Efficient Broadcast Authentication Scheme Research Articles

An Efficient Broadcast Authentication Scheme in Wireless Sensor Networks

Abstract: Broadcast source authentication is a challenging topic in wireless sensor networks. This security service allows senders to broadcast messages to multiple receivers in a secure way. Although several authentication mechanisms have been proposed to address the need for security in WSNs, most of them are resource consuming and are inadequate for constrained environments. In this paper, we shed the light to the security vulnerabilities of symmetric key based authentication mechanisms, and their inability to tackle memory DoS attacks. Moreover, we provide a new efficient broadcast authentication scheme based on a Bloom filter data structure in order to reduce the communication overhead. Finally, we run a thorough set of simulations to assess the efficiency of our approach compared to some state of the art solutions in terms of energy consumption, communication and computation overhead. Our results provide insight into the suitability of our approach for use in WSNs.

PBA: Prediction-Based Authentication for Vehicle-to-Vehicle Communications

In vehicular networks, broadcast communications are critically important, as many safety-related applications rely on single-hop beacon messages broadcast to neighbor vehicles. However, it becomes a challenging problem to design a broadcast authentication scheme for secure vehicle-to-vehicle communications. Especially when a large number of beacons arrive in a short time, vehicles are vulnerable to computation-based Denial of Service (DoS) attacks that excessive signature verification exhausts their computational resources. In this paper, we propose an efficient broadcast authentication scheme called Prediction-Based Authentication (PBA) to not only defend against computation-based DoS attacks, but also resist packet losses caused by high mobility of vehicles. In contrast to most existing authentication schemes, our PBA is an efficient and lightweight scheme since it is primarily built on symmetric cryptography. To further reduce the verification delay for some emergency applications, PBA is designed to exploit the sender vehicle’s ability to predict future beacons in advance. In addition, to prevent memory-based DoS attacks, PBA only stores shortened re-keyed Message Authentication Codes (MACs) of signatures without decreasing security. We analyze the security of our scheme and simulate PBA under varying vehicular network scenarios. The results demonstrate that PBA fast verifies almost 99 percent messages with low storage cost not only in high-density traffic environments but also in lossy wireless environments.

EBAA: An efficient broadcast authentication scheme for ADS-B communication based on IBS-MR

Automatic dependent surveillance-broadcast (ADS-B) systems can broadcast satellite-based aircraft position, identification, etc., periodically, and are now on track to replace radar to become the backbone of next-generation air traffic management (ATM) systems. However, ADS-B systems suffer severe cyber-security problems due to the broadcast-type data link and the lack of designed-in security measures. Especially, since ADS-B messages are unauthenticated, it is easy to insert fake aircraft into a system via spoofing or insertion of false messages. Unfortunately, the authentication for ADS-B messages has not yet been well studied. In this paper, based on identity-based signature with message recovery (IBS-MR), an efficient broadcast authentication scheme for ADS-B messages is proposed. The security analysis demonstrates that the scheme can achieve authenticity and integrity of ADS-B broadcast messages, as well as adaptive evolution of broadcasters’ private keys. The performance evaluation shows that the scheme is computationally efficient for typical avionics devices with limited resources. Furthermore, the scheme achieves low communication overhead since broadcast messages can be recovered from signatures, and thus it is suitable for low-bandwidth ADS-B data link.

An Efficient Broadcast Authentication Scheme with Batch Verification for ADS-B Messages

As a cornerstone of the next generation air traffic management (ATM), automatic dependent surveillance-broadcast (ADS-B) system can provide continual broadcast of aircraft position, identity, velocity and other messages over unencrypted data links to generate a common situational awareness picture for ATM. However, since ADS-B messages are unauthenticated, it is easy to insert fake aircrafts into the system via spoofing or insertion of false messages. Unfortunately, the authentication for ADS-B messages has not yet been well studied. In this paper, we propose an efficient broadcast authentication scheme with batch verification for ADS-B messages which employs an identity-based signature (IBS). Security analysis indicates that our scheme can achieve integrity and authenticity of ADS-B messages, batch verification, and resilience to key leakage. Performance evaluation demonstrates that our scheme is computationally efficient for the typical avionics devices with limited resources, and it has low communication overhead well suitable for low-bandwidth ADS-B data link.