ins & contextsphere | columbia univ. - feb. 25, 2003 | confidential © 2002 ibm corporation...
TRANSCRIPT
INS & ContextSphere | Columbia Univ. - Feb. 25, 2003 | Confidential © 2002 IBM Corporation
Probabilistic Validation of Aggregated Data in VANETs Fabio Picconi**, Nishkam Ravi, Marco Gruteser*, Liviu Iftode
Computer Science,
*Winlab,Rutgers University
** Lip6, UPMC, France
Motivation• Traffic information systems based on V2V data exchange (e.g
TrafficView)• Applications: safety messaging, cooperative driving, route planning,
congestion avoidance• Some applications require information about large number of cars
– Aggregation for saving communication and data overhead
LocationSpeedCar Id
e
e a
a
a
b
b c
a
a,b
a,b,c
b
c
d
a
b
c
d
a
False information
• How can data be validated?
• False information dissemination– Spoofs/bogus information– Masquerade
• Data omission• DoS attacks
e
Existing Solutions
• Cross-validation (Golle 2004)– Cross-validate data against a set of rules– Cross-validate data from different cars– Assumes adversarial parsimony (only a few malicious cars)– Assumes multiple sources of information
• Use PKI and strong identities (Raya 2005)– A tamper-proof box stores keys, signs data– Keys are changed periodically for privacy– Cross-validation used– High data overhead
LocationSpeed
TimestampSignatureCertificate
4 bytes
88 bytes
Goal
• Design a secure data aggregation mechanism that
– Provides high security
– Produces low data overhead
– Preserves flexibility of applications
– Preserves privacy
– Does not require majority of honest cars
.
Location 1Speed 1
Timestamp
Signature
Certificate
Location 2Speed 2
Timestamp
Signature
Certificate
Location nSpeed n
Timestamp
Signature
Certificate
.
.
Location 1, speed 1Location 2, speed 2
.
.
.Location n, speed n
Timestamp
Signature
Certificate
Syntactically aggregated message
Applicationdata
Securedata
Syntactic Aggregation
Malicious aggregator can add/modify data during aggregation
Send out records separately High communication and data overhead
.
Location 1Speed 1
Timestamp
Signature
Certificate
Location 2Speed 2
Timestamp
Signature
Certificate
Location nSpeed n
Timestamp
Signature
Certificate
.
.
n cars in segment:{(x1,y1), (x2,y2)}
Timestamp
Signature
Certificate
Semantically aggregated message
Semantic Aggregation
Malicious aggregator can modify n during aggregation
How can aggregated data be secured?
Outline
• Motivation
• Existing solutions
• Aggregation and attacks
• Secure aggregation
• Evaluation
• Conclusions
Solution Sketch
R2R2R1R2R3R4
R1R2R3R4
Challenge (R2)Compare
• Two-way communication• Additional latency• Requires reliable network
Sender Receiver
R1R2R3R4
R1R2R3R4
Solution Sketch
R2R2R2
Tamper-proof service
Sender Receiver
Challenge
Solution Sketch
R1R2R3R4
R1R2R3R4
R2R2Compare
Tamper-proof service
• Validation is probabilistic in nature• Probability of getting caught increases with severity of attack
Sender Receiver
Assumptions
• Tamper-proof service– Stores keys– Signs, timestamps, generates random numbers– Provides a transmit buffer
• Applications are untrusted and implement their own aggregation modules
• Principle of economy of mechanism– “the protection system’s design should be as simple and
small as possible”
Tamper-proof Service
• Trusted Computing– Every layer of the software stack is attested using binary hash– Only well-known software/applications allowed to execute
• BIND (Shi,Perrig,Leendert 2005)– Partial attestation– Data isolation– Provides flexibility
• Implement tamper-proof service in software– Attest using BIND
Location 1, speed 1, id 1
Location 2, speed 2, id 2...
Location n, speed n, id n
Location 1, speed 1, id 1
Location 2, speed 2, id 2...
Location n, speed n, id n
.
Location 1Speed 1
Timestamp
Signature
Certificate
Location 2Speed 2
Timestamp
Signature
Certificate
Location nSpeed n
Timestamp
Signature
Certificate
.
.Aggregated data
Secure transmit buffer
Securedata
Location 1, speed 1, id 1
Location 2, speed 2, id 2...
Location n, speed n, id n
Timestamp
Random number r
id: small hash of the key used to sign the corresponding regular message
Secure Aggregation
.
Location 1Speed 1
Timestamp
Signature
Certificate
Location 2Speed 2
Timestamp
Signature
Certificate
Location nSpeed n
Timestamp
Signature
Certificate
.
.
Location 1, speed 1, id 1
Location 2, speed 2, id 2...
Location n, speed n, id n
Timestamp
Random number r
Aggregated data
Location 1, speed 1, id 1
Location 2, speed 2, id 2...
Location n, speed n, id n
Secure transmit buffer
Location 2, speed 2, id 2
Timestamp, Sign., Cert.
Signature
Certificate
r mod n = 2
record 2 must bepushed into thetransmit buffer
Location 2Speed 2
Timestamp
Signature
Certificate
Securedata
Broadcast
Secure Aggregation
Location 1, speed 1, id 1
Location 2, speed 2, id 2...
Location n, speed n, id n
Timestamp
Random number r
Location 2, speed 2, id 2
Timestamp, Sign., Cert.
Signature
Certificate
Check the message signature
Calculate index i = r mod n
• in this case i = 2
Check proof record
Validation
Location 1, speed 1, id 1
Location 2, speed 2, id 2...
Location n, speed n, id n
Timestamp
Random number r
Location 2, speed 2, id 2
Timestamp, Sign., Cert.
Signature
Certificate
Check the message signature
Calculate index i = r mod n
• in this case i = 2
Check proof record
• data matches
• secure data is valid
• id matches key used for signature
Validation
How good is probabilistic validation?
.
Location 1Speed 1
Timestamp
Signature
Certificate
Location 2Speed 2
Timestamp
Signature
Certificate
Location nSpeed n
Timestamp
Signature
Certificate
.
.
Location 1, speed 1, id 1
Location 2, speed 2, id 2...
Location n, speed n, id n
Timestamp
Random number r
Aggregated data
Location 1, speed 1, id 1
Location 2, speed 2, id 2...
Location n, speed n, id n
Secure transmit buffer
Location i, speed i, id i
Timestamp, Sign., Cert.
Signature
Certificate
Location 2Speed 2
Timestamp
Signature
Certificate Broadcast
Location j, speed j, id j
Timestamp, Sign., Cert.i = r mod nj = r’ mod n
Multiple Proof Records
Evaluation
• New metric: security/bandwidth (sec/bw)• Compare security, bandwidth, security/bandwidth• Base Case 1
– All records signed and certified– High security, high bandwidth usage
• Base Case 2– Semantic aggregation, no certificates – Minimal bandwidth usage, no security
• Secure syntactic aggregation• Secure semantic aggregation
Evaluation
• Notation:– m : number of records aggregated– n : number of proof records– d : application data size– s : secure data size (timest., cert., sign.) ~ 88 bytes – b : number of bogus values in aggregated message
• Base Case 1– security = 1, bandwidth = m *(d + s)
• Base Case 2– security = 0, bandwidth = d + k
• Secure syntactic aggregation
– security = , bandwidth = m*d + n*(d + s) + s
• Secure semantic aggregation
– security = , bandwidth = (n + 1)(d + s)
n
m
bP
11detect
n
m
bP
11detect
Bandwidth Usage
Lower bandwidth requirement than Base Case 1 for m > c
n = 1, d = 4 bytes n = 4, d = 4 bytes
Security
For n = 4, security > 93% (b/m = 0.5)
Security/Bandwidth
Highest sec/bw when n >= 4, m >= 5
Conclusions and Future Work
• Conclusions– Used the idea of random checks to validate aggregated data– Used PKI based authentication, tamper-proof service– Evaluated our solution on a new metric: security/bandwidth
• Future Work– Implement and integrate with TrafficView– Evaluate empirically and identify equilibrium state– Further explore semantic aggregation and reaggregation– Relax assumptions on tamper-proof service
