reu_parrots - Oakland University
advertisement
PARROTS Position Altered Random Repetition of Transportation Signature George Corser Oakland University May 23, 2013 1. Introduction: VANET Privacy 3 VANET Privacy: Scope Virtue we wish to promote Scope Privacy Activity we wish to control Vehicle Surveillance System possible to implement Mobile Wireless Network VANET: Technical Standards • Two stacks ▫ WSMP (Safety) ▫ TCP/IP (Other) • IEEE 1609.2 ▫ Security Services • J2735 ▫ DSRC Message Set • J2945.1 ▫ Comm. Performance (Graphic source: Kenney, 2010) First non-draft version released April 2013 IEEE 1609.2 – Security Services • Certificates and Certificate Authority Hierarchy • Formats for Public Key, Signature, Certificate, and CRL • Message Formats and Processing for Generating Encrypted Messages • Sending Messages Jared: Trust George: Privacy • Request Certificates from the CA • Request and Processing CRL Source: IEEE 1609.2 – Security Services SAE J2735 – DSRC Message Set • Basic Safety Message (BSM) • Probe Vehicle Data Message (PVDM) • Traveler Information (TIM) Image source: http://www.sae.org/exempt/misc/dsrc/docs.htm#complexType_TravelerInformation_Link0780A7A0 Crypto validates identities and keeps messages confidential Basic Crypto: Vi queries LBS • i = identity (pseudo identity, actually) • Vi = vehicle with identity, i • Cert(i) = CA-(i, Vi+, validity, authority, …) ▫ the digital certificate for Vi is the identity, the public key and the key’s valid date/time range • • • • q = query (could have used: m = message) SigVi(q) = V-[H(q),q] Query Vi →LBS (q) = LBS+[ SigVi(q) , Cert(i) ] Reply LBS→Vi (r) = Vi+[r] VANET Privacy: Properties, Techniques, Problems • Unlinkability, pseudo IDs, key management • Untrackability, synchronized pseudo ID change, sparsity/density of vehicle traffic • Scalability, no solution, sparsity/density (unpublished: FLARES addresses this issue) • Efficiency, minimize privacy message requests, efficient protocols not usually as effective • Conditionality, distributed PKI, tends to work against unlinkability VANET Privacy: PARROTS Properties, Techniques, Problems • User choice, PARROTS, driver-controlled privacy may circumvent conditionality (note: other models could offer a software switch, but none in the literature have so suggested) • Defense against collaboration, PARROTS, requires different BSM, PVM, GSM pseudo IDs PARROTS: Contribution of Paper • Model for defending against collaborative location privacy attacks in VANETs 2. PARROTS Threat Model: Collaborative Attack Attacker has access to both LBS and RSU Many models use this technique Privacy Technique: Pseudo-ID • Real identity never broadcast ▫ Ensures unlinkability • Pseudo ID changes every 5 minutes • Key distribution and certificate revocation also open research issues Certificate Authority Many models use this technique Privacy Technique: Group Leader • Vehicles travel in groups ▫ Ensures untrackability • Groups serve as mix zones • Followers synchronize pseudo ID changes (may also use silent period) • Group leader does not have privacy Original work PARROTS: Before Group Change Vi Vi and Vj drive within communication range, Vj agrees to PARROT Vj Original work PARROTS: After Group Change Vi Vj Vi Vj changes group and begins parroting Vi PARROTS: Defeats Attack Both Vi and Vj send LBS requests signed by Vi, and both locations confirmed by RSUs Vj Vj Vi Vi Problems with PARROTS Model • Vehicles would need separate sets of pseudo IDs for safety applications. The pseudo ID for the BSM cannot be the same as the pseudo ID for the TIM (or whatever message type is used for the LBS) otherwise attacker could check for BSM • Parrotee would need to construct maybe 5 mins worth of messages to send to LBS • Location cannot be part of signed request • Malicious parroter could flood LBS Crypto validates identities and keeps messages confidential Basic Crypto: Vi queries LBS • i = identity (pseudo identity, actually) • Vi = vehicle with identity, i • Cert(i) = CA-(i, Vi+, validity, authority, …) ▫ the digital certificate for Vi is the identity, the public key and the key’s valid date/time range • • • • q = query (could have used: m = message) SigVi(q) = V-[H(q),q] Query Vi →LBS (q) = LBS+[ SigVi(q) , Cert(i) ] Reply LBS→Vi (r) = Vi+[r] Conditionality Problem • PARROTS increases the complexity of conditional privacy. If LBS kept records of all requests from Vi, and RSUs kept records of all pseudo IDs of BSMs in range of RSU, then the CA could correlate pseudo IDs to identify which was the “real” request (assuming no spoofing). 3. Simulation Image source: http://vc.inf.h-bonn-rhein-sieg.de/?page_id=1025 Mobility Model: Manhattan • • • • 3000 m by 3000 m Roads every 100 m All vehicles are on roads Vehicle communication range 300 m • Cars travel average 30 m/sec Privacy Metrics • Anonymity set size: ▫ |ASi| • Entropy of anonymity set size: ▫ H(|ASi|) = Σ p(i,j) log2p(i,j) • Tracking probability: ▫ Prob(|ASi| = 1) Simulation: Python 2.7 Code # # # # # # # # # ---------------------------------------------------------------------parrots.py George Corser, January 28, 2013 Simulation of PARROTS, a VANET privacy model, wirtten in Python 2.7 PARROTS: Position Altered Random Repetition of Transporation Signature See the "Main" section at the bottom of this file to change parameters. This simulation assumes a grid of roads 100m apart on a 3000mx3000m area ---------------------------------------------------------------------- def PARROTS(t, v, parrotee_percent, parroter_percent, seednum): # Function arguments ---------------------------------------------# t is number of time slices. Each time slice is: comfreq = 300 ms # v is number of vehicles in simulation # parrotee_percent is the ratio of vehicles that wish to request parroting # parroter_percent is the ratio of vehicles that volunteer to be parrots # seednum is seed in random.seed(seednum) for random.randint() continued… continued Simulation: Python 2.7 Code # ------------------------------------------------------------------------ # # Step 1.a. Initialize vehicle locations # ------------------------------------------------------------------------ # for ti in range(1): # initialize vehicles at random coordinates on road grid for vi in range(v): # ----- Vehicles, Groups and Leaders ----------------------------- # if vi % 2 == 0: # if vi is even, let x be an even 100 and y be random x.append(100*random.randint(0,xmax/100)) y.append(random.randint(0,ymax)) else: x.append(random.randint(0,xmax)) y.append(100*random.randint(0,ymax/100)) xprior.append(0) yprior.append(0) xdir.append((-1)**random.randint(1,2)) # randomly select -1 or 1 ydir.append((-1)**random.randint(1,2)) continued… PARROT-ing almost doubles AS size Simulation: Output ti 600 600 600 600 600 600 600 600 vi 100 100 100 100 200 200 200 200 Sum Sum Sum Sum Count (as) pep prp (pe) (pr) (pas) (pas) 132 0 0 0 0 0 0 132 0 100 0 98 0 0 132 100 0 99 0 0 0 132 100 100 99 98 103 73 398 0 0 0 0 0 0 398 0 100 0 195 0 0 398 100 0 197 0 0 0 398 100 100 197 195 364 170 Average Parrotee Anonymity Set Sizes Based on Parroter Percentage after 5 mins Simulation: Graphed Output Problems with simulation • In simulation, all cars are on road. In real life cars would be in parking lots, driveways, alleys, and other places that are not roads. • In simulation, when cars reach edge of grid they turn around and go back into the grid. In real life they would leave the grid area and perhaps new cars would enter. • In simulation, cars are uniformly distributed. In real life they are concentrated in certain spots. 4. Conclusion 1. VANET Privacy 2. PARROTS Model 3. Simulation
