A Secure Mechanism for Big Data Collection in

A Secure Mechanism for Big Data Collection in Large Scale Internet of Vehicle Author: Longhua Guo, Mianxiong Dong, Kaoru Ota, Qiang Li, Tianpeng Ye, Jun Wu, Jianhua Li Publisher: IEEE 2017 Presenter: 柯懷貿 Date: 2018/10/17 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R. O. C.

Introduction l With the rapid development of Internet of Things (Io. T) , Internet of Vehicles (Io. V) also become an important issue. l The increasing number of vehicles collect data from different time, location and various attributes to central processing system using particular sensors and devices, which converges big data of heterogeneous nature with variation in size, volume, and dimensionality. l The collected contents involve not only personal privacy, but also important data including vehicle running parameter which is closely related to traffic safety. National Cheng Kung University CSIE Computer & Internet Architecture Lab 2

Basic architecture of Io. V l As an extended application of Io. T, the basic architecture of the Io. V including vehicle nodes, sink nodes, and big data center. l Other ad hoc networks are hard to build accurate neighborhood with dynamic and changing node topological structure. l Moreover, Doppler effect has bad influence to the efficiency of information collection and exchange. National Cheng Kung University CSIE Computer & Internet Architecture Lab 3

Security Requirements for Io. V l l l Authentication Integrity Confidentiality Nonrepudiation Authorization These data from large scale Io. V will be collected by big data center with secure protection and stored in distributed storage system using Hadoop architecture. National Cheng Kung University CSIE Computer & Internet Architecture Lab 4

Initialization National Cheng Kung University CSIE Computer & Internet Architecture Lab 5

First-Time Logon l Ts guarantees the time-efficiency when nonsense resists replay attack. l If the messages are legal from valid account, the big data center generates the unique key_sc. l pk_veh encrypts key_vc as m 3 which is used for protecting the messages between vehicle node and big data center. National Cheng Kung University CSIE Computer & Internet Architecture Lab 6

Logon Once Again l When the vehicle nodes access to the new arriving sink node with another logon, proposed scheme simplifies the logon process. l If the ID in certificate matches with that in m 2 and the timestamp does not exceed the period limit, the vehicle will be regarded as legal node and log in the system and update the session key. National Cheng Kung University CSIE Computer & Internet Architecture Lab 7

Secure Data Collection l The business data like temperature parameters can be transferred in plain text form while confidential data has to be transferred in cipher text form. l To improve the calculation efficiency, hash value of m 4 is utilized for calculating the HMAC l HMAC helps prevent tampering with data and guarantee the identity of data sender. National Cheng Kung University CSIE Computer & Internet Architecture Lab 8

Secure Data Collection l A random key, Tk, is shorter than m 4, the utilization of Tk decrease the calculation complexity. National Cheng Kung University CSIE Computer & Internet Architecture Lab 9

Secure Data Storage l Hadoop distributed file system enjoys great popularity in big data systems. l Name. Node is master node in charge of managing file system; Data. Node is utilized for data file storage. l key_vc works as certificate for controlling the big data application’s access and also can decrypt ciphertext form of confidential data. National Cheng Kung University CSIE Computer & Internet Architecture Lab 10

Security Analysis l Brute force fails because of outside certification authority. l Replay attack fails because certificate and Ts are also required for checking the identity of the vehicle nodes. l MITM fails because session key and signature are used. l Masquerade attack fails because it cannot pass the authentication. l Manipulation attack fails because it’s hard to forge the packet or path. National Cheng Kung University CSIE Computer & Internet Architecture Lab 11

Efficiency Analysis l Single sign-on algorithm, message digest, and random key (Tk) are designed to improve the efficiency of the secure big data collection process. l Single sign-on algorithm contributes to the simplification of logon process which m 2 will certificate the valid identity for the vehicle node while the certification of new sink node will be sent back afterward. l Message digest is utilized for decreasing the length of exchanged message by calculating hash value of m 4 which is far shorter than the concatenation of vehicle node’s ID and M 1. National Cheng Kung University CSIE Computer & Internet Architecture Lab 12

Performance Evaluation National Cheng Kung University CSIE Computer & Internet Architecture Lab 13

Performance Evaluation l The asymmetric encryption costs much more than the symmetrical encryption does. Therfore, the sink node’s logon time cost and vehicle node’s logon time cost for the first time more than that of other phases. National Cheng Kung University CSIE Computer & Internet Architecture Lab 14

Performance Evaluation l Compared with mutual authentication (MA), the proposed mechanism just designs an interaction with the new sink node for vehicle node while a tripartite interaction is required in the traditional sign-on. l Though the computing time for SSO is shorter than MA, the transmission of certificate costs more time because SSO algorithm is designed to transfer certificate twice. National Cheng Kung University CSIE Computer & Internet Architecture Lab 15

Performance Evaluation National Cheng Kung University CSIE Computer & Internet Architecture Lab 16

Performance Evaluation l The transmitting time of data collection increases when the growing of collected data size transferring in cipher text form which is required to encrypt. National Cheng Kung University CSIE Computer & Internet Architecture Lab 17

Performance Evaluation l the transmitting time of data collection increases when the growing of collected data size transferring in cipher text form which is required to encrypt. National Cheng Kung University CSIE Computer & Internet Architecture Lab 18