1 Key Management for Vehicular Networks Maxim Raya and Jean-Pierre Hubaux Secure Vehicular Communications Workshop EPFL - 19/05/2015.

Slides:



Advertisements
Similar presentations
Wenmao Liu Harbin Institute of Technology China. Outline ITS & VANETs Security Issues and Solutions An autonomous architecture Conclusion.
Advertisements

Efficient Secure Aggregation in VANETs Maxim Raya, Adel Aziz, and Jean-Pierre Hubaux Laboratory for computer Communications and Applications (LCA) EPFL.
Chris Karlof and David Wagner
CP3397 ECommerce.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
Survey of Vehicular Network Security Jonathan Van Eenwyk.
Securing Vehicular Communications Author : Maxim Raya, Panos Papadimitratos, and Jean-Pierre Hubaux From : IEEE Wireless Communications Magazine, Special.
1 Performance 2005 October 6, 2005 Juan les Pins Performance Challenges in Secure Vehicular Networks Prof. Jean-Pierre Hubaux EPFL With the help of Srdjan.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 2 – Upcoming networks Generalities.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Securing Vehicular Commuinications – Assumptions, Requirements, and Principles P. Papadimitratos, EPFL, Lausanne, Switzerland V. Gligor, University of.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
1 Credentials Revocation in Vehicular Networks: Design & Evaluation Ghita Mezzour Panos Papadimitratos.
A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.
Computer Science Public Key Management Lecture 5.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Secure pseudonym generation for efficient broadcast authentication in VANETs Deepak N Ananth and Manjusha Gadiraju CSC / ECE 774.
PARROTS Position Altered Random Repetition of Transportation Signature
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Implementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-hoc Networks Petra Ardelean Advisor: Panos Papadimitratos.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
1 Chapter 9: Key Management All algorithms we have introduced are based on one assumption: keys have been distributed. But how to do that? Key generation,
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.
DIGITAL SIGNATURE.
Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Prof. J.-P. Hubaux Mobile Networks Module I – Part 2 Securing Vehicular Networks 1.
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
By Team Trojans -1 Arjun Ashok Priyank Mohan Balaji Thirunavukkarasu.
1 Vehicular Networks Slides are integrated from researchers at EPFL.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.
Chapt. 10 – Key Management Dr. Wayne Summers Department of Computer Science Columbus State University
Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
Network Security Celia Li Computer Science and Engineering York University.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Fall 2006CS 395: Computer Security1 Key Management.
VANETs. Agenda System Model → What is VANETs? → Why VANETs? Threats Proposed Protocol → AOSA → SPCP → PARROTS Evaluation → Entropy → Anonymity Set → Tracking.
Eyal Hamo Berry Shnaider בס " ד 1.
VEHICULAR AD HOC NETWORKS GAURAV KORDE KAPIL SHARMA.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
29/Jul/2009 Young Hoon Park.  M.Bellare, D.Micciancio, B.Warinschi, Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and.
Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.
Indian Institute Of Technology, Delhi Page 1 Enhancements in Security, Performance Modeling and Optimization in Vehicular Networks Ashwin Rao 2006SIY7513.
VANET.
Cryptography and Network Security
Presentation transcript:

1 Key Management for Vehicular Networks Maxim Raya and Jean-Pierre Hubaux Secure Vehicular Communications Workshop EPFL - 19/05/2015

2 Outline  Threat model and specific attacks  Security architecture  Certificate revocation

3 Threat model  An attacker can be: Insider / Outsider Malicious / Rational Active / Passive  Attackers can collude  The majority of vehicles are honest  Authorities cannot be compromised

4 Attack 1 : Bogus traffic information Traffic jam ahead  Attacker: insider, rational, active

5 Attack 2 : Disruption of network operation SLOW DOWN The way is clear  Attacker: insider, malicious, active

6 Attack 3: Cheating with identity, speed, or position Wasn’t me!  Attacker: insider, rational, active

7 At 3:00 - Vehicle A spotted at position P1 At 3:15 - Vehicle A spotted at position P2  Attacker: passive  Big Brother syndrome! Attack 4 : Tracking

8 Security system requirements  Sender authentication  Verification of data consistency  Availability  Non-repudiation  Privacy  Real-time constraints

9 Security Architecture

10 Digital signatures  Symmetric cryptography is not suitable: messages are standalone, large scale, non-repudiation requirement  Hence each message should be signed with a DS  Liability-related messages should be stored in the EDR

11 VPKI (Vehicular PKI) PKI Security services Positioning Confidentiality Privacy... CA P A P B Authentication Shared session key  Each vehicle carries in its Tamper-Proof Device (TPD): A unique and certified identity: Electronic License Plate (ELP) A set of certified anonymous public/private key pairs  Mutual authentication can be done without involving a server  Authorities (national or regional) are cross-certified

12 The CA hierarchy: two options Car A Car B Car A Car B Manuf. 1 Manuf Governmental Transportation Authorities 2. Manufacturers  The governments control certification  Long certificate chain  Keys should be recertified on borders to ensure mutual certification  Vehicle manufacturers are trusted  Only one certificate is needed  Each car has to store the keys of all vehicle manufacturers

13 Anonymous keys  Preserve identity and location privacy  Keys can be preloaded at periodic checkups  The certificate of V’s i th key:  Keys renewal algorithm according to vehicle speed (e.g., ≈ 1 min at 100 km/h)  Anonymity is conditional on the scenario  The authorization to link keys with ELPs is distributed

14 DoS resilience  Vehicles will probably have several wireless technologies onboard  In most of them, several channels can be used  To thwart DoS, vehicles can switch channels or communication technologies  In the worst case, the system can be deactivated Network layer DSRC GSM/3-4G Bluetooth Other

15 Data verification by correlation  Bogus info attack relies on false data  Authenticated vehicles can also send wrong data (on purpose or not)  The correctness of the data should be verified  Correlation can help

16 Security analysis  How much can we secure VANETs?  Messages are authenticated by their signatures  Authentication protects the network from outsiders  Correlation and fast revocation reinforce correctness  Availability remains a problem that can be alleviated  Non-repudiation is achieved because: ELP and anonymous keys are specific to one vehicle Position is correct if secure positioning is in place  Formal security analysis envisioned within the MICS VerSePro project (in collaboration with ETHZ)

17 What PK cryptosystem to use?  Available options: RSA Sign: the most popular but also has the largest key size ECDSA: the most compact NTRUSign: the fastest in signing and verification Other (XTR, HEC, Braid groups, Merkle trees, …)  Signature verification speed matters the most  Further improvements that can help: Vehicles verify only relevant content Several messages may be signed with the same key

18 Performance comparison PKCSKey, Sig size (bytes)T tx (Sig) (ms) RSA ECDSA28, , NTRU PKCSGeneration (ms)Verification (ms) ECDSA NTRU Memory-constrained Pentium II 400 MHz workstation  Key and signature size  Signature generation and verification

19 Performance evaluation  ns-2 simulations  Two scenarios drawn from DSRC  The effect of message size (including the security material) on delay, number of received packets, and throughput is evaluated Not to scale

20 How msg size affects Delay, … NTRU No security ECDSA RSA

21 … Number of received packets, … NTRU No security ECDSA RSA

22 … and Throughput NTRU No security ECDSA RSA

23 Certificate revocation in VANETs¹  The CA has to revoke invalid certificates: Compromised keys Wrongly issued certificates A vehicle constantly sends erroneous information  Using Certificate Revocation Lists (CRL) is not appropriate  We propose 3 protocols to revoke a vehicle’s keys: Rev. of the Tamper-Proof Device (RTPD): CA revokes all keys Rev. by Compressed CRLs (RCCRL): if TPD is not reachable Distributed Revocation Protocol (DRP): initiated by peers; generates a report to the CA, which triggers the actual revocation by RTPD/RCCRL ¹In collaboration with Daniel Jungels and Imad Aad

24 Revocation of the Tamper-Proof Device (RTPD) secure message Paging area broadcast broadcast secure message broadcast compressed CRL ACK (via BS) 1. IP-routing 2. IP-broadcast 3. low-speed broadcast query last known locations from accusations M TPD: erases keys + stops signing

25 Revocation by Compressed CRLs (RCCRL) set “blacklisted” query “blacklisted” + currently valid compressed CRL ignore msg from M M broadcast Low-speed broadcast

26 Distributed Revocation Protocol (DRP) M A B C acc.-db “M” +sig. A Accusation-msgs against M +sig. C “M” +sig. A +sig. C +sig. B report to CA forward Disregard-msgs with supporting sigs. Disregard M +sig. C +sig. B

27 DRP speed

28 DRP coverage

29 Conclusion  VANET security is very important  We presented its main aspects: Threat model Security architecture  Tradeoffs exist, e.g., between privacy and liability  The choice of the cryptosystem is crucial  More info at