Paper Information • Published in • Workshop on hot topics of networks (HotNets-IV) • Year: 2005 • Authors • Bryan Parno, Carnegie Mellon University • Adrian Perrig, Carnegie Mellon University
Main Contribution • Analyze the security challenges specific to vehicular networks Others… (2) Introduce a set of primitives for secure applications (3) Discuss vehicular properties that can support secure systems. (4) Present two security techniques, entanglement and reanonymizers, that leverage unique vehicular properties.
Vehicular Network challenges • Authentication versus privacy We want to prevent one vehicle from claiming to be hundreds in order to create the illusion of a congested road “So need to assign a single identity” But Most drivers would reject a system that reveal their privacy
Vehicular Network challenges • Availability For many applications, vehicular networks will require real-time, or near real-time, responses as well as hard real time guarantees But attempts to meet real-time demands typically make applications vulnerable to Denial of Service (DoS) attacks “Prevent real packet from being processed” I am decelerating Dummy Packets
Vehicular Network challenges • Low tolerance for errors Many applications use protocols that rely on probabilistic schemes to provide security However, given the life-or-death nature of many proposed vehicular applications, even a small probability of error will be unacceptable
Vehicular Network challenges • Mobility For vehicular networks, mobility is the norm, and it will be measured in miles, not meters, per hour. Since two vehicles may only be within communication range for a matter of seconds, we cannot rely on protocols that require significant interaction between the sender and receiver. • Transient neighborhood • Many neighbors will only be encountered once, ever • Makes reputation-based systems difficult
Vehicular Network challenges • Key Distribution First, vehicles are manufactured by many different companies, so installing keys at the factory would require coordination and interoperability between manufacturers Unfortunately, in the U.S., most transportation regulation takes place at the state level, again complicating coordination. The federal government can impose standards, but doing so would require significant changes to the current infrastructure for vehicle registration, and thus is unlikely to occur in the near future; What about Egypt?
Vehicular Network challenges • Incentives Law-enforcement agencies would quickly embrace a system in which speed-limit signs broadcast the mandated speed and vehicles automatically reported any violations. What about Customers? Conversely, consumers might appreciate an application that provides an early warning of a police speed trap. Manufacturers might be willing to meet this demand. What about authorities?
Vehicular Network challenges • Bootstrap Initially, only a small percentage of vehicles will be equipped with DSRC radios and little infrastructure will exist to support them. Thus, in developing applications for vehicular networks, we can only assume that a few other vehicles are able to receive our communications, and the applications must provide benefits even under these limited conditions
Adversaries • Greedy drivers
Adversaries • Greedy drivers • Snoops • Pranksters • Industrial Insiders • Malicious Attackers
Attacks • Denial of Service (DoS) • Overwhelm computational or network capacity • Dangerous if users rely on the service • Message Suppression Attacks • Drop congestion alerts • Fabrication • Lie about congestion ahead or lie about identity • Alteration Attacks • Replay transmissions to simulate congestion
Some Vehicular Properties Support Security • Controlled Access • Toll roads and many bridges have controlled entry and exit points. • Regular Inspections • Most states require annual inspection • Download updates, CRLs, new certificates • Use software attestation to verify vehicle • Honest Majority • Most drivers prefer not to tinker with their cars • May void warranty or violate the law • Must protect against worms • Leverage existing work for PCs • Trusted hardware (e.g., TPMs) may help eventually
Some Vehicular Properties Support Security • Additional input • Presumed intelligent operator at each node • Cannot distract driver, but can still gather or infer data • E.g., ignored deceleration warning may indicate a false positive • Existing enforcement mechanisms • For many attacks, attacker must be in close physical proximity • May be sufficient to identify the attacker
Security Primitives • Additional Primitives • Message Authentication • Key establishment • Secure Aggregation Techniques • Example: counting cars. • Anonymization Service • Reanonymizers • Authenticated Localization of Message Origin • Entanglement
SLOW • Strengths • Very Organized • Limitations • Opportunities • Authentication vs. privacy with group signers • Weaknesses
(GPS) Human-Machine Interface Thank you Any Questions?