Presentation is loading. Please wait.

Presentation is loading. Please wait.

Survey of Vehicular Network Security Jonathan Van Eenwyk.

Similar presentations


Presentation on theme: "Survey of Vehicular Network Security Jonathan Van Eenwyk."— Presentation transcript:

1 Survey of Vehicular Network Security Jonathan Van Eenwyk

2 2 Contents Design Issues Certificate-Based Solution Privacy Concerns Data Validation

3 3 Design Issues The Security and Privacy of Smart Vehicles IEEE Security and Privacy, May/June 2004: Hubaux, Čapkun, Luo Attacks on Inter-Vehicle Communication Systems-an Analysis Aijaz, et al (supported by industry) Challenges in Securing Vehicular Networks HotNets-IV: Parno and Perrig Security Issues in a Future Vehicular Network European Wireless, 2002: Zarki, et al 1234

4 4 Design Issues The Security and Privacy of Smart Vehicles IEEE Security and Privacy, May/June 2004: Hubaux, Čapkun, Luo System model Ad-hoc communication between vehicles and base stations Base stations provide services Vehicles provide sensor data Vehicles have more resources than most ad-hoc networks Applications Traffic and safety alerts Travel tips Infotainment (including Internet access) 1234

5 5 Design Issues The Security and Privacy of Smart Vehicles IEEE Security and Privacy, May/June 2004: Hubaux, Čapkun, Luo Challenges Authentication and data encryption Auditing sensor data Privacy (avoid tracking) Infrastructure boot-strapping Negative perception of smart vehicles 1234

6 6 Design Issues The Security and Privacy of Smart Vehicles IEEE Security and Privacy, May/June 2004: Hubaux, Čapkun, Luo Key Features Context sensors (front-end radar, ultra-sound, etc) Event data recorder (i.e., “black box”) Tamper-proof device to handle encrypted transmissions Location detection (GPS or distance bounding) Communication with road-side base stations 1234

7 7 Certificate-Based Solution The Security of Vehicular Networks EPFL Technical Report, March 2005: Raya, Hubaux Certificate Revocation in Vehicular Networks LCA Report 2006: Raya, Jungels, Papadimitratos, Aad, Hubaux 1234

8 8 Certificate-Based Solution The Security of Vehicular Networks EPFL Technical Report, March 2005: Raya, Hubaux Attacks Bogus information Message tampering Cheating (data manipulation, impersonation) Identity disclosure for vehicle tracking Denial of service 1234

9 9 Certificate-Based Solution The Security of Vehicular Networks EPFL Technical Report, March 2005: Raya, Hubaux Security Mechanisms Electronic License Plate (post-mortem auditing) Asymmetric encryption using public key infrastructure Large number of anonymous keys (no identity information) Vehicles frequently change keys to avoid tracking Keys can be revoked (more later) Physical layer protection against denial of service Channel switching Implement more than one communication technology 1234

10 10 Certificate-Based Solution Certificate Revocation in Vehicular Networks LCA Report 2006: Raya, Jungels, Papadimitratos, Aad, Hubaux Revocation using Compressed Certificate Revocation Lists (RC 2 RL) Large number of vehicles, so potentially huge revocation list Lossy compression using Bloom filter Configurable rate of false positives Definitely no false negatives Bit vector of length m Hash a with k hashing functions Each function sets one bit Later, verify membership if all k bits are set as expected 1234

11 11 Certificate-Based Solution Certificate Revocation in Vehicular Networks LCA Report 2006: Raya, Jungels, Papadimitratos, Aad, Hubaux Revocation of the Tamper-Proof Device (RTPD) Send message to vehicle’s TPD to revoke all activity Send to base stations nearest last known location Broadcast over low-bandwidth radio (AM/FM) or satellite Lower overhead approach as long as TPD is reachable Send localized revocation list to surrounding area 1234

12 12 Certificate-Based Solution Certificate Revocation in Vehicular Networks LCA Report 2006: Raya, Jungels, Papadimitratos, Aad, Hubaux Distributed Revocation Protocol (DRP) Vehicles that detect malicious nodes can warn others Requires an honest majority Warnings have lower weight if sending node has also been condemned by other nodes Node 4 condemns node 2 But this warning has less weight because node 4 has itself been condemned by nodes 1 and

13 13 Privacy Concerns Balancing Auditability and Privacy in Vehicular Networks Q2SWinet '05: Choi, Jakobsson, Wetzel CARAVAN: Providing Location Privacy for VANET ESCAR '05: Sampigethaya, Huang, Li, Poovendran, Matsuura, Sezaki 1234

14 14 Privacy Concerns Balancing Auditability and Privacy in Vehicular Networks Q2SWinet '05: Choi, Jakobsson, Wetzel Provide privacy From peer-to-peer vehicles From infrastructure authorities Support auditability Linkability between anonymous handles and owner identity Requires off-line permission granting (court order, etc) 1234

15 15 Privacy Concerns Balancing Auditability and Privacy in Vehicular Networks Q2SWinet '05: Choi, Jakobsson, Wetzel Two-Level Infrastructure Back-end (ombudsman) Creates long-term “handle” from node identities Nodes initialized with set of handles Off-line approval can grant identity from pseudonym Front-end (road-side base stations) Uses short-term pseudonyms created from long-term handles Pseudonym and shared key created from handle and timestamp 1234

16 16 Privacy Concerns CARAVAN: Providing Location Privacy for VANET ESCAR '05: Sampigethaya, Huang, Li, Poovendran, Matsuura, Sezaki Provide privacy from vehicle location tracking Proposed Techniques Update pseudonym after random silence period Fixed-interval updates can be tracked by estimating trajectory Silence period obscures nodes if other nodes are present Designate group leader to proxy communications Avoids redundant transmissions Extends length of time to use each pseudonym 1234

17 17 Data Validation Probabilistic Validation of Aggregated Data in Vehicular Ad-hoc Networks VANET '06: Picconi, Ravi, Gruteser, Iftode Detecting and Correcting Malicious Data in VANETs VANET '04: Golle, Grenne, Staddon 1234

18 18 Data Validation Probabilistic Validation of Aggregated Data in Vehicular Ad-hoc Networks VANET '06: Picconi, Ravi, Gruteser, Iftode Allow sensor data to be aggregated Use signing certificates to validate data Randomly force one complete record to be included Relies heavily on tamper-proof device 1234

19 19 Data Validation Detecting and Correcting Malicious Data in VANETs VANET '04: Golle, Grenne, Staddon Nodes attempt to identify malicious data via information sharing Nodes detect neighbors and contribute to global database Malicious nodes may contribute invalid or spoofed data May try to fake a traffic jam Friendly nodes build models to explain database observations Is there one malicious node attempting to spoof three other nodes? Are all four nodes malicious? Possible heuristic: choose scenario with fewest bad and spoofed nodes 1234

20 20 Data Validation Detecting and Correcting Malicious Data in VANETs VANET '04: Golle, Grenne, Staddon Example Actual Scenario Possible Explanations 1234

21 21 Questions? 1234 Design IssuesCertificate-Based Solution Privacy Concerns Data Validation


Download ppt "Survey of Vehicular Network Security Jonathan Van Eenwyk."

Similar presentations


Ads by Google