Upload
cora-flores
View
56
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Secure Vehicular Communications. Speaker: Xiaodong Lin University of Waterloo. http://bbcr.uwaterloo.ca/~xdlin/. Outline. Introduction Related work T ESLA-based S ecurity protocol for V ehicular C ommunication (TSVC) Conclusion and future work. Emergency Message. - PowerPoint PPT Presentation
Citation preview
23/4/19 1
Secure Vehicular CommunicationsSecure Vehicular Communications
Speaker: Xiaodong Lin
University of Waterloo
http://bbcr.uwaterloo.ca/~xdlin/
23/4/19 2
OutlineIntroductionRelated workTTESLA-based SSecurity protocol for
VVehicular CCommunication (TSVC)Conclusion and future work
23/4/19 3
Introduction
Curve speed warning,work zone warning etc
position, current time, direction, velocity, acceleration/
deceleration, etc
Tra
ffic
Me
ss
ag
e
Emergency Message
23/4/19 4
Introduction (cont’d)Vehicular Communications Network
Vehicles are equipped with communication, positioning and computation devices. They form a huge self-organized ad hoc network (VANET) to communicate with each other as well as roadside units.
VANET is a promising approach to increase road safetyroad safety, such as, such as avoid collision. avoid collision.facilitate traffic managementtraffic managementTremendous benefits
Traffic jam
ahead
23/4/19 5
Vehicular Communication Networks are Emerging
Many applicationsVehicle safety
applications Intersection Collision
Warning
However :There are many securitysecurity and privacyprivacy concerns with respect
to the messages exchanged and transmitted in VANETs.Need secure and privacy-preserving communication
protocols [VSCP2006] Vehicle Safety Communications Project. http://www-nrd.nhtsa.dot.gov/pdf/nrd-
12/060419-0843/PDFTOC.htm
23/4/19 6
Traffic jam
ahead
Introduction (cont’d)An Example of attack : Bogus traffic information
[RH07] M. Raya and J. P. Hubaux, Securing vehicular ad hoc networks, Journal of Computer Security, Vol. 15, No. 1, pp. 39-68, 2007.
23/4/19 7
At 3:00- Vehicle A spotted at position P1
At 3:15- Vehicle A spotted at position P2
Note: Privacy is a very important issue in vehicular networks
Vehicle A belongs to
John!
Introduction (cont’d)An Example of user privacy attack: Movement tracking
John was somewhere at
when!
23/4/19 8
An Example of Traceability
Note: Traceability is another very crucial issue in vehicular networks
We need to find someone who may be able to provide valuable information about the accident.
23/4/19 9
Security and Privacy Concerns:Sending bogus traffic
informationMessage integrity attackMessage replay attackImpersonation attackDenial of ServiceMovement tracking –
Anonymity
One desirable requirementIdentity traceability in
exceptional cases
Conditional Anonymity
Messages should be transmitted
unaltered from a trusted party
Introduction (cont’d)
23/4/19 10
Related WorkPrevious PKI based approach
[RH2005] M. Raya, J.P. Hubaux. The security of vehicular ad hoc networks. In Proceedings of the 3rd ACM workshop on Security of ad hoc and sensor networks SASN '05. November, 2005.
...
,,
,,
222
111
aaa
aaa
CertSKPK
CertSKPK
...
,,
,,
222
111
bbb
bbb
CertSKPK
CertSKPK
ELP(IDa)
ELP(IDb)
ELP(IDa)ELP(IDb)
…
ELP(IDj)
Anonymous certificate list M )(MSig sk pkCert
...1P iP
...1iP 2iP
...1P iP
...1iP 2iP
23/4/19 11
Related Work (cont’d)Group signature based approach
[LSHS2007] X. Lin, X. Sun, P.-H. Ho and X. Shen. GSIS: A Secure and Privacy-Preserving Protocol for Vehicular Communications. IEEE Transactions on Vehicular Technology. Vol. 56, No. 6, November, 2007.
group manager
Vehicle private key, group public key
Group signature:
1. A Group signature scheme is a method for allowing a member of a group to anonymously sign a message on behalf of the group.
2. Essential to a group signature scheme is a group manager, who is in charge of adding group members and has the ability to reveal the original signer in the event of disputes.
23/4/19 12
Facts:Message are sent
100ms~300ms.666~2000 cars within the
communication range.666~2000 messages to
verify per second. Achieving the goals of
verifying all the messages in a timely manner and lower cryptographic overhead is a challenging work for all existed public key schemes.
100 - 200 bytes 100 - 600 bytesSafety
messageCryptographic payload
{Position, speed, acceleration, direction,
time, safety events}
{Signer’s DS, Signer’s PK, CA’s certificate of PK}
Signer
Verifier
SignerSigner
1km1km
666 messages to be verified for each vechile!
Challenges facing nowadays Challenges facing nowadays
in VANETsin VANETs
23/4/19 13
MotivationDesign an efficient and
secure scheme, which can allow each vehicle to verify all the received messages in a timely manner with lower message loss ratio and lower cryptographic overhead.
100 - 200 bytes 100 - 600 bytesSafety
messageCryptographic payload
{Position, speed, acceleration, direction,
time, safety events}
{Signer’s DS, Signer’s PK, CA’s certificate of PK}
23/4/19 14
Broadcast AuthenticationBroadcast is basic communication mechanism; Vehicular
communication is broadcast in nature.Sender broadcasts data;Each receiver verifies data origin and integrity.
Sender
Bob
M
Carol
M
JohnAliceMM
23/4/19 15
TESLA (Time Efficient Stream Loss-Tolerant Authentication)
TESLA (Time Efficient Stream Loss-Tolerant Authentication)Uses purely symmetric primitives
In TESLA, each message is attached with a MAC tag only.
Self-authenticating keysThe sender makes use of a hash chain as cryptographic
keys in the MAC operations.
Delayed authentication techniqueMessage receivers are loosely synchronized.
Provides fast source authentication (1 MAC operation) with lower cryptographic overhead (20 bytes).
[PCTS2002] Adrian Perrig, Ran Canetti, J. D. Tygar, Dawn Song. The TESLA Broadcast Authentication Protocol. In CryptoBytes, vol. 5, No. 2, Summer/Fall 2002, pp. 2-13.
23/4/19 16
Proposed TESLA-based security protocol
Fact: each vehicle will receive a serial of messages from the same source.
Vehicle Group Formation
[LZSHS2007] X. Lin, C. Zhang, X. Sun, P.-H. Ho and X. Shen. Performance Enhancement for Secure Vehicular Communications. IEEE Global Communications Conference (GLOBECOM'07), Washington, DC, USA, Nov. 26-30, 2007.
O1
N2N1
N3 O2
Group A Group B
23/4/19 17
Each vehicle generates a hash chain initiated from a random seed S, where , , (i<j), according to each anonymous key pair and Certi.
1h
1 2, ,..., nh h h
nh S ( )j ii jh H h
,i iPK SK
2h ih
1M 2M iM1M 1 1( )hMAC M2M 2 2( )hMAC M ...
...
iM ( )ih iMAC M
1h1( )skSign h
Verify Signature
VerifyVerify MACMAC
...
?
2 1( )H h h
VerifyVerify MACMAC VerifyVerify MACMAC
?
1( )i iH h h
sender
receiver
Interval 1Interval 1 Interval 2Interval 2 Interval iInterval i
Delayed authentication
Proposed TESLA-based security protocol
23/4/19 18
Some other discussions (1/4)The choice of key release delay
Keys are released after all nodes have received the previous data packet. (We set as 100ms)
Before verifying the message, the receiver should first check if the corresponding key has been released or not.
M
h
sourceMACh(M’)|M’
23/4/19 19
Some other discussions (2/4)The capability to deal with message loss.
If data packet is lost, ignore it.If key release packet is lost, suppose hi is the
last received value:
Check if ? If so, go on to verify the message.
hi hi+1 hi+2 hj
lost lostreceived received
...
( )j ij iH h h
23/4/19 20
Some other discussions (3/4)Group member fluctuation
The neighborhood of each car does not change seriously, but it is subject to fluctuation occasionally.
The new comer will catch up with the new messages by repeatedly applying the hash function.
Stores its information for
a while
Send the signed tip of the hash
chain
1
23/4/19 21
Communication overhead (4/4)
The comparison of the communication overhead
Lifetime of the certificate 10mins
Message generating frequency 300ms
Group member fluctuation frequency 10sec
The length of ECDSA certificate 125bytes
Total information needs to be transmitted for ECDSA-2048 scheme
576,000bytes
Total information needs to be transmitted for TSVC scheme
333,020bytes
23/4/19 22
Performance evaluation
Impact of the traffic load on the MLR in highway scenario
Impact of the traffic load on the MD in highway scenario
Impact of the traffic load on the MLR in city scenario
Impact of traffic load on the MD in city scenario
23/4/19 23
ConclusionsProposes a TSVC protocol to reduce the
computation overhead.Retains the security properties.Allow each vehicle to verify all the received messages
in a timely manner with lower message loss ratio and lower cryptographic overhead.
23/4/19 24
Future workHow to improve the efficiency of the CRL
check up procedure? Migrating the CRL check-up operations to the
RSU side, which will instead perform the process and broadcast the check-up result to the vehicles in its communication range will be an interesting solution.
23/4/19 25
Questions & Comments ?
25
Thanks!