Zhen Huang Student number
What is VANETs What is VANETs Vehicular Ad Hoc Networks
OBU: On-board Unit Communication system Application units,sensors 、 GPS and extra... RSU: Road-Side Unit Collecting data sent out by vehicles and finish some specific works,like accessing to the Internet or broadcasting the information of gas price.
Energy.In Vanet,it is easy for vehicles to charge the battery. Mobility.Vehicles have high mobility because of their fast moving and unpredictable destination. Real-time requirement.The dynamic property needs lower delays between 2 cars.
Authentication Location privacy Detection of malicious node(vehicle) Revocation nodes Message Integrity Key management and identity management
Group manager distributes the group user keys to the members The group members only use the group key to sign the message The others verify the message with no need to know the real identity of the sender
A vehicle should have the ability to authenticate other legitimate vehicles,makes sure the messages from other cars are valid. In VANETs,vehicle only accepts the message from valid vehicle. Identity and signature are used.
ID=every vehicle gets a valid permanent identity from authority DS=digital signature Message(ID,information,DS)
Vehicle disseminates its own messages include position 、 time 、 events,during every period(1s). e.g. Message(RED,position,traffic accident,10AM,DS)
Message(ID,Information,DS) From the message,attacker knows your ID and your different positions at different time. Bad attacker could trace you by the position information you sent out.
There should be a trade-off between privacy and authentication. Main idea to solve this problem is to change the ID after a certain interval.
Pseudonymous Authentication Vehicles store a large number of certificates at first Randomly choose one of certificates to sign the message at one time
Group Signature Based Scheme Valid vehicle in a group has group user key and group public key Use group user key to sign a message Use group public key to verify other members Group manager manages the keys
TACKs(Temporary Anonymous Certified Keys) is based on group signatures.
TA:Trusted Authority,could be a government department or commercial entity. RA:Regional Authority.In every region,there exists only one RA. RL:Revocation List.It is a list include all the detected misbehaviours.
TA is the group manager TA gives every vehicle a permanent key(group user key),this key is stored in OBU and will not be changed during a long time,it represents a vehicle’s real identity,like license.
When vehicle entering into a new region,it sends the request to RA to get a new temporary key.
If this vehicle is valid,the RA will approve the request and send back the key certificate. Then,this car only use this temporary key to sign messages. Now,the information becomes Mess (information,DS) without real identity.
The message includes no real ID,it’s very hard for malicious node to trace other vehicles. For instance,in region 1, the red car send out message with key(10),the message is Mess(info, 10),then in region 2, the message will be Mess(info, 7).
RL lists all misbehaviouring vehicles RA stores and updates this list. When a vehicle requests for a new key,the RA first checks whether this vehicle is on RL.RA will send back the key if vehicle is not on RL.But if the vehicle is on the list,it will not be issued a temporary key.
Really a large group Detect the bad node When the temporary key expire?
Classify the vehicles into different groups. Every group has a manager. Group manager only supports keys to the members in the group.
Every RA is the group manager. RA gives group user key and group public key to every vehicle in region.
Voting mechanism To a specific event,RA records the vehicles who send a wrong infomation against the majority. The misbehaviour number of these vehicles +1 respectively
Set a threshold value for the upper bound of the number of misbehaviours If the number of a car misbehaviour outnumber the value,this vehicle is classified as malicious node and will be put on RL
There is an accident on right,every car says ‘there is an accident’ except the dark vehicle,RA records this and if the number is over the threshold.The dark car will be put on the RL.
When and how to expire a vehicle’s temporary key? Time-based and region-based are not enough.
RA has the RL. RA selects the invalid vehicles who now is in RA’s region from RL. Broadcast this new Short List to all cars in the region. All cars receive this list and won’t accept the message from whom is on the list.
Ahren Studer,Elaine Shi,Fan Bai,Adrian Perrig.“Tacking Together Efficient Authentication,Revocation,and Privacy in Vanets” Une Thoing Rosi, Chowdhury Sayeed Hyder.“ A Novel Approach for Infrastructure Deployment for VANET” Second International Conference on Future Generation Communication and Networking. Daxin Tian, Yunpeng Wang, Guangquan Lu, and Guizhen Yu.“A Vehicular Ad Hoc Networks Intrusion Detection System Based on BUSNet”. Philippe Golle, Dan Greene, Jessica Staddon.“Detecting and Correcting Malicious Data in VANETs”
Yipin Sun,Rongxing Lu,Xiaodong Lin.“An Efficient Pseudonymous Authentication Scheme with Strong Privacy Preservation for Vehicular Communications”.IEEE Transaction on Vehicular Technology. Gongjun Yan, Gyanesh Choudhary, Michele C. Weigle, Stephan Olariu.“Providing VANET Security Through Active Position Detection”. Ahren Studer, Mark Luk, Adrian Perrig.“Efcient Mechanisms to Provide Convoy Member and Vehicle Sequence Authentication in VANETs”.
Anonymous update: When vehicle entering into a new region,the former key and certificate expire. Vehicle sends the request to RA to get a new temporary key certificate. If this vehicle is valid,the RA will approve the request and send back the key certificate. If vehicle do some misbehavours,TA detects that car and put it on the Revocation List(RL). Because of changing the temporary ID region to region,it’s hard for malicious vehicle to trace others.
For instance,when the blue car entering a new region,the former key expires.Then it generates a new key pair and send it to RA to get a certificate. After receiving the request,RA checks whether the blue car is valid or not(Checking is based on the Revocation List),if it is valid,RA issues a certificate. Then,the blue car uses this key and certificate to sign the message in this region.
Q1. As we know,the key expiration is based on region,that means when a car entering a new region,it gets a new temporary key and certificate.But this expiration is not enough for the system.Why?Give an example. Answer: There is a window time between when an vehicle was revoked and when it request the next key.
Q2.Though the vehicle change the ID from region to region,there still exists probability that attackers could trace others.Give a situation and elaborate the way how bad guys do. Answer: One situation is when only 2 vehicles entering into a new region at the same time.,one of them is malicious and another is good guy,the malicious car could easily link the former key and temporary key of another car when they enter the new region.
Q3.When we detect the misbehaviouring vehicle,we use voting mechanism.Give an instance:If there’s a congestion in the junction,all cars send out the alert message”There’s a congestion”,except vehicle A,we classify A is misbehaviouring.But TA doesn’t put A on the RL right now,instead of that,RA will set up a counter to count the time of A misbehaviours,if this time outnumber the threshold,then the TA classify A as a malicious guy and put in on the RL.There are some reasons why we set up the counter and the threshoud.Please explain some of that.
Answer: It is possible that the hardware works incorrectly at this moment but will self-repair during a very short interval.