) se están convirtiendo en una tecnología funcional para proporcionar una amplia gama de aplicaciones para vehículos y pasajeros. Garantizar un funcionamiento seguro es uno de los requisitos para el despliegue de las VANETs. Sin seguridad, los usuarios podrían ser potencialmente vulnerables a la mala conducta de los servicios prestados por la VANET. La solución básica prevista para lograr estos requisitos es el uso de certificados digitales gestionados a través de una autoridad de certificación (CA). De acuerdo con la norma IEEE 1609.2, las redes vehiculares dependerán de la infraestructura de clave pública (PKI). Sin embargo, el proceso de distribución del estado de los certificados, así como el propio proceso de revocación, es un problema abierto para VANETs.En esta tesis, en primer lugar se analiza el proceso de revocación y se desarrolla un modelo preciso y riguroso que modela este proceso conluyendo que el proceso de revocación de certificados es estadísticamente auto-similar. Como ninguno de los modelos formales actuales para la revocación es capaz de capturar la naturaleza auto-similar de los datos de revocación, desarrollamos un modelo ARFIMA que recrea este patrón. Mostramos que ignorar la auto-similitud del proceso de revocación lleva a estrategias de emisión de datos de revocación ineficientes. El modelo propuesto permite generar trazas de revocación sintéticas con las cuales los esquemas de revocación actuales pueden ser mejorados mediante la definición de políticas de emisión de datos de revocación más precisas. En segundo lugar, se analiza la forma de implementar un mecanismo de emisión de datos de estado de los certificados para redes móviles y se propone un nuevo criterio basado en una medida del riesgo para evaluar los datos de revocación almacenados en la caché. Con esta medida, la PKI es capaz de codificar la información sobre el proceso de revocación en las listas de revocación. Así, los usuarios pueden estimar en función del riesgo si un certificado se ha revocado mientras no hay conexión a un servidor de control de estado. Por otra parte, también se propone una metodología sistemática para construir un sistema difuso que ayuda a los usuarios en el proceso de toma de decisiones relacionado con la comprobación de estado de certificados.En tercer lugar, se proponen dos nuevos mecanismos para la distribución y validación de datos de estado de certificados en VANETs. El primer mecanismo está basado en el uso en una extensión de las listas estandares de revocación. La principal ventaja de esta extensión es que las unidades al borde de la carretera y los vehículos repositorio pueden construir una estructura eficiente sobre la base de un árbol de hash autenticado para responder a las peticiones de estado de certificados. El segundo mecanismo tiene como objetivo optimizar el equilibrio entre el ancho de banda necesario para descargar los datos de revocación y la frescura de los mismos. Este mecanismo se basa en el uso de un esquema híbrido de árboles de Merkle y delta-CRLs, de modo que el riesgo de operar con certificados revocados desconocidos permanece por debajo de un umbral durante el intervalo de validez de la CRL base, y la CA tiene la capacidad de gestionar este riesgo mediante el ajuste del tamaño de las delta-CRL. Para cada uno de estos mecanismos, llevamos a cabo el análisis de la seguridad y la evaluación del desempeño para demostrar la seguridad y eficiencia de las acciones que se emprenden

Reliable Communications over Heterogeneous Wireless Networks

The recent years have seen an enormous advance in wireless communication technology and co-existence of various types of wireless networks, which requires effective inter-networking among the heterogeneous wireless networks in order to support user roaming over the networks while maintaining the connectivity. One of main challenges to achieve the connectivity over heterogeneous wireless networks is potential intermittent connections caused by user roaming. The issue is how to maintain the connection as the user roams and how to ensure service quality in the presence of a long disconnection period. In this dissertation, we apply the delay tolerant network (DTN) framework to heterogeneous terrestrial wireless networks, and propose a system architecture to achieve the connectivity in the presence of excessive long delays and intermittent paths. We study several possible approaches, discuss the applicability of each of the approaches and propose the super node architecture. To demonstrate the effectiveness of the proposed super node architecture, we give a simulation study that compares the system performance under the super node architecture and under the epidemic based architecture. Within the proposed architecture that employs the idea of super nodes, we further study how to effectively route a message over access networks. We present a new routing technique for mobile ad-hoc networks (MANETs) based on the DTN system architecture. We introduce the concept of virtual network topology and redefine the dominating-set based routing for the challenged network environment under consideration. In addition, we propose a time based methodology to predict the probability of future contacts between node pairs to construct the virtual network topology. We present a simulation study that demonstrates the effectiveness of the proposed routing approach as compared with the epidemic routing, and that the time based technique for predicting the future contacts gives better performance compared with that using the number of previous contacts. We further extend the dominating set routing technique through analyzing the underlying node mobility model. We shed some light on how using node mobility model can improve contact probability estimation. Based on our findings we propose a new algorithm that improves the routing performance by minimizing the selected dominating set size. Information security challenges in the super node architecture are introduced. We further address two main security challenges: The first is how to prevent unauthorized nodes from using the network resources, and the second is how to achieve end-to-end secure message exchange over the network. Our proposed solutions are based on asymmetric key cryptography techniques. Moreover, we introduce a new idea of separating the problem of source authentication from the problem of message authorization. We propose a new technique that employs the one-way key chain to use symmetric key cryptographic techniques to address the problems under consideration

A trust-driven privacy architecture for vehicular ad-hoc networks

Vehicular Ad-Hoc NETworks (VANETs) are an emerging technology which aims to improve road safety by preventing and reducing traffic accidents. While VANETs offer a great variety of promising applications, such as, safety-related and infotainment applications, they remain a number of security and privacy related research challenges that must be addressed. A common approach to security issues widely adopted in VANETs is the use of Public Key Infrastructures (PKI) and digital certificates in order to enable authentication, authorization and confidentiality. These approaches usually rely on a large set of regional Certification Authorities (CAs). Despite the advantages of PKI-based approaches, there are two main problems that arise, i) the secure interoperability among the different and usually unknown- issuing CAs, and ii) the sole use of PKI in a VANET environment cannot prevent privacy related attacks, such as, linking a vehicle with an identifier, tracking vehicles ¿big brother scenario" and user profiling. Additionally, since vehicles in VANETs will be able to store great amounts of information including private information, unauthorized access to such information should be carefully considered. This thesis addresses authentication and interoperability issues in vehicular communications, considering an inter-regional scenario where mutual authentication between nodes is needed. To provide interoperability between vehicles and services among different domains, an Inter-domain Authentication System (AS) is proposed. The AS supplies vehicles with a trusted set of authentication credentials by implementing a near real-time certificate status service. The proposed AS also implements a mechanism to quantitatively evaluate the trust level of a CA, in order to decide on-the-y if an interoperability relationship can be created. This research work also contributes with a Privacy Enhancing Model (PEM) to deal with important privacy issues in VANETs. The PEM consists of two PKI-based privacy protocols: i) the Attribute-Based Privacy (ABP) protocol, and ii) the Anonymous Information Retrieval (AIR) protocol. The ABP introduces Attribute-Based Credentials (ABC) to provide conditional anonymity and minimal information disclosure, which overcome with the privacy issues related to linkability (linking a vehicle with an identifier) and vehicle tracking (big brother scenario). The AIR protocol addresses user profiling when querying Service Providers (SPs), by relying in a user collaboration privacy protocol based on query forgery and permutation; and assuming that neither participant nodes nor SPs could be completely trusted. Finally, the Trust Validation Model (TVM) is proposed. The TVM supports decision making by evaluating entities trust based on context information, in order to provide i) access control to driver and vehicle's private information, and ii) public information trust validation