Title: Security, privacy and protection in different VANET applications afternoon session
1Security, privacy and protection in different
VANET applicationsafternoon session
2Vehicular security tools/techniquesOutline
- Conventional tools, Vehicle-PKI and secure
positioning - New tools (e.g., anonymous routing routing
attack secure incentives situation awareness
community trust trust cloud of commuters -
from the social net proposal) - Wormholes in the urban grid
- Privacy v.s. security trade offs
3Conventional techniques
- Tamper-proof device
- V-PKI
- Anonymous keys
- Secure Localization
4Tamper-proof device
- Each vehicle carries a tamper-proof device
- Contains the secrets of the vehicle itself
- Has its own battery
- Has its own clock (notably in order to be able to
sign timestamps) - Is in charge of all security operations
- Is accessible only by authorized personnel
5Digital signatures
- Symmetric cryptography is not suitable messages
are standalone, large scale, non-repudiation
requirement - Hence each message should be signed with a DS
- Liability-related messages should be stored in
the EDR (event data recorder)
6VPKI (Vehicular PKI)
Each vehicle carries in its Tamper-Proof Device
(TPD) A unique and certified identity
Electronic License Plate (ELP) A set of
certified anonymous public/private key
pairs Mutual authentication can be done without
involving a server Authorities (national or
regional) are cross-certified
7The CA hierarchy two options
The governments control certification Long
certificate chain Keys should be recertified on
borders to ensure mutual certification
Vehicle manufacturers are trusted Only one
certificate is needed Each car has to store the
keys of all vehicle manufacturers
8Anonymous keys
- Preserve identity and location privacy
- Keys can be preloaded at periodic checkups
- The certificate of Vs ith key
- Keys renewed according to vehicle speed (e.g., 1
min at 100 km/h) - Anonymity is conditional on the scenario
- The authorization to link keys with ELPs is
distributed (say, police court)
9Avoiding Big Brother
10DoS resilience
- Vehicles will probably have several wireless
technologies onboard - To thwart DoS, vehicles can switch channels or
communication technologies - Great market for Cognitive Radios
11Data verification by correlation
?? Bogus info attack relies on false data ??
Authenticated vehicles can also send wrong data
(on purpose or not) ?? The correctness of the
data should be verified ?? Correlation can help
12Security analysis
- How much can we secure VANETs?
- Messages are authenticated by their signatures
- Authentication protects the network from
outsiders - Correlation and fast revocation reinforce
correctness - Availability remains a problem that can be
alleviated - Non-repudiation is achieved because
- ELP and anonymous keys are specific to one
vehicle - Position is correct if secure positioning is in
place
13What PK cryptosystem to use?
- Available options
- RSA Sign most popular, but largest key size
- ECDSA (Elliptic Curve) most compact
- NTRUSign (Nth Truncated Polynomial) fastest in
signing and verification - Signature verification speed matters the most
- Further improvements that can help
- Vehicles verify only relevant content
- Several messages signed with same key
14Performance comparison
15Performance evaluation
ns-2 simulationsTwo scenarios drawn from
DSRCThe effect of message size (including the
security material) on delay, number of received
packets, and throughput is evaluated
Not to scale
16How msg size affects Delay,
17Number of received packets,
18and Throughput
19How to securely locate a vehicle
20Positioning systems
- Satellites
- GPS, Galileo, Glonass(Outdoor, Radio Frequency
(RF) Time of Flight (ToF)) - General Systems
- Active Badge(Indoor, Infrared(IR)), Olivetti
- Active Bat, Cricket(Indoor, Ultrasound(US)-based),
ATT Lab Cambridge, MIT - RADAR, SpotON, Nibble(Indoor/Outdoor, RF-Received
Signal Strength), Microsoft, Univof Washington,
UCLAXerox Palo Alto Lab - Ultra Wideband Precision Asset Location
System,(Indoor/Outdoor, RF-(UWB)-ToF),
Multispectral solutions, Inc.
21Positioning systems (cont)
- Ad hoc and sensor nets (no GPS)
- Convex position estimation (Centralized), UC
Berkeley - Angle of Arrival based positioning(Distributed,
Angle of Arrival), Rutgers - Dynamic fine-grained localization (Distributed),
UCLA - GPS-less low cost outdoor localization(Distributed
, Landmark-based), UCLA - GPS-free positioning (Distributed), EPFL
22GPS
23GPS Security Example of attack
A GPS simulator can send strong fake signals to
mask authentic weak signals
24GPS Security
- Other vulnerabilities
- Relaying attack connects the receiver to a
remote antenna - Signal-synthesis attack feeds the receiver with
false signals - Selective-delay attack predicts the signal ?t
earlier - Security solutions
- Tamper-resistant hardware
- Symmetric crypto
- Problem an authenticated receiver can hack the
system - Asymmetric crypto
- Problem additional delay
25Distance measurement techniques
26Attacks on RF and Ultra Sound ToF-based
techniques
27The challenge of secure positioning
- Goals
- preventing an insider attacker from cheating
about its own position - preventing an outsider attacker from spoofing the
position of an honest node - Our proposal Verifiable Multilateration
28Distance bounding
- RF distance bounding
- nanosecond precision required, 1ns 30cm
- UWB enables clock precision up to 2ns and 1m
positioning indoor and up to 2km outdoor - US distance bounding
- millisecond precision required,1ms 35cm
29Distance Bounding (RF)1993 (Brands and Chaum)
to prevent the Mafia fraud attack
The Bound (tr-ts)c/2 gt dreal
30(No Transcript)
31(No Transcript)
32Conclusion on secure positioning
- New research area
- Positioning tout court is not yet completely
solved (solutions will rely on GPS, on
terrestrial base stations, and on mutual distance
estimation) - Time of flight seems to be the most appropriate
technique - More information available at http//spot.epfl.ch
33New Tools on VANET Security and Privacy
- Secure Routing
- Security Incentives
- Situation awareness Trust
34A Secure Ad-hoc Routing Approach using Localized
Self-healing Communities
- Jiejun Kong, Xiaoyan Hong, Yunjung Yi, Joon-Sang
Park, Jun Liu, Mario Gerla - Computer Science Department Computer
Science Department - University of California, Los Angeles
University of Alabama, Tuscaloosa - jkong,yjyi,jspark,gerla_at_cs.ucla.edu
jliu,hxycs.ua.edu
35Problem Statement
- Threats to on-demand routing
- Active attack disruptive
- Denial-of-service attacks
- Packet loss, rushing attack, black-hole,
gray-hole, wormhole - Passive attack protocol-compliant
- Eavesdropper, traffic analyst ? anonymous routing
needed - We will focus on active threats
fromnon-cooperative (selfish or malicious)
members (eg, INTRUDERS)
36Typical On-demand Routing Attacks
- Most active attacks cause repeated RREQs
- Excessive RREQ repetitions exhaust network
resource - Current mechanism to reduce of allowed RREQ
floods per connection RREQ rate limit - NOT ENOUGH WHEN ACTIVE ATTACKERS ARE THE BEHIND
RREQ FLOODS - RREP DATA packet DROPS
- Caused by rushing attack etc. Hu et al.,WiSe03
- THEY Trigger more RREQ floods
- Source will keep retrying, with repeated RREQ,
causing massive congestion!!!!
37RUSHING ATTACK
dest
source
- Describe RUSHING ATTACK WITH ANIMATION
- Explain Perrig solution here..
38Outline
- Review of current countermeasures
- Community-based secure routing approach
- Strictly localized w/ clearly-defined per-hop
operation - Self-healing community substitutes single
node - Our analytic models
- Sub-polynomial model for network security
- Stochastic model for mobile networks
- Empirical simulation verification
- Summary
39Other countermeasures (for on-demand routing
against active attacks)
- Cryptographic protections
- Cannot stop internal non-cooperative network
members they have the keys TESLA in Ariadne,
PKI in ARAN - Network-based protections
- Straight-forward RREQ rate limit DSR, AODV
- Long RREQ interval causes non-trivial routing
performance degradation - Multi-path secure routingAwerbuch,WiSe02
Haas,WiSe03 - Not localized, incurs global overhead, expensive
- Node-disjoint multi-path preferred, but
challenging - Perrig solution to rushing (is it also multi
path?)
40Our design
- Goal Reduce of allowed RREQ floods (per
connection) to minimum - Ideally, 1 initial on-demand RREQ flood for each
e2e connection - In spite of attacks
- Solution
- Build multi-node self-healing communities to
counter non-cooperative packet loss - approach applies to wide range of ad hoc routing
protocols
41Community 2-hop scenario
community
- Explain two hop path intermediate nodes
community - Community leader (to be defined later)
42Community multi-hop scenario
- community is dynamically reconfigured (self
healing)
43Community Based Security (CBS)
- End-to-end communication between ad hoc terminals
- Community-to-community forwarding (not
node-to-node) - Challenge adversary knows CBS is operated in the
network - It would prevent the network from forming
communities - Network mobility etc. will disrupt CBS
44Community formation re-configuration
- On demand initial configuration
- Communities formed during RREP
- Simple heuristics promiscuously overheard 3
consecutive (ACKs of) RREP packets? set
community membership flag for the connection - Goal revisited reduce the need of RREQ floods
- In spite of non-cooperative packet loss
45Community formation around V
V1
V
U
E
V2
- (Potentially non-cooperative) Vs community must
be formed at RREP - Else V drops RREP and succeeds
- V1 and V2 need to know Vs upstream
46Protocol details
- (RREQ, upstream_node, )
- (RREP, hop_count, )
- The extra fields can be spared (in DSR or AODV)
47ACK-based configurationRemove self healing - not
an essential attribute
communities (if C forwards a correct RREP)
C
D
E
C
B
dest
source
C
48Community Concept helpsreduce RREQ in mobile
networks
- How does this work?
- Proactive re-configuration
- Each community loses shape due to mobility?
End-to-end proactive probing to maintain the
shape - PROBE unicast
- PROBE_REP unicast same as RREP
49Reconfig in 2-hop scenario
Old community becomes amorphousdue to random
node mobility etc.
- (PROBE, upstream, )
- (PROBE_REP, hop_count, )
- Unicast probing take-over in use
oldF
S
D
newF
50Communities help in mobile scenario multi-hop
case
dest
source
- Probing message can be piggybacked in data
packets - Probing interval Tprobe determined by network
dynamicsSimple heuristics Slow Increase Fast
Decrease
51Secure Incentives for Commercial Advertisement
Dissemination in Vehicular Networks
- Suk-Bok Lee and Seung Hyun Pan
- Tutor Joon-Sang Park
- Professor Mario Gerla
- CS 218 Class Project
- Fall 2006
- Accepted at Mobihoc 2007
52Presentation Outline
- Ad dissemination in VANET
- Signature-Seeking Drive
- Overview
- One-level advertising
- Multi-level advertising
- Evaluations
- Discussion
53Ad Dissemination in VANET
- Commercial Advertising via Car-to-Car
communication - Very promising application
- High mobility nature of vehicles
- Currently proposed scenarios
- Electronic coupon system, FleaNet, Digital
Billboards
54Advertising in VANET
Advertisement Content
Ad providers use VANET for disseminating their ads
55Advertising in VANET
u
Vehicle-Vehicle Communication
Vehicle u keeps forwarding this ad for In-N-Out
Burger
56Ad Dissemination in VANET
- In the real world
- Non-cooperative behaviors
- Selfish users
- Malicious users
- More serious threats
- e.g. DoS attacks (making dummy ads propagate over
the network.) - Even for naïve users
- Why should they help forward those commercial
ads for the benefit of the business companies?
57Vehicular Ad System
- Concerns in vehicular ad system
- Advertisers want to use VANET
- From a vehicle users viewpoint, the business
companies are exploiting vehicle users resources
for their own profit. - Graceful compromise
- Advertisers pay for the incentives for users
- Charges for network resources
- Or advertising charges
58Our framework
- Signature-Seeking Drive (SSD)
- Secure incentives for cooperative nodes
- No tamper-proof h/w assumptions
- No game theoretic approaches
- Leverages a PKI (public key infrastructure)
- A set of ad dissemination designs
59SSD overview
Vehicular Authority (VA)
Certified Ad
Request for Ad permission
Ad Distribution Point (ADP)
ADI
After verifying ADI, Vehicle u may agree to
disseminate the ad.
u
60Signature-Seeking Drive Overview
Rw
w
v
ADI
ADI
ADI
Rv
u
Vehicle-Vehicle Communication
Vehicle u keeps forwarding ADI
In return, receiving vehicles v, w provide
signed-receipts to u.
While driving its way, u may collect as many
receipts as it forwards ADI.
61Signature-Seeking Drive Overview
Vehicular Authority (VA)
Transaction Record
Charge
Colleted receipts
ADI
ADI
ADI
Rw
Rv
. . .
Receipts are exchangeable with virtual cash at
Virtual Cashier (e.g. gas station) a small
portion is reserved for each receipt-providing
nodes, too.
VA charges In-N-Out Burger such virtual cash
induced by ADIs
62Uncooperative Model
- Selfish nodes
- Seek to maximize their own profit
- Malicious nodes
- Try to intentionally disrupt the system
- We may encourage selfish nodes to participate in
the network with an incentive model, yet
malicious nodes try to attack the weak point of
the model. - ? Secure incentive !
63Ad Dissemination Models
- One-level advertisement
- Local advertising
- Most users receive the ad, with reasonable of
forwarding nodes
- Multi-level advertisement
- Intensive advertising over the wide area
64Notations
65One-level advertisement
- 1. Approval for advertisement (company I ??
Vehicular Authority)
Ad permit
2. Agreement with Ad Distribution Point (Is ADP
?? vehicle u)
Voucher
- ADP provides u with a voucher for us exclusive
use. - The notion of a voucher limits the dissemination
to one-level.
66One-level advertisement
- 3. Advertisement Dissemination (vehicle u ?
vehicle v)
Ad permit
Signed receipt
4. Receipt Redemption (vehicle u ? Virtual
Cashier VC)
Voucher
Collected receipts
- Each VC is connected with VA that maintains all
the transactions. - VC examines whether u has never redeemed us
voucher for ADI at any other VC before.
67Multi-level advertisement
- Level-free advertisement
- No vouchers, any nodes can reuse ADS and cash
receipts w/o a voucher - Simple and most intensive method for advertising
- Heavy outlay for advertisement, due to too much
redundancy - Compromise between one-level and level-free
- n-level advertising
- Company S sets a limit on the number of
propagation levels - Two designs Hash-chain based, and Onion voucher
based.
68Hash chain based n-level advertising
Contacting with Ss ADP
of levels S sets
Random by S
Advertisement Dissemination (u ? v)
Advertisement Dissemination (v ? x)
69Hash chain based n-level advertising
Receipt Redemption (x ? VC)
- VC first checks whether n-2 is non-zero and the
legitimacy of the corresponding hash value. - Weaknesses
- No coercive measures for nodes to reduce their
permissible levels by 1 - Malicious users can throw any permissible value
open to the public
70Onion voucher based n-level advertising
Example of onion voucher
Contacting with Ss ADP
Onion voucher for u
Advertisement Dissemination (u ? v)
Onion voucher for v
71Onion voucher based n-level advertising
Example of onion voucher
Receipt Redemption (x ? VC)
xs Onion voucher
- VC checks that of nodes included in OV is not
bigger than n - Onion voucher secures n-level dissemination
- Overhead by three-way handshake
72Evaluations
- Communication cost
- Storage requirement
- Computation overhead
- Analysis
- Incentive perspective
- Security of Signature-Seeking Drive
- Simulations on ns-2
- Westwood area (4Km x 4Km) with 1,000 cars
- West LA (10Km x 10Km) with 5,000 cars
73Communication cost
- One-level ad message format (utilizing Elliptic
Curve Cryptography) - senders certificate (84 bytes), ad content (x
bytes), ad provider ID (8 bytes), and senders
signature (28 bytes) on ad permit - Total message size (120 x) bytes
- Hash chain based n-level ad message format
- One-level message size the permissible level
value (1 byte) its corresponding hash value (20
bytes in SHA-1) (141 x) bytes - Onion voucher based n-level ad message format (of
a node in level d) - Two separate message due to three-way handshake.
- First message size one-level message size
(120 x) bytes - Second message size Onion voucher (28 bytes)
the certificates included in onion voucher (d x
84) (d x 84 28) bytes - Message size mainly depends on ad content size x
74Storage requirement
- One-level ad model (utilizing ECC)
- Ad permit (28 bytes), ad content (x bytes),
voucher (28 bytes), and K collected receipts (28
bytes) and their corresponding certificates (84
bytes) - Total storage requirement (K x 112 x
56) bytes - Hash chain based n-level ad model
- One-level storage requirement (excluding voucher)
the permissible level value (1 byte) its
corresponding hash value (20 bytes in SHA-1)
(K x 112 x 49) bytes - Onion voucher based n-level ad model (of a node
in level d) - One-level storage requirement (excluding voucher)
Onion voucher (28 bytes) the certificates
included in onion voucher (d x 84)
(d x 84 K x 112 x 28) bytes - Note each car may have multiple kinds of ads at
a time - The storage requirement mainly depends on the
number of the collected receipts
75Computation overhead
- Ex. vehicle u has 100 neighbors within its
communication range, and all the neighbors send
out their ads at regular interval of r ms. - Hash chain based n-level ad model
- Lower bound of processing time for each incoming
ad verifying time x 2 signing time 18.45 ms - r ms / 100 gt 18.45 ms ? interval length gt
1.845 sec - Onion voucher based n-level ad model
- Due to three-way handshake ad process
- Lower bound of processing time for each incoming
ad receipt ad processing time (verifying time
x 2 signing time 18.45 ms) receipt
processing time (verifying time signing time
10.87 ms) 29.32 ms - r ms / 100 gt 29.32 ms ? interval length gt
2.932 sec - Note each car may have multiple kinds of ads at
a time - The interval for each kind of ad may be multiple
times of the above interval.
76Upper bound of ad content size
- For the worst case condition, we set the maximum
throughput as 6 Mbps (the minimum data rate in
DSRC)
77Simulations
- Running on ns-2
- Mobility model from Saha et al.
- Two scenarios
- Westwood area (4x4Km) with 1,000 cars
- West LA (10x10Km) with 5,000 cars
78Unrealistic aspects in our simulation model
- Mobility model
- No traffic control
- Always constant speed
- Random starting point and destination for each
node - All nodes are always moving within the target
area. - No parked cars, no newcomers, or cars leaving the
area - Number of nodes
- Too few cars in our simulation model
- More than 10,000 cars in Westwood area
- More than 5 million cars in LA
79Westwood area (4x4Km) with 1,000 cars
- Ad coverage using varying number of Level 1 nodes
- Ad coverage by time
80Westwood area (4x4Km) with 1,000 cars
- Number of forwarding nodes
- Avg. received ads per vehicle
81The END