Encryption Based Authentication Schemes in Vehicular Ad-Hoc Networks Sandhya Kohli1 , Dr. Kanwalvir Singh Dhindsa 2 , Dr. Ravinder Khanna 3 Research scholar, IKGPTU Punjab,
[email protected] 1 Professor (CSE), BBSBEC Fatehgarh Sahib Punjab,
[email protected] Dean R & D, MM University Ambala,
[email protected] 3
Abstract - Many authentication schemes are proposed in VANET which provide both security and data integrity against most of the vehicular attacks, but it still has limited functionality. The public key encryption lacks the articulation needed to protect data in VANET, as Public key encryption allows “all or nothing access”, so ID-based encryption is the recent demand for security paradigm in VANET. This paper caters the various encryption based authentication schemes in VANET and comparison of ECDSA based and ID-based authentication schemes in VANET is done to emphasis the importance of ID-Based encryption in VANET.
security solutions are well researched for common wireless environments but approach for VANET is very different due to embedded computing platforms in vehicles, limited bandwidth, high mobility and dynamic topology. Cryptography and encryption are the main security components used for data security in vehicular communications. The Vehicle Safety Communications Consortiums (VSCC) under a cooperative agreement with the US Department of Transportation (USDOT) worked on security solutions that follow the IEEE P1609.2 standards. This standard defines the over air message format for VANET and currently suggests attaching Elliptic Curve Digital Signature Algorithm(ECDSA) to each message [1]. This standard also defines message content, encryption and format for certificate revocation list. So the use of ECDSA signature is very essential for authentication in VANET. The remainder of the paper is organized as follows. Section 2 presents the state of art. Section 3 describes an extensive literature review on various encryption based authentication schemes devised in VANET. In section 4 comparison of various encryption based authentication schemes in VANET is done. In section 5 we conclude the paper.
Index Terms—Vehicular ad hoc network; VANET; ID- based encryption; security; authentication.
1. INTRODUCTION The term VANET (Vehicular ad-hoc network) refers to the potentiality of a vehicle equipped with onboard unit, which can perform wireless communication with other surrounding vehicles. VANETs are the most prominent permissive technology for Intelligent Transportation Systems. VANETs provide many new impressive applications and opportunities including driver’s safety. VANET applications need security functionality in order to protect the driver, manufacturer, component supplier and service providers [1]. The security of VANET is one of the most critical issues as their information is broadcast in open access environment. In vehicular communication it is decisive that the transmitted messages cannot be reciprocated between prankster and attacker. VANET security requirements are authentication, privacy, nonrepudiation, and availability and location accuracy. These security constraints are imperative and form the backbone of the vehicular communications. Although many
1.1
Background & Motivation
Moharrum et al. [2] classified Encryption based Security Algorithms in VANET into following categories: Public Key Infrastructure (PKI) based schemes which includes symmetric and asymmetric encryptions and non-fully PKI based schemes which includes Identity based or functional encryption schemes as shown in Fig1.
15
2. LITERATURE REVIEW Literature review on various encryption based authentication schemes in VANET: 2.1
Public Key Infrastructure (PKI) based authentication scheme in VANET:
Adrian Perrig et al. [6] Introduced an efficient and secure source authentication for multicast known as TESLA. TESLA uses symmetric key cryptography with delayed key disclosure. As symmetric key encryption is much faster, therefore signatures delay can be avoided in VANET. In TESLA the receiver stores the information send by the source until the corresponding key is disclosed. Although TESLA got wide acceptance because it requires no trust between receivers and uses low cost operations, yet it suffers from non repudiation problem. PKI has some limitations in securing VANET like Privacy- PKI based schemes provides identity privacy only they do not provide location privacy. Revocation- for revocation in VANET a Certificate Revocation List (CRL) has to be issued by Trusted Authority(TA), as TA is centralized so CRL is broadcast by the Road Side Unit(RSU). The distribution of CRL causes long delays so revocation of CRL is difficult and time consuming process.
Fig. 1: Classification of Encryption Based Security Algorithms For authentication in vehicular networks digital signatures are used, earlier RSA and ECC based digital signatures were used in VANET. Nicholas Jansma et al. [3] compares the performance characteristics of two public key cryptosystems (RSA and ECC) used in digital signatures to determine the applicability of each in modern technological devices and protocols that use such signatures. The current IEEE1609.2 standards for secure VANET communications recommend the use of Elliptic Curve Digital Signature Algorithm (ECDSA) for signature verification. The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in FIPS 186-4 [4] as standard for government digital signatures and described in ANSI X9.62. Several schemes have been proposed for authentication in VANET using ECDSA. The extensive research studies revealed that ECDSA reduces the performance of authentication process by pervasive computation overhead, thereby causing verification delay and greatly deteriorate the performance of authentication schemes in VANET [5]. Vehicular Ad-hoc Networks (VANET) is an open network and Public key encryption does not allow partial and selected access. Another weakness of the traditional public key encryption is that it does not provide fine grained access to encrypted data, it only provides coarse grained access. These shortcomings in public key encryption form the basis for the development of ID-based encryption schemes. ID-based encryption is an offbeat exemplar of public key encryption that enables both fine grained access control and selective computation on encrypted data, so ID-based encryption removes the bottleneck of PKI based authentication schemes in VANET.
2.2
ID-based Authentication schemes in VANET:
Jiun-Long Huang et al. [7] presented an anonymous batch authenticated and key agreement (ABAKA) scheme to authenticate multiple requests sent from different vehicles and establish different session keys for different vehicles at the same time. In ABAKA the ECDSA is adopted to reduce the verification delay and transmission overhead. The security of ABAKA is based on elliptic curve discrete logarithm problem. ABAKA can efficiently authenticate multiple requests by one verification operation and negotiate a session key with each vehicle by one broadcast message. In ABAKA each message format is incorporated with timestamp value which ensures the freshness of the messages generated by different vehicles. Lo-Yao Yeh et al. [8] designed an Attribute based access control system for emergency services over vehicular ad-hoc networks (ABACS). ABACS improve the efficiency of vehicular communication by adopting fuzzy identity 16
based encryption. In ABACS the main focus is on the design of the emergency vehicle recruiting phase, rescue mission dispatch phase and on authenticity of the Rescue Related Messages, they are Request Query Message (RQM), Rescue Response Message (RRM) and Mission Assignment Message (MAM). In ABACS scheme large no of messages are send and TTA broadcast the message without using any secure broadcast protocol so the ABACS scheme is susceptible to broadcast attacks. Xuedan Jia et al. [9] presented an efficient privacy preserving authentication scheme for VANET based emergency communication (EPAS). EPAS adopt both ECDSA signature scheme and batch verification to provide effective authentication. EPAS is quite similar to ABACS, but it employs two schemes, in first scheme the V2D communication occurs in which the messages can be verified one by one or in a batch by Disaster Relief Authority (DRA) and in second scheme the vehicle group communication is necessary, as during rescue process vehicles need to communicate with each other for timely exchange of information. In EPAS scheme the results obtained are not simulated only proposed mathematical comparison is done. For inter vehicle communications Gamage et al. [10] adopted an identity based ring signature scheme to achieve signer obscurity and fulfill the privacy requirement for VANET application. The detriment of this scheme is the unconditional privacy as a result the traceability requirement become challenging in VANET. Kamat et al. [11][12] proposed secure pseudonyms and identity base framework for vehicular ad hoc networks to provide security and privacy of such networks and provides fringe over traditional PKI based and symmetric based system. The advantage of their proposed scheme is that no special storage is required in vehicles or in the infrastructure. Authors recommend that the framework proposed in [12] can be used to secure existing Vehicular Information Transfer Protocol (VITP). However, their framework is strongly dependent on infrastructure for short lived pseudonym generation which causes signaling overhead devastating. Jinyuan Sun et al. [13] proposed an identity based security system for user privacy in vehicular ad hoc networks. The proposed system is based on identity based
encryption and threshold signature technique for non frameability. Xiaodong lin et al. [14] developed a secure and privacy preserving protocol for vehicular communications (GSIS). It is based on group signatures and identity based signature techniques. This scheme guarantees anonymous authentication and liability but shows linear increase in the verification time with the increased number of revoked vehicles in the network. Huang Lu et al. [15] proposed novel ID-based authentication framework with adaptive privacy preservation for VANETs. In this scheme adaptive, self generated pseudonyms are used as identifiers instead of real world IDs. The proposed framework is based on both the ID-based signature (IBS) scheme and the ID-based Online/Offline signature (IBOOS) scheme. In the proposed framework the IBS scheme is used for V2R and R2V authentication, whereas IBOOS scheme is used for V2V authentication. One of the advantages of this framework is reusability, that it can be reused with new IBS and IBOOS schemes for security and performance improvements. Chenxi Zhang et al. [16] introduced an efficient identity based batch signature verification (IBV) scheme for vehicular sensor networks. In this scheme RSU can verify multiple received signatures at the same time thereby reducing the verification time fiercely. Subir Biswas et al. [17] proposed an ID based authentication scheme for safety messages in WAVE enabled VANETs. The proposed scheme uses proxy signatures to provide flexibility in message authentication. This scheme is also similar to [16], but it has incorporated the use of current location information of a signer as the signer’s ID in order to sign and verify the proxy signatures. In this scheme an application zone is devised and a message is valid for a particular zone. So the authors of [17] discovered a technique for determining the position tolerance of message application along with verification procedure, using which an OBU can find if a received message is legitimate for the current location or not. Bhavesh et al. [18] Introduces a novel protocol for authentication with multiple levels of anonymity (AMLA) in VANET. AMLA provides different levels of anonymity to different vehicles whereby each vehicle is allotted pseudonym with an associated lifetime. Each pseudonym is associated with expiration date. 17
3. COMPARISON OF VARIOUS ENCRYPTION BASED AUTHENTICATION SCHEMES IN VANET
2.3.1
ABAKA [7] scheme has less transmission overhead than ECDSA, it is reduced to 31% from 138% when the number of requests is more than 10. So ABAKA has low transmission overhead than ECDSA, as long as the number of requests are more than 13 the transmission overhead of ABAKA is 68.9% lower than ECDSA. In ABACS [8] scheme as the number of queried emergency vehicles (EVs) is greater than 61 the transmission overhead is only 1.4%( when d=4) and 2.6 % (when d=10) that of ECDSA, so ABACS has less transmission overhead as compared to ECDSA. EPAS [9] scheme also has less transmission overhead than ECDSA. In the terms of bytes, the total transmission overhead of ECDSA is 167 bytes whereas EPAS causes only 82 bytes of transmission overhead. Transmission overhead in case of IBV scheme proposed by Zhang et al. [16] includes a signature and a certificate appended to the original message, while the message itself is not counted. Since no certificate is required for messages in IBV scheme so the transmission overhead of IBV is 25.1% less than that of ECDSA. Scheme proposed by Subir Biswas et al. [17] also has less transmission overhead than ECDSA as only one extra point multiplication and one additional hash operation is required. In AMLA scheme proposed by Bhavesh et al. [18] only three cryptographic components are attached with each message they are pseudonym(14 bytes), a time stamp(4 bytes) and digital signature(128 bytes), so a total transmission overhead of 146 bytes is incurred on each broadcasted message, whereas transmission overhead in case of ECDSA is 1048 bytes and in case of IBV [16] is 63 bytes for single message.
Two different comparison are done on the basis of following parameters: 2.3
Performace based comparison of ECDSA with ID-based authentication schemes in VANET
Table 1: Performance based comparison of ECDSA with ID-based authentication schemes in VANET S . N o .
Schem e
Transmiss ion overhead
Verifi catio n delay
Application Type
1
ECDSA [3] ABAKA [7]
More
More
Less than ECDSA
Equal to ECD SA
Safety applications Value added applications
3
ABACS[ 8]
Less than ECDSA
More than ECD SA,
Emergency applications
4
EPAS[9]
Less than ECDSA
Less than ECD SA
Emergency applications
5
Zhang et al. [16]
Less than ECDSA
Less than ECD SA
Safety Applications
6
Subir Biswas et al. [17]
Less than ECDSA
Less than ECD SA
Safety Applications
7
Bhaves h et al. [18]
Less than ECDSA
Less than ECD SA
Safety Applications
2
Transmission overhead
2.3.2
Verification Delay
In ABAKA [7] scheme the verification delay is the combination of the original verification cost and the expected verification cost for re-batch verifications. The verification cost of ABAKA [7] is less than other batch based schemes but it is quite similar to ECDSA due to the re-batch verification. Verification delay in case of ABACS [8] depends upon the message loss ratio. In ABACS scheme a dedicated mission assignment message (MAM) is required by every Emergency vehicle
Most of the authentication schemes in VANET are based on ECDSA, but ECDSA hinders the performance of authentication process. Therefore, performance based comparison on various authentication schemes in VANET which are based on ECDSA signature scheme is done in Table 1. Transmission overhead and verification delay are the major parameters on which the comparison is done.
18
so the message loss ratio is quite low in AMLA [18] as compared to ECDSA
(EV), as the average message loss ratio in disaster events is more so the verification delay increases as compared to ECDSA. The EPAS [9] scheme uses lightweight point multiplications to sign and verify messages, as result EPAS [9] scheme is 70% faster than ECDSA.
2.4
A Qualitative comparison of IDbased Authentication schemes in VANET
Due to the inherent shortcoming of ECDSA based authentication schemes, ID-based authentication schemes have been proposed to reduce PKI overheads, computational overhead, transmission overhead, verification delay and remove storage constraints. A qualitative comparison of ID-based authentication schemes in VANET is done in Table 2. Each scheme is unique and removes the bottlenecks of PKI based scheme and covers the new aspects of VANET security paradigm.
Verification delay in case of IBV [16] is less than ECDSA, when the number of messages is greater than 40 then the speed of IBV [16] is 35.6% faster than ECDSA. As verification procedure does not require the modular inverse operations in [17] so the scheme proposed in [17] has less verification delay than ECDSA. Verification delay is case of AMLA [18] is computed on the basis of message loss ratio. Message loss ratio is 10.853ms when the inter-message interval is 300ms,
Table 2: A Qualitative Comparison of ID-based Authentication schemes in VANET Schemes
Authentication
Confidentiality
Infrastructure Support
Non Repudiation
Application type
Gamage et al. [10]
Yes
No
Yes (For obtaining signer ambiguity)
Yes
Safety applications
P. Kamat et al. [12]
Yes
Yes
Yes(For obtaining pseudonyms)
Yes
Privacy and safety applications
Jinyuan Sun et al. [13]
Yes
Yes
Yes(For obtaining threshold signatures)
Yes
Privacy and safety applications
Xiaodong lin et al. [14]
Yes
No
Yes(For membership revocation)
Yes
Privacy and safety applications
Huang LU et al. [15]
Yes
No
Yes(For obtaining pseudonyms
Yes
Privacy and safety applications
Zhang et al. [16]
Yes
No
Yes(For obtaining pseudo identities)
Yes
Cooperative driving applications
Subir Biswas et al. [17]
Yes
No
Yes(For obtaining proxy signatures)
Yes
Safety applications
Bhavesh et al. [18]
Yes
No
Yes(For renewal of pseudonyms)
Yes
Safety applications
19
http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS .186-4.pdf.
4. CONCLUSIONS In the near future, it is expected that Vehicular ad hoc networks will expand in India also. As the Intelligent Transportation system (ITS) is the need of today, driver’s safety, security and comfort are become basic entities for which the security of these networks becomes imperative as human’s lives may be at stake due to it. In this paper we have made an extensive literature review on the current proposed encryption based authentication scheme in VANET. After review a performance based comparison on various schemes is done to access their achievements and it was found that the ID-based encryption authentication schemes proposed in VANET are more efficient than authentication scheme based on ECDSA only as these schemes has less transmission overhead and verification delay. Although ID-based scheme is better than PKI scheme yet they suffer from some deficiencies like Key-escrow problem and pseudonym management are still the critical issues to cater with. Communication overhead is also quite high in id-based schemes due to the complex bilinear pairing operations involved in them. Actually the ID-based encryption is the subset of functional encryption scheme and there is ample research in the field of functional encryption which incorporates many good features that can greatly enhance the utility of ID-based authentication scheme in VANET. Another subset of ID-based encryption is Hidden Vector Encryption (HVE) which is still not used in any of the security schemes in VANET. So in future, HVE can be used to device a new authentication scheme for VANET.
A. Weimerskirch, J. J. Haas, Y.-C. Hu, and K. P. Laberteaux, “Data Security in Vehicular Communication Networks,” VANET - Veh. Appl. Inter-Networking Technol., pp. 299–363, 2010.
[2]
M. Moharrum and A. Al Daraiseh, “Toward Secure Vehicular Ad-hoc Networks: A Survey,” IETE Tech. Rev., vol. 29, no. 1, p. 80, 2012.
[3]
N. Jansma and B. Arrendondo, “Performance comparison of elliptic curve and RSA digital signatures,” 2004.
[4]
D. S. S. Federal Information Processing Standards Publication, “FIPS PUB 186-4,” 2013. [Online]. Available:
A. Studer, F. Bai, B. Bellur, and A. Perrig, “Flexible, extensible, and efficient VANET authentication,” J. Commun. Networks, vol. 11, no. 6, pp. 574–588, Dec. 2009.
[6]
A. Perrig, R. Canetti, D. X. Song, and J. D. Tygar, “Efficient and Secure Source Authentication for Multicast,” in Proceedings of the Network and Distributed System Security Symposium, NDSS 2001, San Diego, California, USA, 2001, pp. 35–46.
[7]
J.-L. Huang, L.-Y. Yeh, and H.-Y. Chien, “ABAKA: An Anonymous Batch Authenticated and Key Agreement Scheme for Value-Added Services in Vehicular Ad Hoc Networks,” IEEE Trans. Veh. Technol., vol. 60, no. 1, pp. 248– 262, Jan. 2011.
[8]
L.-Y. Yeh, Y.-C. Chen, and J.-L. Huang, “ABACS: An Attribute-Based Access Control System for Emergency Services over Vehicular Ad Hoc Networks,” IEEE J. Sel. Areas Commun., vol. 29, no. 3, pp. 630–643, 2011.
[9]
X. Jia, X. Yuan, L. Meng, and L. Wang, “EPAS: Efficient Privacy-preserving Authentication Scheme for VANETs-based Emergency Communication,” J. Softw., vol. 8, no. 8, pp. 1914–1922, Aug. 2013.
[10] C. Gamage, B. Gras, B. Crispo, and A. S. Tanenbaum, “An Identity-based Ring Signature Scheme with Enhanced Privacy,” in 2006 Securecomm and Workshops, 2006, pp. 1–5. [11] P. Kamat, A. Baliga, and W. Trappe, “An identity-based security framework For VANETs,” in Proceedings of the 3rd international workshop on Vehicular ad hoc networks - VANET ’06, 2006, pp. 94–95. [12] P. Kamat, A. Baliga, and W. Trappe, “Secure, pseudonymous, and auditable communication in vehicular ad hoc networks,” Secur. Commun. Networks, vol. 1, no. 3, pp. 233–244, May 2008. [13] Jinyuan Sun, Chi Zhang, Yanchao Zhang, and Yuguang Fang, “An Identity-Based Security System for User Privacy in Vehicular Ad Hoc Networks,” IEEE Trans. Parallel Distrib. Syst., vol. 21, no. 9, pp. 1227–1239, Sep. 2010. [14] Xiaodong Lin, Xiaoting Sun, Pin-Han Ho, and Xuemin Shen, “GSIS: A Secure and PrivacyPreserving Protocol for Vehicular Communications,” IEEE Trans. Veh. Technol., vol. 56, no. 6, pp. 3442–3456, Nov. 2007.
5. REFERENCES [1]
[5]
[15] H. Lu, J. Li, and M. Guizani, “A novel ID-based authentication framework with adaptive privacy preservation for VANETs,” in 2012 Computing, Communications and Applications Conference, 2012, pp. 345–350. [16] C. Zhang, R. Lu, X. Lin, P.-H. Ho, and X. Shen, “An Efficient Identity-Based Batch Verification Scheme for Vehicular Sensor Networks,” in IEEE INFOCOM 2008 - The 27th Conference on Computer Communications, 2008, pp. 816–824. [17] S. Biswas, J. Mišić, and V. Mišić, “An identitybased authentication scheme for safety messages in WAVE-enabled VANETs,” Int. J.
20
Parallel, Emergent Distrib. Syst., vol. 27, no. 6, pp. 541–562, Dec. 2012. [18] N. B. Bhavesh, S. Maity, and R. C. Hansdah, “A Protocol for Authentication with Multiple Levels of Anonymity (AMLA) in VANETs,” in 2013 27th International Conference on Advanced Information Networking and Applications Workshops, 2013, pp. 462–469.
21
