Title: Enhancements in Security, Performance Modeling and Optimization in Vehicular Networks
1Enhancements in Security, Performance Modeling
and Optimization in Vehicular Networks
- Ashwin Rao
- 2006SIY7513
- Supervisor Arzad A. Kherani
2Introduction to VANETs
- Mobile ad hoc networks (MANETs) with vehicles as
mobile nodes - Application classification
- Safety Related - Early Warning Messages
- Best Effort Traffic Optimization
- Secure Transactions Toll collection
- Application to enhance safety of passengers
3VANET jargon
- VANET Vehicular Ad hoc networks
- OBU On Board Unit communication equipment in
vehicles - RSU Road Side Unit - provides infrastructure
- WAVE Wireless Access in Vehicular Environment
- DSRC Dedicated Short Range Communication
4PKI A brief overview
- Asymmetric Keys (Pu -gt Public key, Pr -gtPrivate
Key) - M Pr(Pu(M)) M Pu(Pr(M)) -- where M is the
message to be secured - Certificate contains the public key signature
of CA - Certificate sent with signed message to verify
the signature of message - Certificate shouldn't be revoked for message to
be accepted
5Security in VANETs
- Security essential to the protect critical
messages - Mechanism providing security need to address
- Authenticity genuine v/s malicious source
- Anonymity sender having right to privacy
- Data Integrity messages received as-is
- Low Overheads to retain usefulness of messages
- Use of PKI based security proposed in IEEE 1609.2
61609 Protocol Stack
- Data Flows and Resources
- Secure Message formats and their processing
- Network Transport Layer Services
- Enhancement to the 802.11 MAC
7Revocation of Certificates
- Required to distinguish genuine and malicious
nodes - When does the PKI revoke a certificate ?
- It is compromised
- It is used for malicious activity
- Other reasons like terminating the V2V service
- Problems
- Revocation information to be propagated to all
concerned
8Certificate Revocation Lists (CRLs)
- PKI propagates revocation information using CRLs
- CRLs are signed by the CA
- Problems with CRLs in VANETs
- Communication with infrastructure at irregular
intervals - Varying contact times with infrastructure
- Number of CRLs limited to storage space in OBU
- Time to search the certificate in CRLs
- Operating time of malicious node avg. CRL
update interval
9Accept/Drop Mechanism (Security Layer)
10Confidence In Security Infrastructure
- What is the probability that a certificate is a
good certificate if it is not available in the
CRLs at OBU? - How recent are the CRLs in the OBU?
- How recent is the certificate under
consideration? - With how much confidence can you accept the
signed message? - On what parameters is this confidence related to ?
11Parameters affecting CoS
- r the revocation rate
- Var( T ) variance in inter-CRL update times
- E T - Expected CRL update interval
- If Var(T) 0 then
12Freshness checks
- Sender and receiver have equal access to PKI
- Sender checks if one of its certificates is
revoked - The CA modifies the freshness check field in the
certificate if it is not revoked - Freshness check field is part of the certificate
- For receiver of messages to confirm freshness
checks - For non-malicious senders to validate the
genuineness of their certificates
13Freshness Checks
14Algorithm to Accept/Drop Messages
15Advantages of Freshness Checks
- Time for verifying signed messages
- Independent of number of CRLs and certificates in
CRLs - OBUs need not store CRLs
- Reduced storage requirement of OBU
- Solves problem of CRL propagation
- The validity of certificate dependent on the
current value of CoS and not determined at time
of issue.
16Reduced Operating Time Of Malicious Nodes
Time at which a certificate was revoked
17Impact of Freshness checks
Fraction of packets from non-compromised nodes
Fraction of packets from compromised nodes
18FutureTasks
- Relation between CoS and probability of messages
from non-compromised nodes getting dropped - Impact of the overheads of security on
performance of secure messages - Impact of periodic transmission on the
performance of secure messages - Adapting rate of transmission V/S Adapting
transmission range of messages
19Conclusion
- Minimize some of the security overheads of
verifying the messages by providing a constant
time algorithm to accept/drop messages - Robust security infrastructure equally important
for effective security
20 21 22IEEE 1609 protocol stack
- 1609.1 - Resource Manager
- Data flows and Resources at all points
- 1609.2 - Security Services
- Secure message formats and processing based on
PKI - 1609.3 Networking Services
- Network and Transport layer services
- 1609.4 Multi-channel operations
- Enhancement to IEEE 802.11 MAC
23Research Agenda
- Implement essential features of 1609.x protocol
stack - Incorporate vehicular traffic data traffic
models - Simulate V2V messaging at each node.
- Propose algorithm to accept and drop messages
- Study the performance metrics across widely
varying system parameters (with and without
security) in V2V networks.
24Accept/Drop Mechanism (at Security Layer)
- Received message signed using a certificate
present in CRLs at OBU - Drop the packet
- Received message signed using a certificate
absent from the CRLs at OBU - Is the certificate revoked by the PKI ?
- Is the certificate compromised but not revoked at
the PKI ? - Is the certificate a genuine non-compromised
certificate?