Reducing death rate and avoiding congestion on roads is
key objective of vehicular network. Security and trust are
becoming increasingly key challenges in vehicular network.
The main idea behind trusted computing is the hardware based
TPM which contains active security modules that supports
chain of trust to be built within components of the network. In
this paper we present a new model for chain of trust within
vehicular to handle all types of attacks and maintain the
integrity of safety messages. DAA scheme develop the chain of
trust and also to solve the problem of privacy of users while
communicating with other vehicles or with RSU.
Reducing death rate and avoiding congestion on roads is
key objective of vehicular network. Security and trust are
becoming increasingly key challenges in vehicular network.
The main idea behind trusted computing is the hardware based
TPM which contains active security modules that supports
chain of trust to be built within components of the network. In
this paper we present a new model for chain of trust within
vehicular to handle all types of attacks and maintain the
integrity of safety messages. DAA scheme develop the chain of
trust and also to solve the problem of privacy of users while
communicating with other vehicles or with RSU.
Reducing death rate and avoiding congestion on roads is
key objective of vehicular network. Security and trust are
becoming increasingly key challenges in vehicular network.
The main idea behind trusted computing is the hardware based
TPM which contains active security modules that supports
chain of trust to be built within components of the network. In
this paper we present a new model for chain of trust within
vehicular to handle all types of attacks and maintain the
integrity of safety messages. DAA scheme develop the chain of
trust and also to solve the problem of privacy of users while
communicating with other vehicles or with RSU.
Irshad Ahmed Sumra, Halabi Hasbullah, Iftikhar Ahmad
Computer and Information Sciences Department Universiti Teknologi PETRONAS Bandar Seri Iskandar 31750, Tronoh, Perak, Malaysia. isomro28@gmail.com, halabi@petronas.com.my, wattoohu@gmail.com
Jamalul-lail bin Ab Manan Advanced Information Security Cluster MIMOS Berhad Technology Park Malaysia Kuala Lumpur, Malaysia jamalul.lail@mimos.my AbstractTodays VANET applications are vastly focused towards fulfilling users requirements on road and making their journey safe and comfortable. In particular, safety applications will provide secure information to users and introduce mechanisms to help reduce the death rate due to road accidents. The most important aspect in such environment is the integrity of this safety information; it must be at all times prevented from being altered by attackers. Attackers try to get benefits from the nature of open wireless medium to launch different kind of attacks in the network to achieve their specific goals. Current DSRC is used as a communication medium for sending the safety and non safety messages from vehicle to vehicle (V2V) and vehicle to infrastructure (V2I). With the introduction of trusted computing several years ago, Trusted Platform Module (TPM) is a security hardware that can potentially handle the software attacks on VANET and maintain the integrity of the data within vehicular network. The main idea behind trusted computing is the hardware based TPM which contains active security modules that supports chain of trust to be built within components of the network. We propose a new model for chain of trust within vehicular to handle all types of attacks and maintain the integrity of messages. Direct Anonymous Attestation (DAA) digital group signature scheme play a key role for developing web of trust and provides security and privacy for vehicle. Keywords- Vehicular Ad hoc Network (VANET); Safety Applications; Security Attackers; Trusted Platform Module (TPM);Trust; I. INTRODUCTION Vehicular Ad hoc Network (VANET) applications are broadly categorized into safety and non safety applications. Safety applications are very important because it provides information to users that directly relate to users and safe their lives. Security is important issue especially in this kind of network where altering the contents of the message would create problem for users. The role of Dedicated Short Range Communication (DSRC) frequency band is important for vehicles to communicate with other vehicles and infrastructure. Seven channels are categories into safety and non safety channels to meet the requirements of safety and non safety applications [1]. Confidentiality, Authentication, Availability, Privacy and Integrity are the basic requirements [2] for safety and non safety applications. The role of integrity is prominent in vehicular environment and content of the message should not alter from sender to receiver. If the content of the message is changed then the network is no more reliable. Vehicle is the basic entity module of the vehicular network that starts communication. A vehicle which specifically uses VANET services is different from other vehicles because it has additional embedded sensors and security modules. Most of the sensors are used for communication purposes. The major requirement for creating a reliable safety condition on the road is that vehicle should be trusted and these vehicles must build a chain of trust in network. We noted that existing modules within VANET which include Event Data Recorder (EDR) and Temper Proof Device (TPD) are used in vehicles [3] but they do not provide the required trusted environment that can ensure the integrity of data flow within the network. Past research works [4, 5, and 6] have proposed the use of TPMs for this purpose. In this paper we explore the use of Chain of Trust in VANET to achieve data flow integrity, and hence a safer road environment. The rest of the paper is divided into the following sections. Section II is describes the concept of trust and trusted computing in vehicular environment. Section III is based on related work and Section IV we propose the chain of trust model concept and discuss the digital group signature scheme DAA. Section V concludes the paper. II. TRUST AND TRUSTED COMPUTING Trust is the key element of security and defined as a system or component is one that behaves in expected manner for particular purpose [7, 8, 9]. Considering this definition in the context of VANET, we may define that all components of the network (vehicles and infrastructure) are behaving in an expected manner (trusted communication between the components) and serve users and save human lives. We also define Trustworthy as a system or components of the system (vehicles and infrastructure) that behave in an expected manner. There are two types of trust i.e. static and dynamic trust [10]. Static trust provides evidence as a platform is capable of behaving properly. But dynamic trust depends on dynamic collection of different behaviors/evidences that provide the information whether a platform is trusted or not. Trusted Computing Group (TCG) promotes trusted computing for the sake of information security. TPM is small tamper evident cryptographic chip and perform all security functions like creating and storing keys, digital signing, identity authentication and providing algorithms for cryptographic (RSA,SHA-1,HMAC) and last important task is to measurement of integrity of data [11].Trusted Computing (TC) This work is funded by Universiti Teknologi PETRONAS Postgraduate Assistantship Scheme. 978-1-4577-0069-9/11/$26.00 2011 IEEE is the process of enhancing security with the help of hardware module i.e. TPM. TPM is used in vehicles and provides a foundation of trust for software running in vehicle platform. It protects the information from software based attacks and physical theft. The objective of trusted computing is to collect and provide evidences of behavior to user. The trusted computing defines two basic properties in vehicular environment which are given below [12, 13]. Sender who sends the messages (safety or non safety) in vehicle to vehicle (V2V) or vehicle to infrastructure (V2I) is accepted as a trusted entity. The contents of the message source is not changed during transmission, it meets the integrity requirement. III. RELATED WORK Smart vehicle used many embedded hardware modules. Trusted Platform Module (TPM) is one of the trusted hardware modules which are used in Pc and desktop and vehicles. G.Guette [14] described the main functionalities of TPM in vehicular network. They discussed in detail the security requirements and two possible application (Platoons and Event Reporting) in vehicular network. Main problem being highlighted was to maintain the integrity of data and ensure secure and trusted communication between other vehicles and also with infrastructure. The author also discussed thread model which contain attacks such as Sybil attack, node impersonation, sending false information and car tracking. Three security properties were presented. They include vehicle and it must have a unique identifier, ensuring the integrity of the messages which must be authentic with regards to vehicle identifier and lastly, to ensure the trustfulness of the content of the messages that must be verified. TPM-based solution is one of the more cost effective one which meets all security properties and handle with security threats. The main communication in VANET is divided into two: embedded sensors communicate with applications and applications communicate with TPM for signing data purposes. Endorsement key (EK) and Attestation identity key (AIK) are the two main keys that are used for signing and attestation purposes. Trusted application performs two types of communication, communication with sensors and with TPM. This type of communication is called inside communication and its purpose is to sign and keep the data safe in secure location. Trusted Application also communicates with application of the other vehicle using parameters such as Position, Signature and Credential. In [15], the author proposed TPM based security architecture to solve the issues of security and privacy for successful deployment of VANET technology. The main focus point is management of cryptographic keys to provide security and anonymity of vehicles communications. The proposed solution is based on several cryptographic key pairs and it is pre-loaded in a vehicle during manufacturing. The authors discuss some key design constraints of the solution which are given below: It provides the anonymity of inter-vehicular communication particularly and avoids the use of same cryptographic pseudonym for long period of time. An authorized administrator provides the entity of possibility to revoke the anonymity of a given message. It uses native TPM security mechanism. It has the possibility to downgrade the standard operation if an entity does not operate correctly. Authors mentioned some physical element and some other entities which are involved in proposed solution. TPM, memory stick and on-line server for the PCA are some of the physical elements of the proposed solution and Vehicle manufacturers, driver and mechanic, administration and PCA are entities used in it. An advantage of this proposed solution is that there is no need for infrastructure (RSU) along the road. Memory stacks replace the place of infrastructure (PCA) and store data about sensors and TPM keys. However, the solution is quite less practical because keys are preloaded in the vehicle during the construction phase and memory sticks are used to renew the certified keys to be used by the proposed protocol. Software stack is used to protect and store data in shielded locations. Inter-vehicle communication uses TPM keys for signing the messages, which means that only trusted vehicles can communicate. If one vehicle application sends request to the other vehicle it must first be signed using TPM keys. The other vehicle receives this message and verifies its certificates and signature. Vehicle to infrastructure communication also uses TPM keys to ensure a trusted communication. AVISPA and SPAN two security protocol simulator are used for simulation purposes and prove two properties of protocol. Session key shared by TPM and the PCA remains secret. Exchanged of AiK between the TPM and the PCA through the memory stick remains secret, until their first use in an inter-vehicular message. Stumpf et. al [16] presented a multi-layered security protocol that allows a vehicle to receive certificates which are used for transferring messages (traffic safety). Secure Revocable Anonymous Authenticated Inter-Vehicle Communication (SRAAC) proposed security and privacy protocol and this protocol combines with different types of signature schemes. Authentication Authority (AA), On-Board-Units (OBU) which are part of the vehicles and the Inter-Vehicle Communication Certificate Servers (ICS) are the three main entities of SRAAC an infrastructure. While the TPM is only able to generate RSA signatures and SRAAC protocol uses the Digital Signature Standard (DSS). Authors also introduce the faster and smaller cryptographic schemes to the TPM and that is probably needed to use it in the vehicular environment. Authors evaluate possible attacks (Arbitrary Validity Time, OBU Collusion Attack and Injecting False Safety Messages) on safety messages and as well as possible attacks on proposed protocol SRAAC. IV. PROPOSED CHAIN OF TRUST MODEL In the proposed Vehicular Web of TRUST (VWT) environment the each vehicle possess a Trust Module with a TPM inside it. Whenever vehicles start communication, first Trust Platform Module (TPM) measures the trust condition of the vehicle platform, also known as internal trust and then passes trusted information to TPMs of other vehicles. In concept, Vehicle Web of Trust is built on a web of many Trust Modules. The VWT is able to convey life critical information in a more secure and trusted manner.
Figure 1. Propose Vehicular Web of TRUST Levels of TRUST In our proposed Vehicular Web of Trust model, there are different levels of trusts. 1. Trust between TPMs and Vehicle Sensors 2. Trusted Medium (DSRC) 3. Trust between Vehicle to Vehicle (V2V) 4. Trust between Vehicle to Infrastructure (V2I)
1. Trust between TPM and Vehicle Sensors At first level TPM communicates with other TPMs of other vehicles. The vehicle TPM wants to make sure those specific sensors within the vehicle communicates securely. Trusted vehicles are different from normal vehicles because of their functional components such as many types of embedded sensors and processing units inside these vehicles and its communication abilities. Global Position System (GPS), Radar Systems (RSs) and Communication Facility (CF) are these modules which are used inside the vehicle. It is the responsibility of TPM to communicate with these modules and to build the web of trust within the trusted vehicles. Sensor Hardware On Board Unit (OBU) Software Application Sensor Hardware On Board Unit (OBU) Software Application Trusted Platform Module(TPM)
Figure 2. Chain of trust from sensor to OBU and OBU to sensors 2. Trusted Medium (DSRC) At the second level, the role of the channel medium is important, dedicated short range communication (DSRC) frequency band is used for all types of communication in VANET. DSRC provides multiple channels and its transmission ranges from 5.850 to 5.925 GHz. DSRC are divided into seven channels and each channel range is 10 MHz. Every vehicle in the network receives messages from other vehicles or from infrastructure. A secure and trusted content of message is the major concern of the users. The attackers will try hard to change the contents of the message and break the trust between the vehicles. When users receive any information (safety or non safety) from other vehicles or from infrastructure it must be trusted because user reacts according to the message. To establish the trust, we must provide secure and trusted channel (Trusted Medium) between the users in network. Whenever attackers launch any type of attack then we have the option of using others channels. Attackers will also use these channels and insert their false information to the network and create problems for legitimate users. Message exchange from vehicle to vehicle and vehicle to infrastructure should be reliable, accurate and confidential and this will be happened in the presence of secure communication medium. C. Laurendeau [17] explained the security threats in DSRC/wireless access in vehicular environment (WAVE). 3. Trust between Vehicle to Vehicle (Direct Trust) Peer to Peer (P2P) communication between vehicles in the network and develop the trust and web of trust is also called the Direct Trust. When users receive any message (Safety or Non Safety) from other vehicles or infrastructure, it should be trusted because users react according to the message. To establish the trust, it is required to provide trust between the users in V2V and V2I communication. The attackers try to change the contents of the message and break the trust between the vehicles. At third level is to build the trust with other vehicles as shown in Figure 3 which shows the Direct Trust in the network. Third level chain depends on the first and second level chain. For example, a trusted vehicle A communicates and does mutual attestation with vehicle B. Now that vehicle B becomes trusted and it does mutual attestation with vehicle C and so on. Finally peer to peer trust between vehicles makes a web of trust in the network. A B E D C
Figure 3. Vehicular Web of TRUST (VWT) 4.Trust between Vehicle to RSU (Indirect Trust) The objective of trusted infrastructure is to ensure the availability of the network and provide secure communication in the network. We can extend the web of trust from vehicle to infrastructure so that availability is ensured. The role of infrastructure is important to verify the vehicles and provide information related to safety and non safety applications. It is necessary for a vehicle to have TPM so that it communicates with the infrastructure and to build the trust with it. Road Side Unit (RSU), Cellular network; WiMAX and WiFi are some examples of infrastructure. Figure 4 explains the indirect trust between the vehicles to infrastructure. Vehicle A has done mutual attestation with RSU (infrastructure) and which then do mutual attestation with vehicle E in the network. In doing so, vehicle E is making trust indirectly via the infrastructure and establishes trust with vehicle E. Hence, another kind of trust in infrastructure has been established from vehicle E to Infrastructure. RSU A B D E C
Figure 4. Infrastructure Web of TRUST (IWT) Accessibility and availability of network are directly related with the users trust level. WiMAX and Cellular can also be utilized as part of Vehicle infrastructure. If a user wants to communicate with infrastructure for sending/receiving the information is hampered by an attack to the VANET infrastructure, we can switch to other communication channels such as WiMAX and Cellular. If channel jamming (Denial of Service attack) [18] happens, and the network is not available due to any attack then users trust is seriously affected. Direct Anonymous Attestation (DAA) TPM functionalities are used to provide security and it is used inside the vehicle. Privacy Certification Authority (PCA) is trusted third party and its purpose is to issue the certificate for AIK and verify the AIK which are used in different types of applications in the network. Guette and Heen [15] proposed the memory stick (USB) for saving AIK certificates. So we are proposing the Direct Anonymous Attestation (DAA) scheme for achieving the vehicular web of trust. DAA is a digital group signature scheme and it was originated by Brickell, Camenisch and Chen [19]. It provides the facility to a third party to validate the TPM, and check whether the user platform is genuine. In VANET environment, DAA can be considered for attesting a vehicle platform, and at the same time protecting the privacy of the user. Using of DAA we can develop the four level of trust in vehicular communication. DAA is combination of three modules with unique features. Direct mean without any trusted third party provide proof. Privacy Certificate Authority (PCA) is also one of the protocol that is used in TPM v.1.1 and problem with PCA is it is require for each authentication and without involvement of the PCA authentication task could not possible. In vehicular network environment authentication is very difficult task by using PCA. Due to high mobility vehicle and dynamic topology of the network, we could not reply third party for authentication of the vehicle. Anonymous describe that user privacy do not disclose and vehicular network peoples are more concern about their privacy while sending and receiving messages. Attestation is to verify membership claim from TPM. Attestation is the system ability to confirm the integrity of the certain types of information. Purpose of attestation is to ensure that software running in vehicle or any other information of sensors has not been changed in unintended manner. If malicious program alter the sorted information or applications then changes should be detected quickly [12]. Trusted Computing Group was adopted DAA as a method for remote anonymous authentication for Trusted Platform Module (TPM). This is suitable protocol in vehicular network. Types of Attestations Here some of the types of attestation are given below [10]. Attestation by TPM: it provides the proof of data that only known to TPM. Attestation to Platform: it provides proof that platform can be trusted to integrity metrics by using of platform credentials. Attestation of the Platform: it provides the proof of set of platforms integrity measurements. For the platform attestation TCG provide embedded endorsement key (EK) to prove that particular TPM is genuine [20].EK is not show the platform identity and attestation identity key (AIK) is describe the identity of the platform and also attest the properties of that platform [21]. Figure 5 explains the working of DAA by using of two TPM keys (Endorsement Key (EK) and Attestation Identity Key (AIK)). AIK is a TPM key that is used for attestation of current platform and its configuration. AIK sign the applications and these applications communicating with other vehicle (V2V) and also with infrastructure (RSU). AIK is also used as an alias for the endorsement key (EK). AIK is generated by the owner of TPM and it is non-migratable singing key. Multiple AIK can be generated by TPM. So using of DAA protocol our communication will be secured and data integrity (contents of the message and time value) is maintained.
Figure 5. DAA Communicating with other vehicle and RSU Digital Group signature scheme has the following properties: It is provided the facility to other third party to validate the TPM, check the user platform is genuine where TPM is resided. In VANET environment third party easily identify about any vehicle that these user have genuine platform or rogue TPM. At the manufacture time TPM is embedded into the vehicle and later attacker can physically change the TPM so DAA mechanism can find out this kind of problem. Police authority or car manufactures can validate the TPM without revealing the identity of the user. This is one of the benefits of this scheme. Time saving of communication with trusted third party (TTP) for authentication of the vehicles. Secure communication between the vehicles in the networks by using if DAA scheme. Its not easy for attackers to get the signature and modified the messages. Identical users platform makes different transactions using of different kind of AIKs and it is not link together. Even one vehicle creates multiple AIKs for signing different applications. These are following main four entities which are involved in DAA scheme; figure 6 show all entities of DAA scheme. 1. DAA issuer: this is first entity of DAA scheme and mostly it could be TPM manufacturer 2. TPM: it is security chip that generates DAA signature in DAA process mechanism. 3. Host: Host is a typically platform where TPM reside it and assist in join and sign process. TPM have very little capacity for storage and computation, so we involve host to solve the problem of computation and storage. 4. DAA verifier: It could be any external partner how verifies the DAA Signature. Now we discuss the process mechanism (join, sign and verifier) protocols [19], [22], [23], [24], [25], [26] for generation the DAA signature. Figure 6 explain the internal DAA process mechanism. EK DAA User Sign Verify Join TPM issuer Discrete Algorithm (ZKP)
Figure 6. Process Mechanism of DAA Scheme Join Protocol The purpose of this Protocol to allow the user platform to obtain a DAA certificate from DAA issuer. This certificate is use to provide prove to other parties that the user platform is trusted. DAA issuer has ability to generate anonymous certificates and its role is similar to certificate authority (CA). It is manufacturer of TPM how creates DAA certificate issue. This protocol runs between the issuer and User and TPM. Endorsement key (EK) play his role as an authentic channel between the TPM and issuer. User authenticate himself to based on Endorsement key (EK) of vehicle TPM. TPM manufacture play a role of CA and user use the public part of Endorsement key (EK) which is called the attestation identity key (AIK). Now DAA issuer issues the certificate by using the following mechanism. DAA issuer generate public key and value of the key we can assume are (n,X,Y,Z) N = pq p and q large prime no. X,Y,Z Z n Random generated values User of the vehicle perform two task first they generate a secret key (S) and compute the value A = X s ,Y t1 mod n and second task is to compute the value B I = s I mod
I identity of the issuer large prime number. User sends the values of A and B to the DAA issuer and convinces the issuer that the value of A and B are correctly form by using of the discrete algorithm (Zero-knowledge proof of knowledge). When DAA issuer receive the value of A and B I and check it properly if it is convince with it then it will sign the message by computing the H = (Y/AX t2 ) 1/e mod m and after all process DAA issuer send (H,e,t) to user and proves that H is generated correctly. Signing Protocol DAA signer is combination of TPM and user and they work together. TPM generates DAA signature and it is part of user. Due to limited capacity for computation and storage of TPM, user is involved for join and signing process. Purpose of this protocol is to allow the user to authenticate the message on the base of signature. User and verifier perform this task using with DAA certificate. Singing protocol works in the following way. Message could be safety or non safety message user signs the message M with secret key (s) and DAA Certificate (H, e, t), (t= t1 + t2). User computes the value of B v and also generates the Signature . B v = s
mod Verifier Protocol DAA Verifier could be any external service provider and task of verifier is to verify the DAA Signature. Verifier first verifies the signature and if signature is valid then checks the DAA certificate that is created by valid TPM. User obtains the DAA certificate by using of join and sign protocols and now user is ready to generate AIKs as possible as and sign the safety and non safety messages. Join and sign process only performed once and after this no need to repeat it for signing the messages. V. CONCLUSION AND FUTURE WORK Reducing death rate and avoiding congestion on roads is key objective of vehicular network. Security and trust are becoming increasingly key challenges in vehicular network. The main idea behind trusted computing is the hardware based TPM which contains active security modules that supports chain of trust to be built within components of the network. In this paper we present a new model for chain of trust within vehicular to handle all types of attacks and maintain the integrity of safety messages. DAA scheme develop the chain of trust and also to solve the problem of privacy of users while communicating with other vehicles or with RSU. REFERENCES [1] D. Jiang, V. Taliwal, A. Meier,W. Holfelder,R. HerrtwichDesign of 5.9 GHz DSRC-based vehicular safety communication Wireless Communications IEEE Vol. 13, No. 5. (2006), pp. 36-43. [2] H. Hartenstein,Kenneth P.Laberteaux, Toyota Technical Center. A Tutorial Survey on Vehicular Ad Hoc NetworksIEEE Communication Magazine, June 2008. [3] J.P.Hubaux,S.Capkun,J.Luo The Security and Privacy of Smart Vehicles Published by the IEEE Computer Society.May/June 2004. [4] G. Guett, C. Bryce, Using TPMs to Secure Vehicular Ad-Hoc Networks (VANETs) IFIP 2008, WISTP 2008, LNCS 5019, pp.106- 116. [5] A. Stampoulis, Z. Chai A Survey of Security in Vehicular Networks [6] M. Raya,J. Pierre, Hubaux,Securing vehicular ad hoc Networks Journal of Computer Security,vol.15,Issue no.1 January 2007, pp: 39-68. [7] R.Anderson,Cryptography and competition policy-issue with trusted computing,proceedings of PODC03,july 13-16,boston,MA,pp.3- 10,ACM press 2003. [8] B.Balacheff,L.Chen,S.Pearson,D.Plaquin and G.Proudler.In S.Pearson,ed.,Trusted computing platform:TCPA technology in context.Prentice Hall PTR,Upper saddle river,NJ,2003. [9] A. Reza Sadeghi,Trusted Computing-Special Aspects and challenges,Lecture Notes Horst-Gortz-Institute(HGI) for IT- Security,Ruha-University Bochum, Germany.2007. [10] E.Gallery,An overview of trusted computing technology,Trusted Computing,chapter No.3,pp.31-32.IEE professional application of computing series 6. [11] Trusted Platform Module Basics Using TPM in Embedded Systems by Steven Kinney Chapter No.03 Overview of the TPM Architecture,pp.26. [12] D.Kallath,Trust in trusted computing-the end of security as we know itBT security Research Centre. [13] H. Hartenstein,Kenneth P.Laberteaux, Toyota Technical Center. A Tutorial Survey on Vehicular Ad Hoc NetworksIEEE Communication Magazine, June 2008. [14] G. Guett, C. Bryce, Using TPMs to Secure Vehicular Ad-Hoc Networks (VANETs) IFIP 2008, WISTP 2008, LNCS 5019, pp.106- 116. [15] G.Guette and O.Heen,A TPM-based Architecture for improved secuirty and Anonoymity in vehicular ad hoc networks,IRIS France. [16] F. Stumpf, L. Fischer and C.Eckert, Trust, Security and Privacy in VANETs Multilayered Security Architecture for C2C-Communication, Automotive Security, pp. 55-70,Wolfsburg, Germany, VDI-Verlag, 200. [17] C. Laurendeau,M. Barbeau,Theat to security in DSRC/WAVE, 5th International Conference on Ad Hoc Networks and Wireless (ADHOC- NOW).LNCS 4104, pp.226-279, 2006. [18] M. Raya,J. Pierre,Hubaux,The Security of vehicular ad hoc Networks SASN05,November 07,2005,Alexandria,Virginia USA. [19] E. Brickell, J. Camenisch, and L. Chen: "Direct Anonymous Attestation" In Proceedings of 11th ACM Conference on Computer and Communications Security, ACM Press, 2004. [20] A. Reza Sadeghi,Trusted Computing-Special Aspects and challenges,Lecture Notes Horst-Gortz-Institute(HGI) for IT- Security,Ruha-University Bochum, Germany 2007. [21] M. Strasser, H. Stamer, A Software-Based Trusted Platform Module Emulator, TRUST 2008, LNCS 4968, pp. 33-47, Springer Berlin. [22] E. Brickell, J. Camenisch, and L. Chen,The DAA scheme in context Trusted Computing,chapter no.5,pp.143. IEE professional application of computing series 6. [23] M.Strasser,A Software-Based TPM Emulator for Linux, Semester Thesis, Department computer Science Swiss Federal Institute of Technology Zurich, 2004. [24] H.Ge,S.R.Tate,A Direct Anonymous Attestation scheme for embedded devices,LNCS 4450,pp.16-30,2007. [25] K.Dietrich,Anonymous client Authentication for transport layer security,LNCS 6109,pp.268-280,2010. [26] L.Chen,A DAA scheme requiring less TPM resources Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology.