Securing Vehicular Communications Author：Maxim Raya, Panos Papadimitratos, and Jean-Pierre Hubaux From：IEEE Wireless Communications Magazine, Special Issue on Inter-Vehicular Communications, 2006 Presented by Li-yuan Lai
Outline • INTRODUCTION • VULNERABILITIES • CHALLENGES • SECURITY ARCHITECTURE • OPEN PROBLEMS
Vehicular Networks • Vehicular Networks are a cornerstone of the envisioned Intelligent Transportation Systems (ITS). • Vehicular networks will contribute to safer and more efficient roads by providing timely information to drivers and concerned authorities. • Enable vehicles to communicate with each other via －Inter-Vehicle Communication (IVC) －Roadside-to-Vehicle Communication (RVC) 【with roadside base stations】
VULNERABILITIES • Jamming • Forgery • In-transit Traffic Tampering • Impersonation • Privacy Violation • On-board Tampering
Challenges • Network Volatility • Liability vs. Privacy • Delay-Sensitive Applications • Network Scale • Heterogeneity
SECURITY ARCHITECTURE • Security Hardware • Vehicular Public Key Infrastructure • Authentication • Certificate Revocation • Privacy
Security Hardware • Event Data Recorder（EDR） The EDR will be responsible for recording the vehicle’s critical data during emergency events, similar to an airplane’s black box. • Tamper-Proof Device（TPD） The TPD will take care of storing all the cryptographic material and performing cryptographic operations, especially signing and verifying safety messages.
Vehicular Public Key Infrastructure • Certificate Authorities (CAs) will issue certified public/private key pairs to vehicles. • The different CAs will have to be cross-certified so that vehicles from different regions or different manufacturers can authenticate each other. • This will require each vehicle to store the public keys of all the CAs whose certificates it may need to verify.
Authentication • To authenticate each other, vehicles will sign each message with their private key and attach the corresponding certificate. • When another vehicle receives this message, it verifies the key used to sign the message and once this is done correctly, it verifies the message.
Certificate Revocation • The most common way to revoke certificates is the distribution of CRLs (Certificate Revocation Lists) that contain the most recently revoked certificates; CRLs are provided when infrastructure is available. • But there are several drawbacks to this approach. 1、CRLs can be very long due to the enormous number of vehicles and their high mobility. 2、the short lifetime of certificates still creates a vulnerability window. 3、the availability of an infrastructure will not be pervasive, especially in the first years of deployment. • Solution： Revocation Protocol of the Tamper-Proof Device
Privacy • To address the privacy vulnerability, we propose using a set of anonymous keys that change frequently according to the driving speed. • These keys are preloaded in the vehicle’s TPD for a long duration, the TPD takes care of all the operations related to key management and usage. • Each key is certified by the issuing CA and has a short lifetime (e.g., a specific week of the year).
Open Problems • Secure Positioning • Data Verification • DoS Resilience