Implementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-hoc Networks Petra Ardelean Advisor: Panos Papadimitratos.

Slides:

Advertisements

Similar presentations

Efficient Secure Aggregation in VANETs Maxim Raya, Adel Aziz, and Jean-Pierre Hubaux Laboratory for computer Communications and Applications (LCA) EPFL.

Advertisements

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

Survey of Vehicular Network Security Jonathan Van Eenwyk.

Securing Vehicular Communications Author ： Maxim Raya, Panos Papadimitratos, and Jean-Pierre Hubaux From ： IEEE Wireless Communications Magazine, Special.

A Survey of Secure Wireless Ad Hoc Routing

Comp 361, Spring 20056:Basic Wireless 1 Chapter 6: Basic Wireless (last updated 02/05/05) r A quick intro to CDMA r Basic

1 Key Management for Vehicular Networks Maxim Raya and Jean-Pierre Hubaux Secure Vehicular Communications Workshop EPFL - 19/05/2015.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Security Improvement for Ad Hoc Wireless Network Visal Kith ECE /05/2006.

A Mobile Infrastructure Based VANET Routing Protocol in the Urban Environment School of Electronics Engineering and Computer Science, PKU, Beijing, China.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Mini-Project 2007 On Location Privacy in Vehicular Mix-Networks Julien Freudiger IC-29 Self-Organised Wireless and Sensor Networks Tutors: Maxim Raya Márk.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Securing Vehicular Commuinications – Assumptions, Requirements, and Principles P. Papadimitratos, EPFL, Lausanne, Switzerland V. Gligor, University of.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

Mini-Project 2006 Secure positioning in vehicular networks based on map sharing with radars Mini-Project IC-29 Self-Organized Wireless and Sensor Networks.

An Efficient and Spontaneous Privacy-Preserving Protocol for Secure Vehicular Communications Hu Xiong, Konstantin Beznosov, Zhiguang Qin, Matei Ripeanu.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Centre for Wireless Communications University of Oulu, Finland

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

1 Credentials Revocation in Vehicular Networks: Design & Evaluation Ghita Mezzour Panos Papadimitratos.

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

MOCA : Mobile Certificate Authority for Wireless Ad Hoc Networks The 2nd Annual PKI Research Workshop (PKI 2003) Seung Yi, Robin Kravets September. 25,

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

1 / 18 Fariba alamshahi Secure Routing and Intrusion Detection in Ad Hoc Networks Supervisor: Mr.zaker Translator: fariba alamshahi.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

An Efficient and Secure Event Signature (EASES) Protocol for Peer-to-Peer Massively Multiplayer Online Games Mo-Che Chan, Shun-Yun Hu and Jehn-Ruey Jiang.

A Study of Live Video Streaming over Highway Vehicular Ad hoc Networks Meenakshi Mittal ©2010 International Journal of Computer Applications ( )Volume.

02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.

Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.

DYNAMIC VALIDITY PERIOD CALCULATION OF DIGITAL CERTIFICATES BASED ON AGGREGATED SECURITY ASSESSMENT By Alexander Beck Jens Graupmann Frank Ortmeier.

KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Version Number Authentication and Local Key Agreement Levente Buttyán Laboratory of Cryptography and System Security (CrySyS) Budapest University of Technology.

CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

SECURITY SCHEMES FOR AMI Jincheol Kim et al. – Korea – Distribution business and impact of regulation – 0845 Jincheol Kim, Seongji Ahn, Youngeok Kim Jongman.

Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.

Small-Scale and Large-Scale Routing in Vehicular Ad Hoc Networks Wenjing Wang 1, Fei Xie 2 and Mainak Chatterjee 1 1 School of Electrical Engineering and.

TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

Group-based Source Authentication in VANETs You Lu, Biao Zhou, Fei Jia, Mario Gerla UCLA {youlu, zhb, feijia,

Ensuring Sufficient Entropy in RSA Modulus Generation Wendy Mu Henry Corrigan-Gibbs Dan Boneh.

1 Thuy, Le Huu | Pentalog VN Web Services Security.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Network Raymond Chang March 30, 2005 EECS 600 Advanced Network Research, Spring.

To ensure secure and dependable monitoring of rail cars transporting hazardous materials, providing resiliency against both random and malicious threats.

A Mechanism for Communication- Efficient Broadcast Encryption over Wireless Ad Hoc Networks Johns Hopkins University Department of Computer Science Reza.

1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.

DETECTION AND IGNORING BLACK HOLE ATTACK IN VANET NETWORKS BASED LATENCY TIME CH. BENSAID S.BOUKLI HACENE M.K.FAROUAN 1.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

VANETs. Agenda System Model → What is VANETs? → Why VANETs? Threats Proposed Protocol → AOSA → SPCP → PARROTS Evaluation → Entropy → Anonymity Set → Tracking.

Presented by: Reut Barazani Limor Levy. Contents Introduction Digital signature broadcast message authentication TESLA broadcast message authentication.

VEHICULAR AD HOC NETWORKS GAURAV KORDE KAPIL SHARMA.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

Cryptography CSS 329 Lecture 13:SSL.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

29/Jul/2009 Young Hoon Park.  M.Bellare, D.Micciancio, B.Warinschi, Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and.

Indian Institute Of Technology, Delhi Page 1 Enhancements in Security, Performance Modeling and Optimization in Vehicular Networks Ashwin Rao 2006SIY7513.

Information Security message M one-way hash fingerprint f = H(M)

Internet Protocol (IP)

MSc Thesis: Mohammad Khodaei Supervisor: Prof. Panos Papadimitratos

Privacy Preservation and Protection Scheme over ALARM on Geographical routing B. Muthusenthil, S. Murugavalli Results The PPS is geographical routing protocol,

Presentation transcript:

Implementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-hoc Networks Petra Ardelean Advisor: Panos Papadimitratos

Vehicular Ad-hoc Network (VANET) Designed to provide safety and comfort for passengers Using asymmetric cryptography  Certificate Authority (CA) issues certificates  Signature verification using the public key 2

Problem description CRLs are needed for  Excluding compromised, faulty or illegitimate nodes  Preventing the use of compromised cryptographic material How to distribute large CRLs in a reasonable time with low bandwidth utilization? 3

State of the art (1) Papadimitratos et al, Certificate Revocation List Distribution in Vehicular Communication Systems [1]  The CA uses the infrastructure (RSUs) to send the CRLs to the vehicles  Use encoding mechanisms for redundancy 4

State of the art (2) K. Laberteaux et al, Security Certificate Revocation List Distribution for VANET [2]  RSUs used as the first phase of the dissemination  Vehicles broadcast CRL updates to other vehicles 5

State of the art (3) P. Papadimitratos et al, Secure Vehicular Communications: Design and Architecture [3]  Revocation Protocol of the Tamper-Proof Device (RTPD)  Revocation Protocol using Compressed Certificate Revocation (RCCRL)  Distributed Revocation Protocol (DRP) 6

General concept CRL Distribution System RSU3RSU2RSU1 Random encoded pieces 7

CRL Distribution System CA (1) Generate CRL (2) Encode the CRL (3) Sign each piece from (2) Network Communication (1)Compute how many pieces from (3) should be sent to each RSU (2)Send the pieces to the RSUs 8

The Encoding … CRLM parts CRL version Time stamp Sequence number CA ID Encoded CRL piece Signature CA private key Packet format sent to the RSUs … Rabin’s algorithm N pieces, N > M Encoded CRL 9

Packet format sent to the RSUs 1. Verify signature 2. Store CRL piece 3. If enough pieces stored, decode, i.e. reconstruct the CRL CRL version Time stamp Sequence number CA ID Encoded CRL piece Signature CA private key 10 Vehicle – Receiving CRLs

Implementation C++ implementation Using openSSL cryptographic library for  Generating the CRLs  Signing and verifying the encoded pieces Using Rabin’s algorithm as an erasure code 11

Implementation Network Communication Configuration file with the RSUs IP addresses Source routing to send random pieces to each RSU Encoded pieces sent in UDP packets 12

Rabin’s algorithm - Encoding 13 MMMM B NxM A X = N x L W M x L CRL

Rabin’s algorithm - Decoding 14 W’ M x L A’ M x M X = B M x L CRL

Evaluation Settings (1) 15 random encoded pieces CRL Distribution System RSU

Evaluation Settings (2) 16 Laptop configuration CPUIntel 1.8 GHz Operating SystemLinux LibraryOpenSSL 0.9.8g Compilergcc Wireless card802.11b AP configuration Bit rate5.5 Mbps

Evaluation Purposes Examine the system performance by  varying the CRL size  varying the encoding vectors number and length 17

Evaluation Results (1) Figures  show 95% confidence intervals  100 iteration for each experiment M and N variations  M Є [25,100], increasing by 25  N chosen as the redundancy factor is r = N / M is 1.5 Velocity 3 km/h 18

Evaluation Results (2) 19

Evaluation Results (2) 20

Evaluation Results (2) The encoding vectors should be chosen in concordance with the CRL size 21

Evaluation Results (3) 22

Evaluation Results (3) The time to reconstruct the original CRL is inverse proportional with the redundancy factor 23

Conclusion First implementation of a CRL distribution system for VANET Performance measurements conducted on the system 24

Further work Compare the experimental results with simulation results Integrate the CRL Distribution system into the Vehicular Communication project 25

Thank you Questions? 26

Bibliography [1]P. Papadimitratos, G. Mezzour, and J.-P. Hubaux, Certificate Revocation List Distribution in Vehicular Communication Systems, short paper, ACM VANET 2008, San Francisco, CA, USA, September 2008 [2]K. Laberteaux, J. Haas, and Y-C Hu, Security Certicate Revocation List Distribution for VANET, ACM VANET, San Francisco, CA, USA, September 2008 [3]P. Papadimitratos, L. Buttyan, T. Holczer, E. Schoch, J. Freudiger, M. Raya, Z. Ma, F. Kargl, A. Kung, and J.-P. Hubaux, Secure Vehicular Communications: Design and Architecture, IEEE Communications Magazine, November