Certificate-Based Securing Vehicular Networks

1
Certificate-Based Securing Vehicular Networks

• Instructor Ivan Stojmenovic
• Presenter Guan, Wen
• 6582156
• wguan061_at_uottawa.ca

2
Outline

• Introduction
• Benefits of VANET
• Different types of attacks and threats
• Requirements and challenges
• Security Architecture
• Vehicular PKI

3
Vehicular ad-hoc network(VANET)

• It offers vehicle-to-vehicle (V2V) and
  vehicle-to-infrastructure (V2I) communication

4
Benefits of VANET

• Collision Avoidance
• Data transmitted from a roadside infrastructure
  to a vehicle could reduce the number of accidents
  by warn the driver.

5
Benefits of VANET

• Cooperative Driving
• Many accidents come from the lack of
  collaboration between drivers.
• We can prevent many accidents if we provide
  more information to drivers.
• Traf?c Optimization
• Vehicles could detect if the number of
  neighboring vehicles is too many and their
  avenges speed is too slow, and then relay this
  information to vehicles approaching the location.

6
Different types of attacks and threats

• Bogus information attack
• Adversaries send bogus information in the
  VENET so as to influence the decisions of other
  drivers.
• e.g. Greedy Drivers
• Attacker may interfere other drivers by
  report a non-exist jamming for a better driving
  condition.

7
Bogus information attack
8
Different types of attacks and threats

• Disrupt the VANET (e.g. Denial of Service)
• Attacker sends too many messages and jams the
  wireless channel.
• Vehicle Tracking
• Masquerading
• Active attack attempts pretends to be another
  driver by using fake identities and can be
  provoked by malicious objectives.

9
Vehicle Tracking
10
Requirements and challenges

• Time sensitivity
• Vehicles move at a fast rate.
• Scalability Extremely large amount of network
  entities
• Adaptive privacy
• Diverse privacy degrees.
• Users can choose their own privacy degree.
• Real-time response

11
Requirements and challenges

• Characteristics
• High mobility
• Dynamic topology
• Large scale
• High density

Challenges Maintaining routing tables is
difficult Scalability
12
Security Architecture

• Vehicular PKI (Public key infrastructure)

13
Security Hardware

• Event Data Recorder (EDR) provides tamper-proof
  storage.
• Main responsible record the vehicles
  critical data.
• Tamper-Proof Device (TPD) possesses
  cryptographic processing capabilities.
• Main responsible
• 1 store cryptographic material.
• 2 perform cryptographic procedure.
• 3 sign and verify safety messages.

14
Vehicular Public Key Infrastructure

• Certificate Authorities (CAs)
• CA issues certified public/private key pairs to
  vehicles.
• The different CAs should be cross-certified.
  Vehicles from different countries or
  manufacturers should verify each other.
• Require too much storage space

15
Authentication

• To authenticate each other, vehicles will sign
  each message with their private key and attach
  the corresponding certificate.
• When another vehicle receives this message, it
  verifies the key used to sign the message and
  once this is done correctly, it verifies the
  message.

16
Certificate Revocation

• The most common way to revoke certificates is the
  distribution of CRLs (Certificate Revocation
  Lists) that contain the most recently revoked
  certificates CRLs are provided when
  infrastructure is available.
• But there are several drawbacks to this approach.
  
• 1?CRLs can be very long due to the large
  number of vehicles and their high mobility.
• 2?the short lifetime of certificates still
  creates a vulnerability window.
• 3?the availability of an infrastructure will not
  be pervasive, especially in the first years of
  deployment.
• Solution Revocation Protocol of the Tamper-Proof
  Device

17
PKI solutionCommunications require the provision
of data integrity
18
Communications require the provision of data
integrity
19
Communications require the provision of data
integrity
20
Signed message format

• There are 4 parts
• 1 message header
• 2 the certificate
• 3 message payload
• 4the signature of the signed message.

21
Signed message format

• The length of signed message defined as
• The security overhead is
• The total message size

22
Transmission Latency

• The transmission latency of employing the
  certificate-based PKI scheme for VANETs can be
  represented as

23
Question 1

• What is Denial of Service in VANET?
• Attacker sends too many messages and jams the
  wireless channel.

24
Question 2

• If data transmission rate is 6Mbit/s, signed
  message format as follow
• Please calculate the transmission latency.

25
Question 2

• The transmission latency of employing the
  certificate-based PKI scheme for VANETs can be
  represented as
• 2008 bits (267) x 8
  552 bits
• The transmission latency is

26
Question 3

• What is the process of Vehicular PKI.
• To authenticate each other, vehicles will add
  digital signature at each message, this digital
  signature was generated by encrypted hash value
  of message using the private key. Thus, after
  another vehicle receives this message, it
  verifies the key used to sign the message. Only
  if two values are equal, it verifies the message.

27

• Bibliography
• 1 B. Parno and A. Perrig, Challenges in
  securing vehicular networks, in Proceedings of
  the Workshop on Hot Topics in Networks
  (HotNets-IV), 2005.
• 2 M. Raya and Jean. Hubaux. The security of
  vehicular ad hoc networks. In Workshop on
  Security in Ad hoc and Sensor Networks (SASN),
  2005.
• 3 IEEE P1609.2/D2 Draft Standard for Wireless
  Access in Vehicular Environments Security
  Services for Applications and Management
  Messages, November 2005.
• 4 J.-P. Hubaux, S. Capkun and J. Luo, The
  security and privacy of smart vehicles, IEEE
  Security andPrivacy Magazine 2(3) (2004), 4955.
• 5 D. Jungels, M. Raya, I. Aad and J.-P. Hubaux,
  Certi?cate revocation in vehicular ad hoc
  networks, Technical Report LCA-REPORT-2006-006,
  EPFL, 2006.
• 6 X. Lin et al., GSIS A Secure and
  Privacy-Preserving Protocol for Vehicular
  Communications, IEEE Trans. Vehic. Tech., vol.
  56, no. 6, Nov. 2007, pp. 344256.

28
Thank you!