mohammad hossein manshaei manshaei@gmailmesh network: – one wireless hot spot (whs) – several...
TRANSCRIPT
![Page 1: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/1.jpg)
Mohammad Hossein Manshaei [email protected]
![Page 2: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/2.jpg)
Chapter 2: (secowinet.epfl.ch): Mesh Networks, MANET, VANET, RFID, and Sensor Networks
2
![Page 3: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/3.jpg)
• Upcoming wireless networks: – Personal communications:
• Wireless mesh networks • Hybrid ad hoc networks • Mobile ad hoc networks
– Vehicular networks – Sensor networks – RFID – Mobility in the Internet
3
![Page 4: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/4.jpg)
Ø Mesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations
4
![Page 5: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/5.jpg)
Ø Easy to deploy: – Single connection point to the Internet
Ø Providing Internet connectivity in a sizable geographic area: – Much lower cost than classic WiFi networks
Ø Fairness and security are closely related
Ø Not yet ready for wide-scale deployment: – Severe capacity and delay constraints – Lack of security guarantees
5
![Page 6: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/6.jpg)
Ø Hybrid ad hoc networks or multi-hop cellular networks: – No relay stations – Other mobile stations relay the traffic
Ø Problem of power management
6
![Page 7: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/7.jpg)
• Mobile ad hoc networks: – Mobile ad hoc networks in hostile
environments – In self-organized mobile ad hoc networks
7
![Page 8: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/8.jpg)
Ø Mobile ad hoc networks in hostile environments: – Presence of a strong attacker: military networks – Security challenges:
• Secure routing • Prevention of traffic analysis • Resistance of a captured device to reverse engineering and key retrieval.
Ø In self-organized mobile ad hoc networks: – No authority in the initialization phase – Nodes have to figure out how to secure the communications – Selfishness can be a serious issue:
• Nodes selfishly refuse to forward packets • Greedily overuse the common channel
8
![Page 9: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/9.jpg)
Ø Large number of sensor nodes, a few base stations
Ø Sensors are usually battery powered: – Main design criteria: reduce the energy consumption
Ø Multi-hop communication reduces energy consumption: – Overall energy consumption can be reduced, if
packets are sent in several smaller hops instead of one long hop
– Fewer re-transmissions are needed due to collisions
9
![Page 10: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/10.jpg)
Ø Security requirements: – Integrity – Confidentiality – Availability
Ø Special conditions: – Energy consumption – Computing and storage capacity of sensors is
limited – Access to the sensors cannot be monitored
10
![Page 11: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/11.jpg)
Ø RFID systems: – RFID tags – RFID readers – Back-end databases
Ø RFID tag: microchip and antenna – Active: have battery – Passive: harvest energy from the reader's
signal
11
![Page 12: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/12.jpg)
• When a node changes location: its address changes
• Mobile IP: solves this problem at the IP layer
12
![Page 13: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/13.jpg)
Ø Care-of address: – Address used by the mobile node while it is attached to a foreign link
Ø Binding: – Association of a care-of address with a home address
Ø Bidirectional tunneling: – Mobile node tunnels the packets for the correspondent node through its
home agent – Home agent tunnels the packets to the mobile node via its care-of address
Ø Route optimization: – Mobile node registers its current address binding with the correspondent
node – Packets are sent directly to the mobile node's care-of address – Use the optimal route between the mobile and correspondent node
13
![Page 14: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/14.jpg)
Ø Address stealing: – If binding updates were not authenticated: an attacker
could send spoofed binding updates
Ø DoS: – Sending spoofed IP packets that trigger a large
number of binding update protocol instances
14
![Page 15: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/15.jpg)
Ø Protection mechanism: Return Routability (RR) – Non-cryptographic solution – Assumption of an uncorrupted routing infrastructure
15
![Page 16: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/16.jpg)
Ø Mobile Node MN checks the routability to the Correspondent Node CN: (a) via the Home Agent HA (HoTI) (b) directly (CoTI)
Ø CN replies to both of them: HoT and CoT
Ø Once MN has received both HoT and CoT: – MN sends a Binding Update to CN
16
![Page 17: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/17.jpg)
Wired Access Point (WAP)
(a) A WiFi Network
Ø Wireless Mesh Network (WMN): Same coverage as with WiFi networks but with only one WAP (and several TAPs).
Ø WMNs allow a fast, easy and inexpensive network deployment. Ø However, the lack of security guarantees slows down the deployment of
WMNs
Transit Access Point (TAP)
(b) A Mesh Network
17
![Page 18: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/18.jpg)
Ø Several verifications need to be performed: – WAP has to authenticate the MC (Mobile Client). – MC has also to authenticate the TAPs – Each TAP has to authenticate the other TAPs in the WMN – The data sent or received by MC has to be protected
(e.g., to ensure data integrity, non-repudiation and/or confidentiality).
Ø Performing these verifications has to be efficient and lightweight, especially for the MC.
WAPTAP3 TAP2 TAP1MC
18
![Page 19: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/19.jpg)
TAP2TAP3MC WAPTAP1
EK_3(SReq)
EK_2(SReq)
EK_1(SReq)
EK_WAP(SReq)
SRep
EK_3(SRep)
EK_2(SRep)
EK_1(SRep)
Example: SReq = EK_WAP (ReqID, roamingInfo, SessionKey, Nonce)
19
![Page 20: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/20.jpg)
Ø Multi-hop communications: ² Delayed detection and treatment of attacks ² Routing becomes critical ² Unfairness
Ø The TAPs are not physically protected: ² Capture ² Cloning ² Tampering
Ä Three fundamental security operations: 1. Detection of corrupt nodes 2. Secure routing 3. Fairness
20
![Page 21: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/21.jpg)
1. Detection of corrupt nodes
(a) An attacker compromises two TAPs
Ø Accessing the internal state Ø Modifying the internal state
(b) The attack is detected and new routes are defined
(a) (b)
21
![Page 22: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/22.jpg)
2. Routing
(a) Dos attack
(b) The attack is detected and new routes are defined
(a) (b)
22
![Page 23: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/23.jpg)
3. Fairness: Starvation problem
• Per-client fairness: ρ1=ρ3=2*ρ2
• By attacking the routing, an adversary can affect fairness
TAP3 TAP2 TAP1 WAP
flow1
flow2
flow3
M4
M5 M3 M2
M1
23/58
![Page 24: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/24.jpg)
Ø Fairness: Example
(a) Sub-optimal route (b) Optimal route
(b)(a)
24
![Page 25: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/25.jpg)
§ New challenges: – Mutual authentication of nodes belonging to different “operating
domains” – Competition for the channel (shared spectrum)
25
![Page 26: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/26.jpg)
Ø Motivation
Ø Threat model and specific attacks
Ø Security architecture
Ø Security analysis
Ø Performance evaluation
Ø Certificate revocation
Ø Secure positioning
Ø Conclusion 26
![Page 27: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/27.jpg)
Roadside base station
Inter-vehicle communications
Vehicle-to-roadside communications
Emergency event
• Communication: typically over the Dedicated Short Range Communications (DSRC) (5.9 GHz) • Example of protocol: IEEE 802.11p • Penetration will be progressive (over 2 decades or so) 27
![Page 28: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/28.jpg)
• Combat the awful side-effects of road traffic – In the EU, around 40’000 people die yearly on the roads; more
than 1.5 millions are injured – Traffic jams generate a tremendous waste of time and of fuel
• Most of these problems can be solved by providing appropriate information to the driver or to the vehicle
28
![Page 29: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/29.jpg)
Ø Large projects have explored vehicular communications: Fleetnet, PATH (UC Berkeley),…
Ø No solution can be deployed if not properly secured Ø The problem is non-trivial
– Specific requirements (speed, real-time constraints) – Contradictory expectations
Ø Industry front: standards are still under development and suffer from serious weaknesses – IEEE P1609.2: Standard for Wireless Access in Vehicular
Environments - Security Services for Applications and Management Messages
Ø Research front – ACM International Workshop on VehiculAr Inter-NETworking, Systems, and
Applications 29
![Page 30: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/30.jpg)
Forward radar
Computing platform
Event data recorder (EDR)Positioning system
Rear radar
Communication facility
Display
(GPS)
Human-Machine Interface
30
![Page 31: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/31.jpg)
Ø An attacker can be: – Insider / Outsider
– Malicious / Rational
– Active / Passive
– Local / Extended
Ø Attacks can be mounted on:
– Safety-related applications
– Traffic optimization applications
– Payment-based applications
– Privacy 31
![Page 32: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/32.jpg)
Traffic jam
ahead
§ Attacker: insider, rational, active 32
![Page 33: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/33.jpg)
SLOW DOWN
The way is clear
§ Attacker: insider, malicious, active 33
![Page 34: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/34.jpg)
Wasn’t me!
§ Attacker: insider, rational, active 34
![Page 35: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/35.jpg)
Roadside base station
Jammer
35
![Page 36: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/36.jpg)
Physical tunnel or jammed area
Wrong information
36
![Page 37: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/37.jpg)
A
* A at (x1,y1,z1)at time t1
* A communicates with B
* A refuels at time t2 and location
(x2,y2,z2)
1
2
AB
A
* A enters the parking lot at time
t3* A downloads from server X
3
37
![Page 38: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/38.jpg)
[Pravin Varaiya]
First level approximation:
38
![Page 39: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/39.jpg)
39
![Page 40: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/40.jpg)
40
![Page 41: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/41.jpg)
41
![Page 42: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/42.jpg)
Compute connectivity in this case ;-)
42
![Page 43: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/43.jpg)
• We consider communications specific to road
traffic: safety and traffic optimization
– Safety-related messages
– Messages related to traffic information
• We do not consider more generic applications,
e.g. toll collect, access to audio/video files, games,
…
43
![Page 44: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/44.jpg)
Ø Sender authentication
Ø Verification of data consistency
Ø Availability
Ø Non-repudiation
Ø Privacy
Ø Real-time constraints
44
![Page 45: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/45.jpg)
Certificate Authority
≈ 100 bytes ≈ 140 bytesSafety
messageCryptographic
material
{Position, speed, acceleration, direction,
time, safety events}
{Signer’s digital signature, Signer’s public key PK, CA’s certificate of PK}
Authenticated message
Data verification
Secure positioning
Tamper-proof device
Event data recorder
Secure multihop routing
Services (e.g., toll payment or
infotainment)
?
45
![Page 46: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/46.jpg)
Ø Each vehicle carries a tamper-proof device – Contains the secrets of the vehicle itself – Has its own battery – Has its own clock (notably in order to be able to
sign timestamps) – Is in charge of all security operations – Is accessible only by authorized personnel
Tamper-proof device
Vehicle sensors (GPS, speed and acceleration,…)
On-board CPU
Transmission system
((( )))
46
![Page 47: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/47.jpg)
Ø Symmetric cryptography is not suitable: messages are standalone, large scale, non-repudiation requirement
Ø Hence each message should be signed with a DS
Ø Liability-related messages should be stored in the EDR
Verifier
Signer
VerifierVerifier100 - 200 bytes 100 - 600 bytes
Safetymessage Cryptographic material
{Position, speed,acceleration, direction,
time, safety events}
{Signer’s DS, Signer’sPK, CA’s certificate of PK}
47/58
![Page 48: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/48.jpg)
Country 1
Region 1 Region 2
District 1 District 2
Car A Car B Car A Car B
Manuf. 1 Manuf. 2
1. Governmental Transportation Authorities 2. Manufacturers
§ The governments control certification § Long certificate chain § Keys should be recertified on borders to
ensure mutual certification
§ Vehicle manufacturers are trusted § Only one certificate is needed § Each car has to store the keys of all
vehicle manufacturers
48/58
![Page 49: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/49.jpg)
• Authorities – Trusted entities issuing
and managing identities and credentials
![Page 50: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/50.jpg)
• Authorities – Hierarchical organization – ‘Forest’
50
![Page 51: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/51.jpg)
Roadside Unit
‘Re-filling’ with or obtaining new
credentials
Providing revocation information
Roadside Unit
Wire-line Connections
• Identity and Credentials Management
51
![Page 52: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/52.jpg)
Ø Preserve identity and location privacy Ø Keys can be preloaded at periodic checkups
Ø The certificate of V’s ith key:
Ø Keys renewal algorithm according to vehicle speed (e.g., ≈ 1 min at 100 km/h)
Ø Anonymity is conditional on the scenario
Ø The authorization to link keys with ELPs is distributed
[ ] [ ]CAiSKiiV IDPuKSigPuKPuKCertCA
||=
52/58
![Page 53: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/53.jpg)
At 3:00 - Vehicle A spotted at position P1
At 3:15 - Vehicle A spotted at position P2
§ Keys change over time § Liability has to be enforced § Only law enforcement agencies should be allowed to retrieve the real
identities of vehicles (and drivers) 53
![Page 54: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/54.jpg)
Ø Vehicles will probably have several wireless technologies onboard
Ø In most of them, several channels can be used Ø To thwart DoS, vehicles can switch channels or
communication technologies
Ø In the worst case, the system can be deactivated
Network layer
DSRC UTRA-TDD Bluetooth Other
54
![Page 55: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/55.jpg)
Ø Bogus info attack relies on false data Ø Authenticated vehicles can also send wrong data (on purpose or not) Ø The correctness of the data should be verified Ø Correlation can help
55
![Page 56: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/56.jpg)
• How much can we secure VANETs?
• Messages are authenticated by their signatures
• Authentication protects the network from outsiders
• Correlation and fast revocation reinforce correctness
• Availability remains a problem that can be alleviated
• Non-repudiation is achieved because: – ELP and anonymous keys are specific to one vehicle – Position is correct if secure positioning is in place
56
![Page 57: Mohammad Hossein Manshaei manshaei@gmailMesh network: – One Wireless Hot Spot (WHS) – Several Transit Access Points (TAPs) – Mobile Stations 4 !](https://reader031.vdocument.in/reader031/viewer/2022030417/5aa345387f8b9a46238e2653/html5/thumbnails/57.jpg)
• The security of vehicular communications is a difficult and highly relevant problem
• Car manufacturers seem to be poised to massively invest in this area
• Slow penetration makes connectivity more difficult • Security leads to a substantial overhead and must be
taken into account from the beginning of the design process
• The field offers plenty of novel research challenges • Pitfalls
– Defer the design of security – Security by obscurity
57