Towards trusted and secure communications in a vehicular environment
Secure communication is an integral part of message exchange in a vehicular network formed by the integration of Vehicular Ad-Hoc Network (VANET) and Wireless Mesh Network (WMN). However, this integration gives rise to node cooperation issue because of the multi-hop communications. Furthermore, trad...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Theses and Dissertations |
| Language: | English |
| Published: |
2017
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/72758 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Secure communication is an integral part of message exchange in a vehicular network formed by the integration of Vehicular Ad-Hoc Network (VANET) and Wireless Mesh Network (WMN). However, this integration gives rise to node cooperation issue because of the multi-hop communications. Furthermore, traditional security solutions provided by the Public Key Infrastructure (PKI) approach may not be efficient because of the short connection times caused by the high mobility of vehicles. The goal of this thesis is to design trust models and key establishment protocols to provide a trusted and secure communication in a vehicular environment.
In trust modeling, recommendation trusts are leveraged to improve the detection time of selfish nodes in the network but, relying on recommendation trusts exposes the trust model to badmouthing and ballot-stuffing attacks. To overcome these vulnerabilities, we propose a trust model called the Dempster Shafer-Trust (DS- Trust) model, which is based on two techniques: the dissimilarity test and the Dempster Shafer Theory (DST). The dissimilarity test determines the amount of conflict between two trust records, and DST re-adjusts the weight of the recommendation trusts based on the dissimilarity results to downplay the impact of false recommendations. Numerical results show that DS-Trust model is robust against badmouthing and ballot-stuffing attacks when compared to other trust aggregation techniques such as the linear opinion pooling, subjective logic model, entropy-based probability model and regression analysis. Through NS-3 simulations, DS-trust model can mitigate selfish attacks such as blackhole and grayhole attacks.
Another problem with the trust model is that it depends on the overhearing mechanism to derive trust ratings, which is susceptible to limited transmission power and packet modification attacks that may affect the judgment of the nodes. To address these issues, we propose a novel trust model called the Merkle Tree-based with Reinforced Overhearing (MeTRO) using two techniques. First, it leverages on upstream monitoring to reinforce the overhearing observations collected from the downstream monitoring to mitigate limited transmission power attacks. Second, it incorporates an efficient Merkle-based tree authentication mechanism for detecting modified packets along a multi-hop path. Through extensive simulations, we demonstrate that MeTRO trust model can resist attacks associated with overhearing, including packet dropping attacks. Moreover, the Merkle-based tree authentication mechanism introduced in the MeTRO trust model is scalable in terms of the authentication delay when compared to the Elliptic Curve Digital Signature algorithm (ECDSA) for verifying the authenticity of messages.
To reduce the communication costs of deploying a PKI, we propose a Secure and Authenticated Key Management Protocol (SA-KMP). The SA-KMP scheme eliminates the exchange and management of certificates and Certificate Revocation Lists (CRLs) by delegating the management of keys to each node in the network by means of distributing repositories containing the bindings of the node’s identity and its corresponding public key. To reduce the high computing costs of asymmetric cryptography, the SA-KMP scheme uses symmetric keys derived based on a 3D matrix-based key agreement scheme to secure the communications. We demonstrate the efficiency of SA-KMP through performance evaluations in terms of transmission overhead, storage overhead, network latency, scalability and key generation time by comparing it to the certificate-based PKI and the Elliptic Curve Diffie-Hellman (ECDH), and Diffie-Hellman (DH) protocols. In addition, we use an automatic cryptographic protocol verifier called Proverif to prove that the key agreement protocol of the SA-KMP scheme is secure against an active attacker under the Dolev and Yao model and further show that SA-KMP scheme is secure against Denial of Service (DoS), collusion attacks and a wide range of other malicious attacks. |
|---|