Download
securing vehicular commuinications assumptions requirements and principles n.
Skip this Video
Loading SlideShow in 5 Seconds..
Securing Vehicular Commuinications – Assumptions, Requirements, and Principles PowerPoint Presentation
Download Presentation
Securing Vehicular Commuinications – Assumptions, Requirements, and Principles

Securing Vehicular Commuinications – Assumptions, Requirements, and Principles

114 Vues Download Presentation
Télécharger la présentation

Securing Vehicular Commuinications – Assumptions, Requirements, and Principles

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Securing Vehicular Commuinications – Assumptions, Requirements, and Principles P. Papadimitratos, EPFL, Lausanne, Switzerland V. Gligor, University of Maryland, College Park, USA J-P. hubaux, EPFL, Lausanne, Switzerland Presentor: Guo Yu Lu

  2. Outline • Introduction • Security Requirements • System Model • Communication Model • Adversary Model • Design Principles

  3. What is VANET ?

  4. What is VANET Vehicular Ad–Hoc Network, or VANET • a form of Mobile ad-hoc network • provide communication - among nearby vehicles - between vehicles - nearby fixed equipment

  5. Introduction • How vehicular communications work - road-side infrastructure units (RSUs), named network nodes, are equipped with on-board processing and wireless communication modules

  6. How vehicular communications work (Continue) - vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication will be possible

  7. What can VANET provide ?

  8. Warnings!!!

  9. Warnings!!!

  10. traffic and road conditions

  11. traffic and road conditions

  12. What can VANET provide The VANET can provide • Safety • Efficiency • Traffic and road conditions • Road signal alarm • Local information

  13. Related work Research have been worked • Outline challenges for VANET - availablility, mobility • Describe particular attacks -DoS, alteration attacks • Suggest solution towards attacks This paper provide a basis for the development of future vehicular security schemes

  14. Security Requirements

  15. SECURITY

  16. Security Requirements • Message Authentication and Integrity • Message Non-Repudiation • Entity Authentication • Access Control Authorization • Message Confidentiality • Privacy and Anonymity • Availability • Liability Identification

  17. Security Requirements • Message Authentication and Integrity - Message must be protected from any alteration • Message Non-Repudiation - The sender of a message cannot deny having sent a message • Entity Authentication - The receiver is ensured that the sender generated a message - The receiver has evidence of the liveness of the sender

  18. Security Requirements • Access Control -determined locally by policies - authorization established what each node is allowed to do in the network • Message Confidentiality - the content of a message is kept secret from those nodes that are not authorized to access it

  19. Security Requirements • Privacy and Anonymity - vehicular communication (VC) systems should not disclose any personal and private information of their users - any observers should not know any future actions of other nodes - anonymitymay not be a reasonable requirement for all entities of the vehicular communications system

  20. Security Requirements • Availability - protocols and services should remain operational even in the presence of faults, malicious or benign • Liability Identification - users of vehicles are liable for their deliberate or accidental actions that disrupt the operation of other nodes

  21. System Model

  22. System Model • Vehicular communications system - Users - Network nodes - Authorities

  23. System Model Note. From “Securing Vehicular Communications – Assumptions, Requirements, and Principles,” by P. Papadimitratos, V. Gligor, J-P Hubaux, In Proceedings of the Workshop on Embedded Security in Cars (ESCAR) 2006, November 2006.

  24. System Model • Users - user is the owner or the driver or a passenger of the vehicle • Network Nodes - processes running on computing platforms capable of wireless communication - Mounted on vehicles and road-side units (RSUs)

  25. System Model • Authorities - public agencies or corporations with administrative powers - for example, city or state transportation authorities

  26. System Model • VC system operational assumptions • Authorities • Vehicle Identification and Credentials • Infrastructure Identification and Credentials • User Identification and Credentials • User and Vehicle Association • Trusted Components

  27. System Model • Authorities - trusted entities or nodes - issuing and manage identities and credentials for vehicular network - establish two-way communication with nodes • Vehicle Identification and Credentials - unique identity V - a pair of private and public keys, kv and KV - certificate CertX{KV, AV} issued by authority X - V denotes on-board central processing and communication module

  28. System Model Note. From “Securing Vehicular Communications – Assumptions, Requirements, and Principles,” by P. Papadimitratos, V. Gligor, J-P Hubaux, In Proceedings of the Workshop on Embedded Security in Cars (ESCAR) 2006, November 2006.

  29. System Model Infrastructure Identification and Credentials - unique identity I - a pair of private and public key kI and KI - certificate CertZ{KI, AI} issued by authority Z - gateway to the authorities - gateway to the mobile vehicles - RSUs’ locations are fixed - public vehicles -considered trustworthy -be used to assist security related operations

  30. What are public vehicles ?

  31. System Model • User identification and Credentials - Unique identity, U - a pair of private and public keys, kU and KU - Certificate CertY{KU , AU } issued by authority Y • User and Vehicle Association - user is the owner or the driver or a passenger of the vehicle - assume only one user can operate a vehicle - assume the user is the driver

  32. System Model • Trusted Components (TCs) - nodes equipped with trusted components, i.e., built-in hardware and firmware - TCs enforce a policy on the interaction with the on-board software - Access to any information stored in the TCs and modification of their functionality can be done only by the interface provided by the TCs. - perform cryptographic operations with signature generations and verifications

  33. Communication Model

  34. Communication Model • Model the wireless communication in vehicular networks, whose connectivity can change frequently • Focus mainly on the data link layer

  35. Communication Model • Data-link layer primitives and assumption • SendL(V,m) : transmits message m to node V within radius R of the transmitting node • BcastL(m) : broadcasts message m to all nodes within radius R of the transmitting node • ReceiveL(m) : receives message m transmitted by a node within radius R of the receiver • A link (W,V) exists when two nodes W and V are able to communicate directly

  36. Communication Model • Links are either up or down, and their state does not change faster than the transmission time of a single packet The network connectivity, at a particular instance in time. Modeled as the graph G the edges of which are all up links. • Transmissions from W are received by all nodes V such that (W, Vi) is up during the entire duration of the packet transmission Packets are delivered across an up link within a maximum link delay τ or they are not delivered at all.

  37. Communication Model • Communication across the network is dependent on • availability of sufficient resources • bandwidth - shared medium contend - bandwidth can fluctuate - unevenly distributed among neighbors - links may be congested

  38. Communication Model • Communication Radius, R • Vary over time • Different classes of nodes may operate with different R • Multi-domain and Highly Volatile environment • Nodes are not bound to administrative and geographical boundaries • Any two or more nodes communicate independently

  39. Communication Model • Frequent Broadcast Communication • Most of the vehicular network traffic is Broadcasted at the network or application layers • Message are transmitted either periodically or triggered by network events • Transmission period is low • Time-sensitive Communication • Message delivery can be constrained by deadlines - different messages have different delay requirements

  40. Adversary Model

  41. Adversary Model • Network nodes - correct or benign - faulty or adversaries - external adversaries - Internal adversaries - active adversaries - passive adversaries

  42. faulty is not always malicious!!!

  43. Adversary Model Internal Active Adversaries • Multiple adversarial nodes - adversaries are independent - adversaries can collude - based on TCs, colluding adversaries are prevented from exchanging cryptographic material and credentials

  44. Adversary Model • Internal Active Adversaries (continue) • non-adaptive adversary  Adversarial nodes are fixed • adaptive adversary  Adversarial nodes change over time • Computationally bounded adversary  adversaries are computationally limited - limited resources and computational power - the knowledge of an adversary is limited - memory finite