Security In VANETsZhen Huang

Student number 5932039

huangzhen0612@163.com

What is VANETs

Vehicular Ad Hoc Networks

OBU: On-board Unit Communication system Application units,sensors、 GPS and

extra...

RSU: Road-Side Unit Collecting data sent out by vehicles and

finish some specific works,like accessing to the Internet or broadcasting the information of gas price.

Architecture of VANETs

Architecture of VANETs

Energy.In Vanet,it is easy for vehicles to charge the battery.

Mobility.Vehicles have high mobility because of their fast moving and unpredictable destination.

Real-time requirement.The dynamic property needs lower delays between 2 cars.

Difference From MANET

AuthenticationLocation privacyDetection of malicious node(vehicle)Revocation nodesMessage IntegrityKey management and identity management

Security In VANETs

Group manager distributes the group user keys to the members

The group members only use the group key to sign the message

The others verify the message with no need to know the real identity of the sender

Group signature

A vehicle should have the ability to authenticate other legitimate vehicles,makes sure the messages from other cars are valid.

In VANETs,vehicle only accepts the message from valid vehicle.

Identity and signature are used.

Authentication

ID=every vehicle gets a valid permanent identity from authority

DS=digital signatureMessage(ID,information,DS)

Authentication

Vehicle disseminates its own messages include position、 time、 events,during every period(1s).

e.g. Message(RED,position,traffic

accident,10AM,DS)

Location Privacy

Message(ID,Information,DS)

From the message,attacker knows your ID and your different positions at different time.

Bad attacker could trace you by the position information you sent out.

Big Problem

There should be a trade-off between privacy and authentication.

Main idea to solve this problem is to change the ID after a certain interval.

Solve the Problem

Pseudonymous Authentication

Vehicles store a large number of certificates at first

Randomly choose one of certificates to sign the message at one time

Two Main Ways

Group Signature Based Scheme

Valid vehicle in a group has group user key and group public key

Use group user key to sign a message Use group public key to verify other

members Group manager manages the keys

Two Main Ways

TACKs(Temporary Anonymous CertifiedKeys) is based on group signatures.

TACKs

TA:Trusted Authority,could be a government department or commercial entity.

RA:Regional Authority.In every region,there exists only one RA.

RL:Revocation List.It is a list include all the detected misbehaviours.

Architecture

TA is the group manager

TA gives every vehicle a permanent key(group user key),this key is stored in OBU and will not be changed during a long time,it represents a vehicle’s real identity,like license.

Long-term Keys(IDs)

When vehicle entering into a new region,it sends the request to RA to get a new temporary key.

Anonymous Update

If this vehicle is valid,the RA will approve the request and send back the key certificate.

Then,this car only use this temporary key to sign messages.

Now,the information becomes Mess (information,DS) without real identity.

Anonymous Update

The message includes no real ID,it’s very hard for malicious node to trace other vehicles.

For instance,in region 1, the red car send out message with key(10),the message is Mess(info, 10),then in region 2, the message will be Mess(info, 7).

Anonymous Update

RL lists all misbehaviouring vehicles

RA stores and updates this list.

When a vehicle requests for a new key,the RA first checks whether this vehicle is on RL.RA will send back the key if vehicle is not on RL.But if the vehicle is on the list,it will not be issued a temporary key.

Revocation List

Really a large group

Detect the bad node

When the temporary key expire?

Challenges in TACKs

Classify the vehicles into different groups.

Every group has a manager.

Group manager only supports keys to the members in the group.

Reduce the group 1

Every RA is the group manager. RA gives group user key and group public

key to every vehicle in region.

Reduce the group 2

Voting mechanism

To a specific event,RA records the vehicles who send a wrong infomation against the majority.

The misbehaviour number of these vehicles +1 respectively

How To Detect The Bad Node

Set a threshold value for the upper bound of the number of misbehaviours

If the number of a car misbehaviour outnumber the value,this vehicle is classified as malicious node and will be put on RL

How To Detect The Bad Node

There is an accident on right,every car says ‘there is an accident’ except the dark vehicle,RA records this and if the number is over the threshold.The dark car will be put on the RL.

Example

When and how to expire a vehicle’s temporary key?

Time-based and region-based are not enough.

Key expiration

RA has the RL.RA selects the invalid vehicles who now is in

RA’s region from RL. Broadcast this new Short List to all cars in

the region.All cars receive this list and won’t accept

the message from whom is on the list.

A New Idea

Ahren Studer,Elaine Shi,Fan Bai,Adrian Perrig.“Tacking Together Efficient Authentication,Revocation,and Privacy in Vanets”

Une Thoing Rosi, Chowdhury Sayeed Hyder.“ A Novel Approach for Infrastructure Deployment for VANET”. 2008 Second International Conference on Future Generation Communication and Networking.

Daxin Tian, Yunpeng Wang, Guangquan Lu, and Guizhen Yu.“A Vehicular Ad Hoc Networks Intrusion Detection System Based on BUSNet”.

Philippe Golle, Dan Greene, Jessica Staddon.“Detecting and Correcting Malicious Data in VANETs”

References

Yipin Sun,Rongxing Lu,Xiaodong Lin.“An Efficient Pseudonymous Authentication Scheme with Strong Privacy Preservation for Vehicular Communications”.IEEE Transaction on Vehicular Technology.

Gongjun Yan, Gyanesh Choudhary, Michele C. Weigle, Stephan Olariu.“Providing VANET Security Through Active Position Detection”.

Ahren Studer, Mark Luk, Adrian Perrig.“Efcient Mechanisms to Provide Convoy Member and Vehicle Sequence Authentication in VANETs”.

References

Questions

Anonymous update: When vehicle entering into a new region,the

former key and certificate expire. Vehicle sends the request to RA to get a new

temporary key certificate. If this vehicle is valid,the RA will approve the

request and send back the key certificate. If vehicle do some misbehavours,TA detects

that car and put it on the Revocation List(RL). Because of changing the temporary ID region

to region,it’s hard for malicious vehicle to trace others.

For instance,when the blue car entering a new region,the former key expires.Then it generates a new key pair and send it to RA to get a certificate. After receiving the request ,RA checks whether the blue car is valid or not(Checking is based on the Revocation List),if it is valid,RA issues a certificate. Then ,the blue car uses this key and certificate to sign the message in this region.

Q1. As we know,the key expiration is based on region,that means when a car entering a new region,it gets a new temporary key and certificate.But this expiration is not enough for the system.Why?Give an example.

Answer: There is a window time between when an vehicle was revoked and when it request the next key.

Q2.Though the vehicle change the ID from region to region,there still exists probability that attackers could trace others.Give a situation and elaborate the way how bad guys do.

 Answer: One situation is when only 2 vehicles

entering into a new region at the same time.,one of them is malicious and another is good guy,the malicious car could easily link the former key and temporary key of another car when they enter the new region.

 

Q3.When we detect the misbehaviouring vehicle,we use voting mechanism.Give an instance:If there’s a congestion in the junction,all cars send out the alert message”There’s a congestion”,except vehicle A,we classify A is misbehaviouring .But TA doesn’t put A on the RL right now,instead of that,RA will set up a counter to count the time of A misbehaviours,if this time outnumber the threshold,then the TA classify A as a malicious guy and put in on the RL.There are some reasons why we set up the counter and the threshoud.Please explain some of that.

 

Answer: It is possible that the hardware works incorrectly at this moment but will self-repair during a very short interval.