車載網路為一個新興的行動通訊網路系統，目的在於提高車輛行駛間的安全性及效率，在此環境下，車輛可以透過無線傳輸技術將訊息廣播給其他車輛，如交通意外事件訊息等，做為警示提醒駕駛重新規劃行車路線，並小心避開可能的危險。然而，在此機制之下，卻也衍生出了許多資料傳輸安全及駕駛隱私等問題。當車輛收到一個交通事件訊息，必須先驗證此訊息是否由一個通過合法認證的車輛所送出，且這些訊息都不能暴露出該來源車輛的身份以保護其隱私性。但為了避免有任何如傳送假訊息等濫用車
載網路的情形發生，同時也必須將追蹤訊息來源及撤銷其合法性等機制進行一併考量。在先前的文獻中已有相關技術被提出，大致上可分為植基於匿名憑證與群簽章兩種架構為主體，而這兩種架構都有其缺點存在。因此在本論文中，我們提出一個植基於盲簽章技術，可證明其安全性並具高隱私保護的安全通訊協定以滿足在車載環境下所需的安全要求，如資料完整、認證、不可否認、匿名等特性。同時藉由其提供之快速追蹤及車輛註銷機制，當任何誤用或爭議發生時，能夠更有效率地由公正單位進行訊息
追蹤及仲裁。除此之外，我們考慮實際道路與車輛密度等狀況，提出模擬數據以說明所提出的系統具有效率與可行性，更適合運用於車載網路之上。最後，我們也正規化地證明了我們所提出之協定是安全的。

Vehicular ad hoc networks (VANETs) are instances of mobile ad hoc networks with the aim to enhance the safety and efficiency of road traffic. The basic idea is to allow arbitrary vehicles to broadcast ad hoc messages (e.g. traffic accidents)
to other vehicles and remind drivers to change their route immediately or slow down to avoid dangers. However, some concerns of security and privacy are also raised in this environment. Messages should be signed and verified before they are trusted while the real identities of vehicles should not be revealed to guarantee the source privacy, but it still has to be traceable to prevent any abuse of VANETs (e.g. sending a fake message). Many related works have been presented in the literature so far. They can be generally divided into two constructions, where one is based on pseudonymous authentication and the other is based on group signatures. However, both of the two constructions have some drawbacks. Consequently, in this thesis, we come up with a provably secure and strong privacy preserving protocol based on the blind signature technique to guarantee privacy and fulfill other essential security requirements in the vehicular communication
environment. Besides, compared with other similar works, we offer an efficient tracing mechanism to trace and revoke the vehicles abusing the VANETs. In addition, considering the real environment, we also provide simulation results to show that our scheme is more practical, efficient and suitable for VANETs under a real city street scenario with high vehicle density. Finally, we also demonstrate the security of the proposed protocol by formal proofs.

論文審定書i
誌謝iii
中文摘要iv
英文摘要v
List of Figures ix
List of Tables xi
Chapter 1 Introduction 1
1.1 Overview of VANETs . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1.1 System Model . . . . . . . . . . . . . . . . . . . . . . . 2
1.1.2 Basic Attacks . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1.3 Security Requirements . . . . . . . . . . . . . . . . . . . 5
1.2 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.3 Organization of the Thesis . . . . . . . . . . . . . . . . . . . . . 7
Chapter 2 Related Works 9
2.1 Review of Lin et al.’s Scheme . . . . . . . . . . . . . . . . . . . 9
2.1.1 Bilinear Paring . . . . . . . . . . . . . . . . . . . . . . . 11
2.1.2 System Setup . . . . . . . . . . . . . . . . . . . . . . . . 12
2.1.3 OBU Registration Phrase . . . . . . . . . . . . . . . . . . 12
2.1.4 OBU Safty Message Sending . . . . . . . . . . . . . . . . 12
2.1.5 Verification Phase . . . . . . . . . . . . . . . . . . . . . . 14
2.1.6 Tracing from a Message . . . . . . . . . . . . . . . . . . 14
2.1.7 Vehicle Revocation . . . . . . . . . . . . . . . . . . . . . 14
2.2 Review of Lin et al.’s Scheme . . . . . . . . . . . . . . . . . . . 15
2.2.1 System Initialization . . . . . . . . . . . . . . . . . . . . 16
2.2.2 OBU Short-Time Anonymous Key Generation . . . . . . 17
2.2.3 Message Signature and Verification . . . . . . . . . . . . 20
2.2.4 OBU Fast Tracking Algorithm . . . . . . . . . . . . . . . 20
Chapter 3 The Proposed Strong Privacy Preserving Communication Protocol 22
3.1 Overview of the Proposed Scheme . . . . . . . . . . . . . . . . . 22
3.2 Generic Blind Signature Scheme . . . . . . . . . . . . . . . . . . 23
3.3 The Generic Version of the Proposed Scheme . . . . . . . 26
3.3.1 System Initialization . . . . . . . . . . . . . . . . . . . . 26
3.3.2 Registration . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.3.3 Vehicle Safety Message Generation . . . . . . . . . . . . 29
3.3.4 Vehicle Safety Message Sending and Verifying . . . . . . 33
3.3.5 Vehicle Tracing . . . . . . . . . . . . . . . . . . . . . . . 34
3.3.6 Vehicle Revocation . . . . . . . . . . . . . . . . . . . . . 34
3.4 The Proposed Scheme Based on RSA . . . . . . . . . . . . . 34
3.4.1 System Initialization . . . . . . . . . . . . . . . . . . . . 34
3.4.2 Registration . . . . . . . . . . . . . . . . . . . . . . . . . 35
3.4.3 Vehicle Safety Message Generation . . . . . . . . . . . . 36
3.4.4 Vehicle Safety Message Sending and Verifying . . . . . . 39
Chapter 4 Security Analysis 41
4.1 Safety Message Unlinkability . . . . . . . . . . . . . . . . . . . . 41
4.2 Safety Message Unforgeability . . . . . . . . . . . . . . . . . . . 44
4.3 Vehicle Traceability . . . . . . . . . . . . . . . . . . . . . . . . . 51
4.4 Message Authentication . . . . . . . . . . . . . . . . . . . . . . . 55
Chapter 5 Performance and Simulation 56
5.1 Performance Analysis . . . . . . . . . . . . . . . . . . . . . . . . 56
5.1.1 TA Computation Complexity on Vehicle Tracing . . . . . 57
5.1.2 Vehicle Revocation Overhead . . . . . . . . . . . . . . . 58
5.1.2.1 The Update RL . . . . . . . . . . . . . . . . . 58
5.1.2.2 Checking Overhead of RL . . . . . . . . . . . 58
5.1.3 RSU Service Performance . . . . . . . . . . . . . . . . . 59
5.1.4 Vehicle Computation Overhead on Message Authentication 59
5.1.5 Storage Overhead for a Vehicle . . . . . . . . . . . . . . 60
5.2 Simulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Chapter 6 Conclusion 68
Bibliography 69

[1] Dedicated short range communications (DRSC),
http://www.leearmstrong.com/dsrc/dsrchomeset.htm.
[2] The network simulator –NS-2, http://www.isi.edu/nsnam/ns/.
[3] SUMO, http://sumo.sourceforge.net/.
[4] TIGER (topologically integrated geographic encoding and referencing), http://www.census.gov/geo/www/tiger/.
[5] M. Abe and T. Okamoto. Provably secure partially blind signatures. In Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology, pages 271–286. Springer-Verlag, 2000.
[6] M. Bellare, C. Namprempre, D. Pointcheval, and M. Semanko. The onemore-rsa-inversion problems and the security of chaum’s blind signature scheme. Journal of Cryptology, volume 16, number 3, pages 185-215, 2008.
[7] D. Boneh, X. Boyen, and H. Shacham. Short group signatures. In Proceedings of CRYPTO ’04, pages 41–55. Springer-Verlag, 2004.
[8] D. Boneh and M. K. Franklin. Identity-based encryption from the weil pairing. In Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, pages 213–229. Springer-Verlag, 2001.
[9] G. Calandriello, P. Papadimitratos, J. P. Hubaux, and A. Lioy. Efficient and robust pseudonymous authentication in VANET. In Proceedings of the fourth ACM international workshop on Vehicular ad hoc networks, pages 19–28. ACM, 2007.
[10] J. Camenisch, A. Lysyanskaya, and M. Meyerovich. Endorsed e-cash. In Proceedings of the 2007 IEEE Symposium on Security and Privacy, pages 101–115. IEEE Computer Society, 2007.
[11] D. Chaum. Blind signatures for untraceable payments. In Advances in Cryptology Proceedings of Crypto 82, pages 199–203, 1983.
[12] D. Chaum, A. Fiat, and M. Naor. Untraceable electronic cash. In Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology, pages 319–327. Springer-Verlag, 1990.
[13] T. W. Chim, S. M. Yiu, L. C. K. Hui, Z. L. Jiang, and V. O. K. Li. SPECS: Secure and privacy enhancing communications schemes for VANETs. Ad Hoc Networks, volume 28, number 2, pages 160-175, 2010.
[14] X. Dong, L. Wei, H. Zhu, Z. Cao, and L. Wang. EPPDF: An efficient privacy-preserving data-forwarding scheme for service-oriented vehicular ad hoc networks. IEEE Transactions on Vehicular Technology, volume 60, number 2, pages 580-591, 2011.
[15] F. D‥otzer. Privacy issues in vehicular ad hoc networks. In Proceedings of the 2nd ACM international workshop on Vehicular ad hoc networks, pages 197–209. ACM, 2005.
[16] C. I. Fan. Improved low-computation partially blind signatures. Applied Mathematics and Computation, volume 145, number 2-3, pages 853-867, 2003.
[17] C. I. Fan and W. K. Chen. An efficient blind signature scheme for information hiding. International Journal of Electronic Commerce, volume 6, number 1, pages 93-100, 2001.
[18] C. I. Fan, L. Y. Huang, and P. H. Ho. Anonymous multireceiver identitybased encryption. IEEE Transactions on Computers, volume 59, number 9, pages 1239-1249, 2010.
[19] C. I. Fan and S. M. Huang. Provably secure integrated on/off-line electronic cash for flexible and efficient payment. IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, volume 40, number 5, pages 567-579, 2010.
[20] C. I. Fan, S. Y. Huang, P. H. Ho, and C. L. Lei. Fair anonymous rewarding based on electronic cash. Journal of Systems and Software, volume 82, number 7, pages 1168-1176, 2009.
[21] C. I. Fan and C. L. Lei. User efficient blind signatures. Electronics Letters, volume 34, number 6, pages 544-546, 1998.
[22] C. I. Fan and W. Z. Sun. An efficient multi-receipt mechanism for uncoercible anonymous electronic voting. Mathematical and Computer Modelling, volume 48, number 9-10, pages 1611-1627, 2008.
[23] C. I. Fan and W. Z. Sun. Efficient encoding scheme for date attachable electronic cash. In The 24th Workshop on Combinatorial Mathematics and Computation Theory, pages 405–410, 2007.
[24] C. I. Fan, W. Z. Sun, and S. M. Huang. Provably secure randomized blind signature scheme based on bilinear pairing. Computers and Mathematics with Applications, volume 60, number 2, pages 285-293, 2010.
[25] J. Guo, J. P. Baugh, and S. Wang. A group signature based secure and privacy-preserving vehicular communication framework. In Proceedings of the 2007 Mobile Networking for Vehicular Environments, pages 103–108, 2007.
[26] N. Koblitz, A. Menezes, and S. Vanstone. The state of elliptic curve cryptography. Designs, Codes and Cryptography, volume 19, number 2, pages 173-193, 2000.
[27] X. Lin, X. Sun, P. H. Ho, and X. Shen. GSIS: A secure and privacy preserving protocol for vehicular communications. IEEE Transactions on Vehicular Technology, volume 56, number 6, pages 3442-3456, 2007.
[28] R. Lu, X. Lin, H. Zhu, P. H. Ho, and X. Shen. ECPP: Efficient conditional privacy preservation protocol for secure vehicular communications. In IEEE INFOCOM 2008. The 27th Conference on Computer Communications, pages 1229–1237, 2008.
[29] A. J. Menezes, P. C. V. Oorschot, S. A. Vanstone, and R. L. Rivest. Handbook of applied cryptography. In CRC Press LLC, 1997.
[30] M. Raya and J. P. Hubaux. Securing vehicular ad hoc networks. Journal of Computer Security, volume 15, number 1, pages 39-68, 2007.
[31] M. Raya and J. P. Hubaux. The security of vehicular ad hoc networks. In Proceedings of the 3rd ACM workshop on Security of ad hoc and sensor networks, pages 11–21. ACM, 2005.
[32] M. Scott. Efficient implementation of cryptographic pairings, http: //ecryptss07.rhul.ac.uk/slides/thursday/mscott-samos07.pdf.
[33] M. Scott. Implementing cryptographic pairings. In Pairing-Based Cryptography-Pairing 2007, pages 177–196, 2007.
[34] Y. Sun, R. Lu, X. Lin, X. Shen, and J. Su. An efficient pseudonymous authentication scheme with strong privacy preservation for vehicular communications. IEEE Transactions on Vehicular Technology, volume 59, number 7, pages 3589-3603, 2010.
[35] A. Wasef, Y. Jiang, and X. Shen. DCS: An efficient distributed-certificateservice scheme for vehicular networks. IEEE Transactions on Vehicular Technology, volume 59, number 2, pages 533-549, 2010.
[36] Q. Wu, J. Domingo-Ferrer, and U. Gonzalez-Nicolas. Balanced trustworthiness, safety, and privacy in vehicle-to-vehicle communications. IEEE Transactions on Vehicular Technology, volume 59, number 2, pages 559-573, 2010.
[37] Q. Xu and R. Sengupta. Vehicle-to-vehicle safety messaging in DSRC. In Proceedings of the 1st ACMWorkshop on Vehicular Ad-hoc Networks, pages 19–28. ACM, 2004.
[38] M. E. Zarki, S. Mehrotra, G. Tsudik, and N. Venkatasubramanian. Security issues in a future vehicular network. In European Wireless, pages 270–274, 2002.
[39] C. Zhang, X. Lin, R. Lu, and P. H. Ho. RAISE: An efficient rsu-aided message authentication scheme in vehicular communication networks. In IEEE International Conference on Communications, 2008. ICC ’08, pages 1451–1457, 2008.
[40] C. Zhang, X. Lin, R. Lu, P. H. Ho, and X. Shen. An efficient message authentication scheme for vehicular communications. IEEE Transactions on Vehicular Technology, volume 57, number 6, pages 3357-3368, 2008.
[41] C. Zhang, R. Lu, X. Lin, P. H. Ho, and X. Shen. An efficient identitybased batch verification scheme for vehicular sensor networks. In IEEE INFOCOM 2008. The 27th Conference on Computer Communications, pages
246–250, 2008.
[42] L. Zhang, Q. Wu, A. Solanas, and J. Domingo-Ferrer. A scalable robust authentication protocol for secure vehicular communications. IEEE Transactions on Vehicular Technology, volume 59, number 4, pages 1606-1617, 2010.
[43] Y. Zhang, W. Liu, W. Lou, and Y. Fang. Securing mobile ad hoc networks with certificateless public keys. IEEE Transactions on Dependable and Secure Computing, volume 3, number 4, pages 386-399, 2007.