On the Security of the Automatic Dependent Surveillance-Broadcast Protocol

Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next generation air transportation systems. As the heart of modern air traffic control, it will play an essential role in the protection of two billion passengers per year, besides being crucial to many other interest groups in aviation. The inherent lack of security measures in the ADS-B protocol has long been a topic in both the aviation circles and in the academic community. Due to recently published proof-of-concept attacks, the topic is becoming ever more pressing, especially with the deadline for mandatory implementation in most airspaces fast approaching. This survey first summarizes the attacks and problems that have been reported in relation to ADS-B security. Thereafter, it surveys both the theoretical and practical efforts which have been previously conducted concerning these issues, including possible countermeasures. In addition, the survey seeks to go beyond the current state of the art and gives a detailed assessment of security measures which have been developed more generally for related wireless networks such as sensor networks and vehicular ad hoc networks, including a taxonomy of all considered approaches.Comment: Survey, 22 Pages, 21 Figure

Information management and security protection for internet of vehicles

Considering the huge number of vehicles on the roads, the Internet of Vehicles is envisioned to foster a variety of new applications ranging from road safety enhancement to mobile entertainment. These new applications all face critical challenges which are how to handle a large volume of data streams of various kinds and how the secure architecture enhances the security of the Internet of Vehicles systems. This dissertation proposes a comprehensive message routing solution to provide the fundamental support of information management for the Internet of Vehicles. The proposed approach delivers messages via a self-organized moving-zone-based architecture formed using pure vehicle-to-vehicle communication and integrates moving object modeling and indexing techniques to vehicle management. It can significantly reduce the communication overhead while providing higher delivery rates. To ensure the identity and location privacy of the vehicles on the Internet of Vehicles environment, a highly efficient randomized authentication protocol, RAU+ is proposed to leverage homomorphic encryption and enable individual vehicles to easily generate a new randomized identity for each newly established communication while each authentication server would not know their real identities. In this way, not any single party can track the user. To minimize the infrastructure reliance, this dissertation further proposes a secure and lightweight identity management mechanism in which vehicles only need to contact a central authority once to obtain a global identity. Vehicles take turns serving as the captain authentication unit in self-organized groups. The local identities are computed from the vehicle's global identity and do not reveal true identities. Extensive experiments are conducted under a variety of Internet of Vehicles environments. The experimental results demonstrate the practicality, effectiveness, and efficiency of the proposed protocols.Includes bibliographical references

RHyTHM: A Randomized Hybrid Scheme To Hide in the Mobile Crowd

Any on-demand pseudonym acquisition strategy is problematic should the connectivity to the credential management infrastructure be intermittent. If a vehicle runs out of pseudonyms with no connectivity to refill its pseudonym pool, one solution is the on-the-fly generation of pseudonyms, e.g., leveraging anonymous authentication. However, such a vehicle would stand out in the crowd: one can simply distinguish pseudonyms, thus signed messages, based on the pseudonym issuer signature, link them and track the vehicle. To address this challenge, we propose a randomized hybrid scheme, RHyTHM, to enable vehicles to remain operational when disconnected without compromising privacy: vehicles with valid pseudonyms help others to enhance their privacy by randomly joining them in using on-the-fly self-certified pseudonyms along with aligned lifetimes. This way, the privacy of disconnected users is enhanced with a reasonable computational overhead.Comment: 4 pages, 4 figures, IEEE Vehicular Networking Conference (VNC), November 27-29, 2017, Torino, Ital

Optimization of vehicular networks in smart cities: from agile optimization to learnheuristics and simheuristics

Vehicular ad hoc networks (VANETs) are a fundamental component of intelligent transportation systems in smart cities. With the support of open and real-time data, these networks of inter-connected vehicles constitute an ‘Internet of vehicles’ with the potential to significantly enhance citizens’ mobility and last-mile delivery in urban, peri-urban, and metropolitan areas. However, the proper coordination and logistics of VANETs raise a number of optimization challenges that need to be solved. After reviewing the state of the art on the concepts of VANET optimization and open data in smart cities, this paper discusses some of the most relevant optimization challenges in this area. Since most of the optimization problems are related to the need for real-time solutions or to the consideration of uncertainty and dynamic environments, the paper also discusses how some VANET challenges can be addressed with the use of agile optimization algorithms and the combination of metaheuristics with simulation and machine learning methods. The paper also offers a numerical analysis that measures the impact of using these optimization techniques in some related problems. Our numerical analysis, based on real data from Open Data Barcelona, demonstrates that the constructive heuristic outperforms the random scenario in the CDP combined with vehicular networks, resulting in maximizing the minimum distance between facilities while meeting capacity requirements with the fewest facilities.Peer ReviewedPostprint (published version

Deep Learning-Based Intrusion Detection Methods for Computer Networks and Privacy-Preserving Authentication Method for Vehicular Ad Hoc Networks

The incidence of computer network intrusions has significantly increased over the last decade, partially attributed to a thriving underground cyber-crime economy and the widespread availability of advanced tools for launching such attacks. To counter these attacks, researchers in both academia and industry have turned to machine learning (ML) techniques to develop Intrusion Detection Systems (IDSes) for computer networks. However, many of the datasets use to train ML classifiers for detecting intrusions are not balanced, with some classes having fewer samples than others. This can result in ML classifiers producing suboptimal results. In this dissertation, we address this issue and present better ML based solutions for intrusion detection. Our contributions in this direction can be summarized as follows: Balancing Data Using Synthetic Data to detect intrusions in Computer Networks: In the past, researchers addressed the issue of imbalanced data in datasets by using over-sampling and under-sampling techniques. In this study, we go beyond such traditional methods and utilize a synthetic data generation method called Con- ditional Generative Adversarial Network (CTGAN) to balance the datasets and in- vestigate its impact on the performance of widely used ML classifiers. To the best of our knowledge, no one else has used CTGAN to generate synthetic samples for balancing intrusion detection datasets. We use two widely used publicly available datasets and conduct extensive experiments and show that ML classifiers trained on these datasets balanced with synthetic samples generated by CTGAN have higher prediction accuracy and Matthew Correlation Coefficient (MCC) scores than those trained on imbalanced datasets by 8% and 13%, respectively. Deep Learning approach for intrusion detection using focal loss function: To overcome the data imbalance problem for intrusion detection, we leverage the specialized loss function, called focal loss, that automatically down-weighs easy ex- amples and focuses on the hard negatives by facilitating dynamically scaled-gradient updates for training ML models effectively. We implement our approach using two well-known Deep Learning (DL) neural network architectures. Compared to training DL models using cross-entropy loss function, our approach (training DL models using focal loss function) improved accuracy, precision, F1 score, and MCC score by 24%, 39%, 39%, and 60% respectively. Efficient Deep Learning approach to detect Intrusions using Few-shot Learning: To address the issue of imbalance the datasets and develop a highly effective IDS, we utilize the concept of few-shot learning. We present a Few-Shot and Self-Supervised learning framework, called FS3, for detecting intrusions in IoT networks. FS3 works in three phases. Our approach involves first pretraining an encoder on a large-scale external dataset in a selfsupervised manner. We then employ few-shot learning (FSL), which seeks to replicate the encoder’s ability to learn new patterns from only a few training examples. During the encoder training us- ing a small number of samples, we train them contrastively, utilizing the triplet loss function. The third phase introduces a novel K-Nearest neighbor algorithm that sub- samples the majority class instances to further reduce imbalance and improve overall performance. Our proposed framework FS3, utilizing only 20% of labeled data, out- performs fully supervised state-of-the-art models by up to 42.39% and 43.95% with respect to the metrics precision and F1 score, respectively. The rapid evolution of the automotive industry and advancements in wireless com- munication technologies will result in the widespread deployment of Vehicular ad hoc networks (VANETs). However, despite the network’s potential to enable intelligent and autonomous driving, it also introduces various attack vectors that can jeopardize its security. In this dissertation, we present efficient privacy-preserving authenticated message dissemination scheme in VANETs. Conditional Privacy-preserving Authentication and Message Dissemination Scheme using Timestamp based Pseudonyms: To authenticate a message sent by a vehicle using its pseudonym, a certificate of the pseudonym signed by the central authority is generally utilized. If a vehicle is found to be malicious, certificates associated with all the pseudonyms assigned to it must be revoked. Certificate revocation lists (CRLs) should be shared with all entities that will be corresponding with the vehicle. As each vehicle has a large pool of pseudonyms allocated to it, the CRL can quickly grow in size as the number of revoked vehicles increases. This results in high storage overheads for storing the CRL, and significant authentication overheads as the receivers must check their CRL for each message received to verify its pseudonym. To address this issue, we present a timestamp-based pseudonym allocation scheme that reduces the storage overhead and authentication overhead by streamlining the CRL management process

SECURITY, PRIVACY AND APPLICATIONS IN VEHICULAR AD HOC NETWORKS

With wireless vehicular communications, Vehicular Ad Hoc Networks (VANETs) enable numerous applications to enhance traffic safety, traffic efficiency, and driving experience. However, VANETs also impose severe security and privacy challenges which need to be thoroughly investigated. In this dissertation, we enhance the security, privacy, and applications of VANETs, by 1) designing application-driven security and privacy solutions for VANETs, and 2) designing appealing VANET applications with proper security and privacy assurance. First, the security and privacy challenges of VANETs with most application significance are identified and thoroughly investigated. With both theoretical novelty and realistic considerations, these security and privacy schemes are especially appealing to VANETs. Specifically, multi-hop communications in VANETs suffer from packet dropping, packet tampering, and communication failures which have not been satisfyingly tackled in literature. Thus, a lightweight reliable and faithful data packet relaying framework (LEAPER) is proposed to ensure reliable and trustworthy multi-hop communications by enhancing the cooperation of neighboring nodes. Message verification, including both content and signature verification, generally is computation-extensive and incurs severe scalability issues to each node. The resource-aware message verification (RAMV) scheme is proposed to ensure resource-aware, secure, and application-friendly message verification in VANETs. On the other hand, to make VANETs acceptable to the privacy-sensitive users, the identity and location privacy of each node should be properly protected. To this end, a joint privacy and reputation assurance (JPRA) scheme is proposed to synergistically support privacy protection and reputation management by reconciling their inherent conflicting requirements. Besides, the privacy implications of short-time certificates are thoroughly investigated in a short-time certificates-based privacy protection (STCP2) scheme, to make privacy protection in VANETs feasible with short-time certificates. Secondly, three novel solutions, namely VANET-based ambient ad dissemination (VAAD), general-purpose automatic survey (GPAS), and VehicleView, are proposed to support the appealing value-added applications based on VANETs. These solutions all follow practical application models, and an incentive-centered architecture is proposed for each solution to balance the conflicting requirements of the involved entities. Besides, the critical security and privacy challenges of these applications are investigated and addressed with novel solutions. Thus, with proper security and privacy assurance, these solutions show great application significance and economic potentials to VANETs. Thus, by enhancing the security, privacy, and applications of VANETs, this dissertation fills the gap between the existing theoretic research and the realistic implementation of VANETs, facilitating the realistic deployment of VANETs

Mobile Ad-Hoc Networks

Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: vehicular ad-hoc networks, security and caching, TCP in ad-hoc networks and emerging applications. It is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks