Академический Документы
Профессиональный Документы
Культура Документы
S E C U R I T Y A N D P R I VA C Y I N E M E R G I N G W I R E L E S S N E T W O R K S
Intuitively, complete
Trusted authority (TA)
privacy preservation
can achieve users’
privacy. However,
it is a double-edged
Ethernet sword and shown to
be unsuitable for
Roadside
unit (RSU)
RSU
VANET, since an
attacker could abuse
it to evade the
malicious behaviors.
RSU
On-board unit Vehicle-to-vehicle
(OBU) (V2V)
Vehicle-to-infrastructure communication
(V2I)
communication
• Privacy: Preserving users’ privacy is mainly the sender can generate this message (i.e.,
related to preventing disclosure of their real achieving data authentication and non-repudia-
identities and location information. tion). For entity authentication, the public key
• Access control: Access control is necessary to of each entity must be authentic to all the enti-
define the operations that each entity in the ties in the network. Therefore, securing
network can perform. In addition, any misbe- VANETs requires PKI, where a TA generates
having entity should be revoked from the net- an authentic certificate for each entity in the
work to protect the safety of other legitimate network binding the entity’s public key to its
entities in the network. Moreover, any actions identity.
taken by that misbehaving entity should be Access control can be achieved by defining
repealed. the permitted actions for each entity in the
• Availability: Users may be frustrated if attributes of its certificate. Furthermore, revoca-
VANET services become temporarily unavail- tion can be achieved by employing certificate
able due to attacks such as DoS attacks. revocation lists (CRLs), which contain the cer-
In this section, we argue that PKI is the most tificate identities of misbehaving nodes. Before
viable mechanism for securing VANETs as it verifying any received message, each node checks
can meet most VANET security requirements. whether or not the sender is included in the up-
In addition, we identify some limitations of PKI. to-date CRL.
Intuitively, complete privacy preservation
EMPLOYING PKI TO SECURE VANETS can achieve users’ privacy. However, it is a dou-
The security requirements of data authentica- ble-edged sword and shown to be unsuitable for
tion and non-repudiation can be achieved by VANETs, since an attacker could abuse it to
employing digital signatures. Implementing cover malicious behaviors. Therefore, condi-
digital signatures can be achieved via asymmet- tional privacy preservation is of vital impor-
ric cryptography where each entity has a pub- tance to secure vehicular communications,
lic/private key pair. Any entity can use its which can be achieved by employing anony-
unique private key to generate a unique digital mous certificates. Since anonymous certificates
signature for an outgoing message. When a do not contain any information about the real
signed message is received, the recipient uses identity of the certificate holder, vehicles can
the sender’s public key to verify the digital sig- authenticate each other while preserving their
nature of the sender of the message. Successful privacy, and only the TA has the ability to iden-
digital signature verification implies that the tify the real identity of a vehicle from its anony-
content of the message is not altered, and only mous certificate.
more than a threshold, the TA will revoke the tect its identity privacy, the size of the CRL
vehicle; otherwise, the vehicle’s behavior is recog- maybe very large, which could result in long
nized as malfunctioning, not malicious. delays to check the revocation status of a sender.
We have proposed the Message Authentica-
COMPLEMENTING AUTHENTICATION EFFICIENCY tion Acceleration (MAAC) protocol for VANETs
In order to complement the authentication capa- [9], which replaces the time-consuming CRL
bilities provided by PKI, we introduce mecha- checking process by an efficient revocation check
nisms to accelerate the main processes of the process. The revocation check process uses a fast
authentication, which are the revocation status keyed hash message authentication code
check and signatures verification processes, (HMAC), which deterministically generates a
respectively. fixed size unique output for an arbitrary block of
data using some secret key. HMAC is easy and
Accelerating the Revocation Status Check Process — In efficient to calculate but computationally infeasi-
a certificate-based authentication system such as ble to invert. In MAAC, the key used in calculat-
PKI, the authentication of a received message is ing the HMAC is a group key shared only
performed by checking that the sender’s certifi- between unrevoked vehicles. When a vehicle
cate is not included in the current CRL and veri- broadcasts a message, it appends to the message
fying the sender’s signature. Since the number of an HMAC, calculated using the shared group key,
vehicles in VANETs is in millions, and each as proof that it has not been previously revoked.
vehicle possesses a number of certificates to pro- The recipient vehicle calculates its own HMAC
on the received messages using its group key and
compares the received HMAC with the calculated
140 one. If a match occurs, the sender is not previous-
TCRL location1
ly revoked since the secret key is shared only
TEDR location1 between unrevoked vehicles and vice versa. Thus,
120 TCRL location2
TEDR location2
MAAC can avoid the need to check the CRL,
TCRL location3 hence alleviating the effect of the long delay to
TEDR location3 check the revocation status of senders. Through
100
simulations, it is demonstrated that MAAC can
Revocation delay (ms)
70
employing MAAC significantly decreases the
message loss ratio compared to that employing
60 either the linear or binary CRL revocation status
check. The reason for the superiority of MAAC
50 is that it incurs the minimum revocation status
check delay compared to the linear and binary
40
CRL revocation check processes.
30
Accelerating the Signature Verification Process — To
20 accelerate the signature verification process in
VANETs, we have developed an efficient
10
online/offline signature scheme[10]. The online/
0 offline signature can divide the signature genera-
0 20 40 60 80 100 120 140 160 180 tion procedure in two phases. The first phase is
Average number of OUBs in communication range executed offline (which is irrelevant to the mes-
sage to be signed), and the second phase is per-
Figure 4. Comparison of message loss ratios for different schemes. formed online (after the message to be signed is