Trusted Information and Security in Smart Mobility Scenarios: the case of S2-Move Project*

Pietro Marchetta, Eduard Natale, Alessandro Salvi, Antonio Tirri, Manuela Tufo, and Davide De Pasquale

www.s2-move.it

*grant number PON04A3_00058

The S2-Move project (1/3)

} Soft-real time information exchange among citizens, public administrations and transportation systems

} Services } Road traffic estimation } Fleet Management and Fleet Control (platooning)

!2

The S2-Move project (2/3)

} Each vehicle is equipped with a OBU (On-Board Unit) } Collecting in-vehicle data

(e.g. speed, fuel consumption)

} Sending data to a remote CPS (Central Processing System)

} V2V (Vehicle-to-Vehicle) V2I (Vehicle-to-Infrastructure) communication

!3

} CPS (Central Processing System) } Data acquisition

} Urban probes (smartphone, vehicles, etc.)

} Data processing } Services providing on annotated map

!4

Presentation Layer

Data Transmission

Manager Data Layer

Logical Units

The S2-Move project (3/3)

Protocol for data transmission} IEEE 802.11p is based on a communication outside the

BSS (Basic Service Set) } Does not provide any kind of security

!5

1

Traffic Jam!

2

3

1.Traffic Jam!

2.Traffic Jam!

3.Traffic Jam!

Fabrication Attacks (e.g. accident ahead!)

Sybil Attacks (e.g subvert reputation system)

Replay Attacks (e.g. wrong traffic estimation)

Security Services} IEEE 1609.2 uses PKI (Public Key Infrastructure)

} Each vehicle comes with: } TPM (Trusted Platform Module)

} stores public and private key } Certificate (proves the vehicle identity)

} CA (Certification Authority) needed !

} Integrity, Authenticity } Confidentiality (optional) } Privacy, Trustworthiness

!6

IEEE 802.11p

IEEE 1609.2

Symmetric (AES-CCM)

Asymmetric (ECIES)

IEEE 1609.2 Authentication

!!!!!!!!!

} …do we need confidentiality?

!7

PRV CERT

ECDSA TPM

PUB

MEX

Certification lacks} Certificate ⇏

} Privacy } Vehicle recognition/tracking

} Correct behavior of a user !

} Suspicious vehicles identification } Revocation of the Trusted Component (RTC)

} - if an attacker is able to block RTC messages - then use Certificate Revocation Lists (CRL) } RSU forwards the list to the vehicles

!8

All clear! Increase speed!

Communication Privacy } Possible solutions

1. Aliases } ELP (Electronic License Plate) - by CA or TPM

2. Group Keys (signatures) } The group provides anonymity outside its membership

} Group private and public keys } Group Manager

!9

id_aid_b

id_c

TPM

GK_B GK_A

V

Messages propagation} Symmetric key: leader generates and sends the key to members, encrypted

with their public key } Areas must overlap } Vehicle V owns both keys !

} Advantages } reduced overhead } doesn’t need to contact the CA !

} Disadvantages } This system does not guarantee:

} non-repudiation → solution: unique group-key pair (assigned and revoked by CA)

} privacy

GK_AGK_B

!10

Trust Models} Traditional models

} Each vehicle assigns a reputation to other vehicles } Scalability?

} Novel techniques } Each vehicle assigns a reputation to a group

} What about short-living groups? !

} Data-oriented trust models → message-related } Vehicle type (ambulance, police, bus, etc.) } Dempster-Shafer Theory } Opinion piggybacking

!11

The case of S2-Move Project (1/2)

} CPS (Central Processing System) } Certification Server } Group management (keys assignment) !

} CPS may be unattainable } relies on network availability

!12

Presentation Layer

Data Transmission

Manager Data Layer

Logical Units

} Solution } Symmetric key when network is unavailable

} Integrity and Authenticity guaranteed } Group Management

} Privacy guaranteed } Hybrid trust models

The case of S2-Move Project (2/2)

M1

M2

M1

M2

CA - GM CA - GM

!13

Future work} Experimental evaluation

} 802.11p - 1609.2 on-road analysis } delay measurement } different speed conditions !

} Investigating on particular events } Followers exits a fleet } Leader pushes a follower out of a fleet !

} Issues } cars may not be on the road - how to deal with it? } fleet control

!14

Thanks!www.s2-move.it

!16

ECDSA Algorithm

!17

Dempster-Shafer Theory (DST)} Bayesian theory → probabilities } Belief functions (DST) → degrees of belief

!belief ≤ plausibility

!e.g. accident on a certain road

Vehicle A P(R1)=0.1, P(R2)=0.9

Vehicle B P(R1)=0.1, P(R3)=0.9

Vehicle C P(R1)=0.1, P(R4)=0.9

!18

R1

R2

R3

R4