Presentation is loading. Please wait.

Presentation is loading. Please wait.

Challenges in Securing Vehicular Networks

Published byAiden Barrett Modified over 11 years ago

Similar presentations

Presentation on theme: "Challenges in Securing Vehicular Networks"— Presentation transcript:

1 Challenges in Securing Vehicular Networks
Bryan Parno Adrian Perrig Carnegie Mellon University

2 Emergence of Vehicular Networks
In 1999, FCC allocated GHz band to promote safe and efficient highways Intended for vehicle-to-vehicle and vehicle-to-infrastructure communication Emerging radio standard for Dedicated Short-Range Communications (DSRC) Based on an extension of Car2Car Consortium expects prototypes in March 2006 Must consider security, or these networks will create more problems than they solve Need to consider security or these networks will create more problems than they solve

3 Why Vehicular Networks?
Safety On US highways (2004): 42,800 Fatalities, 2.8 Million Injuries ~$230.6 Billion cost to society Efficiency Traffic jams waste time and fuel In 2003, US drivers lost a total of 3.5 billion hours and 5.7 billion gallons of fuel to traffic congestion Profit Safety features and high-tech devices have become product differentiators Those of you who drove here know that drivers need all the help they can get Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) (

4 Outline Introduction Applications Adversaries and Attacks
Vehicular Network Challenges Properties Supporting Security Security Primitives Related Work & Conclusions

5 Applications Congestion detection Vehicle platooning
Road hazard warning Collision alert Stoplight assistant Toll collection Deceleration warning Emergency vehicle warning Border clearance Traction updates Flat tire warning Merge assistance

6 Congestion Detection Vehicles detect congestion when:
# Vehicles > Threshold 1 Speed < Threshold 2 Relay congestion information Hop-by-hop message forwarding Other vehicles can choose alternate routes

7 Deceleration Warning Prevent pile-ups when a vehicle decelerates rapidly 2004, over 2,300 deaths from rear-end collisions

8 Why Security? Adding security as an afterthought is rarely pretty
Utility and ubiquity of vehicular networks will make them likely targets for attack Attacks may have deadly consequences

9 Outline Introduction Applications Adversaries and Attacks
Vehicular Network Challenges Properties Supporting Security Security Primitives Related Work & Conclusions

10 Adversaries Greedy drivers

11 Adversaries Greedy drivers Snoops Pranksters Industrial Insiders
Malicious Attackers

12 Attacks Denial of Service (DoS) Message Suppression Attacks
Overwhelm computational or network capacity Dangerous if users rely on the service Message Suppression Attacks Drop congestion alerts Fabrication Lie about congestion ahead or lie about identity Alteration Attacks Replay transmissions to simulate congestion

13 Outline Introduction Applications Adversaries and Attacks
Vehicular Network Challenges Authentication vs. Privacy Availability Mobility Key Distribution Low Tolerance for Errors Bootstrap Properties Supporting Security Security Primitives Related Work & Conclusions

14 Challenges: Authentication vs. Privacy
Each vehicle should only have one identity Prevents Sybil attacks (e.g., spoofed congestion) Allows use of external mechanisms (e.g. law enforcement) Drivers value their privacy Legal requirements vary from country to country Vehicles today are only partially anonymous Lack of privacy may lead to lack of security People already leery of speedpass. Court cases that have subpoenaed these records for divorce proceedings. Photographing license plates quite feasible

15 Challenges: Availability
Applications will require real-time responses Increases vulnerability to DoS Unreliable communication medium Studies show only 50-60% of vehicles in range will receive a vehicle’s broadcast

16 Challenges: Mobility Mobility patterns will exhibit strong correlations Transient neighborhood Many neighbors will only be encountered once, ever Makes reputation-based systems difficult Brief periods of connectivity Vehicles may only be in range for seconds Limits interaction between sender and receiver

17 Challenges: Key Distribution
Manufacturers Requires cooperation and interoperability Users must trust all manufacturers Government DMV distribution Handled at the state level, so also requires cooperation and interoperability Running a Certificate Authority is non-trivial If a single manufacturer makes a mistake, then the entire system is open to attacks. Problems not insurmountable, but they need to be considered.

18 Challenges: Low Tolerance for Errors
Strong need for resiliency With 200 million cars in the US, if 5% use an application that works % of the time, still more likely to fail on some car Life-and-death applications must be resilient to occasional failures Focus on prevention, rather than detection & recovery Safety-related applications may not have margin for driver reaction time

19 Challenges: Bootstrap
Initially, only a small number of vehicles will have DSRC Limited support deployment of infrastructure Ad hoc network protocols allow manufacturers to incorporate security without deviating from their business model

20 Outline Introduction Applications Adversaries and Attacks
Vehicular Network Challenges Properties Supporting Security Security Primitives Related Work & Conclusions

21 Some Vehicular Properties Support Security
Regular Inspections Most states require annual inspection Download updates, CRLs, new certificates Use software attestation to verify vehicle Honest Majority Most drivers prefer not to tinker with their cars May void warranty or violate the law Must protect against worms Leverage existing work for PCs Trusted hardware (e.g., TPMs) may help eventually Worm work like TaintCheck by Newsome et al.

22 Some Vehicular Properties Support Security
Additional input Presumed intelligent operator at each node Cannot distract driver, but can still gather or infer data E.g., ignored deceleration warning may indicate a false positive Existing enforcement mechanisms For many attacks, attacker must be in close physical proximity May be sufficient to identify the attacker

23 Outline Introduction Applications Adversaries and Attacks
Vehicular Network Challenges Properties Supporting Security Security Primitives Related Work & Conclusions

24 Security Primitives: Secure Message Origin
Prevents attacks Road-side attacker cannot spoof vehicles Attacker cannot modify legitimate messages to simulate congestion Beacon-based approach Sig(Kbeacon, time, )

25 Security Primitives: Secure Message Origin
Alternately, use entanglement Each vehicle broadcasts: Its ID Ordered list of vehicles it has passed Establishes relative ordering Add resiliency by evaluating consistency of reports

26 Security Primitives: Anonymization Service
Many applications only need to connect information to a vehicle, not to a specific identity Authenticate to anonymization service with permanent ID Anonymization service issues temporary ID Optionally include escrow for legal enforcement Ideal environment: toll roads Controlled access points All temporary IDs issued by the same authority ID

27 Security Primitives: Anonymization Service
To provide finer granularity, use reanonymizers Anonymization service issues short-lived certificates Reanonymizer will provide a fresh ID in response to a valid certificate ID ID’

28 Additional Security Primitives
Secure Aggregation Securely count vehicles to report congestion Key Establishment Temporary session keys for platooning or automatic cruise control Message Authentication and Freshness Prevent alteration and replay attacks

29 Outline Introduction Applications Adversaries and Attacks
Vehicular Network Challenges Properties Supporting Security Security Primitives Related Work & Conclusions

30 Related Work Driver Ad Hoc Networking Infrastructure (DAHNI) [Zarki et al., 2002] Potential attacks and secure localization [Hubaux et al., 2004] Key management and anonymous keys [Raya & Hubaux, 2005] Secure localization = Base stations can determine a vehicle’s position.

31 Conclusions We have proposed several security primitives, but more are needed. Vehicular networks pose interesting, open security research questions. Vehicular networks will soon be deployed, and their success and safety will depend on the secure solutions we develop. Research on security in vehicular networks will have an impact in the real world.

32 Thank you!

33 Potential Questions I don’t think vehicular networks will happen
They are Why not just use cellular and GPS? PKI is not that hard

Download ppt "Challenges in Securing Vehicular Networks"

Similar presentations

Wenmao Liu Harbin Institute of Technology China. Outline ITS & VANETs Security Issues and Solutions An autonomous architecture Conclusion.

Wenmao Liu Harbin Institute of Technology China. Outline ITS & VANETs Security Issues and Solutions An autonomous architecture Conclusion.
Proactive Traffic Merging Strategies for Sensor-Enabled Cars

Proactive Traffic Merging Strategies for Sensor-Enabled Cars
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Security in Mobile Ad Hoc Networks

Security in Mobile Ad Hoc Networks
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Connectivity-Aware Routing (CAR) in Vehicular Ad Hoc Networks Valery Naumov & Thomas R. Gross ETH Zurich, Switzerland IEEE INFOCOM 2007.

Connectivity-Aware Routing (CAR) in Vehicular Ad Hoc Networks Valery Naumov & Thomas R. Gross ETH Zurich, Switzerland IEEE INFOCOM 2007.
Driver Behavior Models NSF DriveSense Workshop Norfolk, VA Oct 30-31 Mario Gerla UCLA, Computer Science Dept.

Driver Behavior Models NSF DriveSense Workshop Norfolk, VA Oct Mario Gerla UCLA, Computer Science Dept.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
Securing Vehicular Communications Author : Maxim Raya, Panos Papadimitratos, and Jean-Pierre Hubaux From : IEEE Wireless Communications Magazine, Special.

Securing Vehicular Communications Author : Maxim Raya, Panos Papadimitratos, and Jean-Pierre Hubaux From : IEEE Wireless Communications Magazine, Special.
Distributed Detection of Node Replication Attacks in Sensor Networks Bryan Parno, Adrian Perrig Virgil Gligor Carnegie Mellon UniversityUniversity of Maryland.

Distributed Detection of Node Replication Attacks in Sensor Networks Bryan Parno, Adrian Perrig Virgil Gligor Carnegie Mellon UniversityUniversity of Maryland.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.

Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.
overview Motivation Ongoing research on VANETs Introduction Objectives Applications Possible attacks Conclusion.

overview Motivation Ongoing research on VANETs Introduction Objectives Applications Possible attacks Conclusion.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
Jorge Hortelano, Juan Carlos Ruiz, Pietro Manzoni

Jorge Hortelano, Juan Carlos Ruiz, Pietro Manzoni
Vehicle-to-Vehicle Wireless Communication Protocols for Enhancing Highway Traffic Safety - A Comparative Study of Data Dissemination Models for VANETs.

Vehicle-to-Vehicle Wireless Communication Protocols for Enhancing Highway Traffic Safety - A Comparative Study of Data Dissemination Models for VANETs.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Mini-Project 2006 Secure positioning in vehicular networks based on map sharing with radars Mini-Project IC-29 Self-Organized Wireless and Sensor Networks.

Mini-Project 2006 Secure positioning in vehicular networks based on map sharing with radars Mini-Project IC-29 Self-Organized Wireless and Sensor Networks.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
An Efficient and Spontaneous Privacy-Preserving Protocol for Secure Vehicular Communications Hu Xiong, Konstantin Beznosov, Zhiguang Qin, Matei Ripeanu.

An Efficient and Spontaneous Privacy-Preserving Protocol for Secure Vehicular Communications Hu Xiong, Konstantin Beznosov, Zhiguang Qin, Matei Ripeanu.

Similar presentations

Ads by Google