Vehicular Internet: Security & Privacy Challenges and Opportunities

The vehicular internet will drive the future of vehicular technology and intelligent transportation systems (ITS). Whether it is road safety, infotainment, or driver-less cars, the vehicular internet will lay the foundation for the future of road travel. Governments and companies are pursuing driver-less vehicles as they are considered to be more reliable than humans and, therefore, safer. The vehicles today are not just a means of transportation but are also equipped with a wide range of sensors that provide valuable data. If vehicles are enabled to share data that they collect with other vehicles or authorities for decision-making and safer driving, they thereby form a vehicular network. However, there is a lot at stake in vehicular networks if they are compromised. With the stakes so high, it is imperative that the vehicular networks are secured and made resilient to any attack or attempt that may have serious consequences. The vehicular internet can also be the target of a cyber attack, which can be devastating. In this paper, the opportunities that the vehicular internet offers are presented and then various security and privacy aspects are discussed and some solutions are presented

On efficient ciphertext-policy attribute based encryption and broadcast encryption

Abstract. Ciphertext Policy Attribute Based Encryption (CP-ABE) enforces an expressive data access policy, which consists of a number of attributes connected by logical gates. Only those decryptors whose attributes satisfy the data access policy can decrypt the ciphertext. CP-ABE is very appealing since the ciphertext and data access policies are integrated together in a natural and effective way. However, all existing CP-ABE schemes incur very large ciphertext size, which increases linearly with respect to the number of attributes in the access policy. Large ciphertext prevents CP-ABE from being adopted in the communication constrained environments. In this paper, we proposed a new construction of CP-ABE, named Constant-size CP-ABE (denoted as CCP-ABE) that significantly reduces the ciphertext to a constant size for an AND gate access policy with any given number of attributes. Each ciphertext in CCP-ABE requires only 2 elements on a bilinear group. Based on CCP-ABE, we further proposed an Attribute Based Broadcast Encryption (ABBE) scheme. Compared to existing Broadcast Encryption (BE) schemes, ABBE is more flexible because a broadcasted message can be encrypted by an expressive access policy, either with or without explicit specifying the receivers. Moreover, ABBE significantly reduces the storage and communication overhead to the order of O(log N), where N is the system size. Also, we proved, using information theoretical approaches, ABBE attains minimal bound on storage overhead for each user to construct all possible subgroups in the communication system.

Optimal Multicast Group Communication

Many IP multicast based applications, such as Pay-TV, Multiplayer games, require controlling the group memberships of senders and receivers. One common solution is to encrypt the data with a session key shared with all authorized senders/receivers. To efficiently update the session key in the event of member removal, many rooted-tree based group key distribution schemes have been proposed. However, most of the existing rooted-tree based schemes are not optimal. In other words, given the O(log N) storage overhead, the communication overhead is not minimized. On the other hand, although Flat Table scheme achieves optimality , it is rather dismissed due to the vulnerability to collusion attacks. In this paper, we propose a key distribution scheme -- EGK that attains the same optimality as Flat Table without collusion vulnerability. EGK also support dynamic subgroup communication initialized by each group members (imagine a virtual chat room in the multicast group). Additionally, EGK provides constant message size and requires O(log N) storage overhead at the group controller, which makes EGK suitable for applications containing a large number of multicasting group members. Moreover, adding members in EGK requires just one multicasting message. EGK is the first work with such features and out-performs all existing schemes

HIR-CP-ABE: Hierarchical Identity Revocable Ciphertext-Policy Attribute-Based Encryption for Secure and Flexible Data Sharing

Ciphertext Policy Attribute-Based Encryption (CP- ABE) has been proposed to implement the attribute-based access control model. In CP-ABE, data owners encrypt the data with a certain access policy such that only data users whose attributes satisfy the access policy could obtain the corresponding private decryption key from a trusted authority. Therefore, CP-ABE is considered as a promising fine-grained access control mechanism for data sharing where no centralized trusted third party exists, for example, cloud computing, mobile ad hoc networks (MANET), Peer-to-Peer (P2P) networks, information centric networks (ICN), etc.. As promising as it is, user revocation is a cumbersome problem in CP-ABE, thus impeding its application in practice. To solve this problem, we propose a new scheme named HIR-CP-ABE, which implements hierarchical identity- based user revocation from the perceptive of encryption. In particular, the revocation is implemented by data owners directly without any help from any third party. Compared with previous attribute-based revocation solutions, our scheme provides the following nice properties. First, the trusted authority could be offline after system setup and key distribution, thus making it applicable in mobile ad hoc networks, P2P networks, etc., where the nodes in the network are unable to connect to the trusted authority after system deployment. Second, a user does not need to update the private key when user revocation occurs. Therefore, key management overhead is much lower in HIR-CP-ABE for both the users and the trusted authority. Third, the revocation mechanism enables to revoke a group of users affiliated with the same organization in a batch without influencing any other users. To the best of our knowledge, HIR-CP-ABE is the first CP-ABE scheme to provide affiliation-based revocation functionality for data owners. Through security analysis and performance evaluation, we show that the proposed scheme is secure and efficient in terms of computation, communication and storage