Secure Incentives for Commercial Advertisement Dissemination in Vehicular Networks

1
Secure Incentives for Commercial Advertisement
Dissemination in Vehicular Networks

• Suk-Bok Lee, Gabriel Pan, J.S Park,
• Mario Gerla, Songwu Lu

2
Back Ground - VANET

• VANET (Vehicular Ad-hoc Network)
• Killer application
• Wireless Ad-hoc network
• Network security research

3
Back Ground - Convenance Applications CRN
(Congested Road Notification)
4
Back Ground - Attack 1 Bogus traffic
information
Traffic jam ahead

• Attacker insider, rational, active

5
Back Ground - Safety applications SVA (Stopped
or Slow Vehicle Advisor)
6
Back Ground - Attack 2 Disruption of network
operation
SLOW DOWN
The way is clear

• Attacker insider, malicious, active

7
Background - VANET

• VANET applications
• Safety
• Convenience
• Commercial
• VANET security
• Implied hole of protocol/mechanism itself
• Data

8
Ad Dissemination in VANET

• Commercial Advertising via Car-to-Car
  communication
• Very promising application
• High mobility nature of vehicles
• Currently proposed scenarios
• Electronic coupon system, FleaNet, Digital
  Billboards

9
Advertising in VANET
Advertisement Content
Ad providers use VANET for disseminating their ads
10
Advertising in VANET
u
Vehicle-Vehicle Communication
Vehicle u keeps forwarding this ad for the
restaurant
11
Ad Dissemination in VANET

• In the real world
• Non-cooperative behaviors
• Selfish users
• Malicious users
• More serious threats
• e.g. DoS attacks (making dummy ads propagate over
  the network.)
• Even for naïve users
• Why should they help forward those commercial
  ads for the benefit of the business companies?

12
Vehicular Ad System

• Concerns in vehicular ad system
• Advertisers want to use VANET
• From a vehicle users viewpoint, the business
  companies are exploiting vehicle users resources
  for their own profit.
• Graceful compromise
• Advertisers pay for the incentives for users
• Charges for network resources
• Or advertising charges

13
Our framework

• SSD Signature-Seeking Drive
• Secure incentives for cooperative nodes
• No tamper-proof h/w assumptions
• No game theoretic approaches
• Leverages a PKI (public key infrastructure)
• A set of ad dissemination designs

14
SSD overview
Vehicular Authority (VA)
Certified Ad
Request for Ad permission
Ad Distribution Point (ADP)
ADI
After verifying ADI, Vehicle u may agree to
disseminate the ad.
u
15
Signature-Seeking Drive Overview
Rw
w
v
ADI
ADI
ADI
Rv
u
Vehicle-Vehicle Communication
Vehicle u keeps forwarding ADI
In return, receiving vehicles v, w provide
signed-receipts to u.
While driving its way, u may collect as many
receipts as it forwards ADI.
16
Signature-Seeking Drive Overview
Vehicular Authority (VA)
Transaction Record
Charge
Colleted receipts
ADI
ADI
ADI
Rw
Rv
. . .
Receipts are exchangeable with virtual cash at
Virtual Cashier (e.g. gas station) predefined
amount of cash is reserved for each
receipt-providing node, too.
VA charges the restaurant such virtual cash
induced by ADIs
17
Uncooperative Model

• Selfish nodes
• Seek to maximize their own profit
• Malicious nodes
• Try to intentionally disrupt the system
• We may encourage selfish nodes to participate in
  the network with an incentive model, yet
  malicious nodes try to attack the weak point of
  the model.
• ? Secure incentive !

18
Ad Dissemination Models

• One-level advertisement
• Local advertising
• Most users receive the ad, with reasonable of
  forwarding nodes

• Multi-level advertisement
• Intensive advertising over the wide area

19
Notations
20
One-level advertisement (1)

• 1. Approval for advertisement

Ad permit
2. Agreement with Ad Distribution Point
Voucher

• ADP provides u with a voucher for us exclusive
  use.
• The notion of a voucher limits the dissemination
  to one-level.

21
One-level advertisement (2)

• 3. Advertisement Dissemination

Ad permit
Signed receipt
4. Receipt Redemption
Voucher
Collected receipts

• Each VC is connected with VA that maintains all
  the transactions.
• VC examines whether u has never redeemed us
  voucher for ADI at any other VC before.

22
Level-free advertisement

• Level-free advertisement
• No vouchers, any nodes can reuse ADS
• Simple and most intensive method for advertising
• Heavy outlay for advertisement, due to too much
  redundancy

23
n-level advertisement

• Compromise between one-level and level-free
• n-level advertising
• Company S sets a limit on the number of
  propagation levels
• Two designs Hash-chain based, and Onion voucher
  based.

24
Hash chain based n-level advertising (1)
1. Contacting with Ss ADP
of levels S sets
Random by S
2. Advertisement Dissemination (u ? v)
3. Advertisement Dissemination (v ? x)
25
Hash chain based n-level advertising (2)
4. Receipt Redemption (x ? VC)
VC first checks whether n-2 is non-zero and the
legitimacy of the corresponding hash value.

• Weaknesses
• No coercive measures for nodes to reduce their
  permissible levels by 1
• Malicious users can throw any permissible value
  open to the public

26
Onion voucher based n-level advertising(1)
Example of onion voucher
1. Contacting with Ss ADP
Onion voucher for u
2. Advertisement Dissemination (u ? v)
Onion voucher for v
27
Onion voucher based n-level advertising(2)
Example of onion voucher
3. Receipt Redemption (x ? VC)
xs Onion voucher

• VC checks that of nodes included in OV is not
  bigger than n
• Onion voucher secures n-level dissemination
• Overhead by three-way handshake

28
Evaluations

• Communication cost
• Storage requirement
• Computation overhead
• Simulations on ns-2
• Westwood area (4Km x 4Km) with 1000 cars

29
Communication cost

• One-level ad message format (utilizing Elliptic
  Curve Cryptography)
• senders certificate (84 bytes), ad content (x
  bytes), ad provider ID (8 bytes), and senders
  signature (28 bytes) on ad permit
• Total message size (120 x) bytes
• Hash chain based n-level ad message format
• One-level message size the permissible level
  value (1 byte) its corresponding hash value (20
  bytes in SHA-1) (141 x) bytes
• Onion voucher based n-level ad message format (of
  a node in level d)
• Two separate message due to three-way handshake.
• First message size one-level message size
  (120 x) bytes
• Second message size Onion voucher (28 bytes)
  the certificates included in onion voucher (d x
  84) (d x 84 28) bytes
• Message size mainly depends on ad content size x

30
Storage requirement

• One-level ad model (utilizing ECC)
• Ad permit (28 bytes), ad content (x bytes),
  voucher (28 bytes), and K collected receipts (28
  bytes) and their corresponding certificates (84
  bytes)
• Total storage requirement (K x 112 x
  56) bytes
• Hash chain based n-level ad model
• One-level storage requirement (excluding voucher)
  the permissible level value (1 byte) its
  corresponding hash value (20 bytes in SHA-1)
  (K x 112 x 49) bytes
• Onion voucher based n-level ad model (of a node
  in level d)
• One-level storage requirement (excluding voucher)
  Onion voucher (28 bytes) the certificates
  included in onion voucher (d x 84)
  (d x 84 K x 112 x 28) bytes
• Note each car may have multiple kinds of ads at
  a time
• The storage requirement mainly depends on the
  number of the collected receipts

31
Computation overhead

• Hash chain based n-level ad model
• Lower bound of processing time for each incoming
  ad verifying time x 2 signing time 18.45 ms
• r ms / 100 gt 18.45 ms ? interval length gt
  1.845 sec
• Onion voucher based n-level ad model
• Lower bound of processing time for each incoming
  ad receipt ad processing time (verifying time
  x 2 signing time 18.45 ms) receipt
  processing time (verifying time signing time
  10.87 ms) 29.32 ms
• r ms / 100 gt 29.32 ms ? interval length gt
  2.932 sec

32
Simulations

• Running on ns-2
• Mobility model from Saha et al.
• Westwood area (4x4Km)
• 1 hour movement pattern of 1000 vehicles
• Experiment with 1 and 5 of level-1 nodes

33
Unrealistic aspect in our simulation model

• Mobility model
• No traffic control
• Always constant speed
• Random starting point and destination for each
  node
• All nodes are always moving within the target
  area.
• No parked cars, no new comers, or no cars leaving
  the area
• Number of nodes
• Too few cars in our simulation model
• More than 10000 cars in Westwood area

34
Westwood area (4x4Km) with 1000 cars

• Number of ad-receiving nodes with 1 and 5
  Level-1 nodes

35
Westwood area (4x4Km) with 1000 cars

• Number of advertising nodes with 1 and 5 of
  Level-1 nodes

36
Westwood area (4x4Km) with 1000 cars

• Average number of ad-receiving per vehicle within
  30 min
• Advertising costs

37
Conclusion

• Potential and promising scenario
• PKI for secure incentive
• A set of dissemination models
• Remaining issues
• Privacy issue
• Temporal certificate
• Who will be CA?