1 / 21

Survey of Vehicular Network Security

Survey of Vehicular Network Security. Jonathan Van Eenwyk. Contents. Design Issues Certificate-Based Solution Privacy Concerns Data Validation. 1. 2. 3. 4. Design Issues. The Security and Privacy of Smart Vehicles IEEE Security and Privacy, May/June 2004: Hubaux, Čapkun, Luo

johnna
Télécharger la présentation

Survey of Vehicular Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Survey of Vehicular Network Security Jonathan Van Eenwyk

  2. Contents • Design Issues • Certificate-Based Solution • Privacy Concerns • Data Validation

  3. 1 2 3 4 Design Issues • The Security and Privacy of Smart Vehicles • IEEE Security and Privacy, May/June 2004: Hubaux, Čapkun, Luo • Attacks on Inter-Vehicle Communication Systems-an Analysis • Aijaz, et al (supported by industry) • Challenges in Securing Vehicular Networks • HotNets-IV: Parno and Perrig • Security Issues in a Future Vehicular Network • European Wireless, 2002: Zarki, et al

  4. 1 2 3 4 Design Issues • The Security and Privacy of Smart Vehicles • IEEE Security and Privacy, May/June 2004: Hubaux, Čapkun, Luo • System model • Ad-hoc communication between vehicles and base stations • Base stations provide services • Vehicles provide sensor data • Vehicles have more resources than most ad-hoc networks • Applications • Traffic and safety alerts • Travel tips • Infotainment (including Internet access)

  5. 1 2 3 4 Design Issues • The Security and Privacy of Smart Vehicles • IEEE Security and Privacy, May/June 2004: Hubaux, Čapkun, Luo • Challenges • Authentication and data encryption • Auditing sensor data • Privacy (avoid tracking) • Infrastructure boot-strapping • Negative perception of smart vehicles

  6. 1 2 3 4 Design Issues • The Security and Privacy of Smart Vehicles • IEEE Security and Privacy, May/June 2004: Hubaux, Čapkun, Luo • Key Features • Context sensors (front-end radar, ultra-sound, etc) • Event data recorder (i.e., “black box”) • Tamper-proof device to handle encrypted transmissions • Location detection (GPS or distance bounding) • Communication with road-side base stations

  7. 1 2 3 4 Certificate-Based Solution • The Security of Vehicular Networks • EPFL Technical Report, March 2005: Raya, Hubaux • Certificate Revocation in Vehicular Networks • LCA Report 2006: Raya, Jungels, Papadimitratos, Aad, Hubaux

  8. 1 2 3 4 Certificate-Based Solution • The Security of Vehicular Networks • EPFL Technical Report, March 2005: Raya, Hubaux • Attacks • Bogus information • Message tampering • Cheating (data manipulation, impersonation) • Identity disclosure for vehicle tracking • Denial of service

  9. 1 2 3 4 Certificate-Based Solution • The Security of Vehicular Networks • EPFL Technical Report, March 2005: Raya, Hubaux • Security Mechanisms • Electronic License Plate (post-mortem auditing) • Asymmetric encryption using public key infrastructure • Large number of anonymous keys (no identity information) • Vehicles frequently change keys to avoid tracking • Keys can be revoked (more later) • Physical layer protection against denial of service • Channel switching • Implement more than one communication technology

  10. 1 2 3 4 Certificate-Based Solution • Certificate Revocation in Vehicular Networks • LCA Report 2006: Raya, Jungels, Papadimitratos, Aad, Hubaux • Revocation using Compressed Certificate Revocation Lists (RC2RL) • Large number of vehicles, so potentially huge revocation list • Lossy compression using Bloom filter • Configurable rate of false positives • Definitely no false negatives • Bit vector of length m • Hash a with k hashing functions • Each function sets one bit • Later, verify membership if all k bits are set as expected

  11. 1 2 3 4 Certificate-Based Solution • Certificate Revocation in Vehicular Networks • LCA Report 2006: Raya, Jungels, Papadimitratos, Aad, Hubaux • Revocation of the Tamper-Proof Device (RTPD) • Send message to vehicle’s TPD to revoke all activity • Send to base stations nearest last known location • Broadcast over low-bandwidth radio (AM/FM) or satellite • Lower overhead approach as long as TPD is reachable • Send localized revocation list to surrounding area

  12. 1 2 3 4 Certificate-Based Solution • Certificate Revocation in Vehicular Networks • LCA Report 2006: Raya, Jungels, Papadimitratos, Aad, Hubaux • Distributed Revocation Protocol (DRP) • Vehicles that detect malicious nodes can warn others • Requires an honest majority • Warnings have lower weight if sending node has also been condemned by other nodes • Node 4 condemns node 2 • But this warning has less weight because node 4 has itself been condemned by nodes 1 and 3 1 4 2 3

  13. 1 2 3 4 Privacy Concerns • Balancing Auditability and Privacy in Vehicular Networks • Q2SWinet '05: Choi, Jakobsson, Wetzel • CARAVAN: Providing Location Privacy for VANET • ESCAR '05: Sampigethaya, Huang, Li, Poovendran, Matsuura, Sezaki

  14. 1 2 3 4 Privacy Concerns • Balancing Auditability and Privacy in Vehicular Networks • Q2SWinet '05: Choi, Jakobsson, Wetzel • Provide privacy • From peer-to-peer vehicles • From infrastructure authorities • Support auditability • Linkability between anonymous handles and owner identity • Requires off-line permission granting (court order, etc)

  15. 1 2 3 4 Privacy Concerns • Balancing Auditability and Privacy in Vehicular Networks • Q2SWinet '05: Choi, Jakobsson, Wetzel • Two-Level Infrastructure • Back-end (ombudsman) • Creates long-term “handle” from node identities • Nodes initialized with set of handles • Off-line approval can grant identity from pseudonym • Front-end (road-side base stations) • Uses short-term pseudonyms created from long-term handles • Pseudonym and shared key created from handle and timestamp

  16. 1 2 3 4 Privacy Concerns • CARAVAN: Providing Location Privacy for VANET • ESCAR '05: Sampigethaya, Huang, Li, Poovendran, Matsuura, Sezaki • Provide privacy from vehicle location tracking • Proposed Techniques • Update pseudonym after random silence period • Fixed-interval updates can be tracked by estimating trajectory • Silence period obscures nodes if other nodes are present • Designate group leader to proxy communications • Avoids redundant transmissions • Extends length of time to use each pseudonym

  17. 1 2 3 4 Data Validation • Probabilistic Validation of Aggregated Data in Vehicular Ad-hoc Networks • VANET '06: Picconi, Ravi, Gruteser, Iftode • Detecting and Correcting Malicious Data in VANETs • VANET '04: Golle, Grenne, Staddon

  18. 1 2 3 4 Data Validation • Probabilistic Validation of Aggregated Data in Vehicular Ad-hoc Networks • VANET '06: Picconi, Ravi, Gruteser, Iftode • Allow sensor data to be aggregated • Use signing certificates to validate data • Randomly force one complete record to be included • Relies heavily on tamper-proof device

  19. 1 2 3 4 Data Validation • Detecting and Correcting Malicious Data in VANETs • VANET '04: Golle, Grenne, Staddon • Nodes attempt to identify malicious data via information sharing • Nodes detect neighbors and contribute to global database • Malicious nodes may contribute invalid or spoofed data • May try to fake a traffic jam • Friendly nodes build models to explain database observations • Is there one malicious node attempting to spoof three other nodes? • Are all four nodes malicious? • Possible heuristic: choose scenario with fewest bad and spoofed nodes

  20. 1 2 3 4 Data Validation • Detecting and Correcting Malicious Data in VANETs • VANET '04: Golle, Grenne, Staddon • Example • Actual Scenario • Possible Explanations

  21. 1 2 3 4 Design Issues Certificate-Based Solution Privacy Concerns Data Validation Questions?

More Related