Download presentation
Presentation is loading. Please wait.
Published byGodfrey French Modified over 9 years ago
1
Security, privacy and protection in different VANET applications Security, privacy and protection in different VANET applications afternoon session Mario Gerla
2
Vehicular security tools/techniques Outline Conventional tools, Vehicle-PKI and secure positioning; New tools (e.g., anonymous routing; routing attack; secure incentives; situation awareness; community trust; “trust cloud” of commuters - from the social net proposal) Wormholes in the urban grid Privacy v.s. security trade offs
3
Conventional techniques Tamper-proof device V-PKI Anonymous keys Secure Localization
4
Tamper-proof device Each vehicle carries a tamper-proof device Contains the secrets of the vehicle itself Has its own battery Has its own clock (notably in order to be able to sign timestamps) Is in charge of all security operations Is accessible only by authorized personnel
5
Digital signatures Symmetric cryptography is not suitable: messages are standalone, large scale, non-repudiation requirement Hence each message should be signed with a DS Liability-related messages should be stored in the EDR (event data recorder)
6
VPKI (Vehicular PKI) Each vehicle carries in its Tamper-Proof Device (TPD): A unique and certified identity: Electronic License Plate (ELP) A set of certified anonymous public/private key pairs Mutual authentication can be done without involving a server Authorities (national or regional) are cross-certified
7
The CA hierarchy: two options The governments control certification Long certificate chain Keys should be recertified on borders to ensure mutual certification Vehicle manufacturers are trusted Only one certificate is needed Each car has to store the keys of all vehicle manufacturers
8
Anonymous keys Preserve identity and location privacy Keys can be preloaded at periodic checkups The certificate of V’s ith key: Keys renewed according to vehicle speed (e.g., ≈1 min at 100 km/h) Anonymity is conditional on the scenario The authorization to link keys with ELPs is distributed (say, police + court)
9
Avoiding Big Brother
10
DoS resilience Vehicles will probably have several wireless technologies onboard To thwart DoS, vehicles can switch channels or communication technologies Great market for “Cognitive Radios”
11
Data verification by correlation Bogus info attack relies on false data Authenticated vehicles can also send wrong data (on purpose or not) The correctness of the data should be verified Correlation can help
12
Security analysis How much can we secure VANETs? Messages are authenticated by their signatures Authentication protects the network from outsiders Correlation and fast revocation reinforce correctness Availability remains a problem that can be alleviated Non-repudiation is achieved because: ELP and anonymous keys are specific to one vehicle Position is correct if secure positioning is in place
13
What PK cryptosystem to use? Available options: RSA Sign: most popular, but largest key size ECDSA (Elliptic Curve): most compact NTRUSign (Nth Truncated Polynomial): fastest in signing and verification… Signature verification speed matters the most Further improvements that can help: Vehicles verify only relevant content Several messages signed with same key
14
Performance comparison
15
Not to scale Performance evaluation ns-2 simulations Two scenarios drawn from DSRC The effect of message size (including the security material) on delay, number of received packets, and throughput is evaluated
16
How msg size affects Delay, …
17
…Number of received packets, …
18
…and Throughput
19
How to securely locate a vehicle
20
Positioning systems Satellites: GPS, Galileo, Glonass(Outdoor, Radio Frequency (RF) – Time of Flight (ToF)) General Systems Active Badge(Indoor, Infrared(IR)), Olivetti Active Bat, Cricket(Indoor, Ultrasound(US)-based), AT&T Lab Cambridge, MIT RADAR, SpotON, Nibble(Indoor/Outdoor, RF-Received Signal Strength), Microsoft, Univof Washington, UCLA+Xerox Palo Alto Lab Ultra Wideband Precision Asset Location System,(Indoor/Outdoor, RF- (UWB)-ToF), Multispectral solutions, Inc.
21
Positioning systems (cont) Ad hoc and sensor nets (no GPS): Convex position estimation (Centralized), UC Berkeley Angle of Arrival based positioning(Distributed, Angle of Arrival), Rutgers Dynamic fine-grained localization (Distributed), UCLA GPS-less low cost outdoor localization(Distributed, Landmark-based), UCLA GPS-free positioning (Distributed), EPFL
22
GPS
23
GPS Security –Example of attack A GPS simulator can send strong fake signals to mask authentic weak signals
24
GPS Security Other vulnerabilities Relaying attack: connects the receiver to a remote antenna Signal-synthesis attack: feeds the receiver with false signals Selective-delay attack: predicts the signal Δt earlier Security solutions Tamper-resistant hardware Symmetric crypto Problem: an authenticated receiver can hack the system Asymmetric crypto Problem: additional delay
25
Distance measurement techniques
26
Attacks on RF and Ultra Sound ToF-based techniques
27
The challenge of secure positioning Goals: preventing an insider attacker from cheating about its own position preventing an outsider attacker from spoofing the position of an honest node Our proposal: Verifiable Multilateration
28
Distance bounding RF distance bounding: – nanosecond precision required, 1ns ~ 30cm – UWB enables clock precision up to 2ns and 1m positioning indoor and up to 2km outdoor US distance bounding: – millisecond precision required,1ms ~ 35cm
29
Distance Bounding (RF) 1993 (Brands and Chaum): to prevent the Mafia fraud attack The Bound = (tr-ts)c/2 > dreal
32
Conclusion on secure positioning New research area Positioning tout court is not yet completely solved (solutions will rely on GPS, on terrestrial base stations, and on mutual distance estimation) Time of flight seems to be the most appropriate technique More information available at: http://spot.epfl.ch
33
New Tools on VANET Security and Privacy Secure Routing Security Incentives Situation awareness Trust
34
A Secure Ad-hoc Routing Approach using Localized Self-healing Communities Jiejun Kong, Xiaoyan Hong, Yunjung Yi, Joon-Sang Park, Jun Liu, Mario Gerla Computer Science Department University of California, Los Angeles University of Alabama, Tuscaloosa {jkong,yjyi,jspark,gerla}@cs.ucla.edu {jliu,hxy}cs.ua.edu
35
Problem Statement Threats to on-demand routing – Active attack: disruptive Denial-of-service attacks Packet loss, rushing attack, black-hole, gray-hole, wormhole – Passive attack: protocol-compliant Eavesdropper, traffic analyst anonymous routing needed We will focus on active threats from non-cooperative (selfish or malicious) members (eg, INTRUDERS)
36
Typical On-demand Routing Attacks Most active attacks cause repeated RREQs Excessive RREQ repetitions exhaust network resource – Current mechanism to reduce # of allowed RREQ floods per connection: RREQ rate limit – NOT ENOUGH WHEN ACTIVE ATTACKERS ARE THE BEHIND RREQ “ FLOODS ” RREP & DATA packet DROPS – Caused by rushing attack etc. [Hu et al.,WiSe ’ 03] – THEY Trigger more RREQ floods Source will keep retrying, with repeated RREQ, causing massive congestion!!!!
37
RUSHING ATTACK Describe RUSHING ATTACK WITH ANIMATION Explain Perrig solution here.. source dest
38
Outline Review of current countermeasures Community-based secure routing approach – Strictly localized & w/ clearly-defined per-hop operation – “ Self-healing community ” substitutes “ single node ” Our analytic models – Sub-polynomial model for network security – Stochastic model for mobile networks Empirical simulation verification Summary
39
Other countermeasures (for on-demand routing against active attacks) Cryptographic protections – Cannot stop internal non-cooperative network members; they have the keys [TESLA in Ariadne, PKI in ARAN] Network-based protections – Straight-forward RREQ rate limit [DSR, AODV] Long RREQ interval causes non-trivial routing performance degradation – Multi-path secure routing [Awerbuch,WiSe ’ 02] [Haas,WiSe ’ 03] Not localized, incurs global overhead, expensive Node-disjoint multi-path preferred, but challenging – Perrig solution to rushing (is it also multi path?)
40
Our design Goal: Reduce # of allowed RREQ floods (per connection) to minimum – Ideally, 1 initial on-demand RREQ flood for each e2e connection – In spite of attacks Solution: – Build multi-node self-healing communities to counter non- cooperative packet loss – approach applies to wide range of ad hoc routing protocols
41
Community: 2-hop scenario Explain two hop path … intermediate nodes = community Community leader (to be defined later) community
42
Community: multi-hop scenario community is dynamically reconfigured (self healing) communities source dest
43
Community Based Security (CBS) End-to-end communication between ad hoc terminals Community -to-community forwarding (not node -to-node ) Challenge: adversary knows CBS is operated in the network – It would prevent the network from forming communities – Network mobility etc. will disrupt CBS 0 1 2 3 4
44
Community formation & re-configuration On demand initial configuration – Communities formed during RREP – Simple heuristics: promiscuously overheard 3 consecutive (ACKs of) RREP packets set community membership flag for the connection Goal revisited: reduce the need of RREQ floods – In spite of non-cooperative packet loss
45
Self-healing community around V formed upon hearing RREP RREQ RREP E V V E U Community formation around V (Potentially non-cooperative) V ’ s community must be formed at RREP – Else V drops RREP and succeeds – V 1 and V 2 need to know V ’ s “ upstream ” V1V1 V2V2 upstream
46
Protocol details (RREQ, upstream_node, …… ) (RREP, hop_count, …… ) The extra fields can be spared (in DSR or AODV)
47
ACK-based configuration Remove self healing - not an essential attribute communities (if C forwards a correct RREP) source dest C C’ C” B D E communities (C’ and C” not in transmission range & C’ wins)
48
Community Concept helps reduce RREQ in mobile networks How does this work? Proactive re-configuration Each community loses shape due to mobility End-to-end proactive probing to maintain the shape – PROBE unicast : – PROBE_REP unicast: same as RREP
49
Reconfig in 2-hop scenario (PROBE, upstream, … ) (PROBE_REP, hop_count, … ) “ Unicast probing + take-over ” in use Old community becomes amorphous due to random node mobility etc. S D oldF newF Newly re-configured community Node D's roaming trace
50
Communities help in mobile scenario: multi-hop case Probing message can be piggybacked in data packets Probing interval T probe determined by network dynamics Simple heuristics: Slow Increase Fast Decrease source dest PROBEPROBE_REP
51
Secure Incentives for Commercial Advertisement Dissemination in Vehicular Networks Suk-Bok Lee and Seung Hyun Pan Tutor: Joon-Sang Park Professor: Mario Gerla CS 218 Class Project Fall 2006 Accepted at Mobihoc 2007
52
52/31 Presentation Outline Ad dissemination in VANET Signature-Seeking Drive – Overview – One-level advertising – Multi-level advertising Evaluations Discussion
53
53/31 Ad Dissemination in VANET Commercial Advertising via Car-to-Car communication – Very promising application – High mobility nature of vehicles – Currently proposed scenarios Electronic coupon system, FleaNet, Digital Billboards
54
Advertising in VANET Advertisement Content Ad providers use VANET for disseminating their ads
55
Advertising in VANET Vehicle-Vehicle Communication Vehicle u keeps forwarding this ad for In-N-Out Burger u
56
56/31 Ad Dissemination in VANET In the real world… – Non-cooperative behaviors Selfish users Malicious users – More serious threats… – e.g. DoS attacks (making dummy ads propagate over the network.) Even for “naïve” users – Why should they help forward those commercial ads for the benefit of the business companies?
57
57/31 Vehicular Ad System Concerns in vehicular ad system – Advertisers want to use VANET – From a vehicle users’ viewpoint, the business companies are exploiting vehicle users’ resources for their own profit. Graceful compromise – Advertisers pay for the incentives for users Charges for network resources Or advertising charges
58
58/31 Our framework Signature-Seeking Drive (SSD) – Secure incentives for cooperative nodes – No tamper-proof h/w assumptions – No game theoretic approaches – Leverages a PKI (public key infrastructure) – A set of ad dissemination designs
59
SSD: overview AD I After verifying AD I, Vehicle u may agree to disseminate the ad. Vehicular Authority (VA) Request for Ad permission Certified Ad u Ad Distribution Point (ADP)
60
Signature-Seeking Drive: Overview Vehicle-Vehicle Communication Vehicle u keeps forwarding AD I u Rv AD I v w Rw In return, receiving vehicles v, w provide signed-receipts to u. While driving its way, u may collect as many receipts as it forwards AD I.
61
Signature-Seeking Drive: Overview Rw Rv AD I...... Colleted receipts Receipts are exchangeable with virtual cash at Virtual Cashier (e.g. gas station); a small portion is reserved for each receipt-providing nodes, too. Vehicular Authority (VA) Transaction Record VA charges In-N-Out Burger such virtual cash induced by AD I ’s Charge
62
62/31 Uncooperative Model Selfish nodes – Seek to maximize their own profit Malicious nodes – Try to intentionally disrupt the system We may encourage selfish nodes to participate in the network with an incentive model, yet malicious nodes try to attack the weak point of the model. Secure incentive !
63
63/31 Ad Dissemination Models One-level advertisement – Local advertising – Most users receive the ad, with reasonable # of forwarding nodes Multi-level advertisement –Intensive advertising over the wide area
64
Notations
65
65/31 One-level advertisement 1. Approval for advertisement ( company I Vehicular Authority ) 2. Agreement with Ad Distribution Point ( I’s ADP vehicle u ) Ad permit Voucher ADP provides u with a voucher for u’s exclusive use. The notion of a voucher limits the dissemination to one-level.
66
66/31 One-level advertisement 3. Advertisement Dissemination ( vehicle u vehicle v ) 4. Receipt Redemption ( vehicle u Virtual Cashier VC ) Signed receipt Each VC is connected with VA that maintains all the transactions. VC examines whether u has never redeemed u’s voucher for AD I at any other VC before. Voucher Collected receipts Ad permit
67
67/31 Multi-level advertisement Level-free advertisement –No vouchers, any nodes can reuse AD S and cash receipts w/o a voucher –Simple and most intensive method for advertising –Heavy outlay for advertisement, due to too much redundancy Compromise between one-level and level-free: –n-level advertising –Company S sets a limit on the number of propagation levels –Two designs: Hash-chain based, and Onion voucher based.
68
68/31 Hash chain based n-level advertising Contacting with S’s ADP # of levels S setsRandom # by S Advertisement Dissemination (u v) Advertisement Dissemination (v x)
69
69/31 Hash chain based n-level advertising Receipt Redemption (x VC) VC first checks whether n-2 is non-zero and the legitimacy of the corresponding hash value. Weaknesses –No coercive measures for nodes to reduce their permissible levels by 1 –Malicious users can throw any permissible value open to the public
70
70/31 Onion voucher based n-level advertising Contacting with S’s ADP Example of onion voucher Advertisement Dissemination (u v) Onion voucher for u Onion voucher for v
71
71/31 Onion voucher based n-level advertising Receipt Redemption (x VC) Example of onion voucher VC checks that # of nodes included in OV is not bigger than n Onion voucher secures n-level dissemination Overhead by three-way handshake x’s Onion voucher
72
72/31 Evaluations Communication cost Storage requirement Computation overhead Analysis –Incentive perspective –Security of Signature-Seeking Drive Simulations on ns-2 –Westwood area (4Km x 4Km) with 1,000 cars –West LA (10Km x 10Km) with 5,000 cars
73
73/31 Communication cost One-level ad message format (utilizing Elliptic Curve Cryptography): –sender’s certificate (84 bytes), ad content (x bytes), ad provider ID (8 bytes), and sender’s signature (28 bytes) on ad permit Total message size = (120 + x) bytes Hash chain based n-level ad message format: –One-level message size + the permissible level value (1 byte) + its corresponding hash value (20 bytes in SHA-1) = (141 + x) bytes Onion voucher based n-level ad message format (of a node in level d): Two separate message due to three-way handshake. First message size = one-level message size = (120 + x) bytes Second message size = Onion voucher (28 bytes) + the certificates included in onion voucher (d x 84) = (d x 84 + 28) bytes Message size mainly depends on ad content size x
74
74/31 Storage requirement One-level ad model (utilizing ECC): –Ad permit (28 bytes), ad content (x bytes), voucher (28 bytes), and K collected receipts (28 bytes) and their corresponding certificates (84 bytes) Total storage requirement = (K x 112 + x + 56) bytes Hash chain based n-level ad model: –One-level storage requirement (excluding voucher) + the permissible level value (1 byte) + its corresponding hash value (20 bytes in SHA-1) = (K x 112 + x + 49) bytes Onion voucher based n-level ad model (of a node in level d): –One-level storage requirement (excluding voucher) + Onion voucher (28 bytes) + the certificates included in onion voucher (d x 84) = (d x 84 + K x 112 + x + 28) bytes Note: each car may have multiple kinds of ads at a time The storage requirement mainly depends on the number of the collected receipts
75
75/31 Computation overhead Ex. vehicle u has 100 neighbors within its communication range, and all the neighbors send out their ads at regular interval of r ms. –Hash chain based n-level ad model: Lower bound of processing time for each incoming ad = verifying time x 2 + signing time = 18.45 ms r ms / 100 > 18.45 ms interval length > 1.845 sec –Onion voucher based n-level ad model: Due to three-way handshake ad process Lower bound of processing time for each incoming ad & receipt = ad processing time (verifying time x 2 + signing time = 18.45 ms) + receipt processing time (verifying time + signing time = 10.87 ms) = 29.32 ms r ms / 100 > 29.32 ms interval length > 2.932 sec Note: each car may have multiple kinds of ads at a time The interval for each kind of ad may be multiple times of the above interval.
76
76/31 Upper bound of ad content size For the worst case condition, we set the maximum throughput as 6 Mbps (the minimum data rate in DSRC)
77
77/31 Simulations Running on ns-2 Mobility model from Saha et al. Two scenarios – Westwood area (4x4Km) with 1,000 cars – West LA (10x10Km) with 5,000 cars
78
78/31 Unrealistic aspects in our simulation model Mobility model – No traffic control – Always constant speed – Random starting point and destination for each node – All nodes are always moving within the target area. No parked cars, no newcomers, or cars leaving the area Number of nodes – Too few cars in our simulation model – More than 10,000 cars in Westwood area – More than 5 million cars in LA
79
79/31 Westwood area (4x4Km) with 1,000 cars Ad coverage using varying number of Level 1 nodes Ad coverage by time
80
80/31 Westwood area (4x4Km) with 1,000 cars Number of forwarding nodes Avg. received ads per vehicle
81
The END
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.