Abstract
Vehicular ad hoc networks (VANET) is one of the most awaited and ambitious projects of Intelligent Transport System (ITS), where vehicles are permitted to talk with each other. The ultimate goal of the network is to develop a connected network of automobiles, and eventually to reduce traffic and accidents. However, VANET is an ad hoc network without any infrastructure. Apart from architectural issues, there are plenty of security and performance issues, which makes it difficult to be implemented. Therefore, we are using fully authenticated Signcryption technique along with re-cryptography and shareable cloud to make the network safe, reliable and robust. Signcryption combines signature and encryption in a single step, hence decreasing the number of computations. Re-cryptography allows alternative authorities to take charge of the primary authority while maintaining communication transparency. Group signature facilitates secure communication within the group. Security has been verified using Burrows-Abadi-Needham (BAN) logic and Automated Validation of Internet Security Protocols and Applications (AVISPA).
Similar content being viewed by others
References
Hanan AHA et al (2017) Real traffic data based evaluation of vehicular traffic environment and state-of-the-art with future issues in location-centric data dissemination for VANETs. Digit Commun Netw 3.3:195–210
Feng X et al (2017) A method for defensing against multi-source Sybil attacks in VANET. Peer-to-Peer Netw Appl 10.2:305–314
Lin X et al (2007) GSIS: A secure and privacy-preserving protocol for vehicular communications. IEEE Trans Veh Technol 56.6:3442–3456
Guo L et al (2017) A secure mechanism for big data collection in large scale internet of vehicle. IEEE Internet J 4.2:601–610
Singh G, Shrimankar DD (2018) Dynamic Group Based Efficient Access Authentication and Key Agreement Protocol for MTC in LTE-A Networks. Wirel Person Commun 101.2:829–856
Zheng Y (1997) Digital signcryption or how to achieve cost (signature & encryption) cost (signature)+ cost (encryption), Annual International Cryptology Conference, Springer, Berlin Heidelberg
Zheng Y, Imai H (1998) How to construct efficient signcryption schemes on elliptic curves. Inf Process Lett 68.5:227–233
Malone-Lee J (2002) Identity-Based Signcryption, IACR Cryptology ePrint Archive, 98
Chen L, Malone-Lee J (2005) Improved identity-based signcryption, International Workshop on Public Key Cryptography. Springer, Berlin
Barreto PS, Libert B, McCullagh N, Quisquater JJ (2005) Efficient and provably-secure identity-based signatures and signcryption from bilinear maps, International conference on the theory and application of cryptology and information security. Springer, Berlin
Boyen X (2003) Multipurpose identity-based signcryption, Annual International Cryptology Conference. Springer, Berlin
Libert B, Quisquater J-J (2004) Efficient signcryption with key privacy from gap Diffie-Hellman groups, International Workshop on Public Key Cryptography. Springer, Berlin
Kanchan S, Chaudhari NS (2016) Integrating group signature scheme with Non-transitive Proxy Re-encryption in VANET, International Conference on Computing, Analytics and security trends (CAST), IEEE
Sneha K, Chaudhari NS (2018) SRCPR: SignReCrypting Proxy Re-signature in secure VANET Groups, IEEE Access
Kuo T, Yen S, Han M (2017) Dynamic reversed accumulator. Int J Inf Secur 17:183–191
Kai K, Cong W, Tao L (2016) Fog computing for vehicular ad-hoc networks: paradigms, scenarios, and issues, the journal of China Universities of Posts and Telecommunications 23.2:56–96
Wu J, Dong M, Ota K, Li J, Guan Z (2017) FCSS: Fog Computing based content-aware filtering for security services in information centric social networks. IEEE Transactions on Emerging Topics in Computing
Liu B et al (2017) Cloud-Assisted Safety Message Dissemination in VANET Cellular Heterogeneous Wireless Network. IEEE Syst J 11.1:128–139
Baek J, Steinfeld R, Zheng Y (2007) Formal proofs for the security of signcryption. J Cryptol 20.2:203–235
Chakrabarti C, Roy S, Basu S (2019) Intention aware misbehavior detection for post-disaster opportunistic communication over peer-to-peer DTN. Peer-to-Peer Networking and Applications 12.4:705–723
Burrows M, Abadi M, Needham RM (1871) A logic of authentication. Proc R Soc Lond A 426 (1989):233–271
Armando A et al (2005) “The AVISPA tool for the automated validation of internet security protocols and applications.” International conference on computer aided verification, Springer, Berlin
Blaze M, Bleumer G, Strauss M (1998) Divertible protocols and atomic proxy cryptography, International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Berlin
Canetti R, Hohenberger S (2007) Chosen-ciphertext secure proxy re-encryption, Proceedings of the 14th ACM conference on Computer and communications security. ACM
Ma C, Ao J (2009) Group-based Proxy Re-encryption Scheme Secure Against Chosen Ciphertext Attack. IJ Netw Secur 8.3:266–270
Chen L et al (2016) Private reputation retrieval in public–a privacy-aware announcement scheme for VANETs. IET Inf Secur 11.4:204–210
Kanchan S, Singh G, Chaudhari NS (2018) Re-encrypting secure and efficient routing in VANET groups using sharable clouds, 4th International Conference on Recent Advances in Information Technology (RAIT). IEEE
Bayat M et al (2015) A secure authentication scheme for VANETs with batch verification. Wirel Netw 21.5:1733–1743
Sur C, Park Y, Rhee KH (2016) An efficient and secure navigation protocol based on vehicular cloud. Int J Comput Math 93.2:325–344
Kumari S, Khan MK (2014) More secure smart card-based remote user password authentication scheme with user anonymity. Secur Commun Netw 7.11:2039–2053
Jianhong Z, Xu M, Liying L (2014) On the security of a secure batch verification with group testing for VANET. Int J Netw Secur 16.5:351–358
Ateniese G, Fu K, Green M, Hohenberger S (2006) Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans Inf Syst Secur (TISSEC) 9:1–30
Jinila Y, Komathy K (2013) Bevish a privacy preserving authentication framework for safety messages in VANET. IET, pp 456–461
Parne BL, Gupta S, Chaudhari NS (2018) Segb: Security enhanced group based aka protocol for m2m communication in an iot enabled lte/lte-a network. IEEE Access 6:3668–3684
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendices
Appendix A: BAN Logic Rules and Assumptions for EASPSC
BAN logic rules are directly imported from [14] in our protocol to derive new logical derivations as below:
- 1.
\(P|\equiv (P \overset {\text {K}}{\leftrightarrow }Q) \wedge P\triangleleft (X)_{K} \): K is the secret shared between P and Q only, and P sees X is encrypted with K, So, P believes that Q once believed and said X.
P ≡ (Q|≡ X)
- 2.
P|≡ (Q|⇒ X) ∧ P|≡ (Q|≡ X): P believes Q has jurisdiction over X and it can be trusted for the truth of X, and P believes that Q believes X, so, P also believes that X is true.
P|≡ X
- 3.
\(P|\equiv (Q| \sim X) \wedge P|\equiv Q|\equiv \#X\) P believes that Q once said X, and P believes that Q believes X is fresh, hence P believes in truthiness and freshness of X.
P|≡ #X
Following assumptions are taken into consideration in our protocol:
- –
MM1 and MM2 have agreed upon to share secret key SSK1 and to create a re-encryption key using this.
MM1 securely sends SSK1 to MM2\(MM_{1}|\sim SSK_{1}\)
MM2 believes SSK1 sent by MM1 is fresh.
\(\frac {MM_{2} \triangleleft SSK_{1} \wedge MM_{2} |\equiv \#SSK_{1}} {MM_{2} |\equiv MM_{1} |\equiv SSK_{1}}\)
MM1 believes that this key has been known only to MM2 and itself.
MM1|≡ \((MM_{1} \overset {\text {SSK1}}{\leftrightarrow } MM_{2})\)
MM2 believes that this key has been known only to MM1 and itself.
\(MM_{2} |\equiv (MM_{2} \overset {\text {SSK1}}{\leftrightarrow } MM_{1})\)
- 2.
MM2 and MM1 have agreed upon to share secret key SSK2 and to create a re-signature key using this.
MM2 securely sends SSK2 to MM1\(MM_{2}|\sim SSK_{2}\)
MM1 believes SSK2 sent by MM2 is fresh. \(\frac {MM_{1} \triangleleft SSK_{2} \wedge MM_{1} |\equiv \#SSK_{2}} {MM_{1} |\equiv MM_{2} |\equiv SSK_{2}}\)
MM1 believes that this key has been known only to MM2 and itself. MM1|≡ \((MM_{1} \overset {\text {SSK2}}{\leftrightarrow } MM_{2})\)
MM2 believes that this key has been known only to MM1 and itself. \(MM_{2} |\equiv (MM_{2} \overset {\text {SSK2}}{\leftrightarrow } MM_{1})\)
- 3.
M1 and proxy have agreed upon to share re-encryption key.
MM1 securely sends re-encryption key to proxy. \(MM_{1}| \sim rk_{12} \)
Proxy believes that re-encryption key sent by MM1 is fresh. \(\frac {Proxy \triangleleft rk_{12} \wedge Proxy |\equiv \#rk_{12}} {Proxy |\equiv MM_{1} |\equiv rk_{12}}\)
MM1 believes that this key has been known only to proxy and itself. \(MM_{1} |\equiv (MM_{1} \overset {\text {rk}_{12}}{\leftrightarrow } Proxy)\)
Proxy believes that this key has been known only to MM1 and itself. \(Proxy |\equiv (Proxy \overset {\text {rk}_{12}}{\leftrightarrow } MM_{1})\)
- 4.
MM2 and Proxy shares the re-signature key.
MM2 securely sends re-signature key to proxy. MM2|˜rs
Proxy believes that re-signature key sent by MM2 is fresh. \(\frac {Proxy \triangleleft rs_{21} \wedge Proxy |\equiv \#rs_{21}} {Proxy |\equiv MM_{2} |\equiv rs_{21}}\)
MM2 believes that this key has been known only to proxy and itself. \(MM_{2} |\equiv (MM_{2} \overset {\text {rs}_{21}}{\leftrightarrow } Proxy)\)
Proxy believes that this key has been known only to MM2 and itself. \(Proxy |\equiv (Proxy \overset {\text {rs}_{21}}{\leftrightarrow } MM_{2})\)
- 5.
All authorities and entities assume that the pre-shared information and the communication channels are safe. \(MM_{2} |\equiv (\overset {{\upomega }}{\rightarrow } MM_{1}) \wedge A |\equiv (\overset {{\upomega }}{\rightarrow } MM_{1}) \wedge Proxy |\equiv \overset {{\upomega }}{\rightarrow } MM_{1} \wedge Cloud |\equiv \overset {{\upomega }}{\rightarrow } MM_{1}\)\(MM_{2} |\equiv (\overset {\text {PKc}}{\rightarrow } Cloud) \wedge A |\equiv (\overset {\text {PKc}}{\rightarrow } Cloud) \wedge MM_{1} |\equiv \overset {\text {PKc}}{\rightarrow } Cloud\)\(MM_{1} |\equiv (\overset {{\uppi }}{\rightarrow } MM_{2}) \wedge Proxy |\equiv \overset {{\uppi }}{\rightarrow } MM_{2} \wedge Cloud |\equiv \overset {{\uppi }}{\rightarrow } MM_{2}\)\(MM_{2} |\equiv (\overset {\text {PKp}}{\rightarrow } Proxy)\hspace {7.8mm} \wedge \hspace {1.5mm} MM_{1} |\equiv \overset {\text {PKp}}{\rightarrow } Proxy\)\(MM_{1} |\equiv (MM_{1} \overset {\text {W}}{\leftrightarrow } A) \) ∧ \( A |\equiv (MM_{1} \overset {\text {W}}{\leftrightarrow } A)\)\(MM_{1} |\equiv (MM_{1} \overset {\text {X}}{\leftrightarrow } Proxy) \) ∧ \( Proxy |\equiv (MM_{1} \overset {\text {X}}{\leftrightarrow } Proxy)\)\(MM_{1} |\equiv (MM_{1} \overset {\text {Y}}{\leftrightarrow } MM_{2}) \) ∧ \( MM_{2} |\equiv (MM_{1} \overset {\text {Y}}{\leftrightarrow } MM_{2})\)\(MM_{1} |\equiv (MM_{1} \overset {\text {Z}}{\leftrightarrow } Cloud) \) ∧ \( Cloud |\equiv (MM_{1} \overset {\text {Z}}{\leftrightarrow } Cloud)\)
- 6.
All Public keys have their respective private keys, such as ω (public key of MM1) has ω− 1, π (public key of MM2) has π− 1 etc. But these private keys are unknown to any other entity. As, we know if the message is encrypted with private keys, it can be decrypted with corresponding public key. Hence, if any entity is able to decrypt any message with member’s public key, it assumes that the message is signed by that particular member. Here we denote it as \(sign_{MM_{1}}\), \(sign_{MM_{2}}\) and so on.
Appendix B: HLPSL code for roles of network entities
1.1 B.1 MM1
M1 must keep re-encryption keys secret from outsiders. Hence, we have protocol id as sec_P_M1,sec_A_M1 and sec_C_M1, which have been declared in goal section as well. The goal of this step is to keep re-encryption keys secret from other entities which are not involved. Rk12 is secret between M1 and Proxy, whereas Rkc is secret between M1 and cloud only. Since M2 is doing the task of registration, role of M1 ends here. wrequest and witness are the predicates to represent authentication goal, and secret represents the goal to protect secrecy of the data.
1.2 B.2 Proxy
Proxy receives the new nonce of re-encryption key from M1 which is encrypted with public key of proxy, P1. It receives Regreq encrypted with W1 (public key of M1) and sends Regreq encrypted with W2 (Public key of M2). Similarly, it receives re-signature key from MM2. Later, it fetches Regrep1 encrypted with MM2’s sign and sends Regrep1 encrypted with MM1’s sign in the network. The role of proxy ends here.
1.3 B.3 Vehicle
Vehicle must keep Registration request secret from outsiders. Hence, we have protocol id as sec_A_M1 as a goal in this step. It sends registration request, routing request, and receives their replies. It also authenticates MAC4 and MAC2 after receiving from Regreq and RRep respectively.
1.4 B.4 MM2
M2 must keep shared secret key, registration reply and re-signature key secret from outsiders. Rs21 is secret between M2 and Proxy, whereas SSK2 is secret between M1 and M2 only. RegRep is the secret between M2 and V1. Protecting these three is the secrecy goal of M2. Hence, we have protocol id as and sec_P_M2, sec_M2_M1,and sec_A_M2 respectively for each goal.
1.5 B.5 Cloud
Cloud receives Routing request from vehicle as MAC3 and sends routing reply as MAC_2. These two are authenticated using authentication predicates wrequest and witness over MAC_3 and MAC_2 by the protocol id mac3_auth and mac2_auth, respectively.
1.6 B.6 Vehicle2
Second vehicle is just to show the presence of a random vehicle in the network. V2 receives BSM sent by V1, which is signed by group signature of V1’s group.
1.7 B.7 Goal of Simulation
This section gives the secracy goals and authentication goals of various roles given above. AVISPA checks whether each goal is satisfied, if not, it outputs that the protocol is “not safe”.goal
Rights and permissions
About this article
Cite this article
Kanchan, S., Singh, G. & Chaudhari, N.S. EASPSC: Efficient authentication of SignRecryption protocol using shareable clouds in VANET groups. Peer-to-Peer Netw. Appl. 13, 388–411 (2020). https://doi.org/10.1007/s12083-019-00789-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-019-00789-1