Self authentication in the iots
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (2.62 MB, 99 trang )
VIETNAM NATIONAL UNIVERSITY HO CHI MINH CITY
HO CHI MINH CITY UNIVERSITY OF TECHNOLOGY
TRAN VAN HAU
SELF-AUTHENTICATION IN
THE IOTS/TRANSPORTATION SYSTEM
Major: Computer Science
Major code: 8480101
MASTER’S THESIS
HO CHI MINH CITY, July 2023
THIS THESIS IS COMPLETED AT
HO CHI MINH CITY UNIVERSITY OF TECHNOLOGY – VNU-HCM
Supervisor: Dr. TRUONG TUAN ANH
Examiner 1: Assoc. Prof. Dr. NGUYEN TUAN DANG
Examiner 2: Dr. PHAN TRONG NHAN
This master’s thesis is defended at HCM City University of Technology, VNUHCM City on July 11th, 2023.
Master’s Thesis Committee:
1. Chairman: Assoc. Prof. Dr. TRAN MINH QUANG
2. Secretary: Dr. NGUYEN THI AI THAO
3. Examiner 1: Assoc. Pror. Dr. NGUYEN TUAN DANG
4. Examiner 2: Dr. PHAN TRONG NHAN
5. Commissioner: Dr. DANG TRAN TRI
Approval of the Chairman of Master’s Thesis Committee and Dean of Faculty
of Computer Science and Engineering after the thesis being corrected (If any).
CHAIRMAN OF THESIS COMMITTEE
Assoc. Prof. Dr. TRAN MINH QUANG
DEAN OF FACULTY OF COMPUTER
SCIENCE AND ENGINEERING
Page |i
VIETNAM NATIONAL UNIVERSITY - HO CHI MINH CITY
HO CHI MINH CITY UNIVERSITY OF TECHNOLOGY
SOCIALIST REPUBLIC OF VIETNAM
Independence – Freedom - Happiness
THE TASK SHEET OF MASTER’S THESIS
Full name: TRAN VAN HAU
Date of birth: April 2nd, 1997
Major: Computer Science
Student ID: 1970505
Place of birth: HCM City
Major ID: 8480101
I. THESIS TITLE:
SELF-AUTHENTICATION IN THE IOTS/TRANSPORTATION SYSTEM
BẢO VỆ TÍNH RIÊNG TƯ TRONG TỰ XÁC THỰC CỦA HỆ THỐNG GIAO
THÔNG THÔNG MINH
II. TASKS AND CONTENTS:
1. Research and evaluate authentication schemes in Intelligent Transportation System.
2. Research on mathematics for self-authentication.
3. Research on applying Blockchain in Intelligent Transportation System.
4. Propose a self-authentication scheme with Blockchain support.
5. Implement and evaluate the proposed scheme with respect to security.
III. THESIS START DAY: February 6th, 2023
IV. THESIS COMPLETION DAY: June 10th, 2023
V. SUPERVISOR: Dr. TRUONG TUAN ANH
Ho Chi Minh City, June 9th, 2023
SUPERVISOR
(Full name and signature)
CHAIR OF PROGRAM COMMITTEE
(Full name and signature)
Dr. Truong Tuan Anh
DEAN OF FACULTY OF COMPUTER SCIENCE AND ENGINEERING
(Full name and signature)
P a g e | ii
ACKNOWLEDGEMENTS
I would like to express my profound gratitude to my thesis instructor
Dr.Truong Tuan Anh for his invaluable guidance and support throughout every stage
of the thesis process.
A special thanks goes to my family and friends at the BKU, who have faith in
me and been a constant source of encouragement on this journey.
I would also like to acknowledge my colleagues at TMA Solutions, who have
shared with me the tasks so that I can focus on this research.
Last but not least, I want to thank all other individuals from the faculty and
IMP who have in one way or the other contributed to this research effort. Without
their support, this achievement would not have been possible.
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
P a g e | iii
ABSTRACT
With the evolution of the world, technology has become an integral part of a
new transportation model called Intelligent Transportation System (ITS). Within ITS,
Vehicular Adhoc Network (VANET) is a crucial infrastructure component that
provides features such as traffic monitoring and road safety messages. However, the
process of broadcasting is susceptible to privacy threats because the user's identity is
transmitted in clear text. Therefore, alongside Connectivity and Bottleneck, Privacy
can be seen as a significant challenge in ITS. Privacy and authentication are closely
linked, as vulnerabilities can be exposed during anomalous actions followed by
successful authentication. Hence, to protect the privacy, authentication with a
Pseudonym-based System is deployed, relying on a Trusted Authority (TA) as a
pseudonym supervisor. However, the connection between TA and vehicles can lead
to Connectivity or Bottleneck issues in rural and urban areas respectively. As a result,
authentication is considered as a front line of defense against Privacy breaches, but
Connectivity and Bottleneck concerns necessitate self-authentication, which
authenticates independently of TA.
The thesis examines Privacy by analyzing related studies and devises an
improved self-authentication method to protect it based on Pseudonym-based System
and Blockchain. The proposed scheme employs BLS Signatures for efficient
synchronization between different stages of the system, from registration to
revocation; while requiring only a single connection to TA during the registration
stage. Furthermore, the Smart Contract running on Blockchain lessens the burden on
TA to give room for ITS monitoring functions.
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
P a g e | iv
TÓM TẮT LUẬN VĂN
Với sự phát triển của thế giới, công nghệ đã trở thành một phần khơng thể
thiếu trong mơ hình giao thơng mới được gọi là Hệ thống Giao thông Thông minh
(ITS). Trong ITS, Mạng Adhoc dành cho phương tiện giao thông (VANET) là một
thành phần cơ sở hạ tầng quan trọng cung cấp các tính năng như giám sát giao thơng
và thơng báo an tồn đường bộ. Tuy nhiên, q trình phát sóng dễ bị đe dọa về quyền
riêng tư vì danh tính của người dùng được truyền dưới dạng văn bản thường. Do đó,
bên cạnh vấn đề về Kết nối, Quyền riêng tư có thể được coi là một thách thức đáng
kể trong ITS. Quyền riêng tư và xác thực được liên kết chặt chẽ, vì các lỗ hổng có thể
dễ dàng khai thác thông qua các hành vi bất thường sau khi xác thực thành cơng. Do
đó, để bảo vệ Quyền riêng tư, xác thực bằng Hệ thống dựa trên bút danh được triển
khai, dựa vào Cơ quan đáng tin cậy (TA) với tư cách là người giám sát bút danh. Tuy
nhiên, kết nối giữa TA và phương tiện vẫn tồn đọng những vấn đề về hiện thực ở cả
nông thơn và thành thị. Nhìn chung, xác thực được coi là tiền tuyến bảo vệ chống lại
các vi phạm Quyền riêng tư, nhưng các mối lo ngại về Kết nối đòi hỏi phải tự xác
thực, một cách độc lập với TA.
Luận án xem xét Quyền riêng tư bằng cách phân tích các nghiên cứu liên quan
và đề xuất một Hệ thống tự xác thực cải tiến để bảo vệ Quyền riêng tư dựa trên Hệ
thống dựa trên bút danh và Blockchain. Hệ thống đề xuất sử dụng Chữ ký BLS để
đồng bộ hóa hiệu quả giữa các giai đoạn khác nhau của tự xác thực, từ đăng ký đến
thu hồi; trong khi chỉ yêu cầu một kết nối duy nhất đến TA trong giai đoạn đăng ký.
Hơn nữa, Hợp đồng thông minh chạy trên Blockchain sẽ giảm bớt tác vụ cho TA để
nhường chỗ cho các chức năng giám sát chính của ITS.
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
Page |v
COMMITMENT
I understand that plagiarism is an unethical academic practice and is
considered a serious offense. Therefore, I hereby commit to avoiding any instances
of plagiarism in my thesis. All information sources and references utilized in this
thesis will be appropriately cited, ensuring that the work is entirely original and free
from any plagiarism.
I also plight to conduct an extensive review of any literature I have referenced
or utilized, ensuring that any quotes and ideas are cited accordingly. Furthermore, I
will adhere to proper academic standards and guidelines, including but not limited to
proper citation format, citation style, and ethical consideration for the authorship of
cited materials.
Should any plagiarism be detected in this thesis, I fully acknowledge that it
could result in severe consequences, including disqualification of the work.
Therefore, I pledge to take full responsibility for ensuring that this thesis is entirely
original, authentic, and free from any plagiarism.
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
P a g e | vi
Table of Contents
THE TASK SHEET OF MASTER’S THESIS .......................................................i
ACKNOWLEDGEMENTS ......................................................................................ii
ABSTRACT ............................................................................................................. iii
COMMITMENT ....................................................................................................... v
Table of Contents .....................................................................................................vi
Table of Figures ........................................................................................................ix
Table of Tables .......................................................................................................... x
1 Introduction ............................................................................................................ 1
1.1 Context ............................................................................................................. 1
1.2 Problem statement .......................................................................................... 2
1.3 Thesis contribution ......................................................................................... 5
1.3.1 Scientific significance .............................................................................. 5
1.3.2 Practical significance ............................................................................... 5
1.4 Thesis structure ............................................................................................... 6
2 Overview of authentication schemes in ITS ........................................................ 7
2.1 Related works .................................................................................................. 7
2.1.1 Public Key Infrastructure (PKI) ............................................................ 7
2.1.2 Group Signatures .................................................................................... 8
2.1.3 Cooperation .............................................................................................. 9
2.1.4 Pseudonym-based System ..................................................................... 10
2.1.5 Blockchain .............................................................................................. 12
2.2 Research statement ....................................................................................... 15
3 Self-authentication scheme in ITS with Blockchain support ........................... 17
3.1 Preliminaries ................................................................................................. 17
3.1.1 Elliptic Curve (EC) ................................................................................ 17
3.1.1.1 Definition......................................................................................... 17
3.1.1.2 Group Law ...................................................................................... 19
3.1.1.3 Elliptic Curve over Finite Field .................................................... 22
3.1.1.4 Elliptic Curve Cryptography (ECC) ............................................ 24
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
P a g e | vii
3.1.2 Bilinear Pairing ...................................................................................... 25
3.1.2.1 Definition......................................................................................... 25
3.1.2.2 Application ...................................................................................... 27
3.1.2.3 Pairing-Based Cryptography (PBC) ............................................ 28
3.1.3 BLS Signatures ...................................................................................... 29
3.1.3.1 Definition......................................................................................... 29
3.1.3.2 Construction ................................................................................... 30
3.1.3.3 Security ........................................................................................... 32
3.1.3.4 BGLS Signatures definition .......................................................... 33
3.1.3.5 BGLS Signatures construction ..................................................... 34
3.1.4 Curve BLS12-381 .................................................................................. 35
3.1.4.1 Definition......................................................................................... 35
3.1.4.2 Characteristics ................................................................................ 36
3.1.4.3 Utilization ........................................................................................ 37
3.1.4.4 Security ........................................................................................... 38
3.2 System model ................................................................................................. 39
3.3 Proposed self-authentication scheme .......................................................... 40
3.3.1 System initialization .............................................................................. 41
3.3.2 Vehicle registration ............................................................................... 42
3.3.3 Message exchange .................................................................................. 46
3.3.4 Revocation List (RL) ............................................................................. 51
3.4 Scheme evaluation......................................................................................... 53
3.5 Security analysis ............................................................................................ 56
3.5.1 Security on BLS Signatures .................................................................. 56
3.5.2 Location privacy .................................................................................... 57
3.5.3 Conditional privacy ............................................................................... 57
3.5.4 Unlinkability and forward unlinkability ............................................. 57
4 Demo implementation .......................................................................................... 59
4.1 Step construction........................................................................................... 59
4.2 Source code .................................................................................................... 71
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
P a g e | viii
5 Conclusion and Future work............................................................................... 72
5.1 Conclusion ..................................................................................................... 72
5.2 Future work ................................................................................................... 72
References ................................................................................................................ 74
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
P a g e | ix
Table of Figures
Figure 1.1 Enhanced VANET model with Trusted Authority supported [25]...........4
Figure 2.1 Illustration of GSIS protocol under Group Signature scheme [18] ..........9
Figure 2.2 Illustration of sample authentication protocol under Pseudonym-Identity
scheme [23] ...............................................................................................................11
Figure 2.3 Illustration of key derivation with Smart Contract supported [38] ........13
Figure 2.4 Illustration of Blockchain-enabled edge computing based on
Cooperation scheme [44] ..........................................................................................14
Figure 3.1 A catalog of elliptic curves with the region shown is x, y ∈ [−3,3] [50]18
Figure 3.2 Two types of a Singular Curve (Cusp and Node) [52] ...........................19
Figure 3.3 Group Law on point addition of P+Q+R=0 [53] ....................................20
Figure 3.4 Group Law on point addition with P=Q comes to a tangent to EC [53] 21
Figure 3.5 Point P(3, 6) repeating cyclically within 5 points after multiplying [56]
...................................................................................................................................23
Figure 3.6 Relationship between order and subgroup order on cyclic curves [56] .24
Figure 3.7 Elliptic Curve Cryptography in comparison with Pairing-Based
Cryptography [65] .....................................................................................................28
Figure 3.8 BLS Signatures on Message Signing step [72] ......................................31
Figure 3.9 BLS Signatures on Signature Verification step [72] ..............................32
Figure 3.10 BGLS Signatures (Aggregate BLS Signatures) illustration [71]..........35
Figure 3.11 ITS system model with Blockchain supported feature .........................39
Figure 3.12 Proposed scheme on System initialization stage ..................................42
Figure 3.13 Proposed scheme on Vehicle Registration stage ..................................46
Figure 3.14 ITS system model on proposed scheme................................................46
Figure 3.15 Proposed scheme on Message exchange stage (Normal condition) .....48
Figure 3.16 Proposed scheme on Message exchange stage (No-Internet condition)
...................................................................................................................................51
Figure 3.17 Proposed scheme on Revocation List (RL) update stage .....................53
Figure 3.18 Performance test of proposed scheme on local environment ...............55
Figure 3.19 Performance test of proposed scheme on Blockchain network ............55
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
Page |x
Table of Tables
Table 3.1 Performance of proposed scheme compared to others .............................54
Table 3.2 Cost of deployment test for proposed scheme on Ethereum network ......56
Table 3.3 Cost of deployment for proposed scheme on different Blockchain
networks ....................................................................................................................56
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
Page |1
1 Introduction
1.1 Context
New technologies are constantly emerging, leading to a world that moves at a
rapid pace. The movement of billions of related journeys each day makes
transportation the most complex system on the planet. Technology has brought about
the development of Intelligent Transportation Systems (ITS), which involves
equipping vehicles with electronic devices. The changes in transportation policy
beginning in the 1980s were brought about due to safety and environmental concerns,
and the realization that traditional transportation programs were not well-suited for
future needs. The cost-effective nature of technology has supported the advancement
of traffic management, with new technology developments such as microprocessors,
computers, sensors, and communication technologies having direct implications for
transportation [1, 2]. The global market size of ITS is currently estimated at USD 23
billion, and may likely reach USD 100 billion by 2030 [3-5]. The adoption of ITS is
expected to expand in regions such as Asia Pacific and Europe, with North America
holding a 40% market share of the worldwide market by 2021. Advanced
Transportation Management Systems (ATMS) which is the most widely used ITS
category because they effectively monitor traffic flow and detect incidents.
Generally, ITS applications offer solutions to reduce environmental impact, promote
overall mobility and improve road safety.
ITS development involves improving infrastructure, and Vehicular Adhoc
Network (VANET) is considered a core infrastructure component. VANET has its
origins in Mobile Adhoc Network (MANET), and security discussions about ITS and
VANET often utilize the two terms interchangeably. As an element of IoTs
transportation, VANET is specifically an application that equips vehicles with
Onboard Communication Unit (OBU) to enable Vehicle-to-Vehicle communication
(V2V), thus expanding the potential range of ITS applications. On the other hand,
Roadside Units (RSU) are installed in infrastructure such as roads to facilitate
Vehicle-to-Infrastructure communication (V2I). Notable VANET implementations
in ITS include road safety and traffic monitoring and management, among others [6].
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
Page |2
With V2V communication notifying drivers of traffic conditions both nearby and
farther down the road, road safety applications aim to reduce the number of accidents.
Similarly, traffic monitoring and management based on wireless technology can
provide precise real-time information to aid in reducing congestion and widening the
capacity of roads.
However, as ITS and particularly VANET continue to grow significantly, the
potential for attacks on these systems widens. Ensuring the security of VANET
requires addressing a range of attackers to protect against potential assaults. Attackers
can be broadly categorized as either Insider/Outsider, Active/Passive, or
Malicious/Rational types [7, 8]. For VANET, security requirements must consider
availability, confidentiality, authenticity, and other critical factors, and a lack of
attention to security makes VANET more vulnerable to different attack types.
Examples of attacks that may exploit features of VANET include Denial-of-Service
(DoS) and Jamming attacks that target availability, Eavesdropping attacks that target
confidentiality, and Sybil attacks and Location Service spoofing attacks that exploit
issues concerning authenticity [9]. In brief, VANET relies on dependable
connections, with data delivery that is both secure and swift in real-time. Addressing
security enhancement is crucial to developing a solid framework for further ITS
advancements in the future.
1.2 Problem statement
When considering security enhancement for VANET, there is a tradeoff
between security and privacy that must be addressed. As mentioned earlier, the OBU
on individual vehicles is responsible for processing traffic information and
exchanging it with other vehicles or RSUs through a message protocol. A typical
message format consists of two fields: the vehicle's identity (ID) and the message
content. An issue arises when a message is sent from vehicle A to vehicle B. From
A's perspective, in the verification process, the exchanged message may be
eavesdropped on to uncover the vehicle's real identity. Conversely, B may have
concerns about whether the arrived message is malicious, leading to false alarms on
the OBU processing. To address this security-privacy tradeoff, an intermediate
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
Page |3
authority is implemented between A and B for message exchange. A Trusted
Authority (TA) is utilized in the model, as shown in Figure 1.1, to authenticate
responses and ensure anonymity among vehicles that operate under VANET. While
this solution may seem simple to implement and adequate for upgrading VANET
requirements, it has three significant drawbacks: Privacy, Connectivity, and
Bottlenecks.
Privacy
The term "privacy" encompasses a broad range of security requirements,
including an individual's right to manage their personal information and decide how
much of it can be shared for communication purposes [10]. In VANET, privacy refers
to the confidentiality of the sender's personal information, such as their first and last
name, license plate number, vehicle identification number, etc. [11]. Privacy and
authentication are closely related because privacy vulnerabilities can be exposed
during an anomalous action that is followed by successful authentication. Also,
authentication provides anonymity by using a pseudonym rather than the actual
identity of the sender. There are two primary steps in the authentication process,
namely signing and verifying exchanged messages. Despite the sensitivity of trafficrelated communications in VANETs, they are transmitted. Safety message
broadcasting is vulnerable to threats such as message alteration by an attacker, the
creation of a fake message by a spoof, denial of message generation, and inaccurate
position information [12]. As a result, authentication is considered a front-line
defense that protects privacy against intruders and helps prevent so-called
masquerade attacks. In addition, Connectivity and Bottleneck concerns emphasize
the need for self-authentication - the process of authenticating on the vehicle itself
and independent of TA.
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
Page |4
Figure 1.1 Enhanced VANET model with Trusted Authority supported [25]
In VANET, the concept of anonymity can be implemented through the use of
pseudonyms, which is a technique that preserves an individual's privacy [10]. The
sender's identity must remain concealed from the recipient, except for the Trusted
Authority (TA) positioned in between. If a dangerous or necessary behavior takes
place within the system, TA can trace and reveal the sender's true identity from their
pseudonym, which puts the idea of conditional privacy into practice. Many studies
have demonstrated the potential of pseudonyms in protecting the connection between
message broadcasts in VANETs, which may include safety information, such as the
vehicle's position and the sender's identity. Without pseudonyms, hostile actors could
track particular cars while using simple pseudonym implementations [13]. Therefore,
research on pseudonyms in VANETs has expanded to include more intriguing ideas
on when and how to update a vehicle's pseudonym, and comparisons with other
systems are discussed under the Related Works section.
Connectivity
Connectivity is an issue that arises with the intermediate between the TA and
other components within VANET, rather than in the telecommunication between
V2V and V2I. As the primary role of the TA is network verification, in cases where
it becomes disconnected, the verification step fails, resulting in misbehavior. The
connectivity concern highlights the importance of ensuring the availability of
VANET for the ease of implementation in rural areas.
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
Page |5
Bottleneck
A bottleneck in VANET occurs when numerous vehicles attempt to connect
and authenticate simultaneously. Upgrading the infrastructure with load balancing
algorithms can address part of the problem. However, the endpoint of the process
before sending a data message is the authentication stage, which means that
researchers tend to focus on finding solutions to the authentication problem rather
than hardware updates. The bottleneck concern highlights the importance of ensuring
the availability of VANET, particularly for implementation in urban areas.
1.3 Thesis contribution
1.3.1 Scientific significance
Authentication is a top priority in the field of VANET security because it is
indisputable. This thesis aims to advance knowledge and reduce the security burden
associated with the fast-paced development of VANET, if successful, by providing
relevant information on the authentication industry. It will compare various
authentication methods, highlighting their advantages and disadvantages in the
process. Later, a cutting-edge approach will be implemented to showcase a novel way
of authenticating in a VANET application.
1.3.2 Practical significance
As previously mentioned, the attack surface of VANET expands as technology
progresses. Educating individuals about this field is equivalent to providing them
with the necessary tools to defend themselves in everyday situations. In any case, the
more people who are prepared to participate in VANET, the easier it will be for the
government to address environmental and socio-economic development issues.
Currently, the level of self-awareness regarding privacy protection laws is not
satisfactory. Raising awareness is a time-consuming task, and one way to address this
issue is by conducting more research on privacy preservation. By doing so, global
citizens may become more informed of the matter and equip themselves with the
necessary information to manage their personal data independently. As a result, this
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
Page |6
thesis is expected to contribute to the effort of raising awareness and creating a
brighter future in ITS.
1.4 Thesis structure
Introduction provides a brief overview of the context and contribution of the
research topic, which involves developing a secure and automated authentication
scheme for Intelligent Transportation Systems (ITS), which can be extended to the
Internet of Things (IoT) scenario. The subsequent chapter, Overview of
authentication schemes in ITS, offers a comprehensive view of the recent
authentication schemes and outlines the thesis's purpose. From that point of view,
Self-authentication scheme in ITS with Blockchain support presents a series of
mathematical background, system modeling, and security analysis to develop the
ultimate proposal for the research topic. Additionally, Demo implementation
demonstrates the prototype for feasibility testing to supplement the previous chapter.
Finally, Conclusion and Future work proposes ways to improve the work in future
research.
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
Page |7
2 Overview of authentication schemes in ITS
2.1 Related works
2.1.1 Public Key Infrastructure (PKI)
Based on the idea of "Digital signatures as a building block," the authors
develop a PKI system where Certification Authorities (CA, with the same
functionality as TA) are in charge of granting key certificates to cars [14, 15]. Then,
before sending a safety message, the vehicles sign it and include the CA's certificate.
Additionally, CA can maintain track of a vehicle's connected data, such as true names,
serial numbers, and linked certificates, in order to offer conditional privacy through
key revocation, particularly when system misbehaviors occur. Due to the fact that
digital signatures eliminate the first handshake for overhead-free at authenticated
session setup, PKI has also been shown to be more efficient than any asymmetric
equivalents. However, certificate lifespan and anonymous key set size are now the
two most significant effects on the system itself.
There is a trade-off between key set size and certificate lifespan in particular.
To decrease the system's vulnerability window in the event that an anonymous
public/private key pair is compromised, the certificate lifespan should, on the one
hand, be brief. Each anonymous key should only be used with a series of subsequent
communications; otherwise, if a key is repeated, even on separate days, a global
attacker can extract information. To prevent the use of compromised keys, certificates
should have a limited lifespan of no more than one day. The proposal is made by
extending the key certificate's lifetime across a number of days, as opposed to a key's
typical usage length of a few seconds. The size of the anonymous key set, on the other
hand, needs to be minimal to save on vehicle storage. A car should typically only
replace its anonymous key after a specified amount of messages have been sent using
it. The number of keys each year is around 43800 assuming that a typical driver uses
his or her automobile for two hours every day [14]. Additionally, in order to obtain
the certificate, cars must immediately contact the CA, which results in a significant
increase in the bandwidth used by the internet. Furthermore, a thorough search for
revocation over the numerous key pairs is required if unexpected network activity
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
Page |8
occurs. Because of this, the PKI solution faces two major issues: scalability and
network congestion.
2.1.2 Group Signatures
According to the Group Signature scheme stated in [16, 17], it can provide
anonymity of the signers. As a result, a verifier can judge whether a signer belongs
to a group without knowing who the signer is in the group. However, in an
exceptional situation, TA, which serves as a group manager, can reveal the unique
identity of the signature’s originator. Compared to PKI technique, this one also
reduces the workload of the public key verification and certificate path verification
operations. Authors in [18] have implemented a solution, modeled in Figure 2.1, that
is based on Group Signature (for V2V communication) and Identity-based signature
(for V2I communication) schemes. With regard to V2V, conditional privacy is
offered by allowing a group management to monitor the signer whenever an identity
must be divulged; in contrast, it is computationally challenging for anybody other
than the group manager to identify the real signer. The solution has also been
modified with a memory and processing efficient revocation mechanism. On the
other hand, by using a verification method that double-checks the timestamp and
message type, V2I communication is improved by the prevention of replication and
replay assaults.
However, the Group Signature technique lacks in terms of performance,
because any vehicle application's success is based on how long the protocol's
cryptographic procedures take to complete. The issue with this scheme is the
computational difficulty when using multiple private keys, as indicated in [19],
because a rogue user can engage in any risky behavior or an enemy can impersonate
a compromised lawful group member. In addition, the group's collective signature
and ongoing communication with the TA make it challenging to spot misbehavior, as
well as causing network congestion.
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
Page |9
Figure 2.1 Illustration of GSIS protocol under Group Signature scheme [18]
2.1.3 Cooperation
The usage of pseudonyms between broadcasts is supported by a solution put
out by the authors of [20] that makes use of the silent period approach. Afterward,
use a group idea to expand the previously indicated strategy. The idea emerges while
navigating; the group leader is a single vehicle that can symbolize the entire group.
Randomization is used to choose a group leader from among the participants.
Additionally, if merely the group leader speaks on behalf of the group or group
members, it is adequate. As a result, if vehicles do not switch groups in between two
probe data requests, they may remain silent for a long random amount of time.
Considering that only the group leader responds to the RSU with probe data,
unnecessary overhead and duplication in neighbors' broadcast of potentially duplicate
probe data is eliminated. Additionally, there have been a lot fewer modifications to
pseudonyms used to evade adversary monitoring during broadcasting.
Regardless how effective the solution brings, there may be computational
overhead between chosen leaders if there are not enough people in the organization.
Using a powerful mobility-aware group creation algorithm, like the one suggested
here [21], is one way to overcome this problem. Other than that, the "leader as a
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
P a g e | 10
proxy" idea highlights a lack of end-to-end connectivity between the service provider
and group members, which results in a single point-of-failure for members requesting
services, a well-known issue of Network Address Translation (NAT) routing. Similar
to this, a group leader, if it is a corrupted one, not only needs constant communication
with TA (which causes network congestion), but also compromises the privacy of
every group member.
2.1.4 Pseudonym-based System
Shamir devised the Identity-based approach in 1984 [22] to lessen the cost of
preloading many key pairs and their matching certificates from common PKI
schemes. This method reduces the overhead produced by certificate-required
communications by not using a certificate for message verification and so doing away
with the requirement for key pairs and PKI certificates that go with them [23]. Instead
of a lengthy string that appears random in standard PKI, the notion is that a user's
public key might be an identity-related string, such as their name and email address.
The implicit validation of the public key significantly eliminates the need for the
unnecessary public key management which is illustrated in Figure 2.2 [24]. In order
to prevent attacks based on multiplicative correlations between IDs of various users,
it also advised using a long pseudo-random string rather than an Identity-based one;
for this reason, this strategy is also known as a Pseudo-Identity scheme.
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
P a g e | 11
Figure 2.2 Illustration of sample authentication protocol under PseudonymIdentity scheme [23]
It has been established that Pseudonym-Identity schemes are more
computationally efficient than Group Signature schemes and secure against the
security concerns provided by the clustering approach [25]. There are several existing
researches that address the issue of revocation procedures [26-28]. Additionally,
successful methods for switching pseudonyms during message exchanges, such as
silent periods, mix zones, and ad hoc anonymity [29-31], have been found.
Pseudonym-Identity systems often meet the needs for conditional privacy thanks to
unique revocation techniques, improved switching pseudonyms procedures, and a
lower computing complexity than previous systems. Although Pseudonym-Identity
is among the known systems with the fastest processing complexity, it appears to
have lagged behind the implementation situation in the actual world. Mostly because
it needed a sizable collection of pseudonyms to prevent traceability and had to get in
touch with the TA on a regular basis to refresh the pseudonym set, which caused a
bottleneck and congested the network.
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
P a g e | 12
Authors in [25] proposed that the TA provide a credential to the cars, after
which the vehicles are able to self-generate a number of pseudonyms, in order to
address the trade-off between efficient revocation and autonomy. Without having to
make contact with the cars, the TA is still able to restrict the creation of new
pseudonyms and remove users' anonymity. Despite the proposal's many benefits, it is
unable to synchronize the revocation list across all cars. The authors of [32] therefore
update the existing system with the notion that cars and servers only need to contact
TA once in order to obtain secret information, after which they may sign on the
sending message with their signature based on the secret information. There is no
doubt that the receivers can handle the authentication and there is no need to get in
touch with TA. This may solve the problem of traffic as well as the situation where
the cars cannot connect to the internet in order to contact the TA for verification.
Other methods also aim to increase processing speed, such as [33, 34], which reduces
computational overhead and average latency in both sparse and dense network
scenarios by distributing real identity to pseudonym mappings and condensing the
size of the revocation list by only saving the most recent ones.
2.1.5 Blockchain
Blockchain is a novel method that has grown rapidly in recent years. The idea
of Bitcoin by Satoshi Nakamoto [35] back in 2008 had given it a solid foundation to
evolve into what it is today: a peer-to-peer, distributed ledger that is cryptographically
secure, append-only, immutable (very difficult to modify), and updateable only
through consensus procedures (agreement among peers). The main tool for
simulating real-world conditions onto meaning blocks is a Smart Contract (SC),
which runs on top of the Blockchain. This term can be used in many fields, including
financial services to secure transaction information in a centralized manner, supply
chains to monitor the shipping process, and retailers to combat counterfeit products
[36]. In connection with the ITS, authors in [37, 38] leveraged SC on TA's actions to
load/map a vehicle public key table to compile references to every vehicle's "identitypublic key" association, as illustrated in Figure 2.3. Consequently, giving automated
and prompt replies in response to public key inquiries from cars. Another factor worth
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
P a g e | 13
highlighting is the participation rate. Because VANET is not widely implemented in
some regions, authors in [39, 40] provided a small amount of incentive for each
participant to raise demand on it. Results are stored on the Blockchain network and
the procedure uses VANET authentication as inputs for rewarding.
Figure 2.3 Illustration of key derivation with Smart Contract supported [38]
The new approach, which is specifically targeted towards ITS/VANET
authentication, promises to reduce overall computing cost and eliminate a TA's single
point of failure. With the use of Blockchain, both V2V and V2I can communicate in
an environment where trust isn't completely established. Many authors had adapted
the legacy VANET authentication scheme as a part of new implementation.
According to authors relying on PKI [41], traffic data is gathered by RSUs, and
passing cars will confirm accuracy when receiving event notifications. In addition,
two-phase Blockchain transactions are implemented to deliver warning messages in
the proper areas and at the proper times.
In order to provide appropriate processing and storage capability in
comparison to standard VANET structure, authors in [42] chose Group Signature to
be implemented on Blockchain. Leveraging edge computing architecture, the
certificateless authentication approach uses a unique session key for each vehicle in
order to avoid transmission interference. Alternatively, authors in [43] developed an
Self-Authentication In
The Iots/Transportation System
Ho Chi Minh City University of Technology
International Master Program
