Muhammad Zubair,Xiangwei Kong,Saeed Mahfooz

DOI: https://doi.org/10.4304/jnw.9.5.1121-1131

2014-01-01

Journal of Networks

Abstract:In this paper we propose a novel authentication mechanism for session mobility in Next Generation Networks named as Hierarchical Authentication Key Management (HAKM). The design objectives of HAKM are twofold: i) to minimize the authentication latency in NGNs; ii) to provide protection against an assortment of attacks such as denial-of-service attacks, man-in-the-middle attacks, guessing attacks, and capturing node attacks. In order to achieve these objectives, we combine Session Initiation Protocol (SIP) with Hierarchical Mobile IPv6 (HMIPv6) to perform local authentication for session mobility. The concept of group keys and pairwise keys with one way hash function is employed to make HAKM vigorous against the aforesaid attacks. The performance analysis and numerical results demonstrate that HAKM outperforms the existing approaches in terms of latency and protection against the abovementioned attacks

Muhammad Zubair,Xiangwei Kong,Saeed Mahfooz

DOI: https://doi.org/10.1002/sec.1041

IF: 1.968

2014-01-01

Security and Communication Networks

Abstract:Traditional centralized approaches toward mobility management such as MIPv6 and its variants suffer because of the performance issues like single-point failure, non-optimal routing, low scalability, authentication latency, and signaling messages overhead of the mobility protocols. In this paper, we propose a novel network-based Distributed Mobility and Authentication Mechanism DMAM to focus on these issues. DMAM decomposes centralized mobility functions into Home Address Allocation, mobility routing MR, and location management LM. A new entity is introduced in DMAM, called Location and Mobility Manager that distributes MR and LM among multiple routers to which mobile node can be attached. Furthermore, DMAM offers strong authentication mechanism based on symmetric cryptographic and collision-free one-way hash function. The performance of proposed scheme is analyzed and compared with existing approaches in terms of handover latency, handover blocking probability, packet loss, communication overhead, and computational cost. The conducted numerical results demonstrate that DMAM outperforms the existing approaches. Copyright © 2014 John Wiley & Sons, Ltd.

Song-Hua HUANG,Yu-Xing SUN,Hao HUANG,Gui-Hai CHEN

DOI: https://doi.org/10.3724/SP.J.1016.2009.00531

2009-01-01

Jisuanji Xuebao/Chinese Journal of Computers

Abstract:Performance is always the bottleneck for deploying network mobility (NEMO), and the delay resulting from existing authentication mechanism makes it even worse. This paper in-troduces an efficient authentication method for access router (AR) mesh of multihomed and nes-ted mobile networks, with path selection and fast handover support to promote whole perform-ance of mobile networks, especially to reduce the delay. First a mutual authentication method is presented based on fixed AAA infrastructure and dynamic trusted neighbors, integrated with a behavior evaluation mechanism. And based on this authentication method the algorithms for opti-mal path selection and recovery of access failure are proposed. In the solution, security associa-tion (SA) transfer is to cut down the authentication delay; multi-angular routing and tunnel-in-tunnel problem in nested situation can be eliminated through the Care-of-Address (CoA) configu-ration of mobile router based on top-level AR prefix; temporary tunnel and reverse routing header (RRH) may be borrowed to leave out the binding procedure in handover; AR evaluation will pro-duce an optimal path to the Internet. Analysis shows that, with efficient SA establishment be-tween mobile networks and the foreign networks, expected node behavior evaluation, and opti-mized route, the solution in this paper is more efficient than the counterparts in terms of through-put, packet delay and handover delay.

Cándido Caballero-Gil,Pino Caballero-Gil,Jezabel Molina-Gil

DOI: https://doi.org/10.1016/j.csi.2013.12.005

2022-08-12

Abstract:The practical deployment of vehicular networks is still a pending issue. In this paper we describe a new self-organized method of authentication for VANETs, which allows their widespread, fast and secure implementation. Our proposal does not involve any central certification authority because the nodes themselves certify the validity of public keys of the other nodes. On the one hand we propose an algorithm that each node must use to choose the public key certificates for its local store. On the other hand, we also describe a new node authentication method based on a cryptographic protocol including a zero-knowledge proof that each node must use to convince another node on the possession of certain secret without revealing anything about it, which allows non-encrypted communication during authentication. Thanks to the combination of the aforementioned tools, the cooperation among vehicles can be used for developing several practical applications of VANETs, such as detection and warning about abnormal traffic conditions. One of the most interesting aspects of our proposal is that it only requires existing devices such as smartphones, because the designed schemes are fully distributed and self-organized. In this work we include an analysis of both an NS-2 simulation and a real device implementation of the proposed algorithms, which enables us to extract promising conclusions and several possible improvements and open questions for further research.

Cryptography and Security

Hengchuan Tan,Maode Ma,Houda Labiod,Aymen Boudguiga,Jun Zhang,Peter Han Joo Chong

DOI: https://doi.org/10.1109/TVT.2016.2621354

2017-12-28

Abstract:Public key infrastructure (PKI) is the most widely used security mechanism for securing communications over the network. However, there are known performance issues, making it unsuitable for use in vehicular networks. In this paper, we propose a secure and authenticated key management protocol (SA-KMP) to overcome the shortcomings of the PKI. The SA-KMP scheme distributes repository containing the bindings of the en-tity's identity and its corresponding public key to each vehicle and road side unit. By doing so, certificate exchanges and certificate revocation lists are eliminated. Furthermore, the SA-KMP scheme uses symmetric keys derived based on a 3-D-matrix-based key agreement scheme to reduce the high computational costs of using asymmetric cryptography. We demonstrate the efficiency of the SA-KMP through performance evaluations in terms of transmission and storage overhead, network latency, and key generation time. Analytical results show that the SA-KMP is more scalable and outperforms the certificate-based PKI. Simulation results indicate that the key generation time of the SA-KMP scheme is less than that of the existing Elliptic Curve Diffie--Hellman and Diffie--Hellman protocols. In addition, we use Proverif to prove that the SA-KMP scheme is secure against an active attacker under the Dolev and Yao model and further show that the SA-KMP scheme is secure against denial of service, collusion attacks, and a wide range of other malicious attacks.

Cryptography and Security

He Jiabei,Liu Xuchong,Wu Fan,Chen Chaoyang,Li Xiong

DOI: https://doi.org/10.1007/s11235-022-00911-4

2022-01-01

Abstract:Nowadays, the intelligent transportation system (ITS) has developed prosperously all over the world. As a key technique in ITS, vehicular ad-hoc network (VANET) supports fast transmitting while bringing security problems simultaneously. To ensure efficiency, those unprotected data transmitting at a high speed can be easily eavesdropped on or forged, which will badly damage the ITS. To authenticate the identities of the vehicles in VANETs, signatures with certificates are often employed in historical research, but seldom study discusses the protection of generated data or mutual authentication between participants in VANETs. In order to tackle the problems above, we propose a new mutual authentication scheme for VANET where the private data can be kept away from attackers. In our scheme, the corresponding manager of each region can deal with the dynamic information of vehicles. The security analysis is also carried out and shown to emphasize the reliability of the scheme, such as anonymity, unlinkability and resistance to replay attacks, etc. Besides the resistance to different attacks, the real-time information secrecy can also be protected in our scheme, which is not achieved in the compared schemes. Moreover, the performance evaluation and simulation with NS-3 show that the packet delivery ratio reaches over 99% in most of the application scenarios, which proves that the scheme is efficient and practical.

Muhammad Zubair,Xiangwei Kong,Saeed Mahfooz

DOI: https://doi.org/10.12720/jcm.9.2.144-156

2014-01-01

Journal of Communications

Abstract:Abstract—In this paper we propose a novel Cross-layer Localized Authentication Mechanism (CLAM) to secure mobility in Next Generation Networks. The proposed mechanism integrates Proxy MIPv6 and Session Initiation Protocol (SIP) to handle the authentication locally in real-time and non-real-time communications. The design objectives of CLAM are three fold: i) handover latency is minimized by the local management of authentication; ii) simple to implement in mobile devices because of symmetric cryptographic and one-way hash operations; iii) possesses important security properties such as resistance against various attacks, user anonymity, mutual authentication, user friendly, one-time session key agreement, backward secrecy, forward secrecy, and confidentiality. We analyze and compare the performance of CLAM with existing schemes in terms of handover latency, signaling cost, communication overhead, computational cost, and packet loss. The numerical and simulation results demonstrate that our proposed scheme outperforms the existing schemes.

Lingyun Zhu,Chen Chen,Xin Wang,Azman Osman Lim

DOI: https://doi.org/10.1109/ISADS.2011.88

2011-01-01

Abstract:Security plays an important role in the system design with the development of VANETs. Because of the unreliable communications in VANETs, security protocols need more considerations, such as privacy, authentication, and consistency of messages. However, efficiency has been overlooked before, because previous methods incur significant communication overhead. In this paper, we propose a novel security scheme, named Symmetric-Masquerade Security Scheme (SMSS), which can achieve the security requirements while keeping a low system overhead. In SMSS, we focus on the vehicle-to-vehicle communications, which is among the typical scenarios in VANETs. The symmetric encryption is employed in our scheme to ensure the consistency of the messages, the local pseudonyms are equipped to protect the privacy, and the pre-shared keys are introduced to implement the authentication. This paper makes a detailed description of the novel scheme, then analyzes its performance in comparison with that of the PKI security scheme.

Xiaodong Lin,Xinhua Ling,Haojin Zhu,Pin-Han Ho,Xuemin Shen

DOI: https://doi.org/10.1504/ijsn.2008.017225

2008-01-01

Abstract:In the paper, we propose an efficient two-factor localised authentication scheme for inter-domain handover and roaming in IEEE 802.11 based service-oriented wireless mesh networks (WMNs). Some important aspects, such as resource-constraint Mobile Stations (MSs) and the ping-pong movement phenomenon when handover roaming across different hotspots occurs, are considered. An analytic model is developed to investigate the efficiency of the proposed scheme. Numerical results are given to demonstrate the superiority of the proposed scheme in terms of the resultant signalling overhead, power consumption, and authentication latency, compared with the legacy authentication schemes without losing the capability of preserving the system security.

Mengjie Duan,Shunrong Jiang,Liangmin Wang

DOI: https://doi.org/10.1007/978-981-10-8890-2_15

2017-01-01

Abstract:In-vehicle networks which were originally designed to operate in a closed environment without secure concerns are now being connected to external nodes/networks and providing useful services. However, communications with the external world introduce severe security threats to the vehicle. For connected vehicle, many attacks, which were only feasible with physical access to a vehicle, can now be carried out remotely over wireless networks. To overcome this problem, we propose a security protocol to protect in-vehicle networks based on current Controller Area Network specifications. First, we generate the secure in-vehicle networks by using a group key. Then, we make the gateway join the secure in-vehicle networks after authenticating it. Finally, we generate the pair-ware key to ensure the secure communication between the external node and the gateway. The security analysis and performance evaluation show that the proposed scheme is secure and practical.

Saad Ali Alfadhli,Songfeng Lu,Kai Chen,Meriem Sebai

DOI: https://doi.org/10.1109/access.2020.3014038

IF: 3.9

2020-01-01

IEEE Access

Abstract:Vehicles authentication, the integrity of messages exchanged, and privacy-preserving are essential features in vehicular ad hoc network (VANETs) security. Most of the previously proposed VANETs security solutions do not sufficiently satisfy the security and efficiency requirements. Besides, most of those solutions are heavily dependent on the system key and long-term sensitive data stored in an ideal tamper-proof device, which may not be practical or ideal for resource-constrained onboard units ( $OBUs$ ), especially in the case of an unexpected cloning or physical attack. Therefore, a robust authentication solution should consider those security issues and the nature of resource-constrained nodes. To satisfy all these requirements, we propose a lightweight multi-factor authentication and privacy-preserving security solution for VANETs. It employs a combination of physically unclonable functions ( $PUF$ ) and one-time dynamic pseudo-identities as authentication factors. Furthermore, it eliminates the heavy dependency on the system key by decentralising the wide precinct of the certificate authority ( $CA$ ) into regional domains and achieves robust control of domains keys. A detailed analysis demonstrates that our scheme efficiently meets the VANETs security requirements, and offers more suitable communication and computation costs and features than existing schemes.

Yinzhu Yu,Xiaoyan Huang,Ke Zhang,Fan Wu,Supeng Leng

DOI: https://doi.org/10.1109/icct56141.2022.10072685

2022-01-01

Abstract:In Vehicular Ad Hoc Networks (VANETs), authentication is a crucial security service for both inter-vehicle and vehicle-roadside unit communications. Most of traditional protocols do not consider the impact of vehicular safety on authentication efficiency, thus implementing the same authentication process for all vehicles, which leads to large overhead and inflexible authentication. In this paper, we propose a differentiated identity authentication protocol based on vehicular safety level to reduce the authentication overhead and increase flexibility. In the proposed protocol, Roadside Unit (RSU) can choose appropriate authentication method for vehicle according to its safety level, which is evaluated by hardware safety and behavior safety. In addition, anonymous mutual authentication with key agreement is enabled by exploiting the trapdoor collision property of chameleon hash functions, thus the proposed protocol can effectively avoid the communication overhead caused by the transmission of certificates, and there is no key escrow problem. At the same time, combined with Physical Unclonable Functions (PUFs) technology, the proposed protocol can resist physical attacks. Simulation results demonstrate that the proposed protocol can not only effectively improve the flexibility of vehicular authentication, but also have advantages in reducing computation delay and communication overhead.

Tarak Nandy,Mohd Yamani Idna Idris,Rafidah Md Noor,Ashok Kumar Das,Xiong Li,Norjihan Abdul Ghani,Sananda Bhattacharyya

DOI: https://doi.org/10.1016/j.comcom.2021.06.013

IF: 5.047

2021-01-01

Computer Communications

Abstract:A substantial number of authentication protocols are designed to safeguard vehicular ad-hoc network (VANET) communication from potential attacks; however, they experienced an inability to provide a balance between lightweight and security. Existing security and privacy-preserving based authentication protocols in vehicular networks mostly rely on the trusted authority and signatures to validate the communication on road. Accomplishing the quick validation and correspondence is difficult in such methodologies and further, they endure execution obliges from coming about overhead. To overcome these issues, we have developed an enhanced lightweight and secure authentication protocol (ELSAP) for V2V Communication in VANETs. Moreover, the scheme withheld with self-authentication prior to communication that enhances the network feasibilities, which in return needs less message transfer during authentication as well as communication, indicates lightweight features. Furthermore, two or more vehicles can securely perform mutual authentication, proven by Burrow-Abadi-Needham (BAN) logic. Additionally, the competency of the proposed protocol against the current updated threats is shown via security analysis and comparisons tools such as Automated Validation of Internet Security Protocols and Applications (AVISPA). The result of the performance analysis shows that the communication cost and computational cost outperformed the earlier authentication schemes alongside the security features of the proposed protocol.

Wenping Yu,Rui Zhang,Maode Ma,Cong Wang

DOI: https://doi.org/10.3390/electronics13020449

IF: 2.9

2024-01-23

Electronics

Abstract:In the process of vehicles transitioning from conventional means of transportation to mobile computing platforms, ensuring secure communication and data exchange is of paramount importance. Consequently, identity authentication has emerged as a crucial security measure. Specifically, effective authentication is required prior to the communication between the On-Board Unit (OBU) and Roadside Unit (RSU). To address vehicle identity authentication challenges in the Internet of Vehicles (VANETs), this paper proposes a three-party identity authentication and key agreement protocol based on elliptic curve public key cryptography. Considering issues such as vehicle impersonation attacks, RSU impersonation attacks, and vehicle privacy breaches in existing schemes within wireless mobile environments, this protocol introduces a trusted registry center that successfully enables mutual authentication between OBU and RSU. The proposed protocol not only enhances the VANETs system's ability to withstand security threats but also improves the credibility and efficiency of the authentication process.

engineering, electrical & electronic,computer science, information systems,physics, applied

Su Yao,Jianfeng Guan,Yinan Wu,Ke Xu,Mingwei Xu

DOI: https://doi.org/10.1109/mwc.001.2000132

IF: 12.777

2020-01-01

IEEE Wireless Communications

Abstract:Space-air-ground integrated networks (SAGINs) allow mobile nodes to gain access to the Internet anywhere and at any time, which has significantly broadened the communication coverage all over the world. Different from other heterogeneous networks, SAGINs have the characteristics of dynamic network and wide coverage, which make it vulnerable to various malicious attacks. To improve the security of SAGINs, researchers are facing many sophisticated challenges, in which access authentication is the primary problem to be solved because is mainly used to prevent illegal nodes from accessing SAGINs for network services. Therefore, it is crucial to design a secure and lightweight access authentication scheme for SAGINs. In this article, we propose an identity-based mutual authentication scheme (IMAS), which consists of three segments and five procedural phases. Multicast communication is first introduced in access authentication for re-authentication message transmission, which can greatly reduce authentication delay and signaling overhead during handover. Our further qualitative analysis shows that IMAS has proper security characteristics which can meet various security requirements. In addition, from the perspective of performance evaluation, IMAS has outperformed the existing schemes especially when mobile nodes change their access points frequently and need to be re-authenticated for accessing requests.

MA Dong,HE Da-ke,ZHENG Yu,ZHANG Wen-fang

DOI: https://doi.org/10.3321/j.issn:1001-8360.2008.01.018

2008-01-01

Abstract:AAA protocols are used to solve the issues of authentication,authorization,and accounting for Mobile IP(MIP).But high latency often exists in the authentication and registration process.On the basis of the analysis of the basic model of MIP with AAA support,an improved scheme is proposed. The new scheme can provide fast authentication through minimizing the number of the authentication messages exchanged between the foreign and the home networks.In addition,the security of the messages is protected by the hybrid cryptography based on the public key and symmetric key.

Mohammed Abdulhakim Al-Absi,Ahmed Abdulhakim Al-Absi,Rui Fu,Ki-Hwan Kim,Young-Sil Lee,Byung-Gook Lee,Sang-Gon Lee,Hoon-Jae Lee

DOI: https://doi.org/10.3390/s21144935

IF: 3.9

2021-01-01

Sensors

Abstract:The evolution of the internet has led to the growth of smart application requirements on the go in the vehicular ad hoc network (VANET). VANET enables vehicles to communicate smartly among themselves wirelessly. Increasing usage of wireless technology induces many security vulnerabilities. Therefore, effective security and authentication mechanism is needed to prevent an intruder. However, authentication may breach user privacy such as location or identity. Cryptography-based approach aids in preserving the privacy of the user. However, the existing security models incur communication and key management overhead since they are designed considering a third-party server. To overcome the research issue, this work presents an efficient security model namely secure performance enriched channel allocation (S-PECA) by using commutative RSA. This work further presents the commutative property of the proposed security scheme. Experiments conducted to evaluate the performance of the proposed S-PECA over state-of-the-art models show significant improvement. The outcome shows that S-PECA minimizes collision and maximizes system throughput considering different radio propagation environments.

Fan Wu,Lili Xu,Saru Kumari,Xiong Li,Ashok Kumar Das,Muhammad Khurram Khan,Marimuthu Karuppiah,Renuka Baliyan

DOI: https://doi.org/10.1002/sec.1558

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Ubiquitous networks support the roaming service for mobile communication devices. The mobile user can use the services in the foreign network with the help of the home network. Mutual authentication plays an important role in the roaming services, and researchers put their interests on the authentication schemes. Recently, in 2016, Gope and Hwang found that mutual authentication scheme of He et al. for global mobility networks had security disadvantages such as vulnerability to forgery attacks, unfair key agreement, and destitution of user anonymity. Then, they presented an improved scheme. However, we find that the scheme cannot resist the off-line guessing attack and the de-synchronization attack. Also, it lacks strong forward security. Moreover, the session key is known to HA in that scheme. To get over the weaknesses, we propose a new two-factor authentication scheme for global mobility networks. We use formal proof with random oracle model, formal verification with the tool Proverif, and informal analysis to demonstrate the security of the proposed scheme. Compared with some very recent schemes, our scheme is more applicable. Copyright © 2016 John Wiley & Sons, Ltd.

Hung-Min Sun,Shih-Ying Chang,Yue-Hsun Lin,Shin-Yan Chiou

DOI: https://doi.org/10.1109/isda.2008.330

2008-01-01

Abstract:Mobile WiMAX is the next generation of broadband wireless network. It allows users to roam over the network under vehicular speeds. However, when a mobile station changes from one base station to another, it should be authenticated again. This may lead to delay in communication, especially for real-time applications, such as VoIP and Pay-TV systems. In this paper, we propose two efficient schemes to enhance the performance of authentication during handover in mobile WiMAX. The first scheme adopts, instead of the standard EAP method used in handover authentication, an efficient shared key-based EAP method. The second one, skips the standard EAP method, does the authentication in SA-TEK three-way handshake in PKMv2 process. In addition, the security proofs of our schemes are provided in this paper.

Congcong Li,Xi Zhang,Haiping Wang,Dongfeng Li

DOI: https://doi.org/10.3390/s18010194

2018-01-11

Abstract:Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes.