AVoD: Advanced Verify-on-Demand for Efficient Authentication against DoS Attacks in V2X Communication

Owing to the development of information and communication technology (ICT), autonomous cooperative vehicles are being developed. Autonomous cooperative driving combines vehicle-to-everything (V2X) communication technology in existing autonomous driving and provides safe driving by sharing information between communication entities. However, security factors should be considered during communication. Security Credential Management System (SCMS) has been proposed as one of these elements, but it is vulnerable to denial-of-service (DoS) attacks due to message authentication costs. In congested situations, the number of messages exchanged between vehicles becomes very large. However, the performance of the on-board unit (OBU) is not sufficient to handle huge number of messages, which can lead to a DoS attack. Therefore, a technique to prevent DoS attacks on autonomous cooperative driving vehicles using SCMS has been proposed in this paper. The proposed technique reduces authentication costs by classifying similar messages into multiple categories and authenticating only the first message represented in the group for a unit time. The effectiveness of this technique has been demonstrated by comparing the time it takes to verify huge number of message signatures in each method.

BusCount: A Provable Replay Protection Solution for Automotive CAN Networks

Information technology has become eminent in the development of modern cars. More than 50 Electronic Control Units (ECUs) realize vehicular functions in hardware and software, ranging from engine control and infotainment to future autonomous driving systems. Not only do the connections to the outside world pose new threats, but also the in-vehicle communication between ECUs, realized by bus systems such as Controller Area Network (CAN), needs to be protected against manipulation and replay of messages. Multiple countermeasures were presented in the past making use of Message Authentication Codes and time stamps and message counters, respectively, to provide message freshness, most prominently AUTOSAR’s Secure Onboard Communication (SecOC). In this paper, we focus on the latter ones. As one aspect of this paper, using an adequate formal model and proof, we will show that the currently considered solutions exhibit deficiencies that are hard if not impossible to overcome within the scope of the respective approaches. We further present a hardware-based approach that avoids these deficiencies and formally prove its freshness properties. In addition, we show its practicability by a hardware implementation. Finally, we evaluate our approach in comparison to counter-based solutions currently being used.

ENHANCED MULTI-DEVICE TWO-FACTOR AUTHENTICATION USING PUBLIC-KEY CRYPTOGRAPHY

This paper proposes a secure two-factor authentication (TFA) system that relies on a password and a crypto-capable device. In cases like a compromise of communication lines, server or device vulnerabilities, and offline and online attacks on user passwords, the approach provides the highest feasible security bounds given the collection of compromised components. Using either SAS Message Authentication or any PIN-based Authentication, the suggested approach constructs a TFA scheme. The paper also proposes a secure software architecture for implementing an enhanced public key cryptography system for mobile applications and an efficient implementation of this modular structure that can use any password-based client-server authentication method without relying on risky single- layer password authentication architecture.

ENHANCED MULTI-DEVICE TWO-FACTOR AUTHENTICATION USING PUBLIC-KEY CRYPTOGRAPHY

This paper proposes a secure two-factor authentication (TFA) system that relies on a password and a crypto-capable device. In cases like a compromise of communication lines, server or device vulnerabilities, and offline and online attacks on user passwords, the approach provides the highest feasible security bounds given the collection of compromised components. Using either SAS Message Authentication or any PIN-based Authentication, the suggested approach constructs a TFA scheme. The paper also proposes a secure software architecture for implementing an enhanced public key cryptography system for mobile applications and an efficient implementation of this modular structure that can use any password-based client-server authentication method without relying on risky single- layer password authentication architecture.

Quantum Key Distribution by Drone

A cryptographic communication system is secure from a practical point of view if the encryption scheme can be broken after X years, where X is determined by security needs and existing technology. Quantum cryptography does not offer a complete solution for all cryptographic problems: secure keys, encryption algorithms based on them, message authentication and finding ways to detect/prevent interception; but it can be seen as a complement to standard symmetric cryptographic systems. This paper presents the implementation of the BB84 quantum key distribution protocol on mobile systems - Amov-lab’s Z410 drone with T-engine 2216 - and tracks the error rate obtained in flight conditions.

Anti-Quantum Lattice-Based Ring Signature Scheme and Applications in VANETs

Message authentication is crucial because it encourages participants to accept countermeasures and further transmit messages to legitimate users in a network while maintaining the legitimacy of the identity of network members. An unauthorized user cannot transmit false messages to a given network. Although traditional public key cryptography is suitable for message authentication, it is also easy to manage and generate keys, and, with the expansion of an entire network, the system needs a lot of computing power, which creates additional risks to network security. A more effective method, such as ring signature, can realize this function and guarantee more security. In this paper, we propose an anti-quantum ring signature scheme based on lattice, functionality analysis, and performance evaluation to demonstrate that this scheme supports unconditional anonymity and unforgeability. After efficiency analysis, our scheme proved more effective than the existing ring signature schemes in processing signature generation and verification. The proposed scheme was applied to VANETs that support strong security and unconditional anonymity to vehicles.