enhancements in security, performance modeling and optimization in vehicular networks
DESCRIPTION
Ashwin Rao 2006SIY7513 Supervisor: Arzad A. Kherani. Enhancements in Security, Performance Modeling and Optimization in Vehicular Networks. Introduction to VANETs. Mobile ad hoc networks (MANETs) with vehicles as mobile nodes Application classification - PowerPoint PPT PresentationTRANSCRIPT
Indian Institute Of Technology,
DelhiPage 1
Enhancements in Security,
Performance Modeling and Optimization
in Vehicular Networks
Ashwin Rao
2006SIY7513
Supervisor: Arzad A. Kherani
Indian Institute Of Technology,
DelhiPage 2
Introduction to VANETs
Mobile ad hoc networks (MANETs) with vehicles as
mobile nodes
Application classification
Safety Related - Early Warning Messages
Best Effort – Traffic Optimization
Secure Transactions – Toll collection
Application to enhance safety of passengers
Indian Institute Of Technology,
DelhiPage 3
VANET jargon
VANET – Vehicular Ad hoc networks
OBU – On Board Unit – communication equipment in vehicles
RSU – Road Side Unit - provides infrastructure
WAVE – Wireless Access in Vehicular Environment
DSRC – Dedicated Short Range Communication
Indian Institute Of Technology,
DelhiPage 4
PKI: A brief overview
Asymmetric Keys (Pu -> Public key, Pr ->Private Key)
M = Pr(Pu(M)) & M = Pu(Pr(M)) -- where M is the message to be secured
Certificate contains the public key & signature of CA
Certificate sent with signed message to verify the signature of
message
Certificate shouldn't be revoked for message to be accepted
Indian Institute Of Technology,
DelhiPage 5
Security in VANETs
Security essential to the protect critical messages
Mechanism providing security need to address
Authenticity – genuine v/s malicious source
Anonymity – sender having right to privacy
Data Integrity – messages received as-is
Low Overheads – to retain usefulness of messages
Use of PKI based security proposed in IEEE 1609.2
Indian Institute Of Technology,
DelhiPage 6
1609 Protocol Stack
Data Flows and
Resources
Secure Message formats
and their processing
Network & Transport
Layer Services
Enhancement to the
802.11 MAC
Indian Institute Of Technology,
DelhiPage 7
Revocation of Certificates
Required to distinguish genuine and malicious nodes
When does the PKI revoke a certificate ?
It is compromised
It is used for malicious activity
Other reasons like terminating the V2V service
Problems
Revocation information to be propagated to all concerned
Indian Institute Of Technology,
DelhiPage 8
Certificate Revocation Lists (CRLs)
PKI propagates revocation information using CRLs
CRLs are signed by the CA
Problems with CRLs in VANETs
Communication with infrastructure at irregular intervals
Varying contact times with infrastructure
Number of CRLs limited to storage space in OBU
Time to search the certificate in CRLs
Operating time of malicious node = avg. CRL update interval
Indian Institute Of Technology,
DelhiPage 9
Accept/Drop Mechanism (Security Layer)
Indian Institute Of Technology,
DelhiPage 10
Confidence In Security Infrastructure
What is the probability that a certificate is a good
certificate if it is not available in the CRLs at OBU?
How recent are the CRLs in the OBU?
How recent is the certificate under consideration?
With how much confidence can you accept the signed
message?
On what parameters is this confidence related to ?
Indian Institute Of Technology,
DelhiPage 11
Parameters affecting CoS
r – the revocation rate
Var( T ) – variance in inter-CRL update times
E[ T ] - Expected CRL update interval
If Var(T) = 0 then
Indian Institute Of Technology,
DelhiPage 12
Freshness checks
Sender and receiver have equal access to PKI
Sender checks if one of its certificates is revoked
The CA modifies the freshness check field in the
certificate if it is not revoked
Freshness check field is part of the certificate
For receiver of messages to confirm freshness checks
For non-malicious senders to validate the genuineness of
their certificates
Indian Institute Of Technology,
DelhiPage 13
Freshness Checks
Indian Institute Of Technology,
DelhiPage 14
Algorithm to Accept/Drop Messages
Indian Institute Of Technology,
DelhiPage 15
Advantages of Freshness Checks
Time for verifying signed messages
Independent of number of CRLs and certificates in CRLs
OBUs need not store CRLs
Reduced storage requirement of OBU
Solves problem of CRL propagation
The validity of certificate dependent on the current
value of CoS and not determined at time of issue.
Indian Institute Of Technology,
DelhiPage 16
Reduced Operating Time Of Malicious Nodes
Time at which a
certificate was
revoked
Indian Institute Of Technology,
DelhiPage 17
Impact of Freshness checks
Fraction of packets
from compromised
nodes
Fraction of packets
from non-compromised
nodes
Indian Institute Of Technology,
DelhiPage 18
FutureTasks
Relation between CoS and probability of messages
from non-compromised nodes getting dropped
Impact of the overheads of security on performance of
secure messages
Impact of periodic transmission on the performance of
secure messages
Adapting rate of transmission V/S Adapting
transmission range of messages
Indian Institute Of Technology,
DelhiPage 19
Conclusion
Minimize some of the security overheads of verifying
the messages by providing a constant time algorithm to
accept/drop messages
Robust security infrastructure equally important for
effective security
Indian Institute Of Technology,
DelhiPage 20
Q&A
Indian Institute Of Technology,
DelhiPage 21
Extra Slides (BACKUP)
Indian Institute Of Technology,
DelhiPage 22
IEEE 1609 protocol stack
1609.1 - Resource Manager
Data flows and Resources at all points
1609.2 - Security Services
Secure message formats and processing based on PKI
1609.3 – Networking Services
Network and Transport layer services
1609.4 – Multi-channel operations
Enhancement to IEEE 802.11 MAC
Indian Institute Of Technology,
DelhiPage 23
Research Agenda
Implement essential features of 1609.x protocol stack
Incorporate vehicular traffic & data traffic models
Simulate V2V messaging at each node.
Propose algorithm to accept and drop messages
Study the performance metrics across widely varying
system parameters (with and without security) in V2V
networks.
Indian Institute Of Technology,
DelhiPage 24
Accept/Drop Mechanism (at Security Layer)
Received message signed using a certificate present in
CRLs at OBU
Drop the packet
Received message signed using a certificate absent
from the CRLs at OBU
Is the certificate revoked by the PKI ?
Is the certificate compromised but not revoked at the PKI ?
Is the certificate a genuine non-compromised certificate?