Beruflich Dokumente
Kultur Dokumente
Received April 25, 2018, accepted May 21, 2018, date of publication May 28, 2018, date of current version July 25, 2018.
Digital Object Identifier 10.1109/ACCESS.2018.2841008
ABSTRACT Due to the advantages of low handover latency and signaling costs, Proxy Mobile
IPv6 (PMIPv6), as a localized mobility management protocol for next generation mobile network, can
be well combined with vehicular ad-hoc networks. However, the lack of security considerations limits the
rapid growth of PMIPv6. Unfortunately, few proposals are in the literature to address such issue. Motivated
by this, a novel authentication scheme based on identity-based signature for PMIPv6 is proposed. Mutual
authentication between mobile node and mobile access gateway is achieved for both intra-domain and inter-
domain scenarios with the help of identity-based signature and service-level agreement. The authentication
signaling can be finely integrated into the mobility management procedure of PMIPv6, which equips our
scheme with high authentication efficiency. The formal security proof under SVO logic and the performance
analysis are presented to demonstrate the robustness and efficiency of our proposed scheme.
2169-3536
2018 IEEE. Translations and content mining are permitted for academic research only.
37480 Personal use is also permitted, but republication/redistribution requires IEEE permission. VOLUME 6, 2018
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
T. Gao et al.: PAAS: PMIPv6 Access Authentication Scheme Based on Identity-Based Signature in VANETs
II. PRELIMINARIES
A. VANETs
FIGURE 2. Network architecture of PMIPv6.
As shown in Figure 1, VANETs is a special mobile
ad hoc networks(MANETs) which can guarantee the
Vehicle-to-vehicle(V2V) communications, and Vehicle-to-
handling the mobility-management signaling on behalf of
Infrastructure(V2I) communications. Due to the device
MN, which decreases the complexity of MN’s protocol stack.
equipped with computing capabilities, positioning, commu-
LMA, acting as a home agent of MN, is responsible for man-
nicating, etc., the vehicle has the ability to sense its own driv-
aging binding status of MN and establish the bi-directional
ing data, perform message broadcasting and forwarding to
tunnel to forward packages.
neighboring nodes. RSU is seen as a gateway to connect inter-
The whole access process of MN contains initial access
net and vehicles, each vehicle can obtain internet services
phrase and handover access phrase. The initial access phrase
through RSU. As the part of the intelligent transportation
is that MN conducts the binding registration of PMIPv6 when
system(ITS) in Smart Cities [8], vehicle can avoid congested
entering the PMIPv6 domain firstly. The handover access
road, ensure the security of driving through message broad-
authentication is that MN changes its access point or user
casting and forwarding. Meanwhile, RSU can collect vehicle
interface when roaming in the PMIPv6 domain. In initial
status information, obtain traffic status of the road, and assist
access phrase, when MAG detects MN’s access, it can obtain
in supervising road conditions [9]. Beside, by combining
MN’s configuration files which contains user’s ID, service
with the socially aware networking and Internet of Things,
provider’s ID, and LMA’s address. Then, MAG sends Proxy
VANETs can also provide diverse application services for
Binding Update (PBU) to LMA on behalf of MN. After
drivers [9]–[12].
receiving the PBU, LMA sends Proxy Binding Acknowledge-
ment (PBA) with MN’s home network prefix to MAG and
B. PMIPv6 establishes a bi-directional tunnel with MAG. Meanwhile,
In 2008, PMIPv6 was proposed as a network-based mobil- LMA also establishes a binding cache entry (BCE) to store
ity management protocol [13]. PMIPv6 introduces two new MN’s relevant registration information. After receiving PBA,
entities, Local Mobility Anchor (LMA) and Mobile Access MAG sends Router Advertisement (RA) to MN and informs
Gateway (MAG). In Figure.2, MAG executes on an access MN its Home Network Prefix (HNP). MN is then able to con-
router and is responsible for tracking MN’s mobility status, figure its formal IPv6 address using the HNP and obtain the
C. BILINEAR PAIRING
Let G1 be a cyclic additive group generated by P, whose
order is a prime q, and GT be a multiplicative group of the
same prime order. IGT is the generator of GT . Assume that the
discrete logarithm problem [25] is hard on both G1 and GT .
A bilinear pairing e: G1 × G1 − → GT owns the following
properties:
1) Bilinear: For all P, Q ∈ G1 and a, b ∈ Zq∗ , e(aP, bQ) =
e(P, Q)ab , where Zq∗ = {1, 2, . . . q − 1};
2) Non-degenerate: There exists P, Q ∈ G1 such that
e(P, Q) 6 = IGT ;
3) Computable: For all P, Q ∈ G1 , there is an efficient
method to compute e(P, Q).
LMA’s private key SKLMA = SSTR H0 (IDLMA ). Finally, STR authentication protocol is shown as Figure.7 in terms of the
uses KSTR−LMA to encrypt SKLMA , N2 and gets the ciphertext scenario in Figure.3.
C4 = SEKLMA−STR {SKLMA , N2 }. (1) MN chooses rMN randomly. Through using SKMN , MN
(6) STR sends C4 , Si to LMA. signs IDMN , TS1 , and obtains SignMN = Sign_WMS_SKMN
(7) After receiving C4 and Si , LMA decrypts C4 to obtain {IDMN ,TS1 }=(σMN _1 , σMN _2 ), where σMN _1 = SKMN +
SKLMA , N2 . Then LMA checks N2 , if N2 is valid, LMA rMN H1 (IDMN ||TS1 ), σMN _2 = rMN P, rMN ∈ Zq∗ .
preserves SKLMA . Otherwise LMA discards the received mes- (2) MN sends IDMN , TS1 , SignMN to MAG1 .
sage. (3) After receiving the message from MN, MAG1 first
(8) LMA forwards Si to each MAGi . checks the freshness of TS1 . If not, the authentication is failed.
(9) After receiving Si , MAGi gets its own private key Otherwise MAG1 verifies the signature SignMN . If the verifi-
−1
SKMAGi = Si SMAG i
. cation failed, then MN is not a legal node and the authentica-
tion is failed. Otherwise, MAG1 makes sure that MN is a legal
2) INITIAL AUTHENTICATION PROTOCOL node. MAG1 selects random number rMAG1 ∈ Zq∗ , and gen-
The initial authentication protocol works when MN erates SignMAG1 = Sign_WMS_SKMAG1 {IDMAG1 ,IDLMA1 ,
first attaches a PMIPv6 domain and launches mutual TS2 }={σMAG1 _1 , σMAG1 _2 }, where σMAG1 _1 = SKMAG1 +
authentication with the accessed MAG. The detail of initial rMAG1 H1 (IDMAG1 ||IDLMA1 ||TS2 ), σMAG1 _2 = rMAG1 P.
P3: MN believes PKσ (MAG1 , PKMAG1 ) MAG1 According to S9, P3, P4, Ax4:
believes PKσ (MN, PKMN ) S10: MN believes MAG1 said (IDMAG1 , IDLMA1 ,
P4: MN believes SV([IDMAG1 , IDLMA1 , TS2 ] TS2 )
−1
MSKMAG 1
, PKMAG1 , (IDMAG1 , IDLMA1 , TS2 )) According to S10, P1, Ax19:
−1
MAG1 believes SV([IDMN , TS1 ]SKMN , S11: MN believes MAG1 says (IDMAG1 , IDLMA1 ,
PKMN , (IDMN , TS1 )) TS2 ) (G01 is proved)
P5: MN believes PKδ (MN, σMN _2 ) MAG1 According to S11, P6, Ax1 and Nec:
believes PKδ (MAG1 , σMAG1 _2 )) S12: MN1 believes PKδ (MAG1 , σMAG1 _2 )
P6: MN believes ((MAG1 says (IDMAG1 , IDLMA1 , According to S12, P5, Ax5:
TS1 )⊃ PKδ (MAG1 , σMAG1 _2 )) MAG1 believes S13: MN believes SharedKey(KMN −MAG1 , MN,
((MN says (IDMN , TS2 ) ⊃ PKδ (MN, σMN _2 )) MAG1 ), KMN −MAG1 = F(σMN _2 , σMAG1 _2 )
P7: MN sees PKδ (MN, σMN _2 ) MAG1 sees According to P2, P7, Ax1, Ax5, Ax10:
PKδ (MAG1 , σMAG1 _2 )
S14: MN sees SharedKey(KMN −MAG1 , MN,
b) Goals MAG1 ), KMN −MAG1 =F(σMN _2 , σMAG1 _2 )
G1 : MAG1 believes MN says (IDMN , TS1 ) According to S13, S14, and the definition of
G01 : MN believes MAG1 says (IDMAG1 , IDLMA1 SharedKey(K-, A, B) :
TS2 ) S15: MN believes SharedKey(KMN −MAG1 -, MN,
G2 : MAG1 believes SharedKey(KMAG1 −MN -, MAG1 ), KMN −MAG1 =F(σMN _2 , σMAG1 _2 )
MAG1 , MN) (G02 is proved)
G02 : MN believes SharedKey(KMN −MAG1 -, MN,
According to P1, P2, Ax1, Ax18 and MP:
MAG1 )
G3 : MAG1 believes fresh(KMAG1 −MN ) S16: MN believes fresh (KMN −MAG1 ) (G03 is
G03 : MN believes fresh(KMN −MAG1 ) proved)
c) Security proof According to Ax1, Nec: 2) Intra-domain handover authentication protocol
S1: MAG1 believes MAG1 received [IDMN , a) Assumptions
−1
TS1 ]SKMN P1: MN believes fresh(TS4 ) MAG1 believes
fresh(TS3 )
According to S1, P3, P4, Ax4:
P2: MN believes SharedKey(KMN −MAG1 , MN,
S2: MAG1 believes MN said (IDMN , TS1 )
MAG1 ) MAG2 believes SharedKey
According to S2, P1, Ax19: (KMAG1 −MN , MAG1 , MN)
S3: MAG1 believes MN says (IDMN , TS1 ) (G1 is P3: MN believes MN received (([IDMAG2 ,
proved) TS4 , σMAG2 _2 ]KMAG1 −MN , IDMAG2 , TS4 ),
According to S3, P6, Ax1 and Nec: σMAG2 _2 ⊃ PKδ (MAG2 , σMAG2 _2 )) MAG2
S4: MAG1 believes PKδ (MN, σMN _2 ) believes MAG2 received ([IDMN , IDMAG1
TS3 , σMN _2 ]KMN −MAG1 , IDMN , IDMAG1 , TS3 ,
According to S4, P5, Ax5:
σMN _2 ) ⊃ PKδ (MN, σMN _2 ))
S5: MAG1 believes SharedKey(KMAG1 −MN ,
P4: MN believes PKδ (MN, σMN _2 ) MAG2
MAG1 , MN), KMAG1 −MN =F(σMAG1 _2 , σMN _2 )
believes PKδ (MAG2 , PKMAG2 _2 ))
According to P2, P7, Ax1, Ax5, Ax10:
P5: MN believes ((MAG2 says (IDMAG2 , TS4 ,
S6: MAG1 sees SharedKey(KMAG1 −MN , σMAG2 _2 ))⊃ PKδ (MAG2 , σMAG2 _2 )) MAG2
MAG1 , MN), KMAG1 −MN =F(σMAG1 _2 , σMN _2 ) believes ((MN says (IDMN , IDMAG1 TS3,
According to S5, S6, the definition of SharedKey σMN _2 ))⊃ PKδ (MN, σMN _2 ))
(K-, A, B) P6: MN sees PKδ (MN, σMN _2 ) MAG2 sees
S7: MAG1 believes SharedKey(KMAG1 −MN , PKδ (MAG2 , σMAG2 _2 )
MAG1 , MN), KMAG1 −MN =F(σMAG1 _2 , σMN _2 ) b) Goals
(G2 is proved) G4 : MAG2 believes MN says (IDMN , IDMAG2 ,
According to P1, P2, Ax1, Ax18 and MP: TS3 , σMN _2 )
S8: MAG1 believes fresh(KMAG1 −MN ) (G3 is G04 : MN believes MAG2 says (IDMAG2 , TS4 ,
proved) σMAG2 _2 )
G5 : MAG2 believes SharedKey(KMAG2 −MN -,
According to Ax1, Nec:
MAG2 , MN)
S9: MN believes MN received [IDMAG1 , IDLMA1 , G05 : MN believes SharedKey(KMN −MAG2 -, MN,
TS2 ]SKMAG−1 MAG2 )
1
REFERENCES
[1] Z. Ning et al., ‘‘A cooperative quality-aware service access system for
social Internet of vehicles,’’ IEEE Internet Things J., to be published,
FIGURE 12. Signing cost. doi: 10.1109/JIOT.2017.2764259.
[2] A. Rahim et al., ‘‘Vehicular social networks: A survey,’’ Pervasive Mobile
Comput., vol. 43, pp. 96–113, Jan. 2017, doi: 10.1016/j.pmcj.2017.12.004.
[3] A. M. Vegni and V. Loscri, ‘‘A survey on vehicular social networks,’’ IEEE
SignMN = Sign_HMAC_KMN −MAG1 {IDMN , IDMAG1 , TS3 , Commun. Surveys Tuts., vol. 17, no. 4, pp. 2397–2419, 4th Quart., 2015.
σMN _2 }. Then MAG2 sends IDMAG2 , TS4 , and SignMAG2 = [4] C. Perkins, D. Johnson, and J. Arkko, Mobility Support in IPv6,
Sign_HMAC_KMN −MAG1 {IDMAG2 , TS4 , σMAG2 _2 } to MN. document RFC 3775, 2003.
[5] S. Cespedes and X. Shen, ‘‘An efficient hybrid HIP-PMIPv6 scheme for
Consequently, the communication overhead of PAAS is: seamless Internet access in urban vehicular scenarios,’’ in Proc. IEEE
Global Telecommun. Conf., Dec. 2010, pp. 1–5.
COPAAS = 3 × 10 + 2 × 4 + 2 × 16(bytes) [6] H. Soliman, C. Castelluccia, K. El-Malki, and L. Bellier, Hierarchical
Mobile IPv6 (HMIPv6) Mobility Management, document RFC 5380, 2008.
= 78(bytes)
[7] E. R. Koodli, Mobile IPv6 Fast Handovers, document RFC 5568, 2009,
pp. 931–934.
Compared with HOTA and CSS, the proposed PAAS owns [8] W. Hou, Z. Ning, and L. Guo, ‘‘Green survivable collaborative edge
lower communication overhead as shown in Table 4. computing in smart cities,’’ IEEE Trans. Ind. Informat., vol. 14, no. 4,
pp. 1594–1605, Apr. 2018.
[9] X. Wang, Z. Ning, and L. Wang, ‘‘Offloading in Internet of vehicles: A fog-
C. SIGNALING COST enabled real-time traffic management system,’’ IEEE Trans. Ind. Informat.,
The signaling cost is defined as the entire amount of authenti- to be published, doi: 10.1109/TII.2018.2816590.
cation signaling costs. We adopt the fluid-flow model [39] to [10] Z. Ning, X. Wang, X. Kong, and W. Hou, ‘‘A social-aware group formation
framework for information diffusion in narrowband Internet of Things,’’
analyze the signaling cost. In this model, it is assumed that all IEEE Internet Things J., vol. 5, no. 3, pp. 1527–1538, Jun. 2018.
the subnets are circular and of the same size. MN’s movement [11] Z. Ning, L. Liu, F. Xia, B. Jedari, I. Lee, and W. Zhang, ‘‘CAIS: A copy
direction is distributed in the range of (0, 2π ). The crossing adjustable incentive scheme in community-based socially aware network-
ing,’’ IEEE Trans. Veh. Technol., vol. 66, no. 4, pp. 3406–3419, Apr. 2017.
rate(R) and signaling cost (SC) can be derived as (4) and (5): [12] X. Hu et al., ‘‘Emotion-aware cognitive system in multi-channel cognitive
radio ad hoc networks,’’ IEEE Commun. Mag., vol. 56, no. 4, pp. 180–187,
ρvL Apr. 2018.
R= (4)
π [13] S. Gundavelli, K. Leung, V. Devarapalli, K. Chowdhury, and B. Patil, Proxy
SC = HL × R (5) Mobile IPv6, document RFC 5213, 2008.
[14] Z. Ning, F. Xia, X. Hu, Z. Chen, and M. S. Obaidat, ‘‘Social-oriented
Where ρ is the density of MN, v refers to the average velocity adaptive transmission in opportunistic Internet of smartphones,’’ IEEE
Trans. Ind. Informat., vol. 13, no. 2, pp. 810–820, Apr. 2017.
of MN, and L means the perimeters of a cell. we assume [15] T. Booth and K. Andersson, ‘‘Network security of Internet services:
L=100m, the wired bandwidth is 10Mbps, the wireless band- Eliminate DDoS reflection amplification attacks,’’ J. Internet Services Inf.
width is 6Mbps. According to Table 2, as the processing Secur., vol. 5, no. 3, pp. 58–79, 2015.
[16] B. Rashidi and C. Fung, ‘‘A survey of Android security threats and
time of symmetric key algorithm is about thousands of times defenses,’’ J. Wireless Mobile Netw., Ubiquitous Comput., Depend. Appl.,
faster than the other operations, we ignore the execute time vol. 6, no. 3, pp. 3–35, 2015.
of HMAC, AES-256 encryption and AES-256 decryption. [17] L.-J. Zhang, M. O. Tian-Qinga, and L.-Y. Zhao, ‘‘Authentication scheme
based on certificateless signcryption in proxy mobile IPv6 network,’’ Appl.
The results are shown as Figure.12 where we can draw
Res. Comput., vol. 29, no. 2, pp. 640–643, 2012.
the conclusion that PAAS owns lower signaling cost than the [18] Z. Zhang and G. Cui, ‘‘Secure access authentication scheme in mobile IPv6
other two schemes. networks,’’ Comput. Sci., vol. 36, no. 12, pp. 26–31, 2009.
[19] H. C. Zhou, H. K. Zhang, and Y. J. Qin, ‘‘An authentication proto- TIANHAN GAO received the B.E. degree in com-
col for proxy mobile IPv6,’’ in Proc. Int. Conf. Mobile Ad-Hoc Sensor puter science and technology, and the M.E. and
Netw. (MSN), Wuhan, China, Dec. 2008, pp. 129–136. Ph.D. degrees in computer application technol-
[20] H. Kim and J.-H. Lee, ‘‘Diffie-hellman key based authentication in proxy ogy from Northeastern University, China, in 1999,
mobile IPv6,’’ Mobile Inf. Syst., vol. 6, no. 1, pp. 107–121, 2010. 2001, and 2006, respectively, and the doctoral
[21] M.-C. Chuang, J.-F. Lee, and M.-C. Chen, ‘‘SPAM: A secure password tutor qualification in 2016. He has been a Vis-
authentication mechanism for seamless handover in proxy mobile IPv6 iting Scholar with the Department of Computer
networks,’’ IEEE Syst. J., vol. 7, no. 1, pp. 102–113, Mar. 2013.
Science, Purdue University, from 2011 to 2012.
[22] M. Alizadeh et al., ‘‘Cryptanalysis and improvement of ‘a secure password
He joined as a Lecturer with the Software College,
authentication mechanism for seamless handover in proxy mobile IPv6
networks,’’’ PLoS ONE, vol. 10, no. 11, pp. 40–48, 2015. Northeastern University, in 2006, where he was
[23] I. You and F.-Y. Leu, ‘‘Comments on ‘SPAM: A secure password authenti- promoted as a Professor in 2017. He has authored or co-authored over
cation mechanism for seamless handover in proxy mobile IPv6 networks,’’’ 50 research publications. His primary research interests are next generation
IEEE Syst. J., vol. 12, no. 1, pp. 1038–1041, Mar. 2015. network security, wireless mesh network security, security and privacy in
[24] J. H. Silverman, The Arithmetic of Elliptic Curves. Singapore: World ubiquitous computing, and virtual reality.
Scientific, 1999.
[25] W. Wu, Y. Mu, W. Susilo, J. Seberry, and X. Huang, ‘‘Identity-based proxy XINYANG DENG received the B.E. degree from
signature from pairings,’’ in Proc. Int. Conf. Auton. Trusted Comput., 2007,
the Software College, Dalian University of For-
pp. 22–31.
[26] B. Dan and M. Franklin, ‘‘Identity-based encryption from the Weil pair-
eign Languages, in 2014, and the master’s degree
ing,’’ in Advances in Cryptology—CRYPTO. Berlin, Germany: Springer, in software engineering from Northeastern Uni-
2001, pp. 213–229. versity. His primary research interests are next
[27] B. Waters, ‘‘Efficient identity-based encryption without random oracles,’’ generation network security, PMIPv6 security, and
in Advances in Cryptology—EUROCRYPT (Lecture Notes in Computer identity-based cryptography.
Science), vol. 3494. Berlin, Germany: Springer, 2005, pp. 114–127.
[28] H. Yokota, K. Chowdhury, R. Koodli, B. Patil, and F. Xia, Fast Handovers
for Proxy Mobile IPv6, document RFC 5949, 2010.
[29] P. F. Syverson and P. C. Van Oorschot, ‘‘On unifying some cryptographic
protocol logics,’’ in Proc. IEEE Comput. Soc. Symp. Res. Secur. Privacy, YINGBO WANG received the B.A. degree in
May 1994, pp. 14–28. graphic design from Northeastern University,
[30] M. Burrows, M. Abadi, and R. M. Needham, ‘‘A logic of authentication,’’ China, in 2007, and the master’s degree in
Proc. Roy. Soc. London A, Math. Phys. Eng. Sci., vol. 426, no. 1871, animation making from Chung-Ang University,
pp. 233–271, 1989. South Korea, in 2012. From 2008 to 2013, he
[31] A. M. Mathuria, R. Safavi-Naini, and P. R. Nickolas, ‘‘On the automa- secured a couple of professional positions as
tion of GNY logic,’’ Austral. Comput. Sci. Commun., vol. 17, no. 1, the Director and an Animator, successively from
pp. 370–379, 1995. Taktoon Enterprise and Made Contents YAGI Co.,
[32] M. N. Abadi and M. R. Tuttle, ‘‘A semantics for a logic of authentication,’’ South Korea. In 2014, he was well-equipped him-
in Proc. ACM Annu. Symp. Princ. Distrib. Comput., 1991, pp. 201–216. self for the honored offer from the Faulty of Soft-
[33] P. Van Oorschot, ‘‘Extending cryptographic logics of belief to key agree- ware Engineering, Northeastern University, and he has been a Lecturer
ment protocols,’’ in Proc. ACM Conf. Comput. Commun. Secur. (CCS),
in subject of digital media technology, specializing in game development,
Fairfax, VA, USA, Nov. 1993, pp. 232–243.
animation production, and virtual reality, since 2014.
[34] J.-H. Lee and J.-M. Bonnin, ‘‘HOTA: Handover optimized ticket-based
authentication in network-based mobility management,’’ Inf. Sci., vol. 230,
no. 4, pp. 64–77, 2013. XIANGJIE KONG (SM’16) received the B.Sc.
[35] C. Zhang, R. Lu, and X. Lin, P.-H. Ho, and X. Shen, ‘‘An efficient identity- and Ph.D. degrees from Zhejiang University,
based batch verification scheme for vehicular sensor networks,’’ in Proc. Hangzhou, China. He is currently an Associate
IEEE Conf. Comput. Commun., Apr. 2018, pp. 246–250. Professor with the School of Software, Dalian Uni-
[36] M.-C. Chuang and J.-F. Lee, ‘‘SF-PMIPv6: A secure fast handover mech- versity of Technology, China. He has served as
anism for proxy mobile IPv6 networks,’’ J. Syst. Softw., vol. 86, no. 2, a Guest Editor for several international journals,
pp. 437–448, 2013.
and the Workshop Chair or a PC Member for a
[37] X. Boyen and L. Martin, Identity-Based Cryptography Standard (IBCS)
number of conferences. He has authored or co-
#1: Supersingular Curve Implementations of the BF and BB1 Cryptosys-
tems, document RFC 5091, 2007. authored over 70 scientific papers in international
[38] C. Adams, P. Cain, D. Pinkas, and R. Zuccherato, Internet X.509 Public Key journals and conferences (with over 50 indexed by
Infrastructure Time-Stamp Protocol (TSP), document RFC 3161, 2001. ISI SCIE). His research interests include human behavior, mobile computing,
[39] S. Pack and Y. Choi, ‘‘A study on performance of hierarchical mobile IPv6 and computational social science. He is a Senior Member of CCF and a
in IP-based cellular networks,’’ IEICE Trans. Commun., vol. E87-B, no. 3, member of ACM.
pp. 462–469, 2004.