HCDA: Efficient Pairing-Free Homographic Key Management for Dynamic Cross-Domain Authentication in VANETs
Abstract
:1. Introduction
Research Contributions
- Pairing-free certificateless mutual authentication scheme for cloud-assisted VANETs with edge computing infrastructure: Our method adopts cloud-assisted system model with edge infrastructure. In our assumption, the massive vehicular data are to be transmitted and processed in remote cloud. Hence, practical requirements for sufficient processing and storing capacities can be satisfied. Meanwhile, the deployed edge RSU architecture enables low latency and high reliability of vehicle-to-RSU transmission (V2R), while the bandwidth burden for cloud server can be significantly alleviated. Furthermore, certificateless cryptography is exploited. TA and individual vehicle respectively generate the corresponding partial key pair so that the key escrow issue can be solved. The entire authentication scheme is performed without complex pairing functions so that the computation cost is drastically reduced.
- Homographic key management towards cross-domain authentication: In the proposed scheme, the cross-domain authentication issue is addressed by using the certificate transited from RSU clusters. Therefore, the successive RSUs could efficiently verify the cross-domain vehicle according to the certificate from the neighbor RSUs and vehicle itself. During the CDA process, homomorphic encryption is deployed for all participating RSUs and vehicles. Hence, RSU is able to conduct the verification process without accessing the vital vehicle secrets, where the vehicle privacy is guaranteed from the compromised RSUs. Please note that it is not necessary for the successive RSUs to exchange confidential information with remote cloud server, thus balance between efficiency and security is properly made.
- Dynamic updating strategies on anonymous vehicle for conditional privacy preserving: Constant identity is hidden during entire process, while the anonymous identities for RSUs and vehicles are constructed. Therefore, crucial security characteristics including unlinkability, conditional privacy-preserving, and user anonymity for all participating entities are provided. Meanwhile, the transmitted vehicle certificate will be automatically updated whenever the vehicle passes by a new RSU. Thanks to the homographic encryption property and vehicle conditional privacy, confidential keying information cannot be extracted or forged by the compromised RSUs.
2. Related Works
3. Preliminaries
3.1. Elliptic Curve Cryptography (ECC)
3.2. Hash Function
- Input a message x of arbitrary length, it is easy to compute a message digest of a fixed length output .
- Given y, it is hard to compute .
- Given x, it is computationally infeasible to find such that .
3.3. Homomorphic Encryption
3.4. Notations
3.5. System Model
3.6. Networks Assumptions
3.7. Security Requirements
- Mutual Authentication: In the VANET design, mutual authentication is the basic but leading security property ensuring that both VANET entities in one communication process authenticate each other. In this way, the impersonation attack towards certain device can be prevented.
- Conditional Privacy Preserving: As one of the essential privacy parameters, conditional privacy consists of user privacy protection and certain device retrieving. That is, the private information regarding user identity is safely preserved during the entire transmission process. Hence, the illegal tracing toward specific device cannot be performed. Resistance to replay attack is guaranteed as well. Meanwhile, the central server in charge of system management is able to reveal the real identity of individual vehicle if necessary. In this case, the compromised or corrupted vehicle can be timely revoked.
- Non-repudiation: The message sender of VANET cannot deny the authenticity of its signature on the transmitted messages. Non-repudiation ensures the validity of the transmitted information.
- Unforgeability: In wireless VANET transmission, adversary may selectively forge the valid certificates, keys, or signatures in order to pass the verification process and acquire crucial system secrets. Unforgeability against chosen message attack is the major property in secure data exchange.
- Anonymity: In open environment, the communication channels may be eavesdropped by malicious entities. Meanwhile, messages originating from the same device carry unique patterns in order for distinction in the receiver side. In this case, by analyzing the eavesdropped information, vital parameters such as sending frequency, user location may be exposed, which endangers user privacy. Hence, anonymity during the whole VANET communications is extremely important.
- Session Key Establishment: Upon verification, the shared session key between individual vehicle and VANET system should be established so as to provide safe data exchange. Due to the semi-trustworthiness of intermediate RSUs, the constructed session key should be hidden from the interacting RSUs.
4. The Proposed HCDA Scheme
4.1. Device Registration
4.2. Mutual Authentication
4.3. Cross-Domain Authentication Strategy
5. Security Analysis
5.1. Security Proofs
5.2. Security Properties Comparison
6. Performance Analysis
6.1. Storage Overhead
6.2. Computation Cost
6.3. Communication Cost
7. Conclusions
Author Contributions
Funding
Conflicts of Interest
References
- Li, Y.; Chen, W.; Cai, Z.; Fang, Y. CAKA: A Novel Certificateless-Based Cross-Domain Authenticated Key Agreement Protocol for Wireless Mesh Networks. Wirel. Netw. 2016, 22, 2523–2535. [Google Scholar] [CrossRef]
- Feng, Q.; He, D.; Zeadally, S.; Liang, K. BPAS: Blockchain-Assisted Privacy-Preserving Authentication System for Vehicular Ad Hoc Networks. IEEE Trans. Ind. Inform. 2020, 16, 4146–4155. [Google Scholar] [CrossRef]
- Tan, H.; Gui, Z.; Chung, I. A Secure and Efficient Certificateless Authentication Scheme With Unsupervised Anomaly Detection in VANETs. IEEE Access 2018, 6, 74260–74276. [Google Scholar] [CrossRef]
- Yao, Y.; Chang, X.; Mišić, J.; Mišić, V.B.; Li, L. BLA: Blockchain-Assisted Lightweight Anonymous Authentication for Distributed Vehicular Fog Services. IEEE Internet Things J. 2019, 6, 3775–3784. [Google Scholar] [CrossRef]
- He, D.; Kumar, N.; Wang, H.; Wang, L.; Choo, K.R.; Vinel, A. A Provably-Secure Cross-Domain Handshake Scheme with Symptoms-Matching for Mobile Healthcare Social Network. IEEE Trans. Dependable Secur. Comput. 2018, 15, 633–645. [Google Scholar] [CrossRef]
- Cui, J.; Wei, L.; Zhang, J.; Xu, Y.; Zhong, H. An Efficient Message-Authentication Scheme Based on Edge Computing for Vehicular Ad Hoc Networks. IEEE Trans. Intell. Transp. Syst. 2019, 20, 1621–1632. [Google Scholar] [CrossRef]
- Shen, J.; Tan, H.; Ren, Y.; Liu, Q.; Wang, B. A Practical RFID Grouping Authentication Protocol in Multiple-Tag Arrangement With Adequate Security Assurance. In Proceedings of the 2016 18th International Conference on Advanced Communication Technology (ICACT), Dublin, Ireland, 31 January–3 February 2016; pp. 693–699. [Google Scholar]
- Lu, Z.; Wang, Q.; Qu, G.; Zhang, H.; Liu, Z. A Blockchain-Based Privacy-Preserving Authentication Scheme for VANETs. IEEE Trans. Very Large Scale Integr. VLSI Syst. 2019, 27, 2792–2801. [Google Scholar] [CrossRef]
- Liu, B.; Jia, D.; Wang, J.; Lu, K.; Wu, L. Cloud-Assisted Safety Message Dissemination in VANET–Cellular Heterogeneous Wireless Network. IEEE Syst. J. 2017, 11, 128–139. [Google Scholar] [CrossRef] [Green Version]
- Kayes, A.; Rahayu, W.; Watters, P.; Alazab, M.; Dillon, T.; Chang, E. Achieving Security Scalability and Flexibility Using Fog-Based Context-Aware Access Control. Future Gener. Comput. Syst. 2020, 107, 307–323. [Google Scholar] [CrossRef]
- Yu, S.; Park, K.; Park, Y. A Secure Lightweight Three-Factor Authentication Scheme for IoT in Cloud Computing Environment. Future Gener. Comput. Syst. 2019, 19, 3598. [Google Scholar] [CrossRef] [Green Version]
- Lee, J.; Yu, S.; Park, K.; Park, Y.; Park, Y. Secure Three-Factor Authentication Protocol for Multi-Gateway IoT Environments. Sensors 2019, 22, 2358. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Wang, F.; Xu, Y.; Zhang, H.; Zhang, Y.; Zhu, L. 2FLIP: A Two-Factor Lightweight Privacy-Preserving Authentication Scheme for VANET. IEEE Trans. Veh. Technol. 2016, 65, 896–911. [Google Scholar] [CrossRef]
- Tan, H.; Choi, D.; Kim, P.; Pan, S.; Chung, I. Comments on ‘Dual Authentication and Key Management Techniques for Secure Data Transmission in Vehicular Ad Hoc Networks’. IEEE Trans. Intell. Transp. Syst. 2017, 19, 2149–2151. [Google Scholar] [CrossRef]
- Du, X.; Xiao, Y.; Ci, S.; Guizani, M.; Chen, H. A Routing-Driven Key Management Scheme for Heterogeneous Sensor Networks. In Proceedings of the 2007 IEEE International Conference on Communications, Glasgow, Scotland, 24–28 June 2007; pp. 3407–3412. [Google Scholar]
- Ullah, A.; Yaqoob, S.; Imran, M.; Ning, H. Emergency Message Dissemination Schemes Based on Congestion Avoidance in VANET and Vehicular FoG Computing. IEEE Access 2019, 7, 1570–1585. [Google Scholar] [CrossRef]
- Tan, H.; Chung, I. Secure Authentication and Group Key Distribution Scheme for WBANs Based on Smartphone ECG Sensor. IEEE Access 2019, 7, 151459–151474. [Google Scholar] [CrossRef]
- Zhu, X.; Jiang, S.; Wang, L.; Li, H. Efficient Privacy-Preserving Authentication for Vehicular Ad Hoc Networks. IEEE Trans. Veh. Technol. 2014, 63, 907–919. [Google Scholar] [CrossRef]
- Zhou, T.; Shen, J.; Li, X.; Wang, C.; Tan, H. Logarithmic Encryption Scheme for Cyber-Physical Systems Employing Fibonacci Q-matrix. Future Gener. Comput. Syst. 2020, 108, 1307–1313. [Google Scholar] [CrossRef]
- Huang, D.; Misra, S.; Verma, M.; Xue, G. PACP: An Efficient Pseudonymous Authentication-Based Conditional Privacy Protocol for VANETs. IEEE Trans. Intell. Transp. Syst. 2011, 12, 736–746. [Google Scholar] [CrossRef]
- Tian, Z.; Shi, W.; Wang, Y.; Zhu, C.; Du, X.; Su, S.; Sun, Y.; Guizani, N. Real-Time Lateral Movement Detection Based on Evidence Reasoning Network for Edge Computing Environment. IEEE Trans. Ind. Inform. 2019, 15, 4285–4294. [Google Scholar] [CrossRef] [Green Version]
- Shen, J.; Tan, H.; Zhang, Y.; Sun, X.; Xiang, Y. A New Lightweight RFID Grouping Authentication Protocol for Multiple Tags in Mobile Environment. Multimed. Tools Appl. 2017, 76, 22761–22783. [Google Scholar] [CrossRef]
- Ma, M.; He, D.; Wang, H.; Kumar, N.; Choo, K.R. An Efficient and Provably Secure Authenticated Key Agreement Protocol for Fog-Based Vehicular Ad-Hoc Networks. IEEE Internet Things J. 2019, 6, 8065–8075. [Google Scholar] [CrossRef]
- Tan, H.; Chung, I. A Secure and Efficient Group Key Management Protocol with Cooperative Sensor Association in WBANs. Sensors 2018, 18, 3930. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Wasef, A.; Shen, X. EMAP: Expedite Message Authentication Protocol for Vehicular Ad Hoc Networks. IEEE Trans. Mob. Comput. 2013, 12, 78–89. [Google Scholar] [CrossRef]
- Kaur, K.; Garg, S.; Kaddoum, G.; Gagnon, F.; Ahmed, S.H. Blockchain-Based Lightweight Authentication Mechanism for Vehicular Fog Infrastructure. In Proceedings of the 2019 IEEE International Conference on Communications Workshops (ICC Workshops), Shanghai, China, 20–24 May 2019; pp. 1–6. [Google Scholar]
- Chuang, M.; Lee, J. TEAM: Trust-Extended Authentication Mechanism for Vehicular Ad Hoc Networks. IEEE Syst. J. 2014, 8, 749–758. [Google Scholar] [CrossRef]
- Tan, H.; Song, Y.; Xuan, S.; Pan, S.; Chung, I. Secure D2D Group Authentication Employing Smartphone Sensor Behavior Analysis. Symmetry 2018, 11, 969. [Google Scholar] [CrossRef] [Green Version]
- Li, J.; Lu, H.; Guizani, M. ACPN: A Novel Authentication Framework with Conditional Privacy-Preservation and Non-Repudiation for VANETs. IEEE Trans. Parallel Distrib. Syst. 2015, 26, 938–948. [Google Scholar] [CrossRef]
- Alazzawi, M.A.; Lu, H.; Yassin, A.A.; Chen, K. Efficient Conditional Anonymity With Message Integrity and Authentication in a Vehicular Ad-Hoc Network. IEEE Access 2019, 7, 71424–71435. [Google Scholar] [CrossRef]
- Tan, H.; Choi, D.; Kim, P.; Pan, S.; Chung, I. An Efficient Hash-based RFID Grouping Authentication Protocol Providing Missing Tags Detection. J. Internet Technol. 2018, 19, 481–488. [Google Scholar]
- Hao, Y.; Cheng, Y.; Zhou, C.; Song, W. A Distributed Key Management Framework with Cooperative Message Authentication in VANETs. IEEE J. Sel. Areas Commun. 2011, 29, 616–629. [Google Scholar] [CrossRef]
- Wang, B.; Wang, Y.; Chen, R. A Practical Authentication Framework for VANETs. Secur. Commun. Netw. 2019, 2019, 1–11. [Google Scholar] [CrossRef] [Green Version]
- Tan, H.; Choi, D.; Kim, P.; Pan, S.; Chung, I. Secure Certificateless Authentication and Road Message Dissemination Protocol in VANETs. Wirel. Commun. Mob. Comput. 2018, 2018, 1–13. [Google Scholar] [CrossRef] [Green Version]
- Zhang, L.; Wu, Q.; Solanas, A.; Domingo-Ferrer, J. A Scalable Robust Authentication Protocol for Secure Vehicular Communications. IEEE Trans. Veh. Technol. 2010, 59, 1606–1617. [Google Scholar] [CrossRef] [Green Version]
- Lu, R.; Lin, X.; Liang, X.; Shen, X. A Dynamic Privacy-Preserving Key Management Scheme for Location-Based Services in VANETs. IEEE Trans. Intell. Transp. Syst. 2012, 13, 127–139. [Google Scholar] [CrossRef] [Green Version]
- He, D.; Zeadally, S.; Xu, B.; Huang, X. An Efficient Identity-Based Conditional Privacy-Preserving Authentication Scheme for Vehicular Ad Hoc Networks. IEEE Trans. Inf. Forensics Secur. 2015, 10, 2681–2691. [Google Scholar] [CrossRef]
- Lo, N.; Tsai, J. An Efficient Conditional Privacy-Preserving Authentication Scheme for Vehicular Sensor Networks Without Pairings. IEEE Trans. Intell. Transp. Syst. 2016, 17, 1319–1328. [Google Scholar] [CrossRef]
- Shao, J.; Lin, X.; Lu, R.; Zuo, C. A Threshold Anonymous Authentication Protocol for VANETs. IEEE Trans. Veh. Technol. 2016, 65, 1711–1720. [Google Scholar] [CrossRef]
- Lin, C.; Deng, D.; Yao, C. Resource Allocation in Vehicular Cloud Computing Systems With Heterogeneous Vehicles and Roadside Units. IEEE Internet Things J. 2018, 5, 3692–3700. [Google Scholar] [CrossRef]
- Wang, Y.; Ding, Y.; Wu, Q.; Wei, Y.; Qin, B.; Wang, H. Privacy-Preserving Cloud-Based Road Condition Monitoring With Source Authentication in VANETs. IEEE Trans. Inf. Forensics Secur. 2019, 14, 1779–1790. [Google Scholar] [CrossRef]
- Zhang, Q.; Gan, Y.; Zhang, Q.; Wang, R.; Tan, Y. A Dynamic and Cross-Domain Authentication Asymmetric Group Key Agreement in Telemedicine Application. IEEE Access 2018, 6, 24064–24074. [Google Scholar]
- Tan, H.; Chung, I. Secure Authentication and Key Management With Blockchain in VANETs. IEEE Access 2020, 8, 2482–2498. [Google Scholar] [CrossRef]
- Gayathri, N.B.; Thumbur, G.; Reddy, P.V.; Muhammad, Z.U.R. Efficient Pairing-Free Certificateless Authentication Scheme With Batch Verification for Vehicular Ad-Hoc Networks. IEEE Access 2018, 6, 31808–31819. [Google Scholar] [CrossRef]
Symbol | Description |
---|---|
, | Vehicular Cloud, Road-Side Units |
Cyclic Group | |
P | Generator of |
Distinctive and Anonymous Identity for | |
Partial Secret Key Pair of | |
Encryption Key Pair of | |
Decryption Key Pair of | |
Large Prime Values | |
Distinctive and Anonymous Vehicle Identities | |
Partial Secret Key Pair of Vehicle | |
Encryption Key Pair of Vehicle | |
Decryption Key Pair of Vehicle | |
Proofs in Domain | |
Credential in Domain | |
Vehicle Session Key | |
Timestamps | |
Vehicle Set | |
Homomorphic Cryptography of | |
Homomorphic Cryptography of Vehicle |
Number | Type | Distinctive Identity | Assigned Secret | Location | Name/Add./Social ID/Phone No. |
---|---|---|---|---|---|
1 | RSU | √ | ∖ | ||
2 | RSU | √ | ∖ | ||
⋯ | ⋯ | ⋯ | ⋯ | ⋯ | ⋯ |
i | RSU | √ | ∖ | ||
1 | Vehicle | ∖ | √ | ||
2 | Vehicle | ∖ | √ | ||
⋯ | ⋯ | ⋯ | ⋯ | ⋯ | ⋯ |
j | Vehicle | ∖ | √ |
Scheme | ICPP [37] | SAKM [43] | PFCA [44] | The Proposed Scheme |
---|---|---|---|---|
Cross-Domain Authentication | × | × | × | √ |
Unforgeability | √ | √ | √ | √ |
Replay Attack Resistance | √ | √ | √ | √ |
Conditional Privacy Preserving | √ | √ | √ | √ |
Session Key Establishment | √ | √ | √ | √ |
Key Escrow Resilience | √ | √ | √ | √ |
Scalability | × | √ | √ | √ |
Anonymous Identity Updating | × | × | × | √ |
Modification Attack Resistance | √ | √ | √ | √ |
Collusion Attack Resilience | √ | × | √ | √ |
Sybil Attack Resilience | √ | × | √ | √ |
Scheme | ICPP [37] | SAKM [43] | PFCA [44] | The Proposed Scheme |
---|---|---|---|---|
Storage Cost (RSU) | bits | bits | bits | bits |
Storage Cost (Vehicle) | 2112 bits | 2208 bits | 4368 bits | 1576 bits |
© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Tan, H.; Xuan, S.; Chung, I. HCDA: Efficient Pairing-Free Homographic Key Management for Dynamic Cross-Domain Authentication in VANETs. Symmetry 2020, 12, 1003. https://doi.org/10.3390/sym12061003
Tan H, Xuan S, Chung I. HCDA: Efficient Pairing-Free Homographic Key Management for Dynamic Cross-Domain Authentication in VANETs. Symmetry. 2020; 12(6):1003. https://doi.org/10.3390/sym12061003
Chicago/Turabian StyleTan, Haowen, Shichang Xuan, and Ilyong Chung. 2020. "HCDA: Efficient Pairing-Free Homographic Key Management for Dynamic Cross-Domain Authentication in VANETs" Symmetry 12, no. 6: 1003. https://doi.org/10.3390/sym12061003
APA StyleTan, H., Xuan, S., & Chung, I. (2020). HCDA: Efficient Pairing-Free Homographic Key Management for Dynamic Cross-Domain Authentication in VANETs. Symmetry, 12(6), 1003. https://doi.org/10.3390/sym12061003