Ivan E. Carvajal-Roca,Jian Wang

DOI: https://doi.org/10.1109/vtc2021-fall52928.2021.9625336

2021-01-01

Abstract:With the fast evolution of vehicle networks, Connected and Autonomous Vehicles (CAVs) are mobile devices that are not only used for transportation but also form part of other promising technologies such as the internet of vehicles and cyber-physical systems. Despite the benefits of CAVs, exposing in-vehicle networks to external devices can lead to different privacy and security challenges. Due to scalability, efficiency, and dynamic communication requirements, the security between in-vehicle networks with external devices cannot fully rely on the vehicle's external third parties. In this paper, we propose a semi-decentralized fine-grained security framework based on Ciphertex-Policy Attribute-Based Encryption (CP-ABE) to secure the communication of in-vehicle network's Electronic Control Units (ECUs) with vehicle's external connected device. Our approach's fine-grained access control is based on the attributes of external devices connected to different subsystems inside the vehicle. Each subsystem inside the vehicle has full control of the access policy during the vehicle's operation. Therefore, our proposed approach has a flexible and dynamic key management suitable for future CAVs. Finally, the experiment of our framework validates its feasibility for implementation.

Maanak Gupta,James Benson,Farhan Patwa,Ravi Sandhu

DOI: https://doi.org/10.48550/arXiv.1908.08112

2019-08-22

Abstract:Future smart cities and intelligent world will have connected vehicles and smart cars as its indispensable and most essential components. The communication and interaction among such connected entities in this vehicular internet of things (IoT) domain, which also involves smart traffic infrastructure, road-side sensors, restaurant with beacons, autonomous emergency vehicles, etc., offer innumerable real-time user applications and provide safer and pleasant driving experience to consumers. Having more than 100 million lines of code and hundreds of sensors, these connected vehicles (CVs) expose a large attack surface, which can be remotely compromised and exploited by malicious attackers. Security and privacy are serious concerns that impede the adoption of smart connected cars, which if not properly addressed will have grave implications with risk to human life and limb. In this research, we present a formalized dynamic groups and attribute-based access control (ABAC) model (referred as \cvac) for smart cars ecosystem, where the proposed model not only considers system wide attributes-based security policies but also takes into account the individual user privacy preferences for allowing or denying service notifications, alerts and operations to on-board resources. Further, we introduce a novel notion of groups in vehicular IoT, which are dynamically assigned to moving entities like connected cars, based on their current GPS coordinates, speed or other attributes, to ensure relevance of location and time sensitive notification services to the consumers, to provide administrative benefits to manage large numbers of smart entities, and to enable attributes and alerts inheritance for fine-grained security authorization policies. We present proof of concept implementation of our model in AWS cloud platform demonstrating real-world uses cases along with performance metrics.

Cryptography and Security

Yanan Zhao,Yunpeng Wang,Xiaochun Cheng,Hengwei Chen,Haiyang Yu,Yilong Ren

DOI: https://doi.org/10.1109/tits.2021.3105458

IF: 8.5

2022-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Autonomous Vehicle Platoon (AVP) is conceived as a promising solution to enhance the traffic capacity and reduce the energy consumption in the intelligent transportation system. Nevertheless, AVP without security guarantees are prone to various attacks, which probably lead to life-threatening accidents. Motivated by solving this issue, an outsourced attribute-based access control mechanism with direct revocation for AVP (RFAP) is introduced in this paper. Among them, attribute-based encryption is utilized to implement fine-grained access control during the encryption process. Furthermore, RFAP can not only realize the immediate revocation of platoon member who is about to leave the platoon without affecting others, but also achieve secure outsourced decryption with the help of edge computing units for minimizing the computational overhead of decryption on the vehicle side. Security analysis and simulation results indicate that our RFAP mechanism is practical in aspects of security and efficiency.

Wei,Saiyu Qi,Xu Yang,Wenjia Zhao,Jun Gu,Kashif Saleem,Yong Qi

DOI: https://doi.org/10.1109/tvt.2024.3398062

IF: 6.8

2024-01-01

IEEE Transactions on Vehicular Technology

Abstract:Internet of Vehicles (IoV) is a promising technology to equip transportation management systems with digitalized ability. The deployed IoV devices allow traffic participants to generate and analyze the traffic information such as driving status and road condition. They can further share the collected traffic data through the centralized cloud service to improve road operation efficiency, safety and reduce economic losses. Storing sensitive traffic data in an untrusted cloud server, however, raises the requirement of data access control to protect valuable business issues. Unfortunately, using pure cryptographic access control schemes for traffic data faces several limitations. In this paper, we first develop a pure cryptographic construction to enforce attribute-based access control (ABAC) model in untrusted cloud for IoV system based on ciphertext policy-attribute based encryption (CP-ABE) and explore three limitations of it. By studying ABAC in the context of CP-ABE, we can effectively lower-bound the costs that would be incurred when using more advanced and more expensive predicate encryption schemes. We then propose a new attribute based access control system (AACS) for cloud-aided IoV system to overcome the barriers of CP-ABE by using trusted hardware (Intel Software Guard Extensions (SGX)). AACS uses a secure data division framework to achieve a small Trusted Computing Base (TCB) and integrates SGX with several cryptographic protocols as well as optimization techniques. We comprehensively evaluate AACS to show the design advantages of it

Wei Luo,Wenping Ma

DOI: https://doi.org/10.1109/access.2018.2858233

IF: 3.9

2018-01-01

IEEE Access

Abstract:Vehicular networking involves the storage, compute, and analysis of massive vehicular data. Vehicular cloud computing, as a special cloud computing platform, seamlessly combines vehicular ad hoc networks and conventional cloud computing. However, in the vehicular cloud computing, there is still the problem of unauthorized users accessing and stealing data. In the traditional ciphertext-policy attribute-based encryption (CP-ABE) scheme, a trusted central authority is employed to manage attributes and distribute keys. Based on multi-authority (MA) CP-ABE, we propose a secure and revocable access control scheme for vehicular cloud computing in this paper, in which the requester can decrypt the ciphertext with only a small amount of computation. We show that our MA-CP-ABE scheme can prevent static corruption of authorities in the standard model under the decisional q-parallel bilinear Diffie–Hellman exponent assumption. Theoretical analysis and experimental simulation results show that our scheme has lower communication cost and lower computational complexity than other schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jinpeng Han,Zhiyang Ju,Xiaoguang Chen,Manzhi Yang,Hui Zhang,Rouxing Huai

DOI: https://doi.org/10.1109/tiv.2023.3304762

IF: 8.2

2023-01-01

IEEE Transactions on Intelligent Vehicles

Abstract:With features of collaborative interaction and autonomous decision-making, connected and autonomous vehicles (CAVs) offer a viable solution for a sustainable and efficient future of transportation. However, with the development of CAVs, questions have been raised about weaknesses in cybersecurity and autonomous driving capabilities. In particular, CAVs provide new opportunities for cyberattackers, posing a significant threat to future road and vehicle data security. Therefore, this paper provides a comprehensive analysis of the cybersecurity environment of CAVs. First, we propose a systematic classification of six security threats from cybersecurity principles: false data, information theft, privilege escalation, block communication, and time delay. We review the cybersecurity environment of CAVs from a lifecycle perspective, covering aspects from development to accident, and present the existing cybersecurity countermeasures. These involve security standards designation, verification and validation of vehicle networks, resilient strategies for self-defined driving, and attack detection and digital forensics. Finally, based on our systematic review, we propose a conceptual vehicle security operations center (VSOC) framework that provides valuable inspiration and references for future research and industrial applications for CAVs cybersecurity.

Yingjie Xia,Wenzhi Chen,Xuejiao Liu,Luming Zhang,Xuelong Li,Yang Xiang

DOI: https://doi.org/10.1109/tits.2017.2653103

IF: 8.5

2017-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Vehicular ad-hoc networks (VANETs) have drawn much attention of researchers. The vehicles in VANETs frequently join and leave the networks, and therefore restructure the network dynamically and automatically. Forwarded messages in vehicular ad-hoc networks are primarily multimedia data, including structured data, plain text, sound, and video, which require access control with efficient privacy preservation. Ciphertext-policy attribute-based encryption (CP-ABE) is adopted to meet the requirements. However, solutions based on traditional CP-ABE suffer from challenges of the limited computational resources on-board units equipped in the vehicles, especially for the complex policies of encryption and decryption. In this paper, we propose a CP-ABE delegation scheme, which allows road side units (RSUs) to perform most of the computation, for the purpose of improving the decryption efficiency of the vehicles. By using decision tree to jointly optimize multiple factors, such as the distance from RSU, the communication and computational cost, the CP-ABE delegation scheme is adaptively activated based on the estimation of various vehicles decryption overhead. Experimental results thoroughly demonstrate that our scheme is effective and efficient for multimedia data forwarding in vehicular ad-hoc networks with privacy preservation.

Hui Li,Lishuang Pei,Dan Liao,Song Chen,Ming Zhang,Du Xu

DOI: https://doi.org/10.1109/access.2020.2992203

IF: 3.9

2020-01-01

IEEE Access

Abstract:Vehicular Ad Hoc Network (VANET) is an important foundation of intelligent transportation system and is widely used in traffic management, automatic driving, and road optimization. With the gradual popularization and further development of VANET, a large amount of VANET data has been produced. However, it poses huge challenges to the security and privacy when using VANET data provides services for users. In this paper, combining the technologies of blockchain and ciphertext-based attribute encryption (CP-ABE), we propose a fine-grained access control scheme for VANET data based on blockchain (FADB). In FADB, we employ the blockchain to replace the third-party service providers for user identity management and data storage. And different VANET data access rights can be established according to user attribute. By improving the CP-ABE, the lightweight VANET devices can outsource complex encryption and decryption operations to powerful RSUs and further improve the efficiency of data access. Final, we carry out a series of simulation tests and security analysis, proving that the FADB can provide effective data security and low performance overhead.

Tao Wang,Li Kang,Jiang Duan

DOI: https://doi.org/10.1016/j.comnet.2021.107872

IF: 5.493

2021-04-01

Computer Networks

Abstract:<p>Secure communication in vehicular ad hoc networks (VANETs) has been extensively researched; however, access control in VANETs has not been studied adequately. Access control ensures that only authorized vehicles receive quality services over the VANETs to enhance the driving experience. Attribute-based encryption (ABE) with revocation is a promising access control technique that keeps data confidential and is suitable for application in VANETs. However, most existing revocable ABE schemes require the private keys of all non-revoked users to be updated if the private key of any user is revoked, which makes the implementation of such schemes extremely inefficient. In this paper, a dynamic fine-grained access control scheme based on ABE is proposed to ensure vehicle network security. It enables the message sender to determine which vehicles receive the message according to their attributes and can also freely revoke the decryption authorization of certain vehicles without needing to update all non-revoked keys. To the best of our knowledge, this is the first time that secure and efficient dynamic access control in VANETs has been achieved. Performance analysis and simulation evaluations have shown that the algorithm is more efficient in terms of computational delay and communication overhead, as compared with existing schemes.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Kai Fan,Junxiong Wang,Xin Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1007/s12083-017-0562-8

IF: 3.488

2017-01-01

Peer-to-Peer Networking and Applications

Abstract:With the rapid development of vehicular networks, the problem of data sharing in vehicular networks has attached much attention. However, existing data access control schemes in cloud computing cannot be applied to the scenario of vehicular networks, because cloud computing paradigm cannot satisfy the rigorous requirement posed by latency-sensitive mobile application. Fog Computing is a paradigm that extends Cloud computing and services to the edge of the network. The vehicular fog is the ideal platform to achieve data sharing in vehicular networks. In this paper, we propose a revocable data sharing scheme for vehicular fogs. We construct a new multi-authority ciphertext policy attribute-based encryption (CP-ABE) scheme with efficient decryption to realize data access control in vehicular network system, and design an efficient user and attribute revocation method for it. The analysis and the simulation results show that our scheme is secure and highly efficient.

Jiawei Zhang,Teng Li,Mohammad S. Obaidat,Chi Lin,Jianfeng Ma

DOI: https://doi.org/10.1109/jsyst.2020.3044309

IF: 4.802

2022-03-01

IEEE Systems Journal

Abstract:The rapid development of cloud computing and Internet of Things enables widely use of Internet of Vehicles (IoV) and drives a revolutionary change for intelligent transport system. The advent of 5G and fog computing architectures also facilitates applications of IoV and makes the enormous IoV data outsourcing and sharing in cloud and fog more convenient. However, the data outsourcing and sharing will incur many security concerns to IoV including data leakage and breach as the users cannot direct control their data. To guarantee IoV data security, a novel scheme is proposed for IoV data sharing with high efficiency. In our scheme, we utilize ciphertext-policy attribute-based encryption (CP-ABE) to achieve confidentiality and fine-grained access control for IoV data shared in cloud and fog. Nevertheless, as another intrinsic feature in IoV environment, the dynamicity in a group of connected vehicles brings some challenges to our scheme. To deal with this situation, we bring forward a concept of auditable user revocation for CP-ABE to adapt to the dynamic vehicle groups. Moreover, online/offline and verifiable outsourcing techniques are leveraged to improve the efficiency and guarantee the correctness of decryption. At the end, we demonstrate the security and efficiency for our scheme by giving detailed security analysis and performance evaluation with extensive experiments.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Yanan Zhao,Haiyang Yu,Yang,Liang Xu,Shuyue Pan,Yilong Ren

DOI: https://doi.org/10.1109/tits.2023.3324016

IF: 8.5

2024-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Autonomous Vehicle Platooning (AVP) presents a promising approach to reducing energy expenses, improving traffic safety, and enhancing capacity. In multi-platoon vehicular networks, platoons can collaborate to ensure better data transfer reliability. However, the existing secure information-sharing methods between platoons face efficiency and security challenges. These challenges arise from (1) a lack of an efficient method to simultaneously ensure confidentiality, authenticity, and non-repudiation of the transmitted information; (2) difficulty in cross-domain dynamically sharing ciphertexts to multiple recipients is challenging. To overcome these challenges, we propose a Flexible Cross-domain Data Access Control (FC-DAC) system in this paper. Our FC-DAC system ensures confidentiality, authenticity, and non-repudiation of transmitted information while enabling high-efficiency ciphertext sharing between various platoons. Additionally, the FC-DAC solution allows vehicles with valid authorizations to access signcrypted information quickly and efficiently, even if they belong to different platoons. Our theoretical and experimental analysis demonstrates that the FC-DAC scheme is resistant to various common attacks and is applicable to multi-platoon vehicular networks.

Yu Yao,Junhui Zhao,Zeqing Li,Xu Cheng,Lenan Wu,Xuan Li

DOI: https://doi.org/10.1109/VTC2022-Fall57202.2022.10012876

2022-01-01

Abstract:Vehicle-to-vehicle (V2V) communication applications face significant challenges to security and privacy since all types of possible breaches are common in connected and autonomous vehicles (CAVs) networks. As an inheritance from conventional wireless services, illegal eavesdropping is one of the main threats to Vehicle-to-vehicle (V2V) communications. In our work, the anti-eavesdropping scheme in CAVs networks is developed through the use of cognitive risk control (CRC)-based vehicular joint radar-communication (JRC) system. In particular, the supplement of off-board measurements acquired using V2V links to the perceptual information has presented the potential to enhance the traffic target positioning precision. Then, transmission power control is performed utilizing reinforcement learning, the result of which is determined by a task switcher. Based on the threat evaluation, a multi-armed bandit (MAB) problem is designed to implement the secret key selection procedure when it is needed. Numerical experiments have presented that the developed approach has anticipated performance in terms of some risk assessment indicators.

Jie Cui,Jing Yu,Hong Zhong,Lu Wei,Lu Liu

DOI: https://doi.org/10.1109/tits.2022.3227949

IF: 8.5

2023-03-04

IEEE Transactions on Intelligent Transportation Systems

Abstract:Autonomous Vehicles (AVs) are a highly discussed topic owing to their great performance and convenience. However, some requirements limit their wider deployment. Specifically, AV should be controlled by remote users during emergencies. It may lead to AV's system facing the risk of being intruded on by a malicious party, resulting in unreasonable decisions. We, therefore, design the Internet of autonomous vehicle (IoAV) model to mitigate the problems arising from these limitations. To promote a secure remote control of the AV, a reliable authentication scheme, which can be used in IoAV, must be performed. Our proposed chaotic map-based authenticated key agreement (CMAKA) method provides secure remote control features for AVs. In this method, users, data centers, and AV establish a secure communication channel through the negotiation of three independent session keys. Furthermore, a physical unclonable function (PUF) is employed to produce a trusted private key during the authentication. The security of our scheme is evaluated using game hopping through the widespread Real-or-Random (ROR) model. Compared with other existing three-factor authentication schemes, the performance of our protocol is higher in both security requirements and total cost.

engineering, electrical & electronic,transportation science & technology, civil

Shi-Jinn Horng,Cheng-Chung Lu,Wanlei Zhou

DOI: https://doi.org/10.1109/tvt.2020.3037804

IF: 6.8

2020-12-01

IEEE Transactions on Vehicular Technology

Abstract:Ensuring data confidentiality in a vehicular ad hoc network (VANET) is an increasingly important issue. Message confidentiality, user privacy and access control are the most important problems that affect services provided by VANETs. However, access control that addresses data downloads while preserving users' privacy remains an open problem. Based on a set of attributes, the ciphertext-policy attribute-based encryption (CP-ABE) algorithm proposes a party data encryption/decryption mechanism for shared data; consequently, the algorithm has become a popular solution for data-sharing access control. However, the current CP-ABE schemes are still infeasible for VANETs because these schemes use a single authority and inefficient encryption/decryption and ignore revocation mechanisms. Here, over CP-ABE with revocation, we introduce an identity-based scheme that achieves secure data sharing in VANETs. To reduce the computation load for in-vehicle on-board units (OBUs), we outsource computationally intensive encryption and decryption operations to cloud compute nodes. Attributes are decentralized and managed by application service providers that provide services to vehicles based on subscriptions. Comprehensive experimental results and security analysis show that our scheme achieves fine-grained access control while preserving user privacy. Through implementation, performance analysis demonstrates that our scheme is suitable for VANETs.

telecommunications,engineering, electrical & electronic,transportation science & technology

H M Sabbir Ahmad,Ehsan Sabouni,Akua Dickson,Wei Xiao,Christos G. Cassandras,Wenchao Li

2024-03-25

Abstract:We address the security of a network of Connected and Automated Vehicles (CAVs) cooperating to safely navigate through a conflict area (e.g., traffic intersections, merging roadways, roundabouts). Previous studies have shown that such a network can be targeted by adversarial attacks causing traffic jams or safety violations ending in collisions. We focus on attacks targeting the V2X communication network used to share vehicle data and consider as well uncertainties due to noise in sensor measurements and communication channels. To combat these, motivated by recent work on the safe control of CAVs, we propose a trust-aware robust event-triggered decentralized control and coordination framework that can provably guarantee safety. We maintain a trust metric for each vehicle in the network computed based on their behavior and used to balance the tradeoff between conservativeness (when deeming every vehicle as untrustworthy) and guaranteed safety and security. It is important to highlight that our framework is invariant to the specific choice of the trust framework. Based on this framework, we propose an attack detection and mitigation scheme which has twofold benefits: (i) the trust framework is immune to false positives, and (ii) it provably guarantees safety against false positive cases. We use extensive simulations (in SUMO and CARLA) to validate the theoretical guarantees and demonstrate the efficacy of our proposed scheme to detect and mitigate adversarial attacks.

Systems and Control

Jin Li,Gansen Zhao,Xiaofeng Chen,Dongqing Xie,Chunming Rong,Wenjun Li,Lianzhang Tang,Yong Tang

DOI: https://doi.org/10.1109/cloudcom.2010.44

2010-01-01

Abstract:Cloud computing is an emerging computing paradigm in which IT resources and capacities are provided as services over the Internet. Promising as it is, this paradigm also brings forth new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are likely outside of the same trust domain of data owners. To maintain the confidentiality of, sensitive user data against untrusted servers, existing work usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired, and thus do not scale well. In this paper, we present a way to implement, scalable and fine-grained access control systems based on attribute-based encryption (ABE). For the purpose of secure access control in cloud computing, the prevention of illegal key sharing among colluding users is missing from the existing access control systems based on ABE. This paper addresses this challenging open issue by defining and enforcing access policies based on data attributes and implementing user accountability by using traitor tracing. Furthermore, both the user grant and revocation are efficiently supported by using the broadcast encryption technique. Extensive analysis shows that the proposed scheme is highly efficient and provably secure under existing security models.

Yanli Ren,Cien Chen,Mingqi Hu,Guorui Feng,Xinpeng Zhang

DOI: https://doi.org/10.1109/jiot.2023.3296906

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The vehicular social networks (VSNs) provide passengers, drivers and vehicles with multiple services, such as safe driving, data sharing, and traffic management. However, transmitting data in VSNs can expose information, such as the user’s identity and location. Malicious users who tamper with shared data can even cause serious traffic accidents. Considering the privacy protection and secure transmission of shared data in VSNs, we propose a blockchain-based and fog computing-assisted data access control (BFDAC) scheme. We combine the multi-authority ciphertext-policy attribute-based encryption algorithm with the consortium blockchain to avoid the security and trust issues in the form of centralized key management, and outsource part of the decryption calculations to roadside units (RSUs) as fog nodes to realize lightweight calculation for users. Our BFDAC scheme also supports user tracking and revocation, while users can also revoke shared data saved in the cloud. Security analysis shows that the BFDAC scheme can effectively protect the shared data. Experiments show that our BFDAC scheme reduces 32.8% in storage cost, 9.5% in encryption cost, and 57.1% in outsourced decryption cost compared to previous ones.

Xuanmei Qin,Yongfeng Huang,Xing Li

DOI: https://doi.org/10.1007/s00500-020-05117-x

IF: 3.732

2020-06-30

Soft Computing

Abstract:Nowadays, more and more data are stored on cloud for sharing in vehicular networks, but the increasing number of cloud data security incidents makes how to guarantee confidentiality of sharing data one of the main concerns. Attribute-based encryption is considered as a suitable method to solve this issue. However, the requirements of lightweight and privacy make it difficult to apply the existing attribute-based encryption schemes directly in vehicular networks. In this paper, we put forward an access control scheme with lightweight decryption and conditional authentication for secure data sharing in vehicular networks. In this scheme, we extend elliptic-curve cryptography-based key-policy attribute-based encryption scheme with token-based decryption for lightweight access control. Moreover, we integrate Elliptic Curve Qu-Vanstone implicit certificate with ELGamal encryption algorithm to achieve both mutual authentication and conditional privacy protection. The performance analysis shows that the proposed scheme requires less time for both encryption and decryption on the user side. The security analysis shows that the proposed scheme can provide conditional anonymity.

computer science, artificial intelligence, interdisciplinary applications

Yongkai Fan,Shengle Liu,Gang Tan,Fei Qiao

DOI: https://doi.org/10.1016/j.future.2018.05.062

IF: 7.307

2020-01-01

Future Generation Computer Systems

Abstract:With the wide adoption of mobile devices, it becomes increasingly a reality that mobile users use a variety of apps from various sources. Since the enforcement of strict privacy is difficult, the inappropriate access by malicious apps is a major concern for mobile users, and access control becomes a challenge. In order to prevent the leakage of sensitive information ( such as the contact lists, or private pictures) by inappropriate or illegal access, we propose a fine-grained access-control scheme based on Ciphertext-Policy Attribute-Based Encryption (CPABE) and Trusted Execution Environment (TEE), which can effectively protect data. In the scheme, CPABE is adopted in a novel way to solve the important security problems by supporting fine-grained access control during the access period and by supporting the critical operations running in the trusted execution environment. The scheme can be used to mitigate the sensitive information attacks and enhance confidentiality. Moreover, it can reduce the risk in the case of one single authority. Compared to the traditional access-control mechanisms, our experimental results indicate that the proposed scheme satisfies the security requirements, and is superior to other existing schemes. (C) 2018 Elsevier B.V. All rights reserved.