Embed Size (px)
Citation preview
A Scalable and Secure Key Distribution
Scheme for Group Signature based
Authentication in VANET
Kiho Lim, Kastuv M. Tuladhar,
Xiwei Wang, Weihua Liu
Outline
Introduction to Vehicular Networks
Motivation
System Model
Secure Key Distribution Scheme
Evaluation & Analysis
Conclusion
Introduction to Vehicular
Networks
• Vehicular Ad hoc Networks (VANET) are a
special type of Mobile Ad hoc Networks
(MANETs) with fast-moving vehicular nodes,
dynamically changing topology.
• VANETs allow vehicles to share safety and traffic
information such as weather information,
broadcasting emergency condition, navigations
etc.
Vehicular Networking
Source: “Vehicular Networking: Standards, Protocols, Applications, and Deployment Plans”, Tutorials, 2015 IEEE CCNC
• Individual functions (like detecting seat occupancy)
are performed by individual embedded systems, called
Electronic Control Units (ECUs)
– essentially a ruggedized miniature computer,
typically based on a microcontroller, that can gather
data from attached sensors or trigger attached
actuators
Electronics in the vehicle
Extension to Vehicle-to-Vehicle
Communications
The next stage is to connect the in-vehicle network of
a car with other cars, as well as with its environment,
to open a whole set of new possibilities
Typical Connections
Specifically designed protocols between Roadside
Units (RSU) and vehicles; and vehicles to vehicles:
IEEE WAVE, IEEE 802.11p, ITS-G5, ARIB T109
Vehicular Networking Objectives
• Safety-relevant information can be exchanged that can
not be obtained using local sensors
– Enables the driver to “see through and ahead”other vehicles, buildings and environment
• Potential to improve driving comfort
• Potential to reduce congestion and thus environmental
impact
• And, sometime in the future, enable fully automated
rides
Cooperative Safety Systems
– Some Examples
Security Issues
• Propagation of falsified warning messages
can mislead towards an accident and
damage the life/property.
• Various Attacks in VANETs:
• bogus information attacks
• spoofing attacks (Identity, speed, position)
• privacy attacks
/17
Real World Attack #1: RollJam
unlock #n
unlock #n+1
unlock #n+2
……
Rolling Code for Keyless Entry
/17
Real World Attack #1: RollJam
unlock #n+1jam and capture #n+1
not opened!unlock #njam and capture #n
opened!replay #n
replay #n+1opened!
/17
Real World Attack #2: VW RKE HackIn USENIX Security 2016, Garcia et al. present that
only 4 encryption keys are universally used over
100M vehicles produced by VW group over the 20
years.
1
3
/17
Real World Attack #3: FCA Jeep Hack
• After the first release in 7/21/2015, it drew significant media
attention.
• FCA Jeep Cherokee “remotely” controlled by Charlie Miller
and Chris Valasek.
• On 7/24/2015, FCA issued a recall to 1.4M vehicles.
FCA Jeep Cherokee
FCA SDN
TCU
BCMPCM
CAN bus
IVIHackers
/17
Real World Attack #4: Remote Tesla Model S Hack
Motivation
• It is difficult to store/manage all keys in a vehicle.
• Centralized trusted authority has high burden of
generating and managing the group public/private keys.
• Another challenge in VANETs is delivering group private
keys securely from the key generator to vehicular nodes.
• A group is confined to the coverage of a road side unit
(RSU).
• Thus, our goal is to mitigate frequent key updates
requirement and to make the key management process
more efficient and scalable.
Related Works• Chaum et al. [4] introduced group signatures for anonymous
authentication, which employs several group keys
corresponding to one group public key.
• Sun et al. [14] proposed a pseudonymous authentication for
vehicular communication to provide anonymity and
traceability.
• A distributed key management framework [5] distributes the
group key with the help of RSUs.
• However, frequent key establishment has not been
addressed.
• Also, delivering the group keys in a secure manner is crucial.
System Model
Overview of the System Model
System Model• Trusted Authority (TA): Vehicles are registered by the
trusted authority and provided the certificates. TA and RSUs
are securely connected by the stable backbone network. TA
can help RSUs to identify the real identity of vehicles on
request.
• Vehicular Nodes: Vehicular nodes are vehicles on the road
which are equipped with an on-board unit (OBU) for
computation and communication, a global positioning system
(GPS) for location service, and an interface for interacting
with drivers.
System Model
• Road Side Units (RSU) and Domain: RSUs are the
infrastructure deployed along the road side which play an
important role in key management, message
authentication/verification, and message dissemination.
• A group of RSUs forms a domain. The number of RSUs
within a domain can be determined based on the
geographical status, infrastructure capacity, deployment plan
and vehicle demography.
• RSUs are further classified into member RSUs (M-RSU) and
leader RSUs (L-RSU).
System Model• Leader Road Side Units (L-RSU): The L-RSUs coordinate with
the trusted authority and generates the group private keys and
group public keys for the vehicles. The L-RSUs also manage and
maintain the database of the group keys. Upon detecting
suspicious behavior, the L-RSUs communicate with the TA to
reveal the identity of the malicious vehicle.
Member Road Side Units (M-RSU): Unlike LRSUs, M-RSUs do
not perform the key generation and management process, but
instead M-RSUs can help vehicles to obtain the group keys from a
leader RSU. Thereby, M-RSUs are semi-trust with the medium
security level. Once the vehicle gets the group key, it can
communicate with any M-RSU inside a domain with the same key.
Proposed Scheme
• The proposed protocol utilizes short group signature
protocol[14] to generate a group private key.
• The leader RSU as a key generator issues group private
keys within a domain.
• In a domain which consists of multiple RSUs, there are one
group public key and many corresponding group private
keys so any member of a domain can sign messages.
• A vehicle can use the same group key with multiple RSUs
within a domain without having to initiate a key
establishment process.
Proposed Scheme
Figure illustrates how vehicles
can request a group private key
to the leader RSU within a
domain.
Secure Key Distribution Scheme
• As a vehicle enters an area of a domain, it can communicate
with any RSU to securely obtain group public/private key pair.
• The secure key distribution scheme is based on the Diffie-
Hellman key agreement protocol for mutual authentication
and sharing a symmetric key.
• Vehicles and M-RSU shares the related parameters to get
the symmetric key.
• gab serves as the secret key KVi_MR between Vi and M-RSU
Secure Key Distribution Scheme
• After establishing a symmetric key, vehicle requests for the
group keys to M-RSU.
• M-RSU forwards the request to the L-RSU.
• L-RSU replies to M-RSU with the group keys for the
vehicle.
• Finally, M-RSU transmits the group keys to vehicle using
the shared symmetric keys.
Secure Key Distribution Scheme
M-RSU
M-RSU
m1
m3m2
m6
m4
m5
L-RSU
Domain
Our Protocol Flow
Regular Communication
Secure Key Distribution Scheme
Evaluation & Analysis
• Simulation Setup
• Manhattan Grid environment simulated in the
Network Simulator
• NS-2 and the mobility simulator SUMO.
• Map of 3600*3600 square meters.
Key Establishment
Key Establishment
• When the domain of multiple RSUs is not
considered, vehicles have to perform the key
exchange procedure with each and every RSUs
separately.
• The figure shows how the average number of key
establishment changes as the vehicles are moving
with/without using domains.
• Here, domain has the area covered by four RSUs
with the vehicles moving randomly.
Key Establishment Delay Comparison
[14]
Key Establishment Comparison
• The computation time of the group signature [14]
measured that the signing and the verification delays
are 3.6 ms and 7.2 ms for key transaction.
• The signing and verification process of the 16 key
establishments without using domain takes
16*(3.6+7.2) ms (172.8 ms).
• On the other hand, while using the domain size of four
RSUs, the time taken for signing and verification of
four key establishments is 4*(3.6+7.2) ms (43.2 ms).
Key Establishment Comparison
• Thus, with the domain size of only four RSUs, the time-
taken for key establishment of the randomly moving
vehicles is 43.2 ms which is 400% more efficient
compared to the 172.8 ms (time taken for key
establishment without domain).
• In practice, the domain size is likely to be higher, so it can
be expected that our scheme will achieve more efficiency.
Group Key Utilization
• Group key utilization time is the time that the vehicle
travels inside the domain after establishing the key.
• Group key utilization time can be used to consider
the frequency of the group key usage in domains and
get idea about average travel time of the vehicles in
various.
• The Figure shows the group key utilization time for
different size of vehicles after receiving the group
keys under the different size of domain.
Group Key Utilization
Group Key Utilization
• It is observed that the vehicles spends around 30-40
seconds in one RSU on average.
• And the average travel time is continuously increasing as
the size of the domain increases.
• When there are four RSUs within a domain, it is
observed that the moving vehicles utilize the group key
about 200% more than the moving vehicles without
having a group key for the domain.
Conclusion• Our scheme provides the scalable solution for the
security of the vehicular networking by using the
concept of domain with multiple RSUs so that a group
key can be utilized for a longer period of time.
• In addition, by splitting the role of the RSU to member
RSU and leader RSU, our approach provides the
distributed key management mechanism.
• Furthermore, our scheme offers the secure key
exchange protocol which allows that group keys can be
securely delivered to vehicular nodes.
References[1] H. Hartenstein and K. Laberteaux, VANET vehicular applications and inter-networking technologies. John Wiley & Sons, 2009, vol. 1.
[2] P. Papadimitratos, A. De La Fortelle, K. Evenssen, R. Brignolo, and S. Cosenza, “Vehicular communication systems: Enabling
technologies, applications, and future outlook on intelligent transportation,” IEEE Communications Magazine, vol. 47, no. 11, 2009.
[3] M. Raya and J.-P. Hubaux, “Securing vehicular ad hoc networks,” Journal of computer security, vol. 15, no. 1, pp. 39–68, 2007.
[4] D. Chaum and E. Van Heyst, “Group signatures,” in Advances in CryptologyEUROCRYPT91. Springer, 1991, pp. 257–265.
[5] Y. Hao, Y. Cheng, C. Zhou, and W. Song, “A distributed key manage- ment framework with cooperative message authentication in vanets,”
IEEE Journal on selected areas in communications, vol. 29, no. 3, pp. 616–629, 2011.
[6] P. Vijayakumar, M. Azees, A. Kannan, and L. J. Deborah, “Dual authentication and key management techniques for secure data trans-
mission in vehicular ad hoc networks,” IEEE Transactions on Intelligent Transportation Systems, vol. 17, no. 4, pp. 1015–1028, 2016.
[7] T. W. Chim, S.-M. Yiu, L. C. Hui, and V. O. Li, “VSPN: VANET- based secure and privacy-preserving navigation,” IEEE Transactions on
Computers, vol. 63, no. 2, pp. 510–524, 2014.
[8] R. Lu, X. Lin, H. Zhu, P.-H. Ho, and X. Shen, “ECPP: efficient conditional privacy preservation protocol for secure vehicular com-
munications,” in Proceeding of IEEE INFOCOM 27th Conference on Computer Communications, 2008. IEEE, 2008, pp. 1229–1237.
[9] W. Diffie and M. Hellman, “New directions in cryptography,” IEEE transactions on Information Theory, vol. 22, no. 6, pp. 644–654, 1976.
[10] M. Gerlach, “Assessing and improving privacy in VANETs,” ESCAR, Embedded Security in Cars, 2006.
[11] J. Freudiger, M. Raya, M. Fe ́legyha ́zi, P. Papadimitratos, and J.-P. Hubaux, “Mix-zones for location privacy in vehicular networks,” in
Proceedings of ACM Workshop on Wireless Networking for Intelligent Transportation Systems (WiN-ITS), no. LCA-CONF-2007-016, 2007.
[12] L. Huang, K. Matsuura, H. Yamane, and K. Sezaki, “Enhancing wireless location privacy using silent period,” in Proceedings of Wireless
Com- munications and Networking Conference, 2005 IEEE, vol. 2. IEEE, 2005, pp. 1187–1192.
[13] K. Sampigethaya, M. Li, L. Huang, and R. Poovendran, “AMOEBA: robust location privacy scheme for VANET,” IEEE Journal on Selected
Areas in Communications, vol. 25, no. 8, 2007.
[14] X. Sun, X. Lin, and P.-H. Ho, “Secure vehicular communications based on group signature and id-based signature scheme,” in
Proceedings of IEEE ICC International Conference, 2007. IEEE, 2007, pp. 1539– 1545.
[15] IEEE Standard 1609.2, “1609.2-2016 - IEEE standard for wireless access in vehicular environments–security services for applications
and management messages,” IEEE Xplore, pp. 1–240, 2016.
[16] S. S. Rosen, “Tamper-proof electronic processing device,” Jul. 11 2000, uS Patent 6,088,797.
[17] K. Lim and D. Manivannan, “An efficient protocol for authenticated and secure message delivery in vehicular ad hoc networks,” Vehicular
Communications, vol. 4, pp. 30–37, 2016.
[18] M. Raya, P. Papadimitratos, V. D. Gligor, and J.-P. Hubaux, “On data-centric trust establishment in ephemeral ad hoc networks,” in
Proceedings of IEEE INFOCOM 27th Conference on Computer Com- munications, 2008. IEEE, 2008, pp. 1238–1246.
•[19] NS-2, “http://nsnam.sourceforge.net/wiki/index.php.”
•[20] simulation of urban mobility, “http://sumo.dlr.de/index.html.”
•[21] I. I. of highway safety, “http://www.iihs.org/iihs/sr/statusreport/article/43/1/1,” Jan 2008.
•[22] R. L. Rivest and A. Shamir, “How to expose an eavesdropper,” Com- munications of the ACM, vol. 27, no. 4, pp. 393–394, 1984.
