1

Covert Communication based Privacy Preservation in

Mobile Vehicular Networks

Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**, and Heekuck Oh***

*Department of Computer Science, Innopolis University, Kazan, Russia** Department of Mathematics and Physics, North Carolina Central University, Durham, NC, USA

***Department of Computer Science and Engineering, Hanyang University, South Korea

22

Agenda

• Introduction• Problem Statement• Covert Communication-based Privacy Preservation

– Protocol Outline– Covert Communication– Proposed Covert-based Scheme

• Quantitative Evaluation• Conclusions and Future Work

33

Introduction

• Vehicular Ad hoc NETwork (VANET)– Vehicle-to vehicle (V2V) and vehicle-to-infrastructure

(V2I) communication paradigms– Driving safety-related and the other applications– IEEE 802.11p standard mandates broadcasting

beacon messages in the order of milliseconds

44

Agenda

• Introduction• Problem Statement• Covert Communication-based Privacy Preservation

– Protocol Outline– Covert Communication– Proposed Covert-based Scheme

• Quantitative Evaluation• Conclusions and Future Work

5

Problem Statement

• Privacy is of prime concern in VANET

• Current solutions include:– Mix Zones, silent periods– Identityless schemes– Multiple pseudonyms (mostly used)

• However, even multiple pseudonyms do not necessarily preserve the privacy– Statistically, possible to link multiple pseudonyms to one entity [1]

[1]. Wiedersheim et al. “Privacy in inter-vehicular networks. Why simple pseudonym change is not enough,” IEEE WONS, pp. 176–183, 2010.

66

Problem Statement – cont’

• How to prevent the statistical attack?– Assign multiple pseudonyms to nodes– Let nodes exchange their pseudonyms with each other

• Pseudonyms exchange should be carried out on a covert channel established on top of existing beaconing framework– Exchange their pseudonyms in corrupt beacons with the

help of a shared secret (key) among the exchanging parties• Revocation should be still possible• [8] provides an outline, but is without a firm detail

77

Agenda

• Introduction• Problem Statement• Covert Communication-based Privacy Preservation

– Protocol Outline– Covert Communication– Proposed Covert-based Scheme

• Quantitative Evaluation• Conclusions and Future Work

8

Protocol Outline

• Design Rationale– Identity exchange-based privacy preservation

• Unintended should not determine whether the exchange happens• Intermingle the exchange messages part of normal conversation

– Conditionally deniable– Privacy-preserving

• Minimize the use of cryptography and use natural ways to secure the communication

• No need for additional infrastructure or message structure to add this functionality

• Using others’ pseudonyms is good until and unless you can trace back when needed

9

Protocol Outline – cont’

• Design Goals– Exchange pseudonyms for privacy preservation– Use covert channel to exchange the pseudonyms

• Only intended receivers know the position of the information in the corrupted beacon

– Provision of anonymity through pseudonym exchange– Unlinkability through pseudonym-exchange

??

?

1010

Covert Communication

• Observation: Wireless is Noisy– Noise is a non-stationary and random process

– Idea: Use the random properties of wireless channel noise to hide secret message

• Packet corruption can be caused by interference, multipath, non-wifi, collisions, hidden terminals, low signal strength, etc.

• Hide messages in corrupted packets• Challenge: Make message indistinguishable from “normal”

corruption

1111

Covert Communication – cont’

Rivest et al. “Chaffing and Winnowing: Confidentiality without Encryption.” Cryptobytes 4:1 pp. 12–17. 1998

• Chaffing and Winnowing [9]– Chaff

• the actual corrupted frames on the channel due to packet corruption

– Grain• the crafted frames which are deliberately corrupted by the

sender for the secret communication

• Two main security measures– Geolock key: spatio-temporal group secret– Session key: help to locate pseudonym from a

corrupted-looking beacon

1212

Proposed Covert-based Scheme

• Security Goals– Deniable

• Ability to deny the communication

– Anonymous• Cannot be identified specifically

– Confidential• Adversary cannot recover message

– Robustness• Cannot be disrupted

13

Proposed Covert-based Scheme

• Threat Model– Passive adversary

• Figure out the possible hidden communication• Wireless comm. is prone to such experiences

– From the messages, adversary wants to figure out who exchange identity with whom

• This leads to the traditional privacy and profilation problems

– Adversary is semi-global for some physical area• Accumulates the messages in that area to figure out the identity

exchange messages

– Ephemeral networks are going to be a challenge for even sophisticated adversary

1414

Proposed Covert-based Scheme [1/11]

• Network Model

15

• Baseline– Beacon-based communication– Play with the beacons frequency for covert communications– Make some beacons (frames) corrupted for intended purpose– The secret key is shared beforehand– CIT (CorruptInsertTransmit)

• Roadmap– Use the observable properties of the channel and exchange

information among users based on that channel

Proposed Covert-based Scheme [2/11]

1616

Proposed Covert-based Scheme [3/11]

• Pseudonym Generation

– is the current count of generated pseudonyms– VIN is identification no. and contains 17 alphanumeric

elements according to ISO 3780– Pseudonyms databases maintained at DMV at Ras

(revocation authorities) indexed with

1717

Proposed Covert-based Scheme [4/11]

• Pseudonym table at DMV

• Pseudonym table at RA

1818

Proposed Covert-based Scheme [5/11]

– Encrypt two secret keys ( and ) and store in RAs

– Secret key is divided and each RA gets a share – DMV is trusted and saves the issued credentials ()

1919

Proposed Covert-based Scheme [6/11]

• IEEE 802.11 frame format

• Corrupt beacon

• Same pseudonyms must be used during exchange process

Can be intentionally corrupted

Sender’s pseudonym

Actual pseudonym to beexchanged

Length of pseudonym

Shared key

Replace CRC

2020

Proposed Covert-based Scheme [7/11]

– is normal beacon payload– is the length of the covert content (pseudonym)– is calculated and known to both parties

• To make it more indistinguishable, some salt is added• It is randomized• Calculated with (public), (group secret), • HMAC with session key for integrity because corrupted frame

has no other mean to check integrity

– Location-based Encryption (geolock) is used for location confidentiality

2121

Proposed Covert-based Scheme [8/11]

• Geolock key ( construction

Hussain et al. “Secure and privacy-aware traffic information as a service in VANET-based clouds” in press, Pervasive and Mobile Computing, Elsevier, 2015

Only small number of spatio-temporal users can

make this

2222

Proposed Covert-based Scheme [9/11]

• Exchange Initiation– Covert channel in broadcast is more challenging– flag is included (deliberate false alarms!)

• maybe sometimes even when no exchange happen• Only when there • The exchange takes place only when both the flags are

• Pseudonym Exchange– At initiator ()– Establish session key– At receiver ()

2323

Proposed Covert-based Scheme [10/11]

• Revocation– RAs collude and get the warrant– Search for the used pseudonym with the value – Search the exchange record in PER table– Construct from – The session leader decrypts the keys

– Decrypt to extract

2424

Proposed Covert-based Scheme [11/11]

• Revocation algorithm

2525

Agenda

• Introduction• Problem Statement• Covert Communication-based Privacy Preservation

– Protocol Outline– Covert Communication– Proposed Covert-based Scheme

• Quantitative Evaluation• Conclusions and Future Work

2626

Quantitative Evaluation [1/4]

• Security and Conditional Privacy– Exchange process is confidential– Without knowing , hard to follow the exchange process – is used to secure the beacon from outsiders and

insiders– When beacon with wrong CRC is received, only the

intended receivers try to retrieve the information from it– Revocation is possible at any level of the pseudonym

exchange and of the immediate user of the pseudonym is subject to revocation

2727

Quantitative Evaluation [2/4]

• Theorem III.1. Proposed scheme increases the privacy of the user through exchanged pseudonyms– Suppose at uses a pseudonym at – Same was used by at at – If and are at ‘safe distance’ then

• is the distance travelled by the vehicle

• Theorem III.2. Revocation at any level is possible– Pseudonym exchange history table

• Which pseudonym was exchanged at what time• Latest pseudonym exchange will help to find out the

immediate user of the pseudonym

2828

Quantitative Evaluation [3/4]

• Computation and Communication Overhead– Comm. overhead is the modified beacon frequency– Revocation cost

• Direct revocation

• Indirect revocationDirect revocation is done when the sender of pseudonym is the owner

of pseudonym, whereas indirect revocation is done when the

pseudonym is exchanged with someone else

2929

Quantitative Evaluation [4/4]

• Comparison with known schemes

3030

Agenda

• Introduction• Problem Statement• Covert Communication-based Privacy Preservation

– Protocol Outline– Covert Communication– Proposed Covert-based Scheme

• Quantitative Evaluation• Conclusions and Future Work

3131

Conclusions and Future Directions

• Privacy preservation in VANET• Identity-exchange based mechanism

– Pseudonyms are exchanged on a covert channel– Conditional privacy guarantees revocation

• Future Work– Implementation of covert communication– Incorporate the protocol to existing work for privacy

enhancement– Optimize covert channel in broadcast environment– Pseudonym exchange at multiple levels