Rongxing Lu

ECPP: Efficient Conditional Privacy Preservation Protocol for Secure Vehicular Communications

In this paper, we introduce an efficient conditional privacy preservation (ECPP) protocol in vehicular ad hoc networks (VANETs) to address the issue on anonymous authentication for safety messages with authority traceability. The proposed protocol is characterized by the generation of on-the-fly short-time anonymous keys between on-board units (OBUs) and roadside units (RSUs), which can provide fast anonymous authentication and privacy tracking while minimizing the required storage for short-time anonymous keys. We demonstrate the merits gained by the proposed protocol through extensive analysis.

An Efficient Identity-Based Batch Verification Scheme for Vehicular Sensor Networks

With the adoption of state-of-the-art telecommunication technologies for sensing and collecting traffic related information, Vehicular Sensor Networks (VSNs) have emerged as a new application scenario that is envisioned to revolutionize the human driving experiences and traffic flow control systems. To avoid any possible malicious attack and resource abuse, employing a digital signature scheme is widely recognized as the most effective approach for VSNs to achieve authentication, integrity, and validity. However, when the number of signatures received by a Roadside Unit (RSU) becomes large, a scalability problem emerges immediately, where the RSU could be difficult to sequentially verify each received signature within 300 ms interval according to the current Dedicated Short Range Communications (DSRC) broadcast protocol. In this paper, we introduce an efficient batch signature verification scheme for communications between vehicles and RSUs (or termed vehicle- to-Infrastructure (V2I) communications), in which an RSU can verify multiple received signatures at the same time such that the total verification time can be dramatically reduced. We demonstrate that the proposed scheme can achieve conditional privacy preservation that is essential in VSNs, where each message launched by a vehicle is mapped to a distinct pseudo identity, while a trust authority can always retrieve the real identity of a vehicle from any pseudo identity. With the proposed scheme, since identity-based cryptography is employed in generating private keys for pseudo identities, certificates are not needed and thus transmission overhead can be significantly reduced.

EPPA: An Efficient and Privacy-Preserving Aggregation Scheme for Secure Smart Grid Communications

The concept of smart grid has emerged as a convergence of traditional power system engineering and information and communication technology. It is vital to the success of next generation of power grid, which is expected to be featuring reliable, efficient, flexible, clean, friendly, and secure characteristics. In this paper, we propose an efficient and privacy-preserving aggregation scheme, named EPPA, for smart grid communications. EPPA uses a superincreasing sequence to structure multidimensional data and encrypt the structured data by the homomorphic Paillier cryptosystem technique. For data communications from user to smart grid operation center, data aggregation is performed directly on ciphertext at local gateways without decryption, and the aggregation result of the original data can be obtained at the operation center. EPPA also adopts the batch verification technique to reduce authentication cost. Through extensive analysis, we demonstrate that EPPA resists various security threats and preserve user privacy, and has significantly less computation and communication overhead than existing competing approaches.

Smart community: an internet of things application

In this article, we introduce an Internet of Things application, smart community, which refers to a paradigmatic class of cyber-physical systems with cooperating objects (i.e., networked smart homes). We then define the smart community architecture, and describe how to realize secure and robust networking among individual homes. We present two smart community applications, Neighborhood Watch and Pervasive Healthcare, with supporting techniques and associated challenges, and envision a few value-added smart community services.

Security in vehicular ad hoc networks

Vehicular communication networking is a promising approach to facilitating road safety, traffic management, and infotainment dissemination for drivers and passengers. One of the ultimate goals in the design of such networking is to resist various malicious abuses and security attacks. In this article we first review the current standardization process, which covers the methods of providing security services and preserving driver privacy for wireless access in vehicular environments (WAVE) applications. We then address two fundamental issues, certificate revocation and conditional privacy preservation, for making the standards practical. In addition, a suite of novel security mechanisms are introduced for achieving secure certificate revocation and conditional privacy preservation, which are considered among the most challenging design objectives in vehicular ad hoc networks.

A Lightweight Message Authentication Scheme for Smart Grid Communications

Smart grid (SG) communication has recently received significant attentions to facilitate intelligent and distributed electric power transmission systems. However, communication trust and security issues still present practical concerns to the deployment of SG. In this paper, to cope with these challenging concerns, we propose a lightweight message authentication scheme features as a basic yet crucial component for secure SG communication framework. Specifically, in the proposed scheme, the smart meters which are distributed at different hierarchical networks of the SG can first achieve mutual authentication and establish the shared session key with Diffie-Hellman exchange protocol. Then, with the shared session key between smart meters and hash-based authentication code technique, the subsequent messages can be authenticated in a lightweight way. Detailed security analysis shows that the proposed scheme can satisfy the desirable security requirements of SG communications. In addition, extensive simulations have also been conducted to demonstrate the effectiveness of the proposed scheme in terms of low latency and few signal message exchanges.

SMART: A Secure Multilayer Credit-Based Incentive Scheme for Delay-Tolerant Networks

Delay-tolerant networks (DTNs) provide a promising solution to support wide-ranging applications in the regions where end-to-end network connectivity is not available. In DTNs, the intermediate nodes on a communication path are expected to store, carry, and forward the in-transit messages (or bundles) in an opportunistic way, which is called opportunistic data forwarding. Such a forwarding method depends on the hypothesis that each individual node is ready to forward packets for others. This assumption, however, might easily be violated due to the existence of selfish or even malicious nodes, which may be unwilling to waste their precious wireless resources to serve as bundle relays. To address this problem, we propose a secure multilayer credit-based incentive scheme to stimulate bundle forwarding cooperation among DTN nodes. The proposed scheme can be implemented in a fully distributed manner to thwart various attacks without relying on any tamperproof hardware. In addition, we introduce several efficiency optimization techniques to improve the overall efficiency by exploiting the unique characteristics of DTNs. Extensive simulations demonstrate the efficacy and efficiency of the proposed scheme.

Secure provenance: the essential of bread and butter of data forensics in cloud computing

Secure provenance that records ownership and process history of data objects is vital to the success of data forensics in cloud computing, yet it is still a challenging issue today. In this paper, to tackle this unexplored area in cloud computing, we proposed a new secure provenance scheme based on the bilinear pairing techniques. As the essential bread and butter of data forensics and post investigation in cloud computing, the proposed scheme is characterized by providing the information confidentiality on sensitive documents stored in cloud, anonymous authentication on user access, and provenance tracking on disputed documents. With the provable security techniques, we formally demonstrate the proposed scheme is secure in the standard model.

Pseudonym Changing at Social Spots: An Effective Strategy for Location Privacy in VANETs

As a prime target of the quality of privacy in vehicular ad hoc networks (VANETs), location privacy is imperative for VANETs to fully flourish. Although frequent pseudonym changing provides a promising solution for location privacy in VANETs, if the pseudonyms are changed in an improper time or location, such a solution may become invalid. To cope with the issue, in this paper, we present an effective pseudonym changing at social spots (PCS) strategy to achieve the provable location privacy. In particular, we first introduce the social spots where several vehicles may gather, e.g., a road intersection when the traffic light turns red or a free parking lot near a shopping mall. By taking the anonymity set size as the location privacy metric, we then develop two anonymity set analytic models to quantitatively investigate the location privacy that is achieved by the PCS strategy. In addition, we use game-theoretic techniques to prove the feasibility of the PCS strategy in practice. Extensive performance evaluations are conducted to demonstrate that better location privacy can be achieved when a vehicle changes its pseudonyms at some highly social spots and that the proposed PCS strategy can assist vehicles to intelligently change their pseudonyms at the right moment and place.

An Efficient Pseudonymous Authentication Scheme With Strong Privacy Preservation for Vehicular Communications

In this paper, we propose an efficient pseudonymous authentication scheme with strong privacy preservation (PASS), for vehicular communications. Unlike traditional pseudonymous authentication schemes, the size of the certificate revocation list (CRL) in PASS is linear with the number of revoked vehicles and unrelated to how many pseudonymous certificates are held by the revoked vehicles. PASS supports the roadside unit (RSU)-aided distributed certificate service that allows the vehicles to update certificates on road, but the service overhead is almost unrelated to the number of updated certificates. Furthermore, PASS provides strong privacy preservation to the vehicles so that the adversaries cannot trace any vehicle, even though all RSUs have been compromised. Extensive simulations demonstrate that PASS outperforms previously reported schemes in terms of the revocation cost and the certificate updating overhead.