Presentation is loading. Please wait.

Presentation is loading. Please wait.

Transmission of IPv6 Packets over IEEE OCB Networks

Published byImogene Berry Modified over 6 years ago

Similar presentations

Presentation on theme: "Transmission of IPv6 Packets over IEEE OCB Networks"— Presentation transcript:

1 Transmission of IPv6 Packets over IEEE 802.11-OCB Networks
draft-haerri-ipv6-over-80211OCB-00 IETF 96, Berlin, Germany July 21, 2016 Jérôme Härri*, Alex Petrescu, Christian Huitema *Editor Address:

2 Introduction to 802.11-OCB (a.k.a. DSRC)
Scenario: IPv6 is for non-safety related traffic ONLY (according to the ITS charter) Single hop IPv6 communication – Multi-hop is in MANET (according to ITS charter) Vehicles contain one or multiple IPv6 ‘things’ Vehicles are not specifically connected to Internet (or only episodically) IPv6 stack may co-exist with non-IP stack…or not some ‘things’ may only have an IPv6 stack For Cars: Any car with its engine turned ‘on’ and participating to traffic MUST transmit non-IP traffic on ch. 178 (US)/ch. 180 (EU). IPv6 traffic may co-exist but shall not break any non-IP mechanism or generate any interference with non-IP traffic

3 Challenges (some of them…)
IPv6 over WiFi OCB: Scanning How can we dynamically ‘find’ a channel CCH (ch. 178 US, ch. 180 EU) forbidden for IPV6 Need service announcement on a ‘well-known’ channel ! Security If an RSU is connected to Internet, what is forbidding me to hacking into the Internet? For OBUs or other RSUs: how can we be sure that the one claiming to transmit is truly the transmitter? WiFi OCB link: Link asymmetry (Tx power, antenna heights): how can IPv6 and IPv6-related mechanisms adapt to asymmetric IPv6 links (non-reflective & non transitive) ? E.g.: IPv6 ND (e.g. 6lowPAN ND: RFC 6775) IP addressing & Privacy: How can I generate my IPv6 address ? DaD not fully working…(RFC4429 an option..) How can I generate my IPv6 ‘temporary/optimistic’ address? How can IPv6 mechanisms softly handle spontaneous change of IPv6 addresses (including routers)? IETF WG DMM/MIP? Privacy: IPv6 prefix shall not reflect my true subnetwork, not allow anybody to trace me back to my home network IPv6 Link Local address required, when not connected to DHCPv6 NIC/MAC shall not reflect my true ID: need NIC/MAC pseudonyms

4 Security in 802.11-OCB Systems - Asymmetric Cryptography
In order to initiate the system, a set of public/private keys needs to be obtained. Who generates these keys? A Certifying Authority / PKI third party Vehicles are „pre-loaded“ with a set of public/private key Similar to registering a vehicle and getting a license plate For anonymity, vehicles receive a „pool“ of public/private keys Large random number Key Generator Public key Private key

5 Authentication in 802.11-OCB systems- Elliptic Curve Digital Signature Algorithm (ECDSA)
Signing a hash version of the message is more efficient than signing the message itself The crypto-hash algorithm is SHA-256 Signing Function Bob Message m Digest H(m) SHA-256 Signing 32 bytes Bob Private Key Verifying Function Message m Digest H(m) Alice SHA-256 Verifying Identical! 32 bytes Bob Public Key

6 Encryption in 802.11-OCB systems - Elliptic Curve Integrated Encryption Scheme (ECIES)
Encrypting each message using an asymmetric cipher is computationally too expensive Use the property of shared secret from asymmetric cryptography Bob combines his private key with Alice‘s public key Alice combines her private key with Bob‘s public key Extract an Encryption and a MAC key from the shared secret Symmetric Cipher Alice public key Bob Encryption Combines KDF secret key MAC Bob Private key HMAC-SHA-1-160

7 Exchanging Security Credentials
Example: Authentication and Integrity Single Hop Communication: Multi-hop Communication: For a 500 bytes message, the security overhead may reach up to 71%... But more important: Who is assigning my ID? Who is assigning my certificate? ID Message Signsender Certsender 124 bytes 54 bytes 500 bytes 178 bytes Message ID Signsource Certsource Signsender Certsender 124 bytes 54 bytes 124 bytes 54 bytes 500 bytes 356 bytes

8 Address Randomization
Identifiers enable tracking MAC Address, IPv6 Prefix, IPv6 Host Identifier Randomization needs to be coordinated Certificate, MAC Address, IPv6 address all change on “renumbering event” Perform changes at the right time When it is safe, e.g., car is stopped Preferably “in a crowd”

9 Proposal Disclaimer: Pseudonyms: Security:
If a vehicle is having access to the IEEE or ETSI ITS security mechanisms USE THEM  Here, we look at the case where vehicles or other IPv6-compliant ‘things’ would not have access to them.. Pseudonyms: Random generation of a 48-MAC address, Coordinated with certificate change, IPv6 address generation Alternative: RFC4941 Security: Use well used/known security mechanisms to generate public/private keys, certificate (+ web-of-trust) CGA+RSA as in RFC 3971 (SEND) could be an option IPSec..but need mechanisms for preshared secret PGP.. Each associated to one of the random pseudonym Challenge: PKI? Root certificate? (vendors, specific ITS-related IPv6 service?)

Download ppt "Transmission of IPv6 Packets over IEEE OCB Networks"

Similar presentations

Chapter 31 Network Security

Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Secure e-mail r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.

8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Computer and Network Security - Message Digests, Kerberos, PKI –

Computer and Network Security - Message Digests, Kerberos, PKI –
Cryptography CSS 329 Lecture 13:SSL.

Cryptography CSS 329 Lecture 13:SSL.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication.

Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication.
Key management issues in PGP

Key management issues in PGP
IPSec Detailed Description and VPN

IPSec Detailed Description and VPN
Transmission of IP Packets over IEEE 802

Transmission of IP Packets over IEEE 802
Web Applications Security Cryptography 1

Web Applications Security Cryptography 1
Reviews Rocky K. C. Chang 20 April 2007.

Reviews Rocky K. C. Chang 20 April 2007.
Security&Privacy Considerations for IP over p OCB

Security&Privacy Considerations for IP over p OCB
Encryption and Network Security

Encryption and Network Security

Similar presentations

Ads by Google