400 likes | 592 Views
Security In VANETs. Zhen Huang Student number 5932039 huangzhen0612@163.com. What is VANETs. Vehicular Ad Hoc Networks. Architecture of VANETs. OBU: On-board Unit Communication system Application units,sensors 、 GPS and extra... RSU: Road-Side Unit
E N D
Security In VANETs Zhen Huang Student number 5932039 huangzhen0612@163.com
What is VANETs Vehicular Ad Hoc Networks
Architecture of VANETs • OBU: On-board Unit • Communication system • Application units,sensors、GPSand extra... • RSU: Road-Side Unit • Collecting data sent out by vehicles and finish some specific works,like accessing to the Internet or broadcasting the information of gas price.
Difference From MANET • Energy.In Vanet,it is easy for vehicles to charge the battery. • Mobility.Vehicles have high mobility because of their fast moving and unpredictable destination. • Real-time requirement.The dynamic property needs lower delays between 2 cars.
Security In VANETs • Authentication • Location privacy • Detection of malicious node(vehicle) • Revocation nodes • Message Integrity • Key management and identity management
Group signature • Group manager distributes the group user keys to the members • The group members only use the group key to sign the message • The others verify the message with no need to know the real identity of the sender
Authentication • A vehicle should have the ability to authenticate other legitimate vehicles,makes sure the messages from other cars are valid. • In VANETs,vehicle only accepts the message from valid vehicle. • Identity and signature are used.
Authentication • ID=every vehicle gets a valid permanent identity from authority • DS=digital signature • Message(ID,information,DS)
Location Privacy Vehicle disseminates its own messages include position、time、events,during every period(1s). e.g. Message(RED,position,traffic accident,10AM,DS)
Big Problem Message(ID,Information,DS) From the message,attacker knows your ID and your different positions at different time. Bad attacker could trace you by the position information you sent out.
Solve the Problem • There should be a trade-off between privacy and authentication. • Main idea to solve this problem is to change the ID after a certain interval.
Two Main Ways • Pseudonymous Authentication • Vehicles store a large number of certificates at first • Randomly choose one of certificates to sign the message at one time
Two Main Ways • Group Signature Based Scheme • Valid vehicle in a group has group user key and group public key • Use group user key to sign a message • Use group public key to verify other members • Group manager manages the keys
TACKs • TACKs(Temporary Anonymous Certified Keys) is based on group signatures.
Architecture • TA:Trusted Authority,could be a government department or commercial entity. • RA:Regional Authority.In every region,there exists only one RA. • RL:Revocation List.It is a list include all the detected misbehaviours.
Long-term Keys(IDs) • TA is the group manager • TA gives every vehicle a permanent key(group user key),this key is stored in OBU and will not be changed during a long time,it represents a vehicle’s real identity,like license.
Anonymous Update • When vehicle entering into a new region,it sends the request to RA to get a new temporary key.
Anonymous Update • If this vehicle is valid,the RA will approve the request and send back the key certificate. • Then,this car only use this temporary key to sign messages. • Now,the information becomes Mess (information,DS) without real identity.
Anonymous Update • The message includes no real ID,it’s very hard for malicious node to trace other vehicles. • For instance,in region 1, the red car send out message with key(10),the message is Mess(info, 10),then in region 2, the message will be Mess(info, 7).
Revocation List • RL lists all misbehaviouring vehicles • RA stores and updates this list. • When a vehicle requests for a new key,the RA first checks whether this vehicle is on RL.RA will send back the key if vehicle is not on RL.But if the vehicle is on the list,it will not be issued a temporary key.
Challenges in TACKs • Really a large group • Detect the bad node • When the temporary key expire?
Reduce the group 1 • Classify the vehicles into different groups. • Every group has a manager. • Group manager only supports keys to the members in the group.
Reduce the group 2 • Every RA is the group manager. • RA gives group user key and group public key to every vehicle in region.
How To Detect The Bad Node • Voting mechanism • To a specific event,RA records the vehicles who send a wrong infomation against the majority. • The misbehaviour number of these vehicles +1 respectively
How To Detect The Bad Node • Set a threshold value for the upper bound of the number of misbehaviours • If the number of a car misbehaviour outnumber the value,this vehicle is classified as malicious node and will be put on RL
Example There is an accident on right,every car says ‘there is an accident’ except the dark vehicle,RA records this and if the number is over the threshold.The dark car will be put on the RL.
Key expiration • When and how to expire a vehicle’s temporary key? • Time-based and region-based are not enough.
A New Idea • RA has the RL. • RA selects the invalid vehicles who now is in RA’s region from RL. • Broadcast this new Short List to all cars in the region. • All cars receive this list and won’t accept the message from whom is on the list.
References • Ahren Studer,Elaine Shi,Fan Bai,Adrian Perrig.“Tacking Together Efficient Authentication,Revocation,and Privacy in Vanets” • Une Thoing Rosi, Chowdhury Sayeed Hyder.“ A Novel Approach for Infrastructure Deployment for VANET”. 2008 Second International Conference on Future Generation Communication and Networking. • Daxin Tian, Yunpeng Wang, Guangquan Lu, and Guizhen Yu.“A Vehicular Ad Hoc Networks Intrusion Detection System Based on BUSNet”. • Philippe Golle, Dan Greene, Jessica Staddon.“Detecting and Correcting Malicious Data in VANETs”
References • Yipin Sun,Rongxing Lu,Xiaodong Lin.“An Efficient Pseudonymous Authentication Scheme with Strong Privacy Preservation for Vehicular Communications”.IEEE Transaction on Vehicular Technology. • Gongjun Yan, Gyanesh Choudhary, Michele C. Weigle, Stephan Olariu.“Providing VANET Security Through Active Position Detection”. • Ahren Studer, Mark Luk, Adrian Perrig.“Efcient Mechanisms to Provide Convoy Member and Vehicle Sequence Authentication in VANETs”.
Anonymous update: • When vehicle entering into a new region,the former key and certificate expire. • Vehicle sends the request to RA to get a new temporary key certificate. • If this vehicle is valid,the RA will approve the request and send back the key certificate. • If vehicle do some misbehavours,TA detects that car and put it on the Revocation List(RL). • Because of changing the temporary ID region to region,it’s hard for malicious vehicle to trace others.
For instance,when the blue car entering a new region,the former key expires.Then it generates a new key pair and send it to RA to get a certificate. After receiving the request ,RA checks whether the blue car is valid or not(Checking is based on the Revocation List),if it is valid,RA issues a certificate. Then ,the blue car uses this key and certificate to sign the message in this region.
Q1. As we know,the key expiration is based on region,that means when a car entering a new region,it gets a new temporary key and certificate.But this expiration is not enough for the system.Why?Give an example. • Answer: There is a window time between when an vehicle was revoked and when it request the next key.
Q2.Though the vehicle change the ID from region to region,there still exists probability that attackers could trace others.Give a situation and elaborate the way how bad guys do. Answer: One situation is when only 2 vehicles entering into a new region at the same time.,one of them is malicious and another is good guy,the malicious car could easily link the former key and temporary key of another car when they enter the new region.
Q3.When we detect the misbehaviouring vehicle,we use voting mechanism.Give an instance:If there’s a congestion in the junction,all cars send out the alert message”There’s a congestion”,except vehicle A,we classify A is misbehaviouring .But TA doesn’t put A on the RL right now,instead of that,RA will set up a counter to count the time of A misbehaviours,if this time outnumber the threshold,then the TA classify A as a malicious guy and put in on the RL.There are some reasons why we set up the counter and the threshoud.Please explain some of that.
Answer: It is possible that the hardware works incorrectly at this moment but will self-repair during a very short interval.