1 / 24

Enhancements in Security, Performance Modeling and Optimization in Vehicular Networks

Ashwin Rao 2006SIY7513 Supervisor: Arzad A. Kherani. Enhancements in Security, Performance Modeling and Optimization in Vehicular Networks. Introduction to VANETs. Mobile ad hoc networks (MANETs) with vehicles as mobile nodes Application classification

dobry
Download Presentation

Enhancements in Security, Performance Modeling and Optimization in Vehicular Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ashwin Rao 2006SIY7513 Supervisor: Arzad A. Kherani Enhancements in Security, Performance Modeling and Optimization in Vehicular Networks

  2. Introduction to VANETs • Mobile ad hoc networks (MANETs) with vehicles as mobile nodes • Application classification • Safety Related - Early Warning Messages • Best Effort – Traffic Optimization • Secure Transactions – Toll collection • Application to enhance safety of passengers

  3. VANET jargon • VANET – Vehicular Ad hoc networks • OBU – On Board Unit – communication equipment in vehicles • RSU – Road Side Unit - provides infrastructure • WAVE – Wireless Access in Vehicular Environment • DSRC – Dedicated Short Range Communication

  4. PKI: A brief overview • Asymmetric Keys (Pu -> Public key, Pr ->Private Key) • M = Pr(Pu(M)) & M = Pu(Pr(M)) -- where M is the message to be secured • Certificate contains the public key & signature of CA • Certificate sent with signed message to verify the signature of message • Certificate shouldn't be revoked for message to be accepted

  5. Security in VANETs • Security essential to the protect critical messages • Mechanism providing security need to address • Authenticity – genuine v/s malicious source • Anonymity – sender having right to privacy • Data Integrity – messages received as-is • Low Overheads – to retain usefulness of messages • Use of PKI based security proposed in IEEE 1609.2

  6. 1609 Protocol Stack • Data Flows and Resources • Secure Message formats and their processing • Network & Transport Layer Services • Enhancement to the 802.11 MAC

  7. Revocation of Certificates • Required to distinguish genuine and malicious nodes • When does the PKI revoke a certificate ? • It is compromised • It is used for malicious activity • Other reasons like terminating the V2V service • Problems • Revocation information to be propagated to all concerned

  8. Certificate Revocation Lists (CRLs) • PKI propagates revocation information using CRLs • CRLs are signed by the CA • Problems with CRLs in VANETs • Communication with infrastructure at irregular intervals • Varying contact times with infrastructure • Number of CRLs limited to storage space in OBU • Time to search the certificate in CRLs • Operating time of malicious node = avg. CRL update interval

  9. Accept/Drop Mechanism (Security Layer)

  10. Confidence In Security Infrastructure • What is the probability that a certificate is a good certificate if it is not available in the CRLs at OBU? • How recent are the CRLs in the OBU? • How recent is the certificate under consideration? • With how much confidence can you accept the signed message? • On what parameters is this confidence related to ?

  11. Parameters affecting CoS • r – the revocation rate • Var( T ) – variance in inter-CRL update times • E[ T ] - Expected CRL update interval • If Var(T) = 0 then

  12. Freshness checks • Sender and receiver have equal access to PKI • Sender checks if one of its certificates is revoked • The CA modifies the freshness check field in the certificate if it is not revoked • Freshness check field is part of the certificate • For receiver of messages to confirm freshness checks • For non-malicious senders to validate the genuineness of their certificates

  13. Freshness Checks

  14. Algorithm to Accept/Drop Messages

  15. Advantages of Freshness Checks • Time for verifying signed messages • Independent of number of CRLs and certificates in CRLs • OBUs need not store CRLs • Reduced storage requirement of OBU • Solves problem of CRL propagation • The validity of certificate dependent on the current value of CoS and not determined at time of issue.

  16. Reduced Operating Time Of Malicious Nodes Time at which a certificate was revoked

  17. Impact of Freshness checks Fraction of packets from non-compromised nodes Fraction of packets from compromised nodes

  18. FutureTasks • Relation between CoS and probability of messages from non-compromised nodes getting dropped • Impact of the overheads of security on performance of secure messages • Impact of periodic transmission on the performance of secure messages • Adapting rate of transmission V/S Adapting transmission range of messages

  19. Conclusion • Minimize some of the security overheads of verifying the messages by providing a constant time algorithm to accept/drop messages • Robust security infrastructure equally important for effective security

  20. Q&A

  21. Extra Slides (BACKUP)

  22. IEEE 1609 protocol stack • 1609.1 - Resource Manager • Data flows and Resources at all points • 1609.2 - Security Services • Secure message formats and processing based on PKI • 1609.3 – Networking Services • Network and Transport layer services • 1609.4 – Multi-channel operations • Enhancement to IEEE 802.11 MAC

  23. Research Agenda • Implement essential features of 1609.x protocol stack • Incorporate vehicular traffic & data traffic models • Simulate V2V messaging at each node. • Propose algorithm to accept and drop messages • Study the performance metrics across widely varying system parameters (with and without security) in V2V networks.

  24. Accept/Drop Mechanism (at Security Layer) • Received message signed using a certificate present in CRLs at OBU • Drop the packet • Received message signed using a certificate absent from the CRLs at OBU • Is the certificate revoked by the PKI ? • Is the certificate compromised but not revoked at the PKI ? • Is the certificate a genuine non-compromised certificate?

More Related