VANET

1

Security for Mobile and

Vehicular Ad hoc Networks

Abderrahim BENSLIMANE

[email protected]

LIA- Avignon University

IWCMC June 28, Caen, France

A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010

2

Outline

• Security on Mobile Ad hoc Networks (MANETs)

• Security in Vehicular Ad hoc Networks (VANETs)


3

Outline Part ISecurity on Mobile Ad hoc Networks (MANETs)

• Mobile Ad hoc Networks characteristics

• MANETs Applications

• Vulnerability and Challenges

• Network Security Requirements

• MANET Security Attacks

• Security protocols

• A new MAC layer contribution

• A new cross-layer contribution

• Some secure routing protocols

• Two new contributions at the routing layer

• A Secure Architecture for MANET

• A Confident Community to Secure MANET


4

Mobile Ad hoc Networks

characteristics• Autonomous nodes create a network on their own initiative

• Self-organizing

• Open network

• Easy to deploy/extend

• Mobility and dynamic topology

• Wireless communication medium

• Absence of a fixed infrastructure

• Multi-hop communication


5

MANETs Applications

• Rescue missions,

• Military operations,

• WLAN extension,

• Video-conferencing …


6

Vulnerability & Challenges

• Shared broadcast radio channel• Easier to passively eavesdrop

• De-centralized Control• No trustworthy third party

• Unreliable communication• Constantly changing topology

• Limited Resources• Limited battery power

• Limited computational power

• Unfriendly Environment• Malicious nodes, Selfish nodes, …

• Physical vulnerability• Vulnerable to theft, …


7

Security Requirements (1/2)

• Authentification• With a key or a card,

• With a password or a code,

• With a biometric identification

• Confidentiality• protection against non-authorized disclosure of information

• Integrity• protection against non-authorized modification of data

• Availability• protection against services disturbances (Dos)

• Non-repudiation• guarantee that the sender of a message cannot later deny

having sent the message


8

MANET Security Attacks

Attacks’ types can be classified by each layer:

• Physical layer attacks

• MAC layer attacks

• Network and routing layer attacks

• Transport layer attacks

• Cross-layer attacks

• …


9


• Physical layer attacks

• The jamming attack: is based on radio medium commu

nication. A jamming source is able to disturb the entire n

etwork or a part of the network; that depends on its powerf

ul level.

• The tampering attack: node can physically be compro

mised, the attacker can extract sensitive information such a

s cryptography keys.


10


• MAC layer attacks

• Greedy behavior: the back off manipulation by the attacker in

order to increase its bandwidth and create unfairness situation

• Malicious collision: the attacker produces a collision in

order to prevent its neighbour’s nodes to communicate or

cooperate


11


• Network and routing layer attacks

Active attacks Passive attacks

Packet silent

discard

Routing procedure Flood network

False replyWormhole

attacksRoute

request

Route

broken

message

False

routing

information

Impersonation

Sybil attacks …

Eavesdropping of

data:

-Traffic analysis,

-Sniffing to

compromise keys,

…


12


• Transport layer attacks

• Desynchronization attack: consists in the disruption of an

existing connection by desynchronization of the sequence number

• SYN Flooding: the attacker may repeatedly make new connection

requests until the maximum limit connection is reached


13


• Cross-layer attacks

• It is complex attacks based on more than one layer to form

the attack

• Shortcut or detour attack: is based on MAC layer to

create an attack at the network layer


14

Security Protocols

• Symmetric cryptography• the key which is used for encryption is the same that is used for decryption, (

DES, 3DES, ...)

• Asymmetric (public key) Cryptography• each node has a private key which it is the only one to own, and the public

key known by its correspondents, (RSA, ElGamal, …)

• Cryptographic hash function• It is irreversible function which takes as input a message of arbirary lenght and

produces as output a message digest of fixed length (MD5, SHA, …)

• Digital signatures• allows the message receiver to check the sender's identity and the sender also

cannot refuse the message content then


15

Security Protocols

• Threshold cryptography

• (n, k +1) threshold cryptography scheme, the secret key is divided into n partial shares where at least k+1 of n are partial shares which are needed to generate a secret S.

• The advantage is its increased availability,

• PKI (Public Key infrastructure)

• A framework for creating a secure method for exchanging information based on public key cryptography.

• The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of organizations and individuals

• The certificates are also used to sign messages


16

Security Protocols

Trust models

1. Hierarchical model 2.2.2.2. peer to peer modelpeer to peer modelpeer to peer modelpeer to peer model

A. Benslimane – IWCMC’201017

A new MAC Layer ContributionA new MAC Layer ContributionA new MAC Layer ContributionA new MAC Layer Contribution

• Modeling and Analysis of Predictable Random Modeling and Analysis of Predictable Random Modeling and Analysis of Predictable Random Modeling and Analysis of Predictable Random BackoffBackoffBackoffBackoff in in in in Selfish Environments [15]Selfish Environments [15]Selfish Environments [15]Selfish Environments [15]


Selfish Selfish Selfish Selfish BehaviorBehaviorBehaviorBehavior: Manipulation of CW: Manipulation of CW: Manipulation of CW: Manipulation of CW


Predictable Random Predictable Random Predictable Random Predictable Random BackoffBackoffBackoffBackoff

• IEEE 802.11 Binary Exponential IEEE 802.11 Binary Exponential IEEE 802.11 Binary Exponential IEEE 802.11 Binary Exponential BackoffBackoffBackoffBackoff (BEB)(BEB)(BEB)(BEB)• Initially, cw is randomly selected from [0, CWmin]

• In the presence of failed transmission, cw is selected from [0, 2i CWmin] , i is the number of failed transmission

• Upon successful transmission, cw is selected from [0, CWmin]

• Predictable Random Predictable Random Predictable Random Predictable Random BackoffBackoffBackoffBackoff (PRB)(PRB)(PRB)(PRB)• Initially, cw is randomly selected from [0, CWmin]

• In the presence of failed transmission, cw is selected from [0, 2i CWmin] , i is the number of failed transmission

• Upon successful transmission, however:

•• If If cwcw is less than threshold, is less than threshold, cwcw is selected from [is selected from [CWCWlblb, , CWCWminmin]]

•• If If cwcw is larger than threshold, is larger than threshold, cwcw is selected from [0, is selected from [0, CWCWminmin]]


A new CrossA new CrossA new CrossA new Cross----Layer ContributionLayer ContributionLayer ContributionLayer Contribution

• Inter Layer Attacks in Mobile Ad Hoc Networks [16]Inter Layer Attacks in Mobile Ad Hoc Networks [16]Inter Layer Attacks in Mobile Ad Hoc Networks [16]Inter Layer Attacks in Mobile Ad Hoc Networks [16]


• Due to the random selection of Due to the random selection of Due to the random selection of Due to the random selection of cwcwcwcw, manipulation of , manipulation of , manipulation of , manipulation of cwcwcwcw is tis tis tis the most difficult selfish he most difficult selfish he most difficult selfish he most difficult selfish behaviorbehaviorbehaviorbehavior to be detectedto be detectedto be detectedto be detected

• Some work has been done on the detection and reaction Some work has been done on the detection and reaction Some work has been done on the detection and reaction Some work has been done on the detection and reaction of selfish of selfish of selfish of selfish behaviorbehaviorbehaviorbehavior

• UIUC scheme:

1) Let the receiver to assign the contention window for the transmitter;

2) The receiver will monitor the idle time slots between consecutive multiple transmissions, it will give an alarm if the transmitter fails to obey the assignment upon a pre-defined threshold

• DOMINO:

1) No reaction scheme, only detection

2) Detection of manipulation of cw is similar to UIUC, however it can also detect manipulation of NAV and IFS

The ProblemThe ProblemThe ProblemThe Problem


• Problems with current methods: a selfish / malicious node selProblems with current methods: a selfish / malicious node selProblems with current methods: a selfish / malicious node selProblems with current methods: a selfish / malicious node selectively manipulate ectively manipulate ectively manipulate ectively manipulate cwcwcwcw for routing packets to distract/attract ffor routing packets to distract/attract ffor routing packets to distract/attract ffor routing packets to distract/attract flows:lows:lows:lows:

• Detour: selectively using large cw to reduce the chance to be selected as a forwarding node

• Shortcut: selectively using small cw to increase the chance to be selected as forwarding node

• A misbehaved node does not need to know the exact packet type, i.e., a broadcast packet most likely indicates a route request packet

• Hard to be detected because less packet information can be collected for statistical analysis

Therefore, we need some new methods to mitigate these new atTherefore, we need some new methods to mitigate these new attackstacks

The Problem cont.The Problem cont.The Problem cont.The Problem cont.


Inter Layer Attacks in Mobile Ad Hoc NetworksInter Layer Attacks in Mobile Ad Hoc NetworksInter Layer Attacks in Mobile Ad Hoc NetworksInter Layer Attacks in Mobile Ad Hoc NetworksInter Layer Attacks in Mobile Ad Hoc NetworksInter Layer Attacks in Mobile Ad Hoc NetworksInter Layer Attacks in Mobile Ad Hoc NetworksInter Layer Attacks in Mobile Ad Hoc Networks

• PSD-I: Randomized Routing Message Selection (MAC)

• Define a timeout timer;

• Buffer received routing/broadcasting packet within timer duration;

• Randomized selection of messages collected within the timer;

• Packet out of timer bounds could be misbehaved node(s).

• PSD-II: Randomized Routing Message Delaying (Routing)

• Introduce small delays for received routing messages


Route Changes:

OriginalOriginalOriginalOriginal: S : S : S : S WWWW0000 MMMM1111 WWWW2222 DDDD

Shortcut AttackShortcut AttackShortcut AttackShortcut Attack: : : : S M0 M1 M2 D (M0, M2 attracts route request pkts)Detour Attack: S W0 W1 W2 D (M1 delays route request pkts)

Case (I): Case (I): Case (I): Case (I):


Route Changes:

Original: three hopsOriginal: three hopsOriginal: three hopsOriginal: three hops

Detour: nine hopsDetour: nine hopsDetour: nine hopsDetour: nine hops

Case (II): Case (II): Case (II): Case (II):


26

Secure routing protocols

• ARIADNE [8]

• Authentication Routing for Ad-hoc Network (ARAN) [7]

• Securing Ad hoc Routing Protocols (SAODV) [13]

• Provably Secure On-demand Source Routing in Mobile

Ad Hoc Networks (endairA) [14]


27


• Ariadne [8] is a reactive routing protocol, proposed by Hu, Perrig and Johnson.

• Goal: to secure the former DSR protocol• The packets integrity is insured by the symmetric cryptography

and MAC (Message Authentication Code).

• The end-to-end authentication of original and destination nodes

and of intermediate nodes which participate to the routing thanks

to an authentication mechanism (TESLA: Timed Efficient Stream

Loss-tolerant Authentication ) [5]

• Authentication of routing messages

• TESLA, or digital signatures, or standard MACs

AAAA

RRRR

IIII

AAAA

DDDD

NNNN

EEEE


28


• TESLA authentication protocol [9]

• TESLA divides the time interval into N intervals that

last the same duration.

t

ni i+1 i+2 ….i-1

Sn

F2

Kn

F1

TESLA key

Sn-1F1

F2

Kn-1

……...F1

S1

F2

K1

F1S0

F2

K0Generation sequence of keys

AAAA

RRRR

IIII

AAAA

DDDD

NNNN

EEEE


29


• RREQ mechanism is reinforced by 8 parameters.

<ROUTE REQUEST, Source, Destination, ID, Time interval, hash chain, nodes list, MACs list >

ID : identification number of RREQ packet

Time interval: TESLA interval: this is the maximum duration which is necessary so that an original node reaches its destination in the network

Hash chain(i)=H(current node, hach chain(i-1))

Nodes list: nodes that have participated to the routing

Macs list: calculated with TESLA keys at each node’s level

AAAA

RRRR

IIII

AAAA

DDDD

NNNN

EEEE


30


• The operating steps of ARIADNE

1. After the synchronization, the sender sends a RREQ with a MAC which was encrypted with the TESLA key

2. Each node which participates to the packet routing must add its identity and a MAC encrypted with the TESLA key, that was hached several times (hop number)

3. As soon as the destination node receives the packet, it checks the security condition of TESLA:

• Was the TESLA key not already broadcast?

4. After the TESLA key has been broadcast, the receiver checks the packet integrity, if everything worked well, the RREP is sent to an original node. If it did not, the packet is rejected

AAAA

RRRR

IIII

AAAA

DDDD

NNNN

EEEE


31


• Advantages:

• Every replay attack are avoided

• Non-centralized management of keys

• Disadvantages:

• Ariadne protocol is vulnerable to DoS attacks (buffer overflow before the packets have been checked)

• Not all real time protocols are supported

AAAA

RRRR

IIII

AAAA

DDDD

NNNN

EEEE


32


• Same as Ariadne:• Instead of signing the rreq, intermediate nodes sign

the rrep

• security • endairA is provably secure if the signature scheme

is secure against chosen message attacks

• efficiency• endairA requires less computation

• route reply is signed and verified only by the nodes on the route

• in Ariadne, route request is signed (and potentially verified) by every node in the network

eeee

nnnn

dddd

aaaa

iiii

rrrr

AAAA


33


SAODV is a secure variant of AODV

protects non-mutable information with a digital signature (of the originator of the control packet)

uses hash chains for the protection of the HopCount value

– new non-mutable fields:

• MaxHopCount (= TTL)

• TopHash (= iterative hash of a random seed MaxHopCount times)

– new mutable field:

• Hash (contains the current hash value corresponding to the HopCount value)

operation

– initially Hash is set to the seed

– each time a node increases HopCount, it also replaces Hash with H(Hash)

– verification of the HopCount is done by hashing the Hash field MaxHopCount-HopCount times and checking if the result matches TopHash

SSSS

AAAA

OOOO

DDDD

VVVV


34


• Reactive protocol,

• Based on the introduction of a certification authority (CA),

• Goal is to insure:

• Nodes authentication

• Messages integrity

• Non-repudiation

• The principle: in order to participate to the routing, nodes

must own a valid certification from CA

AAAA

RRRR

AAAA

NNNN


35


• Operations principle:

1. The node A must request its certification to CA in order to join the network

2. CA gives the certification after it has checked the node’s identity

A : CertA= [IPA, KA+, t, e] KCA--CA

CA: certification authority

Nœud ANœud B

Nœud CNœud X

AAAA

RRRR

AAAA

NNNN


36


3. The node A broadcasts an RDP (Route Discovery Packet)

with its certification

4. The node A’s neighbours will check the certification validity

and then they add their certifications and broadcast the packet

5. When a node C receives the RDP packet, it will check both A

and B’s certifications and then it removes B’s certification an

d it adds its own

B broadcast : [[RDP, IPX, NA, t]KA--]KB-- , certA, certB

A broadcast : [RDP, IPX, NA, t]KA--, certA

C broadcast : [[RDP, IPX, NA, t]KA--]KC--,certA, certC

AAAA

RRRR

AAAA

NNNN


37


6. At the end the RDP packet arrives to the destination X and after checking the certifications the REP packet is sent to the original node A

7. The REP packet will follow the same RDP path until the node A

8. If the node C does not find the path until the node X, it will generate the error message which will be sent to the node B

X C : [REP, IPA, NA, t]KX--, certX

B A : [[REP, IPA, NA, t]KX--]KB--, certX, CertB

C B : [ERR, IPA, IPX, NC]KC--, CertC

AAAA

RRRR

AAAA

NNNN


38


• Advantages :

• Non-authorized modifications are detected

• The nodes’ authentication and the non-repudiation are insured

• Disadvantages :

• The asymmetric cryptography is expensive in terms of

computational and energy requirements (eg.: RSA and key’s size 512 bits (Laptop: 1200MHz and RAM= 512 Mo)=> 2,2 ms).

• ARAN don’t protect against the Wormhole attack (Tunneling)

• A heavy charge on the CA, if it breaks down, the network

security will not be insured anymore

AAAA

RRRR

AAAA

NNNN


39

TWO Contributions at routing layer

• A Secure Architecture for MANET [1]

• A Confident Community to Secure MANET [2]


40

A Secure Architecture for MANETA Secure Architecture for MANETA Secure Architecture for MANETA Secure Architecture for MANET

---- Outline

• Motivation

• Overview of the architecture

• Trust Model

• Dynamic Demilitarized Zone (DDMZ)

• Secure Distributed Clustering Algorithm (SDCA)

• Performance Evaluation: simulations

• Conclusion and Future Work


41

A Secure ArchitectureA Secure ArchitectureA Secure ArchitectureA Secure Architecture

---- MotivationMotivationMotivationMotivation

• In Mobile Ad Hoc Networks some nodes are:

• Confident, cooperative

• Misbehave, selfish

• Relative mobility

=> To use the diversity with trust level and mobility among

nodes in order to secure a network


42



• The goals

• To define a hierarchical architecture when a network is divided into clusters, with one CA node for each cluster

• To Provide Public Key Infrastructure (PKI) in each cluster and to secure inter-cluster communication

• To elect CA among nodes having highest trust level and stability

• Maintain as long as possible the conceived architecture


43


---- Trust Model

• Trust metric (Tm) : continuous value in [0 − 1]

• Only confident nodes have Tm = 1

• Each node has trust table which is updated at each metric

change and exchanged by nodes with high trust level

• Each new unknown node starts with Tm = 0 (lower trust

level)


44


---- Trust Model

• Definition

• To get high trust metric (Tm = 1) either:

1. A node is known by confident nodes and has exchanged keys

over secure channel [5] [6]

OR

2. A node which has proved its full cooperation (i.e, forward)

• => The idea consists to oblige the unknown nodes to well-

behave


45


---- Trust Model

• We define five types of role for the node :

1. Certification authority of cluster (CA) with Tm = 1

2. Registration authority of cluster (RA) with Tm = 1

3. Gateway between clusters (GW) with Tm є [0.7 − 1.0]

4. Member (MN) which success to pass from visitor to member status by well behaviour with Tm є [0.5 − 0.7]

5. Visitor (VN) with Tm є [0.1 − 0.5]


46


---- Trust Path

• The trust value of a path depends on its trust chain.

• The trust evaluation between two nodes consists to

take the small trust value of nodes.


47


---- Dynamic Demilitarized Zone

• Definition

• A set of nodes at one hop from CA

• - Each node is a Registration Authority (RA)

• The role of these nodes is to protect the CA from untrusted

nodes


48


---- Secure Distributed Clustering Algorithm

• Main rules of SDCA

• Only confident nodes (Tm(i) = 1) can be candidate to become

CA

• Each cluster-head is CA of only one cluster

• All confident neighbors of CA, can become RA in the cluster

• Other nodes are at distance of maximum d-hop from the CA


49



• CA Selection Criteria:

• Security: To increase the security of the cluster, SDCA selects

the confident node with a maximum trust degree (Tm = 1) and

at least one confident neighbor

• Stability: Is based on mobility metric [1].

It gives a good knowledge about the relative mobility between

two neighbors nodes


50



• Each CA candidate node starts to send beacon with

information for the election

• Identity of CA candidate

• Dgree of confident neighbors (DTN)

• Relative mobility (RM) to its trust neighbors

• Number of hop from CA (Hop-Count)

• Sequence number of beacon

• Message Authenticated Code (MAC) of beacon

(MACK−[CA, Hop − count,DTN,RM, Sq − num])


51




52



• Example


53


---- Security analysis

• The security of our architecture depends directly on the trust model.

• The presence of a great number of confident nodes increases the security of the network.

• All communications from a malicious nodes or malicious cluster are ignored.

• The Denial-of-Service (DoS) attack over CA node is prevented by DDMZ where RA nodes filter all requests from unknown nodes.

• The robustness of DDMZ depends on the number of RAs which collaborate in order to protect CA of their cluster.


54


---- Security analysis

• The malicious nodes can use the identity of legitimate nodes only if their private’s keys are divulgated.

• If attackers try to compromise all the network, it must compromise all CA

• The cluster size must be adapted with number of confident nodes in order to well secure CA node (trade-off between the number of confident and unknown nodes must be founded).

• The presence of two confident nodes is the minimum configuration of clustering and it must be reinforced.

• We can use the thresholds cryptography scheme in each cluster after CA election.


55


---- Resume

• Hierarchical architecture to distribute a certification authority

• Combination between security and stability to construct clusters in order to secure the network

• DDMZ concept to prevent attacks against CA nodes

• This architecture is adapted to topology changes


56

A Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANET


• In order to maintain the network security when unknown nodes join the network, the monitoring process is necessary.

• The security of the cluster is insured by the cluster manager.

• The concept robustness of the DDMZ require to be well investigated


57


---- Secure election processSecure election processSecure election processSecure election process

• Secure Distributed Clustering Algorithm (SDCA):

• Select the a clusterhead (CH) which become the CA according the trust

level and the stability


58


---- Monitoring process (1/3)

• Each node with a high trust level monitors its neighbor nodes with low trust level

• The monitor process acts in the different network protocol layer (MAC, Routing, …)

• MAC layer:

• Monitor nodes supervise the channel occupation by their neighbors.

• This function is motivated by one type of selfish misbehavior (The selfish nodes cheat from the choice of the backoff in order to access more bandwidth than other nodes)

• As solutions:

• DOMINO for WLANs [10], PRB(Predectible Random Backoff) [11] for MANET,

• Network layer:

• Monitor nodes supervise the packet forwarding activities of its neighbor nodes and packet integrity.

• As solutions: Watchdog [12]


59



• We focus on the network layer for the monitoring


60

A Confident Community to SeA Confident Community to SeA Confident Community to SeA Confident Community to Se

cure MANETcure MANETcure MANETcure MANET


• Let node x and y with Tm(x) > Tm(y):

• The node x can monitor the node y,

• The node x sends a certain number of packets to the node y with an other destination node,

• After a fixed time interval, the node x can calculate the reputation rating:

• Each unknown node starts with a low trust metric (Tm=0.1) and increases when it proves its cooperation and well-behavior

• If R1 is the report generated for MAC layer, the final report about a node y is:


61


---- Cluster Manager (CM) (1/2)

• The cluster manager is formed by the:

• The Certification Authority (CA) node

• A set of nodes with high trust levels (if these nodes are located at one

hop from CA node, they become the Registration Authority RA)

• The role of the CM is:

• Insure the cluster security where the CA node will generate a certificate

for a cluster member

• A set of RA nodes forms the DDMZ in order to protect the CA node ag

ainst CA node attacks

• The DDMZ use the reputation rating from the monitoring process to ev

aluate the cluster members.


62


---- Cluster Manager (CM) (2/2)

• If the CM receives k report from monitor nodes to evaluate

the node y, then:

• The different functions of the CM and the interaction with

monitoring module


63


---- SDCA, SDCA, SDCA, SDCA, Monitoring, Cluster manager

• The monitoring, the election (SDCA) and the cluster manager modules,

interact with a trust model (transitions: 1, 2, 3)

• Modules election and cluster manager call the monitoring module to control

the behviors of the nodes (transitions: 4, 6)

• The cluster management module is the result of SDCA with the transition 5


64


Confident connectivity model (1/4)

• The idea is to distribute k confident nodes among n (total number of nodes in the network),

• In each cluster, the CA node and the confident nodes directly connectedform the DDMZ,

• Two nodes (i) and (j) can directly communicate with each other,

if |Xi-Xj| < R (R is a transmission range and Xi location of the node i)

• The confident community is defined as a set of confident nodes which have the highest trust level


65



• Assumptions:

• There is no obstacle in the area

• All nodes have the same transmission range R

• Each confident node knows the public cryptography keys of

all confident nodes

• The nodes are distributed with Poisson arrival rate λ

• The probability that a node (i) can directly communicate

with a node (j) is:


66



• The probability to have d+1 confident nodes directly connected is:

• The higher the transmission range is, the greater the probability of

connected network is

• The probability to get two nodes i and j directly connected, knowing

that they belong to the set of confident community |K|=k in the networ

k of n total number of nodes is:


67



• The probability of (d+1) confident nodes directly connected

• according to the transmission range (R), the percentage of confident

nodes in the network (k/n) and the degree of direct connectivity d

between confident nodes,


68


Results analysisResults analysisResults analysisResults analysis

• The clusters and CAs become more resistant against DoS (Denial of Services) attacks when the transmission range is getting longer.

• The result shows that: when the transmission range increases, the probability of two directly connected nodes is increased. Also, the probability of directly connected confident nodes is also increased.

• It indicates the probability to build robust DDMZ depends on thestation transmission range.

• The best configuration of cluster is to find the trade-off between the number of RA and the number of nodes with low trust levels.


69

• a confident connectivity model to study the security robustness in the clusters.

• Dynamic Demilitarized Zone (DDMZ), this approach consists on the protection of the certification authority (CA) in each cluster.

• The security of each cluster depends of the robustness and the availability of the registration authority which form the DDMZ

•


Resume (1/2)Resume (1/2)Resume (1/2)Resume (1/2)


70

References

• [1]A. Rachedi and A. Benslimane, "A Secure and Resistant Architecture against Attacks for Mobile

Ad Hoc Networks", Journal of Security and Communication Network, John Wiley InterScience, Vol.

3, N° 2-3, March-June 2010, pp.150-166.

• [2] A. Rachedi, A. Benslimane, Lei Guang and Chadi Assi , “A Confident Community to Secure

Mobile Ad-Hoc Networks”, IEEE International Conference on Communications (ICC 2007), 24-28

June 2007, Glasgow, Scotland, UK.

• [3] P. Basu and N. Khan and T. Little, " A mobility based metric for clustering in MANET ", In Proceedings of Distributed Computing Systems Workshop, :43–51, 2001.

• [4] M. Gerla and J. T.-C. Tsai, " Multicluster, Mobile Multimedia Radio Networks" , Wireless Networks. (1995) 255–256

• [5] S. Yi and R. Kravets, " Quality of Authentication in Ad Hoc Networks" , ACM, MobiCom 2004.

• [6] S. Capkun and J. P. Hubaux and L. Buttyan, " Mobility Helps Peer-to-Peer Security " , IEEE Transactions on Mobile Computing. 5 (2006) 48–60

• [7] Kimaya sanzgiri, Bridget Dahill, “ Secure Rourting Protocol for Ad Hoc Networks “, IEEE ICNP’02

• [8] Yih-Chun Hu, Adrian Perrig, David B. Johnson “Ariadne : A Secure On-Demand Routing Protocol for Ad Hoc Networks”, MobiCom’2002


71

References

• [9] Adrian Perrig, Ran Canetti, J. D. Tygar, Dawn Song, “The TESLA Broadcast Authentication Protocol”, RSA CryptoBytes, 2002.

• [10] M. Raya and J.-P. Hubaux and I. Aad, “DOMINO: A System to Detect Greedy Behavior in IEEE 802.11 Hotspots”, In Proc. of MobiSys’04

• [11] L. Guang, C. Assi, and A. Benslimane, “Enhancing IEEE 802.11 Random Backoff in Selfish Environments”, IEEE Transactions on Vehicular Technology Journal, May 2008, Vol. 57, N° 3, pp. 1806-1822.

• [12] K. L. S. Marti, T.J. Giuli et M. Baker, “Mitigating Routing Misebehavior in Mobile Ad Hoc Networks”, ACM/IEEE International Conference on Mobile Computing and Networking, 255–265.

• [13] M. G. Zapata and N. Asokan, “Securing Ad hoc Routing Protocols”, ACM Workshop on Wireless Security (WiSe 2002), pages 1-10. September 2002.

• [14] G. Acs, L. Buttyan, and I. Vajda, “Provably Secure On-demand Source Routing in Mobile A

d Hoc Networks”, IEEE Trans on Mob. Comp. 5(11), 2006.

• [15] L. Guang, C. Assi, and A. Benslimane, Enhancing IEEE 802.11 Random Backoff in Selfish

Environments, IEEE Transactions on Vehicular Technology Journal, May 2008, Vol. 57, N° 3, pp.

1806-1822.

• [16] L. Guang, C. Assi and A. Benslimane, On MAC Layer Misbehavior in Wireless Networks: C

hallenges and Solutions, IEEE Wireless Communications Magazine, Special Issue on Security in W

ireless Mobile Ad Hoc and Sensor Networks, , Vol. 15, N° 4, August 2008, pp. 6-14.


72

• Motivations

• Security issues and solutions

• Applications based Dissemination

• Optimized Dissemination of Alarm Messages:

ODAM

• A risk aware MAC protocol: CRCCA

• Connecting VANET to Internet: VANETII

• References

Outline Part IISecurity on Vehicular Ad hoc Networks (VANETs)

Part II

Vehicular

Ad Hoc Networks:

Security and Dissemination Security and Dissemination

Professor Abderrahim BENSLIMANE

IWCMC June 28, 2010

Outline

• Motivations and applications of vehicular communications

• Security issues and solutions

2

•Applications based Dissemination

• Optimized Dissemination of Alarm Messages: ODAM

• A risk aware Mac protocol: CRCCA

• Connecting VANET to Internet: VANETII

• References

6/26/2010

Background on Safety

• In the US:

• 6+ million traffic accidents per year• 90% driver errors,

• 43 000 deaths,

• 3 million injuries,

3

• Financial cost: more than $230 billion

• Overall Goal: Reduce traffic accidents• Fewer injuries and fatalities

• Lower direct and indirect cost

• Reduced traffic congestion

• In Europe:• Specific Goal: to reduce the car accidents of 50% by 2010

All world is compact in putting money on safety issues

6/26/2010

Background on Traffic Management

• Unregulated traffic cost much

• Congestion is a big source of waste

• 3.6 billion vehicle-hours of delay

• 5.7 billion gallons of wasted fuel

4

• 5.7 billion gallons of wasted fuel

Improve traffic flow and reduce congestion

• Smart traffic signals

• Enhanced transit system

• Central traffic management

• Electronic toll collection

6/26/2010

Wireless communications

• GPRS/UMTS– Expensive, reliability, capacity, timing

• IEEE 802.11-based

– DSRC: Dedicated Short Range Communications Car-Car

communications at 5.9Ghz

5

communications at 5.9Ghz

– 802.11p: IEEE Task Group that intends to standardize

DSRC for Car-Car communications

– 802.11-based Mesh Networks

• IEEE 802.16

– 802.20: extension to high mobility scenarios

• Sensor Networks

– Bluetooth (in-vehicle communications)

– ZigBee6/26/2010

(GPS)Forward radar

Event data recorder (EDR)

Positioning system

Communication

facility

Smart Vehicles

6

Computing platform

Rear radar

facility

Display

6/26/2010

Different components of a Smart vehicles

VANET characteristics

• High mobility:

Fast topology changes,

•Predictable movements of vehicles :

•Trajectory are linked to roads,

7

•Trajectory are linked to roads,

•There are no constraints of weight or problems with energy

conservation,

•Communications are short and the intervals are about

microseconds.

6/26/2010

•Communication paradigms:•V2V

•V2I,

•Hybrid.

DSRC Network Architecture

6/26/2010 8

•DSRC: Dedicated Short

Range Communications(75

MHz in the 5.8/5.9 GHz band)

•IEEE802.11p (PHY and MAC

layers)

V2V

V2I

V2V

V2I

Some applications (1/2)

• Collision Avoidance*

• Warn a driver that is not safe to enter an intersection

• Prevent many vehicle rear-ending each other after a single accident

• Early braking, Distance keeping and speed management, Lane

changing/merging/crossing

9

changing/merging/crossing

• Cooperative Driving*

• Violation warning,

• Turn Conflict and Curve warning

• Lane merging warning

* Life critical

6/26/2010

Some applications (2/2)

• Traffic Optimization *

• Traffic delay continues to increase: Waste time, specially when peak time

travelers

Vehicles can serve as data collectors

• Transmit the traffic condition information: Number of neighbors and

10

• Transmit the traffic condition information: Number of neighbors and

their mean velocities.

• Payment Services

• Electronic toll payment

• Location-based Services

• Parking spot locator

•Enhanced route guidance and navigation

6/26/2010

Security Requirements

• Authentication and data integrity:

• Verify properties of the sender: vehicle, ambulance, traffic sign

• Detect replay (Timestamp)

• The sender can be authenticated but the message is falsified

11

• The sender can be authenticated but the message is falsified

• Driver Privacy

• Detect the actual and not the virtual

• Sybil attack: an adversary can transmit safety-related packets

• i.e., falsely identify a road as congested

6/26/2010

Security Requirements

• Non-repudiation

• Secure vehicles localization:

• Verify if the sender is actually at the claimed position

12

• Verify if the sender is actually at the claimed position

• High availability and strict message delivery deadline

• Adversaries will always be able to reduce availability: Denial-

of-service attacks

6/26/2010

Challenges

• Trade-off between authentication and non-repudiation versus

privacy

• Nature of VANET

– High speed

– Open network

13

– Open network

Some protocols cannot be employed: voting, consensus

and based-reputation

• Sheer scale

– not for protocols that require pre-stored information about participants

• Opposing incentives of participants

– Law enforcement agencies (≠) Drivers

6/26/2010

Mitigating characteristics

• Mobility of VANET can sometimes be beneficial,

• Circulation in two opposite directions,

• Well specified limits: road, motorway, determined number

of lanes, etc.

14

of lanes, etc.

• Not limited in power: complex cryptographic operations,

• All vehicles are to be registered in a central authority,

• Vehicles can leverage their knowledge from the driver’s

response.

6/26/2010

Adversaries

• Rational or Malicious

• Rational – seeks personal benefits, more predictable attack,

• Malicious – No personal benefit, intends to harm other users,

15

• Industrial Insider is a valid user

• Active or passive attacks

• Active: Generates packets, participates in the network,

• Passive: Eavesdrop, track users, etc.

6/26/2010

Some attacks

•Disruption of network operation:•Deny of service,

•Selfish misbehavior

6/26/2010 16

• Disclosure of identities,

• Wormhole attack

• Cheating with identity or positioning information,

Some Solutions 1/6

• Security Hardware

• Event Data Recorder (EDR)

• Records all emergency-related information received: position data, speed

data, acceleration data, time, etc.

17

data, acceleration data, time, etc.

• Liability-related messages should be stored in the EDR

• Tamper-Proof device (TPD)

• Provides the ability of processing

• Verify and signs messages

• Protects Hardware : a set of sensors to detect hardware tampering

• Has its own battery, own clock,

• High cost

6/26/2010

Some Solutions 2/6

• Authentication• Digital Signature

• Each message should be signed and accompanied with a

Timestamp/replay,

18

• Symmetric cryptography is not suitable

messages are standalone, large scale, non-repudiation required,

• Cryptosystem based on asymmetric cryptography (VPKI: Vehicular PKI )

• Hash function: message space hash-codes of specific size

6/26/2010

Some Solutions 3/6

• Non-repudiation

• A single unique identity to each vehicle :

• Electronic License Plate (Affected by the Government)

19

• Electronic Chassis Number (Affected by the manufacturer)

• A CA store a mapping between the unique identity of the vehicle and its set of

public keys.

• Digital signature (using the unique private key of the sender)

6/26/2010

• Save anonymity of drivers• Relationship between the unique identity and public keys must be not visible

Use of pseudonyms (one or more):

Some Solutions 4/6

6/26/2010 20

• only authorities know the mapping to the unique identity

Use of group key:

• To each group of vehicle is assigned a key

Some Solutions 5/6

• Authentication of aggregated data– Emergency road condition warning applications:

• In large network, a simple forward of all messages is inefficient:

significant overhead

21

– Message related to the same road condition

• Fusion, extrapolation, etc

• Reduce overhead : redundant transmissions

– Example: in application of congestion avoidance:

• Position and speed of vehicles can be approximated step by step:

– It is not very useful to have a high degree of accuracy of the position of an accident if

this is further away from the originating nodes (neighboring of the accident)

6/26/2010

Some Solutions 6/6

• Group formation and Communication

• Static group formation:

• specific vehicles are part of specific group

22

• specific vehicles are part of specific group

Rigid and not scalable not suitable for VANET

• Dynamic group formation:

• Vehicles form groups based their driving pattern and their location

Overhead of group formation must be very limited

6/26/2010

• Geographic-based group formation:

• The map is divided into small cells: use of localization system (GPS )

• Each vehicle knows which group it belongs to at any moment based on its

location

Some Solutions 6/6

6/26/2010 23

location

• One group leader per cell: the one closest to the center

limited overhead

Optimized Dissemination of Alarm

24

Optimized Dissemination of Alarm

Messages: ODAM

6/26/2010

ODAM:

Optimized Dissemination of Alarm Messages

• To face the network fragmentation while avoiding neighbors computation

• Solution

• Geocast: use GPS coordinates of vehicles

25

• Geocast: use GPS coordinates of vehicles

• Introduce Defer Time Distance

>> reduce the number of message collisions

>> reduce the number of retransmission

>> best use of bandwidth

>> reduce the delay • Dynamical Relays >> to face the fragmentation

• Tacking into account the direction of circulation

6/26/2010

ODAM:


Defer Time Distance

26

→ Alarm message propagation

Risk zone

Accident

x

ab

c

Transmission range

ε

εε

R

DRtimedeferxdefertime

sx )(_max_)(

−⋅=

6/26/2010

ODAM:


27

Initial (0)

Accident (1)

Waiting (2)

Relay broadcasts (4)

Passive (5) Direction of circulation

6/26/2010

A

A cluster Based Risk aware cooperative

6/26/2010 28

A cluster Based Risk aware cooperative

collision avoidance: CRCCA

CRCCA: Related Work

•Traditional CCA:•A vehicle dispatches warning messages to vehicles behind it,

•Warning messages are transmitted over multiple hops,

6/26/2010 29

• A recipient takes on account the direction of the message

•Message will be ignored if it arrives from behind

generation of large number of messages

generation of redundant messages Collision in the

access medium

The 802.11 Mac layer: Issues

•Back-off mechanism

Increase of the data delivery latency,

In case of CCA, decrease of the 802.11

6/26/2010 30

In case of CCA, decrease of the 802.11

effectiveness,

Some vehicles will not have time to react.

CRCCA: Dynamic clustering of vehicles

•The clustering considers only vehicles moving in the same road

towards the same direction,

•Three roles of nodes:

6/26/2010 31

•Three roles of nodes:

•CH: cluster head,

•SCH: sub cluster head, the last vehicle reached by the CA

•ON: ordinary member

CRCCA: An example of three clusters

6/26/2010 32

CRCCA: a risk aware Mac protocol(1/3)

•In a cluster i, to each vehicle correspond an emergency level as

follow: ( )( )S

i

iωω

ωω

−

−=Ω

1

1 Si ≤≤1

6/26/2010 33

•S: cluster size

• : skew factor

•The contention windows of a vehicle in cluster i:

•k : the number of transmission attempts

• : window size

• : the slot time of the used PHY layer

( )ωω −1

ω

ξ..)1(1

cwCW

jk

j

ii ∑=

Ω−=

cw

ξ

CRCCA: a risk aware Mac protocol(2/3)

•Calculate of , maximum latency since the detection of

emergency situation:

• if slow down with and respectively:

iδ

1ii C and C + raea

6/26/2010 34

•Then is:

• :Is the regular deceleration,

• : is the emergency deceleration,

• : the average vehicle length.

)0,)_)2

(.(2

( ,11

max

viii

i

e

i

re

ii Ld

VV

a

V

aa

VMax ++ −−−=δ

max

iδ

ra

ea

vL

CRCCA: a risk aware MAC protocol(3/3)

•As consequence :

if

= ∑ =

Ω−k

j

j

i cw0

..)1( ξ

),..)1((maxk j

cwMin δξ∑ Ω−iCW

0max

=iδ

6/26/2010 35

=

otherwise),..)1((

max

0 i

k

j

j

i cwMin δξ∑ =Ω−

i

Connecting VANET to Internet: An efficient

routing protocol

36

routing protocol

6/26/2010

Connecting VANET to Internet:

Related Work

• Ad hoc routing protocols do not typically select a route with

sufficient lifetime to maintain the longest possible duration of

communication with a mobility agent.

37

• The handover mechanism is not sufficiently fast to manage

handovers in VANET environment known as “Strong Mobility”.

•More than one gateway may be available at the same time,

How to discover gateways with the best quality of service (QoS)

without wasting network resources.

6/26/2010


Related Work

•FleetNet Project • The FleetNet investigated the VANET Internet Integration through

stationary roadside gateways,

• Use of a modified version of Mobile IPv6 to handle the mobility,

38

•Use of a service discovery protocol for gateway discovery,

• Use location based routing protocols.

•ProblemsDo not take vehicle movement parameters into account,

Do not cover handovers.

6/26/2010

MMIP6

•A mobility management protocol (for VANETs):

•integrate IPv6-based VANETs into the Internet


Related Work

39

• Use of a proactive service discovery protocol for Foreign Agent (FA) discovery.

•The service announcements are restricted to a limited broadcast zone:

•Using of geocast capabilities of VANET routing protocols.

Avoid of the flooding of the overall network

• In route selection, a fuzzy-based approach is used

•It considers available information about gateways.

6/26/2010

•VANETII (VANET Internet Integration):•Purpose:

•discover of gateways

•creation routes to them.


VANETII

40

•Three phases in VANETII :

Agent (gateway) discovery

Route selection

handing the connection to the new gateway.

•The aims :

reducing the overhead during the gateway discovery process

selecting the most stable route to gateways

performing seamless handovers.

6/26/2010

• In VANETII network , two types of nodes :

• Vehicles : stationary or mobile

• Gateways : stationary.

• Each vehicle is equipped with a positioning system, e.g., GPS,


VANETII

41

• Each vehicle is equipped with a positioning system, e.g., GPS,

• The coordinate of a vehicle u is denoted as (xu, yu). Each vehicle is

also able to calculate its speed, Vu, and direction, θu.

• Links between vehicles are established if the distance between

them is less than their transmission range R.

6/26/2010

Field Description

Gateway Address of the source gateway

Relay Relay address

Table : Agent Advertisement Message Fields


VANETII

42

Sequence Number Message Sequence Number

Sender Position Geographical Position of the sender

Sender Speed Speed of the sender

Sender Direction Direction of the sender

RET Expiration time of the route

Zm Message Broadcast Zone

6/26/2010


VANETII

•Proactive Gateway discovery:

43

X A

CBY

•A Gateway broadcasting an advertisement message periodically, then relays

rebroadcast

6/26/2010

•Stability metric

• Link Expiration Time (LET): time duration such that two nodes will remain

connected.


VANETII

44

• Let (xi , yi) and (xj , yj) be the coordinate of the vehicles i and j which are moving

in direction θi ,θj (0 ≤ θi , θj < 2π ) with the speed of vi and vj, LETij is as follows :

Where :

22

2222 )()()(

ca

bcadrcacdab

ijLET+

−−+++−=

jijjii xxbvva −=−= ;coscos θθ

jijjii yydvvc −=−= ;sinsin θθ

6/26/2010

•Stability function :

aLET

eS−

−= 1


VANETII

45

• ‘a’: a constant that defines

the rate at which the

function is rising: the lower

is a, the faster the function

rises:

Effect of selecting different values of a on function S

6/26/2010

• Let Rk be a route, which consists of n − 1 links l01, l12, ... , l(n−2)(n−1) between n vehicles 0, 1, ...,

n − 1

•To compute the Route Expiration Time (RET) we should find the link which expires before

the others, hence:


VANETII

46

•With analytical studies, we compute ‘a’, and then the stability function will be:

6/26/2010

RETLET

eS2

1−

−=

1 -n .. 0 i | MinLET RET 1)(ii,k == +

•If two nodes have the same stability function value

introduce a second function to eliminate duplications

•We will take into account the progress that the packet has made in the opposite

direction of the movement:


VANETII

47

Where:

• i sender,

•j,k,l receivers (j is the farther).

•The second function is as follow:

r

dijjiP×−

=)cos( θθ

6/26/2010

•We should combine S and P together.

P should not be as effective as S for next hop selection:

PSF ×−+×= )1( αα


VANETII

48

•For the contention in our protocol we select the timer runtime as:

Where:

• T: the maximum forwarding delay.

•The next hop will be the one with the longest lifetime and the largest progress

in the opposite direction of the road.

)1()( FTFt −=

6/26/2010

sConclusion

•We presented Security issues of vehicular networks and

• We proposed:

• ODAM, a protocol for disseminating alarm messages,

• CRCCA, a risk aware Mac protocol,

49

• CRCCA, a risk aware Mac protocol,

• VANETII, a protocol for connecting VANET to Internet

•Still open field in security:

• Group formations and management of public/private key,

group signature

• Preserving privacy: attacks against privacy in different layers.

6/26/2010

Further readings

• Securing Vehicle ad hoc networks, M. Raya and J.P. Hubaux, J. of comp. Science, Vol. 15,

pp. 39-68, 2007.

• Secure Vehicular Communication Systems: Design and Architecture, P. Papadimitratos,

et al., IEEE Communication Magazine, 2008.

• A secure and efficient communication scheme with authenticated key establishment

and privacy preserving for vehicular ad hoc networks, Computer Communications,

50

and privacy preserving for vehicular ad hoc networks, Computer Communications,

2008.

• Optimized Dissemination of Alarm messages in Vehicular Ad-Hoc Networks (VANET),

A. Benslimane, 7th IEEE HSNMC 2004, LNCS 3079, Springer Publisher, pp.655-666.

• An Efficient Routing Protocol for Connecting Vehicular Networks to the Internet, S.

Barghi, A. Benslimane and C. Assi, 10th IEEE WoWMoM 15-19 June 2009, Greece.

• Towards an Effective Risk-conscious and Collaborative Vehicular Collision Avoidance

System, T. Taleb, Z. Fadlullah, A. Benslimane, and K. Ben Letaief, IEEE Transaction on

Vehicular Technology.

6/26/2010

Thank you

51

COCONCLUSIONS AND FUTUREWORKS

6/26/2010

VANET

Documents

demand source

efficient

secure routing

ad hoc networks

vehicular

predictable

unknown node

inter layer