effective security as an ill-defined problem in vehicular ad hoc networks (vanets)
TRANSCRIPT
Effective Security as an ill-defined Problem in
Vehicular Ad hoc Networks (VANETs)
Presented by Patrice Seuwou
Centre for Information Systems and Management
Department of Informatics,
London South Bank University,
London SE1 0AA
{Seuwoup, dilip, prothed, ubakang}@lsbu.ac.uk
June 22, 2012
Presentation outline
DECADE OF ACTION FOR ROAD SAFETY 2011-2020
Overview of VANET
Security Analysis
Paradoxes and contradictions
Effective Security for VANETs
A modern vehicle
Forward radar
Computing platform
Event data recorder (EDR)
Positioning system
Rear radar
Communication facility
Display
(GPS)
Human-Machine Interface
Figure 1. A modern vehicle is a network of sensors/actuators on wheels
What is a VANET?
Figure 2. A graphical depiction of a Vehicular Ad hoc NETwork (VANET). The unloading vehicle
blocks a route and the surrounding vehicles can adopt alternative routes to avoid disruption. (Image
Extracted from CAR 2 CAR Communication Consortium at www.car-to-car.org/).
What is a VANET (Vehicular Ad hoc NETwork)?
Roadside
base station
Inter-vehicle
communications
Vehicle-to-roadside
communications
Emergency
event
Figure 3. Communication
Figure 4. Ad hoc communication
Scenario 1
Figure 5. Ad hoc communication
Scenario 2
A Gap in VANETs Security
• Plethora of publication in VANETs Security
• None of the published solution guaranty
utmost security (Dok et al, 2010).
• “Securing a vehicular network is an ill-defined
problem, and most systems available for the
VANET do not combine efficiency, security and
traceability…”(Choi et al, 2011)
The Plan
Road safety management
Safer roads and mobility
Safer vehicles Safer road
users Post –crash response
Pillars of the Plan
Attackers Raya et Hubaux (2007) characterise an attacker by
(Membership.Motivation.method.Scope).
• Insider or outsider – Insider – valid user
– Outsider – Intruder, limited attack options
• Malicious or rational – Malicious – No personal benefit, intends to harm other users
– Rational – seeks personal benefits, more predictable attack
• Active or passive – Active: Generates packets, participates in the network
– Passive: Eavesdrop, track users
• Local or Extended – Local: Control several entities (vehicles and base stations) in a confined area.
– Extended: Control several entities scattered across the network.
Groups of attacks
Threats
Threats to Availability
Threats to Confidentiality
Threats to Authentication
• Malware
• Spamming
• Denial of Service (DoS) Attack
• Distributed DoS Attacks
• Black Hole Attacks
• Broadcast Tampering
The most prominent attack in VANETs
in terms of confidentiality is:
Eavesdropping
(Cruz-Cunha et al, 2010).
• Replay Attack
• Position Faking
• Certificate Replication
• Message Tampering / Manipulation
• Global Positioning System (GPS) Spoofing
• Tunneling
Broad categories of Security in
VANETs
VANET Security
Figure 7. Broad categories of Security in VANETs
Certificate Authority
≈ 100 bytes ≈ 140 bytes
Safety
message
Cryptographic
material
{Position, speed,
acceleration, direction,
time, safety events}
{Signer’s digital signature,
Signer’s public key PK,
CA’s certificate of PK}
Authenticated
message
Data verification
Secure positioning
Tamper-
proof device
Event data
recorder
Secure multihop routing
Services (e.g., toll
payment or
infotainment)
Figure 8. Security Architecture
Examples security Mechanisms in
VANETs
• TESLA (Timed Efficient Stream Los-Tolerant Authentication) • Symmetric Cryptography
• Non – repudiation is impossible
• Fails to support efficient multi-hop communication
• TESLA++ (Modified version of TESLA) • Provide broadcast authentication using symmetric cryptography and delayed key disclosure.
(Like TESLA).
• Because it also uses symmetric, does not provide non-repudiation or efficient multi-hop
authentication.
• Fails to provide all of the properties necessary for a VANET authentication framework.
• Lacks non-repudiation and multi-hop authentication.
• VAST (VANET Authentication using Signatures and TESLA++)
(Studer et al, 2008)
Paradoxes and contradictions
• Authentication is stronger using Digital signature
• Symmetric ciphers are typically much faster than
asymmetric ciphers.
• Asymmetric ciphers are also used for digital
signatures.
• Using symmetric cryptography makes Non-
repudiation impossible
• Speeds can vary significantly by algorithm
Security Requirements
Confidentiality
Integrity
Authentication
Access Control
Availability
Privacy
Trust
Real-time
Guarantee
Verification of data
consistency
Multi-hop
communication
Law enforcement
Governmental
Transportation
Authorities
Police
Security
Traceability Efficiency
Figure 9. Security Requirement in VANETs
Security
Traceability Efficiency
Broad categories of Attacks Security Requirement
Contribution
Figure 10. Proposed Model for an Effective security system in VANETs.
Broad categories of Security
Figure 11. Proposed Model for an Effective security system in VANETs.
Intersection Point
Contribution
Conclusion
• We identify and analyse current security limitations in VANETs.
• An effort is made to show that effective security should combine (Efficiency, Security and
Traceability).
• Therefore the most suitable way to achieve this goal is by identifying the intersection point connecting these values while considering both physical and Logical aspects.
References Car2Car Communication Comsortium (2012) Mission and Objectives. Available at: http//www.car-to-car.org.
Choi, H.,K., Kim, I., H. And Yoo, J., C.(2011) Secure and Efficient Protocol for Vehicular Ad Hoc Network with Privacy Preservation,
EURASIP Journal on Wireless Communications and Networking, Hindawi Publishing Corporation, Vol. 2011, Article ID 716794, pp. 1-
15
Hubaux, J.-P., Capkun, S. and Luo, J. (2004) ‘The Security and Privacy of Smart Vehicles’. IEEE Security and Privacy magazine,
2(3), 49-55.
Studer, A., Bai, F., Bellur, B. and Perrig, A. (2008) Flexible, extensible, and efficient VANET authentication, 6 th Conference on
Embedded Security in Cars (Escar) Hamburg, Germany, pp. 22.
Sumra, I., A., Ahmad, I., Hasbullah, bin Ab Manan, J.-L. (2011) ‘Behavior of Attacker and Some New Possible Attacks in Vehicular Ad
hoc Network (VANET)’, Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT), 3rd International
Congress.
Dok, H., Fu, H., Echevarria, R. And Weerasinghe, H. (2010) Privacy Issues of Vehicular Ad-Hoc Networks, International Journal of
Futur Generation Communication and Networking, Vol. 3, No.1, pp. 17-31.