1 / 44

Professor Pin-Han Ho Ph.D. Department of Electrical and Computer Engineering

On Achieving Secure and Privacy-Preserving Vehicular Communications. Professor Pin-Han Ho Ph.D. Department of Electrical and Computer Engineering University of Waterloo, Canada. Agenda. Speaker: Pin-Han Ho. Some briefs Introduction of VANETs Privacy Issues Verification Issues

yitta
Download Presentation

Professor Pin-Han Ho Ph.D. Department of Electrical and Computer Engineering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On Achieving Secure and Privacy-Preserving Vehicular Communications Professor Pin-Han Ho Ph.D. Department of Electrical and Computer Engineering University of Waterloo, Canada

  2. Agenda Speaker: Pin-Han Ho Some briefs Introduction of VANETs Privacy Issues Verification Issues Conclusions University of Waterloo

  3. Why do we need Vehicular networks ? • Traffic accidents • According to the Traffic Safety Facts Annual Report, over 6 million police-reported motor vehicle crashes occurred in the United States alone in 2007. Nearly 1.95 million resulted in an injury, and 42,352 resulted in a death. • Millions of people daily commute in the city or the highway • Congestion control is of importance Introduction

  4. Vehicular Ad Hoc Networks • System Model Each vehicle is embedded with a WiFi-enable device • Vehicle-to-Vehicle (V2V) Communication • Vehicle-to-Infrastructure (V2I or V2R) Communication Vehicular ad hoc networks (VANETs) Introduction

  5. Dedicated Short Range Communications New 5.9 GHz • On December 17, 2003 • Range to 1000 meters • Data rate 6 to 27 mbps • Designed for general internet access, can be used for ETC • 7 licensed channels • Vehicle to roadside & vehicle to vehicle • Command-response & peer to peer 915 MHz • Before December 17, 2003 • Range < 30 meters • Data rate = 0.5 mbps • Designed for Electronic Toll Collection (ETC), but can be used for other applications • Single unlicensed channel • Vehicle to roadside • Command-response Reference: http://www.leearmstrong.com/DSRC/DSRCHomeset.htm Introduction

  6. DSRC at 5.9G • 75 MHz band has been allocated by the Federal Communication Commission (FCC) at 5.9 GHz • Band allows both safety and commercial applications to coexist • Safety application typically need <15% of capacity • Broadcast safety message every 100-300 ms Introduction

  7. Applications • Safety-related Applications • According to Dedicated Short Range Communications (DSRC) protocol, each vehicle one-hop broadcasts its traffic-related information every 100-300 ms. On rainy days On foggy days What’s in front of that bus ? TrafficView Outdoors From: http://discolab.rutgers.edu/workshops/2006/helsinki/slides/shankar.ppt Introduction

  8. Emergent Message Curve speed warning, work zone warning etc position, current time, direction, velocity, acceleration/ deceleration, etc Traffic Message Applications Introduction

  9. Applications • Entertainment-related Applications • Digital data downloading/uploading (Email, mp3, video) • Location Information requiring (map, the nearest restaurant/gas station/plaza, etc. ) Introduction

  10. Applications • Commercial applications • Commercial advertisements forwarding Introduction

  11. Applications • Traffic control applications • Optimize traffic flow • Road side unit (RSU) at intersections real time collects traffic information (# of vehicle) • A control center controls the traffic light Introduction

  12. Privacy Issues

  13. Privacy • Protect user privacy • Each driver does not like expose his/her identity and the corresponding location information to the third party. • Achieve conditional privacy • There should exist a trust authority (TA) • In case that an abuse happens, TA can trace the real identity of a user/driver. Privacy issues

  14. Anonymous Certificate Approach • Public Key Infrastructure (PKI)-based approach Anonymous certificate list M ELP(IDa) ELP(IDb) … ELP(IDj) ELP(IDa) ELP(IDb) • Disadvantage: • 1. Huge storage cost • 2. Management overhead M. Raya and J.-P. Hubaux, “The Security of Vehicular Ad Hoc Networks,” ACM workshop on Security of ad hoc and sensor networks (SASN'05), pp. 11-21, 2005. Privacy issues

  15. Group signature Approach • Divide the communications into two parts: Group Signature Scheme • no anonymity • requirement RSU Id-based Signature scheme X. Lin, X. Sun, P.-H. Ho and X. Shen. GSIS: A Secure and Privacy-Preserving Protocol for Vehicular Communications. IEEE Transactions on Vehicular Technology, vol. 56, no. 6, pp. 3442-3456, 2007. Privacy issues

  16. Group signature Approach • Communications between vehicles • Why use group signature scheme? • It provides anonymity of the signers. • The verifiers can judge whether the signer belongs to a group without knowing who the signer is in the group. • However, in exceptional situations, the group manager is able to reveal the unique identity of the signature’s originator. • Choose ‘short group signature’ scheme proposed by Dan Boneh[1] [1] D. Boneh, X. Boyen, and H. Shacham. Short group signatures, In Proceedings of Crypto '04,2004. Privacy issues

  17. Group signature Approach • Brief protocol diagram Privacy issues

  18. Group signature Approach • Advantage: • GSIS reduce the number of private and public key pairs stored at both vehicle side and TA side • Conditional privacy preservation. It is easy for TA to trace the real identity of an internal attacker • Disadvantage: • High computation overhead (slow verify speed) Privacy issues

  19. Hybrid Approach • Combine above two schemes • Each vehicle generates multiple public and private key pairs, which are used for signing messages. • Each vehicle is assigned a group private key, which is used for signing a certificate instead of for signing messages. • The generated public and private key pairs are signed with a vehicle’s group private key. The signature is used as a certificate. G. Calandriello, P. Papadimitratos,.A. Lioy, J.-P. Hubaux, “Efficient and Robust seudonymous Authentication in VANET, ” ACM Workshop on VANET, 2007. Privacy issues

  20. Hybrid Approach • Advantage: • The hybrid approach can achieve a computation tradeoff between the group signature scheme and the anonymous certificate approach • Disadvantage: • Still have scalability issues • Slow verification speed • A bottleneck in a high traffic density scenario Privacy issues

  21. Privacy issues during a handover Issues: 1.Two adjacent APs can distinguish the same car . 2. APs can know the trajectory of the vehicle . Speaker: Pin-Han Ho With a VANET, a company (such as McDonald’s) could locate multiple access points (APs) on the road. These APs can provide an internet access. Any two adjacent APs should overlap each other such as a vehicle can access the Internet seamlessly. Privacy issues

  22. The blind signature based solution • Vehicle v1 and v2 pre-obtain a blind signature of the access point AP1. The blind signature are used for credentials when vehicles hand over. • AP1 can only verify whether a signature is valid or not, but cannot know which vehicle (i.e., v1 or v2) holds the signature • AP1 cannot distinguish v1 and v2 in this figure C. Zhang, R. Lu, P.-H. Ho, and A. Chen, A Location Privacy Preserving Authentication Scheme in Vehicular Networks, The IEEE Wireless Communications & Network Conference (WCNC), Las Vegas, Nevada, USA, 2008. Privacy issues

  23. The blind signature based solution Blind Zone • The tracking probability depends on • the number of vehicles in a blind zone • the distance that a vehicle travels Speaker: Pin-Han Ho Analysis Privacy issues

  24. Verification Issues

  25. Verification issues • Facts • According to DSRC, messages are sent in every100 ~ 300 ms, e.g., 300 ms • Communication range of a vehicle is 300 m, i.e., radius = 300, for each vehicle, its communication range is π3002 sq.m. • Suppose that vehicles use ECDSA to sign a message. Verifying a signature takes 3.87 ms, i.e., maximally 78 vehicles can be verified in a cycle • Challenge • It is hard for the existing public-key based signature schemes to verify a large number of signatures in 300 ms Goal Speaker: Pin-Han Ho Scalability Verification Issues

  26. Communication Overhead • IEEE Std. 1609.2-2006 • IEEE Trial-Use Standard for wireless access in vehicular environments – Security Services • Challenge • How to reduce communication overhead as much as possible. At the same time, other security issues (e.g., privacy, scalability, etc.) should also be addressed The second Goal Speaker: Pin-Han Ho Verification Issues

  27. The proposed scheme: RAISE • Public key based • Symmetric key based Speed slow fast Communication Overhead high low RSU Broadcast Authentication Yes No (if using only key) • A hybrid approach • RAISE: An RSU-aided Message Authentication Scheme • Suppose the RSU is trusted C. Zhang, X. Lin, R. Lu, P. –H. Ho, and X. Shen, “An Efficient Message Authentication Scheme for Vehicular Communications”, IEEE Transactions on Vehicular Technology, Vol. 57, Issue 6, Nov. 2008 Speaker: Pin-Han Ho Comparison Verification Issues -- Approach I

  28. The Protocols of RAISE Vehicles and RSU authenticate each other. v1 key1 Key1 and Key2 are different! v2 key2 • Message sending (on the vehicle side ) • Each vehicle periodically broadcasts messages, which can be received by its neighbors and the RSU RSU v1 Message and signature signed with key1 Only the RSU can verify v2 Speaker: Pin-Han Ho Mutual authentication Verification Issues -- Approach I

  29. The Protocols of RAISE • Authenticity reporting • After the RSU verifies the message of V1, the RSU reports the result to its neighbors v1 Message and signature signed with key1 RSU v2 v3 • Result aggregation (on the RSU side ) • In a short time interval Δt, the RSU received multiple messages and signatures. Then, the RSU reports all the results accumulated during Δt. Speaker: Pin-Han Ho Verification Issues -- Approach I

  30. The Protocols of RAISE • The whole process RSU v3 v1 v2 : Result Aggregation Speaker: Pin-Han Ho Verification Issues -- Approach I

  31. Issues in RAISE • Issues caused by loss in contention and lossy channel • RSU-to-vehicle • Make the vehicle, which does not receive result aggregation, fail in verifying a message • Vehicle-to-RSU • Make the RSU fail in receiving a message, thus all the other surrounding vehicles cannot verify the message from the vehicle Speaker: Pin-Han Ho Verification Issues -- Approach I

  32. Performance Evaluation of RAISE As the number of vehicles increases, the loss ratio increases. However, RAISE has the lowest loss ratio. Fig. 1. Average loss ratio vs. Traffic load Clearly, RAISE has the lowest communication overhead since it uses MAC tag instead of PKI-based signatures Fig. 2. Communication overhead (in 1min) vs. Traffic load Speaker: Pin-Han Ho Verification Issues -- Approach I

  33. To Further Probe Speaker: Pin-Han Ho • RSU may not be pervasive • RSUs may not cover all the busy streets of a city or a highway (e.g., at the early stage of VANETs' deployment) • Physical damage of some RSUs, or simply for economic considerations • What if there is no RSU? • TESLA-based approach (called TSVC) • Batch verification approach Verification Issues -- Approach I

  34. TSVC:TESLA based security protocol What is TESLA (Time Efficient Stream Loss-Tolerant Authentication) In TESLA, Each message is attached a MAC tag only. The sender makes use of a hash chain as cryptographic keys in the MAC operations. The hash keys are released a certain period of time later than the messages. Message receivers are loosely synchronized. Provides fast source authentication with lower communication overhead. X. Lin, X. Sun, X. Wang, C. Zhang, P.-H. Ho and X. Shen. TSVC: Timed Efficientand Secure Vehicular Communications with Privacy Preserving. IEEETransactions on Wireless Communications, to appear. Speaker: Pin-Han Ho Verification Issues -- Approach II

  35. Each vehicle generates a hash chain initiated from a random seed S, where , ,(i<j), according to each anonymous TSVC:TESLA based security protocol sender Interval 1 Interval 2 Interval i Verify Signature receiver VerifyMAC VerifyMAC VerifyMAC Speaker: Pin-Han Ho Verification Issues -- Approach II

  36. The choice of key release delay Keys are released after all nodes have received the previous data packet. (We set as 100ms) Before verifying the message, the receiver should first check if the corresponding key has been released or not. TSVC:TESLA based security protocol h M MACh(M’)|M’ source Speaker: Pin-Han Ho Verification Issues -- Approach II

  37. We compare the performances of the four schemes: PKI, GSIS, TSVC(GSIS), TSVC(PKI) Performance Evaluation of TSVC Impact of the vehicle’s moving speed on Message Loss Ratio in highway scenario Impact of the vehicle’s moving speed on Message Delay in highway scenario Verification Issues -- Approach II

  38. Batch verification • Accelerate verification speed • Choose Batch verification • The speed of verifying a batch of signatures is faster than that of verifying each of signatures one by one • We use a pairing technique to achieve this [ZLLHS08] [ZLLHS08] C. Zhang, R. Lu, X. Lin, P.-H. Ho, and X. Shen, “An Efficient Identity-based Batch Verification Scheme for Vehicular Sensor Networks”, The IEEE Conference on Computer Communications (INFOCOM), Phoenix, USA, 2008. Verification Issues -- Approach III

  39. Batch verification • Analogy + + Energy > = Verification Issues -- Approach III

  40. Batch verification … M1, Sig(M1) M2, Sig(M2) Mn, Sig(Mn) • Accelerate the speed of verifying multiple signatures Batch: Sig(M1)+Sig(M2)+…+Sig(Mn), then verify the summation Speaker: Pin-Han Ho To accelerate verify speed, we do verification on a batch of signatures once. Verification Issues -- Approach III

  41. Verify speed • We compare our scheme with BLS signature and ECDSA signature schemes • The larger the total number of signature is, the faster the whole verify speed is Verification delay vs. Traffic density Speaker: Pin-Han Ho Verification Issues -- Approach III

  42. Communication overhead • Since our scheme is identity-based, a message does not included a certificate • Here, 30,000 corresponds to the number of messages sent by 150 vehicles in 1 minute Transmission overhead vs. the number of messages received by an RSU in 1 minute Speaker: Pin-Han Ho Verification Issues -- Approach III

  43. Conclusions • Introduction of VANETs - Applications - Issues on Privacy Preservation and Verification Speaker: Pin-Han Ho

  44. Thanks! Questions?

More Related