NOTICENOTICE: An Architecture for : An Architecture for the the NoNotification of tification of TTraffic raffic

IIncidents and ncidents and CCongongeestionstion

Dr. Michele C. Weigle Department of Computer Science

Old Dominion University

(Work done with Dr. Stephan Olariu and Gongjun Yan)

Norfolk State UniversityDepartment of Computer Science Colloquium

March 1, 2007

2

MotivationMotivation

EXIT 12

Exit while you still can!

Give drivers advance warning of upcoming traffic congestion

From trekearth.com

3

OutlineOutline

Overview of Vehicular Ad-Hoc Networks (VANETs)

Security Issues in VANETs

Our Approach: NOTICE

Simulations

Conclusions

4

Vehicular Ad-Hoc NetworksVehicular Ad-Hoc NetworksVANETsVANETs

Traffic information cars report their position and

speed to surrounding cars car may suggest an

alternate route Weather warnings Collision warning Platooning Intersection Assistance

EXIT 12

C1 speed 0C2 speed 0C3 speed 0

…

c1c2

c4c3

c5

5

VANETsVANETsApproachesApproaches

V2V only (zero infrastructure, purely ad-hoc) require no outside infrastructure or roadside devices vehicles communicate with each other to determine

traffic situation

V2V and V2I requires some outside infrastructure, often in the form

of roadside devices infrastructure can provide aggregation/processing,

encryption key distribution, access to larger network

6

VANETsVANETsV2V / V2I ArchitectureV2V / V2I Architecture

From “The Security of Vehicular Ad Hoc Networks”, M. Raya and J.-P. Hubaux, SASN 2005

7

Security IssuesSecurity IssuesAdversariesAdversaries

Greedy Drivers convince neighbors that congestion is ahead to clear roads

Snoops driver profiling, tracking

Pranksters hack things “just for fun”

Industrial Insiders if mechanics are in charge of uploading software, they can

load malicious programs Malicious Attackers

terrorists, criminals with specific targets in mind

Bryan Parno and Adrian Perrig. Challenges in Securing Vehicular Networks, HotNets 2005.

8

Security IssuesSecurity IssuesAttacksAttacks

Denial of Service (DoS) overwhelm a vehicle’s resources or jam

communication channels Message Suppression

selectively drop messages, suppress congestion alerts

Fabrication broadcast false information into network

Alteration alter existing data, replaying earlier transmissions,

disrupt voting mechanisms

Bryan Parno and Adrian Perrig. Challenges in Securing Vehicular Networks, HotNets 2005.

9

Security IssuesSecurity IssuesApproachesApproaches

Digitally sign (encrypt with private key) each message sent by a vehicle a vehicle is issued a certificate from an authority certificate verifies vehicle’s public key used for decryption disadvantage: allows tracking of vehicles

Pre-load many different anonymous key pairs and change keys at certain intervals disadvantage: malicious user could use the keys to

impersonate multiple vehicles

Key: Reliably associate a message with physical vehicle

10

Our ApproachOur ApproachNOTICENOTICE

Allow the roadway to associate messages with physical vehicles

Embed intelligent sensor belts in the highway

When a car passes over the belt, it reports its speed to the belt

The belt makes decisions about where congestion is occurring based on reports from cars and other belts

speed 55

11

NOTICENOTICECar Model and Belt ModelCar Model and Belt Model

Event Data Recorder (EDR) tamper-proof records location, speed,

etc.

Two transceivers one for handshaking, Th

one for data transfer, Td

ThTd

Pressure sensors detect passing cars

Two transceivers one for handshaking, BTh

short range (~1m) one for data transfer, BTd

larger range (~3m)

EDR

BTh

BTd

12

NOTICENOTICEBelt-to-Belt CommunicationBelt-to-Belt Communication

Individual belt in each lane

Connected belts (sub-belts) communicate instantaneously

Non-connected belts do not directly communicate use cars as data mules

Gives encrypted message to a car to drop off at next belt

[avg spd 55]

[avg spd 55]

13

NOTICENOTICEBelt-to-Car Communication - HandshakingBelt-to-Car Communication - Handshaking

Belt sends “Hello” message to car ID of belt frequency channel for further communication, one-time shared encryption key,

Car sends short acknowledgement

ThTd

EDR

BTh

14

NOTICENOTICEBelt-to-Car Communication - Data TransferBelt-to-Car Communication - Data Transfer

Belt sends query

Car sends message from previous belt

Car sends encrypted (with ) EDR data

Belt sends encrypted (with ) traffic information

Belt sends encrypted message for next belt

ThTd

EDR

BTd3m

15

NOTICENOTICEInformation PropagationInformation Propagation

B1 is aware of traffic slowdown creates encrypted message with latest

traffic statistics

Information is provided to B2

B2 uploads message onto car destined for C2

When C2 receives message, it provides it to C1

C1 notifies passing cars

EXIT 12

A1

B1

C1

A2

B2

C2

16

NOTICENOTICEUrgent ModeUrgent Mode

B2 uploads message with urgent bit set onto car destined for C2

Car broadcasts message to other cars for faster delivery

Cars are passing encrypted messages, so no security risk

EXIT 12

A1

B1

C1

A2

B2

C2

17

NOTICENOTICERole-Based CommunicationRole-Based Communication

Emergency responders can provide information to NOTICE belts

Special encryption key used

Validate incident/congestion inference made by belts

EXIT 12

18

NOTICENOTICEEvacuationsEvacuations

Evacuees need information about resources gasoline, hotels, shelters, etc.

Emergency management centers need method to disseminate information

Enhanced NOTICE can provide this temporary infrastructure connected to belts for long-range

communication to emergency management centers for backward propagation during contraflow

19

NOTICENOTICEEvacuationsEvacuations

Cars that have refueled report to nearest belt

Location and time of refuel propagated backwards by temporary infrastructure

Cars needing gas can exit at the appropriate location

20

NOTICENOTICESimulationsSimulations

Developed a Java-based simulator based on applet using realistic highway traffic model http://www.traffic-simulation.de/

Measured message propagation time normal mode

car receiving message carries it to the next belt urgent mode

car receiving message broadcasts it to nearby cars

Traffic intensities from 70 vehicles/hr to 3600 vehicles/hr

21

NOTICENOTICESimulationsSimulations

22

NOTICENOTICESimulationsSimulations

23

ConclusionConclusion

NOTICE: An Architecture for the Notification of Traffic Incidents and Congestion

Provides security and privacy belts can independently corroborate information provided

by vehicles

Works in sparse or dense traffic

Extensions for evacuation scenarios

24

Future WorkFuture Work

Enhance our simulator wireless channel conditions

Rules for how far to propagate congestion notifications

Rules for how to infer occurrence of traffic incident or congestion

Use with non-intrusive sensor

25

Michele C. Weigle

Department of Computer Science

Old Dominion University

Norfolk, VA

mweigle@cs.odu.edu

http://www.cs.odu.edu/~mweigle

VANET Research Group @ ODU

http://www.cs.odu.edu/~vanet