Security, privacy and protection in different VANET applications afternoon session - PowerPoint PPT Presentation

1 / 76

About This Presentation

Title:

Security, privacy and protection in different VANET applications afternoon session

Description:

Security, privacy and protection in different VANET applications afternoon session Mario Gerla – PowerPoint PPT presentation

Number of Views:334

Avg rating:3.0/5.0

Slides: 77

Provided by: ucl122

Category:

more less

Transcript and Presenter's Notes

Title: Security, privacy and protection in different VANET applications afternoon session

1
Security, privacy and protection in different
VANET applicationsafternoon session

Mario Gerla

2
Vehicular security tools/techniquesOutline

Conventional tools, Vehicle-PKI and secure
positioning
New tools (e.g., anonymous routing routing
attack secure incentives situation awareness
community trust trust cloud of commuters -
from the social net proposal)
Wormholes in the urban grid
Privacy v.s. security trade offs

3
Conventional techniques

Tamper-proof device
V-PKI
Anonymous keys
Secure Localization

4
Tamper-proof device

Each vehicle carries a tamper-proof device
Contains the secrets of the vehicle itself
Has its own battery
Has its own clock (notably in order to be able to
sign timestamps)
Is in charge of all security operations
Is accessible only by authorized personnel

5
Digital signatures

Symmetric cryptography is not suitable messages
are standalone, large scale, non-repudiation
requirement
Hence each message should be signed with a DS
Liability-related messages should be stored in
the EDR (event data recorder)

6
VPKI (Vehicular PKI)
Each vehicle carries in its Tamper-Proof Device
(TPD) A unique and certified identity
Electronic License Plate (ELP) A set of
certified anonymous public/private key
pairs Mutual authentication can be done without
involving a server Authorities (national or
regional) are cross-certified
7
The CA hierarchy two options
The governments control certification Long
certificate chain Keys should be recertified on
borders to ensure mutual certification
Vehicle manufacturers are trusted Only one
certificate is needed Each car has to store the
keys of all vehicle manufacturers
8
Anonymous keys

Preserve identity and location privacy
Keys can be preloaded at periodic checkups
The certificate of Vs ith key
Keys renewed according to vehicle speed (e.g., 1
min at 100 km/h)
Anonymity is conditional on the scenario
The authorization to link keys with ELPs is
distributed (say, police court)

9
Avoiding Big Brother
10
DoS resilience

Vehicles will probably have several wireless
technologies onboard
To thwart DoS, vehicles can switch channels or
communication technologies
Great market for Cognitive Radios

11
Data verification by correlation
?? Bogus info attack relies on false data ??
Authenticated vehicles can also send wrong data
(on purpose or not) ?? The correctness of the
data should be verified ?? Correlation can help
12
Security analysis

How much can we secure VANETs?
Messages are authenticated by their signatures
Authentication protects the network from
outsiders
Correlation and fast revocation reinforce
correctness
Availability remains a problem that can be
alleviated
Non-repudiation is achieved because
ELP and anonymous keys are specific to one
vehicle
Position is correct if secure positioning is in
place

13
What PK cryptosystem to use?

Available options
RSA Sign most popular, but largest key size
ECDSA (Elliptic Curve) most compact
NTRUSign (Nth Truncated Polynomial) fastest in
signing and verification
Signature verification speed matters the most
Further improvements that can help
Vehicles verify only relevant content
Several messages signed with same key

14
Performance comparison
15
Performance evaluation
ns-2 simulationsTwo scenarios drawn from
DSRCThe effect of message size (including the
security material) on delay, number of received
packets, and throughput is evaluated
Not to scale
16
How msg size affects Delay,
17
Number of received packets,
18
and Throughput
19
How to securely locate a vehicle
20
Positioning systems

Satellites
GPS, Galileo, Glonass(Outdoor, Radio Frequency
(RF) Time of Flight (ToF))
General Systems
Active Badge(Indoor, Infrared(IR)), Olivetti
Active Bat, Cricket(Indoor, Ultrasound(US)-based),
ATT Lab Cambridge, MIT
RADAR, SpotON, Nibble(Indoor/Outdoor, RF-Received
Signal Strength), Microsoft, Univof Washington,
UCLAXerox Palo Alto Lab
Ultra Wideband Precision Asset Location
System,(Indoor/Outdoor, RF-(UWB)-ToF),
Multispectral solutions, Inc.

21
Positioning systems (cont)

Ad hoc and sensor nets (no GPS)
Convex position estimation (Centralized), UC
Berkeley
Angle of Arrival based positioning(Distributed,
Angle of Arrival), Rutgers
Dynamic fine-grained localization (Distributed),
UCLA
GPS-less low cost outdoor localization(Distributed
, Landmark-based), UCLA
GPS-free positioning (Distributed), EPFL

22
GPS
23
GPS Security Example of attack
A GPS simulator can send strong fake signals to
mask authentic weak signals
24
GPS Security

Other vulnerabilities
Relaying attack connects the receiver to a
remote antenna
Signal-synthesis attack feeds the receiver with
false signals
Selective-delay attack predicts the signal ?t
earlier
Security solutions
Tamper-resistant hardware
Symmetric crypto
Problem an authenticated receiver can hack the
system
Asymmetric crypto
Problem additional delay

25
Distance measurement techniques
26
Attacks on RF and Ultra Sound ToF-based
techniques
27
The challenge of secure positioning

Goals
preventing an insider attacker from cheating
about its own position
preventing an outsider attacker from spoofing the
position of an honest node
Our proposal Verifiable Multilateration

28
Distance bounding

RF distance bounding
nanosecond precision required, 1ns 30cm
UWB enables clock precision up to 2ns and 1m
positioning indoor and up to 2km outdoor
US distance bounding
millisecond precision required,1ms 35cm

29
Distance Bounding (RF)1993 (Brands and Chaum)
to prevent the Mafia fraud attack
The Bound (tr-ts)c/2 gt dreal
30
(No Transcript)
31
(No Transcript)
32
Conclusion on secure positioning

New research area
Positioning tout court is not yet completely
solved (solutions will rely on GPS, on
terrestrial base stations, and on mutual distance
estimation)
Time of flight seems to be the most appropriate
technique
More information available at http//spot.epfl.ch

33
New Tools on VANET Security and Privacy

Secure Routing
Security Incentives
Situation awareness Trust

34
A Secure Ad-hoc Routing Approach using Localized
Self-healing Communities

Jiejun Kong, Xiaoyan Hong, Yunjung Yi, Joon-Sang
Park, Jun Liu, Mario Gerla
Computer Science Department Computer
Science Department
University of California, Los Angeles
University of Alabama, Tuscaloosa
jkong,yjyi,jspark,gerla_at_cs.ucla.edu
jliu,hxycs.ua.edu

35
Problem Statement

Threats to on-demand routing
Active attack disruptive
Denial-of-service attacks
Packet loss, rushing attack, black-hole,
gray-hole, wormhole
Passive attack protocol-compliant
Eavesdropper, traffic analyst ? anonymous routing
needed
We will focus on active threats
fromnon-cooperative (selfish or malicious)
members (eg, INTRUDERS)

36
Typical On-demand Routing Attacks

Most active attacks cause repeated RREQs
Excessive RREQ repetitions exhaust network
resource
Current mechanism to reduce of allowed RREQ
floods per connection RREQ rate limit
NOT ENOUGH WHEN ACTIVE ATTACKERS ARE THE BEHIND
RREQ FLOODS
RREP DATA packet DROPS
Caused by rushing attack etc. Hu et al.,WiSe03
THEY Trigger more RREQ floods
Source will keep retrying, with repeated RREQ,
causing massive congestion!!!!

37
RUSHING ATTACK
dest
source

Describe RUSHING ATTACK WITH ANIMATION
Explain Perrig solution here..

38
Outline

Review of current countermeasures
Community-based secure routing approach
Strictly localized w/ clearly-defined per-hop
operation
Self-healing community substitutes single
node
Our analytic models
Sub-polynomial model for network security
Stochastic model for mobile networks
Empirical simulation verification
Summary

39
Other countermeasures (for on-demand routing
against active attacks)

Cryptographic protections
Cannot stop internal non-cooperative network
members they have the keys TESLA in Ariadne,
PKI in ARAN
Network-based protections
Straight-forward RREQ rate limit DSR, AODV
Long RREQ interval causes non-trivial routing
performance degradation
Multi-path secure routingAwerbuch,WiSe02
Haas,WiSe03
Not localized, incurs global overhead, expensive
Node-disjoint multi-path preferred, but
challenging
Perrig solution to rushing (is it also multi
path?)

40
Our design

Goal Reduce of allowed RREQ floods (per
connection) to minimum
Ideally, 1 initial on-demand RREQ flood for each
e2e connection
In spite of attacks
Solution
Build multi-node self-healing communities to
counter non-cooperative packet loss
approach applies to wide range of ad hoc routing
protocols

41
Community 2-hop scenario
community

Explain two hop path intermediate nodes
community
Community leader (to be defined later)

42
Community multi-hop scenario

community is dynamically reconfigured (self
healing)

43
Community Based Security (CBS)

End-to-end communication between ad hoc terminals
Community-to-community forwarding (not
node-to-node)
Challenge adversary knows CBS is operated in the
network
It would prevent the network from forming
communities
Network mobility etc. will disrupt CBS

44
Community formation re-configuration

On demand initial configuration
Communities formed during RREP
Simple heuristics promiscuously overheard 3
consecutive (ACKs of) RREP packets? set
community membership flag for the connection
Goal revisited reduce the need of RREQ floods
In spite of non-cooperative packet loss

45
Community formation around V
V1
V
U
E
V2

(Potentially non-cooperative) Vs community must
be formed at RREP
Else V drops RREP and succeeds
V1 and V2 need to know Vs upstream

46
Protocol details

(RREQ, upstream_node, )
(RREP, hop_count, )
The extra fields can be spared (in DSR or AODV)

47
ACK-based configurationRemove self healing - not
an essential attribute
communities (if C forwards a correct RREP)
C
D
E
C
B
dest
source
C
48
Community Concept helpsreduce RREQ in mobile
networks

How does this work?
Proactive re-configuration
Each community loses shape due to mobility?
End-to-end proactive probing to maintain the
shape
PROBE unicast
PROBE_REP unicast same as RREP

49
Reconfig in 2-hop scenario
Old community becomes amorphousdue to random
node mobility etc.

(PROBE, upstream, )
(PROBE_REP, hop_count, )
Unicast probing take-over in use

oldF
S
D
newF

50
Communities help in mobile scenario multi-hop
case
dest
source

Probing message can be piggybacked in data
packets
Probing interval Tprobe determined by network
dynamicsSimple heuristics Slow Increase Fast
Decrease

51
Secure Incentives for Commercial Advertisement
Dissemination in Vehicular Networks

Suk-Bok Lee and Seung Hyun Pan
Tutor Joon-Sang Park
Professor Mario Gerla
CS 218 Class Project
Fall 2006
Accepted at Mobihoc 2007

52
Presentation Outline

Ad dissemination in VANET
Signature-Seeking Drive
Overview
One-level advertising
Multi-level advertising
Evaluations
Discussion

53
Ad Dissemination in VANET

Commercial Advertising via Car-to-Car
communication
Very promising application
High mobility nature of vehicles
Currently proposed scenarios
Electronic coupon system, FleaNet, Digital
Billboards

54
Advertising in VANET
Advertisement Content
Ad providers use VANET for disseminating their ads
55
Advertising in VANET
u
Vehicle-Vehicle Communication
Vehicle u keeps forwarding this ad for In-N-Out
Burger
56
Ad Dissemination in VANET

In the real world
Non-cooperative behaviors
Selfish users
Malicious users
More serious threats
e.g. DoS attacks (making dummy ads propagate over
the network.)
Even for naïve users
Why should they help forward those commercial
ads for the benefit of the business companies?

57
Vehicular Ad System

Concerns in vehicular ad system
Advertisers want to use VANET
From a vehicle users viewpoint, the business
companies are exploiting vehicle users resources
for their own profit.
Graceful compromise
Advertisers pay for the incentives for users
Charges for network resources
Or advertising charges

58
Our framework

Signature-Seeking Drive (SSD)
Secure incentives for cooperative nodes
No tamper-proof h/w assumptions
No game theoretic approaches
Leverages a PKI (public key infrastructure)
A set of ad dissemination designs

59
SSD overview
Vehicular Authority (VA)
Certified Ad
Request for Ad permission
Ad Distribution Point (ADP)
ADI
After verifying ADI, Vehicle u may agree to
disseminate the ad.
u
60
Signature-Seeking Drive Overview
Rw
w
v
ADI
ADI
ADI
Rv
u
Vehicle-Vehicle Communication
Vehicle u keeps forwarding ADI
In return, receiving vehicles v, w provide
signed-receipts to u.
While driving its way, u may collect as many
receipts as it forwards ADI.
61
Signature-Seeking Drive Overview
Vehicular Authority (VA)
Transaction Record
Charge
Colleted receipts
ADI
ADI
ADI
Rw
Rv
. . .
Receipts are exchangeable with virtual cash at
Virtual Cashier (e.g. gas station) a small
portion is reserved for each receipt-providing
nodes, too.
VA charges In-N-Out Burger such virtual cash
induced by ADIs
62
Uncooperative Model

Selfish nodes
Seek to maximize their own profit
Malicious nodes
Try to intentionally disrupt the system
We may encourage selfish nodes to participate in
the network with an incentive model, yet
malicious nodes try to attack the weak point of
the model.
? Secure incentive !

63
Ad Dissemination Models

One-level advertisement
Local advertising
Most users receive the ad, with reasonable of
forwarding nodes

Multi-level advertisement
Intensive advertising over the wide area

64
Notations
65
One-level advertisement

1. Approval for advertisement (company I ??
Vehicular Authority)

Ad permit
2. Agreement with Ad Distribution Point (Is ADP
?? vehicle u)
Voucher

ADP provides u with a voucher for us exclusive
use.
The notion of a voucher limits the dissemination
to one-level.

66
One-level advertisement

3. Advertisement Dissemination (vehicle u ?
vehicle v)

Ad permit
Signed receipt
4. Receipt Redemption (vehicle u ? Virtual
Cashier VC)
Voucher
Collected receipts

Each VC is connected with VA that maintains all
the transactions.
VC examines whether u has never redeemed us
voucher for ADI at any other VC before.

67
Multi-level advertisement

Level-free advertisement
No vouchers, any nodes can reuse ADS and cash
receipts w/o a voucher
Simple and most intensive method for advertising
Heavy outlay for advertisement, due to too much
redundancy
Compromise between one-level and level-free
n-level advertising
Company S sets a limit on the number of
propagation levels
Two designs Hash-chain based, and Onion voucher
based.

68
Hash chain based n-level advertising
Contacting with Ss ADP
of levels S sets
Random by S
Advertisement Dissemination (u ? v)
Advertisement Dissemination (v ? x)
69
Hash chain based n-level advertising
Receipt Redemption (x ? VC)

VC first checks whether n-2 is non-zero and the
legitimacy of the corresponding hash value.
Weaknesses
No coercive measures for nodes to reduce their
permissible levels by 1
Malicious users can throw any permissible value
open to the public

70
Onion voucher based n-level advertising
Example of onion voucher
Contacting with Ss ADP
Onion voucher for u
Advertisement Dissemination (u ? v)
Onion voucher for v
71
Onion voucher based n-level advertising
Example of onion voucher
Receipt Redemption (x ? VC)
xs Onion voucher

VC checks that of nodes included in OV is not
bigger than n
Onion voucher secures n-level dissemination
Overhead by three-way handshake

72
Evaluations

Communication cost
Storage requirement
Computation overhead
Analysis
Incentive perspective
Security of Signature-Seeking Drive
Simulations on ns-2
Westwood area (4Km x 4Km) with 1,000 cars
West LA (10Km x 10Km) with 5,000 cars

73
Communication cost

One-level ad message format (utilizing Elliptic
Curve Cryptography)
senders certificate (84 bytes), ad content (x
bytes), ad provider ID (8 bytes), and senders
signature (28 bytes) on ad permit
Total message size (120 x) bytes
Hash chain based n-level ad message format
One-level message size the permissible level
value (1 byte) its corresponding hash value (20
bytes in SHA-1) (141 x) bytes
Onion voucher based n-level ad message format (of
a node in level d)
Two separate message due to three-way handshake.
First message size one-level message size
(120 x) bytes
Second message size Onion voucher (28 bytes)
the certificates included in onion voucher (d x
84) (d x 84 28) bytes
Message size mainly depends on ad content size x

74
Storage requirement

One-level ad model (utilizing ECC)
Ad permit (28 bytes), ad content (x bytes),
voucher (28 bytes), and K collected receipts (28
bytes) and their corresponding certificates (84
bytes)
Total storage requirement (K x 112 x
56) bytes
Hash chain based n-level ad model
One-level storage requirement (excluding voucher)
the permissible level value (1 byte) its
corresponding hash value (20 bytes in SHA-1)
(K x 112 x 49) bytes
Onion voucher based n-level ad model (of a node
in level d)
One-level storage requirement (excluding voucher)
Onion voucher (28 bytes) the certificates
included in onion voucher (d x 84)
(d x 84 K x 112 x 28) bytes
Note each car may have multiple kinds of ads at
a time
The storage requirement mainly depends on the
number of the collected receipts

75
Computation overhead

Ex. vehicle u has 100 neighbors within its
communication range, and all the neighbors send
out their ads at regular interval of r ms.
Hash chain based n-level ad model
Lower bound of processing time for each incoming
ad verifying time x 2 signing time 18.45 ms
r ms / 100 gt 18.45 ms ? interval length gt
1.845 sec
Onion voucher based n-level ad model
Due to three-way handshake ad process
Lower bound of processing time for each incoming
ad receipt ad processing time (verifying time
x 2 signing time 18.45 ms) receipt
processing time (verifying time signing time
10.87 ms) 29.32 ms
r ms / 100 gt 29.32 ms ? interval length gt
2.932 sec
Note each car may have multiple kinds of ads at
a time
The interval for each kind of ad may be multiple
times of the above interval.