Abel C. H. Chen,Cheng-Kang Liu,Chun-Feng Lin,Bon-Yeh Lin

DOI: https://doi.org/10.1109/ICMLANT59547.2023.10372990

2023-09-18

Abstract:In Vehicle-to-Everything (V2X) communications, providing accurate information and safeguarding the privacy of end entities is one of the crucial information security issues. Therefore, several international standardization organizations have begun to develop V2X communication security standards in recent years. For instance, the IEEE 1609.2.1 standard designs a Security Credential Management System (SCMS) that specifies certificate application and issuance processes, as well as certificate revocation processes. Furthermore, the IEEE 1609.2 standard defines certificate formats and Secure Protocol Data Units (SPDUs) for secure data transmission based on these standards. As a result, end entity manufacturers and SCMS providers worldwide have started building V2X security systems in accordance with these standards and conducting interoperability testing. Although international standards mainly employ Elliptic-Curve Cryptography (ECC) for signature/verification and encryption/decryption functions, performance analysis remains a crucial issue for the practical deployment of these systems. Therefore, this study implements end entities and a SCMS conforming to IEEE 1609.2 and IEEE 1609.2.1 standards. It measures the computation and transmission times for each security communication action within the system from the perspective of end entities and identifies potential system bottlenecks. In the experimental results, this study analyzes the most performance-intensive actions and provides relevant suggestions for enhancing system efficiency for SCMS developers to reference.

Cryptography and Security,Networking and Internet Architecture,Software Engineering

Francesco Pollicino,Dario Stabili,Luca Ferretti,Mirco Marchetti

DOI: https://doi.org/10.1109/vtc2020-fall49728.2020.9348712

2020-11-01

Abstract:Emerging Cooperative Intelligent Transportation Systems (C-ITS) enable improved driving experience and safety guarantees, but require secure Vehicular Ad-hoc NETworks (VANETs) that must comply to strict performance constraints. Specialized standards have been defined to these aims, such as the IEEE 1609.2 that uses network-efficient cryptographic protocols to reduce communication latencies. The reduced latencies are achieved through a combination of the Elliptic Curve Qu-Vantstone (ECQV) implicit certificate scheme and the Elliptic Curve Digital Signature Algorithm (ECDSA), to guarantee data integrity and authenticity. However, literature lacks implementations and evaluations for vehicular systems. In this paper, we consider the IEEE 1609.2 standard for secure VANETs and investigate the feasibility of ECQV and ECDSA schemes when deployed in C-ITSs. We propose a prototype implementation of the standard ECQV scheme to evaluate its performance on automotive-grade hardware. To the best of our knowledge, this is the first open implementation of the scheme for constrained devices that are characterized by low computational power and low memory. We evaluate its performance against C-ITS communication latency constraints and show that, although even highly constrained devices can support the standard, complying with stricter requirements demands for higher computational resources.

Abel C. H. Chen

2024-01-03

Abstract:In recent years, the elliptic curve Qu-Vanstone (ECQV) implicit certificate scheme has found application in security credential management systems (SCMS) and secure vehicle-to-everything (V2X) communication to issue pseudonymous certificates. However, the vulnerability of elliptic-curve cryptography (ECC) to polynomial-time attacks posed by quantum computing raises concerns. In order to enhance resistance against quantum computing threats, various post-quantum cryptography methods have been adopted as standard (e.g. Dilithium) or candidate standard methods (e.g. McEliece cryptography), but state of the art has proven to be challenging to implement implicit certificates using lattice-based cryptography methods. Therefore, this study proposes a post-quantum cryptography McEliece-Chen (PQCMC) based on an efficient random invertible matrix generation method to issue pseudonymous certificates with less computation time. The study provides mathematical models to validate the key expansion process for implicit certificates. Furthermore, comprehensive security evaluations and discussions are conducted to demonstrate that distinct implicit certificates can be linked to the same end entity. In experiments, a comparison is conducted between the certificate length and computation time to evaluate the performance of the proposed PQCMC. This study demonstrates the viability of the implicit certificate scheme based on PQC as a means of countering quantum computing threats.

Cryptography and Security,Networking and Internet Architecture

Francesco Pollicino,Dario Stabili,Luca Ferretti,Mirco Marchetti

DOI: https://doi.org/10.1109/tvt.2021.3122333

IF: 6.8

2021-12-01

IEEE Transactions on Vehicular Technology

Abstract:Cooperative Intelligent Transportation Systems (C-ITS) improve driving experience and safety through secure Vehicular Ad-hoc NETworks (VANETs) that satisfy strict security and performance constraints. Relevant standards, such as the IEEE 1609.2, prescribe network-efficient cryptographic protocols to reduce communication latencies through a combination of the Elliptic Curve Qu-Vanstone (ECQV) implicit certificate scheme and the Elliptic Curve Digital Signature Algorithm (ECDSA). However, literature lacks open implementations and performance evaluations for vehicular systems. This paper assesses the applicability of IEEE 1609.2 and of ECQV and ECDSA schemes to C-ITSs. We release an open implementation of the standard ECQV scheme to benchmark its execution time on automotive-grade boards. Moreover, we evaluate its performance in real road and traffic scenarios and show that compliance with strict latency requirements defined for C-ITS requires computational resources that are not met by many automotive-grade embedded hardware platforms. As a final contribution, we propose and evaluate novel heuristics to reduce the number of signatures to be verified in real C-ITS scenarios.

Paulo S. L. M. Barreto,Marcos A. Simplicio,Jefferson E. Ricardini,Harsh Kupwade Patil

DOI: https://doi.org/10.1109/tc.2020.2988637

IF: 3.183

2021-03-01

IEEE Transactions on Computers

Abstract:In the implicit certification model, the process of verifying the validity of the signer's public key is combined with the verification of the signature itself. When compared to traditional, explicit certificates, the main advantage of the implicit approach lies in the shorter public key validation data. This property is particularly important in resource-constrained scenarios where public key validation is performed very often, which is common in vehicular communications (V2X) that employ pseudonym certificates. In this article, we show an alternative Schnorr-based implicit certification procedure that can improve the efficiency of a popular V2X-oriented Vehicular Public Key Infrastructure (VPKI), the Security Credential Management System (SCMS). As an additional contribution, we show that SCMS's underlying certificate provisioning procedure, based on butterfly keys, is vulnerable to existential forgery attacks under certain conditions. We then discuss how this issue can be fixed in an effective and efficient manner.

engineering, electrical & electronic,computer science, hardware & architecture

Mujahid Muhammad,Ghazanfar Ali Safdar

DOI: https://doi.org/10.1016/j.adhoc.2024.103701

IF: 4.816

2024-11-05

Ad Hoc Networks

Abstract:Safety applications, such as intersection collision warnings and emergency brake warnings, enhance road safety and traffic efficiency through periodic broadcast messages by vehicles and roadside infrastructure. While the Elliptic Curve Digital Signature Algorithm (ECDSA) is a widely used security approach, its performance limitations make it unsuitable for time-critical safety applications. As such, a symmetric cryptography-based technique called Timed Efficient Stream Loss-tolerant Authentication (TESLA) offers a viable alternative. However, applying standard TESLA in the context of vehicle-to-vehicle (V2V) communications has its own challenges. One challenge is the difficulty of distributing authentication information called commitments in the highly dynamic V2V environment. In this paper, we propose two novel solutions to this problem, namely, V2X Application Server (VAS)-centric and vehicle-centric. The former is an application-level solution that involves selective unicasting of commitments to vehicles by a central server, the VAS, and the latter is a reactive scheme that involves the periodic broadcast of commitments by the vehicles themselves. Extensive simulations are conducted using representatives of the real V2V environment to evaluate the performance of these approaches under different traffic situations; as well as performance comparison with a state-of-the-art distribution solution. The simulation results indicate that the VAS-centric solution is preferable for use in a TESLA-like V2V security scheme. It demonstrates desirable features, including timely delivery of commitments and high distribution efficiency, with over 95% of commitments sent by the VAS are associated with relevant safety messages when compared with the vehicle-centric and state-of-the-art solutions. Formal security analysis, conducted using the Random Oracle Model (ROM), proves the correctness of our proposed distribution schemes. Additionally, an informal security analysis shows the resilience of the proposed schemes against various attacks, including impersonation, replay, and bogus commitment messages.

computer science, information systems,telecommunications

Ikram Ali,Yong Chen,Niamat Ullah,Rajesh Kumar,Wen He

DOI: https://doi.org/10.1109/tvt.2021.3050399

IF: 6.8

2021-02-01

IEEE Transactions on Vehicular Technology

Abstract:In vehicular ad-hoc networks (VANETs), safety messages are exchanged among vehicles and between vehicles and infrastructure to ensure passengers' safety and efficiency in traffic. The source authentication as well as integrity checking of these messages are very necessary for a receiver. Based on certificateless cryptography (CLC), some state-of-the-art signature schemes have been proposed to address these. Although they fulfill the requirements of authentication and privacy, they are not efficient with respect to performance. Bilinear pairings and map-to-point hash functions are used in these schemes. These require a huge amount of time to process. The computational power and storing capacity of an on-board unit (OBU) in each vehicle are limited. Therefore, computational overhead is induced on vehicles that need to authenticate messages in areas of high traffic density. In this paper, a provably secure and efficient certificateless short signature-based conditional privacy-preserving authentication (CLSS-CPPA) scheme for V2V communication is designed. This scheme does not use bilinear parings and is based on the elliptic curve cryptosystem (ECC). In addition, instead of map-to-point hash functions, general hash functions are used. Furthermore, the CLSS-CPPA scheme supports the batch signature verification method which allows multiple signatures to be verified simultaneously and efficiently. The CLSS-CPPA scheme ensures security against type-I and type-II attackers with respect to existential unforgeability against adaptively chosen message attacks (EUF-CMA) under a hardness assumption of the elliptic curve discrete logarithm problem (ECDLP) in the random oracle model (ROM). The proposed scheme significantly improves performance in terms of computational and communication costs in comparison with state-of-the-art schemes.

telecommunications,engineering, electrical & electronic,transportation science & technology

Hee-Yong Kwon,Mun-Kyu Lee

DOI: https://doi.org/10.1109/tvt.2019.2902382

IF: 6.8

2019-05-01

IEEE Transactions on Vehicular Technology

Abstract:In many bandwidth-critical environments, including vehicle-to-vehicle and vehicle-to-infrastructure communications, implicit certificates such as elliptic curve Qu-Vanstone (ECQV) are frequently employed as a means to reduce the bandwidth requirement of digital signatures. In these environments, however, certain recipients such as roadside units need to verify signatures for multiple messages within considerably short time periods. In this paper, we propose two efficient methods of reducing the computational costs of signature verification when multiple digital signatures are provided together with the ECQV implicit certificates. The first method achieves this by sharing the intermediate results that are computed when public keys are extracted from ECQV certificates. The second guarantees a further speed improvement by merging the public key extraction processes into a batch signature verification process. We also present an algorithm that adaptively chooses the best verification method for the given signatures in real time. Our experimental results show that the proposed methods allow for a signature verification that is five times faster than existing methods.

telecommunications,engineering, electrical & electronic,transportation science & technology

Chang-Seop Park

DOI: https://doi.org/10.1109/jsen.2016.2625821

IF: 4.3

2017-04-01

IEEE Sensors Journal

Abstract:For the purpose of securing mutual communication, Internet of Things (IoT) applications should establish a security association in advance for two or more sensor devices acting as the roles of sensors and actuators. Even though the X-509-based public key certificate can be a viable solution for such purpose, it is not efficient to employ in the IEEE 802.15.4 network, since it is too large to be loaded in IEEE 802.15.4 frames. So, the elliptic-curve Qu-Vanstone (ECQV) implicit certificate has been employed for lightweight security association establishment for the IoT environment. However, it is mandatory to secure the transaction between the sensor device requesting the certificate and the certificate authority. The previous ECQV certificate issuance protocol has several weaknesses, in terms of security and efficiency. In this paper, we propose a new ECQV certificate issuance protocol that addresses the security problems of the previous protocol. Our protocol design is based on integration into the secure join protocol of the IEEE 802.15.4, where we employ a cryptographically generated address for security bootstrapping to secure the join and certificate issuance protocol. We extensively analyze and compare our protocol with the previous protocol in terms of security and performance.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Na Ruan,Takashi Nishide,Yoshiaki Hori

DOI: https://doi.org/10.2197/ipsjjip.20.846

2012-01-01

Abstract:In Vehicular Ad Hoc Networks (VANETs), the vehicular scenario requires smart signaling, smart road maintenance and other services. A brand new security issue is that the semi-trusted Road Side Units (RSUs) may be compromised. In this paper, we propose an Elliptic curve ElGamal Threshold system-based key management scheme for safeguarding a VANET from RSUs being compromised and their collusion with malicious vehicles. We analyze the packet loss tolerance for security performance demonstration, followed by a discussion on the threshold. After discussion of the feasibility on privacy and processing time, overhead analysis is presented in terms of two types of application scenarios: Emergency Braking Notification (EBN) and Decentralized Floating Car Data (DFCD). Our method can promote security with low overhead in EBN and does not increase overhead in DFCD during security promotion.

George Routis,Panagiotis Dagas,Ioanna Roussaki

DOI: https://doi.org/10.3390/electronics13040730

IF: 2.9

2024-02-12

Electronics

Abstract:The Internet of Things (IoT) is a technological paradigm that has gained significant momentum the last decade and, among other features, enables the development of intelligent and interoperable device networks. In this respect, it has triggered the creation and evolution of vehicular ad-hoc networks (VANETs), which are initially implemented in order to guarantee the safety of drivers and the avoidance of traffic accidents. The drawback is that this fast evolution comes with serious concerns in terms of the privacy of users, while the population of attackers or entities that try to eavesdrop and intercept information has significantly increased. This imposes a serious risk for drivers moving across a Smart City. The research presented in this paper aims to evaluate privacy protection mechanisms in VANET environments, based on the efficiency and security level they ensure, considering the fact that VANETs provide limited resources to users/drivers. Moreover, the usage of elliptic curve cryptography in reduced resources environments is discussed. Finally, this paper compares the performance of three cryptographic algorithms, elliptic curve cryptography (ECC), hyperelliptic curve cryptography genus 2 (HECC-2) and HECC genus 3 (HECC-3), employed for an efficient authentication and safe message transmission mechanism in VANETs, aimed at reaching conclusions related to the implementation of each cryptographic scheme in this specific application area. The evaluation results indicate that ECC supersedes HECC-2 and HECC-3 in most metrics. However, HECC-2 and HECC-3 demonstrate better responses than ECC does in selected energy metrics. Overall, it is observed that HECC algorithms are not yet mature enough to compete with ECC. This is due to the fact that the research community has not sufficiently progressed toward the optimization of HECC, and moreover, HECC builds on quite complex mathematics. There are indications, however, that once HECC curves are indeed optimized, HECC will outperform ECC in speed as well as in other metrics, sinceHECC-2 and HECC-3 use a significantly smaller key size with the same level of security as that of ECC.

engineering, electrical & electronic,computer science, information systems,physics, applied

Xuejiao Liu,Yingjie Xia,Wenzhi Chen,Yang Xiang,Mohammad Mehedi Hassan,Abdulhameed Alelaiwi

DOI: https://doi.org/10.1016/j.jcss.2016.05.006

IF: 1.043

2016-01-01

Journal of Computer and System Sciences

Abstract:Vehicular ad hoc network (VANET) is an increasing important paradigm, which not only provides safety enhancement but also improves roadway system efficiency. However, the security issues of data confidentiality, and access control over transmitted messages in VANET have remained to be solved. In this paper, we propose a secure and efficient message dissemination scheme (SEMD) with policy enforcement in VANET, and construct an outsourcing decryption of ciphertext-policy attribute-based encryption (CP-ABE) to provide differentiated access control services, which makes the vehicles delegate most of the decryption computation to nearest roadside unit (RSU). Performance evaluation demonstrates its efficiency in terms of computational complexity, space complexity, and decryption time. Security proof shows that it is secure against replayable choosen-ciphertext attacks (RCCA) in the standard model.

Zuobin Ying,Kaichao Wang,Jinbo Xiong,Maode Ma

DOI: https://doi.org/10.1049/cmu2.12778

IF: 1.345

2024-06-16

IET Communications

Abstract:The article first introduces the development history of the past Internet of Vehicles(IoV), summarizes some common V2X security threats, describes the development and application of the SM commercial algorithm in recent years, and finally, statistics and introduces the part of the development process of the security protocols currently used in IoV regarding the SM algorithms and gives some application prospects. With the refinement and development of the Vehicle to Everything (V2X) concept, its security issues have gradually come to the fore, revealing many security risks and increasing security requirements for V2X, and many protective measures have likewise emerged. The article first introduces the development history of the past Internet of Vehicles(IoV), summarizes some common V2X security threats, surveys the security technologies used for V2X communication, and outlines the development of each technology and the proposed security protocols in the last 3 years. Due to the different advantages and disadvantages of previous protection schemes, the idea of using National Cryptography to supplement the security scheme or designing a new security scheme article based on the National Cryptography Algorithms((AKA SM algorithms) is proposed. The survey then introduces the SM2, SM3, SM9, and ZUC algorithms, describes the development and application of the SM commercial algorithm in recent years, and finally, statistics and introduces the part of the development process of the security protocols currently used in IoV regarding the SM algorithms and gives some application prospects.

engineering, electrical & electronic

Ikram Ali,Yong Chen,Chengwei Pan,Anjian Zhou

DOI: https://doi.org/10.1109/jiot.2021.3104010

IF: 10.6

2022-03-15

IEEE Internet of Things Journal

Abstract:Vehicular ad hoc networks (VANETs), an application of the Internet of Things (IoT) providing a better intelligent transportation system (ITS), has received substantial attention from both industry and academia. Heterogeneous vehicular communications in VANETs occur when both vehicles and the infrastructure use different cryptographic technologies to exchange safety messages. However, the safety messages between vehicles and the infrastructure are communicated wirelessly; therefore, security issues are a serious concern in this domain. The existing schemes secure the transmission of safety messages with respect to confidentiality, authentication, and nonrepudiation. However, they are inappropriate with respect to efficiency. They cause computational overhead on the receiver and bandwidth overhead in the communications. To cope with this, we propose an elliptic curve cryptosystem-based hybrid signcryption (ECCHSC) protocol that satisfies the security requirements (i.e., message confidentiality, message's source authentication, message integrity, nonrepudiation, and identity–anonymity) for heterogeneous vehicle-to-infrastructure (V2I) communications in a single logical step. This protocol allows secure transmission of a safety message from a vehicle using identity-based cryptography (IDC) to a roadside unit (RSU) using public-key infrastructure (PKI). In addition, the ECCHSC protocol enables the RSU to receive multiple ciphertexts, aggregate them, and de-signcrypt them simultaneously through the batch de-signcryption method, which further improves the performance. The ECCHSC protocol has indistinguishability against adaptive chosen ciphertext attacks (IND-CCA2) and existential unforgeability against adaptive chosen message attacks (EUF-CMAs) in the random oracle model (ROM). The performance analysis of our protocol demonstrates a significant reduction in computational overhead and in communication/storage overhead as c-mpared to the state-of-the-art schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Abdullah M. Almuhaideb,Sammar S. Algothami

DOI: https://doi.org/10.3390/bdcc6040102

2022-09-27

Big Data and Cognitive Computing

Abstract:In the near future, using electric vehicles will almost certainly be required for the sustainability of nature and our planet. The most significant challenge that users are concerned about is the availability of electric vehicle charging stations. Therefore, to maximize the availability of electric vehicle charging stations, we suggest taking benefit from individual sellers who produce renewable energy from their homes or electric vehicle owners who have charging piles installed in their homes. However, energy services that are rapidly being offered by these businesses do not have a trust connection developed with the consumers and stakeholders in these new systems. Exchange of data related to electric vehicles and energy aggregators can be used to identify users’ behavior and compromise their privacy. Consequently, it is necessary to set up a charging system that will guarantee privacy and security. Several electric vehicle charging systems have been proposed to provide security and privacy preservation. However, ensuring anonymity alone is not enough to guarantee protection from reconstructing the victim vehicle’s route by the tracking adversary, even if the exchanged messages are completely anonymous. Furthermore, anonymity should not be absolute in order to protect the system and function as necessary by all entities. In this research, we propose an effective, secure, and privacy-preserving authentication method based on the Elliptic Curve Qu–Vanstone for an electric vehicle charging system. The proposed scheme provides all the necessary requirements and a reauthentication protocol to minimize the overhead of subsequent authentication processes. To create credentials and validate electric vehicles and energy aggregators, the scheme makes use of the Elliptic Curve Qu–Vanstone implicit certificate mechanism. The new protocols give EVs security and privacy while cutting computational time by 95% thanks to reauthentication, as demonstrated by the performance comparison with earlier works.

Changyuan Luo,Duan Li,Muhammad Saad Khan

DOI: https://doi.org/10.1038/s41598-024-77992-5

IF: 4.6

2024-11-09

Scientific Reports

Abstract:Certificateless public key infrastructure (PKI) avoids the key escrow problem associated with identity-based PKI and has recently been widely employed in anonymous communication schemes for vehicular adhoc networks (VANETs). In existing certificateless anonymous signcryption schemes for VANETs, vulnerabilities such as potential attacks involving the substitution of pseudonyms and the forging of pseudonymous public-private key pairs exist due to the lack of "identity-key binding" and "non-linearity processing of public-private key pairs." To address this issue, we propose an improved certificateless anonymous signcryption scheme based on elliptic curve cryptography. The scheme incorporates bilinear pairing as one of the authentication mechanisms, designs pseudonym generation algorithms and public-private key pair structures, and introduces a pseudonym verification mechanism. The correctness of the scheme is proven under the random oracle model, and its security is extensively demonstrated through detailed discussions on its confidentiality, authentication, unforgeability, anonymity, and traceability. Furthermore, the time and space complexity of the scheme are calculated. By comparing with recently published certificateless signcryption schemes, it is shown that the proposed scheme offers higher security with smaller computational and communication overheads. This certificateless vehicular network signcryption algorithm provides an efficient encryption solution for anonymous communication in vehicular networks, thereby ensuring the rapid development of secure technology for intelligent connected vehicle super terminals.

multidisciplinary sciences

Aljawharah Alnasser,Hongjian Sun,Jing Jiang

DOI: https://doi.org/10.48550/arXiv.1901.01053

2019-01-04

Abstract:In recent years, vehicles became able to establish connections with other vehicles and infrastructure units that are located in the roadside. In the near future, the vehicular network will be expanded to include the communication between vehicles and any smart devices in the roadside which is called Vehicle-to-Everything (V2X) communication. The vehicular network causes many challenges due to heterogeneous nodes, various speeds and intermittent connection, where traditional security methods are not always efficacious. As a result, an extensive variety of research works has been done on optimizing security solutions whilst considering network requirements. In this paper, we present a comprehensive survey and taxonomy of the existing security solutions for V2X communication technology. Then, we provide discussions and comparisons with regard to some pertinent criteria. Also, we present a threat analysis for V2X enabling technologies. Finally, we point out the research challenges and some future directions.

Information Theory