Khaled Rabieh

Scalable Certificate Revocation Schemes for Smart Grid AMI Networks Using Bloom Filters

Given the scalability of the advanced metering infrastructure (AMI) networks, maintenance and access of certificate revocation lists (CRLs) pose new challenges. It is inefficient to create one large CRL for all the smart meters (SMs) or create a customized CRL for each SM since too many CRLs will be required. In order to tackle the scalability of the AMI network, we divide the network into clusters of SMs, but there is a tradeoff between the overhead at the certificate authority (CA) and the overhead at the clusters. We use Bloom filters to reduce the size of the CRLs in order to alleviate this tradeoff by increasing the clusters’ size with acceptable overhead. However, since Bloom filters suffer from false positives, there is a need to handle this problem so that SMs will not discard important messages due to falsely identifying the certificate of a sender as invalid. To this end, we propose two certificate revocation schemes that can identify and nullify the false positives. While the first scheme requires contacting the gateway to resolve them, the second scheme requires the CA additionally distribute the list of certificates that trigger false positives. Using mathematical models, we have demonstrated that the probability of contacting the gateway in the first scheme and the overhead of the second scheme can be very low by properly designing the Bloom filters. In order to assess the scalability and validate the mathematical formulas, we have implemented the proposed schemes using Visual C. The results indicate that our schemes are much more scalable than the conventional CRL and the mathematical and simulation results are almost identical. Moreover, we simulated the distribution of the CRLs in a wireless mesh-based AMI network using ns-3 network simulator and assessed its distribution overhead.

Customized Certificate Revocation Lists for IEEE 802.11s-Based Smart Grid AMI Networks

Public-key cryptography (PKC) is widely used in smart grid (SG) communications to reduce the overhead of key management. However, PKC comes with its own problems in terms of certificate management. Specifically, certificate revocation lists (CRLs) need to be maintained and distributed to the smart meters (SMs) in order to ensure security of the communications. The size of CRLs may grow over time and eventually may introduce additional delay, bandwidth, and storage overhead when various applications are run on SG. In this paper, we propose novel algorithms for creating customized CRLs with reduced size for IEEE 802.11s-based advanced metering infrastructure (AMI) networks. Rather than maintaining a huge-size single CRL that introduces unnecessary search time and storage, the idea is to cluster/group SMs within the AMI network and create CRLs based on these groups. The grouping is mainly done in such a way that they bring together the SMs that will be very likely to communicate so that the CRLs will be kept local to that group. To this end, we propose two novel grouping algorithms. The first algorithm is a bottom-up approach, which is based on the existing routes from the SMs to the gateway. Since the SMs will be sending their data to the gateway through the nodes on the route, this forms a natural grouping. The second approach is a top-down recursive approach, which considers the minimum spanning tree of the network and then divides it into smaller subtrees. Via grouping, the length of the CRL for each SM and the corresponding distribution overhead can be reduced significantly. Simulation results have shown that our approach can maintain a balance between the size of the CRL and the number of signatures generated by CAs while guaranteeing security of the communications.

An efficient certificate revocation scheme for large-scale AMI networks

Given the large geographic deployment and scalability of the Advanced Metering Infrastructure (AMI) networks, it is inefficient to create one large certificate revocation list (CRL) for all the networks. It is also inefficient to create a CRL for each meter having the certificates it needs because too many CRLs will be required. It is beneficial to balance the size of the CRLs and the overhead of forming and distributing them. In this paper, the certificate authority (CA) groups the AMI networks and composes one CRL for each group. We use Bloom filter to reduce the number of CRLs by increasing the groups size with acceptable overhead on the meters. However, Bloom filters suffer from false positives which is not acceptable in AMI networks because meters may miss important messages. We propose a novel scheme to identify and mitigate the false positives by making use of the fact that Bloom filters are free of false negatives. The meters should contact the gateway to resolve the false positives. We use Merkle tree to enable the gateway to provide efficient proof for certificate revocation without contacting the CA. We derive a mathematical formula to the probability of contacting the gateway as a function of the filters parameters. We will show that this probability can be low by properly designing the Bloom filter. In order to assess the performance and the applicability of the proposed scheme, we use ns-3 network simulator to implement the scheme in a IEEE 802.11s-based mesh AMI networks. The results demonstrate that our scheme can be used efficiently for AMI networks.

A secure and privacy-preserving event reporting scheme for vehicular Ad Hoc networks

In vehicular ad hoc networks, vehicles should report events to warn the drivers of unexpected hazards on the roads. While these reports can contribute to safer driving, vehicular ad hoc networks suffer from various security threats; a major one is Sybil attacks. In these attacks, an individual attacker can pretend as several vehicles that report a false event. In this paper, we propose a secure event-reporting scheme that is resilient to Sybil attacks and preserves the privacy of drivers. Instead of using asymmetric key cryptography, we use symmetric key cryptography to decrease the computation overhead. We propose an efficient pseudonym generation technique. The vehicles receive a small number of long-term secrets to compute pseudonyms/keys to be used in reporting the events without leaking private information about the drivers. In addition, we propose a scheme to identify the vehicles that use their pool of pseudonyms to launch Sybil attacks without leaking private information to road side units. We also study a strong adversary model assuming that attackers can share their pool of pseudonyms to launch colluding Sybil attacks. Our security analysis and simulation results demonstrate that our scheme can detect Sybil attackers effectively with low communication and computation overhead. Copyright

Efficient generation and distribution of CRLs for IEEE 802.11s-based Smart Grid AMI networks

In this paper, we propose a novel algorithm for reducing the size of certificate revocation lists (CRLs) created and distributed for IEEE 802.11s-based Smart Grid Advanced Metering Infrastructure (AMI) networks. Rather than maintaining a huge-size single CRL that introduces unnecessary search time and storage, the idea is to generate groups of smart meters (SMs) within the AMI network and create CRLs based on these groups. Creating groups is appropriate in AMI networks since the SMs are stationary in contrary to traditional mobile wireless networks. Our proposed grouping algorithm is based on the created paths from leaf SMs to the gateway as well as the immediate neighborhood of each SM. Via grouping, the length of the CRL for each SM and the corresponding distribution overhead can be reduced significantly. Simulation results have shown that our approach can maintain a balance between the size of the CRL and the number of signatures generated by certification authorities (CAs) while guaranteeing security of the communications.

Privacy-Preserving Ride Sharing Scheme for Autonomous Vehicles in Big Data Era

Ride sharing can reduce the number of vehicles in the streets by increasing the occupancy of vehicles, which can facilitate traffic and reduce crashes and the number of needed parking slots. Autonomous vehicles can make ride sharing convenient, popular, and also necessary because of the elimination of the driver effort and the expected high cost of the vehicles. However, the organization of ride sharing requires the users to disclose sensitive detailed information not only on the pick-up/drop-off locations but also on the trip time and route. In this paper, we propose a scheme to organize ride sharing and address the unique privacy issues. Our scheme uses a similarity measurement technique over encrypted data to preserve the privacy of trip data. The ride sharing region is divided into cells and each cell is represented by one bit in a binary vector. Each user should represent trip data as binary vectors and submit the encryptions of the vectors to a server. The server can measure the similarity of the users’ trip data and find users who can share rides without knowing the data. Our analysis has demonstrated that the proposed scheme can organize ride sharing without disclosing private information. We have implemented our scheme using Visual C on a real map and the measurements have confirmed that our scheme is effective when ride sharing becomes popular and the server needs to organize a large number of rides in short time.

Combating Sybil Attacks in Vehicular Ad Hoc Networks

Vehicular Ad Hoc Networks (VANETs) are considered as a promising approach for facilitating road safety, traffic management, and infotainment dissemination for drivers and passengers. However, they are subject to an attack that has a severe impact on their security. This attack is called the Sybil attack, and it is considered as one of the most serious attacks to VANETs, and a threat to lives of drivers and passengers. In this paper, we propose a detection scheme for the Sybil attack. The idea is based on public key cryptography and aims to ensure privacy preservation, confidentiality, and non-repudiation. In addition, we suggest a scalable security and privacy solution using short-lived and authenticated certificates that must be issued from the national certification authority in order to guarantee trust among vehicles.

Trust-based and privacy-preserving fine-grained data retrieval scheme for MSNs

In this paper, we propose a trust-based and privacy-preserving fine-grained data retrieval scheme for mobile social networks (MSNs). The scheme enables users to create a log of trusted users who store (or are interested in) some topics related to a subject of interest. A subject is a broad term that can cover many fine-grained topics. In creating logs, we leverage friends-of-friends relationships and transferrable trust concept. Each user trusts its friends and the friends of friends. If a friend is not interested in a subject, he can help his friend in creating the log by linking the friend to his friends without knowing the subject to preserve privacy. In order to reduce the storage and computation overhead, we use Bloom filters to store the topics. A distinctive feature in our scheme is that it can query users who possess a fine-grained topic, rather than querying users who are interested in the broad subject but they may not have the specific topic of interest. We analyze the security and privacy of our scheme and evaluate the communication and computation overhead.