M.

TECH DISSERTATION ON

PRE-AUTHENTICATION BASED SECURITY SCHEME FOR VEHICULAR NETWORKS

Under The Guidance of
Mr. PARDEEP SINGH Assistant Professor CSE Department NIT Hamirpur

Presented By
UPASANA SINGH Roll No.- 09M502 M.Tech, CSE Department NIT Hamirpur

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING NATIONAL INSTITUTE OF TECHNOLOGY HAMIRPUR-177005, HP (INDIA) August, 2011

OUTLINE
Introduction
Applications Attacks

of VANETs

on VANETs and privacy requirements in VANETs Statement and Objectives Survey

Security

Motivation
Problem

Literature System

Model

Proposed Analysis

Solution

and results

Conclusion References

INTRODUCTION
Vehicular networks is a technology that uses moving cars as nodes in a network to create a mobile network. It turns every participating car into a wireless router or node. It enables vehicles to communicate with each other via Vehicle-to-Vehicle (V2V) as well as with roadside base stations via Vehicle-toInfrastructure Communication (V2I). Vehicular networks have received attention for their potential in traffic efficiency, road safety, infotainment, Internet access. Especially, the new emerging infotainment applications demand vehicular networks to support multimedia and real-time services [8]. Therefore, provisioning of seamless mobility is essential for next generation vehicular networks.

INTRODUCTION (CONT.)
The unique characteristics of VANETs are [9]:

- High mobility with the constraint of road topology.

- Rapidly changing network topology. - Initially low market penetration ratio. - Potentially unbounded network size. - Anonymous addresses. - Time-sensitive data exchange - Potential support from infrastructure - Abundant resources - Better physical protection

APPLICATIONS OF VANET

Active Safety

1. Dangerous road features lights or stop signals

2. Abnormal traffic and road conditions 3. Danger of collision 4. Crash imminent 5. Incident occurred

Public Service
1. Emergency response 2. Support for authorities

Improved driving 1. Enhanced Driving

2. Traffic Efficiency

Mobile Business and Entertainment 1. Vehicle Maintenance 2. Mobile Services 3. Enterprise solutions 4. E-Payment

ATTACKERS MODEL AND ATTACKS

Attackers Model [10]:

Insider vs. Outsider Malicious vs. Rational Active vs. Passive Local vs. Extended

Types of attacks:

Bogus information Cheating with sensor information

Denial of Service
Masquerading

SECURITY AND PRIVACY REQUIREMENTS IN VANETS

Authentication Verification of data consistency Availability Non-repudiation Real-time constraints

SECURITY AND PRIVACY REQUIREMENTS IN VANETS (CONT.)

Conditional Privacy Levels Privacy Level 1 Authentication Yes Anonymity No Unlinkability No

Level 2
Level 3

Yes
Yes

Yes
Yes

No
Yes

MOTIVATION

Since security and privacy protection are mutually conflicting, so a large number of proposed schemes had to compromise between these two requirements and reaching a good compromise state results in computing, communications and storage overhead. VANETs use asymmetric key cryptography for authentication purpose and symmetric key cryptography for communication purpose. With the use of pseudoidentities the overhead of asymmetric key cryptography could also be reduced with the symmetric key solutions. Still very less work is done in this direction.

PROBLEM STATEMENT AND OBJECTIVE

The handover in vehicular networks have to be secured while maintaining the computational and storage overhead. For real-time services such as infotainment application in vehicular networks the latency problems are not desirable. Therefore, a security framework has to be developed that will reduce the computational complexity. The objective of this dissertation is to develop an approach to authenticate the entities and generate keys while reducing the computational and storage overhead. To reduces the authentication latency between vehicle (mobile node) and authentication server.

LITERATURE SURVEY
Ref. No.
1.

Name of Paper/ Authors

J.P. Hubaux, S.C. Apkun, J. Luo, The Security and Privacy of Smart Vehicles.

Publication / year
IEEE Journal on Security and Privacy, 2004.

Remarks
-Recognized the need for conditional privacy. - Introduced the concept of Electronic License Plates. - Also focused on location verification. -Symmetric key based authentication using short lived pseudonyms. - Less reliant on availability of bandwidth.

Limitations
Does not provide any solution to provide privacy.

2.

J.Y. Choi, M. Jakobsson, S. Wetzel, Balancing Auditability and Privacy in Vehicular Networks.

Q2SWinet '05, 2005.

Vehicles authenticate each other via a base station, which is undesirable for inter-vehicle communications Conditional anonymity claimed applies only to the vehicles amongst the peer. Also implementation of two protocols is a tedious job

3.

X. Lin, X. Sun, P.H. Ho, X. Shen, GSIS: A Secure and Privacy-Preserving Protocol for Vehicular Communications.

IEEE Transactions on Vehicular Technology, 2007.

-Uses group signatures and ID-Based cryptography. - Developed two different algorithms for V2V and V2I communication.

Ref. No.
4.

Name of Paper / Authors

Y. Xi, K. Sha, W. Shi, L. Schwiebert, Enforcing Privacy Using Symmetric Random KeySet in Vehicular Networks. S.H. Lee, J.Y. Choi, N.S. Park, FMIPv6 based Secure Binding Update Authentication in Wireless Vehicular Networks.

Publication year
IEEE Conference ISADS , 2007.

Remarks
-Uses symmetric random key set. - Uses different identity at different RSU. -Focused on improving handover latency by decreasing authentication latency. - Uses EAP for authentication purpose. -Group based scheme using asymmetric cryptography.

Limitations
Suffers from authentication traffic and RTT (Round Trip Time) latency. EAP is not developed for vehicular networks.

5.

IEEE conference ISWPC , 2009.

6.

J. Chen, J. Wu, Cooperative Anonymity Authentication in Vehicular Networks.

IEEE Conference MOBHOC, 2009.

Difficulty in election of group leader , also there may be too few Cars to create a group. Suffers from computational overhead.

7.

K. Xue, P. Hong, X. Tie, Using Security Context Pre-Transfer to Provide Security Handover Optimization for Vehicular Ad Hoc Networks.

IEEE conference on Vehicular Technology (VTC 2010-Fall), 2010.

- Handover is also discussed along with the authentication. - Based on asymmetric cryptography and hash chain anchor.

SYSTEM MODEL

Considered Vehicular Environment

ASSUMPTIONS

The Tamper proof device on the board of each vehicle have computational power to calculate keys. It could be reconfigured by downloading data from the Authentication Server. For Internet access FMIPv6 is considered. Since we are using FMIPv6 for Internet access, during the solution we will use term mobile node for vehicle and Access router for the Roadside Units for the ease of understanding. We assume that only TA and the vehicle know the real identity and the password (symmetric key).

The Function used to create the pseudoidentity of the vehicle is known to the TA and is inbuilt in the OBU of the vehicle.

(CONT.)

OBUs can create random numbers with strong randomness even though they have limited computational capabilities. The random numbers used in the key establishment protocol are generated through a pseudorandom function that takes a counter together with the key as input.
Random_number = Fkey (counter) The counter is incremented after every use. The function F can be implemented as a hash-keyed message authentication code.

PROPOSED SOLUTION
System Setup:

Before entering VANET, all RSUs, and OBUs must get registered by TA. Each vehicle is given a unique identity UID and password PSW by the TA. When the vehicle enters a network it enters UID and PSW in the OBU which generates a pseudoidentity IDA as; IDA= (UID PSW)
When entering the VANET, the vehicle V first needs to mutually authenticate and establish a secure master key with the AAA server. All the RSUs are also authenticated by the AAA server. Whenever a vehicle comes in contact with a RSU their ID are verified for legitimacy through Challenge-Response method. If returning yes, the RSU and the vehicle will setup a handover key.

MUTUAL AUTHENTICATION AND KEY AGREEMENT PHASE

V
IDA JA

AAA
Computes n= p.q, where p and q two secret numbers

JA = f(IDA)
Chooses a secret s such that 1sthan computes v= (JA .s)2 mod n and makes it public

AAA selects and send a secret g

AAA and V choose respective secret no.s a and b such that 1a and bg-2 each co-prime to g-1. they respectively compute a-1 mod g-1 and b-1 mod g-1 Chooses a secret k such that 1kg-1, and computes (k.a) mod g (k.a)mod g

(k.a.b)mod g (k.b)mod g

MUTUAL AUTHENTICATION AND KEY AGREEMENT PHASE

1.

Master key k mod g is generated between the Vehicle and the AAA server.

2.

Server generates a unique Handover Encryption key using the MK and delivers it to the corresponding AR.
HEK = H(MK, IDAR || IDMN)

VERIFICATION PHASE
V (MN) RSU (NAR)

x =(JA.r)2 mod n
IDA, x Selects challenge bit e (e=0 /1)

Challenge bit e
If e = 0; y = (IDA.r)mod n If e =1; y = (IDA.r.s)mod n

Response bit y Computes JA and y2 = (x.ve) mod n

HANDOVER PHASE
V (MN) PAR (RSU) NAR (RSU) AAA Server
HMK & HEK1

HMK HEK1

Mutual Authentication

HEK1

HEKN Handover Initiation

RtSolPr PrRtAdv

Handover Phase

Msg1 Msg2 Msg3 Msg4 Hack FBack FNA Generate HKN

FBack

HANDOVER PHASE

The MN transmits a RtSolPr (Router Solicitation for Proxy) message to the PAR connected. After receiving RtSolPr message, PAR transmits a PrRtAdv (Proxy Router Advertisement) message. When the MN selects new AR to which it wants to connect and it sends Msg1 to NAR along with the verification request. Msg1= HEK( IDMN, IDPAR, IDNAR, NonceMN), H(HEK, IDMN || IDPAR || IDNAR || NonceMN) .

NAR on receiving Msg1 from MN firstly verifies the MN and than responds with Msg2. Msg2= HEK(IDMN, IDPAR, IDNAR, NonceMN, NonceNAR), H(HEK, IDMN ||IDPAR || IDNAR || NonceMN || NonceNAR) .

MN and NAR generate HK. HK = H(HEK, IDNAR || IDMN || NonceMN || NonceNAR)

(CONT.)

MN transmit a FBU via Msg3 to PAR. Msg3=FBU, H(HK, NCoA , NonceNAR) PAR then sends HI via Msg4 o NAR. Msg4 = HI, H(HK, NCoA, NonceMN) NAR generates HK and verifies it. If verification is successful, NAR send Hack. PAR transmits FBack. MN on attaching to the NAR transmits FNA .

ANALYSIS AND RESULT

There are several network security simulators available such as Automated Validation of Internet Security Protocols and Applications (AVISPA) [38], Network Security Simulator 2 (NeSSi2), OsmocomBB, Web Service Analysis Tool (WSAT). We have simulate our protocol using the Automated Validation of Internet Security Protocols and Applications (AVISPA) web interface.

PERFORMANCE ANALYSIS
Computational parameters [11]: Operation Thash Time (ms) 0.5

Tsym
Tasym Trandom Tmul Tinv

8.7
100Tsym 0.5 0.5 19Tmul

COMPUTATIONAL OVERHEAD DURING AUTHENTICATION AND KEY AGREEMENT

TOTAL COMPUTATIONAL OVERHEAD INCLUDING HANDOVER PHASE

SECURITY ANALYSIS
Mutual Authentication: MN and NAR are authenticated mutually via HK. Secrecy: Msg1 and Msg2 exchanged between MN and NAR are kept secret from an adversary. HK is only shared between MN and NAR. Neighbour ARs can not derive HK. Moreover, the key is kept secret

from the adversary.

Integrity: Msg1 and Msg2 exchanged between MN and NAR cannot be altered by an adversary.

CONCLUSION

The most important point in securing the vehicular communication is to provide both security and privacy while reducing the computational and storage overhead. Our proposed scheme uses a secret shared key between the vehicle and the roadside infrastructure which is further used during the handover for computing the handover keys and communicating securely. Verification of a vehicle as a legitimate node is done at the roadside infrastructure itself and no communication with the server is required. Our scheme promises mutual authentication, secrecy, and privacy of the specifics of the vehicle. It also reduces the authentication latency by carrying out pre-authentication at the vehicle and the server. The proposed protocol is analyzed to be secure through the security simulator AVISPA. Also through the analysis of our protocol shows that it indeed has desirable properties of a security scheme for a vehicular network and is safe against several attacks. The performance analysis shows that the symmetric key cryptography based protocols have an improvement of almost about 50% in the computational overhead.

REFERENCES
1.

J.P. Hubaux, S.C. Apkun, J. Luo, The Security and Privacy of Smart Vehicles, IEEE Journal on Security and Privacy, Vol. 2, Issue 3, pp. 49 55, 2004. J.Y. Choi, M. Jakobsson, S. Wetzel, Balancing Auditability and Privacy in Vehicular Networks, Q2SWinet '05, 2005. X. Lin, X. Sun, P.H. Ho, X. Shen, GSIS: A Secure and Privacy-Preserving Protocol for Vehicular Communications, IEEE Transactions on Vehicular Technology, Vol. 56, Issue 6, pp. 3442-3456, 2007. Y. Xi, K. Sha, W. Shi, L. Schwiebert, Enforcing Privacy Using Symmetric Random Key-Set in Vehicular Networks, IEEE Conference ISADS 2007, 2007. S.H. Lee, J.Y. Choi, N.S. Park, FMIPv6 based Secure Binding Update Authentication in Wireless Vehicular Networks, IEEE conference ISWPC 2009, pp. 1-5, 2009. J. Chen, J. Wu, Cooperative Anonymity Authentication in Vehicular Networks, IEEE Conference MOBHOC 2009, pp. 1018-1023, 2009.

2.

3.

4.

5.

6.

7.

K. Xue, P. Hong, X. Tie, Using Security Context Pre-Transfer to Provide Security Handover Optimization for Vehicular Ad Hoc Networks, IEEE conference on Vehicular Technology (VTC 2010-Fall), pp. 1-5, 2010.
Q. Mussabbir, W. Yao, Z. Niu, X. Fu, Optimized FMIPv6 Using IEEE 802.21 MIH Services in Vehicular Networks, IEEE Transactions on Vehicular Technology, Vol. 56, No. 6, Nov. 2007.

8.

9.

Z. Li, Z. Wang, C. Chigan, Security of Vehicular Ad Hoc Networks in Intelligent Transportation Systems, Wireless Technologies for Intelligent Transportation Systems, Nova Science Publishers, 2009.
E. Schoch, F. Kargl, M. Weber, T. Leinmller, Communication Patterns in VANETs, IEEE Journal Communications Magazine, Vol. 46, Issue 11, pp. 119-125, 2008.

10.

11.

J. S. Lee, C. C. Chang, Secure communications for cluster-based ad hoc networks using node identities, Journal of Network and Computer Applications, Vol.30, No.4, pp.1377-1396, 2007.

PUBLICATIONS

Upasana Singh, Pardeep Singh, Security and Privacy Enabling Lightweight Solution for Vehicular Networks, International Journal of Advances in Computer Networks and its Security, Vol. 1, No. 1, pp. 281-285, 2011 . Upasana Singh, Pardeep Singh, Privacy Providing Solution for Vehicular Communication, International Journal of Engineering Research and Applications (IJERA), Vol. 1, No. 2, pp. 363-368, 2011. Upasana Singh, Pardeep Singh, Security and Privacy Enabling Solution for Vehicular Networks, International Conference on Advances in Information Technology and Communication AIT 2011, Springer LNICST . (In Press) Upasana Singh, Pardeep Singh, Review of Solutions for securing the Vehicular Networks, International Journal of Computer Technology and Applications. (Accepted)

THANK YOU