Cryptographic Schemes based on Elliptic Curve Pairings

This thesis introduces the concept of certificateless public key cryptography (CLPKC). Elliptic curve pairings are then used to make concrete CL-PKC schemes and are also used to make other efficient key agreement protocols. CL-PKC can be viewed as a model for the use of public key cryptography that is intermediate between traditional certificated PKC and ID-PKC. This is because, in contrast to traditional public key cryptographic systems, CL-PKC does not require the use of certificates to guarantee the authenticity of public keys. It does rely on the use of a trusted authority (TA) who is in possession of a master key. In this respect, CL-PKC is similar to identity-based public key cryptography (ID-PKC). On the other hand, CL-PKC does not suffer from the key escrow property that is inherent in ID-PKC. Applications for the new infrastructure are discussed. We exemplify how CL-PKC schemes can be constructed by constructing several certificateless public key encryption schemes and modifying other existing ID based schemes. The lack of certificates and the desire to prove the schemes secure in the presence of an adversary who has access to the master key or has the ability to replace public keys, requires the careful development of new security models. We prove that some of our schemes are secure, provided that the Bilinear Diffie-Hellman Problem is hard. We then examine Joux’s protocol, which is a one round, tripartite key agreement protocol that is more bandwidth-efficient than any previous three-party key agreement protocol, however, Joux’s protocol is insecure, suffering from a simple man-in-the-middle attack. We show how to make Joux’s protocol secure, presenting several tripartite, authenticated key agreement protocols that still require only one round of communication. The security properties of the new protocols are studied. Applications for the protocols are also discussed

Research on security and privacy in vehicular ad hoc networks

Los sistemas de redes ad hoc vehiculares (VANET) tienen como objetivo proporcionar una plataforma para diversas aplicaciones que pueden mejorar la seguridad vial, la eficiencia del tráfico, la asistencia a la conducción, la regulación del transporte, etc. o que pueden proveer de una mejor información y entretenimiento a los usuarios de los vehículos. Actualmente se está llevando a cabo un gran esfuerzo industrial y de investigación para desarrollar un mercado que se estima alcance en un futuro varios miles de millones de euros. Mientras que los enormes beneficios que se esperan de las comunicaciones vehiculares y el gran número de vehículos son los puntos fuertes de las VANET, su principal debilidad es la vulnerabilidad a los ataques contra la seguridad y la privacidad.En esta tesis proponemos cuatro protocolos para conseguir comunicaciones seguras entre vehículos. En nuestra primera propuesta empleamos a todas las unidades en carretera (RSU) para mantener y gestionar un grupo en tiempo real dentro de su rango de comunicación. Los vehículos que entren al grupo de forma anónima pueden emitir mensajes vehículo a vehículo (V2V) que inmediatamente pueden ser verificados por los vehículos del mismo grupo (y grupos de vecinos). Sin embargo, en la primera fase del despliegue de este sistema las RSU pueden no estar bien distribuídas. Consecuentemente, se propone un conjunto de mecanismos para hacer frente a la seguridad, privacidad y los requisitos de gestión de una VANET a gran escala sin la suposición de que las RSU estén densamente distribuidas. La tercera propuesta se centra principalmente en la compresión de las evidencias criptográficas que nos permitirán demostrar, por ejemplo, quien era el culpable en caso de accidente. Por último, investigamos los requisitos de seguridad de los sistemas basados en localización (LBS) sobre VANETs y proponemos un nuevo esquema para la preservación de la privacidad de la localización en estos sistemas sobre dichas redes.Vehicular ad hoc network (VANET) systems aim at providing a platform for various applications that can improve traffic safety and efficiency, driver assistance, transportation regulation, infotainment, etc. There is substantial research and industrial effort to develop this market. It is estimated that the market for vehicular communications will reach several billion euros. While the tremendous benefits expected from vehicular communications and the huge number of vehicles are strong points of VANETs, their weakness is vulnerability to attacks against security and privacy.In this thesis, we propose four protocols for secure vehicle communications. In our first proposal, we employ each road-side unit (RSU) to maintain and manage an on-the-fly group within its communication range. Vehicles entering the group can anonymously broadcast vehicle-to-vehicle (V2V) messages, which can be instantly verified by the vehicles in the same group (and neighbor groups). However, at the early stage of VANET deployment, the RSUs may not be well distributed. We then propose a set of mechanisms to address the security, privacy, and management requirements of a large-scale VANET without the assumption of densely distributed RSUs. The third proposal is mainly focused on compressing cryptographic witnesses in VANETs. Finally, we investigate the security requirements of LBS in VANETs and propose a new privacy-preserving LBS scheme for those networks

Protocols and Architecture for Privacy-preserving Authentication and Secure Message Dissemination in Vehicular Ad Hoc Networks

The rapid development in the automotive industry and wireless communication technologies have enhanced the popularity of Vehicular ad hoc networks (VANETs). Today, the automobile industry is developing sophisticated sensors that can provide a wide range of assistive features, including accident avoidance, automatic lane tracking, semi-autonomous driving, suggested lane changes, and more. VANETs can provide drivers a safer and more comfortable driving experience, as well as many other useful services by leveraging such technological advancements. Even though this networking technology enables smart and autonomous driving, it also introduces a plethora of attack vectors. However, the main issues to be sorted out and addressed for the widespread deployment/adoption of VANETs are privacy, authenticating users, and the distribution of secure messages. These issues have been addressed in this dissertation, and the contributions of this dissertation are summarized as follows: Secure and privacy-preserving authentication and message dissemination in VANETs: Attackers can compromise the messages disseminated within VANETs by tampering with the message content or sending malicious messages. Therefore, it is crucial to ensure the legitimacy of the vehicles participating in the VANETs as well as the integrity and authenticity of the messages transmitted in VANETs. In VANET communication, the vehicle uses pseudonyms instead of its real identity to protect its privacy. However, the real identity of a vehicle must be revealed when it is determined to be malicious. This dissertation presents a distributed and scalable privacy-preserving authentication and message dissemination scheme in VANET. Low overhead privacy-preserving authentication scheme in VANETs: The traditional pseudonym-based authentication scheme uses Certificate Revocation Lists (CRLs) to store the certificates of revoked and malicious entities in VANETs. However, the size of CRL increases significantly with the increased number of revoked entities. Therefore, the overhead involved in maintaining the revoked certificates is overwhelming in CRL-based solutions. This dissertation presents a lightweight privacy-preserving authentication scheme that reduces the overhead associated with maintaining CRLs in VANETs. Our scheme also provides an efficient look-up operation for CRLs. Efficient management of pseudonyms for privacy-preserving authentication in VANETs: In VANETs, vehicles change pseudonyms frequently to avoid the traceability of attackers. However, if only one vehicle out of 100 vehicles changes its pseudonym, an intruder can easily breach the privacy of the vehicle by linking the old and new pseudonym. This dissertation presents an efficient method for managing pseudonyms of vehicles. In our scheme, vehicles within the same region simultaneously change their pseudonyms to reduce the chance of linking two pseudonyms to the same vehicle

On the Application of Identity-Based Cryptography in Grid Security

This thesis examines the application of identity-based cryptography (IBC) in designing security infrastructures for grid applications. In this thesis, we propose a fully identity-based key infrastructure for grid (IKIG). Our proposal exploits some interesting properties of hierarchical identity-based cryptography (HIBC) to replicate security services provided by the grid security infrastructure (GSI) in the Globus Toolkit. The GSI is based on public key infrastructure (PKI) that supports standard X.509 certificates and proxy certificates. Since our proposal is certificate-free and has small key sizes, it offers a more lightweight approach to key management than the GSI. We also develop a one-pass delegation protocol that makes use of HIBC properties. This combination of lightweight key management and efficient delegation protocol has better scalability than the existing PKI-based approach to grid security. Despite the advantages that IKIG offers, key escrow remains an issue which may not be desirable for certain grid applications. Therefore, we present an alternative identity-based approach called dynamic key infrastructure for grid (DKIG). Our DKIG proposal combines both identity-based techniques and the conventional PKI approach. In this hybrid setting, each user publishes a fixed parameter set through a standard X.509 certificate. Although X.509 certificates are involved in DKIG, it is still more lightweight than the GSI as it enables the derivation of both long-term and proxy credentials on-the-fly based only on a fixed certificate. We also revisit the notion of secret public keys which was originally used as a cryptographic technique for designing secure password-based authenticated key establishment protocols. We introduce new password-based protocols using identity-based secret public keys. Our identity-based techniques can be integrated naturally with the standard TLS handshake protocol. We then discuss how this TLS-like identity-based secret public key protocol can be applied to securing interactions between users and credential storage systems, such as MyProxy, within grid environments

A patient agent controlled customized blockchain based framework for internet of things

Although Blockchain implementations have emerged as revolutionary technologies for various industrial applications including cryptocurrencies, they have not been widely deployed to store data streaming from sensors to remote servers in architectures known as Internet of Things. New Blockchain for the Internet of Things models promise secure solutions for eHealth, smart cities, and other applications. These models pave the way for continuous monitoring of patient’s physiological signs with wearable sensors to augment traditional medical practice without recourse to storing data with a trusted authority. However, existing Blockchain algorithms cannot accommodate the huge volumes, security, and privacy requirements of health data. In this thesis, our first contribution is an End-to-End secure eHealth architecture that introduces an intelligent Patient Centric Agent. The Patient Centric Agent executing on dedicated hardware manages the storage and access of streams of sensors generated health data, into a customized Blockchain and other less secure repositories. As IoT devices cannot host Blockchain technology due to their limited memory, power, and computational resources, the Patient Centric Agent coordinates and communicates with a private customized Blockchain on behalf of the wearable devices. While the adoption of a Patient Centric Agent offers solutions for addressing continuous monitoring of patients’ health, dealing with storage, data privacy and network security issues, the architecture is vulnerable to Denial of Services(DoS) and single point of failure attacks. To address this issue, we advance a second contribution; a decentralised eHealth system in which the Patient Centric Agent is replicated at three levels: Sensing Layer, NEAR Processing Layer and FAR Processing Layer. The functionalities of the Patient Centric Agent are customized to manage the tasks of the three levels. Simulations confirm protection of the architecture against DoS attacks. Few patients require all their health data to be stored in Blockchain repositories but instead need to select an appropriate storage medium for each chunk of data by matching their personal needs and preferences with features of candidate storage mediums. Motivated by this context, we advance third contribution; a recommendation model for health data storage that can accommodate patient preferences and make storage decisions rapidly, in real-time, even with streamed data. The mapping between health data features and characteristics of each repository is learned using machine learning. The Blockchain’s capacity to make transactions and store records without central oversight enables its application for IoT networks outside health such as underwater IoT networks where the unattended nature of the nodes threatens their security and privacy. However, underwater IoT differs from ground IoT as acoustics signals are the communication media leading to high propagation delays, high error rates exacerbated by turbulent water currents. Our fourth contribution is a customized Blockchain leveraged framework with the model of Patient-Centric Agent renamed as Smart Agent for securely monitoring underwater IoT. Finally, the smart Agent has been investigated in developing an IoT smart home or cities monitoring framework. The key algorithms underpinning to each contribution have been implemented and analysed using simulators.Doctor of Philosoph

Security Improvements for the Automatic Identification System

The Automatic Identification System (AIS) is used aboard the vast majority of sea-going vessels in the world as a collision avoidance tool. Currently, the AIS operates without any security features, which make it vulnerable to exploits such as spoofing, hijacking, and replay attacks by malicious parties. This paper examines the work that has been done so far to improve AIS security, as well as the approaches taken on similar problems in the aircraft and vehicular mobile ad-hoc network (MANET) industries. The first major contribution of this paper is the implementation of a Software Defined Radio (SDR) AIS transmitter and receiver which can be used to conduct vulnerability analysis and test the implementation of new security features. The second contribution is the design of a novel authentication protocol which overcomes the existing vulnerabilities in the AIS system. The proposed protocol uses time-delayed hash-chain key disclosures as part of a message authentication code (MAC) appended to automatic position reports to verify the authenticity of a user. This method requires only one additional time slot for broadcast authentication compared to the existing standard and is a significant reduction in message overhead requirements compared to alternative approaches that solely rely on public key infrastructure (PKI). Additionally, there is an embedded time stamp, a feature lacking in the existing system, which makes this protocol resistant to replay attacks. A test implementation of the proposed protocol indicates that it can be deployed as a link layer software update to existing AIS transceivers and can be deployed within the current AIS technical standards as an expanded message set

Secure and Privacy-Preserving Vehicular Communications

Road safety has been drawing increasing attention in the public, and has been subject to extensive efforts from both industry and academia in mitigating the impact of traffic accidents. Recent advances in wireless technology promise new approaches to facilitating road safety and traffic management, where each vehicle (or referred to as On-board unit (OBU)) is allowed to communicate with each other as well as with Roadside units (RSUs), which are located in some critical sections of the road, such as a traffic light, an intersection, and a stop sign. With the OBUs and RSUs, a self-organized network, called Vehicular Ad Hoc Network (VANET), can thus be formed. Unfortunately, VANETs have faced various security threats and privacy concerns, which would jeopardize the public safety and become the main barrier to the acceptance of such a new technology. Hence, addressing security and privacy issues is a prerequisite for a market-ready VANET. Although many studies have recently addressed a significant amount of efforts in solving the related problems, few of the studies has taken the scalability issues into consideration. When the traffic density is getting large, a vehicle may become unable to verify the authenticity of the messages sent by its neighbors in a timely manner, which may result in message loss so that public safety may be at risk. Communication overhead is another issue that has not been well addressed in previously reported studies. Many efforts have been made in recent years in achieving efficient broadcast source authentication and data integrity by using fast symmetric cryptography. However, the dynamic nature of VANETs makes it very challenging in the applicability of these symmetric cryptography-based protocols. In this research, we propose a novel Secure and Efficient RSU-aided Privacy Preservation Protocol, called SERP^3, in order to achieve efficient secure and privacy-preserving Inter-Vehicle Communications (IVCs). With the commitments of one-way key chains distributed to vehicles by RSUs, a vehicle can effectively authenticate any received message from vehicles nearby even in the presence of frequent change of its neighborship. Compared with previously reported public key infrastructure (PKI)-based packet authentication protocols for security and privacy, the proposed protocol not only retains the security and privacy preservation properties, but also has less packet loss ratio and lower communication overhead, especially when the road traffic is heavy. Therefore, the protocol solves the scalability and communication overhead issues, while maintaining acceptable packet latency. However, RSU may not exist in some situations, for example, in the early stage deployment phase of VANET, where unfortunately, SERP^3 is not suitable. Thus, we propose a complementary Efficient and Cooperative Message Validation Protocol, called ECMVP, where each vehicle probabilistically validates a certain percentage of its received messages based on its own computing capacity and then reports any invalid messages detected by it. Since the ultimate goal of designing VANET is to develop vehicle safety/non-safety related applications to improve road safety and facilitate traffic management, two vehicle applications are further proposed in the research to exploit the advantages of vehicular communications. First, a novel vehicle safety application for achieving a secure road traffic control system in VANETs is developed. The proposed application helps circumvent vehicles safely and securely through the areas in any abnormal situation, such as a car crash scene, while ensuring the security and privacy of the drivers from various threats. It not only enhances traveler safety but also minimizes capacity restrictions due to any unusual situation. Second, the dissertation investigates a novel mobile payment system for highway toll collection by way of vehicular communications, which addresses all the issues in the currently existing toll collection technologies

Secure data sharing in cloud computing: a comprehensive review

Cloud Computing is an emerging technology, which relies on sharing computing resources. Sharing of data in the group is not secure as the cloud provider cannot be trusted. The fundamental difficulties in distributed computing of cloud suppliers is Data Security, Sharing, Resource scheduling and Energy consumption. Key-Aggregate cryptosystem used to secure private/public data in the cloud. This key is consistent size aggregate for adaptable decisions of ciphertext in cloud storage. Virtual Machines (VMs) provisioning is effectively empowered the cloud suppliers to effectively use their accessible resources and get higher benefits. The most effective method to share information resources among the individuals from the group in distributed storage is secure, flexible and efficient. Any data stored in different cloud data centers are corrupted, recovery using regenerative coding. Security is provided many techniques like Forward security, backward security, Key-Aggregate cryptosystem, Encryption and Re-encryption etc. The energy is reduced using Energy-Efficient Virtual Machines Scheduling in Multi-Tenant Data Centers