Secure pseudonym generation for efficient broadcast authentication in VANETs

Secure pseudonym generation for efficient broadcast authentication in

VANETs

Deepak N Ananth and Manjusha GadirajuCSC / ECE 774

Broadcast Authentication in VANETs

Outline:

Introduction to VANET Technology

Security requirements in VANET technology

Privacy protection in VANET

The proposed Protocol

Fast Authentication in VANET

Implementation and Future Work

References

2

Why VANET? - Motivation

Increase traveler safety

10.8 million vehicle crashes from 1990 to 2009

36,000 fatalities in 2009 only

24,000 of these due to collision with other vehicles / objects.

Costs more than $100 billion per year

Boost on-board luxury

3

Source: US Census Bureau : www.census.gov


Outline:

Introduction to VANET TechnologyIntroduction to VANET Technology






References

4

What is Vehicular Ad-Hoc Network ?

5

Higher Authority

RSU<m, S(m), cert>

m : <x,y> , loc, TvS(m) : ECDSA signaturecert : Public key certificate

OBU

Communication in VANET

7

Vehicular communication

Vehicle-Vehicle Vehicle-Infrastructure

Single-hop Multi-hop

Hybrid

VANET ApplicationsVANET Applications

Co-operative Collision Warning Lane Change Warning Intersection Collision Warning

Approaching Emergency vehicle Rollover Warning Work Zone Warning

Coupling/Decoupling Inter-Vehicle Communications Electronic Toll Collection

8

VANET Characteristics

The main characteristics of VANETs

High mobility of nodes

Rapidly changing network topology (predictable to some

extent)

Unbounded network size

Potential support from infrastructure

Real time , time-sensitive data exchange

Crucial effect of security and privacy

9


Outline:


Security in VANET technologySecurity in VANET technology



Broadcast Authentication in VANET

References

10

Security Requirements

Authentication

Privacy protection

Non-repudiation

Real-time constraints

Availability

11

12

Security Requirements (contd)Security Requirements (contd)

Outline



Privacy protection in VANETPrivacy protection in VANET

The Proposed Protocol


Security Analysis


References

13

Privacy – Important for VANETs

Cars = Personal Devices

Tracking of vehicles based on communication

messages

< m , S(m) , cert >

The feeling of permanently being monitored by an

arbitrary authority

Examples: Privacy threat

A private investigator can easily follow a car without

being noticed by extracting position information from

the messages sent by the car.

An employer is overhearing the communications from

cars on the company parking lot.

How to provide Privacy ???

Enter “pseudonyms”

• aliases which hide the real identity

Can be implemented using random numbers

Set of pseudonyms used during communication must

be mapped to real-world identities in special

situations Trusted Authority

How to use pseudonyms?

Single pseudonym all the time

– Easy to map alias with real identity

– Messages can be related

Store pseudonyms on the OBU and use over a long

period of time

– How many pseudonyms to load ?

– Compromised node ?


Outline




The Proposed ProtocolThe Proposed Protocol


Security Analysis


References

Protocol Overview

Privacy protection for local broadcast messages.

Short time on-the-fly pseudonym generation.

Estimate the number of pseudonyms required.

Local broadcast via Enhanced Fast Authentication

System Model

System Components

Central Authority (CA) : Centralized authority which registers the

vehicles before they are allowed to operate on the road. E.g.: DMV

Cannot be compromised

Roadside Authority (RA) : Authorized all road-side units. Cannot be

compromised.

Road Side Units (RSU) : Infrastructure nodes installed Road side.

Susceptible to compromise

Vehicular nodes: Nodes which transmit the messages. Susceptible

to compromise

Assumption Model

Each vehicle V when registered with the CA is provided a public / private

key pair and CApub

The RA periodically pulls information from the CA to get the latest up to

date CRL’s and registered vehicles information.

Each RA maintains a topological overview of the entire area under its

coverage

Attacker can compromise at most one RSU under a RA’s range.

At any time in the network there are more number of benign nodes than

the compromised nodes.

Attacker Model

External Attacker: Such an attacker is limited in the diversity of attacks he

can mount. However, he can eavesdrop on all the messages transferred.

Inside Attacker: The attacker can be an authenticated member of the

network; such an attacker can communicate with other members of the

network. E.g: Compromised RSUs and vehicles

23

Pseudonym generation - Step 1

24

RA

RSU -> * {RSUID, CertDMV (RSUpub ||RApub), RSUloc}

RSU-IDARSU-IDB


25

V -> RSU: {ID, RSUID, TV, (k + t)} RApub

RA


2626

RA -> RSU: {H(ID,Ni), Vpub, (k+t), Tv}

RACRL List

< VID , RSUID, (k + i), Ni >< V’ID , RSUID, (k + i)’, N’i >


27

RSU –> V: {SKv1, SKv

2… SKvk+I ,Cert (PKv

1 ||H(ID, Ni)), Cert (PKv2|| H(ID,

Ni)) ...Cert (PKvk+i- H(ID, Ni))} Vpub, Tv

RA

Revocation Protocol

Malicious vehicles need to be isolated from the

network

Revocation of vehicles should be done progressively.

Neighboring vehicles report the violation and the

pseudonym used to the next RA via the nearest RSU

RA determines the severity of the violation and

forwards the pseudonym to the Central Authority

28

Contd..

CA obtains the mapping of the pseudonym and the

vehicle’s identity

Puts the vehicle in the Revocation List

Distributes a copy of the Revocation list to all the RA’s

Takes appropriate action on the malicious vehicle

29


Outline:





Fast Authentication in VANETFast Authentication in VANET Security Analysis


References

30

Enhanced Fast Authentication

First proposed in “Flooding-Resilient Broadcast

Authentication for VANETs”

Secures single-hop periodic messages.

Replaces expensive digital signature technique with

efficient hash operations.

31

Step 1: Location prediction

Predict location information (<x,y>) over the next “I”

beacons

Construct a prediction table for each beacon.

32

Step 2: One Time Signatures

Makes use of Huffman coding for generating OTS.

Construct Huffman binary tree for each beacon.

Chain the “ I ” Huffman trees for the “ I ” beacons to

form a Chained Huffman tree (CHT).

The root of the CHT is the one time signature for the

authentication of the “ I ” beacons.

33

Step 2: One Time Signatures

34

Step 3: Signature Broadcast

Commitment of the tree Pkots must be authenticated to

all receivers via the generated pseudonyms.

Send first beacon

B0 = {m0,S(m0), cert} where ,

m0 = {T0,L0,PKots,Dx,Dy}

After commitment is authenticated, send “mi” and off-

path values of the CHT as the signature.35

Enhanced Pseudonym usage

Construct a Huffman tree for “I” beacons and include the

commitment in first beacon B0

Vehicles cannot authenticate messages if B0 is not received.

Send PKots every “ k ” beacons. (k < I).

Include “ k ” when requesting for pseudonyms.

In addition always maintain “t” minimum pseudonyms in OBU.

“ t “ can be varied according to the network conditions.

36

Foreseen Advantages

Parallelize the process of pseudonym generation and

beacon prediction.

• The vehicle can make the request for the pseudonyms

and perform the beacon prediction and PKots generation.

Lesser signature operations.

Not vulnerable to RSU attacks.

37


Outline:






Security Analysis Security Analysis Implementation and Future Work

References

38

Security Analysis

The protocol is secure against DoS attacks:

• Each vehicle spends a ltd. amount of time in RSU range.

• Vehicle accepts only the pre-calculated no. of

pseudonyms it requested for.

• RA and RSU have very high computation power.

39

The protocol is secure against replay attacks:

• Vehicles and the nodes are tightly synchronized.

• Include Tv in the message

The protocol is secure against vehicular impersonation

attacks:

• Ensure that the vehicle ID is never revealed in the open.

• TPD ensures that the keys are not revealed to user.

40

The protocol is secure against RSU impersonation:

• RA can determine RSU compromise based on the

complaints received.

• An RSU compromise affects communication only in the

range of the particular RSU

41


Outline:






Security Analysis

Implementation and Future WorkImplementation and Future Work

References

42

Simulations in VANET

VANET simulations require both networking component and

mobility component.

Usually represented by two different simulators.

Mobility simulator generates the mobility of vehicles

Network simulator provides feedback and modifies trace files

accordingly.

43

Our Simulation: Mobility simulation

Simulation of Urban Mobility (SUMO)

Have developed XML scripts to define the topology and

the vehicular movement in SUMO.

44

Our Simulation: Network simulation

Use Omnet ++ for network simulation

Veins simulation environment interface between the

network simulation and mobility.

INET framework to simulate wireless transmissions

45

Future Work

Continue working on network simulation part for

performance evaluation.

Optimize the protocol and enhance the bandwidth

efficiency and robustness of this scheme

46

References

[1] Hsiao, H.-C., Studer, A., Chen, C., Perrig, A., Bai, F., Bellur, B.,

Iyer, A.:"Flooding- Resilient Broadcast Authentication for

VANETs".

[2] Z. Li, Z. Wang, and C. Chigan, “Security of Vehicular Ad Hoc

Networks in Intelligent Transportation Systems,”

[3] http://www.car-to-car.org – Nice videos

[3] http://veins.car2x.org/

47

http://www.car-to-car.org/

http://veins.car2x.org/

Thank You

48

Secure pseudonym generation for efficient broadcast authentication in VANETs

Documents

Transcript of Secure pseudonym generation for efficient broadcast authentication in VANETs