Secure pseudonym generation for efficient broadcast authentication in VANETs Deepak N Ananth and Manjusha Gadiraju CSC / ECE 774 Broadcast Authentication in VANETs Outline: Introduction to VANET Technology Security requirements in VANET technology Privacy protection in VANET The proposed Protocol Fast Authentication in VANET Implementation and Future Work References 2 Why VANET? - Motivation Increase traveler safety 10.8 million vehicle crashes from 1990 to 2009 36,000 fatalities in 2009 only 24,000 of these due to collision with other vehicles / objects. Costs more than $100 billion per year Boost on-board luxury Source: US Census Bureau : www.census.gov 3 Broadcast Authentication in VANETs Outline: Introduction to VANET Technology Security requirements in VANET technology Privacy protection in VANET The proposed Protocol Fast Authentication in VANET Implementation and Future Work References 4 What is Vehicular Ad-Hoc Network ? m : <x,y> , loc, Tv S(m) : ECDSA signature cert : Public key certificate Higher Authority RSU <m, S(m), cert> OBU 5 6 Communication in VANET Vehicular communication Vehicle-Vehicle Single-hop Hybrid Multi-hop 7 Vehicle-Infrastructure VANET Applications Co-operative Collision Warning Lane Change Warning Intersection Collision Warning Approaching Emergency vehicle Rollover Warning Work Zone Warning Coupling/Decoupling Inter-Vehicle Communications Electronic Toll Collection 8 VANET Characteristics The main characteristics of VANETs High mobility of nodes Rapidly changing network topology (predictable to some extent) Unbounded network size Potential support from infrastructure Real time , time-sensitive data exchange Crucial effect of security and privacy 9 Broadcast Authentication in VANETs Outline: Introduction to VANET Technology Security in VANET technology Privacy protection in VANET The proposed Protocol Broadcast Authentication in VANET References 10 Security Requirements Authentication Privacy protection Non-repudiation Real-time constraints Availability 11 Security Requirements (contd) 12 Outline Introduction to VANET Technology Security requirements in VANET technology Privacy protection in VANET The Proposed Protocol Fast Authentication in VANET Security Analysis Implementation and Future Work References 13 Privacy – Important for VANETs Cars = Personal Devices Tracking of vehicles based on communication messages < m , S(m) , cert > The feeling of permanently being monitored by an arbitrary authority Examples: Privacy threat A private investigator can easily follow a car without being noticed by extracting position information from the messages sent by the car. An employer is overhearing the communications from cars on the company parking lot. How to provide Privacy ??? Enter “pseudonyms” • aliases which hide the real identity Can be implemented using random numbers Set of pseudonyms used during communication must be mapped to real-world identities in special situations Trusted Authority How to use pseudonyms? Single pseudonym all the time – Easy to map alias with real identity – Messages can be related Store pseudonyms on the OBU and use over a long period of time – How many pseudonyms to load ? – Compromised node ? Broadcast Authentication in VANETs Outline Introduction to VANET Technology Security requirements in VANET technology Privacy protection in VANET The Proposed Protocol Fast Authentication in VANET Security Analysis Implementation and Future Work References Protocol Overview Privacy protection for local broadcast messages. Short time on-the-fly pseudonym generation. Estimate the number of pseudonyms required. Local broadcast via Enhanced Fast Authentication System Model System Components Central Authority (CA) : Centralized authority which registers the vehicles before they are allowed to operate on the road. E.g.: DMV Cannot be compromised Roadside Authority (RA) : Authorized all road-side units. Cannot be compromised. Road Side Units (RSU) : Infrastructure nodes installed Road side. Susceptible to compromise Vehicular nodes: Nodes which transmit the messages. Susceptible to compromise Assumption Model Each vehicle V when registered with the CA is provided a public / private key pair and CApub The RA periodically pulls information from the CA to get the latest up to date CRL’s and registered vehicles information. Each RA maintains a topological overview of the entire area under its coverage Attacker can compromise at most one RSU under a RA’s range. At any time in the network there are more number of benign nodes than the compromised nodes. Attacker Model External Attacker: Such an attacker is limited in the diversity of attacks he can mount. However, he can eavesdrop on all the messages transferred. Inside Attacker: The attacker can be an authenticated member of the network; such an attacker can communicate with other members of the network. E.g: Compromised RSUs and vehicles 23 Pseudonym generation - Step 1 RA RSU-IDA RSU-IDB RSU -> * {RSUID, CertDMV (RSUpub ||RApub), RSUloc} 24 Pseudonym generation - Step 2 RA V -> RSU: {ID, RSUID, TV, (k + t)} RApub 25 Pseudonym generation - Step 3 CRL List RA < VID , RSUID, (k + i), Ni > < V’ID , RSUID, (k + i)’, N’i > RA -> RSU: {H(ID,Ni), Vpub, (k+t), Tv} 26 Pseudonym generation - Step 4 RA RSU –> V: {SKv1, SKv2… SKvk+I ,Cert (PKv1 ||H(ID, Ni)), Cert (PKv2|| H(ID, Ni)) ...Cert (PKvk+i- H(ID, Ni))} Vpub, Tv 27 Revocation Protocol Malicious vehicles need to be isolated from the network Revocation of vehicles should be done progressively. Neighboring vehicles report the violation and the pseudonym used to the next RA via the nearest RSU RA determines the severity of the violation and forwards the pseudonym to the Central Authority 28 Contd.. CA obtains the mapping of the pseudonym and the vehicle’s identity Puts the vehicle in the Revocation List Distributes a copy of the Revocation list to all the RA’s Takes appropriate action on the malicious vehicle 29 Broadcast Authentication in VANETs Outline: Introduction to VANET Technology Security requirements in VANET technology Privacy protection in VANET The proposed Protocol Fast Authentication in VANET Security Analysis Implementation and Future Work References 30 Enhanced Fast Authentication First proposed in “Flooding-Resilient Broadcast Authentication for VANETs” Secures single-hop periodic messages. Replaces expensive digital signature technique with efficient hash operations. 31 Step 1: Location prediction Predict location information (<x,y>) over the next “I” beacons Construct a prediction table for each beacon. 32 Step 2: One Time Signatures Makes use of Huffman coding for generating OTS. Construct Huffman binary tree for each beacon. Chain the “ I ” Huffman trees for the “ I ” beacons to form a Chained Huffman tree (CHT). The root of the CHT is the one time signature for the authentication of the “ I ” beacons. 33 Step 2: One Time Signatures 34 Step 3: Signature Broadcast Commitment of the tree Pkots must be authenticated to all receivers via the generated pseudonyms. Send first beacon B0 = {m0,S(m0), cert} where , m0 = {T0,L0,PKots,Dx,Dy} After commitment is authenticated, send “mi” and off- path values of the CHT as the signature. 35 Enhanced Pseudonym usage Construct a Huffman tree for “I” beacons and include the commitment in first beacon B0 Vehicles cannot authenticate messages if B0 is not received. Send PKots every “ k ” beacons. (k < I). Include “ k ” when requesting for pseudonyms. In addition always maintain “t” minimum pseudonyms in OBU. “ t “ can be varied according to the network conditions. 36 Foreseen Advantages Parallelize the process of pseudonym generation and beacon prediction. • The vehicle can make the request for the pseudonyms and perform the beacon prediction and PKots generation. Lesser signature operations. Not vulnerable to RSU attacks. 37 Broadcast Authentication in VANETs Outline: Introduction to VANET Technology Security requirements in VANET technology Privacy protection in VANET The proposed Protocol Fast Authentication in VANET Security Analysis Implementation and Future Work References 38 Security Analysis The protocol is secure against DoS attacks: • Each vehicle spends a ltd. amount of time in RSU range. • Vehicle accepts only the pre-calculated no. of pseudonyms it requested for. • RA and RSU have very high computation power. 39 The protocol is secure against replay attacks: • Vehicles and the nodes are tightly synchronized. • Include Tv in the message The protocol is secure against vehicular impersonation attacks: • Ensure that the vehicle ID is never revealed in the open. • TPD ensures that the keys are not revealed to user. 40 The protocol is secure against RSU impersonation: • RA can determine RSU compromise based on the complaints received. • An RSU compromise affects communication only in the range of the particular RSU 41 Broadcast Authentication in VANETs Outline: Introduction to VANET Technology Security requirements in VANET technology Privacy protection in VANET The proposed Protocol Fast Authentication in VANET Security Analysis Implementation and Future Work References 42 Simulations in VANET VANET simulations require both networking component and mobility component. Usually represented by two different simulators. Mobility simulator generates the mobility of vehicles Network simulator provides feedback and modifies trace files accordingly. 43 Our Simulation: Mobility simulation Simulation of Urban Mobility (SUMO) Have developed XML scripts to define the topology and the vehicular movement in SUMO. 44 Our Simulation: Network simulation Use Omnet ++ for network simulation Veins simulation environment interface between the network simulation and mobility. INET framework to simulate wireless transmissions 45 Future Work Continue working on network simulation part for performance evaluation. Optimize the protocol and enhance the bandwidth efficiency and robustness of this scheme 46 References [1] Hsiao, H.-C., Studer, A., Chen, C., Perrig, A., Bai, F., Bellur, B., Iyer, A.:"Flooding- Resilient Broadcast Authentication for VANETs". [2] Z. Li, Z. Wang, and C. Chigan, “Security of Vehicular Ad Hoc Networks in Intelligent Transportation Systems,” [3] http://www.car-to-car.org – Nice videos [3] http://veins.car2x.org/ 47 Thank You 48