1. 1 Performance 2005 October 6, 2005 Juan les Pins Performance Challenges in Secure Vehicular Networks Prof. Jean-Pierre Hubaux EPFL With the help of Srdjan Capkun, Jun Luo, and Maxim Raya

2. 2 Performance Challenges in Secure Vehicular Networks - Outline  Raison d’être of vehicular networks  Technical challenges  Service penetration and connectivity  Security and its impact on performance  Research opportunities in the performance of vehicular networks  Conclusion

3. 3 Vehicular communications: why?  Combat the awful side-effects of road traffic  In the EU, around 40’000 people die yearly on the roads; more than 1.5 millions are injured  Traffic jams generate a tremendous waste of time and of fuel  Most of these problems can be solved by providing appropriate information to the driver or to the vehicle

4. 4 A modern vehicle is a computer on wheels Processing power: comparable with a Personal Computer + a few dozens of specialized processors Communication: typically over a dedicated channel: Dedicated Short Range Communications (DSRC) In the US, 75 MHz at 5.9 GHz; In Europe, 20 MHz requested but not yet allocated) Envisioned protocol: IEEE 802.11p Penetration will be progressive (over 2 decades or so) (GPS) - Human-Machine Interface - Navigation system

5. 5 Example of service: electronic brake warning Similar services: Road condition warning Emergency vehicle approaching

6. 6 Other example of service: traffic information

7. 7 Other examples of services based on vehicular networks (these ones usually involve road side infrastructure)  Vehicle to road  Electronic toll collection  Vehicles as probes to collect traffic data  Ramp metering to reduce congestion  Road to vehicle  Signal violation warning  Intersection collision warning  Data downloads

8. 8 Ongoing research and standardization efforts  Many European initiatives: ERTICO, eSafety, GST,…  European industrial consortium: C2C-CC (Car to Car Communication Consortium); similar consortia in the US and Japan  NOW Project (Network On Wheels): German car manufacturers; follow-up of Fleetnet  PATH project (Project for Advanced Transit and Highways): UC Berkeley et al.

9. 9 Vehicular communications: a compelling (and tough) research challenge  High speed of the nodes (relative speed up to 500 km/h)  Real time constraints (milliseconds)  Sporadic connectivity (a few seconds or less)  Crucial role of the geographic position of the nodes  Very gradual penetration  Last but not least, a very specific security research question

10. 10 Penetration and connectivity Courtesy of Pravin Varaiya First level approximation:

11. 11 Number of hops Vs penetration (1/2)

12. 12 Hopping on vehicles in the reverse direction

13. 13 Number of hops Vs penetration (2/2)

14. 14 Proposed homework for tonight: compute connectivity in this case Please send your solution to: jean-pierre.hubaux@epfl.ch

15. 15 Example 1 of attack : Generate “intelligent collisions” SLOW DOWN The way is clear Similar attack: stop a highway

16. 16 Example 2 of attack : Bogus traffic information Traffic jam ahead

17. 17 Example 3 of attack: Cheating with identity, position or speed I was not there!

18. 18 Example 4 of attack: Breaking privacy At 3:00 - Vehicle A spotted at position P1 At 3:15 - Vehicle A spotted at position P2 Note: Privacy is a very important issue in vehicular networks

19. 19 Our scope  We consider communications specific to road traffic: safety and traffic optimization  We do not consider more generic applications, e.g. toll collect, access to audio/video files, games,…  Possible attackers  outsider or insider  rational or malicious  passive or active

20. 20 How to secure VANETs

21. 21 Tamper-proof device  Each vehicle carries a tamper-proof device  Contains the secrets of the vehicle itself  Has its own battery  Has its own clock (notably in order to be able to sign timestamps)  Is in charge of all security operations  Is accessible only by authorized personnel Tamper-proof device Vehicle sensors (GPS, speed and acceleration,…) On-board CPU Transmission system ((( )))

22. 22 How to secure VANETs

23. 23 Digital signatures  Symmetric cryptography is not suitable: messages are standalone; large scale of the network; need for non-repudiation  Hence each message should be signed with a Digital Signature  Important messages should be stored in the Event Data Recorder (part of the tamper-proof device)

24. 24 How to secure VANETs

25. 25 VPKI (Vehicular Public Key Infrastructure) PKI Security services Positioning Confidentiality Privacy... CA P A P B Authentication Shared session key  Each vehicle carries:  A unique and certified identity (Electronic License Plate)  A set of certified anonymous public/private key pairs  Mutual authentication can be done without involving a server  If needed, authorities can be cross-certified

26. 26 The CA hierarchy: two options Car A Car B Car A Car B Manuf. 1 Manuf. 2 1. Governmental Transportation Authorities 2. Manufacturers  The governments control certification  Keys could be recertified on borders to ensure mutual certification  Each car has to store the public keys of all vehicle manufacturers

27. 27 How to secure VANETs

28. 28 How to avoid the Big Brother syndrom? At 3:00 - Vehicle A spotted at position P1 At 3:15 - Vehicle A spotted at position P2 Proposed solution:  Identifiers and keys change over time  Liability is enforced  Only law enforcement agencies are allowed to retrieve the real identities of vehicles (and drivers)

29. 29 Anonymous keys  Purpose: preserve identity and location privacy  Keys can be preloaded and certified by:  Transportation authority  Vehicle manufacturer  Certificate of vehicle V’s i th key:  Revocation is achieved (notably) by short key lifetime

30. 30 How to secure VANETs

31. 31 DoS resilience  Vehicles will probably have several wireless technologies onboard  In most of them, several channels can be used  To thwart DoS, vehicles can switch channels or communication technologies  In the worst case, the system can be deactivated Network layer DSRC UTRA-TDD Bluetooth Other

32. 32 How to secure VANETs

33. 33 Data verification by correlation  Bogus info attack is based on the dissemination of false data  Authenticated vehicles can also send wrong data (on purpose or not)  Hence the correctness of the data should be verified  Correlation of data (or “plausibility”) can help

34. 34 Security analysis  Message legitimacy is guaranteed by signatures  Correlation and fast revocation reinforce correctness of the transmitted data  Authentication protects the network from outsiders  Non-repudiation is achieved because:  Electronic License Plate and anonymous keys are specific to one vehicle  Position can be verified if secure positioning is in place  Privacy is guaranteed by the fast changing identities and public keys  DoS attacks can be mitigated  BUT security leads to a very substantial overhead

35. 35 Which Public Key cryptosystem to use?  Several available options:  RSA Sign: the most popular; but has the largest key size  ECDSA (Elliptic curve Digital Signature Algorithm): the most compact  NTRUSign: arguably the fastest in signing and verification  Signature verification is the most frequent operation  The same safety message can be heard (and thus must be verified) by several tens of vehicles

36. 36 Performance comparison PKCSKey, Sig size (bytes)T tx (Sig) (ms) RSA2560.171 ECDSA280.019 NTRU1970.131 PKCSGeneration (ms)Verification (ms) ECDSA3.2557.617 NTRU1.5871.488 Benchmark on a Pentium II 400 MHz workstation  Key and signature size; transmission time at 12Mb/s  Signature generation and verification

37. 37 Format of a safety message sent by vehicle V Header M : Signature on payload M and timestamp T with the ith signature of vehicle V; length: 1 signature : Certificate of the ith public key of Vehicle V, generated by the certification authority CA ; length: 1 public key + 1 signature Security overhead Open research question : Is there a less expensive solution, offering the same level of security?

38. 38 Performance evaluation  Two scenarios drawn from DSRC  ns-2 simulations; single-hop transmission  Effect of message size (including the security overhead) on delay and number of received packets (Not to scale) Rough estimate of incoming traffic: 120 veh * 3.33 msg/(veh*s) * 800 Bytes/msg = approx. 3 Mb/s Rough estimate of incoming traffic: 36 veh * 10 msg/(veh*s) * 800 Bytes/msg = approx. 3 Mb/s

39. 39 Delay Vs message size NTRU No security ECDSA RSA

40. 40 Received packets Vs message size NTRU No security ECDSA RSA

41. 41 Research opportunities in performance evaluation of vehicular networks Performance evaluation Nature of data traffic (e.g., single hop, geocast) Available spectrum (e.g., 75 MHz or 20MHz around 5.9 GHz) Radio propagation model in vehicular environment Kind of antenna (directional or not) Number of radios Penetration rate (e.g., parameter from 5% to 100%) Considered crypto algorithm Vehicle mobility models Road topology Amount of roadside infrastructure (e.g., none) Connectivity Goodput Delay Delay jitter Fairness Examples of design questions: -Is CSMA/CA really the best solution? - To what extent can geographic position be taken into account for routing? Power control

42. 42 Performance evaluation of vehicular networks: some papers  J. Pal Singh, N. Bambos, B. Srinivasan, D. Clawin, and Y. Yan, Empirical Observations on Wireless LAN Performance in Vehicular Traffic Scenarios and Link Connectivity Based Enhancements for Multihop Routing, WCNC'05  M. TorrentMoreno, D. Jiang, and H. Hartenstein, Broadcast Reception Rates and Effects of Priority Access in 802.11Based Vehicular AdHoc Networks, VANET'04  J. Yin, T. ElBatt, G. Yeung, B. Ryu, S. Habermas, H. Krishnan, and T. Talty, Performance Evaluation of Safety Applications over DSRC Vehicular Ad Hoc Networks, VANET'04  A. Ebner, H. Rohling, L. Wischhof, R. Halfmann and M. Lott, Performance of UTRA TDD Ad Hoc and IEEE 802.11b in Vehicular Environments, VTC 2003-Spring  J. Blum, A. Eskandarian, and L. Hoffman, Challenges of Intervehicle Ad Hoc Networks, IEEE Transactions on Intelligent Transportation Systems, Vol. 5, No. 4, December 2004  H. Wu, M. Palekar, R. Fujimoto, R. Guensler, M. Hunter, J. Lee, and J. Ko, An Empirical Study of Short Range Communications for Vehicles, Poster abstract, VANET'05  F. Hui and P. Mohapatra, Experimental Characterization of Multi-hop Communications in Vehicular Ad Hoc Network, Poster abstract, VANET'05

43. 43 Events and resources  Conferences and journals  VANET, colocated with Mobicom  V2V-Com, co-located with Mobiquitous  WIT: Workshop on Intelligent Transportation  VTC: Vehicular Technology Conference  IV: Conference on Intelligent Vehicles  escar 2005: Workshop on Embedded security in Cars, Nov. 29-30, Cologne (D) http://www.escarworkshop.org/  IEEE Transactions on Intelligent Transportation Systems  IEEE Transactions on Vehicular Technology  European industrial consortium: http://www.car-2-car.org/  http://ivc.epfl.ch  M. Raya and J.-P. Hubaux, “The Security of Vehicular Ad Hoc Networks”, accepted for the Workshop on Secure Ad Hoc and Sensor Networks (SASN) 2005

44. 44 Conclusion  The performance of vehicular communications is a difficult and highly relevant problem  Car manufacturers seem to be poised to massively invest in this area  Slow penetration makes connectivity more difficult  Security leads to a substantial overhead and must be taken into account from the beginning of the design process  The field offers plenty of novel research challenges