Lo-Yao Yeh

ABAKA: An Anonymous Batch Authenticated and Key Agreement Scheme for Value-Added Services in Vehicular Ad Hoc Networks

In this paper, we introduce an anonymous batch authenticated and key agreement (ABAKA) scheme to authenticate multiple requests sent from different vehicles and establish different session keys for different vehicles at the same time. In vehicular ad hoc networks (VANETs), the speed of a vehicle is changed from 10 to 40 m/s (36-144 km/h); therefore, the need for efficient authentication is inevitable. Compared with the current key agreement scheme, ABAKA can efficiently authenticate multiple requests by one verification operation and negotiate a session key with each vehicle by one broadcast message. Elliptic curve cryptography is adopted to reduce the verification delay and transmission overhead. The security of ABAKA is based on the elliptic curve discrete logarithm problem, which is an unsolved NP-complete problem. To deal with the invalid request problem, which may cause the batch verification fail, a detection algorithm has been proposed. Moreover, we demonstrate the efficiency merits of ABAKA through performance evaluations in terms of verification delay, transmission overhead, and cost for rebatch verifications, respectively. Simulation results show that both the message delay and message loss rate of ABAKA are less than that of the existing elliptic curve digital signature algorithm (ECDSA)-based scheme.

ABACS: An Attribute-Based Access Control System for Emergency Services over Vehicular Ad Hoc Networks

In this paper, we propose an Attribute-Based Access Control System (ABACS) for emergency services with security assurance over Vehicular Ad Hoc Networks (VANETs). ABACS aims to improve the efficiency of rescues mobilized via emergency communications over VANETs. By adopting fuzzy identity-based encryption, ABACS can select the emergency vehicles that can most appropriately deal with an emergency and securely delegate the authority to control traffic facilities to the assigned emergency vehicles. Using novel cryptographic preliminaries, ABACS realizes confidentiality of messages, prevention of collusion attacks, and fine-grained access control. As compared to the current PKI scheme, the computational delay and transmission overhead can be reduced by exploiting the advantages afforded by message broadcasting, which is heavily used in ABACS. The performance evaluation demonstrates that ABACS is a suitable candidate for realizing emergency services via VANETs.

PAACP: A portable privacy-preserving authentication and access control protocol in vehicular ad hoc networks

Recently, several studies addressed security and privacy issues in vehicular ad hoc networks (VANETs). Most of them focused on safety applications. As VANETs will be available widely, it is anticipated that Internet services could be accessed through VANETs in the near future. Thus, non-safety applications for VANETs would rise in popularity. This paper proposes a novel portable privacy-preserving authentication and access control protocol, named PAACP, for non-safety applications in VANETs. In addition to the essential support of authentication, key establishment, and privacy preservation, PAACP is developed to provide sophisticated differentiated service access control, which will facilitate the deployment of a variety of non-safety applications. Besides, the portability feature of PAACP can eliminate the backend communications with service providers. Therefore, better performance and scalability can be achieved in PAACP.

A practical authentication protocol with anonymity for wireless access networks

The use of anonymous channel tickets was proposed for authentication in wireless environments to provide user anonymity and to probably reduce the overhead of re-authentications. Recently, Yang et al. proposed a secure and efficient authentication protocol for anonymous channel in wireless systems without employing asymmetric cryptosystems. In this paper, we will show that Yang et al.s scheme is vulnerable to guessing attacks performed by malicious visited networks, which can easily obtain the secret keys of the users. We propose a new practical authentication scheme not only reserving the merits of Yang et al.s scheme, but also extending some additional merits including: no verification table in the home network, free of time synchronization between mobile stations and visited networks, and without obsolete anonymous tickets left in visited networks. The proposed scheme is developed based on a secure one-way hash function and simple operations, a feature which is extremely fit for mobile devices. We provide the soundness of the authentication protocol by using VO logic. Copyright

An efficient nonce-based authentication scheme with key agreement

Many authentication protocols using smart cards have been proposed recently. In this article, we propose an efficient nonce-based authentication (ENA) protocol with key agreement. Generally, nonce-based authentication schemes require verification tables in servers to authenticate users. In ENA, both verification tables and synchronized timestamps are not required. Thus, ENA can be easily implemented in both users and servers. ENA also provides key agreement based on the nonce values generated in authentication. The ENA protocol has several features including: (1) no verification table is required in a server; (2) time synchronization is not needed between users and servers; (3) both the communication and computation cost are extremely low; (4) it provides mutual authentication between users and servers; (5) it supports session key agreement.

PBS: A Portable Billing Scheme with Fine-Grained Access Control for Service-Oriented Vehicular Networks

Vehicular ad hoc networks (VANETs) are an emerging wireless network technology used to improve road safety. Commercial services will play an important role in drawing customers to VANETs. Therefore, service-oriented vehicular networks offer an effective and promising approach. To meet the diverse requirements of different users, fine-grained access control is essential. This paper aims to address security, privacy and billing issues in service-oriented vehicular networks. Taking advantage of a portable electronic currency, the proposed scheme mitigates the long authentication delay of the centralized AAA architecture. Variant attribute-based encryption ensures fine-grained access control and secure billing. Only vehicles possessing the proper service attributes and valid electronic currency are authorized to access the requested service file. The security properties of entity authentication, session key agreement, privacy, fraud electronic currency prevention, double-spending prevention, and nonrepudiated billing are achieved. Extensive analysis and simulations demonstrate that our scheme is a viable candidate to replace a centralized AAA architecture with a decentralized method for better scalability in service-oriented vehicular networks.

An Efficient Authentication and Access Control Scheme Using Smart Cards

In this paper, we propose a novel integrated authentication and access control scheme using smart cards. A list of accessible resources with privileges is encrypted in the smart card issued to the user. Without storing access control information, a server can authenticate each user, realize resources to be accessed, and determine access privileges. We propose the use of card identifiers to prevent privilege elevation attacks and to protect the privacy of access requests. Our scheme has the following merits: low communication and computational cost, no access control information in the server, prevention of privilege elevation attack, multiple-access requests, privacy protection of access requests, mutual authentication, and session key agreement

Hierarchical Role-based Data Dissemination for large-scale wireless sensor networks with mobile sinks

In this paper, we propose a Hierarchical Role-based Data Dissemination approach, named HRDD, for large-scale wireless sensor networks with multiple mobile sinks. In HRDD, we use a hierarchical cluster-based structure to discover and maintain the routing paths for distributing data to the mobile sink. We assign two roles, named Indexing Agent and Gateway Agent, to some sensor nodes in the wireless sensor networks. Indexing Agents are used to remove unnecessary query messages, while Gateway Agents contribute to decrease energy consumption and the broadcasting messages. We evaluate and compare the impact of the number of nodes with prior approach. The simulation results justify that HRDD has the capability to reduce the energy consumption in the wireless sensor networks and to prolong network lifetime.

Hierarchical role-based data dissemination in wireless sensor networks

Data dissemination from multiple sources to mobile sinks is fundamental and challenging in WSN applications due to limited energy supply of sensor nodes and sink mobility. Previous data dissemination protocols either rely on an energy-consuming coordinate system or build an inefficient backbone. In this paper, we propose a hierarchical role-based data dissemination (HRDD) protocol in wireless sensor networks. In HRDD, a small number of sensor nodes are assigned to serve as cluster heads and agents to form the data dissemination backbone and mitigate unnecessary query forwarding. In addition, HRDD designs an efficient data delivery mechanism that provides shorter paths to accelerate data delivery as well as reduce the number of data transmissions. An adaptive backbone maintenance mechanism is also introduced for low-energy cluster heads and agents to reduce their load, thereby prolonging the network lifetime. The experimental results show that HRDD achieves the longer network lifetime, the shorter delay, and the high success ratio compared to the prior work.

An in-network approximate data gathering algorithm exploiting spatial correlation in wireless sensor networks

Recently, several studies have proposed to utilize spatial correlation of sensor readings and approximate answers to select only a subset of representative nodes for reading reporting in the WSN monitoring applications. Although having achieved substantial energy saving, these studies suffered from high control overhead or did not fully exploit spatial correlation. In this paper, we propose an in-network approximate data gathering algorithm exploiting spatial correlation. The proposed algorithm consists of two phases: in-network clustering phase and reading streaming phase. In the former phase, we present an in-network clustering scheme exploiting spatial correlations of sensor readings as well as cluster readings to further reduce the number of representative nodes. On the other hand, the latter phase employs an adaptive cluster maintenance scheme that ensures the user to obtain the reading answers of desired quality despite changing sensor readings. The experimental results show that the proposed algorithm outperforms prior algorithms in terms of network lifetime and number of representative nodes.