1 A Privacy Aware and Efficient SecurityInfrastructure for Vehicular Ad Hoc Networks

1

1

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs WOSI S 2007

A Pr ivacy Awar e and Efficient Secur it y I nfr ast r uct ure for Vehicular Ad Hoc Net w or ks

Klaus Plößl Hannes Feder r at h Univer sit y of Regensbur g

Wor kshop on Secur it y in I nfor m at ion Sy st em s 2007 12. 06.2007

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs

2

WOSI S 2007

Out line

• I nt r oduct ion

• Secur it y Requir em ent s

• Pr oposal – I nit ializat ion

– Asy m m et r ic Par t

– Sym m et r ic Par t

• Evaluat ion

• Conclusion and Fur t her Aspect s

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs

3

WOSI S 2007

Vehicular Ad Hoc Net w ork s ( VANETs)

• Subgr oup of Mobile Ad Hoc Net w or ks ( MANETs)

• Main differ ence –Rout er = Vehicle

• Par t icular it ies –High speed

–High scalabilit y needed –Rest r ict ed node m ov em ent –Assist ance of fixed infr ast r uct ur e

is feasible

• I ncludes

–Vehicle- t o- vehicle com m unicat ions ( V2V) –Vehicle- t o- r oadside com m unicat ions ( V2R)

I nt ernet I nt ernet

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs

4

WOSI S 2007

Vehicular Ad Hoc Net w ork s ( VANETs)

• Main obj ect ive – I ncr ease r oad safet y

• Achievem ent of obj ect ive – Vehicles act as sensor s

– Exchange of t elem at ics infor m at ion, like

• Locat ion, cur r ent speed, acceler at ion or deceler at ion

• Sensor dat a fr om Air bag, ABS, ESP, et c.

– I f necessar y gener at ion of w ar nings – Dr iver s can r eact ear ly

gnoC

estion!

Congestion!

Congestion!

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs

5

WOSI S 2007

Applicat ion Cat egories

• War nings and t elem at ics infor m at ion ( W)

–E.g.: full br ake applicat ion w ar ning, congest ion w ar ning, air bag act ivat ion w ar ning, beacons, …

–Geocast

• Alar m signals and inst r uct ions ( A)

–E.g.: signals fr om police car s or fir e engines, speed lim it s, int er sect ion assist ance, …

–Geocast and unicast

• Value- added ser vices ( V)

–Most ly not cr it ical for t r affic safet y

–E.g.: I nt er net on t he r oad, locat ion based ser vices, r em ot e car m aint enance, …

–Mainly unicast

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs

6

WOSI S 2007

Term s and Assum pt ions

• Secur it y I nfr ast r uct ur e – Facilit at es m ut ual t r ust – Enables cr y pt ogr aphy

– I ncludes all t echnical and or ganizat ional m easur es and facilit ies needed t o fulfill t he pr ot ect ion goals

• Assum pt ions

– I n- car sensor dat a is cor r ect

– I nt egr at ion of cor r ect t im e and posit ion infor m at ion in all m essages

– Cor r ect t im e and posit ion infor m at ion is available fr om ot her infr ast r uct ur e like Galileo

2

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs

7

WOSI S 2007

Securit y Requirem ent s

x x x Pr ot ect ion against pr ofile gener at ion P1

x x x Pr ot ect ion against sur veillance

P2

Com put at ional and bandw idt h efficiency Pr ot ect ion of t he secur it y infr ast r uct ur e Differ ent levels of confident ialit y Ex post account abilit y I m m ediat e sender aut hent icat ion Dat a int egr it y

x x x x x W

x x x x x A

x x x x x V

A1 C2 C1 I 2b I 2a I 1

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs

8

WOSI S 2007

Proposal: Ov erv iew

• Asy m m et r ic par t w it h PKI – Vehicle- r elat ed ident it y

– Special pr ivileges by shor t - t er m cer t ificat es

– I nt egr it y pr ot ect ion of r oad safet y m essages ( A and par t s of W) – Basic aut hent icat ion

– Pr ot ect ion of key m anagem ent m essages for t he sy m m et r ic par t

• Sym m et r ic Par t

– I nt egr it y pr ot ect ion ( V and par t s of W) – Encr y pt ion

– Changing pseudony m s – Needs t am per - r esist ant har dw ar e

– Em ploys geogr aphically dist r ibut ed t r ust ed t hir d par t ies ( GTTPs)

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs

9

WOSI S 2007

Proposal: Once- Only I nit ializat ion

Vehicle manufacturer:

- Installation of TRH - Store CERTRootXX in TRH - Store pre-shared key in TRH and smart card

Owner of vehicle A:

- Generation of SKTRHA and PKTRHA

- Physical deactivation of SKTRHA and PKTRHA generation function - Generation of SKSCA and PKSCA and transfer to smart card

- Check and probably installation of CERTRootXX

After registration:

- Installation of CERTTRHA

Local admission office:

- Read PKTRHA

- Check owner identity

- Verify physical deactivation of key pair generation

- Register data with GTA GTA:

- Issue CERTTRHA

1

2

3 4

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs

10

WOSI S 2007

Proposal: Asy m m et ric Part

• Message for m at asy m m et r ic par t

• Usable aft er t he once- only init ializat ion

• Used for

– Road safet y r elat ed m essages – Alar m signals

– I nst r uct ions

• Revocat ion checks – Not cr it ical for w ar nings

– Not necessar y for alar m signals and inst r uct ions

• Shor t - t er m cer t ificat es w it h at t r ibut es

Data with address information Digital Signature CERTSender

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs

11

WOSI S 2007

Proposal: Ex am ple

I nt er net B: Beacon

SI : St op inst r uct ion AW: Accident war ning LBS: Locat ion based ser vice fwd: for war ded m essage

Sym m et r ic cr ypt ography Asym m et r ic cr ypt ography Legend

B

B B

B B B

B

LBS AW (fw

d) AW

AW

AW ( fwd) SI (fwd)

SI

: Suppor t ing infrast r uct ur e

Police

Accident

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs

12

WOSI S 2007

Proposal: Sy m m et ric Part

• Used for – Beacons

– Messages of t he value- added ser vices

• Requir es com m unicat ion w it h GTTP fr om t im e t o t im e – Dist r ibut ion of sy m m et r ic key s for

• Message encr y pt ion

• Message aut hent icat ion – Dist r ibut ion of pseudonym s

• GTTP has t o be independent fr om law enfor cem ent

• Only GTTP k now s r elat ionship bet w een pseudony m s and VRI

• Bet t er per for m ance t han asy m m et r ic par t

• Exclusion of m alicious nodes possible

3

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs

13

WOSI S 2007

Proposal: Sy m m et ric Part

• Message for m at sy m m et r ic par t

• kcand k_MACALL

–I dent ical for all user s in t he sam e ar ea –Changed per iodically

• PA and k_MACPA

–At least one for each node –Changed per iodically

• Message pr ocessing and key st or age in TRH

• For value- added ser v ices applicat ion specific encr y pt ion possible Data with address information PA MAC1 with kMACPA MAC2 with kMACALL

ciphered with kc .

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs

14

WOSI S 2007

Evaluat ion

• Dat a int egr it y ( I 1) – Digit al signat ur e – MAC2

• I m m ediat e sender aut hent icat ion ( I 2a) – Shor t t im e cer t ificat es

• Ex post account abilit y ( I 2b) – Digit al signat ur e based on VRI – MAC1

• Pr ot ect ion against pr ofile gener at ion ( P1) – Changing pseudony m s

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs

15

WOSI S 2007

Evaluat ion

• Pr ot ect ion against sur veillance ( P2) –I ndependent GTTPs

• Differ ent levels of confident ialit y ( C1)

–Possible by m eans of VRI cer t ificat es, sy m m et r ic key s or ot her ser vice specific key m at er ial

• Pr ot ect ion of secur it y infr ast r uct ur e ( C2) –Encr y pt ion of key m anagem ent m essages –Usage of TRH

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs

16

WOSI S 2007

Ev aluat ion

• Com put at ional and bandw idt h efficiency ( A1) – Assum pt ions

• Message lengt h: appr oxim at ely 300 by t e

• RSA w it h SHA- 256 ( key lengt h 2048 bit )

• HMAC SHA- 256 ( key lengt h 192 Bit )

• AES ( key lengt h 192 Bit )

• Pseudony m 48 Bit

– Asy m m et r ic par t

• Digit al signat ur e + cer t ificat e

• 2048 bit + ( 2048 bit + 2048 bit ) = 768 byt e

• Tot al 1068 by t e

⇒72% Secur it y over head

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs

17

WOSI S 2007

Ev aluat ion

• Com put at ional and bandw idt h efficiency ( A1) –Sym m et r ic Par t

•PA + 2 * HMAC

•48 bit + 2 * 256 bit = 70 by t e

•Tot al 370 by t e

⇒19% Secur it y over head

–No cer t ificat e r evocat ion list necessar y –Over head for key m anagem ent negligible

–Far t he m ost m essages use sy m m et r ic par t

•Much m or e efficient t han asy m m et r ic pr ot ect ion

–Com put at ional delay

– 100m s ( asy m m et r ic par t ) – 0, 165 m s ( sy m m et r ic par t )

A Priv acy Aware and Efficient Securit y I n frast ruct ure for VANETs

18

WOSI S 2007

Conclusion and Furt her Aspect s

• Conclusion

– All r equir em ent s ar e fulfilled – Pr ot ect s pr ivacy of par t icipant s – I s ver y efficient

• Fur t her aspect s – Refine pr oposal

• Schedule for changing t he sym m et r ic key s and pseudony m s

• Best size of t he geogr aphic r egions for t he GTTPs – Specify w hen GTTP has t o r eveal connect ion bet w een a given

pseudony m and VRI

• Cont act :

– Klaus.Ploessl@w iw i.uni- r egensbur g. de