480 likes | 723 Views
Secure pseudonym generation for efficient broadcast authentication in VANETs. Deepak N Ananth and Manjusha Gadiraju CSC / ECE 774. Broadcast Authentication in VANETs. Outline: Introduction to VANET Technology Security requirements in VANET technology Privacy protection in VANET
E N D
Secure pseudonym generation for efficient broadcast authentication in VANETs Deepak N Ananth and Manjusha Gadiraju CSC / ECE 774
Broadcast Authentication in VANETs • Outline: • Introduction to VANET Technology • Security requirements in VANET technology • Privacy protection in VANET • The proposed Protocol • Fast Authentication in VANET • Implementation and Future Work • References
Why VANET? - Motivation • Increase traveler safety • 10.8 million vehicle crashes from 1990 to 2009 • 36,000 fatalities in 2009 only • 24,000 of these due to collision with other vehicles / objects. • Costs more than $100 billion per year • Boost on-board luxury Source: US Census Bureau : www.census.gov
Broadcast Authentication in VANETs • Outline: • Introduction to VANET Technology • Security requirements in VANET technology • Privacy protection in VANET • The proposed Protocol • Fast Authentication in VANET • Implementation and Future Work • References
What is Vehicular Ad-Hoc Network ? m : <x,y> , loc, Tv S(m) : ECDSA signature cert : Public key certificate Higher Authority RSU <m, S(m), cert> OBU
Communication in VANET Vehicular communication Vehicle-Infrastructure Vehicle-Vehicle Hybrid Single-hop Multi-hop
VANET Characteristics • The main characteristics of VANETs • High mobility of nodes • Rapidly changing network topology (predictable to some extent) • Unbounded network size • Potential support from infrastructure • Real time , time-sensitive data exchange • Crucial effect of security and privacy
Broadcast Authentication in VANETs • Outline: • Introduction to VANET Technology • Security in VANET technology • Privacy protection in VANET • The proposed Protocol • Broadcast Authentication in VANET • References
Security Requirements • Authentication • Privacy protection • Non-repudiation • Real-time constraints • Availability
Outline • Introduction to VANET Technology • Security requirements in VANET technology • Privacy protection in VANET • The Proposed Protocol • Fast Authentication in VANET • Security Analysis • Implementation and Future Work • References
We Need Privacy Privacy – Important for VANETs • Cars = Personal Devices • Tracking of vehicles based on communication messages < m , S(m) , cert > • The feeling of permanently being monitored by an arbitrary authority
Examples: Privacy threat • A private investigator can easily follow a car without being noticed by extracting position information from the messages sent by the car. • An employer is overhearing the communications from cars on the company parking lot.
How to provide Privacy ??? • Enter “pseudonyms” • aliases which hide the real identity • Can be implemented using random numbers • Set of pseudonyms used during communication must be mapped to real-world identities in special situations Trusted Authority
How to use pseudonyms? • Single pseudonym all the time • Easy to map alias with real identity • Messages can be related • Store pseudonyms on the OBU and use over a long period of time • How many pseudonyms to load ? • Compromised node ?
Broadcast Authentication in VANETs • Outline • Introduction to VANET Technology • Security requirements in VANET technology • Privacy protection in VANET • The Proposed Protocol • Fast Authentication in VANET • Security Analysis • Implementation and Future Work • References
Protocol Overview • Privacy protection for local broadcast messages. • Short time on-the-fly pseudonym generation. • Estimate the number of pseudonyms required. • Local broadcast via Enhanced Fast Authentication
System Components • Central Authority (CA) : Centralized authority which registers the vehicles before they are allowed to operate on the road. E.g.: DMV Cannot be compromised • Roadside Authority (RA): Authorized all road-side units. Cannot be compromised. • Road Side Units (RSU) : Infrastructure nodes installed Road side. Susceptible to compromise • Vehicular nodes: Nodes which transmit the messages. Susceptible to compromise
Assumption Model • Each vehicle V when registered with the CA is provided a public / private key pair and CApub • The RA periodically pulls information from the CA to get the latest up to date CRL’s and registered vehicles information. • Each RA maintains a topological overview of the entire area under its coverage • Attacker can compromise at most one RSU under a RA’s range. • At any time in the network there are more number of benign nodes than the compromised nodes.
Attacker Model • External Attacker: Such an attacker is limited in the diversity of attacks he can mount. However, he can eavesdrop on all the messages transferred. • Inside Attacker: The attacker can be an authenticated member of the network; such an attacker can communicate with other members of the network. E.g: Compromised RSUs and vehicles
Pseudonym generation - Step 1 RA RSU-IDA RSU-IDB RSU -> * {RSUID, CertDMV (RSUpub ||RApub), RSUloc}
Pseudonym generation - Step 2 RA V -> RSU: {ID, RSUID, TV, (k + t)} RApub
Pseudonym generation - Step 3 CRL List RA < VID , RSUID, (k + i), Ni > < V’ID , RSUID, (k + i)’, N’i > RA -> RSU: {H(ID,Ni), Vpub, (k+t), Tv} 26
Pseudonym generation - Step 4 RA RSU –> V:{SKv1, SKv2… SKvk+I ,Cert (PKv1 ||H(ID, Ni)), Cert (PKv2|| H(ID, Ni)) ...Cert (PKvk+i- H(ID, Ni))}Vpub, Tv
Revocation Protocol • Malicious vehicles need to be isolated from the network • Revocation of vehicles should be done progressively. • Neighboring vehicles report the violation and the pseudonym used to the next RA via the nearest RSU • RA determines the severity of the violation and forwards the pseudonym to the Central Authority
Contd.. • CA obtains the mapping of the pseudonym and the vehicle’s identity • Puts the vehicle in the Revocation List • Distributes a copy of the Revocation list to all the RA’s • Takes appropriate action on the malicious vehicle
Broadcast Authentication in VANETs • Outline: • Introduction to VANET Technology • Security requirements in VANET technology • Privacy protection in VANET • The proposed Protocol • Fast Authentication in VANET • Security Analysis • Implementation and Future Work • References
Enhanced Fast Authentication • First proposed in “Flooding-Resilient Broadcast Authentication for VANETs” • Secures single-hop periodic messages. • Replaces expensive digital signature technique with efficient hash operations.
Step 1: Location prediction • Predict location information (<x,y>) over the next “I” beacons • Construct a prediction table for each beacon.
Step 2: One Time Signatures • Makes use of Huffman coding for generating OTS. • Construct Huffman binary tree for each beacon. • Chain the “ I ” Huffman trees for the “ I ” beacons to form a Chained Huffman tree (CHT). • The root of the CHT is the one time signature for the authentication of the “ I ” beacons.
Step 3: Signature Broadcast • Commitment of the tree Pkots must be authenticated to all receivers via the generated pseudonyms. • Send first beacon B0 = {m0,S(m0), cert} where , m0 = {T0,L0,PKots,Dx,Dy} • After commitment is authenticated, send “mi” and off-path values of the CHT as the signature.
Enhanced Pseudonym usage • Construct a Huffman tree for “I” beacons and include the commitment in first beacon B0 • Vehicles cannot authenticate messages if B0 is not received. • Send PKots every “ k ” beacons. (k < I). • Include “ k ” when requesting for pseudonyms. • In addition always maintain “t” minimum pseudonyms in OBU. • “ t “ can be varied according to the network conditions.
Foreseen Advantages • Parallelize the process of pseudonym generation and beacon prediction. • The vehicle can make the request for the pseudonyms and perform the beacon prediction and PKots generation. • Lesser signature operations. • Not vulnerable to RSU attacks.
Broadcast Authentication in VANETs • Outline: • Introduction to VANET Technology • Security requirements in VANET technology • Privacy protection in VANET • The proposed Protocol • Fast Authentication in VANET • Security Analysis • Implementation and Future Work • References
Security Analysis • The protocol is secure against DoS attacks: • Each vehicle spends a ltd. amount of time in RSU range. • Vehicle accepts only the pre-calculated no. of pseudonyms it requested for. • RA and RSU have very high computation power.
The protocol is secure against replay attacks: • Vehicles and the nodes are tightly synchronized. • Include Tv in the message • The protocol is secure against vehicular impersonation attacks: • Ensure that the vehicle ID is never revealed in the open. • TPD ensures that the keys are not revealed to user.
The protocol is secure against RSU impersonation: • RA can determine RSU compromise based on the complaints received. • An RSU compromise affects communication only in the range of the particular RSU
Broadcast Authentication in VANETs • Outline: • Introduction to VANET Technology • Security requirements in VANET technology • Privacy protection in VANET • The proposed Protocol • Fast Authentication in VANET • Security Analysis • Implementation and Future Work • References
Simulations in VANET • VANET simulations require both networking component and mobility component. • Usually represented by two different simulators. • Mobility simulator generates the mobility of vehicles • Network simulator provides feedback and modifies trace files accordingly.
Our Simulation: Mobility simulation • Simulation of Urban Mobility (SUMO) • Have developed XML scripts to define the topology and the vehicular movement in SUMO.
Our Simulation: Network simulation • Use Omnet ++ for network simulation • Veins simulation environment interface between the network simulation and mobility. • INET framework to simulate wireless transmissions
Future Work • Continue working on network simulation part for performance evaluation. • Optimize the protocol and enhance the bandwidth efficiency and robustness of this scheme
References [1] Hsiao, H.-C., Studer, A., Chen, C., Perrig, A., Bai, F., Bellur, B., Iyer, A.:"Flooding- Resilient Broadcast Authentication for VANETs". [2] Z. Li, Z. Wang, and C. Chigan, “Security of Vehicular Ad Hoc Networks in Intelligent Transportation Systems,” [3] http://www.car-to-car.org – Nice videos [3] http://veins.car2x.org/