適用於車載網路中兼具安全與私密之機制研究

Abstract

在未來我們可以期待，每台車輛上將安裝一個無線通訊設計，進而形成一個車載網路。而近年來，有眾多文獻正探討著車載網路上的安全與私密性議題。大多數的文獻圍繞在加強「安全相關應用」的訊息驗證。而在此博士論文中，我們首先將進一步利用車載網路特性來改進「道路救援效率」，我們提出一種以屬性為基礎的存取控制系統，簡稱為ABACS，來確保在緊急訊息上的安全性議題。藉由使用ABACS，最適合的緊急救援車輛將會被指派去執行救援的動作，並且此車輛將可安全地取得控制交通號誌的權利。ABACS 是基於一個新穎的密碼學技術，可達到訊息的機密性、合謀攻擊的預防性及細緻的存取控制。第二部分，我們則針對「加值型應用」的安全性。在此部分，針對改善安全性及可擴展性(scalability)，我們分別提出了「匿名式批次認證與金鑰協定(ABAKA)」及「具私密性的可攜式認證與存取控制協定(PAACP)」。為何需要可擴展性呢?主要是因為在車載網路中，每台車的速度介於每秒十公尺到四十公尺，相當於每小時三十六公里到一百四十四公里，因此有效率的認證機制將可有效地改善可擴展性。在ABAKA中，我們利用了批次認證的方式一次認證多個存取要求訊息，並且可同時建立起多把交談金鑰。而在PAACP中，我們利用了一個可攜式的證明文件來免除路側設備(RSUs)與服務伺服器(service provider)的長距離傳輸。透過分析與模擬的方式，我們可以證明這三個機制可有效地加強各種車載網路應用中的安全性、私密性與可擴充性。

In the future, it is envisioned that each vehicle is equipped with a communica- tion device to form a vehicular ad hoc networks (VANETs). Recently, several studies addressed security and privacy issues in VANETs. Most of them focused on authen- ticating traffic-related messages, one kind of safety applications. In this dissertation, we first aim to improve the efficiency of rescues mobilized via emergency communica- tions over VANETs. An Attribute-Based Access Control System (ABACS) for emer- gency services with security assurance over Vehicular Ad Hoc Networks (VANETs) is proposed. With ABACS, the proper emergency vehicles are assigned to tackle the emergency event and delegated the authority to control trafic facilities. Using novel cryptographic preliminaries, ABACS realizes confidentiality of messages, prevention of collusion attacks, and fine-grained access control. Next, we embark on the security of value-added application. The Anonymous Batch Authenticated and Key Agreement (ABAKA) scheme and Portable privacy-preserving Authentication and Access Con- trol Protocol (PAACP) are proposed to enhance the security and scalability issues for value-added applications in VANETs. In VANETs, the speed of a vehicle is changed from 10m/s to 40m/s (36km/hr to 144km/hr) and, therefore, the need of the efficient authentication is inevitable. ABAKA adopts the concept of batch verification to au- thenticate multiple requests sent from different vehicles and establish different session keys for different vehicles at the same time. PAACP adopts the concept of portable credentials to eliminate the backend communications with service providers. Through- out extensive analyses and simulation, we can show that these schemes can enhance the security, privacy and scalability issues for safety and non-safety applications over VANETs.