430 research outputs found

    Authentication enhancement in command and control networks: (a study in Vehicular Ad-Hoc Networks)

    Get PDF
    Intelligent transportation systems contribute to improved traffic safety by facilitating real time communication between vehicles. By using wireless channels for communication, vehicular networks are susceptible to a wide range of attacks, such as impersonation, modification, and replay. In this context, securing data exchange between intercommunicating terminals, e.g., vehicle-to-everything (V2X) communication, constitutes a technological challenge that needs to be addressed. Hence, message authentication is crucial to safeguard vehicular ad-hoc networks (VANETs) from malicious attacks. The current state-of-the-art for authentication in VANETs relies on conventional cryptographic primitives, introducing significant computation and communication overheads. In this challenging scenario, physical (PHY)-layer authentication has gained popularity, which involves leveraging the inherent characteristics of wireless channels and the hardware imperfections to discriminate between wireless devices. However, PHY-layerbased authentication cannot be an alternative to crypto-based methods as the initial legitimacy detection must be conducted using cryptographic methods to extract the communicating terminal secret features. Nevertheless, it can be a promising complementary solution for the reauthentication problem in VANETs, introducing what is known as “cross-layer authentication.” This thesis focuses on designing efficient cross-layer authentication schemes for VANETs, reducing the communication and computation overheads associated with transmitting and verifying a crypto-based signature for each transmission. The following provides an overview of the proposed methodologies employed in various contributions presented in this thesis. 1. The first cross-layer authentication scheme: A four-step process represents this approach: initial crypto-based authentication, shared key extraction, re-authentication via a PHY challenge-response algorithm, and adaptive adjustments based on channel conditions. Simulation results validate its efficacy, especially in low signal-to-noise ratio (SNR) scenarios while proving its resilience against active and passive attacks. 2. The second cross-layer authentication scheme: Leveraging the spatially and temporally correlated wireless channel features, this scheme extracts high entropy shared keys that can be used to create dynamic PHY-layer signatures for authentication. A 3-Dimensional (3D) scattering Doppler emulator is designed to investigate the scheme’s performance at different speeds of a moving vehicle and SNRs. Theoretical and hardware implementation analyses prove the scheme’s capability to support high detection probability for an acceptable false alarm value ≤ 0.1 at SNR ≥ 0 dB and speed ≤ 45 m/s. 3. The third proposal: Reconfigurable intelligent surfaces (RIS) integration for improved authentication: Focusing on enhancing PHY-layer re-authentication, this proposal explores integrating RIS technology to improve SNR directed at designated vehicles. Theoretical analysis and practical implementation of the proposed scheme are conducted using a 1-bit RIS, consisting of 64 × 64 reflective units. Experimental results show a significant improvement in the Pd, increasing from 0.82 to 0.96 at SNR = − 6 dB for multicarrier communications. 4. The fourth proposal: RIS-enhanced vehicular communication security: Tailored for challenging SNR in non-line-of-sight (NLoS) scenarios, this proposal optimises key extraction and defends against denial-of-service (DoS) attacks through selective signal strengthening. Hardware implementation studies prove its effectiveness, showcasing improved key extraction performance and resilience against potential threats. 5. The fifth cross-layer authentication scheme: Integrating PKI-based initial legitimacy detection and blockchain-based reconciliation techniques, this scheme ensures secure data exchange. Rigorous security analyses and performance evaluations using network simulators and computation metrics showcase its effectiveness, ensuring its resistance against common attacks and time efficiency in message verification. 6. The final proposal: Group key distribution: Employing smart contract-based blockchain technology alongside PKI-based authentication, this proposal distributes group session keys securely. Its lightweight symmetric key cryptography-based method maintains privacy in VANETs, validated via Ethereum’s main network (MainNet) and comprehensive computation and communication evaluations. The analysis shows that the proposed methods yield a noteworthy reduction, approximately ranging from 70% to 99%, in both computation and communication overheads, as compared to the conventional approaches. This reduction pertains to the verification and transmission of 1000 messages in total

    An Efficient Authentication Protocol Based on Chebyshev Chaotic Map for Intelligent Transportation

    Get PDF
    For meeting the demands of safety, traffic management, and high mobility, vehicular adhoc network (VANET) has become a promising component for smart transportation systems. However, the wireless environment of vehicular network leads to various challenges in the communication security. Hence, several authentication schemes have previously been proposed to address VANET security issues but their procedures disregard the balance between effectiveness and security. Thus, this paper presents a new decentralized authentication protocol that relies on lightweight functions such as the Chebyshev chaotic map and logical shift operator to achieve the high mobility requirement. In order to reduce the number of messages transferred over the network, this protocol attempts to eliminate any redundant authentication steps during its authentication stage. Additionally, the new protocol solves key management problems by applying a little modification to the public key infrastructure to ignore certificates transmission over the network. The proposed design incorporates the self-authentication concept to safeguard the vehicle trip route on the road. Moreover, the performance evaluation is conducted to verify that the proposed protocol outperforms the most related scheme in terms of security and efficiency aspects. Finally, the Scyther simulation validates the security robustness of the new protocol

    Blockchain-based secret key extraction for efficient and secure authentication in VANETs

    Get PDF
    Intelligent transportation systems are an emerging technology that facilitates real-time vehicle-to-everything communication. Hence, securing and authenticating data packets for intra- and inter-vehicle communication are fundamental security services in vehicular ad-hoc networks (VANETs). However, public-key cryptography (PKC) is commonly used in signature-based authentication, which consumes significant computation resources and communication bandwidth for signatures generation and verification, and key distribution. Therefore, physical layer-based secret key extraction has emerged as an effective candidate for key agreement, exploiting the randomness and reciprocity features of wireless channels. However, the imperfect channel reciprocity generates discrepancies in the extracted key, and existing reconciliation algorithms suffer from significant communication costs and security issues. In this paper, PKC-based authentication is used for initial legitimacy detection and exchanging authenticated probing packets. Accordingly, we propose a blockchain-based reconciliation technique that allows the trusted third party (TTP) to publish the correction sequence of the mismatched bits through a transaction using a smart contract. The smart contract functions enable the TTP to map the transaction address to vehicle-related information and allow vehicles to obtain the transaction contents securely. The obtained shared key is then used for symmetric key cryptography (SKC)-based authentication for subsequent transmissions, saving significant computation and communication costs. The correctness and security robustness of the scheme are proved using Burrows–Abadi–Needham (BAN)-logic and Automated Validation of Internet Security Protocols and Applications (AVISPA) simulator. We also discussed the scheme’s resistance to typical attacks. The scheme’s performance in terms of packet delay and loss ratio is evaluated using the network simulator (OMNeT++). Finally, the computation analysis shows that the scheme saves ~99% of the time required to verify 1000 messages compared to existing PKC-based schemes

    A Multi-Factor Homomorphic Encryption based Method for Authenticated Access to IoT Devices

    Full text link
    Authentication is the first defence mechanism in many electronic systems, including Internet of Things (IoT) applications, as it is essential for other security services such as intrusion detection. As existing authentication solutions proposed for IoT environments do not provide multi-level authentication assurance, particularly for device-to-device authentication scenarios, we recently proposed the M2I (Multi-Factor Multi-Level and Interaction based Authentication) framework to facilitate multi-factor authentication of devices in device-to-device and device-to-multiDevice interactions. In this paper, we extend the framework to address group authentication. Two Many-to-One (M2O) protocols are proposed, the Hybrid Group Authentication and Key Acquisition (HGAKA) protocol and the Hybrid Group Access (HGA) protocol. The protocols use a combination of symmetric and asymmetric cryptographic primitives to facilitate multifactor group authentication. The informal analysis and formal security verification show that the protocols satisfy the desirable security requirements and are secure against authentication attacks

    Efficient Security Protocols for Constrained Devices

    Get PDF
    During the last decades, more and more devices have been connected to the Internet.Today, there are more devices connected to the Internet than humans.An increasingly more common type of devices are cyber-physical devices.A device that interacts with its environment is called a cyber-physical device.Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.Devices connected to the Internet risk being compromised by threat actors such as hackers.Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.Cyber attacks against power and energy infrastructure have caused significant disruptions in recent years.Many cyber-physical devices are categorized as constrained devices.A constrained device is characterized by one or more of the following limitations: limited memory, a less powerful CPU, or a limited communication interface.Many constrained devices are also powered by a battery or energy harvesting, which limits the available energy budget.Devices must be efficient to make the most of the limited resources.Mitigating cyber attacks is a complex task, requiring technical and organizational measures.Constrained cyber-physical devices require efficient security mechanisms to avoid overloading the systems limited resources.In this thesis, we present research on efficient security protocols for constrained cyber-physical devices.We have implemented and evaluated two state-of-the-art protocols, OSCORE and Group OSCORE.These protocols allow end-to-end protection of CoAP messages in the presence of untrusted proxies.Next, we have performed a formal protocol verification of WirelessHART, a protocol for communications in an industrial control systems setting.In our work, we present a novel attack against the protocol.We have developed a novel architecture for industrial control systems utilizing the Digital Twin concept.Using a state synchronization protocol, we propagate state changes between the digital and physical twins.The Digital Twin can then monitor and manage devices.We have also designed a protocol for secure ownership transfer of constrained wireless devices. Our protocol allows the owner of a wireless sensor network to transfer control of the devices to a new owner.With a formal protocol verification, we can guarantee the security of both the old and new owners.Lastly, we have developed an efficient Private Stream Aggregation (PSA) protocol.PSA allows devices to send encrypted measurements to an aggregator.The aggregator can combine the encrypted measurements and calculate the decrypted sum of the measurements.No party will learn the measurement except the device that generated it

    Security and Privacy for Modern Wireless Communication Systems

    Get PDF
    The aim of this reprint focuses on the latest protocol research, software/hardware development and implementation, and system architecture design in addressing emerging security and privacy issues for modern wireless communication networks. Relevant topics include, but are not limited to, the following: deep-learning-based security and privacy design; covert communications; information-theoretical foundations for advanced security and privacy techniques; lightweight cryptography for power constrained networks; physical layer key generation; prototypes and testbeds for security and privacy solutions; encryption and decryption algorithm for low-latency constrained networks; security protocols for modern wireless communication networks; network intrusion detection; physical layer design with security consideration; anonymity in data transmission; vulnerabilities in security and privacy in modern wireless communication networks; challenges of security and privacy in node–edge–cloud computation; security and privacy design for low-power wide-area IoT networks; security and privacy design for vehicle networks; security and privacy design for underwater communications networks

    Towards fast and robust authentication schemes in Body Area Networks

    Get PDF
    The emergence of Body Area Networks (BANs) has paved the way for real-time sensing of human biometrics in addition to remote control of smart medical devices, which in turn is beginning to revolutionise the smart healthcare industry. However, due to their limited power and computational capabilities they are vulnerable to myriad of security attacks, thus securing BANs is paramount to their success and wider adoption in the medical and nonmedical domain. Achieving the desired security level for BANs while adhering to their strict constraints imposed by the limited resources available is an ongoing challenge. Solving such a challenge will be the focus of my thesis. In particular, my thesis will develop a novel, fast and robust authentication mechanisms amongst BAN devices while exploring new potential vulnerabilities that may threaten the existing approaches. To accomplish this goal the thesis provides a review of the state-of-the-art literature exploring authentication protocols that focus on biometrics, physical channel characters or other approaches, before proceeding to introduce three novel works. Firstly, identifying a concerning vulnerability within existing Electrocardiogram (ECG) based schemes, secondly, a solution to mitigate this exploit and finally a strategy which aims to reduce the time taken to complete the authentication process

    Automotive Ethernet architecture and security: challenges and technologies

    Get PDF
    Vehicle infrastructure must address the challenges posed by today's advances toward connected and autonomous vehicles. To allow for more flexible architectures, high-bandwidth connections and scalability are needed to connect many sensors and electronic control units (ECUs). At the same time, deterministic and low latency is a critical and significant design requirement to support urgent real-time applications in autonomous vehicles. As a recent solution, the time-sensitive network (TSN) was introduced as Ethernet-based amendments in IEEE 802.1 TSN standards to meet those needs. However, it had hurdle to be overcome before it can be used effectively. This paper discusses the latest studies concerning the automotive Ethernet requirements, including transmission delay studies to improve worst-case end-to-end delay and end-to-end jitter. Also, the paper focuses on the securing Ethernet-based in-vehicle networks (IVNs) by reviewing new encryption and authentication methods and approaches
    corecore