Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Using a Random Secret Pre-Distribution Scheme to Implement Message Authentication in VANETs

Using a Random Secret Pre-Distribution Scheme to Implement Message Authentication in VANETs Appl. Sci. 2015, 5, 973-988; doi:10.3390/app5040973 OPEN ACCESS applied sciences ISSN 2076-3417 www.mdpi.com/journal/applsci Article Using a Random Secret Pre-Distribution Scheme to Implement Message Authentication in VANETs 1 2,3 4, 2,4 Alan Dahgwo Yein , Yu-Hsiu Huang , Chih-Hsueh Lin *, Wen-Shyong Hsieh , 2 2 Chung-Nan Lee and Zhong-Ting Luo Department of Information Management, Shu-Te University, Kaohsiung 82445, Taiwan; E-Mail: alanyein@stu.edu.tw Department of Computer Science and Engineering, National Sun Yat-sen University, Kaohsiung 80424, Taiwan; E-Mails: yhhuang@csu.edu.tw (Y.-H.H.); wshsieh@stu.edu.tw (W.-S.H.); cnlee@cse.nsysu.edu.tw (C.-N.L.); m013040085@student.nsysu.edu.tw (Z.-T.L.) Department of Computer Science and Information Engineering, Cheng-Shiu University, Kaohsiung 83347, Taiwan Department of Computer and Communication, Shu-Te University, Kaohsiung 82425, Taiwan * Author to whom correspondence should be addressed; E-Mail: josuslin@stu.edu.tw; Tel.: +886-7-615-8000 (ext. 4800). Academic Editor: Takayoshi Kobayashi Received: 30 July 2015 / Accepted: 16 October 2015 / Published: 30 October 2015 Abstract: In recent years, the development of the Intelligent Transportation System (ITS) has increased the popularity of vehicular ad hoc networks (VANET). A VANET is designed to enable vehicles to exchange information about traffic or vehicle conditions to help other vehicles avoid traffic accidents or traffic jams. To resist malicious attacks, all vehicles must be anonymous and their routings must be untraceable, but still verifiable. The vehicles must trust each other and communicate confidentially. In a VANET, Road Side Units (RSU) are installed on traffic signs or streetlights to help vehicles maintain anonymity, to authenticate messages, or to support confidentiality. However, the coverage of an RSU is limited and the cost of widespread installation is high. RSU installations are incremental, so messages must be authenticated using dense RSUs or sparse RSUs. In this paper, the concept of random key pre-distribution that is used in Wireless Sensor Networks (WSN) is modified to random secret pre-distribution (RSP), which integrates identity-based cryptography (IBC) to produce a message authentication scheme for VANETs in a sparse RSU environment. In the proposed scheme, vehicles follow a process to determine a common secret, allowing them to Appl. Sci. 2015, 5 974 authenticate each other and obtain the pairing value as a key for use in message authentication and private communication. Evaluation results show that the proposed scheme outperforms related schemes. Keywords: VANET; RSP; IBC; anonymity; message authentication; private communication 1. Introduction A general VANET has a three-tier structure [1], which comprises a trusted authorizer (TA), many road side units (RSUs), and vehicles. The TA is the central trust tier, and it is connected to the RSU via a wired network. The communication between the RSUs and vehicles uses the wireless communication protocol IEEE 802.11p. IEEE 802.11p is a revision of 802.11 with the addition of Wireless Access in the Vehicular Environment (WAVE) [2]. All RSUs (second tier) and vehicles (third tier) must register with the TA to obtain initial certification, identities or common secrets to enable them to make requests anonymously. RSUs are installed at the side of the road to help vehicles maintain anonymity and authenticate messages. The vehicles can broadcast, exchange, or receive messages about road conditions, traffic conditions, their positions, or their speed to avoid accidents and worsening traffic jams. Malicious attackers [3,4] may collect transmitted messages in VANETs to obtain the private information of users. To resist malicious attacks and maintain the privacy of the vehicles, each vehicle must remain anonymous, and its messages must be sent anonymously, so the authentication of messages in VANETs is an important issue. In a VANET, communications can be classified into two types—without RSU and with RSU. In communication of the first type, each vehicle broadcasts messages to other vehicles or communicates confidentially with specific vehicles. In this scenario, vehicles must ensure their privacy, their confidentiality and the authentication of messages by themselves. In the second scenario, an RSU supports the privacy and confidentiality of vehicles, and message authentication. In a VANET, messages are authenticated to ensure that received messages are valid and have been sent by a legal source. To preserve privacy, the real identity of a vehicle cannot be exposed or traced. In this paper, the concept of random key pre-distribution that is used in Wireless Sensor Networks (WSN) is modified to random secret pre-distribution (RSP) that integrates identity-based cryptography (IBC), to build an environment in which vehicles can maintain anonymity, communicate confidentially, authenticate messages, and resist malicious attacks with the assistance of RSUs or by themselves in a sparse RSU environment. In the proposed scheme, the TA maintains a large pool of secrets that will be pre-distributed randomly to all RSUs and vehicles as the original registration set. All RSUs have a pseudo random generator (PRNG) and the same seed value that is provided periodically by the TA, so they have the same secret pool from which to issue the randomly selected secret to vehicles. Based on the common secrets held in common either between RSUs and vehicles or among vehicles under an RSU, entities of both types can authenticate each other, authenticate messages, and communicate confidentially following the pairing process. The proposed scheme satisfies the security requirements of a VANET, including message authentication, identity verification, non-repudiation, confidentiality, conditional anonymity, and un-traceability. Appl. Sci. 2015, 5 975 In this paper, Section 2 introduces related works and techniques that are used herein. Section 3 describes the proposed schemes. Section 4 analyzes the security and performance of the proposed schemes. The final section draws conclusions and provides suggestions for future works. 2. Related Works and Techniques According to Hubaux et al. [5], a smart vehicle can record, compute, and specify its position. It uses the traditional public-key infrastructure (PKI). The complexity of computation is increased if the vehicle uses PKI to encrypt the messages. The computation overhead of the communication step is also then increased. Moreover, for privacy and un-traceability, the vehicle must frequently change its certificate, imposing a burden on the TA. Zhang et al. [6] proposed a scheme in which RSUs were used to support message authentication by vehicles. When a vehicle enters the coverage range of an RSU, it establishes a secret key after mutual authentication. The vehicle will then generate a short message authentication code (MAC) using this secret key. The RSU will verify the authentication of MAC. However, exposure of the certificate creates the problem that the vehicles will become traceable. In 2010, Wasef et al. [7] proposed the RSU-aided distributed certificate service (DCS), which enables vehicles to update their certificates from an RSU. A vehicle can update its certificate from any RSU, even when it is not in the coverage range of that RSU. The performance of the DCS depends on the density of the RSUs. Sun et al. [8] proposed a pseudonymous authentication scheme with privacy preservation (PASS), which supports the DCS. The scheme can reduce the certificate-updating overhead and the revocation overhead. Attackers cannot trace legitimate vehicles, even when they compromise the RSU. However, the DCS has the loading of certificate and it can not work in sparse RSU environment. Chen et al. [9] used chameleon hash values to perform anonymous authentication and used ID-based cryptography (CH-IBC) to perform key agreement. In this scheme, vehicles use a chameleon hash value as a disposable alias. They can verify message authentication and message integrity, but it still needs the assistance of an RSU. Hung et al. [10] proposed a chameleon hash function-based message authentication scheme without RSUs, but they did not solve the problem of malicious revocation. Hung et al. [11] used the bilinear Diffie-Hellman method (BDH) to propose a message authentication scheme for a dense RSU environment, which involves certificate request RSU by RSU. Kuo [12] proposed a message authentication scheme that can get pairing value to establish mutual trust in intra- and inter-RSU environments based on the chameleon hash function, but this scheme suffers from malicious revocation. Section 4 will compare DCS [7], PASS [8], CH-IBC [9], BDH [11] and the proposed scheme in terms of functionality and performance. Two problems are evident in all of the listed schemes. First, RSUs perform the most important roles in message authentication, but their performance worsens as they become sparser. The second problem concerns the certification base. The privacy of vehicles is maintained by making their identities and routes non-traceable. Accordingly, identities must be anonymous and changed frequently, generating heavy loads that are associated with certificate changing and informing of revoked certification. Appl. Sci. 2015, 5 976 To solve the two aforementioned problems, we propose a secure scheme for VANET. The installation of RSUs can be increased even in very sparse environment, and the vehicles establish mutual trust and obtain the pairing value based on the secret that is embedded in their anonymous identities instead of by certification. The following section presents in the scheme in detail. In a WSN, the random key pre-distribution (RKP) [13] is used to perform mutual authentication using a common secret key. A random subset of keys in the pool will be embedded into the sensor nodes before node deployment. The nodes in the WSN can authenticate each other if they have common secret keys. The plain secret keys in the nodes make RKP vulnerable to compromise attacks [14]. When some nodes are compromised, the attacker can make malicious nodes using the fake subset of secret keys that were collected from the compromised nodes. Hsieh et al. [15] modified RKP to RSP, in which the common secret is embedded in the private key. Pairing the private key [16] with the public key, nodes mutually authenticate using the common pairing value if their private key includes the common secret. 3. Proposed Scheme: RSP-Based Message Authentication for VANET In the proposed scheme, one day is split into n time slots ( ~ ), and the maintains a large secret pool that will be pre-distributed randomly to all RSUs and vehicles as information about the original registration set (ORG) at . With a pseudo random generator and the same seed value that is provided by the in ~ , all RSUs have the same secret pool from which to issue the random secret in response to registration requests from vehicles. Every day, in or the first time slot ( ), a vehicle enters the coverage of an RSU, and requests the new registration set (NRG) using the information in its ORG. In another time slot, the vehicle can request the new registration set using the information in its NRG; set this NRG as its previous registration set (PRG), and set the new registration as its new NRG. Accordingly, the ORG, PRG and NRG that are maintained by a vehicle are requested at , , respectively. The information of the registration set includes issuer, time slot, set of identities, set of secret indices and set of private keys. The public key can be derived from the identity and the time slot, and in the public keys are embedded the indexed secret value to form the private keys. At any time, a vehicle can choose randomly one of its identities in ORG, PRG or NRG as its identity and announce this anonymous identity to all neighbors. An anonymous identity has the form (issuer, time slot, identity, set of secret indexes). Based on the information in a vehicle’s anonymous identity, neighboring vehicles can find the common secret, calculate the pairing value, or find a neighbor that can help with message authentication or confidential communication. This section will describe this process in detail. Table 1 presents the associated notation and definitions. Appl. Sci. 2015, 5 977 Table 1. Notation and definitions. is a finite field that is formed by mod q, where q is a large prime number. G is an EC addition group with mod q; G,P, P is the generator of G. is the value on the x axis. M M is a character stream or bit stream. H(M) H(M) is a hash function that maps M to . HMAC(M) HMAC(M) is a hash function that maps M to with key K. K K ê (Q,R) is a bilinear pairing function that pairs Q and R in G with a value in . ê (Q,R) satisfies the functions of pairing. ê (Q,R) ê (Q,R) = ê (R,Q), ê (aQ,bR) = ê (bQ,aR) = ê (,) , and are the IDs of the TA and RSUa. is the secret pool of the TA that is generated by a pseudo random generator with seed ; S has secrets. S = { (d )│ (d ) ∈ PRNG( ), d = 1~ } i i i S (d ) is the d secret in S i ith S is the secret pool of RSUs , which is generated by PRNG( ), where is sent by TA at T . All RSUs have the same at T ; is the size of and = { ( )│ ( ) ∈ PRNG( ), = 1~ } and are the set of secret indexes of Ra and . = { │ ∈ (1~ ), y = 1~ } , is the number of the index in , ≪ = { │ ∈ (1~ ), or ∈ (1~ ), x = 1~ }. The secret of can be issued by the TA or RSU; is the number of the index in , < is the public key of node n , which may be an RSU or a vehicle. = H ( ∥ ∥ ) P, is the ID of node n; is the time slot in which the ID is assigned by issuer . is the set of identities of vehicle i; = { │ ∈ M , x = 1~ }. Every vehicle ( ) has anonymous IDs, assigned by an issuer or chosen by itself. is the set of private keys of . = { │SP( ) , x = 1~ } If the private keys are assigned by the TA, then SP is and = H ( ∥ ∥ ) P. If the private keys are assigned by , then SP is and = H ( ∥ ∥ ) P; is the time slot in which the identities are assigned. is the registration set of node n ; X may be “O” for original registration, “P” for previous registration at , or “N” for new registration at . Node n may be an RSU or a vehicle. = {Issuer ID , Time slot, , , } and are the original registration sets of RSU a and Vehicle i that are issued by the TA at . = { , , , , } = { │ ∈ (1~ ), y = 1~ } = { │ = ( ) , y = 1~ } ( ) is the secret in . = H ( ∥ ∥ ) P; has one ID ( ) but private keys. = { , , , , }; = { │the anonymous ID ( ) , x = 1~ } = { │ ∈ (1~ ), x = 1~ }; = { │ = ( , x = 1~ }; = H(ID ∥ ∥ ) P; has , and that have items in the set. and are the previous ( ) and new ( ) registration sets of ; = { , , , , }; Here, the secret pool is and is the set of secret indexes in . = { , , , , }. The secret pool for is . is the anonymous ID of At any time, can randomly choose one of and claim to be . C(a, b) b elements taken from a elements, the number of combinations of b elements that may arise as C(a, b) () Symmetric encryption of m using key k. Appl. Sci. 2015, 5 978 3.1. Original Registration Set (ORG) All RSUs and vehicles must register with the TA to receive the original registration set (ORG or ORG ). The TA will record the original information, including the original ID and the information about the original registration set, as in Table 2. Table 2. Information about the original registration set in TA. Entity Type Real ID of Entity Original Registration Set Revoked? RSU Real ID of RSU { , , , , } No ⋮ ⋮ ⋮ No Vehicle Real ID of Vehicle i { , , , , } No ⋮ ⋮ ⋮ No 3.2. Obtaining New Registration with At or the first time ( ), a vehicle enters the coverage of an RSU, and requests the new registration set from that RSU (Ra). The steps are as follows. S1. randomly chooses one of its in , , to form the information of its anonymous identity and selects new anonymous ID (′ ) , before sending the request to . → : ( , , , ),( ′ ) S2. After receiving the request, compares with in , and checks that if any ′ in equals ′ in . S2.1. If the equality holds, then randomly chooses a subset of (1~ ) to be the new ′ ; sets new ′ ; makes the pairing value ; returns these message to , and records information that includes the anonymous identity and new registration information. → : ( , , ), (′ ), ( ′), ( (′ )) where ′ = ′, = ê ( ′, ) ′ = {′ │′ = (′ ) H ( ∥ ′ ∥ T ) P, ′ ∈′ , x = 1~ } S2.2. Otherwise, passes the request to its neighbor, . processes step 2 in a manner similar to the processing by until the positive response is sent back from to ; then, the response is returned to V . → → → : ( , , ), (′ ), ( ′), ( (′ )) S3. receives the response , and then sets = { , , ′ , ′ , ′ } where may be or Now, receives its , and or records the corresponding registration information, including and the anonymous identity in , as in Table 3. Appl. Sci. 2015, 5 979 Table 3. Recorded information about the anonymous identity and the new registration set ( ) in RSU . Anonymous Identity New Registration Set Revoked? { , , , } { , , ′, ′, ′} No ⋮ ⋮ No { , , , } { , , ′, ′, ′} No ⋮ ⋮ No 3.3. Requesting New Registration Set with At , RSUs generate a new secret pool for , and the vehicle will request a new registration set, as follows. S1. randomly chooses one of its identities, the secret index, and the private key ( , , ) in . selects new IDs to be ′ and sends the request to Ra (which is in communicating range of ). → : ( , , , ), (′ ) S2. After receiving the message, randomly chooses a subset of (1~ ) to be the new secret index set, ′ ; sets a new set of private keys as ′ , and selects one index in ( ) ′ = {′ │′ = (′ ) H ( ∥′ ∥ ) P, x = 1~ }, making = ê ( ( ) H ( ∥ ∥ ) P, H ( ∥ ∥ ) P), and then returns the message , before recording information that includes the anonymous identity and the new . → : ( , , , ), ( ′ ), ( (′ )) S3. V receives the message; decrypts the attached with , sets = and lets = { , , ′ , ′ , ′ }. The pairing, = ̂( ( ) H ( ∥ ∥ ) P, H ( ∥ ∥ ) P) equals , , Now, receives its and sets ; records the corresponding registration information, including and the anonymous identity in as in Table 3, but the anonymous identities in . 3.4. Constructing Set of Neighbors At any time in , the time slots in the PRG and the NRG in a vehicle may be ( , ) or ( , ). To construct the set of neighbors, every vehicle will say “hello” to all neighbors to announce its presence, and will periodically disclose its anonymous identity. Every vehicle must maintain a set of neighbors, which includes information about the neighbors and the expiration time. When receives a hello message from , will determine whether is in the set of neighbors; if it is, then presets the expiration time of . If is a new vehicle, then will set the ′ information in the neighbor set and preset the expiration time. The expiration time will be counted on continuously. When the expiration time of is reached, the information of will be removed. Appl. Sci. 2015, 5 980 Hello message → all: “Hello”, ( , , , ), where ∈ Construction of Set of Neighbors collects hello messages of all neighbors, and then builds the set of neighbors as follows. has the information of , ( , , , ), and has the information of , ( , , , ). generates the pairing value with , and generates the pairing value with , , , consistent with Equations (1) and (2). ( ∥ ∥ ) = ê ( , ) = ê ( , ) , (1) ( ∥ ∥ ) ∥ ∥ = ê ( , ) = ê ( , ) (2) ∥ ∥ If any in equals in , then will equal . is the pairing value of , , , and that is used for mutual authentication. If no = , then checks for another vehicle in the set of neighbors ( ) whose has a common index with and , and then puts “ ” in the pairing value field , enabling to help to authenticate with . The information of is taken at , and will use to make a pairing with in a pairing process that is similar to the process described above. In Table 4, has a common secret with and , and can help and to perform authentication. Table 4. Set of neighbors. Neighbor Vehicle Pairing Value Expiration Time ( , , , ) ( , , , ) ( , , , ) 3.5. Message Authentication For , the neighbor set lists information about all neighbors, including their anonymous identities, pairing values, and the other vehicles that can help to pass messages. When wants to broadcast a message, it will generate a polynomial function with all pairing values and a random key K, and then make the HMAC of the message and the time stamp with key K. F(x) = K + ∏( − ), where s are the neighbors of , and the pairing values are . , , S1. → all: ( , , ),(M, ),(F(x), ( ∥ ) ),(List of ) where is the ID of the vehicle that is in the pairing value field of the neighbor set, and can help to rebroadcast this message. S2. After receives the message, takes from the neighbor set of ; calculates F( ) to , , obtain , and checks whether the ( ∥ ) equals ( ∥ ) ; if it does, then Vj authenticates this message; otherwise, rejects this message. If is in the list of , then will rebroadcast this message by a similar process. Appl. Sci. 2015, 5 981 3.6. Communicating Confidentially Two neighbors ( , ) can communicate confidentially using as an encryption key to encrypting the message and the time stamp. If and have no common secret but do have a common neighbor ( ), then has a common secret with and . can communicate confidentially with passing to the common neighbor . 3.7. In a Sparse RSU Environment A vehicle is associated with two sets of registration information (PRG and NRG). This information can be used for message authentication or confidential communication. If the longest distance between two neighboring RSUs is less than the distance through which a vehicle moves in two time slots, then a vehicle can always receive new registration information before the NRG expires. Therefore, RSUs can be incrementally deployed. Since all RSUs have the same SP , the concept of the RSP can be applied to all vehicles even if they register with different RSUs. If the vehicle cannot find any RSU to request the new registration, it still can use its ORG for message authentication. 3.8. Revocation At any time, if a malicious vehicle is found using the information of anonymous identity that is claimed by the malicious vehicle, and the registration table is recorded in all RSUs, then the ORG, PRGs and NRGs of the malicious vehicle will be explored and revoked by the TA and all RSUs, so the malicious vehicle will not be able to request any new registration information in the next time slot. Only ORG revocation must always be recorded. Revoked PRGs and NRGs can be withdrawn in the next two time slots. Thus, the overhead of the revocation list is small. To trace the original registration information, all RSUs must keep a record of registration information for one day. The overhead of recording the registration table is also light. For example, vehicle i registers its original registration set in TA with its real identity as the information in Table 5.1. At T , it registers a new registration set in RSU t-2 a, , ,′ ,′ ,′ with its anonymous identity, , , , as the information in Table 5.2. Then, the vehicle obtains a new registration set from RSU and RSU at T b c t-1 and T as the information in Tables 5.3 and 5.4. When it was found that it use the anonymous identity , ,‴ ,‴ to perform a malicious attack in time slot T . According to the information in anonymous identity, Table 5.4 will be checked, and be traced back from Tables 5.4, 5.3, and 5.2 to Table 5.1 in TA. TA will revoke the right of vehicle i, and inform the information about the original registration set and the new registration sets in Tables 5.3 and 5.4 to all RSUs to deny the new anonymous request from vehicle i. Appl. Sci. 2015, 5 982 Table 5. Example of request for anonymous identities. Table 5.1. Recording table in TA. Real ID Original Reg. Set ⋮ ⋮ Real ID of vehicle i , , , , ⋮ ⋮ Table 5.2. Recording table in RSUa. Anonymous ID New Reg. Set ⋮ ⋮ , , , , ,′ ,′ ,′ ⋮ ⋮ Table 5.3. Recording table in RSU . Anonymous ID New Reg. Set ⋮ ⋮ , ,′ ,′ , ,″ ,″ ,″ ⋮ ⋮ Table 5.4. Recording table in RSUc. Anonymous ID New Reg Set ⋮ ⋮ , ,″ ,″ , ,‴ ,‴ ,‴ ⋮ ⋮ 3.9. Broadcasting of Seed Value from TA to All RSUs In every time slot, TA must broadcast a seed value to all RSUs to generate a new secret pool. Based on the same secret pool, all of new registration set requested in the same time slot will have the same properties of random secret pre-distribution. However, when an RSU is found to be performing a malicious attack, its right to respond to a new registration request in the following time slots must be suspended. To revoke the right of a malicious RSU to respond, the secret index of the malicious RSU is appended to the set of revoking secret indexes ( ), and is made the set of secret indexes for broadcasting the new seed value. will be used by the TA to broadcast the seed value , as follows. TA receives and sets as an empty set. S1. For all valid RSUs, R , TA selects any one new secret index in , but not in and ; this new secret index is added to . S2. TA sets F1(x)=k1+∏( − ) and F2(x) = k2+∏( −( ( )) ), for all di in . Now, TA can use , F (x) and F (x) to broadcast a new seed value, as follows. 1 2 S3. TA→ all: , ,, F1(x), HMACK1( ∥ ∥ ), F2(x), Ek2(new seed value) Appl. Sci. 2015, 5 983 S4. RSU(Ra) receives the broadcast message. Calculates K = F (d ), d ∈ , y = 1~N 1y 1 Ray Ray R Checks whether any K ′ exists such that HMAC ( ∥ ∥ ) equals ( ∥ ∥) . 1y K1y′ If K ′ is exist, takes d ′, that K ′ is equal to F ( ′), calculate K ′ = F and 1y Ray 1y 1 Ray 2 2 ( ∥ ∥ ) decrypt E ′(.) to retrieve the new seed value to generate a new secret pool in time slot T . k2 t Because the secret indexes of malicious RSU are not included in , even it quests the secret index in , but it has not the respective private key, so it can not get the decrypted key k ′ to retrieve the new seed value. 4. Analysis of Security and Performance A VANET is vulnerable to various malicious attacks, including masquerading attacks, forgery attacks and reply attacks. To ensure the privacy of vehicles, the proposed scheme must support anonymity, confidential communication, and conditional un-traceability. When a legal vehicle makes a malicious attack, it will be traced and revoked. 4.1. Security Analysis In the proposed schemes, the public key is formed by the hash value of the identity of the issuer, an anonymous identity, and the time slot, according to Equation (3). Any vehicle’s public key can be calculated by any other vehicle. A vehicle’s private keys are formed by the indexing secret and the vehicle’s public key, according to Equation (4). Vehicles know the secret index but cannot retrieve the indexing secret because the ECDLP (Elliptic Curve Discrete Logarithm Problem) is hard. The pairing values are used to establish mutual trust and perform negotiation. The pairing values are bilinear mappings of one vehicle’s private key and another vehicle’s public key, which can be calculated by a vehicle without any negotiation. In the processes of requesting a new registration and building a neighbor set, the only exposed information is anonymous identity { , , , }. , can not be fake because they will be used to calculate the public key and the associated private key. is exposed but does not include any information of secret value in secret pool. The information that is involved in message authentication is the message and pairing values that are derived by the vehicle. The following section discusses security in greater detail. 4.1.1. Masquerading Attacks In the proposed scheme, one vehicle ( ) uses the information of anonymous identity included ( , , , ), to say “hello”, and it uses to generate a pairing value for message authentication or communication. , which is one , can be used only in . For any in , the public key and private key are as follows. = H( ∥ ║ ) P (3) = ( ) (4) Appl. Sci. 2015, 5 984 knows , and but it cannot retrieve ( ) because the ECDLP (Elliptic Curve Discrete Logarithm Problem) is a hard problem. Therefore, cannot masquerade as having another anonymous ID without information of the secret pool. In message authentication and the construction of a set of neighbors, the only exposed information is , , F(x) and ( ∥ ) , so an attacker cannot retrieve any private information about the private keys. Therefore, masquerading attacks are impossible. 4.1.2. Forgery Attacks In a broadcast message, ( , , ), (M, ) and (F(x), ( ∥ ) ), constitute the identity ( ), the broadcast message (M), and the polynomial function (F(x)) that is embedded the HMAC key K, and the HMAC of message. Without the pairing value that is derived with the common secret that is embedded in the private key, the HMAC key cannot be retrieved, and without the HMAC key, an attacker cannot forge a message that can pass the HMAC check. In the “hello” message, are broadcast with attached so, without the secret pool ( or ), an attacker cannot obtain the pairing values with other vehicles. 4.1.3. Replay Attacks The “hello” message is used to claim that the vehicle is present, and neighboring vehicles use the “hello” message to generate pairing value. Hence, replaying the hello message affects one more neighbor, but this neighbor cannot perform a mutual pairing to perform any attack without the private keys. The time stamp in the HMAC of a broadcast message and a communicated message can resist the replay attack. 4.1.4. Anonymity and Conditional Un-Traceability In ORG, PRG or NRG, N anonymous IDs can be used for anonymity. At any time, a vehicle can randomly choose one of them to claim an identity. Since the identity can be changed at any time, the running path of the vehicle will be untraceable. However, since ORG, PRG, or NRG information is recorded in the TA or RSUs, the real identity of a vehicle that makes a malicious attack can be traced. 4.1.5. Message Authentication and Confidential Communication In the construction of a set of neighbors, the pairing value between two vehicles that have a common secret is calculated mutually. The pairing value is calculated as ê ( , ) or ê ( , ), where and have a common secret. The pairing value will be used for message authentication or confidential communication. Based on the ECDLP, they know or , but they do not know the value of SP( ) or SP( ) in the secret pool of TA or RSU. If two vehicles do not have a common secret, but they have a common trusted neighboring vehicle, then they can communicate confidentially through the mutually trusted vehicle, or make message authentication from rebroadcasting message. Appl. Sci. 2015, 5 985 4.1.6. Revocation The TA maintains all ORGs for the vehicles. RSUs maintain the registration PRG and NRG information for one day. Every , or the first vehicle registration, the ORG information is used for new registration requests, and the registration information is recorded in an RSU. The real identities of vehicles are obtained by tracing back from RSUs to the TA. The TA can tell all RSUs to deny registration requests from malicious vehicles. PRG or NRG information can be used for two time slots, but malicious vehicles cannot use it to become newly registered. 4.2. Performance Analysis This section will discuss the possibilities of obtaining pairing values and authenticating messages. The proposed scheme will be compared to DCS [7], PASS [8], CH-IBC [9] and BDH [11] with respect to functions and performance in message authentication. 4.2.1. Probability of Obtaining Pairing Value and Authenticating Messages As described in Section 3, is the size of the secret pool in an RSU; N is the number of secrets in a vehicle that has been assigned by an RSU. Let the number of neighboring vehicles be . is the probability that two vehicles have no common secret. is the probability that two vehicles have a common secret and so can generate a pairing value for message authentication or confidential communication. is the probability that two vehicles do not have a common secret and a common trusted neighbor, so a broadcast message cannot be authenticated. = C ( – , )/C ( , ) = 1 – ( ) = = When broadcasts a message, has a probability of being directly authenticated. In , the first term is the probability that cannot be directly authenticated with , and all trusted neighbors of cannot be directly authenticated with also.(in the second term). is small, so the probability that a message cannot be authenticated is very small. 4.2.2. Functionality Comparison The functions of message authentication schemes are anonymous, conditional un-traceability, message authentication in sparse RSU, or needing certification. Table 6 compares schemes in terms of functionality, and the proposed scheme fits all functional requirements. Appl. Sci. 2015, 5 986 Table 6. Comparison of functionality. Scheme DCS [7] PASS [8] CH-IBC [9] BDH [11] Proposed Scheme Functions Anonymity √ √ √ √ √ Conditional un-traceability √ √ √ √ √ Authentication in sparse × × √ × √ RSU environment Does not need certification × × √ × √ 4.2.3. Performance Analysis The construction of a neighbor set is performed offline, so the load associated with pairing is ignored. During message authentication, the message must be signed to show that it has been sent by a legal vehicle and the signature must be verified. The numbers of computations in message signing and verification are measured. The computations may be bilinear pairing ( ), EC multiplication ( ), exponential ( ) or HMAC. The computation times for , , and HMAC, measured on a 3 GHZ Pentium 4 PC [16,17] are 4.5 ms, 0.6 ms, 0.54 ms and 0.002 ms, respectively. Table 7 shows the number of computations and times required by the proposed and other schemes. In the proposed scheme, the generation of F(x) in signing and the calculation of the HMAC key K are computations of a polynomial function. The computing time can be ignored, so the computations that are involved in signing or verifying in the proposed scheme are HMAC computations only. Table 7. Comparison of schemes in terms of number of computations and time required. Method DCS [7] PASS [8] CH-IBC [9] BDH [11] Proposed Scheme Phase Signing 2 1 2 2 HMAC Verification 5 + 3 3 + 4 2 + HMAC Total Number of 5 + 5 3 + 5 4 + 3 2HMAC Computations Required Time 25.5 ms 16.5 ms 2.16 ms 6.3 ms 0.004 ms 5. Conclusions and Future Work This paper proposed the concept of the RSP for constructing a message authentication scheme for use in VANETs. In the proposed scheme, all RSUs and vehicles must register with the TA to receive the original registration set (ORG). At any time, all RSUs have a common secret pool that is generated by a PRNG with a common seed value that is sent by the TA in every time slot. The RSUs act as issuers that can assign a sub-set of secrets to any vehicles that have been authenticated with their ORG or NRG, which were obtained in the previous time slot. For every T1, or whenever vehicles enter the VANET for the first time, vehicles request the new registration set (NRG) with the information in ORG. In other time slots, the vehicles can obtain the new registration set with the information in NRG to generate a new NRG. In the proposed scheme, vehicles randomly choose one of their IDs in NRG and the set of secret index to announce their presence periodically. Using the ID and secret index set, Appl. Sci. 2015, 5 987 neighboring vehicles can compute the mutual pairing value or find vehicles that can help them with message authentication. In message authentication, a polynomial function is formed by the pairing values and the HMAC key. The HMAC of the message with the key will be attached to the broadcast message. Vehicles that receive a broadcast message use their pairing value to retrieve the HMAC key and to authenticate the message. Some vehicles are asked to rebroadcast the message for vehicles that do not have a common secret with the sender. The proposed scheme is very simple but satisfies all the requirements of a VANET, such as defense against masquerade, forgery and replay attacks, anonymity, un-traceability, message authentication, confidential communication, and a light revocation list. The only computation that is involved in signing and verification for message authentication is that associated with HMAC, so the proposed scheme outperforms previously proposed schemes. In message authentication, the index-set of a secret sub-set must be broadcast, potentially leaking information of the secret pool, so future work should seek to hide the index set while ensuring that the load associated with message authentication is light. Acknowledgments This paper is the partial result of projects NSC101-2221-E366-003-MY3, MOST103-2632-E366-001 and MOST104-2632-E366-001. The authors thank the Ministry of Science and Technology, R.O.C., for its support. Author Contributions Alan Dahgwo Yein proposed the original idea and wrote the first draft. Yu-Hsiu Huang set up the main structure and the detail processes. Chih-Hsueh Lin revised the article and response the reviewer’s comment. Wen-Shyong Hsieh leaded the supporting project. Chung-Nan Lee advised the manuscript. Zhong-Ting Luo proposed the basic concept in his master thesis. Conflicts of Interest The authors declare no conflict of interest. References 1. Lu, R.; Lin, X.; Zhu, H.; Ho, P.; Shen, X. ECPP: Efficient Conditional Privacy Preservation Protocol for Secure Vehicular Communications. In Proceedings of the INFOCOM 2008, the 27th Conference on Computer Communications, Phoenix, AZ, USA, 13–18 April 2008; pp. 1229–1237. 2. Uzcategui, R.; Acosta-Marum, G. Wave: A tutorial. Commun. Mag. 2009, 47, 126–133. 3. Lin, X.D.; Sun, X.T.; Ho, P.H.; Shen, X.M. GSIS: A secure and privacy-preserving protocol for vehicular communications. IEEE Trans. Veh. Technol. 2007, 56, 3442–3456. 4. Raya, M.; Hubaux, J.-P. The security of vehicular ad hoc networks. In Proceedings of the 3rd ACM Workshop on Security of ad hoc and Sensor Networks, Alexandria, VA, USA, 7–10 November 2005. Appl. Sci. 2015, 5 988 5. Hubaux, J.; Capkun, S.; Luo, J. The Security and privacy of Smart Vehicles. IEEE Secur. Priv. 2004, 2, 49–55. 6. Zhang, C.X.; Lin, X.D.; Lu, R.X.; Ho, P.H.; Shen, X.M. An efficient message authentication scheme for vehicular communications. IEEE Trans. Veh. Technol. 2008, 57, 3357–3368. 7. Wasef, A.; Jiang, Y.X.; Shen, X.M. DCS: An efficient distributed-certificate-service scheme for vehicular networks. IEEE Trans. Veh. Technol. 2010, 59, 533–549. 8. Sun, Y.P.; Lu, R.X.; Lin, X.D.; Shen, X.M.; Su, J.S. An efficient pseudonymous authentication scheme with strong privacy preservation for vehicular communications. IEEE Trans. Veh. Technol. 2010, 59, 3589–3603. 9. Chen, C.Y.; Hsu, T.C.; Wu, H.T.; Chiang, J.Y.; Hsieh, W.S. Anonymous authentication and key agreement schemes in vehicular ad-hoc networks. J. Internet Technol. 2014, 15, 896–902. 10. Huang, Y.H.; Fan, K.H.; Hsieh, W.S. Message authentication scheme for vehicular ad-hoc wireless networks without RSU. J. Inf. Hidding Multimedia Signal Process. 2015, 6, 113–122. 11. Huang, M.W.; Wu, H.T.; Hong, G.J.; Hsieh, W.S. Using BDH for the message authentication in VANET. Math. Probl. Eng. 2014, 2014, 1–13. 12. Kuo, P.C. Chameleon Hash Function Based Message Authentication for VANETs in sparse RSU Environment. Master Thesis, National Sun Yat-sen University, Kaohsiung, Taiwan, 2015. 13. Li, W.S.; Tsai, C.W.; Hsieh, W.S.; Yang, C.S.; Chiang, M.C. A Key Management scheme for dense wireless sensor networks. Inf. J. Int. Interdiscip. J. 2011, 14, 2459–2470. 14. Yein, A.D.-G.; Chen, C.Y.; Hsu, T.C.; Hsieh, W.S.; Lin, J.A. Attack wireless sensor network using compromised key redistribution. Int. J. Appl. Mech. Mater. Spec. Issue Inf. Technol. Appl. Ind. 2012, 263–266, 920–925. 15. Hsieh, W.S.; Yan, D.G.; Liao, S.Y. The Random Secret Pre-distribution for Wireless Sensor Network. In Proceedings of the Conference on Information Technology and Applications in Outlying Islands, Kinmen, Taiwan, 18 May 2013; pp.844–846. 16. Scott, M. Implementing cryptographic pairings. Lect. Notes Comput. Sci. 2007, 4575, 177–196. 17. Long, M.; Wu, C.-H.J.; Irwin, J.D. Reducing communication overhead for wireless roaming authentication: Methods and performance evaluation. Int. J. Netw. Secure 2008, 6, 331–341. © 2015 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/4.0/). http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Applied Sciences Multidisciplinary Digital Publishing Institute

Using a Random Secret Pre-Distribution Scheme to Implement Message Authentication in VANETs

Loading next page...
 
/lp/multidisciplinary-digital-publishing-institute/using-a-random-secret-pre-distribution-scheme-to-implement-message-Kh2qEgu5OY

References (19)

Publisher
Multidisciplinary Digital Publishing Institute
Copyright
© 1996-2019 MDPI (Basel, Switzerland) unless otherwise stated
ISSN
2076-3417
DOI
10.3390/app5040973
Publisher site
See Article on Publisher Site

Abstract

Appl. Sci. 2015, 5, 973-988; doi:10.3390/app5040973 OPEN ACCESS applied sciences ISSN 2076-3417 www.mdpi.com/journal/applsci Article Using a Random Secret Pre-Distribution Scheme to Implement Message Authentication in VANETs 1 2,3 4, 2,4 Alan Dahgwo Yein , Yu-Hsiu Huang , Chih-Hsueh Lin *, Wen-Shyong Hsieh , 2 2 Chung-Nan Lee and Zhong-Ting Luo Department of Information Management, Shu-Te University, Kaohsiung 82445, Taiwan; E-Mail: alanyein@stu.edu.tw Department of Computer Science and Engineering, National Sun Yat-sen University, Kaohsiung 80424, Taiwan; E-Mails: yhhuang@csu.edu.tw (Y.-H.H.); wshsieh@stu.edu.tw (W.-S.H.); cnlee@cse.nsysu.edu.tw (C.-N.L.); m013040085@student.nsysu.edu.tw (Z.-T.L.) Department of Computer Science and Information Engineering, Cheng-Shiu University, Kaohsiung 83347, Taiwan Department of Computer and Communication, Shu-Te University, Kaohsiung 82425, Taiwan * Author to whom correspondence should be addressed; E-Mail: josuslin@stu.edu.tw; Tel.: +886-7-615-8000 (ext. 4800). Academic Editor: Takayoshi Kobayashi Received: 30 July 2015 / Accepted: 16 October 2015 / Published: 30 October 2015 Abstract: In recent years, the development of the Intelligent Transportation System (ITS) has increased the popularity of vehicular ad hoc networks (VANET). A VANET is designed to enable vehicles to exchange information about traffic or vehicle conditions to help other vehicles avoid traffic accidents or traffic jams. To resist malicious attacks, all vehicles must be anonymous and their routings must be untraceable, but still verifiable. The vehicles must trust each other and communicate confidentially. In a VANET, Road Side Units (RSU) are installed on traffic signs or streetlights to help vehicles maintain anonymity, to authenticate messages, or to support confidentiality. However, the coverage of an RSU is limited and the cost of widespread installation is high. RSU installations are incremental, so messages must be authenticated using dense RSUs or sparse RSUs. In this paper, the concept of random key pre-distribution that is used in Wireless Sensor Networks (WSN) is modified to random secret pre-distribution (RSP), which integrates identity-based cryptography (IBC) to produce a message authentication scheme for VANETs in a sparse RSU environment. In the proposed scheme, vehicles follow a process to determine a common secret, allowing them to Appl. Sci. 2015, 5 974 authenticate each other and obtain the pairing value as a key for use in message authentication and private communication. Evaluation results show that the proposed scheme outperforms related schemes. Keywords: VANET; RSP; IBC; anonymity; message authentication; private communication 1. Introduction A general VANET has a three-tier structure [1], which comprises a trusted authorizer (TA), many road side units (RSUs), and vehicles. The TA is the central trust tier, and it is connected to the RSU via a wired network. The communication between the RSUs and vehicles uses the wireless communication protocol IEEE 802.11p. IEEE 802.11p is a revision of 802.11 with the addition of Wireless Access in the Vehicular Environment (WAVE) [2]. All RSUs (second tier) and vehicles (third tier) must register with the TA to obtain initial certification, identities or common secrets to enable them to make requests anonymously. RSUs are installed at the side of the road to help vehicles maintain anonymity and authenticate messages. The vehicles can broadcast, exchange, or receive messages about road conditions, traffic conditions, their positions, or their speed to avoid accidents and worsening traffic jams. Malicious attackers [3,4] may collect transmitted messages in VANETs to obtain the private information of users. To resist malicious attacks and maintain the privacy of the vehicles, each vehicle must remain anonymous, and its messages must be sent anonymously, so the authentication of messages in VANETs is an important issue. In a VANET, communications can be classified into two types—without RSU and with RSU. In communication of the first type, each vehicle broadcasts messages to other vehicles or communicates confidentially with specific vehicles. In this scenario, vehicles must ensure their privacy, their confidentiality and the authentication of messages by themselves. In the second scenario, an RSU supports the privacy and confidentiality of vehicles, and message authentication. In a VANET, messages are authenticated to ensure that received messages are valid and have been sent by a legal source. To preserve privacy, the real identity of a vehicle cannot be exposed or traced. In this paper, the concept of random key pre-distribution that is used in Wireless Sensor Networks (WSN) is modified to random secret pre-distribution (RSP) that integrates identity-based cryptography (IBC), to build an environment in which vehicles can maintain anonymity, communicate confidentially, authenticate messages, and resist malicious attacks with the assistance of RSUs or by themselves in a sparse RSU environment. In the proposed scheme, the TA maintains a large pool of secrets that will be pre-distributed randomly to all RSUs and vehicles as the original registration set. All RSUs have a pseudo random generator (PRNG) and the same seed value that is provided periodically by the TA, so they have the same secret pool from which to issue the randomly selected secret to vehicles. Based on the common secrets held in common either between RSUs and vehicles or among vehicles under an RSU, entities of both types can authenticate each other, authenticate messages, and communicate confidentially following the pairing process. The proposed scheme satisfies the security requirements of a VANET, including message authentication, identity verification, non-repudiation, confidentiality, conditional anonymity, and un-traceability. Appl. Sci. 2015, 5 975 In this paper, Section 2 introduces related works and techniques that are used herein. Section 3 describes the proposed schemes. Section 4 analyzes the security and performance of the proposed schemes. The final section draws conclusions and provides suggestions for future works. 2. Related Works and Techniques According to Hubaux et al. [5], a smart vehicle can record, compute, and specify its position. It uses the traditional public-key infrastructure (PKI). The complexity of computation is increased if the vehicle uses PKI to encrypt the messages. The computation overhead of the communication step is also then increased. Moreover, for privacy and un-traceability, the vehicle must frequently change its certificate, imposing a burden on the TA. Zhang et al. [6] proposed a scheme in which RSUs were used to support message authentication by vehicles. When a vehicle enters the coverage range of an RSU, it establishes a secret key after mutual authentication. The vehicle will then generate a short message authentication code (MAC) using this secret key. The RSU will verify the authentication of MAC. However, exposure of the certificate creates the problem that the vehicles will become traceable. In 2010, Wasef et al. [7] proposed the RSU-aided distributed certificate service (DCS), which enables vehicles to update their certificates from an RSU. A vehicle can update its certificate from any RSU, even when it is not in the coverage range of that RSU. The performance of the DCS depends on the density of the RSUs. Sun et al. [8] proposed a pseudonymous authentication scheme with privacy preservation (PASS), which supports the DCS. The scheme can reduce the certificate-updating overhead and the revocation overhead. Attackers cannot trace legitimate vehicles, even when they compromise the RSU. However, the DCS has the loading of certificate and it can not work in sparse RSU environment. Chen et al. [9] used chameleon hash values to perform anonymous authentication and used ID-based cryptography (CH-IBC) to perform key agreement. In this scheme, vehicles use a chameleon hash value as a disposable alias. They can verify message authentication and message integrity, but it still needs the assistance of an RSU. Hung et al. [10] proposed a chameleon hash function-based message authentication scheme without RSUs, but they did not solve the problem of malicious revocation. Hung et al. [11] used the bilinear Diffie-Hellman method (BDH) to propose a message authentication scheme for a dense RSU environment, which involves certificate request RSU by RSU. Kuo [12] proposed a message authentication scheme that can get pairing value to establish mutual trust in intra- and inter-RSU environments based on the chameleon hash function, but this scheme suffers from malicious revocation. Section 4 will compare DCS [7], PASS [8], CH-IBC [9], BDH [11] and the proposed scheme in terms of functionality and performance. Two problems are evident in all of the listed schemes. First, RSUs perform the most important roles in message authentication, but their performance worsens as they become sparser. The second problem concerns the certification base. The privacy of vehicles is maintained by making their identities and routes non-traceable. Accordingly, identities must be anonymous and changed frequently, generating heavy loads that are associated with certificate changing and informing of revoked certification. Appl. Sci. 2015, 5 976 To solve the two aforementioned problems, we propose a secure scheme for VANET. The installation of RSUs can be increased even in very sparse environment, and the vehicles establish mutual trust and obtain the pairing value based on the secret that is embedded in their anonymous identities instead of by certification. The following section presents in the scheme in detail. In a WSN, the random key pre-distribution (RKP) [13] is used to perform mutual authentication using a common secret key. A random subset of keys in the pool will be embedded into the sensor nodes before node deployment. The nodes in the WSN can authenticate each other if they have common secret keys. The plain secret keys in the nodes make RKP vulnerable to compromise attacks [14]. When some nodes are compromised, the attacker can make malicious nodes using the fake subset of secret keys that were collected from the compromised nodes. Hsieh et al. [15] modified RKP to RSP, in which the common secret is embedded in the private key. Pairing the private key [16] with the public key, nodes mutually authenticate using the common pairing value if their private key includes the common secret. 3. Proposed Scheme: RSP-Based Message Authentication for VANET In the proposed scheme, one day is split into n time slots ( ~ ), and the maintains a large secret pool that will be pre-distributed randomly to all RSUs and vehicles as information about the original registration set (ORG) at . With a pseudo random generator and the same seed value that is provided by the in ~ , all RSUs have the same secret pool from which to issue the random secret in response to registration requests from vehicles. Every day, in or the first time slot ( ), a vehicle enters the coverage of an RSU, and requests the new registration set (NRG) using the information in its ORG. In another time slot, the vehicle can request the new registration set using the information in its NRG; set this NRG as its previous registration set (PRG), and set the new registration as its new NRG. Accordingly, the ORG, PRG and NRG that are maintained by a vehicle are requested at , , respectively. The information of the registration set includes issuer, time slot, set of identities, set of secret indices and set of private keys. The public key can be derived from the identity and the time slot, and in the public keys are embedded the indexed secret value to form the private keys. At any time, a vehicle can choose randomly one of its identities in ORG, PRG or NRG as its identity and announce this anonymous identity to all neighbors. An anonymous identity has the form (issuer, time slot, identity, set of secret indexes). Based on the information in a vehicle’s anonymous identity, neighboring vehicles can find the common secret, calculate the pairing value, or find a neighbor that can help with message authentication or confidential communication. This section will describe this process in detail. Table 1 presents the associated notation and definitions. Appl. Sci. 2015, 5 977 Table 1. Notation and definitions. is a finite field that is formed by mod q, where q is a large prime number. G is an EC addition group with mod q; G,P, P is the generator of G. is the value on the x axis. M M is a character stream or bit stream. H(M) H(M) is a hash function that maps M to . HMAC(M) HMAC(M) is a hash function that maps M to with key K. K K ê (Q,R) is a bilinear pairing function that pairs Q and R in G with a value in . ê (Q,R) satisfies the functions of pairing. ê (Q,R) ê (Q,R) = ê (R,Q), ê (aQ,bR) = ê (bQ,aR) = ê (,) , and are the IDs of the TA and RSUa. is the secret pool of the TA that is generated by a pseudo random generator with seed ; S has secrets. S = { (d )│ (d ) ∈ PRNG( ), d = 1~ } i i i S (d ) is the d secret in S i ith S is the secret pool of RSUs , which is generated by PRNG( ), where is sent by TA at T . All RSUs have the same at T ; is the size of and = { ( )│ ( ) ∈ PRNG( ), = 1~ } and are the set of secret indexes of Ra and . = { │ ∈ (1~ ), y = 1~ } , is the number of the index in , ≪ = { │ ∈ (1~ ), or ∈ (1~ ), x = 1~ }. The secret of can be issued by the TA or RSU; is the number of the index in , < is the public key of node n , which may be an RSU or a vehicle. = H ( ∥ ∥ ) P, is the ID of node n; is the time slot in which the ID is assigned by issuer . is the set of identities of vehicle i; = { │ ∈ M , x = 1~ }. Every vehicle ( ) has anonymous IDs, assigned by an issuer or chosen by itself. is the set of private keys of . = { │SP( ) , x = 1~ } If the private keys are assigned by the TA, then SP is and = H ( ∥ ∥ ) P. If the private keys are assigned by , then SP is and = H ( ∥ ∥ ) P; is the time slot in which the identities are assigned. is the registration set of node n ; X may be “O” for original registration, “P” for previous registration at , or “N” for new registration at . Node n may be an RSU or a vehicle. = {Issuer ID , Time slot, , , } and are the original registration sets of RSU a and Vehicle i that are issued by the TA at . = { , , , , } = { │ ∈ (1~ ), y = 1~ } = { │ = ( ) , y = 1~ } ( ) is the secret in . = H ( ∥ ∥ ) P; has one ID ( ) but private keys. = { , , , , }; = { │the anonymous ID ( ) , x = 1~ } = { │ ∈ (1~ ), x = 1~ }; = { │ = ( , x = 1~ }; = H(ID ∥ ∥ ) P; has , and that have items in the set. and are the previous ( ) and new ( ) registration sets of ; = { , , , , }; Here, the secret pool is and is the set of secret indexes in . = { , , , , }. The secret pool for is . is the anonymous ID of At any time, can randomly choose one of and claim to be . C(a, b) b elements taken from a elements, the number of combinations of b elements that may arise as C(a, b) () Symmetric encryption of m using key k. Appl. Sci. 2015, 5 978 3.1. Original Registration Set (ORG) All RSUs and vehicles must register with the TA to receive the original registration set (ORG or ORG ). The TA will record the original information, including the original ID and the information about the original registration set, as in Table 2. Table 2. Information about the original registration set in TA. Entity Type Real ID of Entity Original Registration Set Revoked? RSU Real ID of RSU { , , , , } No ⋮ ⋮ ⋮ No Vehicle Real ID of Vehicle i { , , , , } No ⋮ ⋮ ⋮ No 3.2. Obtaining New Registration with At or the first time ( ), a vehicle enters the coverage of an RSU, and requests the new registration set from that RSU (Ra). The steps are as follows. S1. randomly chooses one of its in , , to form the information of its anonymous identity and selects new anonymous ID (′ ) , before sending the request to . → : ( , , , ),( ′ ) S2. After receiving the request, compares with in , and checks that if any ′ in equals ′ in . S2.1. If the equality holds, then randomly chooses a subset of (1~ ) to be the new ′ ; sets new ′ ; makes the pairing value ; returns these message to , and records information that includes the anonymous identity and new registration information. → : ( , , ), (′ ), ( ′), ( (′ )) where ′ = ′, = ê ( ′, ) ′ = {′ │′ = (′ ) H ( ∥ ′ ∥ T ) P, ′ ∈′ , x = 1~ } S2.2. Otherwise, passes the request to its neighbor, . processes step 2 in a manner similar to the processing by until the positive response is sent back from to ; then, the response is returned to V . → → → : ( , , ), (′ ), ( ′), ( (′ )) S3. receives the response , and then sets = { , , ′ , ′ , ′ } where may be or Now, receives its , and or records the corresponding registration information, including and the anonymous identity in , as in Table 3. Appl. Sci. 2015, 5 979 Table 3. Recorded information about the anonymous identity and the new registration set ( ) in RSU . Anonymous Identity New Registration Set Revoked? { , , , } { , , ′, ′, ′} No ⋮ ⋮ No { , , , } { , , ′, ′, ′} No ⋮ ⋮ No 3.3. Requesting New Registration Set with At , RSUs generate a new secret pool for , and the vehicle will request a new registration set, as follows. S1. randomly chooses one of its identities, the secret index, and the private key ( , , ) in . selects new IDs to be ′ and sends the request to Ra (which is in communicating range of ). → : ( , , , ), (′ ) S2. After receiving the message, randomly chooses a subset of (1~ ) to be the new secret index set, ′ ; sets a new set of private keys as ′ , and selects one index in ( ) ′ = {′ │′ = (′ ) H ( ∥′ ∥ ) P, x = 1~ }, making = ê ( ( ) H ( ∥ ∥ ) P, H ( ∥ ∥ ) P), and then returns the message , before recording information that includes the anonymous identity and the new . → : ( , , , ), ( ′ ), ( (′ )) S3. V receives the message; decrypts the attached with , sets = and lets = { , , ′ , ′ , ′ }. The pairing, = ̂( ( ) H ( ∥ ∥ ) P, H ( ∥ ∥ ) P) equals , , Now, receives its and sets ; records the corresponding registration information, including and the anonymous identity in as in Table 3, but the anonymous identities in . 3.4. Constructing Set of Neighbors At any time in , the time slots in the PRG and the NRG in a vehicle may be ( , ) or ( , ). To construct the set of neighbors, every vehicle will say “hello” to all neighbors to announce its presence, and will periodically disclose its anonymous identity. Every vehicle must maintain a set of neighbors, which includes information about the neighbors and the expiration time. When receives a hello message from , will determine whether is in the set of neighbors; if it is, then presets the expiration time of . If is a new vehicle, then will set the ′ information in the neighbor set and preset the expiration time. The expiration time will be counted on continuously. When the expiration time of is reached, the information of will be removed. Appl. Sci. 2015, 5 980 Hello message → all: “Hello”, ( , , , ), where ∈ Construction of Set of Neighbors collects hello messages of all neighbors, and then builds the set of neighbors as follows. has the information of , ( , , , ), and has the information of , ( , , , ). generates the pairing value with , and generates the pairing value with , , , consistent with Equations (1) and (2). ( ∥ ∥ ) = ê ( , ) = ê ( , ) , (1) ( ∥ ∥ ) ∥ ∥ = ê ( , ) = ê ( , ) (2) ∥ ∥ If any in equals in , then will equal . is the pairing value of , , , and that is used for mutual authentication. If no = , then checks for another vehicle in the set of neighbors ( ) whose has a common index with and , and then puts “ ” in the pairing value field , enabling to help to authenticate with . The information of is taken at , and will use to make a pairing with in a pairing process that is similar to the process described above. In Table 4, has a common secret with and , and can help and to perform authentication. Table 4. Set of neighbors. Neighbor Vehicle Pairing Value Expiration Time ( , , , ) ( , , , ) ( , , , ) 3.5. Message Authentication For , the neighbor set lists information about all neighbors, including their anonymous identities, pairing values, and the other vehicles that can help to pass messages. When wants to broadcast a message, it will generate a polynomial function with all pairing values and a random key K, and then make the HMAC of the message and the time stamp with key K. F(x) = K + ∏( − ), where s are the neighbors of , and the pairing values are . , , S1. → all: ( , , ),(M, ),(F(x), ( ∥ ) ),(List of ) where is the ID of the vehicle that is in the pairing value field of the neighbor set, and can help to rebroadcast this message. S2. After receives the message, takes from the neighbor set of ; calculates F( ) to , , obtain , and checks whether the ( ∥ ) equals ( ∥ ) ; if it does, then Vj authenticates this message; otherwise, rejects this message. If is in the list of , then will rebroadcast this message by a similar process. Appl. Sci. 2015, 5 981 3.6. Communicating Confidentially Two neighbors ( , ) can communicate confidentially using as an encryption key to encrypting the message and the time stamp. If and have no common secret but do have a common neighbor ( ), then has a common secret with and . can communicate confidentially with passing to the common neighbor . 3.7. In a Sparse RSU Environment A vehicle is associated with two sets of registration information (PRG and NRG). This information can be used for message authentication or confidential communication. If the longest distance between two neighboring RSUs is less than the distance through which a vehicle moves in two time slots, then a vehicle can always receive new registration information before the NRG expires. Therefore, RSUs can be incrementally deployed. Since all RSUs have the same SP , the concept of the RSP can be applied to all vehicles even if they register with different RSUs. If the vehicle cannot find any RSU to request the new registration, it still can use its ORG for message authentication. 3.8. Revocation At any time, if a malicious vehicle is found using the information of anonymous identity that is claimed by the malicious vehicle, and the registration table is recorded in all RSUs, then the ORG, PRGs and NRGs of the malicious vehicle will be explored and revoked by the TA and all RSUs, so the malicious vehicle will not be able to request any new registration information in the next time slot. Only ORG revocation must always be recorded. Revoked PRGs and NRGs can be withdrawn in the next two time slots. Thus, the overhead of the revocation list is small. To trace the original registration information, all RSUs must keep a record of registration information for one day. The overhead of recording the registration table is also light. For example, vehicle i registers its original registration set in TA with its real identity as the information in Table 5.1. At T , it registers a new registration set in RSU t-2 a, , ,′ ,′ ,′ with its anonymous identity, , , , as the information in Table 5.2. Then, the vehicle obtains a new registration set from RSU and RSU at T b c t-1 and T as the information in Tables 5.3 and 5.4. When it was found that it use the anonymous identity , ,‴ ,‴ to perform a malicious attack in time slot T . According to the information in anonymous identity, Table 5.4 will be checked, and be traced back from Tables 5.4, 5.3, and 5.2 to Table 5.1 in TA. TA will revoke the right of vehicle i, and inform the information about the original registration set and the new registration sets in Tables 5.3 and 5.4 to all RSUs to deny the new anonymous request from vehicle i. Appl. Sci. 2015, 5 982 Table 5. Example of request for anonymous identities. Table 5.1. Recording table in TA. Real ID Original Reg. Set ⋮ ⋮ Real ID of vehicle i , , , , ⋮ ⋮ Table 5.2. Recording table in RSUa. Anonymous ID New Reg. Set ⋮ ⋮ , , , , ,′ ,′ ,′ ⋮ ⋮ Table 5.3. Recording table in RSU . Anonymous ID New Reg. Set ⋮ ⋮ , ,′ ,′ , ,″ ,″ ,″ ⋮ ⋮ Table 5.4. Recording table in RSUc. Anonymous ID New Reg Set ⋮ ⋮ , ,″ ,″ , ,‴ ,‴ ,‴ ⋮ ⋮ 3.9. Broadcasting of Seed Value from TA to All RSUs In every time slot, TA must broadcast a seed value to all RSUs to generate a new secret pool. Based on the same secret pool, all of new registration set requested in the same time slot will have the same properties of random secret pre-distribution. However, when an RSU is found to be performing a malicious attack, its right to respond to a new registration request in the following time slots must be suspended. To revoke the right of a malicious RSU to respond, the secret index of the malicious RSU is appended to the set of revoking secret indexes ( ), and is made the set of secret indexes for broadcasting the new seed value. will be used by the TA to broadcast the seed value , as follows. TA receives and sets as an empty set. S1. For all valid RSUs, R , TA selects any one new secret index in , but not in and ; this new secret index is added to . S2. TA sets F1(x)=k1+∏( − ) and F2(x) = k2+∏( −( ( )) ), for all di in . Now, TA can use , F (x) and F (x) to broadcast a new seed value, as follows. 1 2 S3. TA→ all: , ,, F1(x), HMACK1( ∥ ∥ ), F2(x), Ek2(new seed value) Appl. Sci. 2015, 5 983 S4. RSU(Ra) receives the broadcast message. Calculates K = F (d ), d ∈ , y = 1~N 1y 1 Ray Ray R Checks whether any K ′ exists such that HMAC ( ∥ ∥ ) equals ( ∥ ∥) . 1y K1y′ If K ′ is exist, takes d ′, that K ′ is equal to F ( ′), calculate K ′ = F and 1y Ray 1y 1 Ray 2 2 ( ∥ ∥ ) decrypt E ′(.) to retrieve the new seed value to generate a new secret pool in time slot T . k2 t Because the secret indexes of malicious RSU are not included in , even it quests the secret index in , but it has not the respective private key, so it can not get the decrypted key k ′ to retrieve the new seed value. 4. Analysis of Security and Performance A VANET is vulnerable to various malicious attacks, including masquerading attacks, forgery attacks and reply attacks. To ensure the privacy of vehicles, the proposed scheme must support anonymity, confidential communication, and conditional un-traceability. When a legal vehicle makes a malicious attack, it will be traced and revoked. 4.1. Security Analysis In the proposed schemes, the public key is formed by the hash value of the identity of the issuer, an anonymous identity, and the time slot, according to Equation (3). Any vehicle’s public key can be calculated by any other vehicle. A vehicle’s private keys are formed by the indexing secret and the vehicle’s public key, according to Equation (4). Vehicles know the secret index but cannot retrieve the indexing secret because the ECDLP (Elliptic Curve Discrete Logarithm Problem) is hard. The pairing values are used to establish mutual trust and perform negotiation. The pairing values are bilinear mappings of one vehicle’s private key and another vehicle’s public key, which can be calculated by a vehicle without any negotiation. In the processes of requesting a new registration and building a neighbor set, the only exposed information is anonymous identity { , , , }. , can not be fake because they will be used to calculate the public key and the associated private key. is exposed but does not include any information of secret value in secret pool. The information that is involved in message authentication is the message and pairing values that are derived by the vehicle. The following section discusses security in greater detail. 4.1.1. Masquerading Attacks In the proposed scheme, one vehicle ( ) uses the information of anonymous identity included ( , , , ), to say “hello”, and it uses to generate a pairing value for message authentication or communication. , which is one , can be used only in . For any in , the public key and private key are as follows. = H( ∥ ║ ) P (3) = ( ) (4) Appl. Sci. 2015, 5 984 knows , and but it cannot retrieve ( ) because the ECDLP (Elliptic Curve Discrete Logarithm Problem) is a hard problem. Therefore, cannot masquerade as having another anonymous ID without information of the secret pool. In message authentication and the construction of a set of neighbors, the only exposed information is , , F(x) and ( ∥ ) , so an attacker cannot retrieve any private information about the private keys. Therefore, masquerading attacks are impossible. 4.1.2. Forgery Attacks In a broadcast message, ( , , ), (M, ) and (F(x), ( ∥ ) ), constitute the identity ( ), the broadcast message (M), and the polynomial function (F(x)) that is embedded the HMAC key K, and the HMAC of message. Without the pairing value that is derived with the common secret that is embedded in the private key, the HMAC key cannot be retrieved, and without the HMAC key, an attacker cannot forge a message that can pass the HMAC check. In the “hello” message, are broadcast with attached so, without the secret pool ( or ), an attacker cannot obtain the pairing values with other vehicles. 4.1.3. Replay Attacks The “hello” message is used to claim that the vehicle is present, and neighboring vehicles use the “hello” message to generate pairing value. Hence, replaying the hello message affects one more neighbor, but this neighbor cannot perform a mutual pairing to perform any attack without the private keys. The time stamp in the HMAC of a broadcast message and a communicated message can resist the replay attack. 4.1.4. Anonymity and Conditional Un-Traceability In ORG, PRG or NRG, N anonymous IDs can be used for anonymity. At any time, a vehicle can randomly choose one of them to claim an identity. Since the identity can be changed at any time, the running path of the vehicle will be untraceable. However, since ORG, PRG, or NRG information is recorded in the TA or RSUs, the real identity of a vehicle that makes a malicious attack can be traced. 4.1.5. Message Authentication and Confidential Communication In the construction of a set of neighbors, the pairing value between two vehicles that have a common secret is calculated mutually. The pairing value is calculated as ê ( , ) or ê ( , ), where and have a common secret. The pairing value will be used for message authentication or confidential communication. Based on the ECDLP, they know or , but they do not know the value of SP( ) or SP( ) in the secret pool of TA or RSU. If two vehicles do not have a common secret, but they have a common trusted neighboring vehicle, then they can communicate confidentially through the mutually trusted vehicle, or make message authentication from rebroadcasting message. Appl. Sci. 2015, 5 985 4.1.6. Revocation The TA maintains all ORGs for the vehicles. RSUs maintain the registration PRG and NRG information for one day. Every , or the first vehicle registration, the ORG information is used for new registration requests, and the registration information is recorded in an RSU. The real identities of vehicles are obtained by tracing back from RSUs to the TA. The TA can tell all RSUs to deny registration requests from malicious vehicles. PRG or NRG information can be used for two time slots, but malicious vehicles cannot use it to become newly registered. 4.2. Performance Analysis This section will discuss the possibilities of obtaining pairing values and authenticating messages. The proposed scheme will be compared to DCS [7], PASS [8], CH-IBC [9] and BDH [11] with respect to functions and performance in message authentication. 4.2.1. Probability of Obtaining Pairing Value and Authenticating Messages As described in Section 3, is the size of the secret pool in an RSU; N is the number of secrets in a vehicle that has been assigned by an RSU. Let the number of neighboring vehicles be . is the probability that two vehicles have no common secret. is the probability that two vehicles have a common secret and so can generate a pairing value for message authentication or confidential communication. is the probability that two vehicles do not have a common secret and a common trusted neighbor, so a broadcast message cannot be authenticated. = C ( – , )/C ( , ) = 1 – ( ) = = When broadcasts a message, has a probability of being directly authenticated. In , the first term is the probability that cannot be directly authenticated with , and all trusted neighbors of cannot be directly authenticated with also.(in the second term). is small, so the probability that a message cannot be authenticated is very small. 4.2.2. Functionality Comparison The functions of message authentication schemes are anonymous, conditional un-traceability, message authentication in sparse RSU, or needing certification. Table 6 compares schemes in terms of functionality, and the proposed scheme fits all functional requirements. Appl. Sci. 2015, 5 986 Table 6. Comparison of functionality. Scheme DCS [7] PASS [8] CH-IBC [9] BDH [11] Proposed Scheme Functions Anonymity √ √ √ √ √ Conditional un-traceability √ √ √ √ √ Authentication in sparse × × √ × √ RSU environment Does not need certification × × √ × √ 4.2.3. Performance Analysis The construction of a neighbor set is performed offline, so the load associated with pairing is ignored. During message authentication, the message must be signed to show that it has been sent by a legal vehicle and the signature must be verified. The numbers of computations in message signing and verification are measured. The computations may be bilinear pairing ( ), EC multiplication ( ), exponential ( ) or HMAC. The computation times for , , and HMAC, measured on a 3 GHZ Pentium 4 PC [16,17] are 4.5 ms, 0.6 ms, 0.54 ms and 0.002 ms, respectively. Table 7 shows the number of computations and times required by the proposed and other schemes. In the proposed scheme, the generation of F(x) in signing and the calculation of the HMAC key K are computations of a polynomial function. The computing time can be ignored, so the computations that are involved in signing or verifying in the proposed scheme are HMAC computations only. Table 7. Comparison of schemes in terms of number of computations and time required. Method DCS [7] PASS [8] CH-IBC [9] BDH [11] Proposed Scheme Phase Signing 2 1 2 2 HMAC Verification 5 + 3 3 + 4 2 + HMAC Total Number of 5 + 5 3 + 5 4 + 3 2HMAC Computations Required Time 25.5 ms 16.5 ms 2.16 ms 6.3 ms 0.004 ms 5. Conclusions and Future Work This paper proposed the concept of the RSP for constructing a message authentication scheme for use in VANETs. In the proposed scheme, all RSUs and vehicles must register with the TA to receive the original registration set (ORG). At any time, all RSUs have a common secret pool that is generated by a PRNG with a common seed value that is sent by the TA in every time slot. The RSUs act as issuers that can assign a sub-set of secrets to any vehicles that have been authenticated with their ORG or NRG, which were obtained in the previous time slot. For every T1, or whenever vehicles enter the VANET for the first time, vehicles request the new registration set (NRG) with the information in ORG. In other time slots, the vehicles can obtain the new registration set with the information in NRG to generate a new NRG. In the proposed scheme, vehicles randomly choose one of their IDs in NRG and the set of secret index to announce their presence periodically. Using the ID and secret index set, Appl. Sci. 2015, 5 987 neighboring vehicles can compute the mutual pairing value or find vehicles that can help them with message authentication. In message authentication, a polynomial function is formed by the pairing values and the HMAC key. The HMAC of the message with the key will be attached to the broadcast message. Vehicles that receive a broadcast message use their pairing value to retrieve the HMAC key and to authenticate the message. Some vehicles are asked to rebroadcast the message for vehicles that do not have a common secret with the sender. The proposed scheme is very simple but satisfies all the requirements of a VANET, such as defense against masquerade, forgery and replay attacks, anonymity, un-traceability, message authentication, confidential communication, and a light revocation list. The only computation that is involved in signing and verification for message authentication is that associated with HMAC, so the proposed scheme outperforms previously proposed schemes. In message authentication, the index-set of a secret sub-set must be broadcast, potentially leaking information of the secret pool, so future work should seek to hide the index set while ensuring that the load associated with message authentication is light. Acknowledgments This paper is the partial result of projects NSC101-2221-E366-003-MY3, MOST103-2632-E366-001 and MOST104-2632-E366-001. The authors thank the Ministry of Science and Technology, R.O.C., for its support. Author Contributions Alan Dahgwo Yein proposed the original idea and wrote the first draft. Yu-Hsiu Huang set up the main structure and the detail processes. Chih-Hsueh Lin revised the article and response the reviewer’s comment. Wen-Shyong Hsieh leaded the supporting project. Chung-Nan Lee advised the manuscript. Zhong-Ting Luo proposed the basic concept in his master thesis. Conflicts of Interest The authors declare no conflict of interest. References 1. Lu, R.; Lin, X.; Zhu, H.; Ho, P.; Shen, X. ECPP: Efficient Conditional Privacy Preservation Protocol for Secure Vehicular Communications. In Proceedings of the INFOCOM 2008, the 27th Conference on Computer Communications, Phoenix, AZ, USA, 13–18 April 2008; pp. 1229–1237. 2. Uzcategui, R.; Acosta-Marum, G. Wave: A tutorial. Commun. Mag. 2009, 47, 126–133. 3. Lin, X.D.; Sun, X.T.; Ho, P.H.; Shen, X.M. GSIS: A secure and privacy-preserving protocol for vehicular communications. IEEE Trans. Veh. Technol. 2007, 56, 3442–3456. 4. Raya, M.; Hubaux, J.-P. The security of vehicular ad hoc networks. In Proceedings of the 3rd ACM Workshop on Security of ad hoc and Sensor Networks, Alexandria, VA, USA, 7–10 November 2005. Appl. Sci. 2015, 5 988 5. Hubaux, J.; Capkun, S.; Luo, J. The Security and privacy of Smart Vehicles. IEEE Secur. Priv. 2004, 2, 49–55. 6. Zhang, C.X.; Lin, X.D.; Lu, R.X.; Ho, P.H.; Shen, X.M. An efficient message authentication scheme for vehicular communications. IEEE Trans. Veh. Technol. 2008, 57, 3357–3368. 7. Wasef, A.; Jiang, Y.X.; Shen, X.M. DCS: An efficient distributed-certificate-service scheme for vehicular networks. IEEE Trans. Veh. Technol. 2010, 59, 533–549. 8. Sun, Y.P.; Lu, R.X.; Lin, X.D.; Shen, X.M.; Su, J.S. An efficient pseudonymous authentication scheme with strong privacy preservation for vehicular communications. IEEE Trans. Veh. Technol. 2010, 59, 3589–3603. 9. Chen, C.Y.; Hsu, T.C.; Wu, H.T.; Chiang, J.Y.; Hsieh, W.S. Anonymous authentication and key agreement schemes in vehicular ad-hoc networks. J. Internet Technol. 2014, 15, 896–902. 10. Huang, Y.H.; Fan, K.H.; Hsieh, W.S. Message authentication scheme for vehicular ad-hoc wireless networks without RSU. J. Inf. Hidding Multimedia Signal Process. 2015, 6, 113–122. 11. Huang, M.W.; Wu, H.T.; Hong, G.J.; Hsieh, W.S. Using BDH for the message authentication in VANET. Math. Probl. Eng. 2014, 2014, 1–13. 12. Kuo, P.C. Chameleon Hash Function Based Message Authentication for VANETs in sparse RSU Environment. Master Thesis, National Sun Yat-sen University, Kaohsiung, Taiwan, 2015. 13. Li, W.S.; Tsai, C.W.; Hsieh, W.S.; Yang, C.S.; Chiang, M.C. A Key Management scheme for dense wireless sensor networks. Inf. J. Int. Interdiscip. J. 2011, 14, 2459–2470. 14. Yein, A.D.-G.; Chen, C.Y.; Hsu, T.C.; Hsieh, W.S.; Lin, J.A. Attack wireless sensor network using compromised key redistribution. Int. J. Appl. Mech. Mater. Spec. Issue Inf. Technol. Appl. Ind. 2012, 263–266, 920–925. 15. Hsieh, W.S.; Yan, D.G.; Liao, S.Y. The Random Secret Pre-distribution for Wireless Sensor Network. In Proceedings of the Conference on Information Technology and Applications in Outlying Islands, Kinmen, Taiwan, 18 May 2013; pp.844–846. 16. Scott, M. Implementing cryptographic pairings. Lect. Notes Comput. Sci. 2007, 4575, 177–196. 17. Long, M.; Wu, C.-H.J.; Irwin, J.D. Reducing communication overhead for wireless roaming authentication: Methods and performance evaluation. Int. J. Netw. Secure 2008, 6, 331–341. © 2015 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/4.0/).

Journal

Applied SciencesMultidisciplinary Digital Publishing Institute

Published: Oct 30, 2015

There are no references for this article.