Nisha Panwar

Vehicle authentication via monolithically certified public key and attributes

AbstractVehicular networks are used to coordinate actions among vehicles in traffic by the use of wireless transceivers (pairs of transmitters and receivers). Unfortunately, the wireless communication among vehicles is vulnerable to security threats that may lead to very serious safety hazards. In this work, we propose a viable solution for coping with Man-in-the-Middle attacks. Conventionally, Public Key Infrastructure is utilized for a secure communication with the pre-certified public key. However, a secure vehicle-to-vehicle communication requires additional means of verification in order to avoid impersonation attacks. To the best of our knowledge, this is the first work that proposes to certify both the public key and out-of-band sense-able static attributes to enable mutual authentication of the communicating vehicles. Vehicle owners are bound to preprocess (periodically) a certificate for both a public key and a list of fixed unchangeable attributes of the vehicle. Furthermore, the proposed approach is shown to be adaptable with regards to the existing authentication protocols. We illustrate the security verification of the proposed protocol using a detailed proof in Spi calculus.

Dynamic attribute based vehicle authentication

Modern vehicles are proficient in establishing a spontaneous connection over a wireless radio channel, synchronizing actions and information. Security infrastructure is most important in such a sensitive scope of vehicle communication for coordinating actions and avoiding accidents on the road. One of the first security issues that need to be established is authentication via IEEE 1609.2 security infrastructure. According to our preliminary work, vehicle owners are bound to preprocess a certificate from the certificate authority. The certificate carries vehicle static attributes (e.g., licence number, brand and color) certified together with the vehicle public key in a monolithic manner. Nevertheless, a malicious vehicle might clone the static attributes to impersonate a specific vehicle. Therefore, in this paper we consider a resource expensive attack scenario involving multiple malicious vehicles with identical visual static attributes. Apparently, dynamic attributes (e.g., location and direction) can uniquely define a vehicle and can be utilized to resolve the true identity of the vehicle. However, unlike static attributes, dynamic attributes cannot be signed by a trusted authority beforehand. We propose an approach to verify the coupling between non-certified dynamic attributes and certified static attributes on an auxiliary communication channel, for example, a modulated laser beam. Furthermore, we illustrate that the proposed approach can be used to facilitate the usage of existing authentication protocols such as NAXOS, in the new scope of ad-hoc vehicle networks. We use BAN logic to verify the security claims of the protocol against the passive and active interception.

Dynamic Attribute Based Vehicle Authentication

In the near future, vehicles will establish a spontaneous connection over a wireless radio channel, coordinating actions and information. Security infrastructure is most important in such a hazardous scope of vehicles communication for coordinating actions and avoiding accidents on the roads. One of the first security issues that need to be established is authentication. Vehicle authentication with visual binding prior to establishing a wireless radio channel of communication is useful only when the vehicles possess unique visual attributes. These vehicle static attributes (e.g., Licence number, brand and color) are certified together with the vehicle public key. Therefore, we consider the case of multiple malicious vehicles with identical visual static attributes. Apparently, dynamic attributes (e.g., Location and direction) can uniquely define a vehicle and can be utilized to resolve the true identity of vehicles. However, unlike static attributes, dynamic attributes cannot be signed by a trusted authority beforehand. We propose an approach to verify the coupling between non-certified dynamic attributes and certified static attributes on an auxiliary communication channel, for example, a modulated laser beam. Furthermore, we illustrate that the proposed approach can be used to facilitate the usage of existing authentication protocols such as NAXOS, in the new scope of ad-hoc vehicle networks.

Optical PUF for Non-Forwardable Vehicle Authentication

Modern vehicles are configured to exchange warning messages through IEEE 1609 Dedicated Short Range Communication (DSRC) over IEEE 802.11p Wireless Access in Vehicular Environment (WAVE). Essentially, these warning messages must associate an authentication factor such that the verifier authenticates the message origin via visual binding. Interestingly, the existing vehicle communication incorporates the message forward-ability as a requested feature for numerous applications. On the contrary, the vehicle security infrastructure is vulnerable to message forwarding i.e., Messages seem to originate from a malicious vehicle (due to non-detectable message relaying) instead of the actual message sender. We introduce the non forward-able authentication to avoid an adversary coalition attack scenario. These messages should be identifiable with respect to the immediate sender at every hop. We propose to utilize immediate optical response verification in association with the authenticated key exchange over radio channel. These optical responses are generated through hardware means, i.e., A certified Physically Unclonable Function (PUF) device embedded on the front and rear of the vehicle.

Peripheral authentication for autonomous vehicles

We propose a peripheral authentication scheme for autonomous vehicles. A mutual authentication protocol is required to secure every peripheral device access to a vehicle. Specifically, we present a vehicle to peripheral device authentication scheme. In addition, our three way handshake scheme for vehicle to keyfob authentication scheme based on generalized peripheral authentication scheme has been proposed. The vehicle to keyfob authentication scheme is adapted and improved with an additional attribute verification of the keyfob holder. Conventionally, vehicle to keyfob authentication is realized through a challenge-response verification protocol. An authentic coupling between the vehicle identity and the keyfob avoids any illegal access to the vehicle. However, these authentication messages can be relayed by an active adversary, thereby, can amplify the actual distance between the authentic vehicle and the keyfob. Eventually, through this malicious relaying an adversary can possibly get access to the vehicle, without any effort to generate or decode the crypto credentials. Our solution is a two party, three way handshake scheme with proactive and reactive commitment verification. Conceptually, our solution is different than the distance bounding protocols that requires multiple rounds of round trip delay measurement.

Optical PUF for Non Forwardable Vehicle Authentication

Modern vehicles are configured to exchange warning messages through IEEE 1609 Dedicated Short Range Communication (DSRC) over IEEE 802.11p Wireless Access in Vehicular Environment (WAVE). Essentially, these warning messages must associate an authentication factor such that the verifier authenticates the message origin via visual binding. Interestingly, the existing vehicle communication incorporates the message forward-ability as a requested feature for numerous applications. On the contrary, the vehicle security infrastructure is vulnerable to message forwarding i.e., Messages seem to originate from a malicious vehicle (due to non-detectable message relaying) instead of the actual message sender. We introduce the non forward-able authentication to avoid an adversary coalition attack scenario. These messages should be identifiable with respect to the immediate sender at every hop. We propose to utilize immediate optical response verification in association with the authenticated key exchange over radio channel. These optical responses are generated through hardware means, i.e., A certified Physically Unclonable Function (PUF) device embedded on the front and rear of the vehicle.

The excessive power of Ctrl + C and Ctrl + V in CS research and career development

The Excessive Power of Ctrl+C and Ctrl+V in CS Research and Career Development Various types of plagiarism are common in academia. Namely, (i) word-by-word or verbatim plagiarism: turning contents into a carbon copy, (ii) paraphrasing plagiarism: copying the underlying meaning of the content in a “smart” manner by slightly tweaking the tone of sentences, (iii) idea plagiarism: capturing early/unpublished ideas belonging to someone else, and (iv) authorship plagiarism: masquerading as an original author of a different author’s work. Moreover, occasionally, reviewers may demand their own papers to be cited (no matter whether the references are relevant or not), leading to a new type of plagiarism that we call “citation plagiarism.” In this article, we mention three real plagiarism stories, and show ways to reduce incidents of plagiarism. It is not our intention to blame or shame any one journal, editor, reviewer, university, student, professor, or author. Instead we will give an account of three plagiarism stories to demonstrate how insidious the problem is. Recently, we were the victims of plagiarism. We found clear evidence of paraphrasing plagiarism in a published paper. It was a random online search that caught our eye. A familiar figure was identical to one published in a paper from a couple of years ago. Curiosity lead us to discover 90 percent of the content of that randomly searched paper was paraphrased from not only our paper, but others (available online) too. We approached the editor-in-chief of the journal of the newly published paper, who found the same issue, leading to a retraction of the paper, after some efforts. The height of verbatim plagiarism may be illustrated by the following real story. Jure Leskovec, Anand Rajaraman, and Jeffrey D. Ullman wrote a book entitled Mining of Massive Datasets (2011). Since the book is available online, someone by the name of Seyed Hossein Ahmadpanah simply copied the entire thing. Seyed only changed two elements of the book: the title and the author’s name. Seyed used CreateSpace, Amazon’s book-production facility, to produce the hard copies, and made the fake book available on Amazon for

A survey on 5G

25. Recently, we were assigned a paper to review for a well-regarded journal. The writing and contents of the paper were extremely poor, which was not an unusual problem until we noticed that the authors’ affiliation was listed as MIT. It was unexpected to see MIT authors submitting a paper of that caliber, so we investigated further. We discovered they were not actually enrolled at MIT, or any other U.S. university. Since we were curious to know what went behind this blunder, we did not reject the paper outright, but instead asked for a major revision. The only question that the authors responded to was regarding their affiliation, they claimed they mistakenly wrote in the wrong affiliation. After reading these stories, a natural question arises in our mind: Why is plagiarism detection getting harder? There might be various possible reasons: