近年來Vehicular Ad-Hoc Networks (VANET)有很多研究進行探討，VANET主要是透過無線通訊技術，結合車輛上無線設備以及路邊固定無線設備所構成的網路，VANET主要是注重在車輛行駛道路的安全性以及行車效率，所以在VANET的環境中車輛所提供的交通訊息安全性是很重要的，車輛訊息需要即時性並且驗證訊息計算複雜度不能太高，並且VANET無線通訊技術採用短距離無線傳輸，所以車輛在每個RSU上驗證身份時必須要快速以及安全，另外VANET要求車輛需要達到匿名性以及有條件不可追蹤。
本文提出三種訊息驗證機制，這個三個訊息驗證機制除了針對目前研究缺失進行改善，以下是本文三種訊息驗證機制的優點，1.降低訊息簽章以及驗證時間降低訊息加解密造成的時間延遲，從本文實驗數據可以得知本文訊息加解密執行時間比其他研究快，2. 由於VANET使用短距離無線通訊，加上車輛行駛速度快，所以車輛會在不同RSU進行hand-off，本文透過快速驗證機制讓車輛可以在不同RSU範圍RSU信任以及相關參數，3. 由RSU驗證車輛身份並且更新車輛的匿名ID以及相關參數，減少TA的負擔，4. 車輛不需要出示任何證書就可以驗證身分，避免證書長期暴露遭到攻擊，5. 車輛可以與鄰近RSU範圍車輛進行溝通，6.車輛之間除了廣播訊息外，還可以進行私密通訊。
本文提出三種訊息驗證機制，方法一的訊息驗證機制可以提供快速Hand-off機制以及訊息驗證，但是方法一的缺點有二項1.車輛之間的訊息需等待RSU進行驗證，2.車輛之間沒有私密通訊機制，3.車輛與RSU驗證身分時需出示車輛的真實ID，而本文提出方法二來改善方法一的三項缺失，方法二的訊息驗證機制使用變色龍函數驗證訊息正確性，變色龍函數計算方式為指數運算，所以產生很大的資料量，對於無線環境而言是一大負擔，因此本文提出方法三來改善方法二的缺點，並且加快handoff的執行時間，由實驗結果可以得知本文提出的三種驗證機制優於其他研究，並且也符合Confidentiality、Message integrity、Non-repudiation、Conditional Anonymity以及Conditional Untraceability的安全性要求。

Studies were conducted on vehicular ad-hoc network (VANET) in recent years. VANET is a network that combines on-board wireless equipment and roadside fixed wireless equipment through wireless communication technology. It focuses on the safety and efficiency of a vehicle driving on road. Therefore, the security of traffic information provided by vehicles is very important in a VANET environment. Vehicular information has to be real-time and the calculation of message authentication cannot be too complicated. In addition, short distance wireless communication is adopted in VANET technology, so it has to be quick and secure to authenticate the ID of a vehicle in every RSU. Also, VANET requires vehicles to achieve conditional anonymity and conditional untraceability.
This paper presents three types of message authentication mechanism, which aim at improving research shortcomings with three merits: (1) speeding up the message signature and authentication to reduce latency caused by encryption/decryption, and the experiment outcomes show that the speed of message encryption/decryption resulted from this paper is faster than other researches'; (2) because VANET uses dedicated short-range communication, along with the high running speed, the vehicle is able to execute hand-offs in different RSUs, and the research of this paper uses quick authentication mechanism to allow the vehicle to acquire the RSU trust and relevant parameters in different RSU ranges; (3) the RSU's vehicle identity authentication and update of the vehicle's anonymous ID as well as relevant parameters can reduce the TA load; (4) no need of showing any certificate to have the vehicle authenticated can prevent the certificate from long exposure to attract attacks; (5) the vehicle can communicate with other vehicles in the neighboring RSU ranges; (6) in additional to message broadcasting among vehicles, private communication is also functional.
Of the three types of message authentication mechanism proposed in this paper, the first type, allowing quick hand-off and message authentication, comes with three shortcomings: (1) messages among vehicles need to wait for the RSU authentication; (2) there is no private communication among the vehicles; (3) during the RSU authentication, vehicles need to show their true identities. For all the above three shortcomings, the second type of message authentication is thus proposed for improvement. It verifies the message correctness with Chameleon Hashing which, however, uses exponentiation that produces huge data volume and causes great burden to the wireless environment. Consequently, this paper also proposes the third type of authentication to the rescue of the second type, and to expedite the hand-off execution. From the experiment results, we are confirmed that all the three authentication mechanisms proposed in this paper are superior to other researches' and conformable to the security requirements as well on confidentiality, message integrity, non-repudiation, conditional anonymity, and conditional untraceability.

誌謝..........IV
摘要..........V
ABSTRACT..........VII
CHAPTER 1 INTRODUCTION..........1
1-1 VEHICULAR AD-HOC NETWORKS (VANETS)..........1
1-2 MOTIVATION.......... 3
1-3. DESIGN OBJECTIVES..........4
1-4. THESIS ORGANIZATION..........7
CHAPTER 2 RELATE WORKS..........8
CHAPTER 3 BACKGROUND..........11
3-1. BILINEAR PAIRINGS AND HARD PROBLEMS..........11
3-2.BONEH AND FRANKLIN’ S ID-BASED ENCRYPTION..........12
3-3. SHAMIR’S ID-BASED CRYPTOSYSTEM..........13
3-4. CHAMELEON HASHING..........14
3-5. BILINEAR DIFFIE-HELLMAN (BDH) MESSAGES AUTHENTICATION..........16
CHAPTER 4 THE PROPOSED SCHEMES..........18
4-1. SYSTEM MODEL..........18
4-2. THE USE OF HASH MESSAGE AUTHENTICATION CODE AS THE BASIC MESSAGE AUTHENTICATION MECHANISM..........19
4-2-1. Secret key establishment.......... 20
4-2-2. RID table and SID table establishment..........22
4-2-3. Intra-RSU message broadcast and message authentication.......... 24
4-2-4. Inter-RSU message authentication.......... 25
4-2-5. Hand-off problem.......... 27
4-3. THE USE OF CHAMELEON HASH FUNCTION AS THE BASIC MESSAGE AUTHENTICATION MECHANISM..........28
4-3-1. System Initialization..........29
4-3-2. Registration..........31
4-3-3. Intra-RSU message authentication..........35
4-3-4. Inter-RSU message authentication..........36
4-3-5. Pseudonym and Key Updating..........37
4-4. ADOPTS BILINEAR PAIRINGS FOR THE BASIC MESSAGE AUTHENTICATION MECHANISM..........39
4-4-1. System Initialization..........40
4-4-2. Registration..........43
4-4-3. Intra-RSU..........46
4-4-4. Inter-RSU..........47
4-4-5. Hand-off problem..........48
4-4-6. Pseudonym and Key Update ..........50
CHAPTER 5 SECURITY AND PERFORMANCE ANALYSIS..........53
5-1. SECURITY ANALYSIS..........53
5-2. PERFORMANCE ANALYSIS..........55
CONCLUSION AND FUTURE WORKS..........60
REFERENCE..........62

[1] IEEE P802.11p/D11.0, “Draft Amendment for Wireless Access in Vehicular Environments (WAVE),” IEEE 802.11 Working Group of the IEEE 802 Committee, Mar. 2010.
[2] ASTM E 2213-03, “Standard Specification for Telecommunications and Information Exchange Between Roadside and Vehicle Systems - 5 GHz Band Dedicated Short Range Communications (DSRC) Medium Access Control (MAC) and Physical Layer (PHY) Specifications,” Jul. 2003.
[3] U.S. Dept. Transp., ” Vehicle Safety Communications,” National Highway Traffic Safety Administration, Final Report , 2011.
[4] S. Lee, G. Pan, J. Park, M. Gerla, and S. Lu, ” Secure incentives for commercial ad dissemination in vehicular networks,” in Proc. ACM Int Symp. MobiHoc ,pp. 150-159, 2007.
[5] Hartenstein, H. and Laberteaux, K.P., ”A Tutorial Survey on Vehicular Ad Hoc Networks,” IEEE Communications Magazine. ,pp 164-171, June 2008.
[6] Toor, Y., Muhlethaler, P., Laouiti, A., ”Vehicle ad hoc networks: applications and related technical issues,” IEEE Communications Surveys and Tutorials. ,pp. 74 - 88, 3rd Quarter 2008.
[7] Lu, R., Lin, X., Zhu, H. and Shen, X. ,” An Intelligent Secure and Privacy-Preserving Parking Scheme Through Vehicular Communications,” IEEE Transactions on Vehicular Technology , VOL. 59, NO. 6, July 2010.
[8] Hsin-Te Wu and Wen-Shyong Hsieh, “RSU-based message authentication for vehicular ad-hoc networks , “Multimedia Tools and Applications, April 2011.
[9] C. Zhang, X. Lin, R. Lu, P.-H. Ho and X. Shen, ”An Efficient Message Authentication scheme for Vehicular Communications,” IEEE Transactions on Vehicular Technology , VOL. 57, NO. 6, NOV. 2008.
[10] Jiang-You Liu and Wen-Shyong Hsieh,” An Anonymous Authentication and Key Agreement Scheme in VANETs,” Department of Computer Science and Engineering National Sun Yat-sen University Master Thesis, July 2012.
[11] Jean-Pierre Hubaux, Srdjan Capkun and Jun Luo, ”The Security and Privacy of Smart Vehicles,” IEEE Security and Privacy ,vol. 2, no. 3, pp. 49-55, May 2004.
[12] Gina Kounga, Thomas Walter, and Sven Lachmund, ”Proving Reliability of Anonymous Information in VANETs,” IEEE Transactions on Vehicular Technology , VOL. 58, NO. 6, July 2009.
[13] Wasef, A., Yixin Jiang and Xuemin Shen, “DCS: An Efficient Distributed-Certificate-Service Scheme for Vehicular Networks,” IEEE Transactions on Vehicular Technology, VOL. 59, NO. 2, FEBRUARY 2010.
[14] Jinyuan Sun, Chi Zhang, Yanchao Zhang,and Yuguang Fang, “An Identity-Based Security System for User Privacy in Vehicular Ad Hoc Networks,” IEEE Transactions on Parallel and Distributed Systems, VOL. 21, NO. 9, SEPTEMBER 2010.
[15] Y. P. Sun, R. X. Lu, X. D. Lin, X. M. Shen, and J. S. Su, "An Efficient Pseudonymous Authentication Scheme With Strong Privacy Preservation for Vehicular Communications," IEEE Transactions on Vehicular Technology, vol. 59, pp. 3589-3603, Sep 2010.
[16] C. P. Schnorr, "Efficient Identification and Signatures for Smart Cards," Lecture Notes in Computer Science, vol. 434, pp. 688-689, 1990.
[17] D. Boneh and M. Franklin, “Identity-Based Encryption from the Weil Pairings,” Advances in Cryptology-Asiacrypt, Springer-Verlag, pp. 514-532, 2001.
[18] D. Boneh and M. K. Franklin, "Identity-Based Encryption from the Weil Pairing," presented at the Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, 2001.
[19] M. Scott, "Computing the tate pairing," in Proceedings of the 2005 international conference on Topics in Cryptology, San Francisco, CA, 2005, pp. 293-304.
[20] M. Scott, “Computing the Tate pairing,” in Topics in Cryptology. Berlin, Germany: Springer-Verlag, 2005, pp. 293–304.
[21] F. Bao, R. Deng, and H. Zhu, “Variations of Diffie-Hellman Problem,” In Proceedings of ICICS 2003, Springer-Verlag, LNCS 2836, pp.301-312,2003.
[22]H. Krawczyk and T. Rabin, "Chameleon hashing and signatures," in Proceeding of the 7th Annual Network and Distributed System Security Symposium, 2000, pp. 143-154.
[23] X. F. Chen, F. G. Zhang, H. B. Tian, B. D. Wei, W. Susilo, Y. Mu, H. Lee, and K. Kim, "Efficient generic on-line/off-line (threshold) signatures without key exposure," Information Sciences, vol. 178, pp. 4192-4203, Nov 1 2008.
[24] C. Jaeduck and J. Souhwan, "A handover authentication using credentials based on chameleon hashing," Communications Letters, IEEE, vol. 14, pp. 54-56, 2010.
[25] Douglas R. Stinson, “Cryptography: theory and practice, 3rd edn,” CRC, Boca Raton, 2005.
[26] A. Perrig, R. Canetti, J.D. Tygar, and D. Song, “The TESLA Broadcast Authentication Protocol,” UC Berkeley and IBM Research, Vol. 5, No. 2, pp. 2-13, 2002.
[27] IEEE P1609.4 D9.0, “Draft Standard for Wireless Access in Vehicular Environments (WAVE) - Multi-channel Operation,” Intelligent Transportation Systems Committee, Sept. 2010.
[28] M. Scott, "Implementing cryptographic pairings," Lecture Notes in Computer Science, vol. 4575, pp. 177-196, 2007.
[29] S. D. Galbraith, K. Harrison, D. Soldera, “Implementing the Tate pairing,” Proc. of ANTS’02, LNCS 2369, Springer-Verlag, 2002, pp.324-337.
[30] A. Miyaji, M. Nakabayashi, and S. Takano, "New explicit conditions of elliptic curve traces for FR-reduction," IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences, vol. E84-A, pp. 1234-1243, May 2001.
[31] Long M, Chwan-Hwa JW, and Irwind JD “Reducing communication overhead for wireless roaming authentication: methods and performance evaluation”, 2008, Int J Netw Secur 6(3):331–341.