Digital signatures are one of the fundamental security primitives in Vehicular Ad-Hoc Networks (VANETs) because they provide authenticity and non-repudiation in broadcast communication. However, the current broadcast authentication standard in VANETs is vulnerable to signature flooding: excessive signature verification requests that exhaust the computational resources of victims. In this paper, we propose two efficient broadcast authentication schemes, Fast Authentication (FastAuth) and Selective Authentication (SelAuth), as two countermeasures to signature flooding. FastAuth secures periodic single-hop beacon messages. By exploiting the sender's ability to predict its own future beacons, FastAuth enables 50 times faster verification than previous mechanisms using the Elliptic Curve Digital Signature Algorithm. SelAuth secures multi-hop applications in which a bogus signature may spread out quickly and impact a significant number of vehicles. SelAuth provides fast isolation of malicious senders, even under a dynamic topology, while consuming only 15%-30% of the computational resources compared to other schemes. We provide both analytical and experimental evaluations based on real traffic traces and NS-2 simulations. With the near-term deployment plans of VANET on all vehicles, our approaches can make VANETs practical.
This paper proposes novel certificate assignment strategies for use in vehicular networks in order to significantly reduce the complexity of managing the Public Key Infrastructure (PKI) framework. The strategy involves segmenting a country into a number of geographic regions, and the assignment of region-specific certificates to an OBU resident on a vehicle. A vehicle is also assigned multiple certificates corresponding to several regions in its vicinity as advance preparation for migration into nearby regions. Segmentation based on geographic regions is shown to significantly reduce the size of Certificate Revocation Lists (CRLs). Next, a scalable design for the backend Certifying Authority (CA) with region-based certificates is presented. The paper concludes with a simple analysis of the performance of the proposed strategies.
In this paper, several algorithms for batch verification of ECDSA signatures are studied. The first of these algorithms is based upon the naive idea of taking square roots in the underlying field. In order to improve the efficiency beyond what can be achieved by the naive algorithm, two new algorithms are proposed which replace square-root computations by symbolic manipulations. Experiments carried out on NIST prime curves demonstrate a maximum speedup of above six over individual verification if all the signatures in the batch belong to the same signer, and a maximum speedup of about two if the signatures in the batch belong to different signers, both achieved by a fast variant of the second symbolic-manipulation algorithm. In terms of security, all the studied algorithms are equivalent to standard ECDSA* batch verification. These algorithms are practical only for small (≤8) batch sizes. The algorithms are also ported to the NIST Koblitz curves defined over fields of characteristic
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.