Journal of the Institute of Electronics and Information Engineers (전자공학회논문지)

The Institute of Electronics and Information Engineers (대한전자공학회)
권호 표지
DOI QR코드

DOI QR Code

Cryptanalysis of an Identity-Based Message Authentication Scheme in VANETs

신원기반의 차량통신망 메시지 인증 스킴에 대한 안전성 분석

  • Ryu, Eun-Kyung (EECS, Kyungpook National University) ;
  • Lee, Sung-Woon (Department of Information Security, Tongmyong University) ;
  • Yoo, Kee-Young (School of Computer Science and Engineering, Kyungpook National University)
  • 류은경 (경북대학교 전자전기컴퓨터학부) ;
  • 이성운 (동명대학교 정보보호학과) ;
  • 유기영 (경북대학교 컴퓨터학부)
  • Received : 2013.02.07
  • Published : 2013.06.25
Download PDF
⟨ Previous Next ⟩

Abstract

In a paper recently published in the International Journal of Parallel, Emergent and Distributed Systems, Biswas et al. proposed a VANET message authentication scheme which uses an identity-based proxy signature mechanism as an underlying primitive. The authors claimed that their scheme supports various security features including the security of proxy-key, the security against message forgery and the security against replay attack, with non-repudiation and resistance to proxy-key compromise. Here, we show how an active attacker, who has no knowledge of an original message sender's private key, can compute the proxy-signature key of the corresponding message sender, meaning that the scheme is completely insecure. We also suggest an enhanced version of the protocol capable of solving such serious security holes.

최근 Biswas등은 신원기반의 대리서명을 사용한 차량통신망 메시지 인증 프로토콜을 제안하였다. 저자들은 제안된 인증기법이 대리 서명키에 대한 안전성, 메시지 위조 및 재전송 공격에 대한 안전성, 부인방지 서비스, 대리 서명키 노출에 대한 저항성 등에 대한 안전성을 제공한다고 주장하였다. 본 논문에서는 Biswas등이 제안한 프로토콜에서 위임 받지 않은 임의의 공격자가 원 서명자의 비밀키에 대한 정보 없이 메시지 전달자의 대리 서명키를 계산할 수 있음을 보인다. 이것은 Biswas등이 제안한 메시지 인증 프로토콜은 저자들의 주장과는 달리 안전하지 않음을 의미한다. 또한, 본 논문에서는 이를 해결할 수 있는 개선된 프로토콜을 제시한다.

Keywords

References

  1. A. Shamir, "Identity-based Cryptosystems and Signature Schemes," in Proceedings of CRYPTO 84 on Advances in Cryptology, Springer-Verlag, pp. 47-53, 1985.
  2. A. Studer, F. Bai, B. Bellur, and A. Perrig, "Flexible, Extensible, and Efficient VANET Authentication," in Proceedings of the 6th Embedded Security in Cars Workshop (ESCAR), 2008.
  3. B. Parno and A. Perrig, "Challenges in Securing Vehicular Networks," in Proceedings of Workshop on Hot Topics in Networks (HotNets-IV), 2005.
  4. F. Kargl, E. Schoch, B. Wiedersheim, and T. Leinm, "Secure and Efficient Beaconing for Vehicular Networks", In Proceeding of 5th ACM VANET, 2008.
  5. M. Raya and J.P. Hubaux, "The Security of Vehicular Ad hoc Networks," in Proceedings of the 3rd ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN '05), 2005.
  6. M. Mambo, K. Usuda, and E. Okamoto, "Proxy Signatures for Delegating Signing Operation, in Proceedings of the 3rd ACM Conference on Computer and Communications Security, pp. 48-57, 1996.
  7. P. Papadimitratos, V. Gligor, and J. Hubaux, "Securing Vehicular Communications Assumptions, Requirements, and Principles," in Proceedings of Workshop on Embedded Security in Cars (ESCAR), 2006.
  8. P. Papadimitratos, P. Buttyan, T. Holczer, et al, "Secure Vehicular Communications: Design and Architecture Application and Management Services," IEEE Communications Magazine 46(11), pp. 100-109, 2008.
  9. S. Biswas, J. Misic, and V. Misic, "An Identity-based Authentication Scheme for Safety Messages in WAVE-enabled VANETs," International Journal of Parallel, Emergent and Distributed Systems, DOI:10.1080/7445760.011.41965, 2012.
  10. IEEE Std 1609.2, IEEE Trial-use Standard for Wireless Access in Vehicular Environments (WAVE)-Security Services for Applications and Management Messages, IEEE, 2006.