A multiple RSU collaborative scheduling scheme for data services in vehicular ad hoc networks

As studies on vehicular ad hoc networks have been conducted actively in recent years, convenient and reliable services can be provided to vehicles through traffic information, surrounding information, and file sharing. To provide services for multiple requests, road side units (RSUs) should receive requests from vehicles and provide a scheduling scheme for data transfer according to priority. In this paper, we propose a new scheduling scheme by which multiple RSUs are connected through wired networks and data is transferred through the collaboration of RSUs. The proposed scheme transfers safety and non-safety data by employing a collaborative strategy of multiple RSUs as well as reducing the deadline miss ratio and average response time. When safety data is generated, data is transferred from the previous RSU in advance, while priority is assigned considering the deadline and reception rate. Since non-safety data is an on-demand data processed by user requests, the proposed scheme provides a method that reduces the deadline miss ratio upon loads generated in RSUs. To prove the superiority of the proposed scheme, we perform a performance evaluation in which the number and velocities of vehicles were changed. It is shown through the performance evaluation that the proposed scheme has better deadline miss ratios and faster response time than the existing schemes.     

Road Accident Prevention with Instant Emergency Warning Message Dissemination in Vehicular Ad-Hoc Network

A Road Accident Prevention (RAP) scheme based on Vehicular Backbone Network (VBN) structure is proposed in this paper for Vehicular Ad-hoc Network (VANET). The RAP scheme attempts to prevent vehicles from highway road traffic accidents and thereby reduces death and injury rates. Once the possibility of an emergency situation (i.e. an accident) is predicted in advance, instantly RAP initiates a highway road traffic accident prevention scheme. The RAP scheme constitutes the following activities: (i) the Road Side Unit (RSU) constructs a Prediction Report (PR) based on the status of the vehicles and traffic in the highway roads, (ii) the RSU generates an Emergency Warning Message (EWM) based on an abnormal PR, (iii) the RSU forms a VBN structure and (iv) the RSU disseminates the EWM to the vehicles that holds the high Risk Factor (RF) and travels in High Risk Zone (HRZ). These vehicles might reside either within the RSU’s coverage area or outside RSU’s coverage area (reached using VBN structure). The RAP scheme improves the performance of EWM dissemination in terms of increase in notification and decrease in end-to-end delay. The RAP scheme also reduces infrastructure cost (number of RSUs) by formulating and deploying the VBN structure. The RAP scheme with VBN structure improves notification by 19 percent and end-to-end delay by 14.38 percent for a vehicle density of 160 vehicles. It is also proved from the simulation experiment that the performance of RAP scheme is promising in 4-lane highway roads.     

Anonymous Three-Party Password-Authenticated Key Exchange Scheme for Telecare Medical Information Systems

Telecare Medical Information Systems (TMIS) provide an effective way to enhance the medical process between doctors, nurses and patients. For enhancing the security and privacy of TMIS, it is important while challenging to enhance the TMIS so that a patient and a doctor can perform mutual authentication and session key establishment using a third-party medical server while the privacy of the patient can be ensured. In this paper, we propose an anonymous three-party password-authenticated key exchange (3PAKE) protocol for TMIS. The protocol is based on the efficient elliptic curve cryptosystem. For security, we apply the pi calculus based formal verification tool ProVerif to show that our 3PAKE protocol for TMIS can provide anonymity for patient and doctor while at the same time achieves mutual authentication and session key security. The proposed scheme is secure and efficient, and can be used in TMIS.     

An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards

In multi-server environments, user authentication is a very important issue because it provides the authorization that enables users to access their data and services; furthermore, remote user authentication schemes for multi-server environments have solved the problem that has arisen from user’s management of different identities and passwords. For this reason, numerous user authentication schemes that are designed for multi-server environments have been proposed over recent years. In 2015, Lu et al. improved upon Mishra et al.’s scheme, claiming that their remote user authentication scheme is more secure and practical; however, we found that Lu et al.’s scheme is still insecure and incorrect. In this paper, we demonstrate that Lu et al.’s scheme is vulnerable to outsider attack and user impersonation attack, and we propose a new biometrics-based scheme for authentication and key agreement that can be used in multi-server environments; then, we show that our proposed scheme is more secure and supports the required security properties.     

Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’

Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.’s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen’s scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature.     

Efficient chameleon hashing-based privacy-preserving auditing in cloud storage

Cloud storage is an important application service in cloud computing, it allows data users to store and access their files anytime, from anywhere and with any device. To ensure the security of the outsourced data, data user needs to periodically check data integrity. In some cases, the identity privacy of data user must be protected. However, in the existing preserving identity privacy protocols, data tag generation is mainly based on complex ring signature or group signature. It brings a heavy burden to data user. To ensure identity privacy of data user, in this paper we propose a novel identity privacy-preserving public auditing protocol by utilizing chameleon hash function. It can achieve the following properties: (1) the identity privacy of data user is preserved for cloud server; (2) the validity of the outsourced data is verified; (3) data privacy can be preserved for the auditor in auditing process; (4) computation cost to produce data tag is very low. Finally, we also show that our scheme is provably secure in the random oracle model, the security of the proposed scheme is related to the computational Diffie–Hellman problem and hash function problem.     

Simultaneous authentication and secrecy in identity-based data upload to cloud

Most existing works to secure cloud devote to remote integrity check, search and computing on encrypted data. In this paper, we deal with simultaneous authentication and secrecy when data are uploaded to cloud. Observing that cloud is most interesting to companies in which multiple authorized employees are allowed to upload data, we propose a general framework for secure data upload in an identity-based setting. We present and employ identity-based signcryption (IBSC) to meet this goal. As it is shown that it is challenging to construct IBSC scheme in the standard model and most IBSC schemes are realized in the random oracle model which is regarded weak to capture the realistic adversaries, we propose a new IBSC scheme simultaneously performing encryption and signature with cost less than the signature-then-encryption approach. The identity based feature eliminates the complicated certificates management in signcryption schemes in the traditional public-key infrastructure (PKI) setting. Our IBSC scheme exploits Boneh et al.’s strongly unforgeable signature and Paterson et al.’s identity-based signature. The scheme is shown to satisfy semantic security and strong unforgeability. The security relies on the well-defined bilinear decision Diffie-Hellman (BDDH) assumption and the proof is given in the standard model. With our IBSC proposal, a secure data upload scheme is instantiated with simultaneous authentication and secrecy in a multi-user setting.     

Security Analysis of the Unrestricted Identity-Based Aggregate Signature Scheme

Aggregate signatures allow anyone to combine different signatures signed by different signers on different messages into a short signature. An ideal aggregate signature scheme is an identity-based aggregate signature (IBAS) scheme that supports full aggregation since it can reduce the total transmitted data by using an identity string as a public key and anyone can freely aggregate different signatures. Constructing a secure IBAS scheme that supports full aggregation in bilinear maps is an important open problem. Recently, Yuan et al. proposed such a scheme and claimed its security in the random oracle model under the computational Diffie-Hellman assumption. In this paper, we show that there is an efficient forgery on their IBAS scheme and that their security proof has a serious flaw.     

Design and development of an intelligent transportation management system using blockchain and smart contracts

The automated toll-tax collection system (ATCS) is advantageous to facilitate traffic management at the toll plaza and to save fuel for vehicles. The most advanced application of the electronic toll collection (ETC) system is to collect the toll-tax amount (TA) at toll plazas of the national highways. The few existing TA collection systems suffer from data security, transparency, privacy, and data immutability as these are centralized systems. As the Blockchain is a decentralized, transparent, secure, and low-cost technology. However, this paper presents an intelligent transportation management system (I-TMS) using Blockchain. The proposed I-TMS shows the way of implementation of blockchain technology for vehicle data management in various applications of I-TMS. Herein, a framework of blockchain-enabled ATCS (BATCS) is provided as a blockchain-based I-TMS application to collect TAs without stopping vehicles while they pass the toll plaza. Smart contracts are used to authenticate vehicles’ data and to collect TAs automatically. An efficient algorithm is presented for data verification and TA collection in this paper. This research work provides a secure, transparent, and privacy-preserving framework in the field of the ETC system. The significant contributions of the BATCS compared with the RFID-based system are less fuel consumption and time-saving for a vehicle. The proposed framework can enhance data security and user privacy in the intelligent decentralized ETC system.

     

Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme

With the security requirements of networks, biometrics authenticated schemes which are applied in the multi-server environment come to be more crucial and widely deployed. In this paper, we propose a novel biometric-based multi-server authentication and key agreement scheme which is based on the cryptanalysis of Mishra et al.’s scheme. The informal and formal security analysis of our scheme are given, which demonstrate that our scheme satisfies the desirable security requirements. The presented scheme provides a variety of significant functionalities, in which some features are not considered in the most of existing authentication schemes, such as, user revocation or re-registration and biometric information protection. Compared with several related schemes, our scheme has more secure properties and lower computation cost. It is obviously more appropriate for practical applications in the remote distributed networks.     

Elliptic Curve Cryptography-Based Authentication with Identity Protection for Smart Grids

In a smart grid, the power service provider enables the expected power generation amount to be measured according to current power consumption, thus stabilizing the power system. However, the data transmitted over smart grids are not protected, and then suffer from several types of security threats and attacks. Thus, a robust and efficient authentication protocol should be provided to strength the security of smart grid networks. As the Supervisory Control and Data Acquisition system provides the security protection between the control center and substations in most smart grid environments, we focus on how to secure the communications between the substations and smart appliances. Existing security approaches fail to address the performance-security balance. In this study, we suggest a mitigation authentication protocol based on Elliptic Curve Cryptography with privacy protection by using a tamper-resistant device at the smart appliance side to achieve a delicate balance between performance and security of smart grids. The proposed protocol provides some attractive features such as identity protection, mutual authentication and key agreement. Finally, we demonstrate the completeness of the proposed protocol using the Gong-Needham- Yahalom logic.     

A novel construction of SDVS with secure disavowability

Designated verifier signature (DVS) and strong designated verifier signature (SDVS) exhibit perfect non-transferability, but does not provide secure disavowability or non-repudiation, which makes them more like a message authentication code rather than a digital signature. In these kinds of cryptographic primitives, the signer has to bear the responsibility of some “forged” signatures produced by the designated verifier. Therefore, it’s highly essential to construct a strong designated verifier signature scheme with secure disavowability. In this paper, we resolve this problem by proposing a novel construction of a strong designated verifier signature with secure disavowability. The new scheme makes use of a chameleon hash function and supports the signer to have a complete control of his signature. The proposed scheme achieves unforgeability, non-transferability and secure disavowability. Compared with the previous constructions, the new proposal achieves higher computational efficiency and shorter signature length.     

SHARE-ABE: an efficient and secure data sharing framework based on ciphertext-policy attribute-based encryption and Fog computing

Attribute-based encryption (ABE) is an access control mechanism that ensures efficient data sharing among dynamic groups of users by setting up access structures indicating who can access what. However, ABE suffers from expensive computation and privacy issues in resource-constrained environments such as IoT devices. In this paper, we present SHARE-ABE, a novel collaborative approach for preserving privacy that is built on top of Ciphertext-Policy Attribute-Based Encryption (CP-ABE). Our approach uses Fog computing to outsource the most laborious decryption operations to Fog nodes. The latter collaborate to partially decrypt the data using an original and efficient chained architecture. Additionally, our approach preserves the privacy of the access policy by introducing false attributes. Furthermore, we introduce a new construction of a collaboration attribute that allows users within the same group to combine their attributes while satisfying the access policy. Experiments and analyses of the security properties demonstrate that the proposed scheme is secure and efficient especially for resource-constrained IoT devices.

     

Efficient public verification proof of retrievability scheme in cloud

Cloud storage is an important service of cloud computing. After data file is outsourced, data owner no longer physical controls over the storage. To efficiently verify these data integrity, several Proof of Retrievability (POR) schemes were proposed to achieve data integrity checking. The existing POR schemes offer decent solutions to address various practical issues, however, they either have a non-trivial (linear or quadratic) communication cost, or only support private verification. And most of the existing POR schemes exist active attack and information leakage problem in the data checking procedure. It remains open to design a secure POR scheme with both public verifiability and constant communication cost. To solve the above problems , we propose a novel preserving-private POR scheme with public verifiability and constant communication cost based on end-to-end aggregation authentication in this paper. To resist information leakage, we include zero-knowledge technique to hide the data in the integrity checking process. Our scheme is shown to be secure and efficient by security analysis and performance analysis. The security of our scheme is related to the Computational Diffie–Helleman Problem and Discrete logarithm problem. Finally, we also extend the POR scheme to support multi-file integrity checking and simulation results show that the verifier only needs less computational cost to achieve data integrity checking in our extended scheme.     

Detecting adherence to the recommended childhood vaccination schedule from user-generated content in a US parenting forum

Vaccine hesitancy is considered as one of the leading causes for the resurgence of vaccine preventable diseases. A non-negligible minority of parents does not fully adhere to the recommended vaccination schedule, leading their children to be partially immunized and at higher risk of contracting vaccine preventable diseases. Here, we leverage more than one million comments of 201,986 users posted from March 2008 to April 2019 on the public online forum BabyCenter US to learn more about such parents. For 32% with geographic location, we find the number of mapped users for each US state resembling the census population distribution with good agreement. We employ Natural Language Processing to identify 6884 and 10,131 users expressing their intention of following the recommended and alternative vaccination schedule, respectively RSUs and ASUs. From the analysis of their activity on the forum we find that ASUs have distinctly different interests and previous experiences with vaccination than RSUs. In particular, ASUs are more likely to follow groups focused on alternative medicine, are two times more likely to have experienced adverse events following immunization, and to mention more serious adverse reactions such as seizure or developmental regression. Content analysis of comments shows that the resources most frequently shared by both groups point to governmental domains (.gov). Finally, network analysis shows that RSUs and ASUs communicate between each other (indicating the absence of echo chambers), however with the latter group being more endogamic and favoring interactions with other ASUs. While our findings are limited to the specific platform analyzed, our approach may provide additional insights for the development of campaigns targeting parents on digital platforms.     

An Identity-Based (IDB) Broadcast Encryption Scheme with Personalized Messages (BEPM)

A broadcast encryption scheme with personalized messages (BEPM) is a scheme in which a broadcaster transmits not only encrypted broadcast messages to a subset of recipients but also encrypted personalized messages to each user individually. Several broadcast encryption (BE) schemes allow a broadcaster encrypts a message for a subset S of recipients with public keys and any user in S can decrypt the message with his/her private key. However, these BE schemes can not provide an efficient way to transmit encrypted personalized messages to each user individually. In this paper, we propose a broadcast encryption scheme with a transmission of personalized messages. Besides, the scheme is based on multilinear maps ensure constant ciphertext size and private key size of each user and the scheme can achieve statically security. More realistically, the scheme can be applied to the Conditional Access System (CAS) of pay television (pay-TV) efficiently and safely.     

SNUAGE: an efficient platform-as-a-service security framework for the cloud

In this paper we present SNUAGE, a platform-as-a-service security framework for building secure and scalable multi-layered services based on the cloud computing model. SNUAGE ensures the authenticity, integrity, and confidentiality of data communication over the network links by creating a set of security associations between the data-bound components on the presentation layer and their respective data sources on the data persistence layer. SNUAGE encapsulates the security procedures, policies, and mechanisms in these security associations at the service development stage to form a collection of isolated and protected security domains. The secure communication among the entities in one security domain is governed and controlled by a standalone security processor and policy attached to this domain. This results into: (1) a safer data delivery mechanism that prevents security vulnerabilities in one domain from spreading to the other domains and controls the inter-domain information flow to protect the privacy of network data, (2) a reusable security framework that can be employed in existing platform-as-a-service environments and across diverse cloud computing service models, and (3) an increase in productivity and delivery of reliable and secure cloud computing services supported by a transparent programming model that relieves application developers from the intricate details of security programming. Last but not least, SNUAGE contributes to a major enhancement in the energy consumption and performance of supported cloud services by providing a suitable execution container in its protected security domains for a wide suite of energy- and performance-efficient cryptographic constructs such as those adopted by policy-driven and content-based security protocols. An energy analysis of the system shows, via real energy measurements, major savings in energy consumption on the consumer devices as well as on the cloud servers. Moreover, a sample implementation of the presented security framework is developed using Java and deployed and tested in a real cloud computing infrastructure using the Google App Engine service platform. Performance benchmarks show that the proposed framework provides a significant throughput enhancement compared to traditional network security protocols such as the Secure Sockets Layer and the Transport Layer Security protocols.     

Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks"

Proxy Mobile IPv6 is a network-based localized mobility management protocol that supports mobility without mobile nodes’ participation in mobility signaling. The details of user authentication procedure are not specified in this standard, hence, many authentication schemes have been proposed for this standard. In 2013, Chuang et al., proposed an authentication method for PMIPv6, called SPAM. However, Chuang et al.’s Scheme protects the network against some security attacks, but it is still vulnerable to impersonation and password guessing attacks. In addition, we discuss other security drawbacks such as lack of revocation procedure in case of loss or stolen device, and anonymity issues of the Chuang et al.’s scheme. We further propose an enhanced authentication method to mitigate the security issues of SPAM method and evaluate our scheme using BAN logic.     

Multi-Hop Routing Optimization Method Based on Improved Ant Algorithm for Vehicle to Roadside Network

This paper proposes a route optimization method to improve the performance of route selection in Vehicle Ad-hoc Network （VANET）. A novel bionic swarm intelligence algorithm, which is called ant colony algorithm, was introduced into a traditional ad-hoc route algorithm named AODV. Based on the analysis of movement characteristics of vehicles and according to the spatial relationship between the vehicles and the roadside units, the parameters in ant colony system were modified to enhance the performance of the route selection probability rules. When the vehicle moves into the range of several different roadsides, it could build the route by sending some route testing packets as ants, so that the route table can be built by the reply information of test ants, and then the node can establish the optimization path to send the application packets. The simulation results indicate that the proposed algorithm has better performance than the traditional AODV algorithm, especially when the vehicle is in higher speed or the number of nodes increases.