Transcript Document
Secure pseudonym generation for
efficient broadcast authentication in
VANETs
Deepak N Ananth and Manjusha Gadiraju
CSC / ECE 774
Broadcast Authentication in VANETs
Outline:
Introduction to VANET Technology
Security requirements in VANET technology
Privacy protection in VANET
The proposed Protocol
Fast Authentication in VANET
Implementation and Future Work
References
2
Why VANET? - Motivation
Increase traveler safety
10.8 million vehicle crashes from 1990 to 2009
36,000 fatalities in 2009 only
24,000 of these due to collision with other vehicles / objects.
Costs more than $100 billion per year
Boost on-board luxury
Source: US Census Bureau : www.census.gov
3
Broadcast Authentication in VANETs
Outline:
Introduction to VANET Technology
Security requirements in VANET technology
Privacy protection in VANET
The proposed Protocol
Fast Authentication in VANET
Implementation and Future Work
References
4
What is Vehicular Ad-Hoc Network ?
m :
<x,y> , loc, Tv
S(m) : ECDSA signature
cert : Public key certificate
Higher Authority
RSU
<m, S(m), cert>
OBU
5
6
Communication in VANET
Vehicular
communication
Vehicle-Vehicle
Single-hop
Hybrid
Multi-hop
7
Vehicle-Infrastructure
VANET Applications
Co-operative Collision Warning
Lane Change Warning
Intersection Collision Warning
Approaching Emergency vehicle
Rollover Warning
Work Zone Warning
Coupling/Decoupling
Inter-Vehicle Communications
Electronic Toll Collection
8
VANET Characteristics
The main characteristics of VANETs
High mobility of nodes
Rapidly changing network topology (predictable to some
extent)
Unbounded network size
Potential support from infrastructure
Real time , time-sensitive data exchange
Crucial effect of security and privacy
9
Broadcast Authentication in VANETs
Outline:
Introduction to VANET Technology
Security in VANET technology
Privacy protection in VANET
The proposed Protocol
Broadcast Authentication in VANET
References
10
Security Requirements
Authentication
Privacy protection
Non-repudiation
Real-time constraints
Availability
11
Security Requirements (contd)
12
Outline
Introduction to VANET Technology
Security requirements in VANET technology
Privacy protection in VANET
The Proposed Protocol
Fast Authentication in VANET
Security Analysis
Implementation and Future Work
References
13
Privacy – Important for VANETs
Cars = Personal Devices
Tracking of vehicles based on communication
messages
< m , S(m) , cert >
The feeling of permanently being monitored by an
arbitrary authority
Examples: Privacy threat
A private investigator can easily follow a car without
being noticed by extracting position information from
the messages sent by the car.
An employer is overhearing the communications from
cars on the company parking lot.
How to provide Privacy ???
Enter “pseudonyms”
• aliases which hide the real identity
Can be implemented using random numbers
Set of pseudonyms used during communication must
be mapped to real-world identities in special
situations
Trusted Authority
How to use pseudonyms?
Single pseudonym all the time
– Easy to map alias with real identity
– Messages can be related
Store pseudonyms on the OBU and use over a long
period of time
– How many pseudonyms to load ?
– Compromised node ?
Broadcast Authentication in VANETs
Outline
Introduction to VANET Technology
Security requirements in VANET technology
Privacy protection in VANET
The Proposed Protocol
Fast Authentication in VANET
Security Analysis
Implementation and Future Work
References
Protocol Overview
Privacy protection for local broadcast messages.
Short time on-the-fly pseudonym generation.
Estimate the number of pseudonyms required.
Local broadcast via Enhanced Fast Authentication
System Model
System Components
Central Authority (CA) : Centralized authority which registers the
vehicles before they are allowed to operate on the road. E.g.: DMV
Cannot be compromised
Roadside Authority (RA) : Authorized all road-side units. Cannot
be compromised.
Road Side Units (RSU) : Infrastructure nodes installed Road side.
Susceptible to compromise
Vehicular nodes: Nodes which transmit the messages.
Susceptible to compromise
Assumption Model
Each vehicle V when registered with the CA is provided a public / private
key pair and CApub
The RA periodically pulls information from the CA to get the latest up to
date CRL’s and registered vehicles information.
Each RA maintains a topological overview of the entire area under its
coverage
Attacker can compromise at most one RSU under a RA’s range.
At any time in the network there are more number of benign nodes than
the compromised nodes.
Attacker Model
External Attacker: Such an attacker is limited in the diversity of attacks he
can mount. However, he can eavesdrop on all the messages transferred.
Inside Attacker: The attacker can be an authenticated member of the
network; such an attacker can communicate with other members of the
network. E.g: Compromised RSUs and vehicles
23
Pseudonym generation - Step 1
RA
RSU-IDA
RSU-IDB
RSU -> * {RSUID, CertDMV (RSUpub ||RApub), RSUloc}
24
Pseudonym generation - Step 2
RA
V -> RSU: {ID, RSUID, TV, (k + t)} RApub
25
Pseudonym generation - Step 3
CRL List
RA
< VID , RSUID, (k + i), Ni >
< V’ID , RSUID, (k + i)’, N’i >
RA -> RSU: {H(ID,Ni), Vpub, (k+t), Tv}
26
Pseudonym generation - Step 4
RA
RSU –> V: {SKv1, SKv2… SKvk+I ,Cert (PKv1 ||H(ID, Ni)), Cert (PKv2|| H(ID,
Ni)) ...Cert (PKvk+i- H(ID, Ni))} Vpub, Tv
27
Revocation Protocol
Malicious vehicles need to be isolated from the
network
Revocation of vehicles should be done progressively.
Neighboring vehicles report the violation and the
pseudonym used to the next RA via the nearest RSU
RA determines the severity of the violation and
forwards the pseudonym to the Central Authority
28
Contd..
CA obtains the mapping of the pseudonym and the
vehicle’s identity
Puts the vehicle in the Revocation List
Distributes a copy of the Revocation list to all the RA’s
Takes appropriate action on the malicious vehicle
29
Broadcast Authentication in VANETs
Outline:
Introduction to VANET Technology
Security requirements in VANET technology
Privacy protection in VANET
The proposed Protocol
Fast Authentication in VANET
Security Analysis
Implementation and Future Work
References
30
Enhanced Fast Authentication
First proposed in “Flooding-Resilient Broadcast
Authentication for VANETs”
Secures single-hop periodic messages.
Replaces expensive digital signature technique with
efficient hash operations.
31
Step 1: Location prediction
Predict location information (<x,y>) over the next “I”
beacons
Construct a prediction table for each beacon.
32
Step 2: One Time Signatures
Makes use of Huffman coding for generating OTS.
Construct Huffman binary tree for each beacon.
Chain the “ I ” Huffman trees for the “ I ” beacons to
form a Chained Huffman tree (CHT).
The root of the CHT is the one time signature for the
authentication of the “ I ” beacons.
33
Step 2: One Time Signatures
34
Step 3: Signature Broadcast
Commitment of the tree Pkots must be authenticated to
all receivers via the generated pseudonyms.
Send first beacon
B0 = {m0,S(m0), cert} where ,
m0 = {T0,L0,PKots,Dx,Dy}
After commitment is authenticated, send “mi” and off-
path values of the CHT as the signature.
35
Enhanced Pseudonym usage
Construct a Huffman tree for “I” beacons and include the
commitment in first beacon B0
Vehicles cannot authenticate messages if B0 is not received.
Send PKots every “ k ” beacons. (k < I).
Include “ k ” when requesting for pseudonyms.
In addition always maintain “t” minimum pseudonyms in
OBU.
“ t “ can be varied according to the network conditions.
36
Foreseen Advantages
Parallelize the process of pseudonym generation and
beacon prediction.
• The vehicle can make the request for the pseudonyms
and perform the beacon prediction and PKots generation.
Lesser signature operations.
Not vulnerable to RSU attacks.
37
Broadcast Authentication in VANETs
Outline:
Introduction to VANET Technology
Security requirements in VANET technology
Privacy protection in VANET
The proposed Protocol
Fast Authentication in VANET
Security Analysis
Implementation and Future Work
References
38
Security Analysis
The protocol is secure against DoS attacks:
• Each vehicle spends a ltd. amount of time in RSU range.
• Vehicle accepts only the pre-calculated no. of
pseudonyms it requested for.
• RA and RSU have very high computation power.
39
The protocol is secure against replay attacks:
• Vehicles and the nodes are tightly synchronized.
• Include Tv in the message
The protocol is secure against vehicular impersonation
attacks:
• Ensure that the vehicle ID is never revealed in the open.
• TPD ensures that the keys are not revealed to user.
40
The protocol is secure against RSU impersonation:
• RA can determine RSU compromise based on the
complaints received.
• An RSU compromise affects communication only in the
range of the particular RSU
41
Broadcast Authentication in VANETs
Outline:
Introduction to VANET Technology
Security requirements in VANET technology
Privacy protection in VANET
The proposed Protocol
Fast Authentication in VANET
Security Analysis
Implementation and Future Work
References
42
Simulations in VANET
VANET simulations require both networking component and
mobility component.
Usually represented by two different simulators.
Mobility simulator generates the mobility of vehicles
Network simulator provides feedback and modifies trace files
accordingly.
43
Our Simulation: Mobility simulation
Simulation of Urban Mobility (SUMO)
Have developed XML scripts to define the topology and
the vehicular movement in SUMO.
44
Our Simulation: Network simulation
Use Omnet ++ for network simulation
Veins simulation environment interface between the
network simulation and mobility.
INET framework to simulate wireless transmissions
45
Future Work
Continue working on network simulation part for
performance evaluation.
Optimize the protocol and enhance the bandwidth
efficiency and robustness of this scheme
46
References
[1] Hsiao, H.-C., Studer, A., Chen, C., Perrig, A., Bai, F., Bellur, B., Iyer,
A.:"Flooding- Resilient Broadcast Authentication for VANETs".
[2] Z. Li, Z. Wang, and C. Chigan, “Security of Vehicular Ad Hoc
Networks in Intelligent Transportation Systems,”
[3] http://www.car-to-car.org – Nice videos
[3] http://veins.car2x.org/
47
Thank You
48