Explore the vast range of titles available.

Vehicular Ad hoc Networks (VANETs) are special kind of Mobile Ad hoc Networks (MANETs), where vehicles communicate with each other in ad hoc formation. VANETs consist of Vehicles and Road Side Units (RSUs) that assist in the network management. Vehicles communicate with each other and RSUs, with the aim to provide infotainment and safety services on road. Security is an important consideration in VANETs as safety of humans (passengers) is an important issue. Vehicular Public Key Infrastructure (VPKI) is an adapted form of Public Key Infrastructure (PKI) used to achieve the key management and security services in VANETs. Certificate generation and revocation is one of the primary functions of VPKI. Certificate revocation is used for revoking the malicious nodes and terminate their access rights to the network. In this paper we classify revocation schemes in a novel way into centralized and decentralized manners. This paper covers a survey of different certificate revocation schemes, and provides an overview of the research in the area of certificate revocation in VANETs.

Nowadays, wireless sensor networks (WSN) are widely used in agriculture monitoring to improve the quality and productivity of farming. In this application, sensors gather different types of data (i.e., humidity, carbon dioxide level, and temperature) in real-time scenarios. Thus, data gathering, transmission, and rapid response to new circumstances require a secured data mechanism to avoid malicious adversaries. Therefore, this paper focuses on data security from the data origin source to the end-user, and proposes a general data security model that is independent of the network topology and structure, and can be widely used in the agriculture monitoring application. The developed model considers practical aspects, the architecture of the sensor node, as well as the necessity to save energy while ensuring data security, and optimize the model through the application of organizational and technical measures. The model evaluation is conducted through simulation in terms of energy consumption. The result shows that the proposed model ensures good data security at the cost of a slight increase in energy consumption at receiver and sender nodes, and energy consumption per bit, up to 2%, 7%, and 1.3%, respectively, due to overhead added for authentication in the network.

Symmetric cryptographic schemes such as RSA and ECDSA (Elliptic Curve Digital Signature Algorithm), used for digital signatures in protocols like TLS, DTLS, and secure messaging, are computationally intensive. This makes them unsuitable for constrained environments, such as the Internet of Things (IoT) and the Internet of Vehicles (IoV). This study introduces a blockchain-based framework that utilizes the Ethereum network to store and verify public keys associated with digital certificates. By replacing signature decryption with blockchain-based public key verification, the solution significantly reduces cryptographic overhead and latency in V2V messages. It supports various certificate formats, including Public Key Infrastructure (PKI)/Certificate Authority (CA) certificates such as X.509 and L-ECQV, as well as self-signed certificates. Applications include secure communication protocols like Datagram Transport Layer Security (DTLS)/Transport Layer Security (TLS), V2V mutual authentication in V2X messaging, and lightweight certificate management within IoT ecosystems. Empirical results show that the DTLS handshake with this scheme is reduced from 12 s to less than 6 s. Additionally, it enables vehicles and IoT devices to perform one-time signature verification with minimal latency in V2V messaging, demonstrating significant performance improvements for high-density deployments involving mutual authentication between IoT devices and V2V communication.

In this work, a secure architecture to send data from an Internet of Things (IoT) device to a blockchain-based supply chain is presented. As is well known, blockchains can process critical information with high security, but the authenticity and accuracy of the stored and processed information depend primarily on the reliability of the information sources. When this information requires acquisition from uncontrolled environments, as is the normal situation in the real world, it may be, intentionally or unintentionally, erroneous. The entities that provide this external information, called Oracles, are critical to guarantee the quality and veracity of the information generated by them, thus affecting the subsequent blockchain-based applications. In the case of IoT devices, there are no effective single solutions in the literature for achieving a secure implementation of an Oracle that is capable of sending data generated by a sensor to a blockchain. In order to fill this gap, in this paper, we present a holistic solution that enables blockchains to verify a set of security requirements in order to accept information from an IoT Oracle. The proposed solution uses Hardware Security Modules (HSMs) to address the security requirements of integrity and device trustworthiness, as well as a novel Public Key Infrastructure (PKI) based on a blockchain for authenticity, traceability, and data freshness. The solution is then implemented on Ethereum and evaluated regarding the fulfillment of the security requirements and time response. The final design has some flexibility limitations that will be approached in future work.

How to achieve secure content distribution and accountability in information-centric networking (ICN) is a crucial problem. Subscribers need to verify whether the data came from a reliable source, rather than from a spoofing adversary. Public key cryptography was introduced to achieve a method of authentication that binds the data packet to its owner. In existing prototypes, PKIs, identity-based signatures (IBSs) and recommendation networks are the common schemes used to ensure the authenticity and availability of public keys. However, CA-based PKIs and KGC-based IBSs have been proven to be weak when it comes to resisting security attacks, with recommendation networks being too complex to deploy. In this respect, we designed a novel distributed authentication model as a secure scheme to support public key cryptography. Our model establishes a decentralized public key infrastructure by combining the smart contracts of blockchain and optimized zero-knowledge proof-verifiable presentations by utilizing the DID project, which realizes the management of public key certificates through blockchain and ensures the authenticity and availability of public keys in decentralized infrastructure. Our scheme fundamentally solves the issues of security and feasibility in existing schemes and provides a more scalable solution with respect to authenticating data sources. An experiment demonstrated that our proposal is 20% faster than the original zero knowledge proof scheme in registration.

The rapid advancements in computer systems and wireless sensor networks (WSNs) motivate many intelligent transportation systems (ITSs) applications in smart cities, such as vehicular ad hoc networks (VANETs). The WSN supports data exchange between mobile vehicles and servers to provide effective traffic control and smooth service for VANET users. However, the vehicle environment still faces many challenges. One of the VANET concerns is the privacy and security of data flows from heterogeneous systems. Therefore, we suggest a Provably Online/Offline Signcryption (POOSC) protocol for vehicular communication in VANET to preserve data confidentiality and ciphertext unforgeability. In this architecture, the transmitter registered in the Identity-Based Cryptosystems (IBC) environment can safely and efficiently communicate with the receiver in the Public-Key Infrastructure (PKI) environment despite the limitations and challenges of heterogeneous systems. In a Random Oracle Model (ROM), we show that our protocol is safe against Indistinguishability-Adaptive Chosen-Ciphertext Attacks (IND-CCA2) under the Computational Diffie–Hellman (CDH) assumption and Existential Unforgeability-Adaptive Chosen Message Attacks (EUF-CMA) under the Discret-Logarithm (DL) assumption. Moreover, the POOSC protocol overcomes the certificate authority burden. Besides, we designed the POOSC protocol with a free pairing that achieves low computation cost and better scalability for VANET environments. The POOSC effectively meets non-repudiation, integrity, and authentication in a logically single step.

Abstract Public key infrastructure (PKI) is the foundation of secure and trusted transactions across the Internet. This paper presents an evaluation of web-based PKI incidents in two parts. We began with a qualitative study where we captured security and policy experts' perceptions of PKI in a set of interviews. We interviewed 18 experts in two conferences who include security academics and practitioners. We describe their perceptions of PKI failures. To evaluate whether perceived failures match real documented failures, we conducted a quantitative analysis of real-world PKI incidents on the web since 2001. Our data comprise reports from Bugzilla, root program operators, academic literature, security blogs, and the popular press. We determined the underlying causes of each and reported the results. We identified a gap between experts' perceptions and real-world PKI incidents. We conclude that there are significant sources of failures of PKI that neither the usability nor traditional computer security community is engaging, nor can arguably engage separately. Specifically, we found incidents illustrate systematic weaknesses of organizational practices that create risks for all who rely upon PKI. More positively, our results also point to organizational and configuration choices that could avoid or mitigate some of these risks. Thus, we also identify immediate mitigation strategies (where feasible).

Owing to the expansion of non-face-to-face activities, security issues in video conferencing systems are becoming more critical. In this paper, we focus on the end-to-end encryption (E2EE) function among the security services of video conferencing systems. First, the E2EE-related protocols of Zoom and Secure Frame (SFrame), which are representative video conferencing systems, are thoroughly investigated, and the two systems are compared and analyzed from the overall viewpoint. Next, the E2EE protocol in a Government Public Key Infrastructure (GPKI)-based video conferencing system, in which the user authentication mechanism is fundamentally different from those used in commercial sector systems such as Zoom and SFrame, is considered. In particular, among E2EE-related protocols, we propose a detailed mechanism in which the post-quantum cryptography (PQC) key encapsulation mechanism (KEM) is applied to the user key exchange process. Since the session key is not disclosed to the central server, even in futuristic quantum computers, the proposed mechanism, which includes the PQC KEM, still satisfies the E2EE security requirements in the quantum environment. Moreover, our GPKI-based mechanism induces the effect of enhancing the security level of the next-generation video conferencing systems up to a quantum-safe level.

In the proposed protocol, a trusted entity interacts with the terminal device of each user to verify the legitimacy of the public keys without having access to the private keys that are generated and kept totally secret by the user. The protocol introduces challenge–response–pair mechanisms enabling the generation, distribution, and verification of cryptographic public–private key pairs in a distributed network with multi-factor authentication, tokens, and template-less biometry. While protocols using generic digital signature algorithms are proposed, the focus of the experimental work was to implement a solution based on Crystals-Dilithium, a post-quantum cryptographic algorithm under standardization. Crystals-Dilithium generates public keys consisting of two interrelated parts, a matrix generating seed, and a vector computed from the matrix and two randomly picked vectors forming the secret key. We show how such a split of the public keys lends itself to a two-way authentication of both the trusted entity and the users.

Since the roadside infrastructure and vehicles come from different manufacturers, vehicular ad hoc networks (VANETs) now are extremely heterogeneous. It is difficult to communicate securely for heterogeneous facilities in VANETs because secure communication needs to concurrently realize confidentiality, authentication, integrity, and non-repudiation. To meet the above security attributes in one logical step, four bi-directional signcryption schemes are proposed for specific heterogeneous vehicle to infrastructure (V2I) communication in this paper. The first scheme supports batch verification, which allows multiple vehicles registered in a public key infrastructure (PKI) system to transmit messages to a receiver in an identity-based cryptosystem (IBC), both which are the mainstream public key cryptosystems. The second scheme supports a sender in a PKI to securely broadcast a message to multiple vehicles in an IBC. The communication direction of the latter two schemes is opposite to the former two schemes (i.e., from IBC to PKI). All these schemes can be proved to satisfy confidentiality and unforgeability based on the assumptions of decisional and computational Diffie-Hellman problems in the random oracle model. Furthermore, numerical analyses and simulation results demonstrate the computation costs, communication costs, storage, and the aggregate ciphertext length of our schemes are better than the existing ones.