P2 DAP-Sybil Attacks Detection in Vehicular Ad hoc Networks..

Slides:



Advertisements
Similar presentations
Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.
Advertisements

Wenmao Liu Harbin Institute of Technology China. Outline ITS & VANETs Security Issues and Solutions An autonomous architecture Conclusion.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
By Md Emran Mazumder Ottawa University Student no:
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
Delay bounded Routing in Vehicular Ad-hoc Networks Antonios Skordylis Niki Trigoni MobiHoc 2008 Slides by Alex Papadimitriou.
Digital Signatures and Hash Functions. Digital Signatures.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Securing Vehicular Commuinications – Assumptions, Requirements, and Principles P. Papadimitratos, EPFL, Lausanne, Switzerland V. Gligor, University of.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.
1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.
August 6, 2003 Security Systems for Distributed Models in Ptolemy II Rakesh Reddy Carnegie Mellon University Motivation.
TEMPLATE DESIGN © Privacy Issues of Vehicular Ad-hoc Networks (VANETs) Hang Dok and Ruben Echevarria Advisor: Dr. Huirong.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Diffie-Hellman Key Exchange
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Computer Science Public Key Management Lecture 5.
CSCI 6962: Server-side Design and Programming
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
SecureMR: A Service Integrity Assurance Framework for MapReduce Author: Wei Wei, Juan Du, Ting Yu, Xiaohui Gu Source: Annual Computer Security Applications.
A Study of Live Video Streaming over Highway Vehicular Ad hoc Networks Meenakshi Mittal ©2010 International Journal of Computer Applications ( )Volume.
By: Diana Ornelas.  A LAN that is inside & around the vehicle  Is a branch under VANET  4 types of communication:  Vehicle-to-vehicle  Intra-vehicular.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Chapter 21 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security (CS435) Part Eight (Key Management)
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Attacks in Sensor Networks Team Members: Subramanian Madhanagopal Sivasankaran Rahul Poondy Mukundan.
PUBLIC KEY CRYPTOGRAPHY ALGORITHM Concept and Example 1IT352 | Network Security |Najwa AlGhamdi.
Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
BY: CHRIS GROVES Privacy in the Voting Booth. Reason for Privacy Voters worry that their vote may be held against them in the future  People shouldn’t.
Key Management Network Systems Security Mort Anvari.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
Fall 2006CS 395: Computer Security1 Key Management.
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.
VANETs. Agenda System Model → What is VANETs? → Why VANETs? Threats Proposed Protocol → AOSA → SPCP → PARROTS Evaluation → Entropy → Anonymity Set → Tracking.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai Supervised.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
VANET.
Key Management Network Systems Security
Secure Diffie-Hellman Algorithm
Presentation transcript:

P2 DAP-Sybil Attacks Detection in Vehicular Ad hoc Networks..

OUTLINE INTRODUCTION. EXITING SYSTEM. PROBLEM STATEMNET. PROPOSED WORK. REFERENCE.

INTRODUCTION What is ad hoc network ? Adhoc network refer to a network connection established for single session. What is VANET ? The vehicular ad hoc network (VANET) is a special communication pattern to provide communication information within the roadside box-to-vehicle and inter-vehicle with the aid of wireless network. VANET are begin increasingly supported for traffic control, accident avoidance and management of parking lots and public area.

Architecture of VANET RSB Overheard traffic information V2R V2 V1 V2V V3 Overheard traffic info or DMV

Assumption on VANET Architecture 1.DMV is a trusted party that maintains vehicles records and distributes certified pseudonyms to vehicles.DMV has enough resources to generate pseudonyms (certified public key )quickly and store all vehicles related information. 2.Vehicles are untrusted party. they communicate with each other in a multihop manner. A message exchange among vehicles is singed with a DMV certified pseudonyms. 3.RSB are wireless access point.they are scattered along the road and connected to DMV via a backhaul network, acting as intermediate to the DMV. the RSB monitor vehicular activity, identify suspicious behavior and report to DMV for confirmation and punishment

There are two type of communication in VANET. 1.Vehicular to Vehicular Communication(V2V). Vehicles communicates with each other through wireless medium. 11.Vehicular to Road Side Box(V2R) It is the direct wireless exchange of relevant information between vehicles and the communication units placed on the side of roads i.e. road side box. Application of VANET 1. Traffic Information 2. Road Condition and weather Info. 3. Increase Traveler Safety. 4. Electronic Toll Collection 5. Accident avoidance in road.

Sybil Attack What is Sybil Attack ? If vehicle use multiple pseudonyms to sign an event such that other thing multiple vehicle report same event the action consider as Sybil Attack A Sybil attack is a type of attack in which a malicious node illegally create duplicate multiple vehicle identities. Fig. Node Participate in Sybil Attack Node in Sybil Attack Sybil Node Malicious Node or Sybil Attacker

Malicious node/Sybil Attacker:- The node which copy the identities of other nodes. Sybil node:- Additional identities created by the malicious node are known as Sybil nodes

Exiting System P 2 DAP Scheme are used for handling Sybil attack. The main purpose is to detect Sybil attacks and revoke malicious vehicles immediately after detection. this scheme is distributed in three stage 1.Complete Two-Stage P 2 DAP Scheme 2.E-P 2 DAP – Detecting Events Instead of Sybil Attack. 3.T-P 2 DAP – Detecting Collusion

Complete Two-Stage P2DAP Scheme The DMV knows the total number of vehicles, and sequentially generates a sufficient number of yearly pseudonyms for all the vehicles. After generating a pseudonym p, the DMV first hashes (p | κc) using a one-way hash function, where κc is a global key. It then selects a set of bits from the hashed result to create hash collisions. The selected bits are referred as “coarse- grained hash value”. After that, the pseudonym p is placed into a group, which stores the pseudonyms with the same coarse-grained hash values. In other words, for each pseudonym pl in the m-th coarse- grained group, we have H(pl|κc) = Γm, where H is a one-way hash function, and Γm is the coarse-grained hash value for group m

We refer such groups as “coarse-grained groups”. The key κc will be distributed to all the RSBs. DMV calculates the hash value for the above p with a new key κf, and selects a set of bits from the result. The bits selected from the new hash value are referred as the “fine-grained hash value”. The pseudonym p is then placed into a subgroup of the coarse- grained group, namely fine grained group, in which all the pseudonyms have the same fine-grained hash value. For each pseudonym pl in the n-th fine-grained group under the m- th coarse-grained group, we have H(pl |κf) = Θn, where Θn is the fine-grained hash value for the subgroup n. H(p|κc) = H(p|κc), H(p|κf) = H(p|κf ), In Simplest Coarse Gained Hash Value is Calculated at RSB Site DMV Calculates Fine Gained Hash Value because DMV do not give Secret Key to RSB

E-P2DAP – Detecting Events Instead of Sybil Attack. In the C-P2DAP scheme, an RSB reports to the DMV whenever it finds any set of pseudonyms that hash to the same coarse-grained values. when an event is reported by a large number of vehicles, C-P2DAP can cause false alarms. Assumptions (1). Each false (faked) event is generated by only one malicious vehicle. (2). Benign vehicles will not report false events. For an event (ti, lj, ek), the RSB collects a list of pseudonyms Li,j,k used to sign the event. If ∀ p, p ∈ Li,j,k, H(p|κc) = H(p|κc), i.e., all the pseudonyms used to sign (ti, lj, ek) have the same coarse-grained hash value, then the event is probably sent from only one vehicle, and is likely a faked event. In this case, the RSB generates a report with the same format as in C-P2DAP and sends it to the DMV.

DMV only needs to examine the pseudonyms in two cases: 1) an attacker reports a false event and carries out a Sybil attack; 2) a true event is reported by multiple benign vehicles whose pseudonyms have the same coarse-grained hash value, which is a false alarm The number of false alarms is likely to be small compared to the total number of the pseudonyms that RSBs process. That Reduces the overhead of DMV.

T-P2DAP – Detecting Collusion One issue with the E-P2DAP scheme is that it cannot detect colluding vehicles, i.e., two or more malicious vehicles reporting the same faked event. Faked event is generated by minimum two vehicles but vehicle number will not be exceed the threshold τ. for a pseudonym list Li,j,m, the RSB calculates the coarse-grained hash value for each pseudonym p ∈ Li,j,k, and obtains a set of coarse-grained hash values Sc. If |Sc| ≤ τ and two or more pseudonyms in Li,j,k map to the same coarsegrained hash value, the RSB suspects the event to be fake and reports to the DMV.

Drawback of Existing System. Drawback of Existing System. By this Three Scheme we Only detect the sybil attack but can not revoke it. By this scheme overhead of traffic increases because malicious vehicle try to get the pseudonyms from DMV so overhead increases.

Proposed Work Proposed Work 1. Network Generation and Vehicle Registration with public authentication Key. 2.Detection of Sybil Attack. 2.1 Encryption of Message 2.2 Key Exchange 2.3 Decryption 3. Revoking The Sybil Attack

Block Diagram Block Diagram

Network Generation and Vehicle Registration with public authentication Key Create Region Create DMV OR RSB. Create Node or Vehicle With Parameter IP Address, ID, UID, Max and min wait time, Max and Min Speed. DMV Can Register the Vehicle with Public Authentication Key before vehicle can transmit the message.

Detection Of Sybil Attack Encryption of Message In this Phase Source Node can Encrypt the with Public Key Cryptography. In phase1, each vehicle should be registered in a group and receive its public authentication key (AK) before any message transmission. For signing a message, the vehicle uses group authentication key and encryption function and sends it along with original message to other vehicle and RSU

Key Exchange Algorithm RSU don’t have Private Key of Regional DMV so it sends request to Regional DMV for OBUid decryption. Regional DMV don’t have private key of Vehicle so it sends request to Home DMV for getting Private key of Vehicle. Home DMV reply private key to Regional DMV.

Alice and Bob agree to use a modulus p = 23 and base g = 5 (which is a primitive root modulo 23). Alice chooses a secret integer a = 6, then sends Bob A = g a mod p ◦ A = 5 6 mod 23 = 8 Bob chooses a secret integer b = 15, then sends Alice B = g b mod p ◦ B = 5 15 mod 23 = 19 Alice computes s = B a mod p ◦ s = 19 6 mod 23 = 2 Bob computes s = A b mod p ◦ s = 8 15 mod 23 = 2 Alice and Bob now share a secret (the number 2).

Algorithm used for Sybil attack detection 1- EH(PUAK(M)) from source node S 2- EH(SKA(IDA| HAK(M))) from source node S 3- E(PUCA(IDA, HSKA(IDA| HAK(M)))) from node S 4- SEND(RQST(M,HAK(M),CAh,OBUId) from source node S to local RSU other vehicle in local region) 5- EH(PUAK(M)) in RSU and IF(HAK(M)==HAK(M)) THEN go to step 7 else go to step 6 6- REPORT to CAl “the message is fault” 7- D(SKCl(IDA, HSKA(IdA| HAK(M))) in CAl 8- REQST(PUA) to CAh 9- RPLY(PUA) to CAl 10- EH(SKA(IDA|HAK(M))) and IF(HSKA(IDA|HAK(M))==HSKA(IDA|HAK(M))) THEN Sybil attack detect.

Revoking the Sybil Attack When any Home DMV Detects the sybil Attack it then Sends the request to regional DMV for revoking the node or Vehicle. So Regional DMV now Block or remove the node from region. So now Node Ultimately removes from root as well as Network.