Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Key Management for Vehicular Networks Maxim Raya and Jean-Pierre Hubaux Secure Vehicular Communications Workshop EPFL - 19/05/2015.

Published byGary Johns Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Key Management for Vehicular Networks Maxim Raya and Jean-Pierre Hubaux Secure Vehicular Communications Workshop EPFL - 19/05/2015."— Presentation transcript:

1 1 Key Management for Vehicular Networks Maxim Raya and Jean-Pierre Hubaux Secure Vehicular Communications Workshop EPFL - 19/05/2015

2 2 Outline  Threat model and specific attacks  Security architecture  Certificate revocation

3 3 Threat model  An attacker can be: Insider / Outsider Malicious / Rational Active / Passive  Attackers can collude  The majority of vehicles are honest  Authorities cannot be compromised

4 4 Attack 1 : Bogus traffic information Traffic jam ahead  Attacker: insider, rational, active

5 5 Attack 2 : Disruption of network operation SLOW DOWN The way is clear  Attacker: insider, malicious, active

6 6 Attack 3: Cheating with identity, speed, or position Wasn’t me!  Attacker: insider, rational, active

7 7 At 3:00 - Vehicle A spotted at position P1 At 3:15 - Vehicle A spotted at position P2  Attacker: passive  Big Brother syndrome! Attack 4 : Tracking

8 8 Security system requirements  Sender authentication  Verification of data consistency  Availability  Non-repudiation  Privacy  Real-time constraints

9 9 Security Architecture

10 10 Digital signatures  Symmetric cryptography is not suitable: messages are standalone, large scale, non-repudiation requirement  Hence each message should be signed with a DS  Liability-related messages should be stored in the EDR

11 11 VPKI (Vehicular PKI) PKI Security services Positioning Confidentiality Privacy... CA P A P B Authentication Shared session key  Each vehicle carries in its Tamper-Proof Device (TPD): A unique and certified identity: Electronic License Plate (ELP) A set of certified anonymous public/private key pairs  Mutual authentication can be done without involving a server  Authorities (national or regional) are cross-certified

12 12 The CA hierarchy: two options Car A Car B Car A Car B Manuf. 1 Manuf. 2 1. Governmental Transportation Authorities 2. Manufacturers  The governments control certification  Long certificate chain  Keys should be recertified on borders to ensure mutual certification  Vehicle manufacturers are trusted  Only one certificate is needed  Each car has to store the keys of all vehicle manufacturers

13 13 Anonymous keys  Preserve identity and location privacy  Keys can be preloaded at periodic checkups  The certificate of V’s i th key:  Keys renewal algorithm according to vehicle speed (e.g., ≈ 1 min at 100 km/h)  Anonymity is conditional on the scenario  The authorization to link keys with ELPs is distributed

14 14 DoS resilience  Vehicles will probably have several wireless technologies onboard  In most of them, several channels can be used  To thwart DoS, vehicles can switch channels or communication technologies  In the worst case, the system can be deactivated Network layer DSRC GSM/3-4G Bluetooth Other

15 15 Data verification by correlation  Bogus info attack relies on false data  Authenticated vehicles can also send wrong data (on purpose or not)  The correctness of the data should be verified  Correlation can help

16 16 Security analysis  How much can we secure VANETs?  Messages are authenticated by their signatures  Authentication protects the network from outsiders  Correlation and fast revocation reinforce correctness  Availability remains a problem that can be alleviated  Non-repudiation is achieved because: ELP and anonymous keys are specific to one vehicle Position is correct if secure positioning is in place  Formal security analysis envisioned within the MICS VerSePro project (in collaboration with ETHZ)

17 17 What PK cryptosystem to use?  Available options: RSA Sign: the most popular but also has the largest key size ECDSA: the most compact NTRUSign: the fastest in signing and verification Other (XTR, HEC, Braid groups, Merkle trees, …)  Signature verification speed matters the most  Further improvements that can help: Vehicles verify only relevant content Several messages may be signed with the same key

18 18 Performance comparison PKCSKey, Sig size (bytes)T tx (Sig) (ms) RSA2560.171 ECDSA28, 560.019, 0.038 NTRU1970.131 PKCSGeneration (ms)Verification (ms) ECDSA3.2557.617 NTRU1.5871.488 Memory-constrained Pentium II 400 MHz workstation  Key and signature size  Signature generation and verification

19 19 Performance evaluation  ns-2 simulations  Two scenarios drawn from DSRC  The effect of message size (including the security material) on delay, number of received packets, and throughput is evaluated Not to scale

20 20 How msg size affects Delay, … NTRU No security ECDSA RSA

21 21 … Number of received packets, … NTRU No security ECDSA RSA

22 22 … and Throughput NTRU No security ECDSA RSA

23 23 Certificate revocation in VANETs¹  The CA has to revoke invalid certificates: Compromised keys Wrongly issued certificates A vehicle constantly sends erroneous information  Using Certificate Revocation Lists (CRL) is not appropriate  We propose 3 protocols to revoke a vehicle’s keys: Rev. of the Tamper-Proof Device (RTPD): CA revokes all keys Rev. by Compressed CRLs (RCCRL): if TPD is not reachable Distributed Revocation Protocol (DRP): initiated by peers; generates a report to the CA, which triggers the actual revocation by RTPD/RCCRL ¹In collaboration with Daniel Jungels and Imad Aad

24 24 Revocation of the Tamper-Proof Device (RTPD) secure message Paging area broadcast broadcast secure message broadcast compressed CRL ACK (via BS) 1. IP-routing 2. IP-broadcast 3. low-speed broadcast query last known locations from accusations M TPD: erases keys + stops signing

25 25 Revocation by Compressed CRLs (RCCRL) set “blacklisted” query “blacklisted” + currently valid compressed CRL ignore msg from M M broadcast Low-speed broadcast

26 26 Distributed Revocation Protocol (DRP) M A B C acc.-db “M” +sig. A Accusation-msgs against M +sig. C “M” +sig. A +sig. C +sig. B report to CA forward Disregard-msgs with supporting sigs. Disregard M +sig. C +sig. B

27 27 DRP speed

28 28 DRP coverage

29 29 Conclusion  VANET security is very important  We presented its main aspects: Threat model Security architecture  Tradeoffs exist, e.g., between privacy and liability  The choice of the cryptosystem is crucial  More info at http://ivc.epfl.chhttp://ivc.epfl.ch

Download ppt "1 Key Management for Vehicular Networks Maxim Raya and Jean-Pierre Hubaux Secure Vehicular Communications Workshop EPFL - 19/05/2015."

Similar presentations

Wenmao Liu Harbin Institute of Technology China. Outline ITS & VANETs Security Issues and Solutions An autonomous architecture Conclusion.

Wenmao Liu Harbin Institute of Technology China. Outline ITS & VANETs Security Issues and Solutions An autonomous architecture Conclusion.
Efficient Secure Aggregation in VANETs Maxim Raya, Adel Aziz, and Jean-Pierre Hubaux Laboratory for computer Communications and Applications (LCA) EPFL.

Efficient Secure Aggregation in VANETs Maxim Raya, Adel Aziz, and Jean-Pierre Hubaux Laboratory for computer Communications and Applications (LCA) EPFL.
Chris Karlof and David Wagner

Chris Karlof and David Wagner
CP3397 ECommerce.

CP3397 ECommerce.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
Survey of Vehicular Network Security Jonathan Van Eenwyk.

Survey of Vehicular Network Security Jonathan Van Eenwyk.
Securing Vehicular Communications Author : Maxim Raya, Panos Papadimitratos, and Jean-Pierre Hubaux From : IEEE Wireless Communications Magazine, Special.

Securing Vehicular Communications Author : Maxim Raya, Panos Papadimitratos, and Jean-Pierre Hubaux From : IEEE Wireless Communications Magazine, Special.
1 Performance 2005 October 6, 2005 Juan les Pins Performance Challenges in Secure Vehicular Networks Prof. Jean-Pierre Hubaux EPFL With the help of Srdjan.

1 Performance 2005 October 6, 2005 Juan les Pins Performance Challenges in Secure Vehicular Networks Prof. Jean-Pierre Hubaux EPFL With the help of Srdjan.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 2 – Upcoming networks Generalities.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 2 – Upcoming networks Generalities.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka 2011.2.10

Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Similar presentations

Ads by Google