Security And Privacy Preservation In Device-To-Device Communications

Recent demands on wireless and mobile communications motivate exploring new technologies to improve network performance in terms of overall throughput,spectrum utilization.Meanwhile,the appearance of new commercial services such as location-based social networking encourages us to explore new paradigms to meet user demands.Device-to-Device(D2D)communications have been proposed as one of the promising technologies for the next generation mobile communication networks and wireless systems(i.e.,5G)in order to motivate new mobile applications and service.D2D communications refer to a type of technology that enables devices in the vicinity to communicate directly with each other under control of existing network infrastructures,containing Access Points(AP),Base Stations(BS)and Core Networks(CN).It has shown great potential for reducing communication delay,improving communication capability,as well as fostering multifarious new applications and services.As a promising technology,D2D communications have drawn considerable attention in academia,industry and standard organizations in recent years.While there are significant benefits,new application scenarios and system architecture expose D2D communications into unique security and privacy threats comparing with traditional cellular communication systems.We focus on solving a number of key security and privacy issues in D2D communications in this dissertation,mainly including:1)In the aspect of D2D communications security structure,what security and privacy threats do D2D communications face,what security and privacy requirements should D2D communications satisfy and how to establish a security architecture,under which to solve security and privacy issues in D2D communications;2)With regard to two users communications under control of CN,how to establish a secure and privacy-preserving D2D communication session for two users in In-Coverage D2D communication scenario;3)In terms of ubiquitous D2D communications,how to address security issues caused by user roaming and inter-operator D2D communications;4)From supporting two users to multiple users,how to establish a secure and privacy-preserving D2D communication session for a group of D2D users;5)Finally,in the level of D2D communication applications,how to flexibly and efficiently protect and control access of communication data in Pervasive Social Networking(PSN),which is a promising application of D2D communications.In order to address these challenging issues,this dissertation analyzed security and privacy requirements and explores a security architecture for D2D communications,then designed a number of schemes for overcoming some corresponding security and privacy issues in D2D communications.The main contributions of this dissertation can be summarized as follows:First,we conducted an extensive survey on security and privacy in D2D communications.Based on application scenarios and use cases,we explored D2D security architecture,analyzed security and privacy threats,and then specified security and privacy requirements in D2D communications.Second,we proposed an anonymous authentication and key agreement protocol for two users in In-Coverage D2D communication scenario.In our protocol,two D2D users,which are in the coverage of Core Networking(CN),mutually authenticate with each other without leaking their real identities.At the same time,they negotiate a shared session key for secure communications in a D2D session without disclosing communication contents to CN.Our protocol seamlessly integrates pseudonym management,identity-based signature(IBS)and Diffie-Hellman key exchange algorithm into a highly flexible and efficient authentication and key establishment protocol.Formal security analysis and comprehensive performance evaluation showed the security and efficiency of our protocol.Third,we developed a general authenticated key agreement protocol for D2D communications under LTE security framework to guarantee system security and privacy in the scenario where user roaming and inter-operator operations occur.User roaming and inter-operator communication occur frequently in D2D communications due to user mobility and subscription into different operators.Our proposed protocol helps users to achieve mutual authentication during session key establishment process and session key generation under the control of CN.The protocol provides mutual authentication and key agreement for D2D communication no matter D2D users roam or not and no matter users belong to same or multi-operators.It also achieves privacy preservation for communication content,which means only users who participate directly into the D2D session can share the session key,CN or outside users have no knowledge of the session key and the communication content.The security of the proposed protocol was analyzed theoretically and verified by a formal security verification tool-AVI SPA and the performance of the protocol in terms of computation and communication costs were evaluated based on extensive analysis and simulations.The results showed the efficiency and practicality of the proposed protocol.Fourth,we proposed two privacy preserving authentication and key agreement protocols(PPAKA-HMAC and PPAKA-IBS)for D2D communications to achieve secure and anonymous D2D group communication.Group communications is a killer application of D2D communication.It can help more than two users to establish a D2D group communication session under control of CN.The users in the session are able to communicate with each other directly via direct D2D communication links.In the first protocol PPAKA-HMAC,we integrated pseudonym management,Hash-based Message Authentication Code(HMAC)and group key agreement into highly flexible and efficient authentication and key establishment protocol for D2D group communications.It achieves high efficient authentication and key agreement and prevents group session against external attacks.In order to address internal attacks raised by malicious group users,we developed PPAKA-IBS by improving PPAKA-HMAC.PPAKA-IBS takes advantage of Identity-Based Signature(IBS)instead of HMAC to achieve the mutual authentication among users.It supports internal attacks resistance and all security properties of PPAKA-HMAC with slight performance reduction.Fifth,we utilized two dimensions of trust levels evaluated by either a trusted server or individual Pervasive Social Networking(PSN)nodes or both to control D2D based PSN data access in a heterogeneous manner on the basis of Attribute-Based Encryption(ABE).PSN is a typical application of D2D communications.It intends to support instant social activities in a pervasive way at anytime and anywhere.In order to avoid malicious eavesdropping by untrustworthy nodes and protect data transmission and processing,it is essential to secure data communications in PSN.Our scheme overcomes the weakness of both centralized control means and pure distributed means.We formally prove the security of our scheme and analyze its communication and computation complexity.Extensive analysis and performance evaluation show that our proposed scheme is highly efficient and provably secure under relevant system and security models.