Security Models in Vehicular Ad-hoc Networks: A Survey J.M de Fuentes, L. Gonzalez-Manzano, A.I Gonzalez-Tablas and J.Blasco Presented By: Chandra Bhatt CSCE813 22 Nov 2016
Agenda Introduction to VANETs Survey Introduction Security Requirements over VANETs Survey Overview Security Models Security Model Standards Survey Relevance Survey Compatibility Future Work Conclusion Questions
VANETs The Vehicular Ad-Hoc Network, or VANET, is a technology that uses moves cars as nodes in a network to create a mobile network. VANET turns every participating car into a wireless router or node, allowing cars approximately 100 to 300 metres of each other to connect and, in turn, create a network with a wide range. Vehicular Ad Hoc Networks (VANETs) are created by applying the principles of mobile ad- hoc networks(MANETs) - the spontaneous creation of a wireless network for data exchange - to the domain of vehicles. They are a key component of intelligent transportation systems(ITS).
VANET: Vehicular ad-hoc networks Main functional units of a VANET system: Vehicular Devices RSU’s (Road Side Unit) TTP’s (Trusted Third Parties) Attacker
Introduction This survey mainly addresses the security and privacy issues of the VANET’s. Several security model (academic and industrial)proposals for VANET’s have been studied and presented. Goal of this work is to perform a survey on assumptions that are the basis of several security model proposals. A comparative detailed study of 41 security model proposals from last six years has been discussed. Four key aspects of VANET’s studied are: Trust on vehicles Trust on Infrastructure entities Trusted Third Parties Attacker features
Security requirements over VANET Major security requirements over VANETs include: Anonymity/Privacy Data Integrity Sender Authentication Data trust and availability The ultimate goal of the paper is to propose a compatibility evaluation mechanism for these proposals, based on the survey results.
Survey Overview Pictorial representation of the vehicular network. Elements covered in this survey: Infrastructure Nodes Road Side Units(RSU) Vehicle Attacker
Type of Connections Infrastructure Connections: Ad-hoc Connections: These connections includes entities which offer some services such as traffic management, emergency services etc. The infrastructure entities may include legal authorities, service providers, vehicle manufacturers., etc. These entities depending on their trustworthiness may be categorised as Trusted third Parties(TTP). Ad-hoc Connections: Ad-hoc communications mainly includes communication to/from vehicles to/from RSU’s. Vehicles mostly communicate via On-board Units(OBUs) installed in vehicles. These type of communications are usually untrusted.
Why is security needed in VANETs? As all other communication networks, VANETs require some level of security and privacy to ensure a successful use and public acceptance of these vehicular networks. Identification and authentication of each communicating node (e.g. to track the malicious actions by a vehicle). Non-Repudiation: This security is an essential feature required by VANETs so that entity performing the action couldn’t deny having done it. Privacy Preservation: An unauthorized party shouldn’t be able to track a path followed by a vehicle or its current location. Also an unauthorized person shouldn’t be able to link a vehicle’s identity to its owner/driver.
Why is security needed in VANETs? (contd.) Confidentiality: This security feature ensuring that messages will only be accessed by the intended parties. Data Integrity: This feature ensures that data has not been altered since its creation. Data Trust: This security feature ensuring that data is fresh, updated and reliable. Availability: This ensures that information is readily available to every node and is processed timely. Why is security needed in VANETs? (contd.)
Survey Overview (contd..) The block diagram here represents the contents and scope of the survey. For serving the needs of authentication and privacy, different types of vehicular credentials are surveyed. Infrastructure entities are analysed on basis of trust, i.e. Trusted Third Parties(TTPs). Attacker features have been surveyed which includes malicious actions such as: What it can do(e.g. injecting packets) Attacker location(e.g. in vehicles) Attacker dimension(e.g. is it affecting the majority)
Limitations of the Survey: Limitations enlist the aspects which are beyond the scope of this survey. The credentials of RSU’s are not reviewed since RSU’s have higher computational resources than vehicles hence are more trusted. Sensor trust is not addressed as they have low reliability in vehicles(Sensors only being part of vehicular entities and OBUs). Connections between RSU’s and infrastructure nodes is also not considered since all the infrastructure entities have a reliable and established communication network which incorporates all the security measures.
Security Models: Vehicle related assumptions Vehicular Trust: (22 of 41 proposals) studied do not trust vehicular entities. Cryptographic operations have to be explicitly deployed with a reliable storage device and time source units. Few proposal have also introduced a concept of Trusted Platform Module(TPM) which provides secured storage, cryptographic computation and an internal reliable clock. 8 of 19 proposals have incorporated tamper-resistant hardware. These components can react to physical manipulation. Whereas, 6 of 19 proposals have totally tamper proof devices. Vehicular Credentials: Vehicular credentials enable electronic identification and authentication within the network. Some proposals have also used identifiers for identification purposes while public key cryptography for authentication purposes. Group keys, pseudonym based short-lived and anonymous certificates have also been used for this purpose.
Security Models: RSU related assumptions There are mixed views of RSUs being trusted in several proposals studied but most of them agree on the fact that RSU’s perform cryptographic operations. Similar to the vehicular entities RSUs are found to have tamper-resistant hardware that provides with secured storage, processing and time information. A few RSUs are proposed with a complete tamper proof device.
Security Models: TTP related assumptions Trusted Third Parties(TTPs) can include any of the government or legal authorities, emergency services, service providers, automobile manufacturers etc. Most common TTP is a Certification Authority(CA). CAs can be centralized, distributed, fully trusted and semi-trusted. Proposals addressing group of vehicles assume that there is an entity called Group Manager that manages the group. Group manager efficiently reduces the chances of performing malicious actions since it divides the task management into two sub entities: Membership Manager Tracing Manager
Security Models: Attacker related assumptions The degree of threat or the seriousness of an attack can be analysed by two main features of an attacker: Attacker’s Nature: If the attacking unit is placed in one or more vehicle/RSUs. Attacker’s dimension: If the attacker is an independent body or has a larger coverage. Types of attacks/malicious activities: Information security: Eavesdropping, modification, injection Privacy: Tracking, Impersonation Availability: Jam Physical Integrity: OBU hacking The scope of attackers/adversaries mainly depends on its dimensions. The larger the number of attackers in a group more is the coverage of the attacks.
Security Standards There are two types of standardizations relevant to the field of information security: CALM(Communication Access for Land Mobiles) by ISO ISO 21217 ISO 11776 ISO 11769 ISO 12859 WAVE(Wireless access in vehicular environments) by IEEE. IEEE 1609.2 IEEE 1609.0
ISO 21217: CALM security standard This standard defines general architecture and security issues for communication networks. Under ISO21217, there are two security related documents ISO11776 and ISO11769, both of which cover security considerations for lawful interception and data retention. Both of these standards define how interception must be performed and for how long data must be retained. Another security standard ISO12859 comes under ISO21217 which covers privacy in Intelligent Transport Systems(ITS). ISO12859 states that special attention should be put on storage, transmission, processing of information, providing required access control. This standard proposes a security module that manages three main security elements Firewall, authentication and identity and cryptographic material.
IEEE 1609.2: WAVE Security standard This standard mainly describes the administrative functions necessary to support the core security operations. The security services considered are Confidentiality, Authentication, Authorization and Integrity. Each network node stores several key pairs and keys can be public or private. While to refer to a concrete key pair an identifier called Crypto-material Handle is used. For message revocations, Certification Revocation Lists have been introduced which mainly assesses the trust and validity of a certificate.
Survey Relevance 41 security models from the past six years have been studied by the authors in the survey. There is a representative proposal studied for each of the years shown in the histogram. One of the survey was taken from year 2004 since it had an high impact (to more than 270 cities).
Survey Relevance Histogram representing the proposals considered in the survey are sorted from diverse sources. Security models have been referred from several Conferences, Journals and Thomson’s Journal Citation Report (JCR). Almost half of the security models studied are from the renowned conferences and other half belong to highly impacting security models in JCRs.
Survey Relevance (contd..) Distribution of security services covered by selected articles in the survey.
Comparing Security Models Comparison and determining the compatibility of different security models is important to develop a holistic security framework for a network. The survey has also proposed a systematic comparison chart which could distinctively analyse key aspects of a security model. There is a scope of future enhancement to this approach in which the prospective cases do not have similar features.
Previous works: A previous survey by Stampoulis and Chai has been done which contained the overview of security requirements. This survey is an expansion to this previous work which incorporates newer security models. Revisions made to the previous work: Trustworthiness on each node/device. Security considerations by IEEE & ISO standards are defined. A systematic comparing mechanism is proposed.
Future Work on VANET security models A future scope of improvement on this research, can be an extension to the studied security models. If more amount of proposals are take into scope of the survey it shall be helpful in addressing other issues impacting the global security. Also, an improved comparing mechanism will fine-grain the research to determine if two security proposals with different assumptions can coexist.
Conclusion The survey of 41 security related works in vehicular networks has been presented. This survey has focused on taking assumptions over the vehicular devices, Road-side units(RSUs), Trusted Third parties and Attacker features. Significant amount of proposals studied do not clarify on trusting vehicular devices or RSUs. This survey aims to bring together standards and scientific contributions carefully analysing their compatibility with respect to different assumptions made.
Questions. . . ? Thank You !