1 / 52

Securing Vehicular Commuinications – Assumptions, Requirements, and Principles

This paper discusses the assumptions, requirements, and principles for securing vehicular communications, including message authentication, entity authentication, access control, privacy, and availability.

econnor
Download Presentation

Securing Vehicular Commuinications – Assumptions, Requirements, and Principles

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Vehicular Commuinications – Assumptions, Requirements, and Principles P. Papadimitratos, EPFL, Lausanne, Switzerland V. Gligor, University of Maryland, College Park, USA J-P. hubaux, EPFL, Lausanne, Switzerland Presentor: Guo Yu Lu

  2. Outline • Introduction • Security Requirements • System Model • Communication Model • Adversary Model • Design Principles

  3. What is VANET ?

  4. What is VANET Vehicular Ad–Hoc Network, or VANET • a form of Mobile ad-hoc network • provide communication - among nearby vehicles - between vehicles - nearby fixed equipment

  5. Introduction • How vehicular communications work - road-side infrastructure units (RSUs), named network nodes, are equipped with on-board processing and wireless communication modules

  6. How vehicular communications work (Continue) - vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication will be possible

  7. What can VANET provide ?

  8. Warnings!!!

  9. Warnings!!!

  10. traffic and road conditions

  11. traffic and road conditions

  12. What can VANET provide The VANET can provide • Safety • Efficiency • Traffic and road conditions • Road signal alarm • Local information

  13. Related work Research have been worked • Outline challenges for VANET - availablility, mobility • Describe particular attacks -DoS, alteration attacks • Suggest solution towards attacks This paper provide a basis for the development of future vehicular security schemes

  14. Security Requirements

  15. SECURITY

  16. Security Requirements • Message Authentication and Integrity • Message Non-Repudiation • Entity Authentication • Access Control Authorization • Message Confidentiality • Privacy and Anonymity • Availability • Liability Identification

  17. Security Requirements • Message Authentication and Integrity - Message must be protected from any alteration • Message Non-Repudiation - The sender of a message cannot deny having sent a message • Entity Authentication - The receiver is ensured that the sender generated a message - The receiver has evidence of the liveness of the sender

  18. Security Requirements • Access Control -determined locally by policies - authorization established what each node is allowed to do in the network • Message Confidentiality - the content of a message is kept secret from those nodes that are not authorized to access it

  19. Security Requirements • Privacy and Anonymity - vehicular communication (VC) systems should not disclose any personal and private information of their users - any observers should not know any future actions of other nodes - anonymitymay not be a reasonable requirement for all entities of the vehicular communications system

  20. Security Requirements • Availability - protocols and services should remain operational even in the presence of faults, malicious or benign • Liability Identification - users of vehicles are liable for their deliberate or accidental actions that disrupt the operation of other nodes

  21. System Model

  22. System Model • Vehicular communications system - Users - Network nodes - Authorities

  23. System Model Note. From “Securing Vehicular Communications – Assumptions, Requirements, and Principles,” by P. Papadimitratos, V. Gligor, J-P Hubaux, In Proceedings of the Workshop on Embedded Security in Cars (ESCAR) 2006, November 2006.

  24. System Model • Users - user is the owner or the driver or a passenger of the vehicle • Network Nodes - processes running on computing platforms capable of wireless communication - Mounted on vehicles and road-side units (RSUs)

  25. System Model • Authorities - public agencies or corporations with administrative powers - for example, city or state transportation authorities

  26. System Model • VC system operational assumptions • Authorities • Vehicle Identification and Credentials • Infrastructure Identification and Credentials • User Identification and Credentials • User and Vehicle Association • Trusted Components

  27. System Model • Authorities - trusted entities or nodes - issuing and manage identities and credentials for vehicular network - establish two-way communication with nodes • Vehicle Identification and Credentials - unique identity V - a pair of private and public keys, kv and KV - certificate CertX{KV, AV} issued by authority X - V denotes on-board central processing and communication module

  28. System Model Note. From “Securing Vehicular Communications – Assumptions, Requirements, and Principles,” by P. Papadimitratos, V. Gligor, J-P Hubaux, In Proceedings of the Workshop on Embedded Security in Cars (ESCAR) 2006, November 2006.

  29. System Model Infrastructure Identification and Credentials - unique identity I - a pair of private and public key kI and KI - certificate CertZ{KI, AI} issued by authority Z - gateway to the authorities - gateway to the mobile vehicles - RSUs’ locations are fixed - public vehicles -considered trustworthy -be used to assist security related operations

  30. What are public vehicles ?

  31. System Model • User identification and Credentials - Unique identity, U - a pair of private and public keys, kU and KU - Certificate CertY{KU , AU } issued by authority Y • User and Vehicle Association - user is the owner or the driver or a passenger of the vehicle - assume only one user can operate a vehicle - assume the user is the driver

  32. System Model • Trusted Components (TCs) - nodes equipped with trusted components, i.e., built-in hardware and firmware - TCs enforce a policy on the interaction with the on-board software - Access to any information stored in the TCs and modification of their functionality can be done only by the interface provided by the TCs. - perform cryptographic operations with signature generations and verifications

  33. Communication Model

  34. Communication Model • Model the wireless communication in vehicular networks, whose connectivity can change frequently • Focus mainly on the data link layer

  35. Communication Model • Data-link layer primitives and assumption • SendL(V,m) : transmits message m to node V within radius R of the transmitting node • BcastL(m) : broadcasts message m to all nodes within radius R of the transmitting node • ReceiveL(m) : receives message m transmitted by a node within radius R of the receiver • A link (W,V) exists when two nodes W and V are able to communicate directly

  36. Communication Model • Links are either up or down, and their state does not change faster than the transmission time of a single packet The network connectivity, at a particular instance in time. Modeled as the graph G the edges of which are all up links. • Transmissions from W are received by all nodes V such that (W, Vi) is up during the entire duration of the packet transmission Packets are delivered across an up link within a maximum link delay τ or they are not delivered at all.

  37. Communication Model • Communication across the network is dependent on • availability of sufficient resources • bandwidth - shared medium contend - bandwidth can fluctuate - unevenly distributed among neighbors - links may be congested

  38. Communication Model • Communication Radius, R • Vary over time • Different classes of nodes may operate with different R • Multi-domain and Highly Volatile environment • Nodes are not bound to administrative and geographical boundaries • Any two or more nodes communicate independently

  39. Communication Model • Frequent Broadcast Communication • Most of the vehicular network traffic is Broadcasted at the network or application layers • Message are transmitted either periodically or triggered by network events • Transmission period is low • Time-sensitive Communication • Message delivery can be constrained by deadlines - different messages have different delay requirements

  40. Adversary Model

  41. Adversary Model • Network nodes - correct or benign - faulty or adversaries - external adversaries - Internal adversaries - active adversaries - passive adversaries

  42. faulty is not always malicious!!!

  43. Adversary Model Internal Active Adversaries • Multiple adversarial nodes - adversaries are independent - adversaries can collude - based on TCs, colluding adversaries are prevented from exchanging cryptographic material and credentials

  44. Adversary Model • Internal Active Adversaries (continue) • non-adaptive adversary  Adversarial nodes are fixed • adaptive adversary  Adversarial nodes change over time • Computationally bounded adversary  adversaries are computationally limited - limited resources and computational power - the knowledge of an adversary is limited - memory finite

More Related