Wireless Location Verification and Acquisition Using Machine Learning

Traditional wireless location verification (authentication) is only feasible under the assumption that radio propagation is described by simple time-independent mathematical models. A similar situation applies to location acquisition, albeit to a lesser extent. However, in real-world situations, channel conditions are rarely well-described by simple mathematical models. In this thesis, novel location verification and acquisition techniques that integrate machine learning algorithms into the decision process are designed, analysed, and tested. Through the use of both simulated and experimental data, it is shown how the novel solutions developed remain operational in unknown time-varying channel conditions, thus making them superior to existing solutions, and more importantly, deployable in real-world scenarios. Location verification will be of growing importance for a host of emerging wireless applications in which location information plays a pivotal role. The location verification solutions offered in this thesis are the first to be tested against experimental data and the first to invoke machine learning algorithms. As such, they likely form the foundation for all future verification algorithms

Design of an adaptive congestion control protocol for reliable vehicle safety communication

[no abstract

Location Privacy in VANETs: Improved Chaff-Based CMIX and Privacy-Preserving End-to-End Communication

VANETs communication systems are technologies and defined policies that can be formed to enable ITS applications to provide road traffic efficacy, warning about such issues as environmental dangers, journey circumstances, and in the provision of infotainment that considerably enhance transportation safety and quality. The entities in VANETs, generally vehicles, form part of a massive network known as the Internet of Vehicles (IoV). The deployment of large-scale VANETs systems is impossible without ensuring that such systems are themselves are safe and secure, protecting the privacy of their users. There is a risk that cars might be hacked, or their sensors become defective, causing inaccurate information to be sent across the network. Consequently, the activities and credentials of participating vehicles should be held responsible and quickly broadcast throughout a vast VANETs, considering the accountability in the system. The openness of wireless communication means that an observer can eavesdrop on vehicular communication and gain access or otherwise deduce users' sensitive information, and perhaps profile vehicles based on numerous factors such as tracing their travels and the identification of their home/work locations. In order to protect the system from malicious or compromised entities, as well as to preserve user privacy, the goal is to achieve communication security, i.e., keep users' identities hidden from both the outside world and the security infrastructure and service providers. Being held accountable while still maintaining one's privacy is a difficult balancing act. This thesis explores novel solution paths to the above challenges by investigating the impact of low-density messaging to improve the security of vehicle communications and accomplish unlinkability in VANETs. This is achieved by proposing an improved chaff-based CMIX protocol that uses fake messages to increase density to mitigate tracking in this scenario. Recently, Christian \etall \cite{vaas2018nowhere} proposed a Chaff-based CMIX scheme that sends fake messages under the presumption low-density conditions to enhance vehicle privacy and confuse attackers. To accomplish full unlinkability, we first show the following security and privacy vulnerabilities in the Christian \etall scheme: linkability attacks outside the CMIX may occur due to deterministic data-sharing during the authentication phase (e.g., duplicate certificates for each communication). Adversaries may inject fake certificates, which breaks Cuckoo Filters' (CFs) updates authenticity, and the injection may be deniable. CMIX symmetric key leakage outside the coverage may occur. We propose a VPKI-based protocol to mitigate these issues. First, we use a modified version of Wang \etall's \cite{wang2019practical} scheme to provide mutual authentication without revealing the real identity. To this end, a vehicle's messages are signed with a different pseudo-identity “certificate”. Furthermore, the density is increased via the sending of fake messages during low traffic periods to provide unlinkability outside the mix-zone. Second, unlike Christian \etall's scheme, we use the Adaptive Cuckoo Filter (ACF) instead of CF to overcome the effects of false positives on the whole filter. Moreover, to prevent any alteration of the ACFs, only RUSs distribute the updates, and they sign the new fingerprints. Third, mutual authentication prevents any leakage from the mix zones' symmetric keys by generating a fresh one for each communication through a Diffie–Hellman key exchange. As a second main contribution of this thesis, we focus on the V2V communication without the interference of a Trusted Third Party (TTP)s in case this has been corrupted, destroyed, or is out of range. This thesis presents a new and efficient end-to-end anonymous key exchange protocol based on Yang \etall's \cite{yang2015self} self-blindable signatures. In our protocol, vehicles first privately blind their own private certificates for each communication outside the mix-zone and then compute an anonymous shared key based on zero-knowledge proof of knowledge (PoK). The efficiency comes from the fact that once the signatures are verified, the ephemeral values in the PoK are also used to compute a shared key through an authenticated Diffie-Hellman key exchange protocol. Therefore, the protocol does not require any further external information to generate a shared key. Our protocol also does not require interfacing with the Roadside Units or Certificate Authorities, and hence can be securely run outside the mixed-zones. We demonstrate the security of our protocol in ideal/real simulation paradigms. Hence, our protocol achieves secure authentication, forward unlinkability, and accountability. Furthermore, the performance analysis shows that our protocol is more efficient in terms of computational and communications overheads compared to existing schemes.Kuwait Cultural Offic

Road-based routing in vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) can provide scalable and cost-effective solutions for applications such as traffic safety, dynamic route planning, and context-aware advertisement using short-range wireless communication. To function properly, these applications require efficient routing protocols. However, existing mobile ad hoc network routing and forwarding approaches have limited performance in VANETs. This dissertation shows that routing protocols which account for VANET-specific characteristics in their designs, such as high density and constrained mobility, can provide good performance for a large spectrum of applications. This work proposes a novel class of routing protocols as well as three forwarding optimizations for VANETs. The Road-Based using Vehicular Traffic (RBVT) routing is a novel class of routing protocols for VANETs. RBVT protocols leverage real-time vehicular traffic information to create stable road-based paths consisting of successions of road intersections that have, with high probability, network connectivity among them. Evaluations of RBVT protocols working in conjunction with geographical forwarding show delivery rate increases as much as 40% and delay decreases as much as 85% when compared with existing protocols. Three optimizations are proposed to increase forwarding performance. First, one- hop geographical forwarding is improved using a distributed receiver-based election of next hops, which leads to as much as 3 times higher delivery rates in highly congested networks. Second, theoretical analysis and simulation results demonstrate that the delay in highly congested networks can be reduced by half by switching from traditional FIFO with Taildrop queuing to LIFO with Frontdrop queuing. Third, nodes can determine suitable times to transmit data across RBVT paths or proactively replace routes before they break using analytical models that accurately predict the expected road-based path durations in VANETs

Secure Routing and Medium Access Protocols inWireless Multi-hop Networks

While the rapid proliferation of mobile devices along with the tremendous growth of various applications using wireless multi-hop networks have significantly facilitate our human life, securing and ensuring high quality services of these networks are still a primary concern. In particular, anomalous protocol operation in wireless multi-hop networks has recently received considerable attention in the research community. These relevant security issues are fundamentally different from those of wireline networks due to the special characteristics of wireless multi-hop networks, such as the limited energy resources and the lack of centralized control. These issues are extremely hard to cope with due to the absence of trust relationships between the nodes. To enhance security in wireless multi-hop networks, this dissertation addresses both MAC and routing layers misbehaviors issues, with main focuses on thwarting black hole attack in proactive routing protocols like OLSR, and greedy behavior in IEEE 802.11 MAC protocol. Our contributions are briefly summarized as follows. As for black hole attack, we analyze two types of attack scenarios: one is launched at routing layer, and the other is cross layer. We then provide comprehensive analysis on the consequences of this attack and propose effective countermeasures. As for MAC layer misbehavior, we particularly study the adaptive greedy behavior in the context of Wireless Mesh Networks (WMNs) and propose FLSAC (Fuzzy Logic based scheme to Struggle against Adaptive Cheaters) to cope with it. A new characterization of the greedy behavior in Mobile Ad Hoc Networks (MANETs) is also introduced. Finally, we design a new backoff scheme to quickly detect the greedy nodes that do not comply with IEEE 802.11 MAC protocol, together with a reaction scheme that encourages the greedy nodes to become honest rather than punishing them

A Distributed Audit Trail for the Internet of Things

Sharing Internet of Things (IoT) data over open-data platforms and digital data marketplaces can reduce infrastructure investments, improve sustainability by reducing the required resources, and foster innovation. However, due to the inability to audit the authenticity, integrity, and quality of IoT data, third-party data consumers cannot assess the trustworthiness of received data. Therefore, it is challenging to use IoT data obtained from third parties for quality-relevant applications. To overcome this limitation, the IoT data must be auditable. Distributed Ledger Technology (DLT) is a promising approach for building auditable systems. However, the existing solutions do not integrate authenticity, integrity, data quality, and location into an all-encompassing auditable model and only focus on specific parts of auditability. This thesis aims to provide a distributed audit trail that makes the IoT auditable and enables sharing of IoT data between multiple organizations for quality relevant applications. Therefore, we designed and evaluated the Veritaa framework. The Veritaa framework comprises the Graph of Trust (GoT) as distributed audit trail and a DLT to immutably store the transactions that build the GoT. The contributions of this thesis are summarized as follows. First, we designed and evaluated the GoT a DLT-based Distributed Public Key Infrastructure (DPKI) with a signature store. Second, we designed a Distributed Calibration Certificate Infrastructure (DCCI) based on the GoT, which makes quality-relevant maintenance information of IoT devices auditable. Third, we designed an Auditable Positioning System (APS) to make positions in the IoT auditable. Finally, we designed an Location Verification System (LVS) to verify location claims and prevent physical layer attacks against the APS. All these components are integrated into the GoT and build the distributed audit trail. We implemented a real-world testbed to evaluate the proposed distributed audit trail. This testbed comprises several custom-built IoT devices connectable over Long Range Wide Area Network (LoRaWAN) or Long-Term Evolution Category M1 (LTE Cat M1), and a Bluetooth Low Energy (BLE)-based Angle of Arrival (AoA) positioning system. All these low-power devices can manage their identity and secure their data on the distributed audit trail using the IoT client of the Veritaa framework. The experiments suggest that a distributed audit trail is feasible and secure, and the low-power IoT devices are capable of performing the required cryptographic functions. Furthermore, the energy overhead introduced by making the IoT auditable is limited and reasonable for quality-relevant applications

PFCBAS: pairing free and provable certificate-based aggregate signature scheme for the e-healthcare monitoring system

Recently, one of the most popular technologies of the modern era, the Internet of Things, allows the deployment and usage of various real-time test beds in various smart applications. One such application is the e-healthcare, in which patients' healthcare related data are transmitted to the nearest base station and then to a local or remote server as per the requirements. The data related to patients' health are sensitive and need special protection, therefore, the integrity and authentication of the sources of data generation are paramount concerns. However, several authentication or signature schemes that have been introduced in the past for this purpose are ID-based or having certificate-less settings. In these settings, a central authority, known as a trusted authority (TA), creates and distributes the secret key of every user. Thus, knowing the secrete key by the TA is called key escrow problem. But, these proposed schemes suffer from key distribution problems, which limit their applications in various applications. To mitigate these issues, this paper presents a certificate-based pairing free aggregate signature scheme (CBPFAS). The proposed scheme uses the merits of public key cryptography (PKC) and identity-based PKC (IDBPKC). The scheme is proven to be unforgeable, assuming the hardness of elliptic curve discrete log problem (ECDLP). The performance analysis shows that the proposed CBPFAS scheme executes in 0.78(n+1) ms in comparison to 9.63+1.17n ms in [1], 9.63+0.78n ms in [2], 9.63+3.39n ms in [3], and 9.63+1.17n ms in [4]. From these results, it is concluded that the proposed pairing free certificate-based aggregate signature scheme performs better than its counterparts