C hallenges in S ecuring V ehicular N etworks

CHALLENGES IN

SECURING VEHICULAR NETWORKS

2

Nile University – WINC - Ahmed Osama

Outline

Paper Information

Motivation

Main Contribution

Paper Overview

SLOW

3


Paper Information

• Published in– Workshop on hot topics of networks (HotNets-IV)– Year: 2005

• Authors– Bryan Parno, Carnegie Mellon University– Adrian Perrig, Carnegie Mellon University

Paper Information Motivation Main Contribution Paper Overview SLOW

4


Motivation

The deployment of vehicular networks is

rapidly approaching and their success and safety will depend on security solutions acceptable to

customers, manufacturers and governments.

Paper Information Motivation Main

Contribution Paper Overview SLOW

5


Main Contribution

(1) Analyze the security challenges specific to vehicular networks

Others…(2) Introduce a set of primitives for secure applications(3) Discuss vehicular properties that can support

secure systems.(4) Present two security techniques, entanglement and

reanonymizers, that leverage unique vehicular properties.


6


Paper Overview

Vehicular Network challenges

Adversaries

AttacksProperties supporting

security

Security primitives


7


Vehicular Network challengesAuthentication versus privacy

Availability

Low tolerance for errors

Mobility

Key Distribution

Incentives

BootstrapPaper Information Motivation Main Contribution Paper Overview SLOW

8



o Authentication versus privacy


We want to prevent one vehicle from claiming to be hundreds in order to create the illusion of a congested road “So need to assign a single identity” But Most drivers would reject a system that reveal their privacy

9



o Availability


For many applications, vehicular networks will require real-time, or near real-time, responses as well as hard real time guarantees

But attempts to meet real-time demands typically make applications vulnerable to Denial of Service (DoS) attacks

I am decelerating

Dummy

Packets

“Prevent real packet from being processed”

10



o Low tolerance for errors


Many applications use protocols that rely on probabilistic schemes to provide security

However, given the life-or-death nature of many proposed vehicular applications, even a small probability of error will be unacceptable

11



o Mobility


For vehicular networks, mobility is the norm, and it will be measured in miles, not meters, per hour.

Since two vehicles may only be within communication range for a matter of seconds, we cannot rely on protocols that require significant interaction between the sender and receiver.

Transient neighborhoodMany neighbors will only be encountered once, everMakes reputation-based systems difficult

12



o Key Distribution


First, vehicles are manufactured by many different companies, so installing keys at the factory would require coordination and interoperability between manufacturers

Unfortunately, in the U.S., most transportation regulation takes place at the state level, again complicating coordination.The federal government can impose standards, but doing so would require significant changes to the current infrastructure for vehicle registration, and thus is unlikely to occur in the near future; What about Egypt?

13



o Incentives


Law-enforcement agencies would quickly embrace a system in which speed-limit signs broadcast the mandated speed and vehicles automatically reported any violations. What about Customers?

Conversely, consumers might appreciate an application that provides an early warning of a police speed trap. Manufacturers might be willing to meet this demand. What about authorities?

14



o Bootstrap


Initially, only a small percentage of vehicles will be equipped with DSRC radios and little infrastructure will exist to support them. Thus, in developing applications for vehicular networks, we can only assume that a few other vehicles are able to receive our communications, and the applications must provide benefits even under these limited conditions

15


Adversaries• Greedy drivers

16


Adversaries• Greedy drivers• Snoops• Pranksters• Industrial Insiders• Malicious Attackers

17


Attacks

• Denial of Service (DoS)– Overwhelm computational or network capacity– Dangerous if users rely on the service

• Message Suppression Attacks– Drop congestion alerts

• Fabrication– Lie about congestion ahead or lie about identity

• Alteration Attacks– Replay transmissions to simulate congestion

18


Some Vehicular Properties Support Security

• Controlled Access– Toll roads and many bridges have controlled entry

and exit points.• Regular Inspections

– Most states require annual inspection– Download updates, CRLs, new certificates– Use software attestation to verify vehicle

• Honest Majority– Most drivers prefer not to tinker with their cars

• May void warranty or violate the law– Must protect against worms

• Leverage existing work for PCs• Trusted hardware (e.g., TPMs) may help eventually

19


Some Vehicular Properties Support Security

• Additional input– Presumed intelligent operator at each node– Cannot distract driver, but can still gather or infer data

• E.g., ignored deceleration warning may indicate a false positive• Existing enforcement mechanisms– For many attacks, attacker must be in close physical

proximity– May be sufficient to identify the attacker

20


Security Primitives

• Additional Primitives– Message Authentication – Key establishment

• Secure Aggregation Techniques– Example: counting cars.

• Anonymization Service– Reanonymizers

• Authenticated Localization of Message Origin– Entanglement

21


SLOW

• Strengths– Very Organized

• Limitations• Opportunities– Authentication vs. privacy with group signers

• Weaknesses


22

Thank you

ANY QUESTIONS?

F o r w a r d r a d a r

C o m p u t in g p l a t f o r m

E v e n t d a t a r e c o r d e r ( E D R )P o s i t i o n i n g s y s t e m

R e a r r a d a r

C o m m u n i c a t i o n f a c i l i t y

D i s p l a y

(GPS)

Human-Machine Interface

Documents

C hallenges in S ecuring V ehicular N etworks