Beruflich Dokumente
Kultur Dokumente
for VANETs
Jie Li, Senior Member, IEEE, Huang Lu, Member, IEEE, and Mohsen Guizani, Fellow, IEEE
AbstractIn Vehicular Ad hoc Networks (VANETs), authentication is a crucial security service for both inter-vehicle and vehicleroadside communications. On the other hand, vehicles have to be protected from the misuse of their private data and the attacks on
their privacy, as well as to be capable of being investigated for accidents or liabilities from non-repudiation. In this paper, we
investigate the authentication issues with privacy preservation and non-repudiation in VANETs. We propose a novel framework with
preservation and repudiation (AIAF) for VANETs. In AIAF, we introduce the public-key cryptography (PKC) to the pseudonym
generation, which ensures legitimate third parties to achieve the non-repudiation of vehicles by obtaining vehicles real IDs. The
self-generated PKC-based pseudonyms are also used as identifiers instead of vehicle IDs for the privacy-preserving authentication,
while the update of the pseudonyms depends on vehicular demands. The existing ID-based signature (IBS) scheme and the IDbased online/offline signature (IBOOS) scheme are used, for the authentication between the road side units (RSUs) and vehicles,
and the authentication among vehicles, respectively. Authentication, privacy preservation, non-repudiation and other objectives of
AIAF have been analyzed for VANETs. Typical performance evaluation has been conducted using efficient IBS and IBOOS
schemes. We show that the proposed AIAF is feasible and adequate to be used efficiently in the VANET environment.
Index TermsVehicular ad hoc network, authentication framework, privacy preservation, non-repudiation, pseudonym, identitybased cryptography
1 INTRODUCTION
VEHICULAR ad
1)
2)
1)
2)
1)
RTAs at different regions have to be cross-certified. non-repudiation, by using the PKC-based pseudonyms and
Thus, vehicles from different regions or different ID-based key management for the different kinds of
manufacturers can be authenticated to each other via communications in VANETs. If a malicious vehicle transmits a
RTAs.
fraudulent authentication message, the trusted authority should be
able to open the corresponding signature to trace the actual
identity of the vehicle.
2.2 Attacks on Authentication, Privacy and
Besides, many other objectives and challenges are considered
Non-Repudiation
and
preferred in the existing work for the effective and efficient
Concerning security in VANETs, there are many attacks which
authentication [26]. In this work, we also
threaten the V2R, R2V and V2V communications
Incorporate the common objectives in authentication, and focus
on the following points:
Only to the RTA. In this way, a vehicle can obtain a public key
pkc and generate the PKC-based pseudonym from the current
public key, which can be decrypted only with the corresponding
RTAs private key skc.
Time constraint: Because of the high mobility of a PKI. Most existing algorithms of IBC are based on the vehicular movement,
strict time constraint is Diffie-Hellman (BDHP) and elliptic curve cryptography
Required in AIAF for VANETs, which means that the (ECC) in a pairing domain [1], where the discrete logarithm
lower the delay overhead, the more efficient and timely problem (DLP) for pairing in groups is required to be hard. For
the communication.
self-contained, we briefly review the characteristics of pairing.
Independency: Due to the possibility of infrastructure Randomly select two large primes p and q, and let E=Fp
unavailability in VANETs, including RSUs and RTAs, the indicates an elliptic curve over the finite field Fp. We denote a qdesired AIAF should not query and access infrastructures order subgroup of the additive group of points in E=F by G ,
p
1
so frequently.
and a q-order sub-group of the multiplicative group in the finite
Availability and integration: In order to ensure secure and field F_ G [31]. The pairing is a mapping e : G _ G ! G ,
p 2
1
1
2
smooth operations of VANETs, it is necessary to integrate which is a bilinear map if it satisfies the following properties:
security requirements into the design of VANETs. The
solution of the proposed AIAF is desired not only to
1) Bilinear: 8P; Q 2 G1 and 8c; d 2 Z_q, ecP; dQ
c
d
cd
retain the communication and computation ability of a
eP; dQ ecP; Q eP; Q , etc.
VANET, but also to provide integration with the local
2) Non-degeneracy: If P is a generator of G1, then eP; P is
service and security
a generator of G2.
Mechanisms.
3) Computability: There is an efficient algorithm to compute
Generally, the goal of AIAF is to provide an effective
_eP; Q in G2, 8P; Q 2 G1.
authentication mechanism to achieve the above objectives in Here Z q is the multiplicative group consisting of q _ 1 integers.
VANETs, in terms of the processing time, storage and Weil pairing [31] and Tate pairing [32] are examples of such
bilinear mapping, which presents comprehensive descriptions of
communication overhead.
how pairing parameters can be selected for security.
3 PRELIMINARIES
In this section, we introduce the PKC for pseudonym generation,
the IBS for authentication between vehicles and RSUs, and the
IBOOS for the authentication among vehicles, specifically. These
schemes will be applied in the proposed authentication
framework AIAF for VANETs. Note that the conventional IBS
and IBOOS schemes are not specifically designed for VANETs.
Thus, we adapt the conventional scheme for VANETs by
distributing functions to roles in a VANET. In this section, we
provide the preliminary background of the PKC scheme, pairing
for ID-based cryptography, as well as the IBS scheme and the
IBOOS scheme, respectively for VANETs.
online
4.1 Initialization
In the proposed AIAF for VANETs, we consider the UVC
structure for VANETs introduced in Section 2.1, which consists
of an RTA, finite numbered registered RSUs along roadsides, and
a large number of vehicles on or by the roads. An RTA serves in
one region, e.g., a city, a province or a country. An ID pool of
RSUs in a region is preloaded in each vehicle, in which the
number of RSUs is usually fixed that does not change frequently.
The vehicle registration is required before a vehicle starts off to
hit the road in a region. If the vehicle is newly manufactured, it
can be registered to the RTA at the car dealer via a secure
network infrastructure. If a vehicle is driven into a new region, it
can be registered to the RTA at the entry-exit administration or
the border immigration office via the secure network
infrastructure. Through the vehicle registration of each vehicle,
the RTA registers the vehicle ID and profile, then publishes and
distributes the RSU ID pool and the certified domain parameters
for authentication to the vehicle, which are defined in Section 3.
We use Fig. 1 to illustrate the operations of the proposed AIAF
for VANETs.
PSv TimejjEpkIDvjjHRjjRSU;
where Time is the current time, when the pseudonym is
generated. Epkc IDv is the encrypted value generated from the
vehicles real ID, by using the current PKCs public key pkc
obtained from the RSU broadcasts. HR denotes the code name of
the vehicles home region. RSU denotes the ID of the current
corresponding RSU, where the vehicle updates
TABLE 1
Operations of the Proposed AIAF
offline
vPSv=IDr,
online
in
online
from the
offline
offline
vPSv
offline
SIG
Upon
receiving
the
vSIG
vPSvjjti.
authentication message from the sender vehicle, the vehicles in
the senders transmission range verify the online signature with
the corresponding POI set stored in their memories.
online
wSIG
offline
wjjti.
online
SIGv
offline
SIGv
the
receiver
6 PERFORMANCE EVALUATIONS
This section evaluates the performance and efficiency of AIAF
for UVC in VANETs through system analysis and theoretical
calculations, in terms of storage requirement, computation
overhead and authentication efficiency.
TABLE 2
Comparison of Efficiency Using Different Cryptographies
the vehicles, the lower the cost of the security overhead, the
Better it is desired in AIAF.
where T
sender
receiver
(2)
sign
receiver
verify
Tcross Tsign
Tverify
receiver
Tquery;
sender
Where Tsign
is the time
of signing the online signature by the
receiver
sender vehicle, and Tverify
is the time of verifying the online
RSU=query
verify
RSU=query
(4)
sign
receiver=query
RSU=query
receiver=query
sign
verify
;
receiver=query
where Tsign
is the time of signing the IBS in the query
message by the receiver vehicle for querying the senders
receiver=query
POI set from the RSU, and Tverify
is the time of verifying the IBS from the RSU by the receiver vehicle, which is
sender
Tinner Tsign
query
(3)
is
the time of verifying the IBS in the query message from the
RSU=query
querying vehicle by the RSU, and Tsign
is the time of
signing the IBS in the response message to the vehicles
query by the RSU.
Since the vehicles in the senders transmission range
verify the signatures in the authentication message from
either the inner-RSU-V2V authentication or the crossRSU-V2V authentication, we study the computational
delay of the V2V authentication in AIAF by changing
the ratio of receiver vehicles by using AIAF:Inner-RSUV2V and AIAF: Cross-RSU-V2V. Taking into account the
mobility of vehicles for UVC in a VANET, we denote a
coefficient u to indicate the ratio of the vehicles using
AIAF:Inner-RSU-V2V for verification in authentication,
which is calculated by:
N
inner
total
(5)
where Ninner is the number of vehicles using AIAF:InnerRSU-V2V for authentication, and Ntotal is the total number
of vehicles. Thus, the ratio of the vehicles using AIAF:
Cross-RSU-V2V for verification is 1 _ u. In this way it indicates that, the higher the ratio u, the lower the vehicular
Mobility. Thus, the computational delay of the V2V authentication in AIAF is the sum of partial Tinner and partial
Tcross, which is calculated by TV2V_AIAF as:
V2V_AIAF
u_T
1 _ u _ T
(6)
The parameters of quantitative calculations for the performance evaluation of AIAF are taken from the IBS and
IBOOS schemes, which are shown in Table 2. We consider
the evaluation of AIAF with two different sets of parameters in the calculations. We denote AIAF-1 as the case that
the IBS [36] and IBOOS [38] schemes are respectively
applied to AIAF, and AIAF-2 as the case that the IBS [35]
and IBOOS [37] schemes are respectively applied to AIAF.
(The original descriptions of the applied IBS and IBOOS
schemes are included in the separated appendices, which
can be found on the Computer Society Digital Library at
http://doi.ieeecomputersociety.org/10.1109/TPDS.2014.
2308215, of the manuscript.)
The illustration of the computational delay of the V2V
authentication versus different ratio between the conditions
of AIAF:Inner-RSU-V2V
and AIAF:Cross-RSU-V2V
is
Shown in Fig. 2. For comparison, we name a special case of
AIAF, the conventional infrastructure-based authentication
(CIBA), in which all the vehicles receivers use AIAF: CrossRSU-V2V for the V2V authentication. In the same way that we
considered for AIAF with different sets of
inner
cross
ACKNOWLEDGMENTS
This work was partially supported by Grant-in-Aid for Scientific
Research of Japan Society for Promotion of Science (JSPS) and
Collaboration Research Grant of National Institute of Informatics
(NII), Japan. Huang Lu is the corresponding author.
REFERENCES
[1]
Parameters, we denote CIBA-1 as the case that the IBS [35] and
IBOOS [37] schemes are respectively applied, and CIBA-2 as the
case that the IBS [36] and IBOOS [38] schemes are respectively
applied. Furthermore, we compare the performance of AIAF with
an existing authentication protocol, called ECPP (efficient
conditional privacy preservation protocol for secure vehicular
communications) [8], which could be adopted for the same
scenario with ours. The computational delay of the V2V
authentication in ECPP is calculated by TV2V_ECPP obtained
from [8] as:
TV2V_ECPP Tk Tverify 34:8 21:88 56:68 ms; (7)
7 CONCLUSIONS
In this paper, a novel authentication framework with conditional
privacy-preservation and non-repudiation for VANETs has been
proposed, which utilizes the IBS and IBOOS schemes for the
authentication, the pseudonym-based scheme for the privacy
preservation, and the PKC-based scheme for the pseudonym
generation. AIAF achieves the desired authentication, privacy
preservation, non-repudiation and other security objectives for
UVC in VANETs. Another important characteristic of AIAF is its
reusability, i.e., it can also be utilized with other new schemes for
security and performance improvements. Anal-ysis and
performance evaluation show that, the proposed AIAF is feasible
and adequate to UVC in the VANET envi-ronment for efficient
privacy-preserving authentication with non-repudiation.
[2]
[3]
[4]
X. Lin, TSVC: Timed Efficient and Secure Vehicular Communications with Privacy Preserving, IEEE Trans. Wireless Comm., vol. 7,
no. 12, pp. 4987-4998, Dec. 2008.
[5]
[6]
[7]
[8]
[9]
[10]
[11]
Y. Zhang et al., Securing Mobile Ad Hoc Networks with Certificateless Public Keys, IEEE Trans. Dependable and Secure Computing, vol. 3, no. 4, pp. 386-399, Oct.-Dec. 2006.
[12]
[13]
[14]
[15]
[16]
[17]
[19]
[21]
J. Choi and S. Jung, A Security Framework with Strong NonRepudiation and Privacy in VANETs, Proc. IEEE Sixth Consumer
Comm. and Networking Conf. (CCNC), 2009.
[22]
[23]
B. Hoh et al., Preserving Privacy in GPS Traces via UncertaintyAware Path Cloaking, Proc. 14th ACM Conf. Computer and Comm.
Security (CCS), pp. 161-171, 2009.
[24] J.M.D. Fuentes, A.I. Gonz_alez-Tablas, and A. Ribagorda,
Overview of Security Issues in Vehicular Ad-Hoc Networks,
Handbook of Research on Mobility and Computing, pp. 894-911, IGI
Global Snippet, 2011.
[25]
[26]
[27]
[28]
[29]
[30]
[31]
[32]
[33]
and
Signature
[34]
[35]
[36]
[38]
[40]
T. Dierks and E. Rescorla, RFC 5246The Transport Layer Secu- please visit our Digital Library at www.computer.org/publications/dlib. rity
(TLS) Protocol Ver. 1.2,IETF, Aug. 2008.