Differentiated Security Architecture for Secure and Efficient Infotainment Data Communication in IoV Networks

Introduction

This paper discusses a differentiated security architecture for securing infotainment data communication in Internet-of-Vehicle (IoV) networks. The key points are:

• IoV networks integrate Vehicular Ad-hoc Networks (VANET) and the Internet of Things (IoT), enabling information exchange between vehicles, pedestrians, and urban infrastructure. Infotainment systems in IoV use touchscreens, buttons, and audio/video interfaces to provide entertainment and driver assistance features.

• Infotainment data communication security has not received adequate attention, leaving IoV networks vulnerable to attacks like spreading false traffic information.

• The paper proposes a Quality-of-Security-Service (QoSS) approach, where security protections are tailored to the type and importance of the data being exchanged, similar to Quality-of-Service (QoS).

• The paper classifies IoV data communication into six categories and analyzes their different QoSS requirements in terms of confidentiality, integrity, and availability.

• The paper applies caching with Named Data Networking (NDN) to efficiently distribute infotainment data across the network.

• A differentiated security architecture is developed to provide appropriate security protections for different types of infotainment data.

• A time-sensitive Key-Policy Attribute-Based Encryption (KP-ABE) scheme is proposed for securing subscription-based infotainment data.

• Blockchain technology is integrated to manage access to subscription-based infotainment data and prevent revoked users from decrypting the content.

Related Work

The provided text discusses the Internet of Vehicles (IoV), which combines Vehicular Ad-hoc Networks (VANET) and the Internet of Things (IoT) to create a more intelligent and capable transportation network. IoV enables vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication, as well as vehicle-to-everything (V2X) which combines the advantages of both.

The text highlights the need for secure and efficient data exchange in IoV, as attackers could manipulate real-time traffic control messages or intercept subscription-based infotainment data. Named Data Networking (NDN) is proposed as a suitable candidate for resource optimization in IoV, as it performs information-centric networking and enables in-network caching of content.

Attribute-based Encryption (ABE) is discussed as a strategy for providing access restrictions to support subscriber-only access to infotainment services in IoV. The text explains the differences between Ciphertext-Policy ABE (CP-ABE) and Key-Policy ABE (KP-ABE), and proposes a time-sensitive KP-ABE approach to manage access to subscription-based infotainment data.

Finally, the text mentions that blockchain has been widely used in IoV for decentralized, secure, and transparent data access control and identity management. The authors leverage blockchain in their work to verify user identity, expected expiration, and transaction timestamps to prevent revoked users from accessing subscription infotainment data.

Overview of System Architecture

The provided text discusses the importance of providing infotainment services in the Internet of Vehicles (IoV) systems. It highlights the demand for a safer road environment and transportation infrastructure as the primary motivation for smart transportation. Additionally, secure communication with effective and efficient privacy protection and user anonymity is critical due to the dynamic and open environment in which these applications operate.

Motivated by these findings, the text proposes a differentiated security architecture for sharing infotainment data in IoV networks. The goal of this architecture is to provide a means for safe and efficient data exchange for public and subscription-based infotainment data, while private infotainment data should be protected using conventional authentication methods.

The paper proposes a differentiated security architecture for secure and efficient infotainment data communication in Internet-of-Vehicles (IoV) networks. It classifies different types of data exchanged in IoV networks and discusses their security and efficiency requirements. The key points are:

1. Private data (e.g., vehicle-to-everything private information) requires strong confidentiality and integrity protection, while traffic control messages need high integrity and availability. Public data (e.g., public traffic data) has lower security requirements.

2. The proposed approach leverages Named Data Networking (NDN) to enable efficient distribution of public and subscription-based infotainment data. It uses a time-sensitive Key-Policy Attribute-Based Encryption (KP-ABE) scheme to secure subscription-based infotainment data.

3. For public infotainment data, the system stores a digitally signed directory of resource names and hash values at roadside units (RSUs). IoV users can verify the integrity of downloaded files by checking against this directory.

4. The proposed time-sensitive KP-ABE scheme allows content providers to set time validity on their subscription-based content. It provides efficient decryption compared to other revocable ABE schemes, which is crucial for the short-term availability requirement in IoV networks.

5. The security analysis shows the proposed scheme is secure under the modified decisional q-parallel-BDHE assumption. The efficiency evaluation indicates the scheme has comparable public key size and ciphertext size, and significantly better decryption time compared to other revocable ABE schemes.

Time-sensitive KP-ABE Scheme

This section introduces a Key-Policy Attribute-Based Encryption (KP-ABE) scheme for secure distribution of subscription-based infotainment data in Internet of Vehicles (IoV) networks. The scheme uses a Hierarchical Identity-based Encryption (HIBE) approach to control the time validity of the infotainment files.

The time periods are represented by a hierarchical tree with one root node and up to three levels of non-root nodes. The first level represents years, the second level represents months, and the third level represents days. The scheme uses a set-cover approach to select the minimum number of nodes to represent all the valid time periods, which can effectively reduce the number of key generations required.

The scheme consists of four algorithms: Setup, KeyGen, Encrypt, and Decrypt. The Setup algorithm generates the public parameters and master key. KeyGen generates a user's private key based on their pseudo-identity, access structure, and set of decryptable time periods. Encrypt uses the public parameters to encrypt a plaintext message (typically an AES key) associated with a set of attributes and a set of decryptable time periods. Decrypt allows a user to decrypt the ciphertext if their access policy and time period are valid.

The security of the scheme is based on the modified decisional q-parallel-BDHE assumption. An efficiency analysis is provided, comparing the scheme with other revocable ABE schemes. The proposed scheme is shown to be efficient in terms of public key size and decryption time, which are important considerations for the IoV context.

Conclusion

Appendix 0.A Summary of math notation and symbols