4. What is VANET
Vehicular Ad–Hoc Network, or VANET
a form of Mobile ad-hoc network
provide communication
- among nearby vehicles
- between vehicles
- nearby fixed equipment
5. Introduction
How vehicular communications work
- road-side infrastructure units (RSUs),
named network nodes, are equipped
with on-board processing and wireless
communication modules
6. How vehicular communications work
(Continue)
- vehicle-to-vehicle (V2V) and vehicle-to-infrastructure
(V2I) communication will be possible
15. What can VANET provide
The VANET can provide
Safety
Efficiency
Traffic and road conditions
Road signal alarm
Local information
16. Related work
Research have been worked
Outline challenges for VANET
- availablility, mobility
Describe particular attacks
-DoS, alteration attacks
Suggest solution towards attacks
This paper provide a basis for the development
of future vehicular security schemes
19. Security Requirements
1. Message Authentication and Integrity
2. Message Non-Repudiation
3. Entity Authentication
4. Access Control Authorization
5. Message Confidentiality
6. Privacy and Anonymity
7. Availability
8. Liability Identification
20. Security Requirements
Message Authentication and Integrity
- Message must be protected from any
alteration
Message Non-Repudiation
- The sender of a message cannot deny having sent a
message
Entity Authentication
- The receiver is ensured that the sender generated a
message
- The receiver has evidence of the liveness of the sender
21. Security Requirements
Access Control
-determined locally by policies
- authorization established what each
node is allowed to do in the network
Message Confidentiality
- the content of a message is kept
secret from those nodes that are not
authorized to access it
22. Security Requirements
Privacy and Anonymity
- vehicular communication (VC)
systems should not disclose
any personal and private
information of their users
- any observers should not know any future
actions of other nodes
- anonymity may not be a reasonable requirement
for all entities of the vehicular communications
system
23. Security Requirements
Availability
- protocols and services should remain
operational even in the presence of
faults, malicious or benign
Liability Identification
- users of vehicles are liable for their deliberate or
accidental actions that disrupt the operation of other
nodes
26. System Model
Note. From “Securing Vehicular Communications – Assumptions, Requirements, and Principles,” by P. Papadimitratos,
V. Gligor, J-P Hubaux, In Proceedings of the Workshop on Embedded Security in Cars (ESCAR) 2006, November
2006.
27.
28. System Model
Users
- user is the owner or the
driver or a passenger
of the vehicle
Network Nodes
- processes running on computing platforms
capable of wireless communication
- Mounted on vehicles and road-side units
(RSUs)
29. System Model
Authorities
- public agencies or
corporations with
administrative powers
- for example, city or state
transportation authorities
30. System Model
VC system operational assumptions
1. Authorities
2. Vehicle Identification and Credentials
3. Infrastructure Identification and Credentials
4. User Identification and Credentials
5. User and Vehicle Association
6. Trusted Components
31. System Model
Authorities
- trusted entities or nodes
- issuing and manage identities and
credentials for vehicular network
- establish two-way communication with nodes
Vehicle Identification and Credentials
- unique identity V
- a pair of private and public keys, kv and KV
- certificate CertX{KV, AV} issued by
authority X
- V denotes on-board central
processing and communication
module
32. System Model
Note. From “Securing Vehicular Communications – Assumptions, Requirements, and Principles,” by P.
Papadimitratos, V. Gligor, J-P Hubaux, In Proceedings of the Workshop on Embedded Security in
Cars (ESCAR) 2006, November 2006.
33. System Model
Infrastructure Identification and Credentials
- unique identity I
- a pair of private and public key kI and KI
- certificate CertZ{KI, AI} issued by authority Z
- gateway to the authorities
- gateway to the mobile vehicles
- RSUs’ locations are fixed
- public vehicles
-considered trustworthy
-be used to assist security
related operations
36. System Model
User identification and Credentials
- Unique identity, U
- a pair of private and public keys, kU and KU
- Certificate CertY{KU , AU } issued by authority Y
User and Vehicle Association
- user is the owner or the driver or a
passenger of the vehicle
- assume only one user can operate
a vehicle
- assume the user is the driver
37. System Model
Trusted Components (TCs)
- nodes equipped with trusted components, i.e., built-in
hardware and firmware
- TCs enforce a policy on the interaction with
the on-board software
- Access to any information stored in the TCs and
modification of their functionality can be done only
by the interface provided by the TCs.
- perform cryptographic operations with signature
generations and verifications
39. Communication Model
Model the wireless communication in
vehicular networks, whose connectivity can
change frequently
Focus mainly on the data link layer
40. Communication Model
Data-link layer primitives and assumption
SendL(V,m) : transmits message m to node V within
radius R of the transmitting node
BcastL(m) : broadcasts message m to all nodes
within radius R of the transmitting node
ReceiveL(m) : receives message m transmitted by a
node within radius R of the receiver
A link (W,V) exists when two nodes W and
V are able to communicate directly
41. Communication Model
Links are either up or down, and their state does not
change faster than the transmission time of a single
packet
The network connectivity, at a particular
instance in time. Modeled as the graph G
the edges of which are all up links.
Transmissions from W are received by all nodes V such
that (W, Vi) is up during the entire duration of the packet
transmission
Packets are delivered across an up link
within a maximum link delay τ or they are
not delivered at all.
42. Communication Model
Communication across the network is
dependent on
availability of sufficient resources
bandwidth
- shared medium contend
- bandwidth can fluctuate
- unevenly distributed among neighbors
- links may be congested
43. Communication Model
Communication Radius, R
Vary over time
Different classes of nodes may operate with different R
Multi-domain and Highly Volatile
environment
Nodes are not bound to administrative and geographical
boundaries
Any two or more nodes communicate independently
44. Communication Model
Frequent Broadcast Communication
Most of the vehicular network traffic is Broadcasted at the
network or application layers
Message are transmitted either
periodically or triggered by network events
Transmission period is low
Time-sensitive Communication
Message delivery can be constrained by deadlines
- different messages have different delay requirements
48. Adversary Model
Internal Active
Adversaries
Multiple adversarial nodes
- adversaries are
independent
- adversaries can collude
- based on TCs, colluding
adversaries are
prevented from exchanging
cryptographic material and
credentials
49. Adversary Model
Internal Active Adversaries (continue)
non-adaptive adversary Adversarial nodes are fixed
adaptive adversary Adversarial nodes change over time
Computationally bounded adversary
adversaries are computationally limited
- limited resources and computational power
- the knowledge of an adversary is limited
- memory finite
50. Design Principles
Default Network Access
Locality and Timeliness as Privileges
Visibility of Events
Mandated (non-circumventable) Mediation
Accountability
Vehicle Autonomy
Separation of Privilege
Non-frameability
Stage Response to Faulty Behavior
Reconfigurability
Privacy Conservation
Usability