車輛隨意網路(Vehicular Ad-Hoc Networks, VANETs)是近年來一個熱門的研究主題，車輛間藉由互相廣播傳遞訊息可提早得知附近交通狀況，以便及時更改行車路線，進而避免面臨道路壅塞的情況發生，可提高行車效率與行車安全。當車輛傳送訊息時，需藉由路邊設施(Road Side Units, RSUs)進行身分與訊息驗證，以確保訊息完整性與由合法車輛所發出，如此可避免傳送訊息的過程遭受到惡意攻擊，例如：竊取、竄改、偽造或散佈假訊息等。此外，為了保護隱私性，也必須確保合法車輛的身分不會輕易暴露。
車輛可透過RSU的協助進行身分驗證。大部分RSU裝設在路燈或交通號誌上，但由於RSU涵蓋的範圍有限，且大量建置RSU的成本也相當高，所以本文運用兩種技術，共提出四種方法：分別以變色龍技術(Chameleon Hash)與隨機秘密預先分配技術(Random Secret Pre-distribution, RSP)，研究如何在有RSU與無RSU的環境下均能進行身分與訊息的驗證，以及利用此兩種技術達到私密通訊及車輛匿名機制；當惡意攻擊產生時，也可做到憑證撤銷。
本文的第一個方法中，提出在無RSU環境之下基於變色龍雜湊函數進行身分驗證及訊息驗證的機制；但這個方法在遇到惡意攻擊的車輛時，並無法達到撤銷此車輛憑證的特性。為了改善此缺點，再提出第二種方法，利用RSP針對車輛在無RSU的協助下如何做到訊息驗證。在第三種方法中，則是利用RSP的機制達到訊息驗證、匿名與私密通訊；車輛藉由RSU提供的共同的秘密，使他們能夠互相認證並獲得配對值作為密鑰達到訊息驗證和私密通訊中使用。結合上述幾種方法的優缺點，本文再提出第四種方法；結合變色龍與RSP技術的訊息驗證機制，車輛與RSU間可利用TA提供的證書取得配對值，車輛與車輛間也可利用RSU提供的共同秘密獲得一配對值完成私密通訊，並可降低車輛真實身分曝光的風險。
而本文的研究機制亦有下列優點：1.利用變色龍技術與金鑰雜湊訊息鑑別碼(Keyed-hash message authentication code, HMAC)進行身分與訊息驗證，2.結合RSP與基於身分的密碼學(ID-based cryptography, IBC)的方法使匿名通訊能更加快速與安全。從研究數據可知，我們提出的方法在訊息驗證的運算時間上遠優於當前之相關研究，也符合車輛網路所需的訊息驗證、不可否認性、私密性、有條件的匿名、不易追蹤性及滿足車輛網路之安全要求等特性。

Vehicular Ad-Hoc Networks (VANETs) have become a hot research topic in recent years. A VANET is designed to enable vehicles to exchange information about traffic or vehicle conditions to help other vehicles avoid traffic accidents or traffic jams. Vehicles can use roadside units (RSUs) to verify the identity and message authentication when they send messages. Most RSUs are installed on traffic signs or streetlights. In fact, RSUs with a high set-up cost can only cover a limited scope. Therefore, by using two techniques: namely chameleon hash function and random secret pre-distribution (RSP) in VANETs this dissertation proposes four schemes to carry out identity verification and message authentication in without or with RSU environment. These four schemes not only achieve message authentication, confidential communication, and vehicular anonymity, but also carry out identity revocation in case of malicious attacks.
In the first scheme, the mechanism is based on chameleon hash function and keyed-hash message authentication code (HMAC) to carry out identity verification and message authentication in a without RSU environment. However, when malicious attacks occur, this scheme cannot revoke the vehicle’s certificate. To overcome this disadvantage, the second and third schemes utilize the Random Secret Pre-distribution (RSP), which integrates identity-based cryptography (IBC) to make the anonymous message authentication and private communication scheme for VANETs in without and with RSU environments. Taking into account both advantages and disadvantages of the above schemes, this dissertation offers the fourth scheme, combining the chameleon hash function and RSP technology to do message authentication in a sparse RSU environment. This dissertation utilizes the identity obtained from the trusted authority (TA) to get the pairing value between vehicles and RSUs, and uses common secrets provided by RSUs to obtain pairing values for carrying out private communication within vehicles, as well as reducing the risk of exposure of the vehicle’s real identity.
The proposed schemes provides the following advantages: 1. Utilizing chameleon hash and HMAC to do identity verification and message authentication, 2. Combining RSP and IBC to make anonymous authentication easier and safer. Comparisons with the existing works it shows that the proposed schemes are superior in functionality and performance. Furthermore, our schemes can satisfy the security requirements in VANETs, such as message authentication, non-repudiation, confidentiality, conditional anonymity, and un-traceability.

致謝 i
摘要 ii
Abstract iv
Content vi
List of Figures viii
List of Tables ix
Chapter 1. Introduction 1
1.1 Vehicular Ad-Hoc Networks (VANETs) 1
1.2 Motivation 4
1.3 Design Objectives 5
1.4 Thesis Organization 7
Chapter 2. Related Works 8
Chapter 3. Preliminary Technologies 13
3.1 Chameleon Hash Function 13
3.2 Elliptic Curve Cryptosystem (ECC) 15
3.3 Diffie-Hellman Key Exchange (D-H) 16
3.4 ID-based Cryptography (IBC) 18
3.5 Random Secret Pre-distribution (RSP) 19
3.6 Bilinear Pairing 21
Chapter 4. The Proposed Schemes 22
4.1 Message Authentication Based on Chameleon Hash Function without RSU Environment 26
4.1.1 System Initialization and Registration 26
4.1.2 Announcement of Neighbor’s Vehicles 29
4.1.3 Message Broadcasting and Authentication 30
4.2 Message Authentication Based on RSP without RSU Environment 35
4.2.1 TA Initializing and Vehicles Registering 38
4.2.2 Neighbor Set Building 39
4.2.3 Pairing Process 40
4.2.4 Indirect Pairing 42
4.2.5 Mutual Trust among the Vehicles 43
4.2.6 Message Authentication 44
4.2.7 Communicating Confidentially 45
4.2.8 Prove the Pairing with Common Random Secret 46
4.3 Message Authentication Based on RSP with RSU Environment 47
4.3.1 Original Registration Set (ORG) 50
4.3.2 Obtaining New Registration with 〖ORG〗_(V_i ) 51
4.3.3 Requesting New Registration Set with 〖NRG〗_(V_i ) 52
4.3.4 Constructing Set of Neighbors 54
4.3.5 Message Authentication 55
4.3.6 Communicating Confidentially 57
4.3.7 In Sparse RSU Environment 58
4.3.8 Revocation 58
4.3.9 Broadcasting of Seed Value from TA to All RSUs 60
4.4 Message Authentication Based on Chameleon Hash Function and RSP with RSU Environment 62
4.4.1 System Initialization 63
4.4.2 Registration of Initial Identity with RSUs and Vehicles in TA 63
4.4.3 Vehicles Proposed Anonymous Request to RSU 69
4.4.4 Pairing Process 74
4.4.5 Message Authentication 80
4.4.6 In Sparse RSU Environment 84
4.4.7 Revocation 84
Chapter 5. Security and Performance Analysis 86
5.1 Security Analysis 86
5.1.1 Masquerading Attack 86
5.1.2 Message Authentication and Confidential Communication 88
5.1.3 Anonymity and Conditional Un-traceability 89
5.1.4 Forgery Attack 90
5.1.5 Revocation 91
5.1.6 Replay Attack 91
5.2 Performance Analysis 93
5.2.1 Probability that a Broadcasting Message may be Trusted 93
5.2.2 Functionality Comparison 94
5.2.3 Performance Evaluation 95
Chapter 6. Conclusions and Future Works 98
References 100

[1] D. Boneh and M. Franklin, “Identity-based Encryption from the Weil Pairing,” Proc. of International Cryptology Conference, vol. 2139 of Lecture Notes in Computer Science, pp. 514-532, Springer-Verlag, 2001.
[2] D. Boneh, B. Lynn, and H. Shacham, “Short Signature from the Weil Pairing,” Journal of Cryptology, vol. 17, no. 4, pp. 297-319, 2004.
[3] X.F. Chen, F. Zhang, W. Susilo, and T. Mu “Efficient Generic On-Line/Off-Line Signatures Without Key Exposure,” Proc. of Applied Cryptography Network Security, vol. 4521 of Lecture Notes in Computer Science, pp. 18-30, Springer-Verlag, 2007.
[4] X.F. Chen, F. Zhang, H. Tian, B. Wai, W. Susilo, T. Mu, H. Lee, and K. Kim, “Efficient Generic On-Line/Off-Line (Threshold) Signatures Without Key Exposure,” Information Sciences, vol. 178, no. 21, pp. 4192-4203, 2008.
[5] J. Choi and S. Jung, “A Handover Authentication using Credentials Based on Chameleon Hashing,” IEEE Communications Letters, vol. 14, no. 1, pp. 54-56, 2010.
[6] C.J. Chen, “Connectivity Improvement Scheme in Wireless Sensor Networks,” Master Thesis, Department of Computer Science and Engineering, National Sun Yat-sen University, 2010.
[7] C.Y. Chen, T.C. Hsu, H.T. Wu, J.Y. Chiang, and W.S. Hsieh, “Anonymous Authentication and Key Agreement Schemes in Vehicular Ad-Hoc Networks,” Journal of Internet Technology, vol. 15, no. 6, pp. 896–902, 2014.
[8] X. Dong, L. Wei, H. Zhu, Z. Cao, and L. Wang, “EP2DF: An Efficient Privacy-Preserving Data-Forwarding Scheme for Service-Oriented Vehicular Ad Hoc Networks”, IEEE Transactions on Vehicular Technology, vol. 60, no. 2, pp. 580-591, 2011.
[9] J.P. Hubaux, S. Capkun, and J. Luo, “The Security and Privacy of Smart Vehicles,” IEEE Security and Privacy, vol. 2, no. 3. pp. 49-55, 2004.
[10] D. Hankerson, A. Menezes, and S. Vanstone, “Guide to Elliptic Curve Cryptography,” Springer-Verlag, New York, 2004.
[11] J.L. Huang, L.Y. Yeh, and H.Y. Chen, “ABAKA: An Anonymous Batch Authenticated and Key Agreement Scheme for Value-Added Services in Vehicular Ad Hoc Networks”, IEEE Transactions on Vehicular Technology, vol. 60, no. 1, pp. 248-262, 2011.
[12] W.S. Hsieh, D.G. Yein, and S.Y. Liao, “The Random Secret Pre-distribution for Wireless Sensor Network,” Proc. of Information Technology and Applications in Outlying Islands, pp. 844-846, 2013.
[13] M.W. Huang, H.T. Wu, G.J. Hong, and W.S. Hsieh, “Using BDH for the Message Authentication in VANET,” Mathematical Problems in Engineering, vol. 2014, pp. 1–13, 2014.
[14] Y.H. Huang, K.H. Fan, and W.S. Hsieh, “Message Authentication Scheme for Vehicular Ad-Hoc Wireless Networks without RSU,” Journal of Information Hiding and Multimedia Signal Processing, vol. 6, no. 1, pp. 113-122, 2015.
[15] N. Koblitz, “Elliptic Curve Cryptosystems,” Mathematics of Computation, vol. 48, no. 177, pp. 203–209, 1987.
[16] H. Krawczyk and T. Rabin, “Chameleon Hashing and Signatures,” Proc. of the 7th Annual Network and Distributed System Security Symposium, pp. 143-154, 2000.
[17] P.C. Kuo, “Chameleon Hash Function Based Message Authentication for VANETs in Sparse RSU Environment,” Master Thesis, Department of Computer Science and Engineering, National Sun Yat-sen University, 2015.
[18] R. Lu, X. Lin, H. Zhu, P.-H. Ho, and X. Shen, “ECPP: Efficient Conditional Privacy Preservation Protocol for Secure Vehicular Communications,” Proc. of the IEEE INFOCOM, pp. 1229-1237, 2008.
[19] X.D. Lin, X.T. Sun, P.-H. Ho, and X.M. Shen, “GSIS: A Secure and Privacy-Preserving Protocol for Vehicular Communications,” IEEE Transaction on Vehicular Technology, vol. 56, no. 6, pp. 3442–3456, 2007.
[20] M. Long, C.H. Wu, and J.D. Irwind, “Reducing Communication Overhead for Wireless Roaming Authentication: Schemes and Performance Evaluation,” International Journal of Network Security, vol.6, no.3, pp. 331–341, 2008.
[21] D.R. Lin, C.I. Wang, and D.J. Chen, “Efficient Vehicle Ownership Identification Scheme based on Triple-Trapdoor Chameleon Hash Function,” Journal of Network and Computer Applications, vol. 34, no. 1, pp. 12-19, 2011.
[22] W.S. Li, “Probabilistic Analysis and Threshold Investigations of Random Key Pre-distribution based Wireless Sensor Network,” Master Thesis, Department of Computer Science and Engineering, National Sun Yat-sen University, 2011.
[23] W.S. Li, C.W. Tsai, W.S. Hsieh, C.S. Yang, and M.C. Chiang, “A Key Management Scheme for Dense Wireless Sensor Networks,” Information Journal of International Interdisciplinary, vol.14, pp. 2459–2470, 2011.
[24] J.Y. Liu, “An Anonymous Authentication and Key Agreement Scheme in VANETs,” Master Thesis, Department of Computer Science and Engineering, National Sun Yat-sen University, 2012.
[25] J.A. Lin, “Analysis of the Random Key Predistribution Scheme for Wireless Sensor Network: An Adversarial Perspective,” Master Thesis, Department of Computer Science and Engineering, National Sun Yat-sen University, 2012.
[26] Z.T. Luo “Chameleon Hashing Based Message Authentication, Private Communication and Revocation in Vehicular Ad Hoc Networks,” Master Thesis, Department of Computer Science and Engineering, National Sun Yat-sen University, 2014.
[27] C.H. Lin, Y.H. Huang, A.D.-G. Yein, W.S. Hsieh, C.N. Lee and P.C. Kuo, “Mutual Trust Method for Forwarding Information in Wireless Sensor Networks using Random Secret Pre-distribution,” Advances in Mechanical Engineering, vol. 8, no. 4, pp. 1-9, 2016.
[28] V.S. Miller, “Use of Elliptic Curves in Cryptography,” Advances in Cryptology- Proc. of Crypto ‘85, vol. 218 of Lecture Notes in Computer Science, pp. 417-426, Springer-Verlag, 1985.
[29] M. Raya and J.P. Hubaux, “The Security of Vehicular Ad Hoc Networks,” in Proc. of the 3rd ACM workshop on Security of ad hoc and sensor networks, pp. 11-21, 2005.
[30] M. Raya and J.P. Hubaux, “Security Vehicular Ad Hoc Networks,” Journal of Computer Security, vol. 15, no. 1, pp. 39-68, 2007.
[31] A. Shamir, "Identity-based Cryptosystems and Signature Schemes," Proc. of CRYPTO '84 on Advances in cryptology, Santa Barbara, California, United States, pp. 47-53, 1985.
[32] M. Scott, “Implementing Cryptographic Pairings,” Pairing-Based Cryptography—Pairing 2007, vol. 4575 of Lecture Notes in Computer Science, pp. 177–196, Springer-Verlag, 2007.
[33] Y.P. Sun, R.X. Lu, X.D. Lin, X.M. Shen, and J.S. Su, “An Efficient Pseudonymous Authentication Scheme with Strong Privacy Preservation for Vehicular Communications,” IEEE Transactions on Vehicular Technology, vol. 59, no. 7, pp. 3589-3603, 2010.
[34] J.Y. Sun, C. Zhang, Y.C. Zhang, and Y.G. Fang, “An Identity-based Security System for User Privacy in Vehicular Ad Hoc Networks,” IEEE Transactions on Parallel and Distributed Systems, vol. 21, no. 9, pp. 1227-1239, 2010.
[35] R. Uzcategui and G. Acosta-Marum, “Wave: A Tutorial,” IEEE Communications Magazine, vol. 47, no. 5, pp. 126-133, 2009.
[36] A. Wasef, Y.X. Jiang, and X.M. Shen, “DCS: An Efficient Distributed-Certificate-Service Scheme for Vehicular Networks,” IEEE Transactions on Vehicular Technology, vol. 59, no. 2, pp. 533-549, 2010.
[37] H.T. Wu and W.S. Hsieh, “RSU-based Message Authentication for Vehicular Ad-Hoc Networks,” Multimedia Tools and Applications, vol. 66, no. 2, pp. 215-227, 2011.
[38] J.H. Yang and C.C. Chang, “An ID-based Remote Mutual Authentication with Key Agreement Scheme for Mobile Device on Elliptic Curve Cryptosystem,” Computers & Security, vol. 28, no.3/4, pp. 138-143, 2009.
[39] A.D.-G. Yein, C.Y. Chen, T.C. Hsu, W.S. Hsieh, and J.A. Lin, “Attack Wireless Sensor Network using Compromised Key Redistribution,” Applied Mechanics and Materials Special Issue Information Technology Applications in Industry, vol. 263–266, pp. 920–925, 2012.
[40] A.D.-G. Yein, Y.H. Huang, C.H. Lin, W.S. Hsieh, C.N. Lee, and Z.T. Luo, “Using a Random Secret Pre-distribution Scheme to Implement Message Authentication in VANETs,” Applied Sciences, vol. 5, no. 4, pp. 973-988, 2015.
[41] C.X. Zhang, X.D. Lin, R.X. Lu, P.H. Ho, and X.M. Shen, “An Efficient Message Authentication Scheme for Vehicular Communications,” IEEE Transactions on Vehicular Technology, vol. 57, no. 6, pp. 3357-3368, 2008.
[42] Efficient Implementation of Cryptographic Pairings. [Online]. Available: http://ecrypt-ss07.rhul.ac.uk/Slides/Thursday/mscott-samos07.pdf