Survey of Vehicular Network Security - PowerPoint PPT Presentation

About This Presentation
Title:

Survey of Vehicular Network Security

Description:

Survey of Vehicular Network Security Jonathan Van Eenwyk ... – PowerPoint PPT presentation

Number of Views:315
Avg rating:3.0/5.0
Slides: 22
Provided by: Jonath230
Category:

less

Transcript and Presenter's Notes

Title: Survey of Vehicular Network Security


1
Survey of Vehicular Network Security
  • Jonathan Van Eenwyk

2
Contents
  • Design Issues
  • Certificate-Based Solution
  • Privacy Concerns
  • Data Validation

3
Design Issues
  • The Security and Privacy of Smart Vehicles
  • IEEE Security and Privacy, May/June 2004 Hubaux,
    Capkun, Luo
  • Attacks on Inter-Vehicle Communication Systems-an
    Analysis
  • Aijaz, et al (supported by industry)
  • Challenges in Securing Vehicular Networks
  • HotNets-IV Parno and Perrig
  • Security Issues in a Future Vehicular Network
  • European Wireless, 2002 Zarki, et al

4
Design Issues
  • The Security and Privacy of Smart Vehicles
  • IEEE Security and Privacy, May/June 2004 Hubaux,
    Capkun, Luo
  • System model
  • Ad-hoc communication between vehicles and base
    stations
  • Base stations provide services
  • Vehicles provide sensor data
  • Vehicles have more resources than most ad-hoc
    networks
  • Applications
  • Traffic and safety alerts
  • Travel tips
  • Infotainment (including Internet access)

5
Design Issues
  • The Security and Privacy of Smart Vehicles
  • IEEE Security and Privacy, May/June 2004 Hubaux,
    Capkun, Luo
  • Challenges
  • Authentication and data encryption
  • Auditing sensor data
  • Privacy (avoid tracking)
  • Infrastructure boot-strapping
  • Negative perception of smart vehicles

6
Design Issues
  • The Security and Privacy of Smart Vehicles
  • IEEE Security and Privacy, May/June 2004 Hubaux,
    Capkun, Luo
  • Key Features
  • Context sensors (front-end radar, ultra-sound,
    etc)
  • Event data recorder (i.e., black box)
  • Tamper-proof device to handle encrypted
    transmissions
  • Location detection (GPS or distance bounding)
  • Communication with road-side base stations

7
Certificate-Based Solution
  • The Security of Vehicular Networks
  • EPFL Technical Report, March 2005 Raya, Hubaux
  • Certificate Revocation in Vehicular Networks
  • LCA Report 2006 Raya, Jungels, Papadimitratos,
    Aad, Hubaux

8
Certificate-Based Solution
  • The Security of Vehicular Networks
  • EPFL Technical Report, March 2005 Raya, Hubaux
  • Attacks
  • Bogus information
  • Message tampering
  • Cheating (data manipulation, impersonation)
  • Identity disclosure for vehicle tracking
  • Denial of service

9
Certificate-Based Solution
  • The Security of Vehicular Networks
  • EPFL Technical Report, March 2005 Raya, Hubaux
  • Security Mechanisms
  • Electronic License Plate (post-mortem auditing)
  • Asymmetric encryption using public key
    infrastructure
  • Large number of anonymous keys (no identity
    information)
  • Vehicles frequently change keys to avoid tracking
  • Keys can be revoked (more later)
  • Physical layer protection against denial of
    service
  • Channel switching
  • Implement more than one communication technology

10
Certificate-Based Solution
  • Certificate Revocation in Vehicular Networks
  • LCA Report 2006 Raya, Jungels, Papadimitratos,
    Aad, Hubaux
  • Revocation using Compressed Certificate
    Revocation Lists (RC2RL)
  • Large number of vehicles, so potentially huge
    revocation list
  • Lossy compression using Bloom filter
  • Configurable rate of false positives
  • Definitely no false negatives
  • Bit vector of length m
  • Hash a with k hashing functions
  • Each function sets one bit
  • Later, verify membership if all k bits are set as
    expected

11
Certificate-Based Solution
  • Certificate Revocation in Vehicular Networks
  • LCA Report 2006 Raya, Jungels, Papadimitratos,
    Aad, Hubaux
  • Revocation of the Tamper-Proof Device (RTPD)
  • Send message to vehicles TPD to revoke all
    activity
  • Send to base stations nearest last known location
  • Broadcast over low-bandwidth radio (AM/FM) or
    satellite
  • Lower overhead approach as long as TPD is
    reachable
  • Send localized revocation list to surrounding area

12
Certificate-Based Solution
  • Certificate Revocation in Vehicular Networks
  • LCA Report 2006 Raya, Jungels, Papadimitratos,
    Aad, Hubaux
  • Distributed Revocation Protocol (DRP)
  • Vehicles that detect malicious nodes can warn
    others
  • Requires an honest majority
  • Warnings have lower weight if sending node has
    also been condemned by other nodes
  • Node 4 condemns node 2
  • But this warning has less weight because node 4
    has itself been condemned by nodes 1 and 3

1
4
2
3
13
Privacy Concerns
  • Balancing Auditability and Privacy in Vehicular
    Networks
  • Q2SWinet '05 Choi, Jakobsson, Wetzel
  • CARAVAN Providing Location Privacy for VANET
  • ESCAR '05 Sampigethaya, Huang, Li, Poovendran,
    Matsuura, Sezaki

14
Privacy Concerns
  • Balancing Auditability and Privacy in Vehicular
    Networks
  • Q2SWinet '05 Choi, Jakobsson, Wetzel
  • Provide privacy
  • From peer-to-peer vehicles
  • From infrastructure authorities
  • Support auditability
  • Linkability between anonymous handles and owner
    identity
  • Requires off-line permission granting (court
    order, etc)

15
Privacy Concerns
  • Balancing Auditability and Privacy in Vehicular
    Networks
  • Q2SWinet '05 Choi, Jakobsson, Wetzel
  • Two-Level Infrastructure
  • Back-end (ombudsman)
  • Creates long-term handle from node identities
  • Nodes initialized with set of handles
  • Off-line approval can grant identity from
    pseudonym
  • Front-end (road-side base stations)
  • Uses short-term pseudonyms created from long-term
    handles
  • Pseudonym and shared key created from handle and
    timestamp

16
Privacy Concerns
  • CARAVAN Providing Location Privacy for VANET
  • ESCAR '05 Sampigethaya, Huang, Li, Poovendran,
    Matsuura, Sezaki
  • Provide privacy from vehicle location tracking
  • Proposed Techniques
  • Update pseudonym after random silence period
  • Fixed-interval updates can be tracked by
    estimating trajectory
  • Silence period obscures nodes if other nodes are
    present
  • Designate group leader to proxy communications
  • Avoids redundant transmissions
  • Extends length of time to use each pseudonym

17
Data Validation
  • Probabilistic Validation of Aggregated Data in
    Vehicular Ad-hoc Networks
  • VANET '06 Picconi, Ravi, Gruteser, Iftode
  • Detecting and Correcting Malicious Data in VANETs
  • VANET '04 Golle, Grenne, Staddon

18
Data Validation
  • Probabilistic Validation of Aggregated Data in
    Vehicular Ad-hoc Networks
  • VANET '06 Picconi, Ravi, Gruteser, Iftode
  • Allow sensor data to be aggregated
  • Use signing certificates to validate data
  • Randomly force one complete record to be included
  • Relies heavily on tamper-proof device

19
Data Validation
  • Detecting and Correcting Malicious Data in VANETs
  • VANET '04 Golle, Grenne, Staddon
  • Nodes attempt to identify malicious data via
    information sharing
  • Nodes detect neighbors and contribute to global
    database
  • Malicious nodes may contribute invalid or spoofed
    data
  • May try to fake a traffic jam
  • Friendly nodes build models to explain database
    observations
  • Is there one malicious node attempting to spoof
    three other nodes?
  • Are all four nodes malicious?
  • Possible heuristic choose scenario with fewest
    bad and spoofed nodes

20
Data Validation
  • Detecting and Correcting Malicious Data in VANETs
  • VANET '04 Golle, Grenne, Staddon
  • Example
  • Actual Scenario
  • Possible Explanations

21
Questions?
Write a Comment
User Comments (0)
About PowerShow.com