Enhancements in Security, Performance Modeling and Optimization in Vehicular Networks

1
Enhancements in Security, Performance Modeling
and Optimization in Vehicular Networks

• Ashwin Rao
• 2006SIY7513
• Supervisor Arzad A. Kherani

2
Introduction to VANETs

• Mobile ad hoc networks (MANETs) with vehicles as
  mobile nodes
• Application classification
• Safety Related - Early Warning Messages
• Best Effort Traffic Optimization
• Secure Transactions Toll collection
• Application to enhance safety of passengers

3
VANET jargon

• VANET Vehicular Ad hoc networks
• OBU On Board Unit communication equipment in
  vehicles
• RSU Road Side Unit - provides infrastructure
• WAVE Wireless Access in Vehicular Environment
• DSRC Dedicated Short Range Communication

4
PKI A brief overview

• Asymmetric Keys (Pu -gt Public key, Pr -gtPrivate
  Key)
• M Pr(Pu(M)) M Pu(Pr(M)) -- where M is the
  message to be secured
• Certificate contains the public key signature
  of CA
• Certificate sent with signed message to verify
  the signature of message
• Certificate shouldn't be revoked for message to
  be accepted

5
Security in VANETs

• Security essential to the protect critical
  messages
• Mechanism providing security need to address
• Authenticity genuine v/s malicious source
• Anonymity sender having right to privacy
• Data Integrity messages received as-is
• Low Overheads to retain usefulness of messages
• Use of PKI based security proposed in IEEE 1609.2

6
1609 Protocol Stack

• Data Flows and Resources
• Secure Message formats and their processing
• Network Transport Layer Services
• Enhancement to the 802.11 MAC

7
Revocation of Certificates

• Required to distinguish genuine and malicious
  nodes
• When does the PKI revoke a certificate ?
• It is compromised
• It is used for malicious activity
• Other reasons like terminating the V2V service
• Problems
• Revocation information to be propagated to all
  concerned

8
Certificate Revocation Lists (CRLs)

• PKI propagates revocation information using CRLs
• CRLs are signed by the CA
• Problems with CRLs in VANETs
• Communication with infrastructure at irregular
  intervals
• Varying contact times with infrastructure
• Number of CRLs limited to storage space in OBU
• Time to search the certificate in CRLs
• Operating time of malicious node avg. CRL
  update interval

9
Accept/Drop Mechanism (Security Layer)
10
Confidence In Security Infrastructure

• What is the probability that a certificate is a
  good certificate if it is not available in the
  CRLs at OBU?
• How recent are the CRLs in the OBU?
• How recent is the certificate under
  consideration?
• With how much confidence can you accept the
  signed message?
• On what parameters is this confidence related to ?

11
Parameters affecting CoS

• r the revocation rate
• Var( T ) variance in inter-CRL update times
• E T - Expected CRL update interval
• If Var(T) 0 then

12
Freshness checks

• Sender and receiver have equal access to PKI
• Sender checks if one of its certificates is
  revoked
• The CA modifies the freshness check field in the
  certificate if it is not revoked
• Freshness check field is part of the certificate
• For receiver of messages to confirm freshness
  checks
• For non-malicious senders to validate the
  genuineness of their certificates

13
Freshness Checks
14
Algorithm to Accept/Drop Messages
15
Advantages of Freshness Checks

• Time for verifying signed messages
• Independent of number of CRLs and certificates in
  CRLs
• OBUs need not store CRLs
• Reduced storage requirement of OBU
• Solves problem of CRL propagation
• The validity of certificate dependent on the
  current value of CoS and not determined at time
  of issue.

16
Reduced Operating Time Of Malicious Nodes
Time at which a certificate was revoked
17
Impact of Freshness checks
Fraction of packets from non-compromised nodes
Fraction of packets from compromised nodes
18
FutureTasks

• Relation between CoS and probability of messages
  from non-compromised nodes getting dropped
• Impact of the overheads of security on
  performance of secure messages
• Impact of periodic transmission on the
  performance of secure messages
• Adapting rate of transmission V/S Adapting
  transmission range of messages

19
Conclusion

• Minimize some of the security overheads of
  verifying the messages by providing a constant
  time algorithm to accept/drop messages
• Robust security infrastructure equally important
  for effective security

20

• QA

21

• Extra Slides (BACKUP)

22
IEEE 1609 protocol stack

• 1609.1 - Resource Manager
• Data flows and Resources at all points
• 1609.2 - Security Services
• Secure message formats and processing based on
  PKI
• 1609.3 Networking Services
• Network and Transport layer services
• 1609.4 Multi-channel operations
• Enhancement to IEEE 802.11 MAC

23
Research Agenda

• Implement essential features of 1609.x protocol
  stack
• Incorporate vehicular traffic data traffic
  models
• Simulate V2V messaging at each node.
• Propose algorithm to accept and drop messages
• Study the performance metrics across widely
  varying system parameters (with and without
  security) in V2V networks.

24
Accept/Drop Mechanism (at Security Layer)

• Received message signed using a certificate
  present in CRLs at OBU
• Drop the packet
• Received message signed using a certificate
  absent from the CRLs at OBU
• Is the certificate revoked by the PKI ?
• Is the certificate compromised but not revoked at
  the PKI ?
• Is the certificate a genuine non-compromised
  certificate?