Establishing security and privacy in WAVE-enabled vehicular ad hoc networks

Biswas, Subir

11 January 2013

Security and privacy are among the growing concerns of a Vehicular Ad hoc Network (VANET) which requires a high degree of liability from its participants. In this dissertation, We address security, anonymity and privacy challenges of VANETs in the light of the IEEE standards for vehicular communications. VANET provides a variety of road-safety and other applications through wireless devices installed in vehicles and roadside infrastructure. A roadside infrastructure in VANET is generally public, and is prone to several different malicious attacks including node compromise, impersonation, and false message delivery attacks. Therefore, a user of a VANET must verify the integrity of a message that is delivered from a roadside infrastructure. On the other hand, a vehicle-originated message should be anonymous in order to ensure user-privacy in a VANET. However, a vehicle must not be able to take advantage of its anonymity for any misbehavior like sending false messages or malicious updates to other vehicles or a roadside infrastructure. We use proxy signature, identity-based signature, and elliptic curve cryptosystems to provide authentication for infrastructure generated messages, and anonymous authentication for vehicle originated messages. Authentication in a dense traffic condition is a challenge for a receiving entity as it incurs a processing delay at the receiving end. We address this issue with a dynamic approach that selectively verifies received messages based on a message's MAC-layer priority and a sender's information relevance. This approach makes a trade-off between priority and fairness in vehicular message authentication. We develop a network simulator to measure the impact of our authentication schemes over a WAVE protocol stack. Also, we investigate how some of the MAC-layer weaknesses may impair the security of a VANET. Our solutions are lightweight, bandwidth friendly and compatible to the current standards of vehicular communications.

VANET Security

privacy

anonymity

authentication

WAVE

DSRC

proxy signature

ID-based signature

ECDSA

EDCA

OBU

RSU

vehicular communications

contention window

access category

DDoS

Establishing security and privacy in WAVE-enabled vehicular ad hoc networks

Biswas, Subir

11 January 2013

Security and privacy are among the growing concerns of a Vehicular Ad hoc Network (VANET) which requires a high degree of liability from its participants. In this dissertation, We address security, anonymity and privacy challenges of VANETs in the light of the IEEE standards for vehicular communications. VANET provides a variety of road-safety and other applications through wireless devices installed in vehicles and roadside infrastructure. A roadside infrastructure in VANET is generally public, and is prone to several different malicious attacks including node compromise, impersonation, and false message delivery attacks. Therefore, a user of a VANET must verify the integrity of a message that is delivered from a roadside infrastructure. On the other hand, a vehicle-originated message should be anonymous in order to ensure user-privacy in a VANET. However, a vehicle must not be able to take advantage of its anonymity for any misbehavior like sending false messages or malicious updates to other vehicles or a roadside infrastructure. We use proxy signature, identity-based signature, and elliptic curve cryptosystems to provide authentication for infrastructure generated messages, and anonymous authentication for vehicle originated messages. Authentication in a dense traffic condition is a challenge for a receiving entity as it incurs a processing delay at the receiving end. We address this issue with a dynamic approach that selectively verifies received messages based on a message's MAC-layer priority and a sender's information relevance. This approach makes a trade-off between priority and fairness in vehicular message authentication. We develop a network simulator to measure the impact of our authentication schemes over a WAVE protocol stack. Also, we investigate how some of the MAC-layer weaknesses may impair the security of a VANET. Our solutions are lightweight, bandwidth friendly and compatible to the current standards of vehicular communications.

VANET Security

Privacy

Anonymity

Authentication

WAVE

DSRC

Proxy signature

ID-based Signature

ECDSA

EDCA

OBU

RSU

Vehicular Communications

Contention Window

Access Category

DDoS

Nymbler: Privacy-enhanced Protection from Abuses of Anonymity

Henry, Ryan

January 2010

Anonymous communications networks help to solve the real and important problem of enabling users to communicate privately over the Internet. However, by doing so, they also introduce an entirely new problem: How can service providers on the Internet---such as websites, IRC networks and mail servers---allow anonymous access while protecting themselves against abuse by misbehaving anonymous users? Recent research efforts have focused on using anonymous blacklisting systems (also known as anonymous revocation systems) to solve this problem. As opposed to revocable anonymity systems, which enable some trusted third party to deanonymize users, anonymous blacklisting systems provide a way for users to authenticate anonymously with a service provider, while enabling the service provider to revoke access from individual misbehaving anonymous users without revealing their identities. The literature contains several anonymous blacklisting systems, many of which are impractical for real-world deployment. In 2006, however, Tsang et al. proposed Nymble, which solves the anonymous blacklisting problem very efficiently using trusted third parties. Nymble has inspired a number of subsequent anonymous blacklisting systems. Some of these use fundamentally different approaches to accomplish what Nymble does without using third parties at all; so far, these proposals have all suffered from serious performance and scalability problems. Other systems build on the Nymble framework to reduce Nymble's trust assumptions while maintaining its highly efficient design. The primary contribution of this thesis is a new anonymous blacklisting system built on the Nymble framework---a nimbler version of Nymble---called Nymbler. We propose several enhancements to the Nymble framework that facilitate the construction of a scheme that minimizes trust in third parties. We then propose a new set of security and privacy properties that anonymous blacklisting systems should possess to protect: 1) users' privacy against malicious service providers and third parties (including other malicious users), and 2) service providers against abuse by malicious users. We also propose a set of performance requirements that anonymous blacklisting systems should meet to maximize their potential for real-world adoption, and formally define some optional features in the anonymous blacklisting systems literature. We then present Nymbler, which improves on existing Nymble-like systems by reducing the level of trust placed in third parties, while simultaneously providing stronger privacy guarantees and some new functionality. It avoids dependence on trusted hardware and unreasonable assumptions about non-collusion between trusted third parties. We have implemented all key components of Nymbler, and our measurements indicate that the system is highly practical. Our system solves several open problems in the anonymous blacklisting systems literature, and makes use of some new cryptographic constructions that are likely to be of independent theoretical interest.

Privacy

privacy enhancing technologies

PETs

anonymity

authentication

anonymous blacklisting

anonymous revocation

privacy-enhanced revocation

zero-knowledge proofs

anonymous credentials

restricted blind signatures

Computer Science

Efficient Packet-Drop Thwarting and User-Privacy Preserving Protocols for Multi-hop Wireless Networks

Mahmoud, Mohamed Mohamed Elsalih Abdelsalam

08 April 2011

In multi-hop wireless network (MWN), the mobile nodes relay others’ packets for enabling new applications and enhancing the network deployment and performance. However, the selfish nodes drop the packets because packet relay consumes their resources without benefits, and the malicious nodes drop the packets to launch Denial-of-Service attacks. Packet drop attacks adversely degrade the network fairness and performance in terms of throughput, delay, and packet delivery ratio. Moreover, due to the nature of wireless transmission and multi-hop packet relay, the attackers can analyze the network traffic in undetectable way to learn the users’ locations in number of hops and their communication activities causing a serious threat to the users’ privacy. In this thesis, we propose efficient security protocols for thwarting packet drop attacks and preserving users’ privacy in multi-hop wireless networks. First, we design a fair and efficient cooperation incentive protocol to stimulate the selfish nodes to relay others’ packets. The source and the destination nodes pay credits (or micropayment) to the intermediate nodes for relaying their packets. In addition to cooperation stimulation, the incentive protocol enforces fairness by rewarding credits to compensate the nodes for the consumed resources in relaying others’ packets. The protocol also discourages launching Resource-Exhaustion attacks by sending bogus packets to exhaust the intermediate nodes’ resources because the nodes pay for relaying their packets. For fair charging policy, both the source and the destination nodes are charged when the two nodes benefit from the communication. Since micropayment protocols have been originally proposed for web-based applications, we propose a practical payment model specifically designed for MWNs to consider the significant differences between web-based applications and cooperation stimulation. Although the non-repudiation property of the public-key cryptography is essential for securing the incentive protocol, the public-key cryptography requires too complicated computations and has a long signature tag. For efficient implementation, we use the public-key cryptography only for the first packet in a series and use the efficient hashing operations for the next packets, so that the overhead of the packet series converges to that of the hashing operations. Since a trusted party is not involved in the communication sessions, the nodes usually submit undeniable digital receipts (proofs of packet relay) to a centralized trusted party for updating their credit accounts. Instead of submitting large-size payment receipts, the nodes submit brief reports containing the alleged charges and rewards and store undeniable security evidences. The payment of the fair reports can be cleared with almost no processing overhead. For the cheating reports, the evidences are requested to identify and evict the cheating nodes. Since the cheating actions are exceptional, the proposed protocol can significantly reduce the required bandwidth and energy for submitting the payment data and clear the payment with almost no processing overhead while achieving the same security strength as the receipt-based protocols. Second, the payment reports are processed to extract financial information to reward the cooperative nodes, and contextual information such as the broken links to build up a trust system to measure the nodes’ packet-relay success ratios in terms of trust values. A node’s trust value is degraded whenever it does not relay a packet and improved whenever it does. A node is identified as malicious and excluded from the network once its trust value reaches to a threshold. Using trust system is necessary to keep track of the nodes’ long-term behaviors because the network packets may be dropped normally, e.g., due to mobility, or temporarily, e.g., due to network congestion, but the high frequency of packet drop is an obvious misbehavior. Then, we propose a trust-based and energy-aware routing protocol to route traffics through the highly trusted nodes having sufficient residual energy in order to establish stable routes and thus minimize the probability of route breakage. A node’s trust value is a real and live measurement to the node’s failure probability and mobility level, i.e., the low-mobility nodes having large hardware resources can perform packet relay more efficiently. In this way, the proposed protocol stimulates the nodes not only to cooperate but also to improve their packet-relay success ratio and tell the truth about their residual energy to improve their trust values and thus raise their chances to participate in future routes. Finally, we propose a privacy-preserving routing and incentive protocol for hybrid ad hoc wireless network. Micropayment is used to stimulate the nodes’ cooperation without submitting payment receipts. We only use the lightweight hashing and symmetric-key-cryptography operations to preserve the users’ privacy. The nodes’ pseudonyms are efficiently computed using hashing operations. Only trusted parties can link these pseudonyms to the real identities for charging and rewarding operations. Moreover, our protocol protects the location privacy of the anonymous source and destination nodes. Extensive analysis and simulations demonstrate that our protocols can secure the payment and trust calculation, preserve the users’ privacy with acceptable overhead, and precisely identify the malicious and the cheating nodes. Moreover, the simulation and measurement results demonstrate that our routing protocols can significantly improve route stability and thus the packet delivery ratio due to stimulating the selfish nodes’ cooperation, evicting the malicious nodes, and making informed decisions regarding route selection. In addition, the processing and submitting overheads of the payment-reports are incomparable with those of the receipts in the receipt-based incentive protocols. Our protocol also requires incomparable overhead to the signature-based protocols because the lightweight hashing operations dominate the nodes’ operations.

Security

Trust system

Trust-based routing protocol

black hole attacks

Cooperation stimulation

Reputation systems

Privacy preserving protocols

anonymity

Electrical and Computer Engineering

Dudle: Mehrseitig sichere Web 2.0-Terminabstimmung / Dudle: Multilateral Secure Web 2.0-Event Scheduling

Kellermann, Benjamin

21 December 2011

Es existiert eine Vielzahl an Web 2.0-Applikationen, welche es einer Gruppe von Personen ermöglichen, einen gemeinsamen Termin zu finden (z. B. doodle.com, moreganize.ch, whenisgood.net, agreeadate.com, meetomatic.com, etc.) Der Ablauf ist simpel: Ein Initiator legt eine Terminumfrage an und schickt den Link zu der Umfrage zu den potentiellen Teilnehmern. Nachdem jeder Teilnehmer der Anwendung seine Verfügbarkeiten mitgeteilt hat, kann anhand dieser Informationen ein Termin gefunden werden, der am besten passt. Maßnahmen um die Vertraulichkeit und Integrität der Daten zu schützen finden in allen bestehenden Applikationen zu wenig Beachtung. In dieser Dissertation wurde eine Web 2.0-Applikation entwickelt, welche es zulässt Terminabstimmungen zwischen mehreren Teilnehmern durchzuführen und dabei möglichst wenige Vertrauensannahmen über alle Beteiligten zu treffen. / Applications which help users to schedule events are becoming more and more important. A drawback of most existing applications is, that the preferences of all participants are revealed to the others. We propose a schemes, which are able to schedule events in a privacy-enhanced way. In addition, Dudle, a Web 2.0 application is presented which implements these schemes.

E-Voting

Web 2.0

Terminplanung

electronic voting

anonymity

privacy-enhanced application design

Web 2.0

ddc:004

rvk:ST 205

rvk:ST 277

Elektronische Wahl

World Wide Web 2.0

Terminplanung

Anonymity, individuality and commonality in writing in British periodicals - 1830 to 1890: a computational stylistics approach

Antonia, Alexis

January 2009

Research Doctorate - Doctor of Philosophy (PhD) / The aim of the thesis is to use computational stylistics, and in particular the methods pioneered by John Burrows, to explore aspects of the nineteenth-century periodical genre. Published for the most part anonymously, periodical articles were written by an extraordinary range of authors on an incredible variety of topics. The standard of writing in the thousands of articles appearing in the ‘higher’ or ‘literary’ journals has generally been agreed by scholars to be ‘remarkably good’. Beginning in 1802 and flourishing for most of the century, this outstanding genre of writing had all but disappeared by the beginning of the twentieth century. The text collection for the thesis consists of almost two million words by twenty-two authors. My study employs a variety of statistical tests on these texts to examine the effect of such factors as anonymity, commonality, authorial individuality, gender, house-style, text-type and chronology on the periodicals. I begin by taking a broad view of the field: first allowing the articles to ‘speak for themselves’ and to exhibit their commonalities and individual differences; then exploring the significance of both the intra-generic focus of the article – the stance taken in a particular article – and the author’s own idiosyncratic preferences in determining the incidence of function words in these articles. The interplay between these two factors provided an explanation as to why the articles of some authors invariably grouped together while those of other authors displayed marked variability. The use of lists of authorial ‘marker words’ – those words used relatively more or relatively less frequently by individual authors – showed that one can think of this large group of mostly anonymous periodical articles as a set of authorial oeuvres. I also look at the frequently made assertion that authors adapted their writing to the ‘house style’ of particular journals, and come to the conclusion that it does not significantly affect the deeper level of style revealed by function word usage. I then examine the question of whether or not there are differences between men’s and women’s usages of function words, coming to the conclusion that, although differences can be seen to exist, it is not at present possible to come up with sets of ‘marker words’ that reveal gender in the way that is possible with authorship. I use ‘marker words’ to identify the characteristics of one major author, George Eliot, and to show how she modified her stylistic practices when she moved from the periodical essay to fiction. I demonstrate how the techniques of computational stylistics can be used to check the legitimacy of some of the attributions made in the Wellesley Index, and I attribute one much-discussed anonymous group of articles on ‘the woman question’ to Robert Cecil 3rd Marquess of Salisbury and Prime Minister of England.

British periodicals

computational stylistics

Wellesley Index

Women's Movement

gender

Burrows' method

nineteenth century

house style

authorial style

intra-generic focus

anonymity

attribution

George Eliot

Má dítě vzniklé uměle, z darovaných gamet, přirozené právo na poznání svých biologických rodičů? / Does the child born from donated gametes right to know its biological parents?

TOŠNEROVÁ, Jana

January 2017

This thesis deals with the issue of assisted reproduction, ethical aspects of infertility treatment and in particular looking for the answer to the question of whether they have children from donated gametes natural right to know their biological parents, the gamete donors. The diploma thesis is devoted to the topic of infertility and description of some of the methods of assisted reproduction. Emphasis is on the status of child from gamete donation, especially with regard to its natural right to know the donor. Children only have the right to know the donor of the gametes from which it originated in countries, where the donation is not anonymous.. For these countries, the Czech republic does not belong. Seeking an answer to the question whether it is these children's natural right to know the identity of the donor, is started from how the natiral law is understood in general and also from a bio-psycho-social needs that children have. The work also includes a description of an exploratory survey realized in one of the reproductive clinics. Through survey, Infertile couples commented on the topic of organ donation and the possibility to confer children the natural right to know their biological parents.

Vers des communications anonymes et efficaces / Toward anonymous and efficient communications

Berthou, Gautier

21 January 2014

Cette thèse porte sur la transmission d'informations dans les réseaux d'ordinateurs. Nous nous sommes plus particulièrement penchés sur deux aspects de ce problème : les communications anonymes sur Internet en présence de nœuds rationnels (aussi appelés “égoïstes") et la diffusion à ordre uniformément total dans le cadre d'une grappe de machines. Concernant le premier aspect, nous avons constaté qu'il n'existait pas de protocole de communications anonymes fonctionnant en présence de nœuds rationnels et capable de monter en charge (c'est à dire de fonctionner efficacement en présence d'un grand nombre de noeuds). Nous avons donc proposé RAC, le premier protocole de communications anonymes capable de monter en charge et fonctionnant en présence de nœuds rationnels. Concernant le deuxième aspect, nous avons constaté qu'il n'existait pas de protocole de diffusion à ordre uniformément total assurant à la fois un débit optimal et une latence faible. Nous avons donc proposé FastCast, le premier protocole de diffusion à ordre uniformément total garantissant un débit optimal tout en assurant une latence faible. / This theses focuses on information dissemination in computer networks. We study two aspects of this topic : anonymous communication on Internet in presence of rational nodes and uniform total order broadcast in a computer cluster. Concerning the first aspect, we observed that no anonymous communication protocol is capable of working in presence of rational nodes while scaling existed. Therefore, we proposed RAC, the first anonymous communication protocol functioning in presence of rational nodes and able of scaling. Concerning the second aspect, we observed that no existing uniform total order broadcast protocol is capable of ensuring both a good latency and an optimal throughput. In order to fill this lack we proposed FastCast, the first uniform total order

Byzantin

Rationel

Anonymat

Diffusion à ordre total

Efficacité en latence

Efficacité en débit

Byzantin

Rational

Anonymity

Total order broadcast

Latency-efficiency

Throughput-efficiency

004

Signature et identification pour l'anonymat basées sur les réseaux / Lattice-based signature and identification schemes for anonymity

Bettaieb, Slim

26 September 2014

La cryptographie basée sur les réseaux a connu depuis quelques années un très fort développement notamment du fait qu’il existe des systèmes cryptographiques basés sur les réseaux avec des propriétés de sécurité plus fortes que dans les cas plus classiques de théorie des nombres. Les problèmes difficiles des réseaux, par exemple le problème de trouver des vecteurs courts non nuls, semblent résister aux attaques utilisant des ordinateurs quantiques et les meilleurs algorithmes qui existent pour les résoudre sont exponentiels en fonction du temps. L’objet de cette thèse est la construction de primitives cryptographiques à clé publique pour l’ano- nymat dont la sécurité repose sur des problèmes difficiles des réseaux.Nous nous intéressons aux schémas de signature de cercle. Tout d’abord, nous proposons une nouvelle définition d’anonymat et nous exposons un nouveau schéma de signature de cercle. Ensuite, nous donnons une étude de sécurité rigoureuse suivant deux définitions de résistance la contrefaçon. La première est la résistance à la contrefaçon contre les attaques à sous-cercles choisis et la deuxième est la résistance à la contrefaçon contre les attaques de corruption interne.Nous présentons ensuite un nouveau schéma d’identification de cercle et nous développons une analyse complète de sa sécurité. Enfin, nous montrons que les techniques utilisées pour construire le schéma précédent peuvent être utilisées pour construire un schéma d’identification de cercle à seuil. / Lattice-based cryptography has known during the last decade rapid develop- ments thanks to stronger security properties. In fact, there exist lattice-based cryp- tographic systems whose security is stronger than those based on the conventional number theory approach. The hard problems of lattices, for example the problem of finding short non-zero vectors, seems to resist quantum computers attacks. Mo- reover, the best existing algorithms solving them are exponential in time. The pur- pose of this thesis is the construction of public key cryptographic primitives for anonymity, whose security is based on the latter.In particular, we are interested in ring signature schemes. First, we propose a new formal definition of anonymity and we present a new ring signature scheme. Second, we give a rigorous study of security, following two definitions of unfor- geability. The first of which is unforgeability against chosen-subring attacks and the other one is unforgeability with respect to insider corruption.Afterwards, we present a new ring identification scheme and we develop a full analysis of its security. Finally, we show that the techniques used to build this scheme, can be used to construct a threshold ring identification scheme.

Cryptographie à clé publique

Réseaux

Signature de cercle

Anonymat

Sécurité prouvée

Lattices

Ring signature

Anonymity

Provable security

005.8

A multi-theoretical perspective on IS security behaviors

Moody, G. (Gregory)

12 October 2011

Abstract Increasingly, organizations and individuals rely upon technologies and networks more and more. Likewise, these environments are infested with more dangers, which could be avoided if computer users were to follow general security guidelines or procedures. Despite the ever-increasing threat, little research has addressed or explained why individuals purposefully engage in behaviors that make them more vulnerable to these threats, rather than avoiding or protecting themselves from such threats. Despite the advantage that could be afforded by understanding the motivations behind such behaviors, research addressing these behaviors is lacking or focused on very specific theoretical bases. This dissertation addresses this research gap by focusing on security-related behaviors that have yet to be addressed in this research stream, and by using novel theoretical perspectives that increase our insight into these types of behaviors. Four studies (n =  1,430) are tested and reported here that support the four behaviors and theoretical perspectives that are of focus in this dissertation. By considering additional theories, constructs, and theoretical perspectives, this dissertation provides several important contributions to security-related behaviors. The results of this study provide new insights into the motivations behind the purposeful enactment of behaviors that increase one’s vulnerability to technological threats and risks. / Tiivistelmä Organisaatiot ja ihmiset ovat yhä enenevissä määrin riippuvaisia teknologiasta ja tietoverkoista. Tällöin he myös kohtaavat entistä enemmän tietoturvariskejä, joita olisi mahdollista välttää noudattamalla tietoturvaohjeita ja -politiikkoja. Huolimatta näistä jatkuvasti yleistyvistä riskeistä, tähän mennessä ei juurikaan ole tehty tutkimusta, joka selittää ihmisten tietoista tietoturvaohjeiden ja -politiikkojen laiminlyöntiä, joka altistaa heidät tietoturvariskeille. Aikaisempi ihmisten tietoturvakäyttäytymisen syiden ymmärtämiseen keskittyvä tutkimus tarkastelee ilmiötä yksipuolisesti tiettyihin teoreettisiin lähtökohtiin nojautuen. Tämä väitöskirjatyö tarkastelee ihmisten tietoturvakäyttäytymisen syitä uudesta teoreettisesta näkökulmasta. Väitöskirja sisältää neljä tutkimusta (n = 1430), jotka tarkastelevat erityyppistä tietoturvakäyttäytymistä erilaisista teoreettisista lähtökohdista. Väitöskirja täydentää olemassa olevaa tietoturvakäyttäytymisen tutkimusta uusien teorioiden, käsitteiden ja teoreettisten näkökulmien avulla.

anonymity

behavior

control

control balance theory

extended parallel processing model

risk

security

theory of interpersonal behavior

trust

whistle blowing

tietoturva

tietoturvakäyttäytyminen

tietoturvariskit