Efficient blockchain-based group key distribution for secure authentication in VANETs

This paper proposes a group key distribution scheme using smart contract-based blockchain technology. The smart contract’s functions allow for securely distributing the group session key, following the initial legitimacy detection using public key infrastructure-based authentication. For message authentication, we propose a lightweight symmetric key cryptography-based group signature method, supporting the security and privacy requirements of vehicular ad hoc networks (VANETs). Our discussion examined the scheme’s robustness against typical adversarial attacks. To evaluate the gas costs associated with smart contract’s functions, we implemented it on the Ethereum main network. Finally, comprehensive analyses of computation and communication costs demonstrate the scheme’s effectiveness

Efficient key management protocols for mobile ad hoc networks

In this thesis, novel solutions are proposed for key management issues in mobile ad hoc networks. Presented Hierarchical Binary Tree (HBT) based model is distributed, self-organizing, scalable and does not employ online key distribution authority or group manager. Two different group authentication and group key establishment protocols are proposed for the users who form an ad hoc group with distributed trust model. Initially proposed protocols are based on public key cryptography and do not use specific algorithm. However, members can establish the keys faster with proposed customized hybrid scheme which combines elliptic curve cryptography, modular squaring operations and secret key encryption algorithm. Proposed HBT based model provides complete backward and forward security in case of modification in membership and it has comparable efficiency to the other HBT based schemes which employ real time key distribution authority. Mutual authentication and link encryption can be achieved in wireless sensor network only with public key cryptography if there are no pre-distributed keys. However, constraints in resources make fully public key operations not affordable on sensor. Three different authenticated key establishment protocols are proposed with an objective of being respectful to constraints. Sensor needs to make only modular or cyclic convolution multiplications, and expensive public key decryption operation is executed at the data processing station side. Schemes require small size of code and achieve the least sensor processing time in comparison with fully public key cryptography based protocols

Efficient key management in wireless sensor network security

Wireless sensor network is a multi-hop ad hoc network formed by a large number of low-cost micro-sensor nodes which communicate through radio channels. It is widely used in many areas in modern society and attracts a lot of attention from researchers. This research is on wireless sensor network security and it focuses on key management in hierarchical wireless sensor networks. Through literature review, the drawback and weakness of existing key management schemes are analyzed from various aspects including key establishment, key distribution, key update, authentication and node operation mechanism. Assessment criteria for key management scheme are proposed under different requirements and constraints of wireless sensor networks. The security criteria cover keying model, key distribution, key update, node operation and resilience. For cluster based hierarchical wireless sensor networks, an assistant node is introduced in a cluster to deal with the situation of cluster head compromise and to keep the member nodes securely staying in the network. With introduction of assistant nodes, a complete secure efficient hierarchical key management scheme (SEHKM) for wireless sensor network is proposed. The scheme supports three types of keys and the big improvement over existing key management schemes is on group key update, which is based on pseudo-random numbers and group Diffie-Hellman. The analysis and evaluation have shown that that SEHKM offers strong security with efficient operation from energy consumption point of view

Scalable and Efficient Key Agreement Protocols for Secure Multicast Communication in MANETs

In this paper protocols for group key distribution are compared and evaluated from the point of view of Mobile Ad Hoc Networks (MANETs). A MANET is a collection of wireless mobile nodes, communicating among themselves over possibly multihop paths, without the help of any infrastructure such as base stations or access points. So the need to render those networks as autonomous and secure as possible, since no central authorization can be assumed at all times, becomes emergent. Key management is the service that ensures the security of communication among nodes, and the capability of their cooperation as a secure group. It consists of three important services: key generation, user authentication and key distribution. In this work we assume that the participating users have already been authenticated with some mechanism, and we are focused only on studying and comparing protocols for group key establishment in MANETs. We distinguish the protocols in two families, the contributory and non-contributory and we evaluate them from the point of view of MANETs

Privacy in VANET using Shared Key Management

Abstract: Vehicular Ad-Hoc Networks (VANET) are very likely to be emerged in the coming years. The main objective of this paper is to provide privacy in VANET using shared distributed key management. In shared key management, a short group signature scheme is used to facilitate the revocation of malicious vehicles and heterogeneous security policies. In this framework, road side unit (RSU) acts as the key distributor. A new problem encountered is that a RSU may misbehave. A secure key distribution protocol is used to detect such misbehaved RSUs. The protocol guarantees the traceability of compromised RSUs and malicious vehicles. Moreover, the issue of large computation overhead is also addressed in this paper. A group authentication protocol is proposed to mitigate the communication and computation overhead that occur while using the group signature scheme. Here only a small number of vehicles participate in verification process. Keywords: VANET, privacy, shared key management, Road side units, ad-hoc networks I INTRODUCTION VANET is a form of ad-hoc network that enables communications between nearby vehicles (V2V communications) and the road-side infrastructure (V2I communications).In other words , VANET is a special kind of mobile ad-hoc networks where wireless equipped vehicles form a network. VANET research came into existence with the Fleet-Net project in mid 2001. The main aim of that was to develop a communication platform for inter-vehicle communication. Privacy is an important issue in VANETS II BACKGROUND KNOWLEDGE A VANET is a form of MANET which provides communication between vehicles and between vehicles and road-side base stations. A vehicle in VANET is considered to be an intelligent mobile node capable of communicating with its neighbors and other vehicles in the network. VANET is mainly designed to provide safety related information, traffic management, and infotainment services. Privacy and security are the two important issues in VANET. Without security, a Vehicular Ad Hoc Network (VANET) system is wide open to a number of attacks such as propagation of false warning messages as well as suppression of actual warning messages, thereby causing accidents. Another form of attack in VANET is tracking. This makes security and privacy a factor of major concern in building such networks. There have been several proposals for privacy preservation of VANETs. Some of them are using pseudonyms, silent period [4], mix-zones [3] etc. Each vehicle in a mix zone will keep silent in transmission, and randomly update its pseudonyms when it travels out of the mix zone and becomes reactivated. Given a reasonable large mix zone, the location privacy can be well protected due to the untraceability of location and pseudonym updating in the silent period. In the AMOEBA [5], vehicles form groups. The messages of all group members are forwarded by the group leader, which implies that the privacy of group members is protected by sacrificing the privacy of group leader. Moreover, if a malicious vehicle is selected as a group leader, all group members' privacy may be leaked by the malicious leader. While the pure pseudonym schemes do not support the secure functionality of authentication, integrity, and nonrepudiation, an anonymous signing protocol [1] is proposed to provide such functions as well as privacy. In the protocol, each vehicle preloads a large number of certificated anonymou

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

ID-Based Key Agreement for WANETs

2013 - 2014The increasing interest about wireless ad hoc networks (WANETs) is due to some key features not owned by traditional networks such as nodes mobility, network self-organization and the ability to rely on infrastructure-less setup. WANETs can be used in many application scenarios such as health care, environmental monitoring, military and many others commercial applications. Unfortunately, the open nature of the communication channel exposes WANETs to a great number of security threats (e.g. jamming, eavesdropping, node replication, unfairness, wormhole, packet injection). The security of WANETs hinges on node authentication, which by mean of Cryptography can be obtained through key distribution mechanisms. Moreover, WANET applications often require the establishment of session keys, that will be used for encryption, message authentication and others cryptographic purposes. In this thesis we present a cryptographic framework for WANETs, named JIKA (Java framework for ID-based key agreement) which simulates a key generation center (KGC) and offers an ID-based key distribution service for signature schemes and key agreement protocols. Moreover, JIKA makes use of elliptic curve cryptography (ECC) which allows fast computations, small key size and short signatures of messages. It includes two new ID-based signature schemes (IBS-1 and IBS-2) which get shorter signatures, an ID-based two-party key agreement protocol (eFG) and two new group key agreement protocols (GKA v1 and GKA v2). GKA protocols are full-contributory and offer implicit key authentication through the ID-based signature schemes described above, at the cost of just two rounds... [edited by Author]XIII n.s

Gestão segura de rotas numa VANET

Mestrado em Engenharia de Computadores e TelemáticaVehicular ad hoc networks (VANETs) are a specific case of ad hoc networks where nodes are vehicles. VANETs have being emerging in the last few years and are likely to play a major role in the future for a wide number of applications. Routing is essential for any ad hoc network, thus security strategies for protecting VANETs’ routing must be considered essential. In this thesis we present: (1) TROPHY (Trustworthy VANET ROuting with grouP autHentication keYs), a set of protocols to authenticate routing messages in a VANET, under highly restrictive time conditions, capable of protecting the distributed routing information; (2) loop (loop over orderly phases), an interactive simulator for testing and validating TROPHY along with a prototype of KDC (Key Distribution Center). Authorized nodes recursively receive new messages that allow them to refresh their cryptographic material and keep the authentication keys updated across the network. These messages are built in a way that any node pinpointed as lost or physically compromised will not be able to perform the refreshment using them, and so, is excluded from the routing process. Due to the use of a KDC, a central entity, where all the cryptographic material is stored, we included a mechanism to recover from any unauthorised physical access and disclosure of all that material at once, without requiring the need of human intervention on devices’ re-setup.As redes veiculares (VANETs) são um caso específico de redes ad hoc onde os nós são veículos. VANETs têm vindo a surgir nos últimos anos e é expectável que venham a desempenhar um papel importante no futuro para um grande número de aplicações. O roteamento é essencial para qualquer rede ad hoc, consequentemente, as estratégias de segurança para proteger o roteamento das VANETs devem ser consideradas essenciais. Nesta tese apresentamos: (1) TROPHY (Trustworthy VANET ROuting with grouP autHentication keYs), um conjunto de protocolos para autenticar mensagens de roteamento numa VANET, capaz de proteger as informações de roteamento distribuídas em condições de tempo altamente restritas; (2) loop (loop over orderly phases), um simulador interativo para testar e validar TROPHY juntamente com um protótipo de um KDC (Key Distribution Center). Os nós autorizados recebem recursivamente novas mensagens que lhes permitem atualizar o seu material criptográfico e manter as chaves de autenticação atualizadas na rede. Essas mensagens são construídas da forma a que qualquer nó que seja identificado como perdido ou fisicamente comprometido não seja capaz de executar a atualização, ficando assim excluído do processo de roteamento. Devido ao uso do KDC, uma entidade central, onde todo o material criptográfico é armazenado, incluímos um mecanismo para recuperar de qualquer acesso físico não autorizado e divulgação de todo esse material de uma só vez, sem exigir a intervenção humana na configuração dos dispositivos