securing vehicular commuinications assumptions requirements and principles n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Securing Vehicular Commuinications – Assumptions, Requirements, and Principles PowerPoint Presentation
Download Presentation
Securing Vehicular Commuinications – Assumptions, Requirements, and Principles

Loading in 2 Seconds...

play fullscreen
1 / 52

Securing Vehicular Commuinications – Assumptions, Requirements, and Principles - PowerPoint PPT Presentation


  • 110 Views
  • Uploaded on

Securing Vehicular Commuinications – Assumptions, Requirements, and Principles. P. Papadimitratos, EPFL, Lausanne, Switzerland V. Gligor, University of Maryland, College Park, USA J-P. hubaux, EPFL, Lausanne, Switzerland Presentor: Guo Yu Lu. Outline. Introduction Security Requirements

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Securing Vehicular Commuinications – Assumptions, Requirements, and Principles' - bina


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
securing vehicular commuinications assumptions requirements and principles

Securing Vehicular Commuinications – Assumptions, Requirements, and Principles

P. Papadimitratos, EPFL, Lausanne, Switzerland

V. Gligor, University of Maryland, College Park, USA

J-P. hubaux, EPFL, Lausanne, Switzerland

Presentor: Guo Yu Lu

outline
Outline
  • Introduction
  • Security Requirements
  • System Model
  • Communication Model
  • Adversary Model
  • Design Principles
what is vanet1
What is VANET

Vehicular Ad–Hoc Network, or VANET

  • a form of Mobile ad-hoc network
  • provide communication

- among nearby vehicles

- between vehicles

- nearby fixed equipment

introduction
Introduction
  • How vehicular communications work

- road-side infrastructure units (RSUs),

named network nodes, are equipped

with on-board processing and wireless

communication modules

how vehicular communications work continue
How vehicular communications work (Continue)

- vehicle-to-vehicle (V2V) and vehicle-to-infrastructure

(V2I) communication will be possible

what can vanet provide1
What can VANET provide

The VANET can provide

  • Safety
  • Efficiency
  • Traffic and road conditions
  • Road signal alarm
  • Local information
related work
Related work

Research have been worked

  • Outline challenges for VANET

- availablility, mobility

  • Describe particular attacks

-DoS, alteration attacks

  • Suggest solution towards attacks

This paper provide a basis for the development

of future vehicular security schemes

security requirements1
Security Requirements
  • Message Authentication and Integrity
  • Message Non-Repudiation
  • Entity Authentication
  • Access Control Authorization
  • Message Confidentiality
  • Privacy and Anonymity
  • Availability
  • Liability Identification
security requirements2
Security Requirements
  • Message Authentication and Integrity

- Message must be protected from any

alteration

  • Message Non-Repudiation

- The sender of a message cannot deny having sent a

message

  • Entity Authentication

- The receiver is ensured that the sender generated a

message

- The receiver has evidence of the liveness of the sender

security requirements3
Security Requirements
  • Access Control

-determined locally by policies

- authorization established what each

node is allowed to do in the network

  • Message Confidentiality

- the content of a message is kept

secret from those nodes that are not

authorized to access it

security requirements4
Security Requirements
  • Privacy and Anonymity

- vehicular communication (VC)

systems should not disclose

any personal and private

information of their users

- any observers should not know any future

actions of other nodes

- anonymitymay not be a reasonable requirement

for all entities of the vehicular communications

system

security requirements5
Security Requirements
  • Availability

- protocols and services should remain

operational even in the presence of

faults, malicious or benign

  • Liability Identification

- users of vehicles are liable for their deliberate or

accidental actions that disrupt the operation of other

nodes

system model1
System Model
  • Vehicular communications system

- Users

- Network nodes

- Authorities

system model2
System Model

Note. From “Securing Vehicular Communications – Assumptions, Requirements, and Principles,” by P. Papadimitratos, V. Gligor, J-P Hubaux, In Proceedings of the Workshop on Embedded Security in Cars (ESCAR) 2006, November 2006.

system model3
System Model
  • Users

- user is the owner or the

driver or a passenger

of the vehicle

  • Network Nodes

- processes running on computing platforms

capable of wireless communication

- Mounted on vehicles and road-side units

(RSUs)

system model4
System Model
  • Authorities

- public agencies or

corporations with

administrative powers

- for example, city or state

transportation authorities

system model5
System Model
  • VC system operational assumptions
  • Authorities
  • Vehicle Identification and Credentials
  • Infrastructure Identification and Credentials
  • User Identification and Credentials
  • User and Vehicle Association
  • Trusted Components
system model6
System Model
  • Authorities

- trusted entities or nodes

- issuing and manage identities and

credentials for vehicular network

- establish two-way communication with nodes

  • Vehicle Identification and Credentials

- unique identity V

- a pair of private and public keys, kv and KV

- certificate CertX{KV, AV} issued by

authority X

- V denotes on-board central

processing and communication

module

system model7
System Model

Note. From “Securing Vehicular Communications – Assumptions, Requirements, and Principles,” by P. Papadimitratos, V. Gligor, J-P Hubaux, In Proceedings of the Workshop on Embedded Security in Cars (ESCAR) 2006, November 2006.

system model8
System Model

Infrastructure Identification and Credentials

- unique identity I

- a pair of private and public key kI and KI

- certificate CertZ{KI, AI} issued by authority Z

- gateway to the authorities

- gateway to the mobile vehicles

- RSUs’ locations are fixed

- public vehicles

-considered trustworthy

-be used to assist security

related operations

system model9
System Model
  • User identification and Credentials

- Unique identity, U

- a pair of private and public keys, kU and KU

- Certificate CertY{KU , AU } issued by authority Y

  • User and Vehicle Association

- user is the owner or the driver or a

passenger of the vehicle

- assume only one user can operate

a vehicle

- assume the user is the driver

system model10
System Model
  • Trusted Components (TCs)

- nodes equipped with trusted components, i.e., built-in

hardware and firmware

- TCs enforce a policy on the interaction with

the on-board software

- Access to any information stored in the TCs and

modification of their functionality can be done only

by the interface provided by the TCs.

- perform cryptographic operations with signature

generations and verifications

communication model1
Communication Model
  • Model the wireless communication in vehicular networks, whose connectivity can change frequently
  • Focus mainly on the data link layer
communication model2
Communication Model
  • Data-link layer primitives and assumption
  • SendL(V,m) : transmits message m to node V within

radius R of the transmitting node

  • BcastL(m) : broadcasts message m to all nodes

within radius R of the transmitting node

  • ReceiveL(m) : receives message m transmitted by a

node within radius R of the receiver

  • A link (W,V) exists when two nodes W and

V are able to communicate directly

communication model3
Communication Model
  • Links are either up or down, and their state does not change faster than the transmission time of a single packet

The network connectivity, at a particular

instance in time. Modeled as the graph G

the edges of which are all up links.

  • Transmissions from W are received by all nodes V such that (W, Vi) is up during the entire duration of the packet transmission

Packets are delivered across an up link

within a maximum link delay τ or they are

not delivered at all.

communication model4
Communication Model
  • Communication across the network is dependent on
  • availability of sufficient resources
  • bandwidth

- shared medium contend

- bandwidth can fluctuate

- unevenly distributed among neighbors

- links may be congested

communication model5
Communication Model
  • Communication Radius, R
  • Vary over time
  • Different classes of nodes may operate with different R
  • Multi-domain and Highly Volatile environment
  • Nodes are not bound to administrative and geographical boundaries
  • Any two or more nodes communicate independently
communication model6
Communication Model
  • Frequent Broadcast Communication
  • Most of the vehicular network traffic is Broadcasted at the network or application layers
  • Message are transmitted either

periodically or triggered by network events

  • Transmission period is low
  • Time-sensitive Communication
  • Message delivery can be constrained by deadlines

- different messages have different delay requirements

adversary model1
Adversary Model
  • Network nodes

- correct or benign

- faulty or adversaries

- external adversaries

- Internal adversaries

- active adversaries

- passive adversaries

adversary model2
Adversary Model

Internal Active Adversaries

  • Multiple adversarial nodes

- adversaries are

independent

- adversaries can collude

- based on TCs, colluding

adversaries are

prevented from exchanging

cryptographic material and

credentials

adversary model3
Adversary Model
  • Internal Active Adversaries (continue)
  • non-adaptive adversary  Adversarial nodes are fixed
  • adaptive adversary  Adversarial nodes change over time
  • Computationally bounded adversary

 adversaries are computationally limited

- limited resources and computational power

- the knowledge of an adversary is limited

- memory finite

design principles
Design Principles
  • Default Network Access
  • Locality and Timeliness as Privileges
  • Visibility of Events
  • Mandated (non-circumventable) Mediation
  • Accountability
  • Vehicle Autonomy
  • Separation of Privilege
  • Non-frameability
  • Stage Response to Faulty Behavior
  • Reconfigurability
  • Privacy Conservation
  • Usability