Efficient Secure Aggregation in VANETs
Download
Report
Transcript Efficient Secure Aggregation in VANETs
Efficient Secure Aggregation in VANETs
Maxim Raya, Adel Aziz, and Jean-Pierre Hubaux
Laboratory for computer Communications and
Applications (LCA)
EPFL
Outline
Motivation
Attacker model
Secure group formation
Secure aggregation mechanisms
Simulation results
Conclusion
2
Why efficient secure aggregation?
VANET security is indispensable but expensive
De facto security: limited flooding of signed messages
Since many vehicles broadcast the same event, why
not try aggregation?
Verifier
Verifier
Safety
message
1. Can we make it work in VANETs?
Signer
{Position, speed,
2. And can we make it secure?acceleration,
direction,
time, safety events}
Cryptographic material
{Signer’s DS, Signer’s
PK, CA’s certificate of PK}
Verifier
The answer is in this presentation and it is: YES
3
How to make aggregation efficient and secure?
Requirements:
• Channel efficiency
• Low delay
• Data correctness
• Non-repudiation
We propose 3 solutions:
• Combined signatures
• Overlapping groups
• Dynamic group key creation
4
Who is the attacker?
Major threat: false information dissemination
Assumption:
Any group of more than 2 vehicles should contain a
majority of honest nodes under normal density conditions
5
The secret of efficient aggregation: groups
Group leader
Group
Group
communication
Geographic
group boundary
Information is relayed between groups, not individual vehicles
6
How to make a group?
Preset groups: efficient but not flexible
On-the-fly groups: flexible but not efficient
Location-based groups: efficient and flexible
• The keyword is where and not who a vehicle’s neighbors are
Group formation step-by-step:
1.
2.
3.
4.
Dissect the map into small area cells, each defining a group
Load map dissection function/dissected maps into vehicles
Cells (groups) overlap to ensure handover
One option for leader election: group leader = vehicle closest to
center (with lowest ID if many), elected for a given duration
5. A vehicle checks its GPS position to determine its cell (group)
7
Group formation
8
Group formation
Cell
Leader
Overlap
TX range = 300 m
Not to scale
Cell size = 400 m
9
Group formation
I am in cell X
10
SVGP (Secure VANET Group Protocol)
Goal: establishment of a symmetric group key
Secure groups protect the network from outsiders only
Concept: group leader transports group key to members
Subsequent messages include only a HMAC
On leave, nothing needs to be done
Vehicles at boundaries receive messages from 2 groups
11
Aggregation mechanism 1:
Combined signatures
Concept: a group of vehicles reporting the same event combine their
signatures
Advantages:
•
•
Overhead is grouped in one message => better channel efficiency
A group’s combined message => the group agrees on the content
Three types of combined signatures:
Concatenated signature
m
S1(m)
...
Sn(m)
C1
...
Cn
Onion signature
m
Sn-1
Sn(...(S1(m))) C1
...
Cn
Hybrid signature
m
Si-1
Si(...(S1(m)))
Sn-1
Sn(...(Sj(m)))
C1
...
m = message, S = Signature, C = Certificate
Cn
12
Aggregation mechanism 2:
Overlapping groups
Concept: vehicles in the
intersections of groups make a
bridge for data
Group keys and messages are
distributed using SVGP
Group leader
Group
Group
communication
Geographic
group boundary
The good:
•
Cheap symmetric crypto
The bad:
•
•
•
Need for position verification
Need for honest majority
Lack of non-repudiation
13
Aggregation mechanism 3:
Dynamic Group Key Creation
Conciliates low overhead (symmetric crypto) with non-repudiation
(digital signatures)
Dynamic group scenarios (e.g., platoon)
Step-by-step:
1. The leader sends a key request to
the CA (Certificate Authority)
2. The CA generates an asymmetric
group key pair and unique IDs for
members (for non-repudiation)
3. Vehicles sign messages with the
new group key and include their
ID
Key request
Dynamic group
14
Simulation results
Scenario
Source
2400 m
ns-2 simulator
Rice scenario generator
EPFL VANET patch (available at
http://ivc.epfl.ch)
Cell size: 400 meters
ECC with key size of 256 bits
100 simulations
Simulated mechanism: concatenated
signatures
Correctness level of messages:
number of supporting signatures to
consider a message correct. It is 4 in
our simulations
Destination
2400 m
15
Effect of density on channel usage
16
Effect of density on message delay
17
Effect of speed on channel usage
18
Effect of speed on message delay
19
Efficiency vs. Security (correctness level)
Destination
aggregation
Source
aggregation
20
Conclusion
Objective: the tradeoff between efficiency and security
Efficient secure aggregation is a feasible answer:
• Combined signatures
• Overlapping groups
• Dynamic group key creation
The advantages:
• Better channel usage
• Lower message delivery delay
• Better data correctness and hence security
Visit http://ivc.epfl.ch and http://www.sevecom.org
21
SEVECOM
(SEcure VEhicular COMmunication)
Objectives: Identification of threats and Specification of a security architecture
22
CALL FOR PAPERS
IEEE Journal on Selected Areas in Communications
Vehicular Networks
• Architecture of Vehicular networks
• Protocol design (low-power, multi-channel, etc.)
• Vehicle-to-Vehicle
• PHY, MAC, Network Layer (Routing protocols)
• Vehicle-to-Roadside
• Channel Modeling
• Security and privacy
• Cooperative aspects of vehicular communication
• Cross-layer optimization techniques
• Scalability and Availability issues in Vehicular networks
• Mobility and traffic models
• Safety and commercial applications
Manuscript Submission
February 1, 2007
Acceptance Notification
May 15, 2007
Final Manuscript Due to Publisher
July 1, 2007
Publication Date
3rd Quarter 2007
http://www.jsac.ucsd.edu/Calls/vehnetwkcfp.htm
23