Privacy-preserving authentication methods

Abstract

The last century of the technology age has introduced us to many trends that will shape our future. The Internet is not only limited to our computers, but almost every device we use in our daily lives now has an Internet connection. Smartphones, smartwatches, connected cars, smart home technologies, and even smart kitchen appliances are part of the lives of most of us. While the number of IoT devices is measured in billions today, it is an inevitable and expected reality that this number will increase exponentially. These devices that make our lives easier and contribute to our quality of life may not be as innocent as they seem. We share all kinds of personal data with these technological devices: from our sleep patterns to our pulse, from our home temperature to our home/vehicle location, how often we clean our house, what we eat for dinner and more. At this point, concerns about the security of our personal data have a seriously important place. Information security on a system is ensured by the concept called the CIA triad, which includes the concepts of confidentiality, integrity, and accessibility. The concept of information security ensures that data can only be accessed by authorized persons and institutions without compromising its integrity and that it cannot be accessed by unauthorized persons through various security mechanisms. Security mechanisms include various cryptographic algorithms, and the security of these cryptographic algorithms depends on some mathematical problems that are considered hard. However, some of these traditional methods are applicable to devices that do not have any energy restrictions, such as computers or servers. Considering the processing power and energy capacity of devices in an IoV environment, security solutions currently used in information technology will remain dysfunctional. The first step in protecting information is establishing secure communication and properly authenticating the identity of the related person. From the past to the present, cryptographic algorithms have been employed in authentication systems. These algorithms, as mentioned above, are based on the hardness of various mathematical problems. For example, while the security of the RSA algorithm is based on the difficulty of factoring large numbers, the security of the Diffie-Hellman key exchange algorithm is directly proportional to the difficulty of solving the discrete logarithm problem. Although these algorithms ensure the security of the systems at some level, they are quite costly in terms of computational load. Considering the nature of today's technological devices, integrating these algorithms will not be feasible. At this stage, a research area emerges regarding security algorithms to be employed for devices with high mobility and limited resources. The IoV concept, which is a sub-branch of the IoT concept, has become more popular recently, but there is still a lack of studies on the IoV environment. Practically applicable research that can meet the requirements of these devices will shed light on our future. The method proposed within the scope of the thesis targets connected autonomous vehicles, IoV environments, and platooning concepts in IoV environments as its application area. The method proposes a privacy-preserving group-based authentication scheme. The working principle of the proposed method is based on certain pre-defined groups and the communication among these groups. Within the scope of the method, there are components such as vehicles, groups that include vehicles, group managers that manage and conduct the authentication processes in the groups, and RSUs. There are two basic steps in the method for a vehicle to join a group and perform authentication operations: the initial registration phase and the authentication or group handover phase. During the initial registration phase, the vehicle must receive a key pair from a certification authority, this key pair is used in legal situations. The key pair can only be used by legally authorized organizations to access the vehicle in cases such as traffic accidents or malicious usage of the vehicle. During the initial registration phase, the vehicle also receives a key pair containing the group's public and private keys, which are used for subsequent authentication and group handover operations. After the initial registration process, the vehicle is included in a group. The authentication operation for the future group handover process is conducted by the group manager. After the initial registration phase is successfully completed, the vehicle is involved in a group structure with other vehicles located in the same geographical location as the group manager. When the vehicle starts traveling and goes into the coverage area of another target group manager, it sends a group handover request to its own group manager. There is a secure communication channel between group managers, and the private function of the group is shared through this communication channel among these group managers. Then, the targeted group manager shares a temporary nonce value based on the timestamp with the vehicle. Then the vehicle generates a value by combining its secret key with the nonce value. The vehicle uses the generated value as a symmetric key, encrypts the own group secret key with this value, and sends it to the targeted group manager. The targeted group manager decrypts the encrypted data, compares the own calculated data and the vehicle's decrypted data, and thus authenticates the vehicle. The targeted group manager sends the new group information, that is, the group public and private key pair, to the successfully authenticated vehicle. Thus, the vehicle is now included in a new group. All these processes occur in under a millisecond. Therefore, it is a very advantageous method for an IoV vehicle with limited resources. The method is not only applicable candidate in the IoV environment but also in different systems where a group structure can be constructed. Additionally, a protocol for public transportation platoons in smart cities has been proposed as an application of the method proposed within the scope of the thesis. The symmetric key encryption algorithm employed during the authentication phase is left flexible depending on the configuration of the system to be integrated. However, in the proposed method and tests, the AES algorithm was utilized for symmetric key encryption. The scope of the thesis includes a literature review that encompasses many current studies relevant to various vehicle networks. In comparing the proposed method, some of these current methods were implemented. Comparisons are based on real-time analyses, with comprehensive result graphs and tables. Test results reveal the advantages of the privacy-preserving group-based authentication method compared to its alternatives. A detailed security analysis of the method demonstrates that it is an effective candidate for a security solution that is both resistant to known attacks and applicable to IoV systems.