Secure pseudonym generation for efficient broadcast authentication in VANETs

advertisement
Secure pseudonym generation for
efficient broadcast authentication in
VANETs
Deepak N Ananth and Manjusha Gadiraju
CSC / ECE 774
Broadcast Authentication in VANETs
 Outline:

Introduction to VANET Technology

Security requirements in VANET technology

Privacy protection in VANET

The proposed Protocol

Fast Authentication in VANET

Implementation and Future Work

References
2
Why VANET? - Motivation
 Increase traveler safety

10.8 million vehicle crashes from 1990 to 2009

36,000 fatalities in 2009 only

24,000 of these due to collision with other vehicles / objects.

Costs more than $100 billion per year
 Boost on-board luxury
Source: US Census Bureau : www.census.gov
3
Broadcast Authentication in VANETs
 Outline:

Introduction to VANET Technology

Security requirements in VANET technology

Privacy protection in VANET

The proposed Protocol

Fast Authentication in VANET

Implementation and Future Work

References
4
What is Vehicular Ad-Hoc Network ?
m :
<x,y> , loc, Tv
S(m) : ECDSA signature
cert : Public key certificate
Higher Authority
RSU
<m, S(m), cert>
OBU
5
6
Communication in VANET
Vehicular
communication
Vehicle-Vehicle
Single-hop
Hybrid
Multi-hop
7
Vehicle-Infrastructure
VANET Applications
Co-operative Collision Warning
Lane Change Warning
Intersection Collision Warning
Approaching Emergency vehicle
Rollover Warning
Work Zone Warning
Coupling/Decoupling
Inter-Vehicle Communications
Electronic Toll Collection
8
VANET Characteristics
The main characteristics of VANETs


High mobility of nodes
Rapidly changing network topology (predictable to some
extent)

Unbounded network size

Potential support from infrastructure

Real time , time-sensitive data exchange

Crucial effect of security and privacy
9
Broadcast Authentication in VANETs
 Outline:

Introduction to VANET Technology

Security in VANET technology

Privacy protection in VANET

The proposed Protocol

Broadcast Authentication in VANET

References
10
Security Requirements
 Authentication
 Privacy protection
 Non-repudiation
 Real-time constraints
 Availability
11
Security Requirements (contd)
12

Outline

Introduction to VANET Technology

Security requirements in VANET technology

Privacy protection in VANET

The Proposed Protocol

Fast Authentication in VANET

Security Analysis

Implementation and Future Work

References
13
Privacy – Important for VANETs
 Cars = Personal Devices
 Tracking of vehicles based on communication
messages
< m , S(m) , cert >
 The feeling of permanently being monitored by an
arbitrary authority
Examples: Privacy threat
 A private investigator can easily follow a car without
being noticed by extracting position information from
the messages sent by the car.
 An employer is overhearing the communications from
cars on the company parking lot.
How to provide Privacy ???
 Enter “pseudonyms”
• aliases which hide the real identity
 Can be implemented using random numbers
 Set of pseudonyms used during communication must
be mapped to real-world identities in special
situations
Trusted Authority
How to use pseudonyms?
 Single pseudonym all the time
– Easy to map alias with real identity
– Messages can be related
 Store pseudonyms on the OBU and use over a long
period of time
– How many pseudonyms to load ?
– Compromised node ?
Broadcast Authentication in VANETs

Outline

Introduction to VANET Technology

Security requirements in VANET technology

Privacy protection in VANET

The Proposed Protocol

Fast Authentication in VANET

Security Analysis

Implementation and Future Work

References
Protocol Overview
 Privacy protection for local broadcast messages.
 Short time on-the-fly pseudonym generation.
 Estimate the number of pseudonyms required.
 Local broadcast via Enhanced Fast Authentication
System Model
System Components
 Central Authority (CA) : Centralized authority which registers the
vehicles before they are allowed to operate on the road. E.g.: DMV
Cannot be compromised
 Roadside Authority (RA) : Authorized all road-side units. Cannot
be compromised.
 Road Side Units (RSU) : Infrastructure nodes installed Road side.
Susceptible to compromise
 Vehicular nodes: Nodes which transmit the messages.
Susceptible to compromise
Assumption Model
 Each vehicle V when registered with the CA is provided a public / private
key pair and CApub
 The RA periodically pulls information from the CA to get the latest up to
date CRL’s and registered vehicles information.
 Each RA maintains a topological overview of the entire area under its
coverage
 Attacker can compromise at most one RSU under a RA’s range.
 At any time in the network there are more number of benign nodes than
the compromised nodes.
Attacker Model
 External Attacker: Such an attacker is limited in the diversity of attacks he
can mount. However, he can eavesdrop on all the messages transferred.
 Inside Attacker: The attacker can be an authenticated member of the
network; such an attacker can communicate with other members of the
network. E.g: Compromised RSUs and vehicles
23
Pseudonym generation - Step 1
RA
RSU-IDA
RSU-IDB
RSU -> * {RSUID, CertDMV (RSUpub ||RApub), RSUloc}
24
Pseudonym generation - Step 2
RA
V -> RSU: {ID, RSUID, TV, (k + t)} RApub
25
Pseudonym generation - Step 3
CRL List
RA
< VID , RSUID, (k + i), Ni >
< V’ID , RSUID, (k + i)’, N’i >
RA -> RSU: {H(ID,Ni), Vpub, (k+t), Tv}
26
Pseudonym generation - Step 4
RA
RSU –> V: {SKv1, SKv2… SKvk+I ,Cert (PKv1 ||H(ID, Ni)), Cert (PKv2|| H(ID,
Ni)) ...Cert (PKvk+i- H(ID, Ni))} Vpub, Tv
27
Revocation Protocol
 Malicious vehicles need to be isolated from the
network
 Revocation of vehicles should be done progressively.
 Neighboring vehicles report the violation and the
pseudonym used to the next RA via the nearest RSU
 RA determines the severity of the violation and
forwards the pseudonym to the Central Authority
28
Contd..
 CA obtains the mapping of the pseudonym and the
vehicle’s identity
 Puts the vehicle in the Revocation List
 Distributes a copy of the Revocation list to all the RA’s
 Takes appropriate action on the malicious vehicle
29
Broadcast Authentication in VANETs

Outline:

Introduction to VANET Technology

Security requirements in VANET technology

Privacy protection in VANET

The proposed Protocol

Fast Authentication in VANET

Security Analysis

Implementation and Future Work

References
30
Enhanced Fast Authentication
 First proposed in “Flooding-Resilient Broadcast
Authentication for VANETs”
 Secures single-hop periodic messages.
 Replaces expensive digital signature technique with
efficient hash operations.
31
Step 1: Location prediction
 Predict location information (<x,y>) over the next “I”
beacons
 Construct a prediction table for each beacon.
32
Step 2: One Time Signatures
 Makes use of Huffman coding for generating OTS.
 Construct Huffman binary tree for each beacon.
 Chain the “ I ” Huffman trees for the “ I ” beacons to
form a Chained Huffman tree (CHT).
 The root of the CHT is the one time signature for the
authentication of the “ I ” beacons.
33
Step 2: One Time Signatures
34
Step 3: Signature Broadcast
 Commitment of the tree Pkots must be authenticated to
all receivers via the generated pseudonyms.
 Send first beacon
B0 = {m0,S(m0), cert} where ,
m0 = {T0,L0,PKots,Dx,Dy}
 After commitment is authenticated, send “mi” and off-
path values of the CHT as the signature.
35
Enhanced Pseudonym usage
 Construct a Huffman tree for “I” beacons and include the
commitment in first beacon B0
 Vehicles cannot authenticate messages if B0 is not received.
 Send PKots every “ k ” beacons. (k < I).
 Include “ k ” when requesting for pseudonyms.
 In addition always maintain “t” minimum pseudonyms in
OBU.
 “ t “ can be varied according to the network conditions.
36
Foreseen Advantages
 Parallelize the process of pseudonym generation and
beacon prediction.
• The vehicle can make the request for the pseudonyms
and perform the beacon prediction and PKots generation.
 Lesser signature operations.
 Not vulnerable to RSU attacks.
37
Broadcast Authentication in VANETs

Outline:

Introduction to VANET Technology

Security requirements in VANET technology

Privacy protection in VANET

The proposed Protocol

Fast Authentication in VANET

Security Analysis

Implementation and Future Work

References
38
Security Analysis
 The protocol is secure against DoS attacks:
• Each vehicle spends a ltd. amount of time in RSU range.
• Vehicle accepts only the pre-calculated no. of
pseudonyms it requested for.
• RA and RSU have very high computation power.
39
 The protocol is secure against replay attacks:
• Vehicles and the nodes are tightly synchronized.
• Include Tv in the message
 The protocol is secure against vehicular impersonation
attacks:
• Ensure that the vehicle ID is never revealed in the open.
• TPD ensures that the keys are not revealed to user.
40
 The protocol is secure against RSU impersonation:
• RA can determine RSU compromise based on the
complaints received.
• An RSU compromise affects communication only in the
range of the particular RSU
41
Broadcast Authentication in VANETs
 Outline:

Introduction to VANET Technology

Security requirements in VANET technology

Privacy protection in VANET

The proposed Protocol

Fast Authentication in VANET

Security Analysis

Implementation and Future Work

References
42
Simulations in VANET
 VANET simulations require both networking component and
mobility component.
 Usually represented by two different simulators.
 Mobility simulator generates the mobility of vehicles
 Network simulator provides feedback and modifies trace files
accordingly.
43
Our Simulation: Mobility simulation
 Simulation of Urban Mobility (SUMO)
 Have developed XML scripts to define the topology and
the vehicular movement in SUMO.
44
Our Simulation: Network simulation
 Use Omnet ++ for network simulation
 Veins simulation environment interface between the
network simulation and mobility.
 INET framework to simulate wireless transmissions
45
Future Work
 Continue working on network simulation part for
performance evaluation.
 Optimize the protocol and enhance the bandwidth
efficiency and robustness of this scheme
46
References
[1] Hsiao, H.-C., Studer, A., Chen, C., Perrig, A., Bai, F., Bellur, B., Iyer,
A.:"Flooding- Resilient Broadcast Authentication for VANETs".
[2] Z. Li, Z. Wang, and C. Chigan, “Security of Vehicular Ad Hoc
Networks in Intelligent Transportation Systems,”
[3] http://www.car-to-car.org – Nice videos
[3] http://veins.car2x.org/
47
Thank You
48
Download