efficient secure aggregation in vanets maxim raya, adel aziz, and jean-pierre hubaux laboratory for...
TRANSCRIPT
Efficient Secure Aggregation in VANETs
Maxim Raya, Adel Aziz, and Jean-Pierre Hubaux
Laboratory for computer Communications and Applications (LCA)
EPFL
2
Outline
Motivation
Attacker model
Secure group formation
Secure aggregation mechanisms
Simulation results
Conclusion
3
Why efficient secure aggregation?
VANET security is indispensable but expensive De facto security: limited flooding of signed messages
Since many vehicles broadcast the same event, why not try aggregation?
1. Can we make it work in VANETs?
2. And can we make it secure?
The answer is in this presentation and it is: YES
Verifier
Signer
VerifierVerifier Safety message
Cryptographic material
{Position, speed, acceleration, direction,
time, safety events}
{Signer’s DS, Signer’s PK, CA’s certificate of PK}
4
How to make aggregation efficient and secure?
Requirements:• Channel efficiency
• Low delay
• Data correctness
• Non-repudiation
We propose 3 solutions:• Combined signatures
• Overlapping groups
• Dynamic group key creation
5
Who is the attacker?
Major threat: false information dissemination
Assumption:
Any group of more than 2 vehicles should contain a majority of honest nodes under normal density conditions
6
The secret of efficient aggregation: groups
Geographic group boundary
Group
Group communication
Group leader
Information is relayed between groups, not individual vehicles
7
How to make a group?
Preset groups: efficient but not flexible On-the-fly groups: flexible but not efficient Location-based groups: efficient and flexible
• The keyword is where and not who a vehicle’s neighbors are
Group formation step-by-step:1. Dissect the map into small area cells, each defining a group
2. Load map dissection function/dissected maps into vehicles
3. Cells (groups) overlap to ensure handover
4. One option for leader election: group leader = vehicle closest to center (with lowest ID if many), elected for a given duration
5. A vehicle checks its GPS position to determine its cell (group)
8
Group formation
9
Group formation
Cell
Overlap
TX range = 300 m
Cell size = 400 m
Leader
Not to scale
10
Group formation
I am in cell X
11
SVGP (Secure VANET Group Protocol)
Goal: establishment of a symmetric group key
Secure groups protect the network from outsiders only
Concept: group leader transports group key to members
Subsequent messages include only a HMAC
On leave, nothing needs to be done
Vehicles at boundaries receive messages from 2 groups
12
Aggregation mechanism 1:Combined signatures
Concept: a group of vehicles reporting the same event combine their signatures
Advantages:• Overhead is grouped in one message => better channel efficiency
• A group’s combined message => the group agrees on the content
Three types of combined signatures:
m S1(m) Sn(m)...
m Sn(...(S1(m)))
C1 ... Cn
C1 ... Cn
m C1 ... CnSn(...(Sj(m)))
Concatenated signature
Onion signature
Hybrid signature
Sn-1
Si-1 Si(...(S1(m))) Sn-1
m = message, S = Signature, C = Certificate
13
Aggregation mechanism 2: Overlapping groups
Concept: vehicles in the intersections of groups make a bridge for data
Group keys and messages are distributed using SVGP
The good:
• Cheap symmetric crypto
The bad:
• Need for position verification
• Need for honest majority
• Lack of non-repudiation
Geographic group boundary
Group
Group communication
Group leader
14
Aggregation mechanism 3:Dynamic Group Key Creation
Conciliates low overhead (symmetric crypto) with non-repudiation (digital signatures)
Dynamic group scenarios (e.g., platoon)
Step-by-step:
Dynamic group
Key request1. The leader sends a key request to the CA (Certificate Authority)
2. The CA generates an asymmetric group key pair and unique IDs for members (for non-repudiation)
3. Vehicles sign messages with the new group key and include their ID
15
Simulation results
ns-2 simulator Rice scenario generator EPFL VANET patch (available at
http://ivc.epfl.ch) Cell size: 400 meters ECC with key size of 256 bits 100 simulations Simulated mechanism: concatenated
signatures Correctness level of messages:
number of supporting signatures to consider a message correct. It is 4 in our simulations
2400 m
2400
m
Scenario
Source
Destination
16
Effect of density on channel usage
17
Effect of density on message delay
18
Effect of speed on channel usage
19
Effect of speed on message delay
20
Efficiency vs. Security (correctness level)
Destination aggregation
Source aggregation
21
Conclusion
Objective: the tradeoff between efficiency and security
Efficient secure aggregation is a feasible answer:• Combined signatures
• Overlapping groups
• Dynamic group key creation
The advantages:• Better channel usage
• Lower message delivery delay
• Better data correctness and hence security
Visit http://ivc.epfl.ch and http://www.sevecom.org
22
SEVECOM (SEcure VEhicular COMmunication)
Objectives: Identification of threats and Specification of a security architecture
23
CALL FOR PAPERS IEEE Journal on Selected Areas in Communications
Vehicular Networks
• Architecture of Vehicular networks
• Vehicle-to-Vehicle
• Vehicle-to-Roadside
• Security and privacy
• Cross-layer optimization techniques
• Mobility and traffic models
• Protocol design (low-power, multi-channel, etc.)
• PHY, MAC, Network Layer (Routing protocols)
• Channel Modeling
• Cooperative aspects of vehicular communication
• Scalability and Availability issues in Vehicular networks
• Safety and commercial applications
Manuscript Submission February 1, 2007
Acceptance Notification May 15, 2007
Final Manuscript Due to Publisher July 1, 2007
Publication Date 3rd Quarter 2007
http://www.jsac.ucsd.edu/Calls/vehnetwkcfp.htm