1
1
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs WOSI S 2007
A Pr ivacy Awar e and Efficient Secur it y I nfr ast r uct ure for Vehicular Ad Hoc Net w or ks
Klaus Plößl Hannes Feder r at h Univer sit y of Regensbur g
Wor kshop on Secur it y in I nfor m at ion Sy st em s 2007 12. 06.2007
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs
2
WOSI S 2007
Out line
• I nt r oduct ion
• Secur it y Requir em ent s
• Pr oposal – I nit ializat ion
– Asy m m et r ic Par t
– Sym m et r ic Par t
• Evaluat ion
• Conclusion and Fur t her Aspect s
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs
3
WOSI S 2007
Vehicular Ad Hoc Net w ork s ( VANETs)
• Subgr oup of Mobile Ad Hoc Net w or ks ( MANETs)
• Main differ ence –Rout er = Vehicle
• Par t icular it ies –High speed
–High scalabilit y needed –Rest r ict ed node m ov em ent –Assist ance of fixed infr ast r uct ur e
is feasible
• I ncludes
–Vehicle- t o- vehicle com m unicat ions ( V2V) –Vehicle- t o- r oadside com m unicat ions ( V2R)
I nt ernet I nt ernet
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs
4
WOSI S 2007
Vehicular Ad Hoc Net w ork s ( VANETs)
• Main obj ect ive – I ncr ease r oad safet y
• Achievem ent of obj ect ive – Vehicles act as sensor s
– Exchange of t elem at ics infor m at ion, like
• Locat ion, cur r ent speed, acceler at ion or deceler at ion
• Sensor dat a fr om Air bag, ABS, ESP, et c.
– I f necessar y gener at ion of w ar nings – Dr iver s can r eact ear ly
gnoC
estion!
Congestion!
Congestion!
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs
5
WOSI S 2007
Applicat ion Cat egories
• War nings and t elem at ics infor m at ion ( W)
–E.g.: full br ake applicat ion w ar ning, congest ion w ar ning, air bag act ivat ion w ar ning, beacons, …
–Geocast
• Alar m signals and inst r uct ions ( A)
–E.g.: signals fr om police car s or fir e engines, speed lim it s, int er sect ion assist ance, …
–Geocast and unicast
• Value- added ser vices ( V)
–Most ly not cr it ical for t r affic safet y
–E.g.: I nt er net on t he r oad, locat ion based ser vices, r em ot e car m aint enance, …
–Mainly unicast
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs
6
WOSI S 2007
Term s and Assum pt ions
• Secur it y I nfr ast r uct ur e – Facilit at es m ut ual t r ust – Enables cr y pt ogr aphy
– I ncludes all t echnical and or ganizat ional m easur es and facilit ies needed t o fulfill t he pr ot ect ion goals
• Assum pt ions
– I n- car sensor dat a is cor r ect
– I nt egr at ion of cor r ect t im e and posit ion infor m at ion in all m essages
– Cor r ect t im e and posit ion infor m at ion is available fr om ot her infr ast r uct ur e like Galileo
2
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs
7
WOSI S 2007
Securit y Requirem ent s
x x x Pr ot ect ion against pr ofile gener at ion P1
x x x Pr ot ect ion against sur veillance
P2
Com put at ional and bandw idt h efficiency Pr ot ect ion of t he secur it y infr ast r uct ur e Differ ent levels of confident ialit y Ex post account abilit y I m m ediat e sender aut hent icat ion Dat a int egr it y
x x x x x W
x x x x x A
x x x x x V
A1 C2 C1 I 2b I 2a I 1
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs
8
WOSI S 2007
Proposal: Ov erv iew
• Asy m m et r ic par t w it h PKI – Vehicle- r elat ed ident it y
– Special pr ivileges by shor t - t er m cer t ificat es
– I nt egr it y pr ot ect ion of r oad safet y m essages ( A and par t s of W) – Basic aut hent icat ion
– Pr ot ect ion of key m anagem ent m essages for t he sy m m et r ic par t
• Sym m et r ic Par t
– I nt egr it y pr ot ect ion ( V and par t s of W) – Encr y pt ion
– Changing pseudony m s – Needs t am per - r esist ant har dw ar e
– Em ploys geogr aphically dist r ibut ed t r ust ed t hir d par t ies ( GTTPs)
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs
9
WOSI S 2007
Proposal: Once- Only I nit ializat ion
Vehicle manufacturer:
- Installation of TRH - Store CERTRootXX in TRH - Store pre-shared key in TRH and smart card
Owner of vehicle A:
- Generation of SKTRHA and PKTRHA
- Physical deactivation of SKTRHA and PKTRHA generation function - Generation of SKSCA and PKSCA and transfer to smart card
- Check and probably installation of CERTRootXX
After registration:
- Installation of CERTTRHA
Local admission office:
- Read PKTRHA
- Check owner identity
- Verify physical deactivation of key pair generation
- Register data with GTA GTA:
- Issue CERTTRHA
1
2
3 4
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs
10
WOSI S 2007
Proposal: Asy m m et ric Part
• Message for m at asy m m et r ic par t
• Usable aft er t he once- only init ializat ion
• Used for
– Road safet y r elat ed m essages – Alar m signals
– I nst r uct ions
• Revocat ion checks – Not cr it ical for w ar nings
– Not necessar y for alar m signals and inst r uct ions
• Shor t - t er m cer t ificat es w it h at t r ibut es
Data with address information Digital Signature CERTSender
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs
11
WOSI S 2007
Proposal: Ex am ple
I nt er net B: Beacon
SI : St op inst r uct ion AW: Accident war ning LBS: Locat ion based ser vice fwd: for war ded m essage
Sym m et r ic cr ypt ography Asym m et r ic cr ypt ography Legend
B
B B
B B B
B
LBS AW (fw
d) AW
AW
AW ( fwd) SI (fwd)
SI
: Suppor t ing infrast r uct ur e
Police
Accident
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs
12
WOSI S 2007
Proposal: Sy m m et ric Part
• Used for – Beacons
– Messages of t he value- added ser vices
• Requir es com m unicat ion w it h GTTP fr om t im e t o t im e – Dist r ibut ion of sy m m et r ic key s for
• Message encr y pt ion
• Message aut hent icat ion – Dist r ibut ion of pseudonym s
• GTTP has t o be independent fr om law enfor cem ent
• Only GTTP k now s r elat ionship bet w een pseudony m s and VRI
• Bet t er per for m ance t han asy m m et r ic par t
• Exclusion of m alicious nodes possible
3
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs
13
WOSI S 2007
Proposal: Sy m m et ric Part
• Message for m at sy m m et r ic par t
• kcand kMACALL
–I dent ical for all user s in t he sam e ar ea –Changed per iodically
• PA and kMACPA
–At least one for each node –Changed per iodically
• Message pr ocessing and key st or age in TRH
• For value- added ser v ices applicat ion specific encr y pt ion possible Data with address information PA MAC1 with kMACPA MAC2 with kMACALL
ciphered with kc .
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs
14
WOSI S 2007
Evaluat ion
• Dat a int egr it y ( I 1) – Digit al signat ur e – MAC2
• I m m ediat e sender aut hent icat ion ( I 2a) – Shor t t im e cer t ificat es
• Ex post account abilit y ( I 2b) – Digit al signat ur e based on VRI – MAC1
• Pr ot ect ion against pr ofile gener at ion ( P1) – Changing pseudony m s
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs
15
WOSI S 2007
Evaluat ion
• Pr ot ect ion against sur veillance ( P2) –I ndependent GTTPs
• Differ ent levels of confident ialit y ( C1)
–Possible by m eans of VRI cer t ificat es, sy m m et r ic key s or ot her ser vice specific key m at er ial
• Pr ot ect ion of secur it y infr ast r uct ur e ( C2) –Encr y pt ion of key m anagem ent m essages –Usage of TRH
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs
16
WOSI S 2007
Ev aluat ion
• Com put at ional and bandw idt h efficiency ( A1) – Assum pt ions
• Message lengt h: appr oxim at ely 300 by t e
• RSA w it h SHA- 256 ( key lengt h 2048 bit )
• HMAC SHA- 256 ( key lengt h 192 Bit )
• AES ( key lengt h 192 Bit )
• Pseudony m 48 Bit
– Asy m m et r ic par t
• Digit al signat ur e + cer t ificat e
• 2048 bit + ( 2048 bit + 2048 bit ) = 768 byt e
• Tot al 1068 by t e
⇒72% Secur it y over head
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs
17
WOSI S 2007
Ev aluat ion
• Com put at ional and bandw idt h efficiency ( A1) –Sym m et r ic Par t
•PA + 2 * HMAC
•48 bit + 2 * 256 bit = 70 by t e
•Tot al 370 by t e
⇒19% Secur it y over head
–No cer t ificat e r evocat ion list necessar y –Over head for key m anagem ent negligible
–Far t he m ost m essages use sy m m et r ic par t
•Much m or e efficient t han asy m m et r ic pr ot ect ion
–Com put at ional delay
– 100m s ( asy m m et r ic par t ) – 0, 165 m s ( sy m m et r ic par t )
A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs
18
WOSI S 2007
Conclusion and Furt her Aspect s
• Conclusion
– All r equir em ent s ar e fulfilled – Pr ot ect s pr ivacy of par t icipant s – I s ver y efficient
• Fur t her aspect s – Refine pr oposal
• Schedule for changing t he sym m et r ic key s and pseudony m s
• Best size of t he geogr aphic r egions for t he GTTPs – Specify w hen GTTP has t o r eveal connect ion bet w een a given
pseudony m and VRI
• Cont act :
– Klaus.Ploessl@w iw i.uni- r egensbur g. de