Survey of vehicular network security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 21

Survey of Vehicular Network Security PowerPoint PPT Presentation


  • 102 Views
  • Uploaded on
  • Presentation posted in: General

Survey of Vehicular Network Security. Jonathan Van Eenwyk. Contents. Design Issues Certificate-Based Solution Privacy Concerns Data Validation. 1. 2. 3. 4. Design Issues. The Security and Privacy of Smart Vehicles IEEE Security and Privacy, May/June 2004: Hubaux, Čapkun, Luo

Download Presentation

Survey of Vehicular Network Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Survey of vehicular network security

Survey of Vehicular Network Security

Jonathan Van Eenwyk


Contents

Contents

  • Design Issues

  • Certificate-Based Solution

  • Privacy Concerns

  • Data Validation


Design issues

1

2

3

4

Design Issues

  • The Security and Privacy of Smart Vehicles

    • IEEE Security and Privacy, May/June 2004: Hubaux, Čapkun, Luo

  • Attacks on Inter-Vehicle Communication Systems-an Analysis

    • Aijaz, et al (supported by industry)

  • Challenges in Securing Vehicular Networks

    • HotNets-IV: Parno and Perrig

  • Security Issues in a Future Vehicular Network

    • European Wireless, 2002: Zarki, et al


Design issues1

1

2

3

4

Design Issues

  • The Security and Privacy of Smart Vehicles

    • IEEE Security and Privacy, May/June 2004: Hubaux, Čapkun, Luo

    • System model

      • Ad-hoc communication between vehicles and base stations

      • Base stations provide services

      • Vehicles provide sensor data

      • Vehicles have more resources than most ad-hoc networks

    • Applications

      • Traffic and safety alerts

      • Travel tips

      • Infotainment (including Internet access)


Design issues2

1

2

3

4

Design Issues

  • The Security and Privacy of Smart Vehicles

    • IEEE Security and Privacy, May/June 2004: Hubaux, Čapkun, Luo

    • Challenges

      • Authentication and data encryption

      • Auditing sensor data

      • Privacy (avoid tracking)

      • Infrastructure boot-strapping

      • Negative perception of smart vehicles


Design issues3

1

2

3

4

Design Issues

  • The Security and Privacy of Smart Vehicles

    • IEEE Security and Privacy, May/June 2004: Hubaux, Čapkun, Luo

    • Key Features

      • Context sensors (front-end radar, ultra-sound, etc)

      • Event data recorder (i.e., “black box”)

      • Tamper-proof device to handle encrypted transmissions

      • Location detection (GPS or distance bounding)

      • Communication with road-side base stations


Certificate based solution

1

2

3

4

Certificate-Based Solution

  • The Security of Vehicular Networks

    • EPFL Technical Report, March 2005: Raya, Hubaux

  • Certificate Revocation in Vehicular Networks

    • LCA Report 2006: Raya, Jungels, Papadimitratos, Aad, Hubaux


Certificate based solution1

1

2

3

4

Certificate-Based Solution

  • The Security of Vehicular Networks

    • EPFL Technical Report, March 2005: Raya, Hubaux

    • Attacks

      • Bogus information

      • Message tampering

      • Cheating (data manipulation, impersonation)

      • Identity disclosure for vehicle tracking

      • Denial of service


Certificate based solution2

1

2

3

4

Certificate-Based Solution

  • The Security of Vehicular Networks

    • EPFL Technical Report, March 2005: Raya, Hubaux

    • Security Mechanisms

      • Electronic License Plate (post-mortem auditing)

      • Asymmetric encryption using public key infrastructure

        • Large number of anonymous keys (no identity information)

        • Vehicles frequently change keys to avoid tracking

        • Keys can be revoked (more later)

      • Physical layer protection against denial of service

        • Channel switching

        • Implement more than one communication technology


Certificate based solution3

1

2

3

4

Certificate-Based Solution

  • Certificate Revocation in Vehicular Networks

    • LCA Report 2006: Raya, Jungels, Papadimitratos, Aad, Hubaux

    • Revocation using Compressed Certificate Revocation Lists (RC2RL)

      • Large number of vehicles, so potentially huge revocation list

      • Lossy compression using Bloom filter

        • Configurable rate of false positives

        • Definitely no false negatives

      • Bit vector of length m

      • Hash a with k hashing functions

      • Each function sets one bit

      • Later, verify membership if all k bits are set as expected


Certificate based solution4

1

2

3

4

Certificate-Based Solution

  • Certificate Revocation in Vehicular Networks

    • LCA Report 2006: Raya, Jungels, Papadimitratos, Aad, Hubaux

    • Revocation of the Tamper-Proof Device (RTPD)

      • Send message to vehicle’s TPD to revoke all activity

        • Send to base stations nearest last known location

        • Broadcast over low-bandwidth radio (AM/FM) or satellite

      • Lower overhead approach as long as TPD is reachable

      • Send localized revocation list to surrounding area


Certificate based solution5

1

2

3

4

Certificate-Based Solution

  • Certificate Revocation in Vehicular Networks

    • LCA Report 2006: Raya, Jungels, Papadimitratos, Aad, Hubaux

    • Distributed Revocation Protocol (DRP)

      • Vehicles that detect malicious nodes can warn others

      • Requires an honest majority

      • Warnings have lower weight if sending node has also been condemned by other nodes

      • Node 4 condemns node 2

      • But this warning has less weight because node 4 has itself been condemned by nodes 1 and 3

1

4

2

3


Privacy concerns

1

2

3

4

Privacy Concerns

  • Balancing Auditability and Privacy in Vehicular Networks

    • Q2SWinet '05: Choi, Jakobsson, Wetzel

  • CARAVAN: Providing Location Privacy for VANET

    • ESCAR '05: Sampigethaya, Huang, Li, Poovendran, Matsuura, Sezaki


Privacy concerns1

1

2

3

4

Privacy Concerns

  • Balancing Auditability and Privacy in Vehicular Networks

    • Q2SWinet '05: Choi, Jakobsson, Wetzel

    • Provide privacy

      • From peer-to-peer vehicles

      • From infrastructure authorities

    • Support auditability

      • Linkability between anonymous handles and owner identity

      • Requires off-line permission granting (court order, etc)


Privacy concerns2

1

2

3

4

Privacy Concerns

  • Balancing Auditability and Privacy in Vehicular Networks

    • Q2SWinet '05: Choi, Jakobsson, Wetzel

    • Two-Level Infrastructure

      • Back-end (ombudsman)

        • Creates long-term “handle” from node identities

        • Nodes initialized with set of handles

        • Off-line approval can grant identity from pseudonym

      • Front-end (road-side base stations)

        • Uses short-term pseudonyms created from long-term handles

        • Pseudonym and shared key created from handle and timestamp


Privacy concerns3

1

2

3

4

Privacy Concerns

  • CARAVAN: Providing Location Privacy for VANET

    • ESCAR '05: Sampigethaya, Huang, Li, Poovendran, Matsuura, Sezaki

    • Provide privacy from vehicle location tracking

    • Proposed Techniques

      • Update pseudonym after random silence period

        • Fixed-interval updates can be tracked by estimating trajectory

        • Silence period obscures nodes if other nodes are present

      • Designate group leader to proxy communications

        • Avoids redundant transmissions

        • Extends length of time to use each pseudonym


Data validation

1

2

3

4

Data Validation

  • Probabilistic Validation of Aggregated Data in Vehicular Ad-hoc Networks

    • VANET '06: Picconi, Ravi, Gruteser, Iftode

  • Detecting and Correcting Malicious Data in VANETs

    • VANET '04: Golle, Grenne, Staddon


Data validation1

1

2

3

4

Data Validation

  • Probabilistic Validation of Aggregated Data in Vehicular Ad-hoc Networks

    • VANET '06: Picconi, Ravi, Gruteser, Iftode

    • Allow sensor data to be aggregated

    • Use signing certificates to validate data

    • Randomly force one complete record to be included

      • Relies heavily on tamper-proof device


Data validation2

1

2

3

4

Data Validation

  • Detecting and Correcting Malicious Data in VANETs

    • VANET '04: Golle, Grenne, Staddon

    • Nodes attempt to identify malicious data via information sharing

      • Nodes detect neighbors and contribute to global database

      • Malicious nodes may contribute invalid or spoofed data

        • May try to fake a traffic jam

      • Friendly nodes build models to explain database observations

        • Is there one malicious node attempting to spoof three other nodes?

        • Are all four nodes malicious?

        • Possible heuristic: choose scenario with fewest bad and spoofed nodes


Data validation3

1

2

3

4

Data Validation

  • Detecting and Correcting Malicious Data in VANETs

    • VANET '04: Golle, Grenne, Staddon

    • Example

      • Actual Scenario

      • Possible Explanations


Questions

1

2

3

4

Design Issues

Certificate-Based Solution

Privacy Concerns

Data Validation

Questions?


  • Login