Privacy-Aware VANET Security: Putting Data-Centric Misbehavior and Sybil Attack Detection Schemes into Practice

Privacy-Aware VANET Security: Putting
Data-Centric Misbehavior and Sybil Attack
Detection Schemes into Practice
Rasheed Hussain*, Sangjin Kim**, and Heekuck Oh*

*Hanyang

University, **Korea University of Technology and Education,
South Korea

2012-08-18
Rasheed Hussain

HANYANG UNIVERSITY
INFORMATION SECURITY & PRIVACY LAB

rasheed@hanyang.ac.kr

`

Agenda
Main Theme
Introduction
Problem Statement
System Model, Threat Model and Contribution
Proposed Scheme
Performance Evaluation
Discussion and Limitations
Conclusion

Information Security & Privacy Laboratory @ Hanyang University

2


`

Main Theme
Data-Centric Misbehavior Detection Scheme (MDS) and
Entity-Centric MDS in privacy aware VANET (conditional
anonymous)
Incorporating both MDS and SAD (Sybil Attack
Detection)
PAB (Post-Alarm Behavior) in ROEI (Region of Expected
Infection)
Verification of position information
Based on realistic road conditions (traffic regimes)
Independent decision on the part of every individual
node
Threshold revocation scheme

3


`

Introduction[1/3]
Security primitives in VANET
Maybe different from traditional security primitives
For instance, message confidentiality in VANET depends upon the type of
the message. Safety-related messages may not need to be encrypted
Message integrity (liability issues)
Type of messages

Misbehavior in VANET (selfish reason/malfunction)
e.g. a vehicle might send false report on congestion, accident or road
block
Not everybody is malicious!!
Revocation depends upon DoC (Degree of Consequences)

Proceed from taking out the wrong information (revocation
of message) all the way to the revocation of the node)

“Trust on information rather than source of information”


4


`

Introduction[2/3]
Are the trust-management based solutions feasible for
VANET? (so many proposed schemes)
NO!!!!
Ephemeral nature of VANET

Privacy is one of the prime security primitive in VANET
Secure privacy aware beaconing
Incorporate the opposite direction nodes to help in determining the
soundness of information
Warning/Alarm/Critical Message types maybe finite in number
Nodes cross-check the subsequent actions with predefined natural
actions

Position consistency with virtual ears(by beacon messages) and
verified with virtual eyes (Radar)


5


`

Introduction[3/3]

Ruj et al. scheme has severe deficiencies
If the reported position is not consistent with the alert raised then
the message is incorrect and discarded (fig. 1)

6

Problems in Ruj et al.’s scheme
Pseudonyms must not change for certain time after alert is sent
Privacy (?)

Size of Relay messages grows by the factor of the size of MA
Flooding (same alert many times)
Beacon format is not defined
Negation Message Attack (NMA)
A node must report the event before it physically crosses the crash
site
Message duration (FT) may not be sound for relay messages
Vehicles have to wait for beacon from both originator and relayer (?)


`



`

Problem Statement
In a privacy aware VANET architecture with privacy-aware
beaconing scheme where two messages provide un-linkability;
how to detect MDS and SAD with real traffic density?
AS ∝ 1/P (AS denotes Sybil attack and P denotes Privacy)
Privacy preserving beaconing and warning messages
Decide the course of action on the basis of underlying traffic density
Threshold density calculation from received beacon messages


8


`

Network/Threat Model, Contribution [1/4]
Management hierarchy and functional hierarchy

Management Hierarchy
Level 1

Level 2

Functional Entities

Entities Registration/ Overall
Management

DMV (Department of Motor
Vehicles) and Cloud Infrastructure

Certification

Revocation

RCA
(Regional CA)

RAs (Revocation
Authorities)

Level 3

Functional Assistance/Gateway
Terminals to clouds

RSSI (Road-side Static Infrastructure)
and RSMI (Road- side Mobile Infrastru
cture)

Level 4

Operation

Vehicular Nodes (OBUs)


9


Threat/Attacker Model
Insider who deviates from normal VANET behavior or infringes with a user
’s privacy
Having more computation and communication resources
Can eavesdrop on wireless channel
Forges identities, tracking, and diffuse wrong information in VANET
Manipulates with input data for assembling messages

`



`

Functional VANET architecture
RA’s

V2V

DMV

V2I

RCA’s

RSSE

Domain

RSME


11


`

Objectives and Contribution
Devise an algorithm to incorporate both MDS and SAD
Agree upon a tradeoff solution for real time traffic density calculation
Privacy preserving beaconing and critical warning messages
Leverage location verification by virtual ears and virtual eyes
Incorporate two-ways traffic and exploit the S-C-F strategy for misbehavior
detection
Additional Objectives
Loose Authentication
Conditional anonymity
Non-repudiation

Assumptions
Beacons can be received from 1-hop neighbors
Vehicles leverage TRH and omni-directional radar for position verification
DMV (department of motor vehicles), RCAs (Regional CAs), RSI
Beaconing
Identityless (our WISA’09* Paper)

Relaying mechanism (Efficient Flooding)
Threshold based probabilistic vehicular density calculation
*R. Hussain, S. Kim, and H. Oh, “Towards Privacy Aware Pseudonymless Strategy for Avoiding Profile Generation in
VANET” In: H.-Y Yoon, M. Yung (Eds.) WISA 2009. LNCS, vol. 5932, pp. 268-280. Springer, Heidelberg (2009)


12


`

Proposed Scheme [1/6]
Baseline
Beacon format
Mb= (m, Gid, σ ,δ) where m is beacon data, σ = HMAC. KV

i

(T||Gid||Data) and

δ = HMAC. K d i(T||Gid||Data||σ)

RSI are semi-trusted and Vehicles not trusted
TRH are employed in RSUs and OBUs
Alert message types stored in OBUs beforehand


13


`

Warning Message (WM)
Sensed
Type

EID

LID

Gid

T

lociT

Sig.K TRH (EID, LID, Gid, T, lociT)

1

1

16

2

8

16

42

i

Relayed
Type

T

lociT

Gid

λ

Sig. KTRH (T, lociT,Gid, λ)

1

8

16

2

22

42

i

Where λ = (EID, LID, Gids, ΔL, ΔT)


14


`

Alerts and Invalid actions

List of invalid events (LIE)
d is the safe distance
e.g. a car moving with 80kmph and after observing alert, it will reduce to 20kmph
, then it will travel less about 100m in the next 2 seconds, thus the positions sent
in the beacons will be less than d=100m apart

Invalid actions after alert is issued

15


`

Misbehavior (Data-Centric)

MW
received

Goal
Sybil Attacks (Entity-Centric)

Lx
Sensed

MR

Observer o

Hybrid Mechanism depending upon current T. density
MDS (Misbehavior Detection System)
SAD (Sybil Attack Detection)
Dense Traffic Regime (SAD) and Sparse Traffic Regime (MDS)
Privacy aware traffic density calculation

ROEI (Region of Expected Infection) for MW storage and Relay
Location verification


16


`

•

•

Indicator Variable Xb, where Xb=1 if beacon
received is from vehicle ahead, and Xb=0 if
beacon is from behind or opposite side
𝑋𝑏 = 1
𝑖𝑓 𝑏𝑒𝑎𝑐𝑜𝑛 𝑠𝑒𝑛𝑑𝑖𝑛𝑔 𝑣𝑒ℎ𝑖𝑐𝑙𝑒 𝑖𝑠 𝑎ℎ𝑒𝑎𝑑
𝑋𝑏 = 0
𝑖𝑓 𝑏𝑒𝑎𝑐𝑜𝑛 𝑠𝑒𝑛𝑑𝑖𝑛𝑔 𝑣𝑒ℎ𝑖𝑐𝑙𝑒 𝑖𝑠 𝑏𝑒ℎ𝑖𝑛𝑑
𝑜𝑟 𝑖𝑛 𝑜𝑝𝑝𝑜𝑠𝑖𝑡𝑒 𝑑𝑖𝑟𝑒𝑐𝑡𝑖𝑜𝑛




i t k 1

D (v ) t

i t k

MW received
Check for Freshness
Check if already received

Check movement trajectory

X bbi

fb



Wait for beacon from the
same vehicle
Cosine Similarity






Spatial Checks
Temporal Checks
Behavioral Checks
Integrity Checks

Calculate Density and decide
whether MDS or SAD

Collect beacons for certain
time (tk+1-tk) and calculate
Threshold density

Verify position
Check for PWM (PostWarning measurements)

Compare the number of
alarms with the no. of
vehicles (only in one
direction)

Verify the message from
opposite side vehicles


17


`

Discussion
Position Vs Information
WPWI (Wrong Position – Wrong Information)
RPWI (Right Position – Wrong Information)
WPWI (Wrong Position – Right Information)
RPRI (Right Position – Right Information)

Target
Not Likely

Assume, there is one time relay minimum
Sensed Vs Relayed Alarms
Sensed

Relayed

Distinct Sensed Distinct Relayed

Combine the number of senders and cross-check with the traffic D(v)t


18


`

Performance Evaluation [1/2]
Security
Message authentication
Message integrity
Privacy protection
Anonymity revocability
Message revocation and user revocation
Partial brute-force strategy

Non-frameability

Privacy
Revocation with order O(d+g) for beacons and O(d.g) for MW
Since d<<g so the order of revocation in case of beacon is O(g)


19


`

Performance Evaluation [2/2]
Computational Overhead
Comparison with other schemes
Computations

Scheme

Certificates
with Beacons

Profile
Generation

RSU as
Bottleneck

Privacy
Mb

Zhou et al.







Dependent on
Pseudonym
change

Ruj et al.







Dependent on
Pseudonym
change

Our scheme









MW

N/A

N/A

Tp +3Tm
+ 2TH

2H

2Tp + 6Tm +
4TH

Tp + 3Tm +
2TH

Tp= Time of Pairing operation ,Tm=Time of point multiplication , H= Hash operation


20


`

Discussion
Merits of proposed scheme
Privacy-aware threshold-based density calculation
User privacy
Conditional anonymity
No need for RSU support
No Temporary identities are used which lead to profilation
Utilized opposite traffic for SCF (store-carry-forward)
Anonymous position verification

Limitations
Beacon frequency
Flyover scenario
3D position verification (if possible)

The relay mechanism may introduce some overhead temporarily


21


`

Conclusion
HMDS: Hybrid MDS (Flexible)
Privacy-aware Density-based scheme
Efficient position verification
Misbehavior is detected with independent position
verification
Immune to Sybil attacks
Incorporating 2-way traffic


22


`


23

Privacy-Aware VANET Security: Putting Data-Centric Misbehavior and Sybil Attack Detection Schemes into Practice

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Privacy-Aware VANET Security: Putting Data-Centric Misbehavior and Sybil Attack Detection Schemes into Practice

Similar to Privacy-Aware VANET Security: Putting Data-Centric Misbehavior and Sybil Attack Detection Schemes into Practice (20)

Recently uploaded

Recently uploaded (20)

Privacy-Aware VANET Security: Putting Data-Centric Misbehavior and Sybil Attack Detection Schemes into Practice