Upload
eduard-natale
View
143
Download
0
Tags:
Embed Size (px)
Citation preview
Trusted Information and Security in Smart Mobility Scenarios: the case of S2-Move Project*
Pietro Marchetta, Eduard Natale, Alessandro Salvi, Antonio Tirri, Manuela Tufo, and Davide De Pasquale
www.s2-move.it
*grant number PON04A3_00058
The S2-Move project (1/3)
} Soft-real time information exchange among citizens, public administrations and transportation systems
} Services } Road traffic estimation } Fleet Management and Fleet Control (platooning)
!2
The S2-Move project (2/3)
} Each vehicle is equipped with a OBU (On-Board Unit) } Collecting in-vehicle data
(e.g. speed, fuel consumption)
} Sending data to a remote CPS (Central Processing System)
} V2V (Vehicle-to-Vehicle) V2I (Vehicle-to-Infrastructure) communication
!3
} CPS (Central Processing System) } Data acquisition
} Urban probes (smartphone, vehicles, etc.)
} Data processing } Services providing on annotated map
!4
Presentation Layer
Data Transmission
Manager Data Layer
Logical Units
The S2-Move project (3/3)
Protocol for data transmission} IEEE 802.11p is based on a communication outside the
BSS (Basic Service Set) } Does not provide any kind of security
!5
1
Traffic Jam!
2
3
1.Traffic Jam!
2.Traffic Jam!
3.Traffic Jam!
Fabrication Attacks (e.g. accident ahead!)
Sybil Attacks (e.g subvert reputation system)
Replay Attacks (e.g. wrong traffic estimation)
Security Services} IEEE 1609.2 uses PKI (Public Key Infrastructure)
} Each vehicle comes with: } TPM (Trusted Platform Module)
} stores public and private key } Certificate (proves the vehicle identity)
} CA (Certification Authority) needed !
} Integrity, Authenticity } Confidentiality (optional) } Privacy, Trustworthiness
!6
IEEE 802.11p
IEEE 1609.2
Symmetric (AES-CCM)
Asymmetric (ECIES)
IEEE 1609.2 Authentication
!!!!!!!!!
} …do we need confidentiality?
!7
PRV CERT
ECDSA TPM
PUB
MEX
Certification lacks} Certificate ⇏
} Privacy } Vehicle recognition/tracking
} Correct behavior of a user !
} Suspicious vehicles identification } Revocation of the Trusted Component (RTC)
} - if an attacker is able to block RTC messages - then use Certificate Revocation Lists (CRL) } RSU forwards the list to the vehicles
!8
All clear! Increase speed!
Communication Privacy } Possible solutions
1. Aliases } ELP (Electronic License Plate) - by CA or TPM
2. Group Keys (signatures) } The group provides anonymity outside its membership
} Group private and public keys } Group Manager
!9
id_aid_b
id_c
TPM
GK_B GK_A
V
Messages propagation} Symmetric key: leader generates and sends the key to members, encrypted
with their public key } Areas must overlap } Vehicle V owns both keys !
} Advantages } reduced overhead } doesn’t need to contact the CA !
} Disadvantages } This system does not guarantee:
} non-repudiation → solution: unique group-key pair (assigned and revoked by CA)
} privacy
GK_AGK_B
!10
Trust Models} Traditional models
} Each vehicle assigns a reputation to other vehicles } Scalability?
} Novel techniques } Each vehicle assigns a reputation to a group
} What about short-living groups? !
} Data-oriented trust models → message-related } Vehicle type (ambulance, police, bus, etc.) } Dempster-Shafer Theory } Opinion piggybacking
!11
The case of S2-Move Project (1/2)
} CPS (Central Processing System) } Certification Server } Group management (keys assignment) !
} CPS may be unattainable } relies on network availability
!12
Presentation Layer
Data Transmission
Manager Data Layer
Logical Units
} Solution } Symmetric key when network is unavailable
} Integrity and Authenticity guaranteed } Group Management
} Privacy guaranteed } Hybrid trust models
The case of S2-Move Project (2/2)
M1
M2
M1
M2
CA - GM CA - GM
!13
Future work} Experimental evaluation
} 802.11p - 1609.2 on-road analysis } delay measurement } different speed conditions !
} Investigating on particular events } Followers exits a fleet } Leader pushes a follower out of a fleet !
} Issues } cars may not be on the road - how to deal with it? } fleet control
!14
Thanks!www.s2-move.it
!16
ECDSA Algorithm
!17
Dempster-Shafer Theory (DST)} Bayesian theory → probabilities } Belief functions (DST) → degrees of belief
!belief ≤ plausibility
!e.g. accident on a certain road
Vehicle A P(R1)=0.1, P(R2)=0.9
Vehicle B P(R1)=0.1, P(R3)=0.9
Vehicle C P(R1)=0.1, P(R4)=0.9
!18
R1
R2
R3
R4