Improving the Authentication Scheme and Access Control Protocol for VANETs

Size: px

Start display at page:

Download "Improving the Authentication Scheme and Access Control Protocol for VANETs"

Corey Farmer
6 years ago
Views:

1 Entropy 2014, 16, ; do: /e OPEN ACCESS entropy ISSN Artcle Improvng the Authentcaton Scheme and Access Control Protocol for VANETs We-Chen Wu 1,2, * and Y-Mng Chen 2 1 Computer Center, Hsn Sheng Junor College of Medcal Care and Management, No. 418, Kaopng Vllage, Lungtan Townshp, Taoyuan County 32544, Tawan 2 Department of Informaton Management, Natonal Central Unversty, No. 300, Jhongda Rd., Jhongl Cty, Taoyuan County 32001, Tawan; E-Mal: cym@cc.ncu.edu.tw * Author to whom correspondence should be addressed; E-Mal: wwu@hsc.edu.tw; Tel.: (ext. 260); Fax: External Edtor: James J. Park Receved: 10 August 2014; n revsed form: 25 September 2014 / Accepted: 4 November 2014 / Publshed: 19 November 2014 Abstract: Prvacy and securty are very mportant n vehcular ad hoc networks (VANETs). VANETs are negatvely affected by any malcous user s behavors, such as bogus nformaton and replay attacks on the dssemnated messages. Among varous securty threats, prvacy preservaton s one of the new challenges of protectng users prvate nformaton. Exstng authentcaton protocols to secure VANETs rase challenges, such as certfcate dstrbuton and reducton of the strong relance on tamper-proof devces. In 2011, Yeh et al. proposed a PAACP: a portable prvacy-preservng authentcaton and access control protocol n vehcular ad hoc networks. However, PAACP n the authorzaton phase s breakable and cannot mantan prvacy n VANETs. In ths paper, we present a cryptanalyss of an attachable blnd sgnature and demonstrate that the PAACP s authorzed credental (AC) s not secure and prvate, even f the AC s secretly stored n a tamper-proof devce. An eavesdropper can construct an AC from an ntercepted blnd document. Any eavesdropper can determne who has whch access prvleges to access whch servce. For ths reason, ths paper copes wth these challenges and proposes an effcent scheme. We conclude that an mprovng authentcaton scheme and access control protocol for VANETs not only resolves the problems that have appeared, but also s more secure and effcent.

2 Entropy 2014, Keywords: vehcular ad hoc networks (VANETs); cryptanalyss; prvacy; authentcaton; access control 1. Introducton VANETs are a specal case of moble ad hoc networks (MANETs) that am to enhance the safety and effcency of road traffc [1 4]. A number of dstngushng features and lmtatons are related to the very nature of wreless communcatons n VANETs and the rapd movement of the vehcles nvolved n those communcatons. Compared to wred or other wreless networks, VANETs are very dynamc and ther communcatons are volatle. In these networks, nodes are vehcles equpped wth communcaton devces, known as on-board unts (OBUs), and, dependng on the applcatons, OBUs are used to establsh communcatons wth other vehcles or roadsde unts (RSUs), such as traffc lghts or traffc sgns. In recent years, several research works on VANETs have been conducted by academcs and varous ndustres. Recently, some of these works addressed the securty ssues. As an nstance of MANET, VANETs mght suffer from any malcous user behavors, such as bogus nformaton and replay attacks on the dssemnated messages. Among varous securty threats, prvacy preservaton n VANETs s one of the new challenges of protectng users prvate nformaton. For nstance, Chen and We proposed a safe, dstance-based locaton prvacy scheme called SafeAnon [5,6]. By smulatng vehcular moblty n a cropped Manhattan map, they evaluated the performance of the SafeAnon scheme under varous condtons to show that t could smultaneously acheve locaton prvacy, as well as traffc safety. However, as Chen and We focused on the ssues of the vehcles locaton prvacy, lttle emphass was put on the ntal authentcaton phase of communcatons among vehcles. In 2005, Raya et al. [7] frst proposed a soluton that mentoned both the securty and prvacy ssues of safety-related applcatons. Wang and others revewed Raya and Hubaux s communcaton scheme n 2008 [8] and argued that Raya and Hubaux pad a great deal of attenton to safety-related applcatons, such as emergency warnngs, lane changng assstance, ntersecton coordnaton, traffc-sgn volaton warnngs and road-condton warnngs [9], but non-safety-related applcatons were neglected. In Raya and Hubaux s communcaton scheme, Safety messages do not contan any senstve nformaton. However, VANETs also provde non-safety applcatons that offer maps [10,11], advertsements and entertanment nformaton [12]. Smlar to safety applcatons, non-safety applcatons n VANETs have to take both securty and prvacy ssues nto consderaton. In addton, desgnng a practcal non-safety applcaton for VANETs should take the followng requrements nto consderaton [13,14]: Mutual authentcaton: provdng mutual authentcaton between the two communcatng partes, such as a vehcle-to-roadsde communcaton devce. Context prvacy: allowng moble vehcles to anonymously nteract wth roadsde devces to access servces.

3 Entropy 2014, Lower computatonal cost: a system must have lght overhead n terms of computatonal costs and hgh effcency. Sesson key agreement: generatng dynamc sesson keys to secure the communcaton between nodes n VANETs. Dfferentated servce access control: provdng several servces wth dfferent levels of access prvleges for dfferent users requrements. Confdentalty and ntegrty: of communcatons. provdng data confdentalty and ntegrty n applcatons Preventng eavesdroppng: an ntruder cannot be allowed to dscover valuable nformaton from communcatons between members n VANETs. Scalablty: copng wth the large-scale and dynamc envronment presented by VANETs. In 2008, L et al. proposed a secure and effcent communcaton scheme named SECSPP [14] that employs authentcated key establshment for non-safety applcatons n VANETs. SECSPP s the frst securty scheme wth explct authentcaton procedures for non-safety applcatons. However, the speed of a vehcle can be extremely hgh n SECSPP. It s possble that the response sent from the servce provder (SP) has not yet arrved, but the requestng vehcle has passed the RSUs transmsson range. Moreover, all requests made by non-safety applcatons must frst be verfed by the proper SP, whch wll become a bottleneck of SECSPP. The scalablty ssue rses n a popular SP f a large number of requests are made. In 2011, Yeh et al. [13] proposed a PAACP: a portable prvacy-preservng authentcaton and access control protocol for vehcular ad hoc networks. However, n the authorzaton phase, a PAACP s breakable and cannot mantan prvacy n VANETs. Recently, Wu et al. [15] presented a cryptanalyss of an attachable blnd sgnature and demonstrate that the PAACP s authorzed credental (AC) s not secure and prvate, even f the AC s secretly stored n a tamper-proof devce. Ths s because an eavesdropper s able to construct an AC from an ntercepted blnd document. Consequently, PAACP n the authorzaton phase s breakable and cannot mantan prvacy n VANETs. Any outsders can determne who has whch access prvleges to access whch servce. In addton, ths paper effcently copes wth these challenges and proposes an effcent scheme. We conclude that mprovng an authentcaton scheme and access control protocol for VANETs wll not only resolve the problems that have appeared, but wll also be secure and effcent. The remander of ths paper s organzed as follows. Secton 2 revews the cryptanalyss of a PAACP. Secton 3 ntroduces an mproved scheme. In Secton 4, we compare the performance of our schemes wth PAACP and SECSPP and analyze varous aspects of the securty of our scheme. Fnally, we conclude ths paper and ndcate some drectons for future research n Secton 5.

4 Entropy 2014, Cryptanalyss of A PAACP In 2011, Yeh et al. [13] proposed a novel portable prvacy-preservng authentcaton and access control protocol for vehcular ad hoc networks. To elmnate the communcaton wth servce provders, they proposed a novel portable access control method to store a portable servce rght lst (SRL) nto each vehcle, nstead of keepng the SRLs wth the servce provders. In order to assure the valdty and prvacy of an SRL and prevent prvlege elevaton attacks, an attachable blnd sgnature s used by PPACP. Recently, Wu et al. [15] proposed a cryptanalyss of an attachable blnd sgnature and demonstrated that the PAACP s authorzed credental (AC) s not secure and prvate, even f the AC s secretly stored n a tamper-proof devce. Ther analyss showed that n PAACP, an eavesdropper can construct the AC from an ntercepted blnd document. As a result, PAACP n the authorzaton phase s breakable, and as any outsder can determne who has whch access prvleges to access whch servce, the prvacy of users n PAACP s scheme s jeopardzed. Wu et al. presented Cryptanalyss 1, whch shows that m cannot keep prvacy, and Cryptanalyss 2 shows that an ntruder can use publc key P K St of the S t to compute authorzed credental AC St. The notaton used throughout the remander of ths paper s shown n Table 1. Table 1. Notaton used n the remander of the paper. Notaton V V ID S t SID t SV ID k AR k AC AC St, AC V AC SRL St, SRL V D k () E k () N N s h() X Y : Z Descrpton the -th vehcle -th vehcular node s real dentfcaton the t-th servce provder t-th servce provder s real dentfcaton k-th servce s dentfcaton the access prvlege of SV ID k authorzed credental for vehcle V authorzed credental made by S t and V, respectvely portable authorzed credental for vehcle V servce rght lst made by S t and V, respectvely a correspondng symmetrc cryptosystem that uses the secret key k for decrypton a secure symmetrc cryptosystem that uses the secret key k for encrypton fresh nonce, randomly generated by V ID fresh nonce, randomly generated by the servce provder a collson-free and publc one-way hash functon a strng concatenaton a sender X sends a message Z to recever Y Cryptanalyss 1. To acqure a message m, an ntruder can eavesdrop on the two blnd documents BD 1, BD 2 n the (User Sgner) channel and also eavesdrop on BD 1, BD 2 n the

5 Entropy 2014, (Sgner User) channel. After stealng BD 1, BD 2, BD 1 and BD 2, the ntruder can use publc key e of the sgner to compute the followng equaton: (BD 1BD 2) e (BD 1 BD 2 ) = m Cryptanalyss 2. Smlarly, to acqure authorzed credental AC V and AC St, an ntruder can eavesdrop on the two blnd documents BD1, BD2 n the (V ehcle Servce P rovder) channel and also eavesdrop on BD1, BD2 n the (Servce P rovder V ehcle) channel. After stealng BD1, BD2, BD1 and BD2, the ntruder can use publc key P K St of the Servce Provder to compute the followng equaton: (BD1 BD2 ) P K S t (BD1 BD2 ) = AC St Fnally, accordng to (AC )P K S t conssts of both AC V = AC V = AC St, AC St s equal to AC V, where AC and AC St. Yeh et al. [13] clamed that an attachable blnd sgnature can keep prvacy; no one could comprehend the access prvleges n AC V accessng those servces. On the bass of our cryptanalyss, AC St AC V = {SID t T expred SRL V servce rght lsts SRL St the followng equaton: and SRL V, and no one can realze who s = {SID t T expred SRL St } and } could be comprehended by outsders who could then decode the, respectvely. In a prevous descrpton, the servce rght lst s as SRL V = {SV ID 1 AR 1 SV ID 2 AR 2... SV ID k AR k } where SV ID k denotes the ndex of the k-th servce and AR k represents the granted access prvleges of SV ID k. Hence, anyone can determne who has whch access prvleges to access whch servce even f AC s secretly stored n a tamper-proof devce. 3. Improved Scheme In ths secton, we propose an mproved scheme and offer an effcent authentcaton and access control protocol for VANETs. The securty of ths scheme depends on a secure one-way hash functon, not the use of an attachable blnd sgnature. Ths scheme conssts of three phases: the regstraton phase, the authentcaton phase and the access phase. We demonstrate our scheme as follows The Regstraton Phase A vehcle V creates a servce rght lst SRL V and an authorzed credental AC V, just as Yeh et al. proposed. Let x be a secret key mantaned by the servce provder S t, and let h() be a secure one-way hash functon wth a fxed-length output. The regstraton phase s performed over a secure channel. V S t : V ID, AC V A V, who submts hs/her dentty V ID and hs/her AC V to the S t for regstraton.

6 Entropy 2014, S t V : h(), e The S t also creates SRL St and AC St as Yeh et al. proposed. The S t then computes V s secret nformaton y = h(v ID, x) and e = y AC St AC V and wrtes h() and e nto the smart card of on-board unts (OBUs) and ssues the card to V. S t R j : y, AC St The S t also performs a multcast to send messages y and AC St to ther road sde unts (RSUs) R j The Authentcaton Phase After V sends an authentcaton request message to the S t, the S t and V wll execute a mutual authentcaton between the vehcle and the servce provder. Frst, let E k ( )/D k ( ) be a symmetrc encrypton/decrypton functon wth secret k, respectvely. V S t : V ID, C, N When V wshes to access servces provded by S t, V generates a nonce N, where N s a random and fresh number. Then, V computes C = h(e AC V, N ) and sends an authentcaton request message (V ID, C, N ) to the S t. S t V : M After recevng the authentcaton request message (V ID, C, N ), the S t and V execute the followng steps to facltate a mutual authentcaton between the vehcle and the servce provder. The S t performs the followng operatons: Verfes that V ID s a vald vehcle dentty. If not, the authentcaton request s rejected. Computes y = h(v ID, x) and verfes whether y = y. If the verfcaton fals, the request s rejected. Checks whether t receved C = h(y AC St, N ). If not, the request s rejected; otherwse, the request proceeds to the next step. Generates a nonce N s, where N s s a random and fresh number. Encrypts the message M = E y AC S t{n s, N, AC St } and sends t back. After V receves the message M, V wll decrypt the message D e AC V {M} to derve (N, N s, AC St ) and verfy whether N = N. If the answer s yes, the mutual authentcaton s done. The portable authorzed credental s AC = AC V AC St, and we propose that AC V s not equal to AC St. Ether S t may reduce access prvleges for some reason (for example, not payng before the deadlne or breakng a contract) or V may dsable access prvleges hmself/herself for some reason (for example, prvacy ssue or lower communcaton costs). Therefore, AC s AC V AC St that s reasonable and makes sense. and performs an exclusve operaton wth

7 Entropy 2014, The Access Phase Ths phase s based on the key exchange protocol proposed by Dffe et al. [16]. It s used to encrypt an ndvdual conversaton wth a sesson key. The lfespan of a sesson key s the perod of a partcular communcaton sesson. A new sesson phase nvolves two publc parameters, q and α, where q s a large prme number and α s a prmtve element mod q. After V sends a servce request to ts neghborng R j, R j wll verfy the authorzed credental AC by tself wthout further communcaton wth S t. Accordng to the access prvleges stored n the authorzed credental AC St, R j could decde whether V s request s accepted or not. Furthermore, R j could detect whether V s launchng an elevaton of prvlege (EoP) attack. V R j : W V computes W = α rv mod q and sends W to R j, where r v s a random number. Rj V : S Smlarly, R j computes S = α r R j mod q and sends S to V, where r R s a random number. V computes K V = (S ) rv mod q, and R j computes K R = (W ) r R j mod q. Then, both of them check whether K V = K R. If yes, a new sesson wll be created. Ths s because: Sesson key = (S ) rv mod q = (α r Rj mod q) r vmod q = (α r Rj r v)mod q = (α rv mod q) r Rj mod q = (W ) r R j mod q V R j : (Servce request message) If V wants to access servce, t encrypts E KV (SV ID 1 AC ) wth K V as the servce request message and sends t to R j. After R j receves the message, R j wll decrypt the message: D KR (E KV (SV ID 1 AC )) wth K R to gan (SV ID 1 AC ) and then derve AC and SV ID 1, because of K V = K R. When R j derves AC, R j verfes t and s then convnced that V s a legal user. V R j : (Servce request message) nth When V contnues to access the n-th servce, t encrypts the n-th servce request message E KV +n(sv ID n AC ) wth K V + n and sends t to R j. After R j receves the n-th servce request message, R j wll decrypt the message: D KR +n(e KV +n(sv ID n AC )) wth K R + n to derve AC and SV ID n. R j examnes whether SID t, as well as SV ID n are ncluded n AC St and checks the valdty of the authorzed credental by T expred. If the verfcaton succeeds, AC s legtmate and V s authorzed; otherwse, R j termnates ths sesson.

8 Entropy 2014, Analyss of the New Scheme In ths secton, we roughly compare the securty propertes and performance of the related mechansms dscussed. The securty propertes comparsons between PAACP, SECSPP and our scheme n the authentcaton phase and access phase are shown n Table 1. The performance comparsons are shown n Table Comparson Table 1 lsts mportant securty propertes n VANETs based on Yeh et al. s proposals. As mentoned, wth PAACP, an attachable blnd sgnature, s breakable and cannot mantan prvacy, and the PAACP s AC s not secure, even f the AC s secretly stored n a tamper-proof devce. An eavesdropper s able to construct the AC from an ntercepted blnd document. Any outsders n VANETs can know who has whch access prvleges to access whch servce. Consequently, PAACP cannot stll satsfy context prvacy properly. Table 2. Comparson of securty features. Requrements Our Scheme PAACP SECSPP Mutual Authentcaton Yes Yes Yes Context Prvacy Yes No Yes Sesson Key Agreement Yes Yes Partally Yes Dfferentated Servce Access Control Yes Yes No Confdentalty and Integrty Yes Yes N/A Preventng Eavesdroppng Yes No Yes Scalablty Fully Dstrbuted Fully Dstrbuted Bottleneck at Servce Lower Communcaton and Computatonal Cost Low Hgh Extremely Hgh a: In PAACP, authorzed credental (AC) s not secure and prvate; b: In SECSPP, the sesson key T SK s determned by V and S, not V and R Performance Snce the computatonal load of the PKI (Publc Key Infrastructure) cryptosystem s a heavy burden for all communcatng nodes n the PPACP and SECSPP, we propose an effcent verson wthout PKI cryptosystems. Furthermore, the speed of encrypton/decrypton wth symmetrc encrypton schemes s faster than wth asymmetrc ones, namely PKI cryptosystems. For nstance, t s known that DES (Data Encrypton Standard) s 100-tmes faster than RSA n software and 1000-tmes faster n hardware [17]. Consequently, we treat the computatonal load of a PKI operaton as that of 100 symmetrc operatons. As lsted n Table 3, the PPACP needs nearly 702 symmetrc operatons and SECSPP needs 740 symmetrc operatons n the related work, whle t requres about 124 symmetrc operatons n our scheme. Moreover, t takes s to complete a one-way hash operaton and s to fnsh a

9 Entropy 2014, symmetrc en-/de-crypton. We hence gnore the computatonal load of the one-way hash functon, snce t s qute lghter than that of a symmetrc en-/de-crypton [18]. As a result, computatonal loads can be reduced to s n our scheme. Table 3. Comparson of effcency. Authorzaton Phase Access Servce Phase Our Scheme PAACP SECSPP 2T sym + 2T hash + 2T asym + 2T exp + 4T asym + T hash 5T xor 3T hash + 4T xor 2T sym + 2T exp + 3T asym + 2T sym + 3T asym + 2T exp + 3T xor T hash 6T hash + 5T xor Computatonal Costs 124T sym 702T sym 740T sym Rounds Authorzaton (T Authorzaton ) s 3.48s 2.784s Access Servce (T Accss verfcaton ) s s 3.654s Total Costs s s 6.438s T hash : Computatonal cost of one-way functon; T xor : Computatonal cost of Exclusve-OR operaton; T sym : Computatonal cost of symmetrc encrypton; T asym : Computatonal cost of asymmetrc operaton; T exp : Computatonal cost of modular exponentaton The followng s based on the computaton method n PAACP. Assume that n vehcles n the VANET request the servces of the same servces provder at the same tme and the locatons where these servce requests are nvoked are unformly dstrbuted wthn m RSUs. The transmsson delay T trans delay s the tme n seconds to delver a message from a vehcle, whch s forwarded to the servce provder by an RSU. The watng tme T watng conssts of the round-trp transmsson delay and the tme spent on verfcaton by the servce provder. In SECSPP, the average watng tme T watng for a requestng vehcle can be estmated as: T watng = 2 T trans delay + (n + 1) 2 T Accss verfcaton In PAACP and our scheme, the average watng tme T watng for a requestng vehcle can be estmated as: (n/m+1) T 2 Accss verfcaton, f n > m T watng = T Accss verfcaton, otherwse In a unform dstrbuton of locatons, the average number of requests pendng n each RSU wll be n (n/m+1). Therefore, the average tme spent for request verfcaton n an RSU s T m 2 Accss verfcaton. Fgure 1 shows that when m s equal to 10, the average watng tme T watng for a servce request from vehcle n ncreases from 1 to 50. Fgures 2, 3 and 4 show that the average watng tme T watng for a servce request from vehcle n ncreases from 1 to 100 when m s equal to 10, 30 and 50, respectvely. As Fgure 2 shows, when 100 vehcles are requestng the desred servces, the average watng tme T watng to fnsh the authentcaton n PAACP s s. In our scheme, the average watng tme T watng s about 5.73 s. Smlarly, as shown n Fgure 3, our scheme takes about 2.28 s, compared to about 5.65 s

10 Entropy 2014, for PAACP. Fnally, our scheme takes about 1.59 s, compared to PAACP s average of about 3.94 s, as shown n Fgure 4. In summary, the average watng tme T watng decreases when RSU ncreases. Fgure 1. Average watng tme when m s equal to 10. Fgure 2. Average watng tme when m s equal to 10.

11 Entropy 2014, Fgure 3. Average watng tme when m s equal to 30. Fgure 4. Average watng tme when m s equal to Securty Analyss The other securty features of our new scheme are also dscussed below: Forward secrecy: Ths securty means that before a V wants to access the (n + 1)-th servce, he/she cannot decrypt the servce request message that exsted pror to hs/her sesson key K V + n. Our scheme can attan forward secrecy because, f a V requests next (Servce request message) (n+1) th, then a new K V + (n + 1) wll be generated by the (n + 1)-th servce.

12 Entropy 2014, Backward secrecy: After a user logs out of the server, he/she cannot receve any servces belongng to the left server. After a V accesses the n-th servce, he/she cannot decrypt the servce request message that exsted posteror to hs/her sesson key K V + (n + 1). Our scheme can attan backward secrecy, because after a V requests next (Servce request message) (n+1) th, the sesson key K V + (n + 1) wll be generated, and the K V + (n) wll be nvald. Authentcaton: A V must submt hs or her authentcaton request message (V ID, C, N ) to the servce provder S t, and then, the S t acknowledges the V. After recevng the authentcaton request message, the S t encrypts the message M = E y AC S t {N s, N, AC St } to facltate a mutual authentcaton between the vehcle and the servce provder. Authorzaton: In the regstraton phase, the servce provder creates a servce rght lst by the followng equaton: SRL V = {SV ID 1 AR 1 SV ID 2 AR 2... SV ID k AR k } where SV ID k denotes the ndex of the k-th servce and AR k represents the granted access prvleges of SV ID k. Hence, anyone can determne who has whch access prvleges to access whch servce. Only vald V can encrypt E KV (SV ID 1 AC ) wth K V. After R j receves E KV (SV ID 1 AC ), R j wll decrypt the message:d KR (E KV (SV ID 1 AC )) wth K R to gan (SV ID 1 AC ) and then derve AC and SV ID 1, because of K V = K R. Replay attack: In the regstraton phase, a V submts hs/her regstraton nformaton over a secure channel, so there are not any replay attack ssues. In the authorzaton phase, an old message was eavesdropped by an attacker. He/she may try to replay the old message (V ID, C, N ). It may fal because t s not always the same, and the nonce N s a random number that s generated and has a value that has not been used before, to avod replay attack and the serous tme synchronzaton problem. 5. Concluson In ths paper, we revew a cryptanalyss of an attachable blnd sgnature and demonstrate that the PAACP s AC s not secure and prvate, even f the AC s secretly stored n a tamper-proof devce. An eavesdropper can construct the AC from an ntercepted blnd document. Consequently, durng the authorzaton phase, PAACP s breakable and cannot mantan prvacy n VANETs. Consequently, any outsders can determne who has whch access prvleges to access whch servce. Furthermore, ths paper effcently copes wth these challenges and proposes an effcent scheme. We conclude that an mproved authentcaton scheme and access control protocol for VANETs not only resolves the documented problems, but also s secure and effcent. Compared wth PAACP and SECSPP, our scheme acheves more functonalty and satsfes the securty features requred by VANETs. Future research can focus on the many commercal applcatons [19 23]. Author Contrbutons We-Chen Wu was responsble for plannng, desgn, analyss and wrtng the manuscrpt. Y-Mng Chen revewed the manuscrpt. Both authors have read and approved the fnal manuscrpt.

13 Entropy 2014, Conflcts of Interest The authors declare no conflct of nterest. References 1. Chung, Y.; Cho, S.; Won, D. Lghtweght anonymous authentcaton scheme wth unlnkablty n global moblty networks. J. Converg. 2013, 4, Tays, Z.C.; Yavuz, A.G. ETSI complant GeoNetworkng protocol layer mplementaton for IVC smulatons. Hum.-Centrc Comput. Inf. Sc. 2013, 3, Sngh, R.; Sngh, P.; Duhan, M. An effectve mplementaton of securty based algorthmc approach n moble adhoc networks. Hum.-Centrc Comput. Inf. Sc. 2014, 4, Peng, K. A secure network for moble wreless servce. J. Inf. Process. Syst. 2013, 9, Chen, Y.M.; We, Y.C. SafeAnon: A safe locaton prvacy scheme for vehcular networks. Telecommun. Syst. 2012, 50, We, Y.C.; Chen, Y.M. Safe dstance based locaton prvacy n vehcular networks. In Proceedngs of the 2010 IEEE 71st Vehcular Technology Conference (VTC 2010-Sprng), Tape, Tawan, May 2010; pp Raya, M.; Hubaux, J. The securty of vehcular ad hoc networks. In Proceedngs of the 3rd ACM Workshop on Securty of Ad hoc and Sensor Networks, Alexandra, VA, USA, 7 10 November Wang, N.; Huang, Y.; Chen, W. A novel secure communcaton scheme n vehcular ad hoc networks. Comput. Commun. 2008, 31, Wschhof, L.; Ebner, A.; Rohlng, H. Informaton dssemnaton n self-organzng ntervehcle networks. IEEE Trans. Intell. Transp. Syst. 2005, 6, Isaac, J.; Camara, J.; Zeadally, S.; Marquez, J. A secure vehcle-to-roadsde communcaton payment protocol n vehcular ad hoc networks. Comput. Commun. 2008, 31, Yousef, S.; Mousav, M.; Fathy, M. Vehcular ad hoc networks (VANETs): Challenges and perspectves. In Proceedngs of the 6th Internatonal Conference on ITS Telecommuncatons, Chengdu, Chna, June 2006; pp Zhang, C.; Ln, X.; Lu, R.; Ho, P.; Shen, X. An effcent message authentcaton scheme for vehcular communcatons. IEEE Trans. Veh. Tech. 2008, 57, Yeh, L.; Chen, Y.; Huang, J. PAACP: A portable prvacy-preservng authentcaton and access control protocol n vehcular ad hoc networks. Comput. Commun. 2011, 34, L, C.; Hwang, M.; Chu, Y. A secure and effcent communcaton scheme wth authentcated key establshment and prvacy preservng for vehcular ad hoc networks. Comput. Commun. 2008, 31, Wu, W.; Chen, Y. Cryptanalyss of a PAACP: A portable prvacy-preservng authentcaton and access control protocol n Vehcular Ad Hoc Networks. Appl. Math. Inf. Sc. 2012, 6, 463S 469S. 16. Dffe, W.; Hellman, M. New drectons n cryptography. IEEE Trans. Inf. Theory 1976, 22,

14 Entropy 2014, Schneer, B. Appled Cryptography: Protocols, Algorthms, and Source Code n C, 2nd ed.; John Wley & Sons: New York, NY, USA, Chen, H.B.; Hsueh, S.C. Lght-weght authentcaton and bllng n moble communcatons. In Proceedngs of the IEEE 37th Annual 2003 Internatonal Carnahan Conference on Securty Technology, Tape, Tawan, 4 16 October 2003; pp Km, H.I.; Km, Y.K.; Chang, J.W. A grd-based cloakng area creaton scheme for contnuous LBS queres n dstrbuted systems. J. Converg. 2013, 4, Oh, J.S.; Park, C.U.; Lee, S.B. NFC-based moble payment servce adopton and dffuson. J. Converg. 2014, 5, Følstad, A.; Hornbæk, K.; Ulleberg, P. Socal desgn feedback: Evaluatons wth users n onlne ad-hoc groups. Hum.-Centrc Comput. Inf. Sc. 2013, 3, Park, S.W.; Lee, I.Y. Anonymous authentcaton scheme based on NTRU for the protecton of payment nformaton n NFC moble envronment. J. Inf. Process. Syst. 2013, 9, Gohar, M.; Koh, S.J. A network-based handover scheme n HIP-based moble metworks. J. Inf. Process. Syst. 2013, 9, c 2014 by the authors; lcensee MDPI, Basel, Swtzerland. Ths artcle s an open access artcle dstrbuted under the terms and condtons of the Creatve Commons Attrbuton lcense (

An Efficient and Flexible Decentralized Multicast Key Distribution Scheme

An Efficient and Flexible Decentralized Multicast Key Distribution Scheme IJCSNS Internatonal Journal of Computer Scence and Networ Securty VOL. 6 No. 8B August 006 11 An Effcent and Flexble Decentralzed Multcast Key Dstrbuton Scheme Wen-Shenq Juang and Jyan-Cwan Wu Department