Pin-Han Ho

GSIS: A Secure and Privacy-Preserving Protocol for Vehicular Communications

In this paper, we first identify some unique design requirements in the aspects of security and privacy preservation for communications between different communication devices in vehicular ad hoc networks. We then propose a secure and privacy-preserving protocol based on group signature and identity (ID)-based signature techniques. We demonstrate that the proposed protocol cannot only guarantee the requirements of security and privacy but can also provide the desired traceability of each vehicle in the case where the ID of the message sender has to be revealed by the authority for any dispute event. Extensive simulation is conducted to verify the efficiency, effectiveness, and applicability of the proposed protocol in various application scenarios under different road systems.

ECPP: Efficient Conditional Privacy Preservation Protocol for Secure Vehicular Communications

In this paper, we introduce an efficient conditional privacy preservation (ECPP) protocol in vehicular ad hoc networks (VANETs) to address the issue on anonymous authentication for safety messages with authority traceability. The proposed protocol is characterized by the generation of on-the-fly short-time anonymous keys between on-board units (OBUs) and roadside units (RSUs), which can provide fast anonymous authentication and privacy tracking while minimizing the required storage for short-time anonymous keys. We demonstrate the merits gained by the proposed protocol through extensive analysis.

An Efficient Identity-Based Batch Verification Scheme for Vehicular Sensor Networks

With the adoption of state-of-the-art telecommunication technologies for sensing and collecting traffic related information, Vehicular Sensor Networks (VSNs) have emerged as a new application scenario that is envisioned to revolutionize the human driving experiences and traffic flow control systems. To avoid any possible malicious attack and resource abuse, employing a digital signature scheme is widely recognized as the most effective approach for VSNs to achieve authentication, integrity, and validity. However, when the number of signatures received by a Roadside Unit (RSU) becomes large, a scalability problem emerges immediately, where the RSU could be difficult to sequentially verify each received signature within 300 ms interval according to the current Dedicated Short Range Communications (DSRC) broadcast protocol. In this paper, we introduce an efficient batch signature verification scheme for communications between vehicles and RSUs (or termed vehicle- to-Infrastructure (V2I) communications), in which an RSU can verify multiple received signatures at the same time such that the total verification time can be dramatically reduced. We demonstrate that the proposed scheme can achieve conditional privacy preservation that is essential in VSNs, where each message launched by a vehicle is mapped to a distinct pseudo identity, while a trust authority can always retrieve the real identity of a vehicle from any pseudo identity. With the proposed scheme, since identity-based cryptography is employed in generating private keys for pseudo identities, certificates are not needed and thus transmission overhead can be significantly reduced.

Security in vehicular ad hoc networks

Vehicular communication networking is a promising approach to facilitating road safety, traffic management, and infotainment dissemination for drivers and passengers. One of the ultimate goals in the design of such networking is to resist various malicious abuses and security attacks. In this article we first review the current standardization process, which covers the methods of providing security services and preserving driver privacy for wireless access in vehicular environments (WAVE) applications. We then address two fundamental issues, certificate revocation and conditional privacy preservation, for making the standards practical. In addition, a suite of novel security mechanisms are introduced for achieving secure certificate revocation and conditional privacy preservation, which are considered among the most challenging design objectives in vehicular ad hoc networks.

A framework for service-guaranteed shared protection in WDM mesh networks

In this article a framework for end-to-end service-guaranteed shared protection in dynamic wavelength division multiplexing (WDM) mesh networks, called short leap shared protection (SLSP), is introduced. The idea of SLSP is to divide each working path into several overlapped protection domains, each of which contains a working and protection path pair. In addition to a guaranteed restoration service, SLSP is designed to satisfy the future requirements of wavelength-routed optical mesh networks in scalability, class of service, and capacity efficiency. Tutorial-like discussions are given in the architecture design and signaling mechanisms for implementing the SLSP framework in a dynamic network environment with examples and illustrations. To show that SLSP can improve capacity efficiency, simulations are conducted using four networks (22-, 30-, 79-, 100-node) for a comparative study between ordinary shared protection schemes and SLSP.

An Efficient Message Authentication Scheme for Vehicular Communications

In this paper, we introduce a novel roadside unit (RSU)-aided message authentication scheme named RAISE, which makes RSUs responsible for verifying the authenticity of messages sent from vehicles and for notifying the results back to vehicles. In addition, RAISE adopts the k- anonymity property for preserving user privacy, where a message cannot be associated with a common vehicle. In the case of the absence of an RSU, we further propose a supplementary scheme, where vehicles would cooperatively work to probabilistically verify only a small percentage of these message signatures based on their own computing capacity. Extensive simulations are conducted to validate the proposed scheme. It is demonstrated that RAISE yields a much better performance than previously reported counterparts in terms of message loss ratio (LR) and delay.

IPTV over WiMAX: Key Success Factors, Challenges, and Solutions [Advances in Mobile Multimedia]

The advances in broadband Internet access and scalable video technologies have made it possible for Internet Protocol television (IPTV) to become the next killer application for modern Internet carriers in metropolitan areas. With the recent release of IEEE 802.16d/e (worldwide interoperability for microwave access or WiMAX), broadband wireless access (BWA) is envisioned to further extend IPTV services to a new application scenario with wireless and mobility dimensions. It is a very strategic but challenging leverage for a carrier to glimpse the potential of IPTV by using WiMAX as the access network. Challenges are posed for IPTV over WiMAX due to multicasting under a diversity of fading conditions. A cross-layer design framework based on a novel two-level superposition coded multicasting (SCM) scheme is introduced. Simulation results show that much improved video quality is achievable with our approach.

RAISE: An Efficient RSU-Aided Message Authentication Scheme in Vehicular Communication Networks

Addressing security and privacy issues is a prerequisite for a market-ready vehicular communication network. Although recent related studies have already addressed most of these issues, few of them have taken scalability issues into consideration. When the traffic density becomes larger, a vehicle cannot verify all signatures of the messages sent by its neighbors in a timely manner, which results in message loss. Communication overhead as another issue has also not been well addressed in previously reported studies. To deal with these issues, this paper introduces a novel RSU-aided messages authentication scheme, called RAISE. With RAISE, roadside units (RSUs) are responsible for verifying the authenticity of the messages sent from vehicles and for notifying the results back to vehicles. In addition, our scheme adopts the k-anonymity approach to protect user identity privacy, where an adversary cannot associate a message with a particular vehicle. Extensive simulations are conducted to verify the proposed scheme, which demonstrates that RAISE yields much better performance than any of the previously reported counterparts in terms of message loss ratio and delay.

TSVC: timed efficient and secure vehicular communications with privacy preserving

In this paper, we propose a timed efficient and secure vehicular communication (TSVC) scheme with privacy preservation, which aims at minimizing the packet overhead in terms of signature overhead and signature verification latency without compromising the security and privacy requirements. Compared with currently existing public key based packet authentication schemes for security and privacy, the communication and computation overhead of TSVC can be significantly reduced due to the short message authentication code (MAC) tag attached in each packet for the packet authentication, by which only a fast hash operation is required to verify each packet. Simulation results demonstrate that TSVC maintains acceptable packet latency with much less packet overhead, while significantly reducing the packet loss ratio compared with that of the existing public key infrastructure (PKI) based schemes, especially when the road traffic is heavy.

Segment shared protection in mesh communications networks with bandwidth guaranteed tunnels

This paper focuses on the problem of dynamic survivable routing for segment shared protection (SSP) in mesh communication networks provisioning bandwidth guaranteed tunnels. With SSP, a connection is settled by concatenating a series of protection domains, each of which contains a working and protection segment pair behaving as a self-healing unit for performing local restoration whenever the working segment is subject to any unexpected interruption. We first discuss the advantages of using SSP-the ability to shorten the restoration time as well as achieve a higher throughput by saving spare capacity required for 100% restorability; then the survivable routing problem is formulated into an Integer Linear Programming (ILP), where the switching/merging node pair of each protection domain along with the corresponding least-cost working and protection segment pair can be jointly determined for a dynamically arrived connection request. A novel approach of arc-reversal transformation is devised to deal with the situation that the working segments of two neighbor protection domains may overlap with each other by more than a single node. Due to a very high computation complexity induced in solving the ILP, a novel heuristic algorithm is proposed, named Cascaded Diverse Routing (CDR), to allocate protection domains for a connection request by performing diverse routing across a set of predefined candidate switching/merging node pairs. Experiments are conducted on five two-connected network topologies to verify the ILP and the CDR algorithm. We first determine the best diameter of protection domains for the CDR scheme in each network topology. Using the results of best diameters, CDR is compared with two reported schemes, namely PROMISE and OPDA. We demonstrate in the simulation results that the path-shared protection schemes are outperformed by the SSP schemes in terms of blocking probability under all possible arrangements in the experiment and that CDR yields better performance than PROMISE and OPDA due to the extra efforts in manipulating the location of working segments at the expense of longer computation time.