An Efficient and Practical Authenticated Communication Scheme for Vehicular Ad Hoc Networks

1. An Efficient and Practical Authenticated Communication Scheme for Vehicular Ad Hoc Networks Source: IEEE Transactions on Vehicular Technology, Reviewing Presenter: Yung-Chih Lu (呂勇志) Date: 2011/03/04

2. Outline • Introduction • Proposed Scheme • Security Analysis • Performance Analysis • Conclusion • Comment

3. Introduction (1/3) • Goal • Message Authentication &Message Encryption • Against attack • Replay attack • Impersonation attack • Outsider attack • Saving resource • computation cost

4. Introduction (2/3) • Vehicular Ad Hoc Network (VANET) RSC: Road Side Unit

5. Introduction (3/3) • The Functions of Proposed Scheme • Traffic control schemes • Message Authentication • Entertainment service scheme • Message Encryption

6. Proposed Scheme for Traffic Control (1/2) • Vehicle-RSU-Vehicle Communication Vi RSU Vj (IDVi, IDVj, M, TVi, Kvi⊕H(M||TVi)) 1.ComputesK’Vi =H(IDVi || x) 2. Decrypts Kvi⊕H(M||TVi) 3. 4.Checks M,Tvi 5. Selects t ∈ Z*n 6. Computes T= t．Q = (x1,y1) r= x1 mod n s= t-1．[H(M||TR)+x．t] 7.Broadcast (IDR, IDVj, M, (r,s), TR ) 1.Computes (s-1．H(M||TR))．Q+s-1．r．X)= (x1’,y1’) 2. Verifies r’ = r r’= x1’ mod n V: Vehicular M: Message TVi: Timestamp Kvi: A pre-shared key x: RSU’s private key t: Random number H(): one way hash function Q: base point over Elliptic Curve X= x．Q

7. Proposed Scheme for Entertainment Service (2/2) • CSESPP Scheme Vi RSU (IDVi, Reg, TVi, H(Kvi||TVi)) K’Vi =H(IDVi || x) 1.ComputesK’Vi =H(Kvi||TVi) 2. Verifies H(K’vi||TVi) =H(Kvi||TVi) 3. R∈ Z*n 4. Computes SKi= H(Kvi||R) {ESKi(ES,R) ,R} 1.ComputesSKi =H(Kvi||R) 2. Decrypts ESKi(ES,R) 3. Check R V: Vehicular Reg: Request message TVi: Timestamp Kvi: A pre-shared key ES: Entertainment Service R: Random number H(): one way hash function CSESPP: Communication Scheme for Entertainment Services with Privacy Preservation

8. Security Analysis (1/1) • Against attack • Outsider attack • Secret key • Impersonation attack • Secret key • Replay attack • Timestamp

9. Performance Analysis (1/1) • Comparisons Table TEC_Mul: the operation time of point multiplication on the elliptic curve function Texp: the operation time of the modular exponentiation Tmul: the operation time of the modular multiplication

10. Conclusion • A vehicle only needs to share one session key with RSU to communicate with the other vehicles. • The proposed scheme is more efficient than other scheme.

11. Comment (1/2) • 本文主要貢獻簡述： • 所有認證與加密工作皆透過公認第三方(RSU)來進行, 搭配ECDSA簽章，降低Computation cost。 • 優點： • 提出橢圓曲線的point multiplication比modular exponentiation更有效率的概念，來降低computation cost。 • 缺點： • 錯字都集中在proposed scheme。 • Security Analysis缺乏證明。 • 當Vehicular周圍無RSU時，則無法進行authentication及encryption。

12. Comment (2/2) • 作者需進一步說明: • 請解釋在Entertainment Service 中，使用隨機值R的用意。 • 明顯錯誤(含typos): • Page6, 倒數第3行S應改成 M • Page16, Figure1,第8行H’(IDVi||x) =⊕H(IDVi||x)應改成H’(M||TVi) =H(M||TVi) • Page16, Figure1,第13行x．t應改成x．r • Page18, Figure2,第5行K’Vi =H(Kvi||TVi)應改成K’Vi =H(IDVi || x)

13. Li et al.’s Scheme for Traffic Control (1/2) • Vehicle-to-Vehicle Communication Vi Vj 1.Computes 1.Decrypts the message by Ht(SK) 2.Computes 3.check