Security and privacy in vehicular ad-hoc networks

Abstract

The automotive and transportation industry is currently developing smart vehicles to improve driving safety and build an intelligent transportation system in modern cities. As a very promising technology to achieve these goals, the vehicular ad hoc networks (VANETs) are proposed to improve safety on roads by providing real-time traffic information for vehicles. However, VANETs cause many information security and privacy issues to the transportation system, such as bogus information attacks, message modification attacks, or eavesdropping attacks that may undermine user safety and privacy. For example, an attacker could broadcast bogus messages to mislead nearby vehicle to take wrong actions, which could cause a traffic accident. Hence, VANETs can only be deployed successfully after resolving the security and privacy issues. Message authentication is the most important mechanism to ensure information security in VANETs. Typically, message authentication is realized using a digital signature scheme, by which a vehicle produces a signature on traffic-related messages and broadcasts the pairs of messages and signatures over the network. The message recipient verifies the validity of the signature to ensure that the message is signed by a legitimate vehicle and has not been altered during the transmission. Various kinds of digital signature schemes are proposed to realize secure message authentication in VANETs. However, they all have different benefits and drawbacks in terms of security and efficiency. In order to improve the security and efficiency of the message authentication for VANETs, a secure online/offline certificateless signature scheme is proposed in this thesis. The proposed authentication scheme based on certificateless signature not only satisfies the basic security and privacy requirements but also has a better efficiency in terms of signature generation and verification. Furthermore, it supports the techniques of signature aggregation and batch verification, which can improve the efficiency of message authentication. For an authentication scheme to be useful in practice, a secure and efficient revocation mechanism, which revokes malicious or compromised users in the network, is necessary. However, most of the certificateless signature-based authentication schemes lack a secure and efficient revocation mechanism. Hence, based on the proposed online/offline certificateless signature, a revocable online/offline certificateless signature is proposed to solve the revocation problem. Compared with conventional revocation approaches in many other authentication schemes for VANETs, the proposed revocable mechanism eliminates the delay caused by checking against the revocation list and does not require a secret channel. Hence, the proposed revocable approach is practical to be used in the scenario of VANETs. Besides, the revocation burden is alleviated by employing the well-known KUNodes algorithm. Moreover, in order to enhance the overall authentication efficiency in VANETs, a process where the roadside units assist the signature verification of nearby vehicles using cuckoo filter is developed. Even though the proposed authentication scheme prevents many potential security and privacy attacks, certain privacy issues still exist. For example, an adversary could collect transmitted messages and employ a data analysis technique to extract some sensitive information, such as the home address, driving preference, etc. Hence, unlinkability and minimum information disclosure are two desirable features that are required to ensure strong privacy protection. As a promising approach to provide strong privacy for the drivers in VANETs, anonymous credential and its necessary component range proof are investigated in this thesis. Range proof is a cryptographic protocol that has many applications in VANETs, such as the anonymous credentials used in the vehicle registration process, and applications in parking navigation services. In order to develop practical range proof protocol that is secure and efficient, we specifically study the range proof protocol used in cryptocurrency Monero and identify its security flaws. Then, we develop an improved range proof protocol for Monero and give a rigorous proof to prove its security.