1 Security for Mobile and Vehicular Ad hoc Networks Abderrahim BENSLIMANE [email protected] LIA- Avignon University IWCMC June 28, Caen, France
Oct 29, 2014
1
Security for Mobile and
Vehicular Ad hoc Networks
Abderrahim BENSLIMANE
LIA- Avignon University
IWCMC June 28, Caen, France
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
2
Outline
• Security on Mobile Ad hoc Networks (MANETs)
• Security in Vehicular Ad hoc Networks (VANETs)
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
3
Outline Part ISecurity on Mobile Ad hoc Networks (MANETs)
• Mobile Ad hoc Networks characteristics
• MANETs Applications
• Vulnerability and Challenges
• Network Security Requirements
• MANET Security Attacks
• Security protocols
• A new MAC layer contribution
• A new cross-layer contribution
• Some secure routing protocols
• Two new contributions at the routing layer
• A Secure Architecture for MANET
• A Confident Community to Secure MANET
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
4
Mobile Ad hoc Networks
characteristics• Autonomous nodes create a network on their own initiative
• Self-organizing
• Open network
• Easy to deploy/extend
• Mobility and dynamic topology
• Wireless communication medium
• Absence of a fixed infrastructure
• Multi-hop communication
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
5
MANETs Applications
• Rescue missions,
• Military operations,
• WLAN extension,
• Video-conferencing …
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
6
Vulnerability & Challenges
• Shared broadcast radio channel• Easier to passively eavesdrop
• De-centralized Control• No trustworthy third party
• Unreliable communication• Constantly changing topology
• Limited Resources• Limited battery power
• Limited computational power
• Unfriendly Environment• Malicious nodes, Selfish nodes, …
• Physical vulnerability• Vulnerable to theft, …
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
7
Security Requirements (1/2)
• Authentification• With a key or a card,
• With a password or a code,
• With a biometric identification
• Confidentiality• protection against non-authorized disclosure of information
• Integrity• protection against non-authorized modification of data
• Availability• protection against services disturbances (Dos)
• Non-repudiation• guarantee that the sender of a message cannot later deny
having sent the message
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
8
MANET Security Attacks
Attacks’ types can be classified by each layer:
• Physical layer attacks
• MAC layer attacks
• Network and routing layer attacks
• Transport layer attacks
• Cross-layer attacks
• …
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
9
MANET Security Attacks
• Physical layer attacks
• The jamming attack: is based on radio medium commu
nication. A jamming source is able to disturb the entire n
etwork or a part of the network; that depends on its powerf
ul level.
• The tampering attack: node can physically be compro
mised, the attacker can extract sensitive information such a
s cryptography keys.
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
10
MANET Security Attacks
• MAC layer attacks
• Greedy behavior: the back off manipulation by the attacker in
order to increase its bandwidth and create unfairness situation
• Malicious collision: the attacker produces a collision in
order to prevent its neighbour’s nodes to communicate or
cooperate
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
11
MANET Security Attacks
• Network and routing layer attacks
Active attacks Passive attacks
Packet silent
discard
Routing procedure Flood network
False replyWormhole
attacksRoute
request
Route
broken
message
False
routing
information
Impersonation
Sybil attacks …
Eavesdropping of
data:
-Traffic analysis,
-Sniffing to
compromise keys,
…
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
12
MANET Security Attacks
• Transport layer attacks
• Desynchronization attack: consists in the disruption of an
existing connection by desynchronization of the sequence number
• SYN Flooding: the attacker may repeatedly make new connection
requests until the maximum limit connection is reached
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
13
MANET Security Attacks
• Cross-layer attacks
• It is complex attacks based on more than one layer to form
the attack
• Shortcut or detour attack: is based on MAC layer to
create an attack at the network layer
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
14
Security Protocols
• Symmetric cryptography• the key which is used for encryption is the same that is used for decryption, (
DES, 3DES, ...)
• Asymmetric (public key) Cryptography• each node has a private key which it is the only one to own, and the public
key known by its correspondents, (RSA, ElGamal, …)
• Cryptographic hash function• It is irreversible function which takes as input a message of arbirary lenght and
produces as output a message digest of fixed length (MD5, SHA, …)
• Digital signatures• allows the message receiver to check the sender's identity and the sender also
cannot refuse the message content then
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
15
Security Protocols
• Threshold cryptography
• (n, k +1) threshold cryptography scheme, the secret key is divided into n partial shares where at least k+1 of n are partial shares which are needed to generate a secret S.
• The advantage is its increased availability,
• PKI (Public Key infrastructure)
• A framework for creating a secure method for exchanging information based on public key cryptography.
• The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of organizations and individuals
• The certificates are also used to sign messages
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
16
Security Protocols
Trust models
1. Hierarchical model 2.2.2.2. peer to peer modelpeer to peer modelpeer to peer modelpeer to peer model
A. Benslimane – IWCMC’201017
A new MAC Layer ContributionA new MAC Layer ContributionA new MAC Layer ContributionA new MAC Layer Contribution
• Modeling and Analysis of Predictable Random Modeling and Analysis of Predictable Random Modeling and Analysis of Predictable Random Modeling and Analysis of Predictable Random BackoffBackoffBackoffBackoff in in in in Selfish Environments [15]Selfish Environments [15]Selfish Environments [15]Selfish Environments [15]
A. Benslimane – IWCMC’201018
Selfish Selfish Selfish Selfish BehaviorBehaviorBehaviorBehavior: Manipulation of CW: Manipulation of CW: Manipulation of CW: Manipulation of CW
A. Benslimane – IWCMC’201019
Predictable Random Predictable Random Predictable Random Predictable Random BackoffBackoffBackoffBackoff
• IEEE 802.11 Binary Exponential IEEE 802.11 Binary Exponential IEEE 802.11 Binary Exponential IEEE 802.11 Binary Exponential BackoffBackoffBackoffBackoff (BEB)(BEB)(BEB)(BEB)• Initially, cw is randomly selected from [0, CWmin]
• In the presence of failed transmission, cw is selected from [0, 2i CWmin] , i is the number of failed transmission
• Upon successful transmission, cw is selected from [0, CWmin]
• Predictable Random Predictable Random Predictable Random Predictable Random BackoffBackoffBackoffBackoff (PRB)(PRB)(PRB)(PRB)• Initially, cw is randomly selected from [0, CWmin]
• In the presence of failed transmission, cw is selected from [0, 2i CWmin] , i is the number of failed transmission
• Upon successful transmission, however:
•• If If cwcw is less than threshold, is less than threshold, cwcw is selected from [is selected from [CWCWlblb, , CWCWminmin]]
•• If If cwcw is larger than threshold, is larger than threshold, cwcw is selected from [0, is selected from [0, CWCWminmin]]
A. Benslimane – IWCMC’2010
A new CrossA new CrossA new CrossA new Cross----Layer ContributionLayer ContributionLayer ContributionLayer Contribution
• Inter Layer Attacks in Mobile Ad Hoc Networks [16]Inter Layer Attacks in Mobile Ad Hoc Networks [16]Inter Layer Attacks in Mobile Ad Hoc Networks [16]Inter Layer Attacks in Mobile Ad Hoc Networks [16]
A. Benslimane – IWCMC’2010
• Due to the random selection of Due to the random selection of Due to the random selection of Due to the random selection of cwcwcwcw, manipulation of , manipulation of , manipulation of , manipulation of cwcwcwcw is tis tis tis the most difficult selfish he most difficult selfish he most difficult selfish he most difficult selfish behaviorbehaviorbehaviorbehavior to be detectedto be detectedto be detectedto be detected
• Some work has been done on the detection and reaction Some work has been done on the detection and reaction Some work has been done on the detection and reaction Some work has been done on the detection and reaction of selfish of selfish of selfish of selfish behaviorbehaviorbehaviorbehavior
• UIUC scheme:
1) Let the receiver to assign the contention window for the transmitter;
2) The receiver will monitor the idle time slots between consecutive multiple transmissions, it will give an alarm if the transmitter fails to obey the assignment upon a pre-defined threshold
• DOMINO:
1) No reaction scheme, only detection
2) Detection of manipulation of cw is similar to UIUC, however it can also detect manipulation of NAV and IFS
The ProblemThe ProblemThe ProblemThe Problem
A. Benslimane – IWCMC’2010
• Problems with current methods: a selfish / malicious node selProblems with current methods: a selfish / malicious node selProblems with current methods: a selfish / malicious node selProblems with current methods: a selfish / malicious node selectively manipulate ectively manipulate ectively manipulate ectively manipulate cwcwcwcw for routing packets to distract/attract ffor routing packets to distract/attract ffor routing packets to distract/attract ffor routing packets to distract/attract flows:lows:lows:lows:
• Detour: selectively using large cw to reduce the chance to be selected as a forwarding node
• Shortcut: selectively using small cw to increase the chance to be selected as forwarding node
• A misbehaved node does not need to know the exact packet type, i.e., a broadcast packet most likely indicates a route request packet
• Hard to be detected because less packet information can be collected for statistical analysis
Therefore, we need some new methods to mitigate these new atTherefore, we need some new methods to mitigate these new attackstacks
The Problem cont.The Problem cont.The Problem cont.The Problem cont.
A. Benslimane – IWCMC’201023
Inter Layer Attacks in Mobile Ad Hoc NetworksInter Layer Attacks in Mobile Ad Hoc NetworksInter Layer Attacks in Mobile Ad Hoc NetworksInter Layer Attacks in Mobile Ad Hoc NetworksInter Layer Attacks in Mobile Ad Hoc NetworksInter Layer Attacks in Mobile Ad Hoc NetworksInter Layer Attacks in Mobile Ad Hoc NetworksInter Layer Attacks in Mobile Ad Hoc Networks
• PSD-I: Randomized Routing Message Selection (MAC)
• Define a timeout timer;
• Buffer received routing/broadcasting packet within timer duration;
• Randomized selection of messages collected within the timer;
• Packet out of timer bounds could be misbehaved node(s).
• PSD-II: Randomized Routing Message Delaying (Routing)
• Introduce small delays for received routing messages
A. Benslimane – IWCMC’201024
Route Changes:
OriginalOriginalOriginalOriginal: S : S : S : S WWWW0000 MMMM1111 WWWW2222 DDDD
Shortcut AttackShortcut AttackShortcut AttackShortcut Attack: : : : S M0 M1 M2 D (M0, M2 attracts route request pkts)Detour Attack: S W0 W1 W2 D (M1 delays route request pkts)
Case (I): Case (I): Case (I): Case (I):
A. Benslimane – IWCMC’2010
Route Changes:
Original: three hopsOriginal: three hopsOriginal: three hopsOriginal: three hops
Detour: nine hopsDetour: nine hopsDetour: nine hopsDetour: nine hops
Case (II): Case (II): Case (II): Case (II):
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
26
Secure routing protocols
• ARIADNE [8]
• Authentication Routing for Ad-hoc Network (ARAN) [7]
• Securing Ad hoc Routing Protocols (SAODV) [13]
• Provably Secure On-demand Source Routing in Mobile
Ad Hoc Networks (endairA) [14]
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
27
Secure routing protocols
• Ariadne [8] is a reactive routing protocol, proposed by Hu, Perrig and Johnson.
• Goal: to secure the former DSR protocol• The packets integrity is insured by the symmetric cryptography
and MAC (Message Authentication Code).
• The end-to-end authentication of original and destination nodes
and of intermediate nodes which participate to the routing thanks
to an authentication mechanism (TESLA: Timed Efficient Stream
Loss-tolerant Authentication ) [5]
• Authentication of routing messages
• TESLA, or digital signatures, or standard MACs
AAAA
RRRR
IIII
AAAA
DDDD
NNNN
EEEE
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
28
Secure routing protocols
• TESLA authentication protocol [9]
• TESLA divides the time interval into N intervals that
last the same duration.
t
ni i+1 i+2 ….i-1
Sn
F2
Kn
F1
TESLA key
Sn-1F1
F2
Kn-1
……...F1
S1
F2
K1
F1S0
F2
K0Generation sequence of keys
AAAA
RRRR
IIII
AAAA
DDDD
NNNN
EEEE
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
29
Secure routing protocols
• RREQ mechanism is reinforced by 8 parameters.
<ROUTE REQUEST, Source, Destination, ID, Time interval, hash chain, nodes list, MACs list >
ID : identification number of RREQ packet
Time interval: TESLA interval: this is the maximum duration which is necessary so that an original node reaches its destination in the network
Hash chain(i)=H(current node, hach chain(i-1))
Nodes list: nodes that have participated to the routing
Macs list: calculated with TESLA keys at each node’s level
AAAA
RRRR
IIII
AAAA
DDDD
NNNN
EEEE
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
30
Secure routing protocols
• The operating steps of ARIADNE
1. After the synchronization, the sender sends a RREQ with a MAC which was encrypted with the TESLA key
2. Each node which participates to the packet routing must add its identity and a MAC encrypted with the TESLA key, that was hached several times (hop number)
3. As soon as the destination node receives the packet, it checks the security condition of TESLA:
• Was the TESLA key not already broadcast?
4. After the TESLA key has been broadcast, the receiver checks the packet integrity, if everything worked well, the RREP is sent to an original node. If it did not, the packet is rejected
AAAA
RRRR
IIII
AAAA
DDDD
NNNN
EEEE
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
31
Secure routing protocols
• Advantages:
• Every replay attack are avoided
• Non-centralized management of keys
• Disadvantages:
• Ariadne protocol is vulnerable to DoS attacks (buffer overflow before the packets have been checked)
• Not all real time protocols are supported
AAAA
RRRR
IIII
AAAA
DDDD
NNNN
EEEE
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
32
Secure routing protocols
• Same as Ariadne:• Instead of signing the rreq, intermediate nodes sign
the rrep
• security • endairA is provably secure if the signature scheme
is secure against chosen message attacks
• efficiency• endairA requires less computation
• route reply is signed and verified only by the nodes on the route
• in Ariadne, route request is signed (and potentially verified) by every node in the network
eeee
nnnn
dddd
aaaa
iiii
rrrr
AAAA
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
33
Secure routing protocols
SAODV is a secure variant of AODV
protects non-mutable information with a digital signature (of the originator of the control packet)
uses hash chains for the protection of the HopCount value
– new non-mutable fields:
• MaxHopCount (= TTL)
• TopHash (= iterative hash of a random seed MaxHopCount times)
– new mutable field:
• Hash (contains the current hash value corresponding to the HopCount value)
operation
– initially Hash is set to the seed
– each time a node increases HopCount, it also replaces Hash with H(Hash)
– verification of the HopCount is done by hashing the Hash field MaxHopCount-HopCount times and checking if the result matches TopHash
SSSS
AAAA
OOOO
DDDD
VVVV
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
34
Secure routing protocols
• Reactive protocol,
• Based on the introduction of a certification authority (CA),
• Goal is to insure:
• Nodes authentication
• Messages integrity
• Non-repudiation
• The principle: in order to participate to the routing, nodes
must own a valid certification from CA
AAAA
RRRR
AAAA
NNNN
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
35
Secure routing protocols
• Operations principle:
1. The node A must request its certification to CA in order to join the network
2. CA gives the certification after it has checked the node’s identity
A : CertA= [IPA, KA+, t, e] KCA--CA
CA: certification authority
Nœud ANœud B
Nœud CNœud X
AAAA
RRRR
AAAA
NNNN
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
36
Secure routing protocols
3. The node A broadcasts an RDP (Route Discovery Packet)
with its certification
4. The node A’s neighbours will check the certification validity
and then they add their certifications and broadcast the packet
5. When a node C receives the RDP packet, it will check both A
and B’s certifications and then it removes B’s certification an
d it adds its own
B broadcast : [[RDP, IPX, NA, t]KA--]KB-- , certA, certB
A broadcast : [RDP, IPX, NA, t]KA--, certA
C broadcast : [[RDP, IPX, NA, t]KA--]KC--,certA, certC
AAAA
RRRR
AAAA
NNNN
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
37
Secure routing protocols
6. At the end the RDP packet arrives to the destination X and after checking the certifications the REP packet is sent to the original node A
7. The REP packet will follow the same RDP path until the node A
8. If the node C does not find the path until the node X, it will generate the error message which will be sent to the node B
X C : [REP, IPA, NA, t]KX--, certX
B A : [[REP, IPA, NA, t]KX--]KB--, certX, CertB
C B : [ERR, IPA, IPX, NC]KC--, CertC
AAAA
RRRR
AAAA
NNNN
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
38
Secure routing protocols
• Advantages :
• Non-authorized modifications are detected
• The nodes’ authentication and the non-repudiation are insured
• Disadvantages :
• The asymmetric cryptography is expensive in terms of
computational and energy requirements (eg.: RSA and key’s size 512 bits (Laptop: 1200MHz and RAM= 512 Mo)=> 2,2 ms).
• ARAN don’t protect against the Wormhole attack (Tunneling)
• A heavy charge on the CA, if it breaks down, the network
security will not be insured anymore
AAAA
RRRR
AAAA
NNNN
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
39
TWO Contributions at routing layer
• A Secure Architecture for MANET [1]
• A Confident Community to Secure MANET [2]
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
40
A Secure Architecture for MANETA Secure Architecture for MANETA Secure Architecture for MANETA Secure Architecture for MANET
---- Outline
• Motivation
• Overview of the architecture
• Trust Model
• Dynamic Demilitarized Zone (DDMZ)
• Secure Distributed Clustering Algorithm (SDCA)
• Performance Evaluation: simulations
• Conclusion and Future Work
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
41
A Secure ArchitectureA Secure ArchitectureA Secure ArchitectureA Secure Architecture
---- MotivationMotivationMotivationMotivation
• In Mobile Ad Hoc Networks some nodes are:
• Confident, cooperative
• Misbehave, selfish
• Relative mobility
=> To use the diversity with trust level and mobility among
nodes in order to secure a network
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
42
A Secure ArchitectureA Secure ArchitectureA Secure ArchitectureA Secure Architecture
---- MotivationMotivationMotivationMotivation
• The goals
• To define a hierarchical architecture when a network is divided into clusters, with one CA node for each cluster
• To Provide Public Key Infrastructure (PKI) in each cluster and to secure inter-cluster communication
• To elect CA among nodes having highest trust level and stability
• Maintain as long as possible the conceived architecture
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
43
A Secure ArchitectureA Secure ArchitectureA Secure ArchitectureA Secure Architecture
---- Trust Model
• Trust metric (Tm) : continuous value in [0 − 1]
• Only confident nodes have Tm = 1
• Each node has trust table which is updated at each metric
change and exchanged by nodes with high trust level
• Each new unknown node starts with Tm = 0 (lower trust
level)
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
44
A Secure ArchitectureA Secure ArchitectureA Secure ArchitectureA Secure Architecture
---- Trust Model
• Definition
• To get high trust metric (Tm = 1) either:
1. A node is known by confident nodes and has exchanged keys
over secure channel [5] [6]
OR
2. A node which has proved its full cooperation (i.e, forward)
• => The idea consists to oblige the unknown nodes to well-
behave
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
45
A Secure ArchitectureA Secure ArchitectureA Secure ArchitectureA Secure Architecture
---- Trust Model
• We define five types of role for the node :
1. Certification authority of cluster (CA) with Tm = 1
2. Registration authority of cluster (RA) with Tm = 1
3. Gateway between clusters (GW) with Tm є [0.7 − 1.0]
4. Member (MN) which success to pass from visitor to member status by well behaviour with Tm є [0.5 − 0.7]
5. Visitor (VN) with Tm є [0.1 − 0.5]
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
46
A Secure ArchitectureA Secure ArchitectureA Secure ArchitectureA Secure Architecture
---- Trust Path
• The trust value of a path depends on its trust chain.
• The trust evaluation between two nodes consists to
take the small trust value of nodes.
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
47
A Secure ArchitectureA Secure ArchitectureA Secure ArchitectureA Secure Architecture
---- Dynamic Demilitarized Zone
• Definition
• A set of nodes at one hop from CA
• - Each node is a Registration Authority (RA)
• The role of these nodes is to protect the CA from untrusted
nodes
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
48
A Secure ArchitectureA Secure ArchitectureA Secure ArchitectureA Secure Architecture
---- Secure Distributed Clustering Algorithm
• Main rules of SDCA
• Only confident nodes (Tm(i) = 1) can be candidate to become
CA
• Each cluster-head is CA of only one cluster
• All confident neighbors of CA, can become RA in the cluster
• Other nodes are at distance of maximum d-hop from the CA
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
49
A Secure ArchitectureA Secure ArchitectureA Secure ArchitectureA Secure Architecture
---- Secure Distributed Clustering Algorithm
• CA Selection Criteria:
• Security: To increase the security of the cluster, SDCA selects
the confident node with a maximum trust degree (Tm = 1) and
at least one confident neighbor
• Stability: Is based on mobility metric [1].
It gives a good knowledge about the relative mobility between
two neighbors nodes
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
50
A Secure ArchitectureA Secure ArchitectureA Secure ArchitectureA Secure Architecture
---- Secure Distributed Clustering Algorithm
• Each CA candidate node starts to send beacon with
information for the election
• Identity of CA candidate
• Dgree of confident neighbors (DTN)
• Relative mobility (RM) to its trust neighbors
• Number of hop from CA (Hop-Count)
• Sequence number of beacon
• Message Authenticated Code (MAC) of beacon
(MACK−[CA, Hop − count,DTN,RM, Sq − num])
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
51
A Secure ArchitectureA Secure ArchitectureA Secure ArchitectureA Secure Architecture
---- Secure Distributed Clustering Algorithm
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
52
A Secure ArchitectureA Secure ArchitectureA Secure ArchitectureA Secure Architecture
---- Secure Distributed Clustering Algorithm
• Example
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
53
A Secure ArchitectureA Secure ArchitectureA Secure ArchitectureA Secure Architecture
---- Security analysis
• The security of our architecture depends directly on the trust model.
• The presence of a great number of confident nodes increases the security of the network.
• All communications from a malicious nodes or malicious cluster are ignored.
• The Denial-of-Service (DoS) attack over CA node is prevented by DDMZ where RA nodes filter all requests from unknown nodes.
• The robustness of DDMZ depends on the number of RAs which collaborate in order to protect CA of their cluster.
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
54
A Secure ArchitectureA Secure ArchitectureA Secure ArchitectureA Secure Architecture
---- Security analysis
• The malicious nodes can use the identity of legitimate nodes only if their private’s keys are divulgated.
• If attackers try to compromise all the network, it must compromise all CA
• The cluster size must be adapted with number of confident nodes in order to well secure CA node (trade-off between the number of confident and unknown nodes must be founded).
• The presence of two confident nodes is the minimum configuration of clustering and it must be reinforced.
• We can use the thresholds cryptography scheme in each cluster after CA election.
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
55
A Secure ArchitectureA Secure ArchitectureA Secure ArchitectureA Secure Architecture
---- Resume
• Hierarchical architecture to distribute a certification authority
• Combination between security and stability to construct clusters in order to secure the network
• DDMZ concept to prevent attacks against CA nodes
• This architecture is adapted to topology changes
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
56
A Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANET
---- MotivationMotivationMotivationMotivation
• In order to maintain the network security when unknown nodes join the network, the monitoring process is necessary.
• The security of the cluster is insured by the cluster manager.
• The concept robustness of the DDMZ require to be well investigated
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
57
A Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANET
---- Secure election processSecure election processSecure election processSecure election process
• Secure Distributed Clustering Algorithm (SDCA):
• Select the a clusterhead (CH) which become the CA according the trust
level and the stability
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
58
A Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANET
---- Monitoring process (1/3)
• Each node with a high trust level monitors its neighbor nodes with low trust level
• The monitor process acts in the different network protocol layer (MAC, Routing, …)
• MAC layer:
• Monitor nodes supervise the channel occupation by their neighbors.
• This function is motivated by one type of selfish misbehavior (The selfish nodes cheat from the choice of the backoff in order to access more bandwidth than other nodes)
• As solutions:
• DOMINO for WLANs [10], PRB(Predectible Random Backoff) [11] for MANET,
• Network layer:
• Monitor nodes supervise the packet forwarding activities of its neighbor nodes and packet integrity.
• As solutions: Watchdog [12]
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
59
A Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANET
---- Monitoring process (2/3)
• We focus on the network layer for the monitoring
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
60
A Confident Community to SeA Confident Community to SeA Confident Community to SeA Confident Community to Se
cure MANETcure MANETcure MANETcure MANET
---- Monitoring process (3/3)
• Let node x and y with Tm(x) > Tm(y):
• The node x can monitor the node y,
• The node x sends a certain number of packets to the node y with an other destination node,
• After a fixed time interval, the node x can calculate the reputation rating:
• Each unknown node starts with a low trust metric (Tm=0.1) and increases when it proves its cooperation and well-behavior
• If R1 is the report generated for MAC layer, the final report about a node y is:
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
61
A Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANET
---- Cluster Manager (CM) (1/2)
• The cluster manager is formed by the:
• The Certification Authority (CA) node
• A set of nodes with high trust levels (if these nodes are located at one
hop from CA node, they become the Registration Authority RA)
• The role of the CM is:
• Insure the cluster security where the CA node will generate a certificate
for a cluster member
• A set of RA nodes forms the DDMZ in order to protect the CA node ag
ainst CA node attacks
• The DDMZ use the reputation rating from the monitoring process to ev
aluate the cluster members.
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
62
A Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANET
---- Cluster Manager (CM) (2/2)
• If the CM receives k report from monitor nodes to evaluate
the node y, then:
• The different functions of the CM and the interaction with
monitoring module
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
63
A Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANET
---- SDCA, SDCA, SDCA, SDCA, Monitoring, Cluster manager
• The monitoring, the election (SDCA) and the cluster manager modules,
interact with a trust model (transitions: 1, 2, 3)
• Modules election and cluster manager call the monitoring module to control
the behviors of the nodes (transitions: 4, 6)
• The cluster management module is the result of SDCA with the transition 5
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
64
A Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANET
Confident connectivity model (1/4)
• The idea is to distribute k confident nodes among n (total number of nodes in the network),
• In each cluster, the CA node and the confident nodes directly connectedform the DDMZ,
• Two nodes (i) and (j) can directly communicate with each other,
if |Xi-Xj| < R (R is a transmission range and Xi location of the node i)
• The confident community is defined as a set of confident nodes which have the highest trust level
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
65
A Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANET
Confident connectivity model (2/4)
• Assumptions:
• There is no obstacle in the area
• All nodes have the same transmission range R
• Each confident node knows the public cryptography keys of
all confident nodes
• The nodes are distributed with Poisson arrival rate λ
• The probability that a node (i) can directly communicate
with a node (j) is:
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
66
A Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANET
Confident connectivity model (3/4)
• The probability to have d+1 confident nodes directly connected is:
• The higher the transmission range is, the greater the probability of
connected network is
• The probability to get two nodes i and j directly connected, knowing
that they belong to the set of confident community |K|=k in the networ
k of n total number of nodes is:
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
67
A Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANET
Confident connectivity model (4/4)
• The probability of (d+1) confident nodes directly connected
• according to the transmission range (R), the percentage of confident
nodes in the network (k/n) and the degree of direct connectivity d
between confident nodes,
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
68
A Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANET
Results analysisResults analysisResults analysisResults analysis
• The clusters and CAs become more resistant against DoS (Denial of Services) attacks when the transmission range is getting longer.
• The result shows that: when the transmission range increases, the probability of two directly connected nodes is increased. Also, the probability of directly connected confident nodes is also increased.
• It indicates the probability to build robust DDMZ depends on thestation transmission range.
• The best configuration of cluster is to find the trade-off between the number of RA and the number of nodes with low trust levels.
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
69
• a confident connectivity model to study the security robustness in the clusters.
• Dynamic Demilitarized Zone (DDMZ), this approach consists on the protection of the certification authority (CA) in each cluster.
• The security of each cluster depends of the robustness and the availability of the registration authority which form the DDMZ
•
A Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANETA Confident Community to Secure MANET
Resume (1/2)Resume (1/2)Resume (1/2)Resume (1/2)
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
70
References
• [1]A. Rachedi and A. Benslimane, "A Secure and Resistant Architecture against Attacks for Mobile
Ad Hoc Networks", Journal of Security and Communication Network, John Wiley InterScience, Vol.
3, N° 2-3, March-June 2010, pp.150-166.
• [2] A. Rachedi, A. Benslimane, Lei Guang and Chadi Assi , “A Confident Community to Secure
Mobile Ad-Hoc Networks”, IEEE International Conference on Communications (ICC 2007), 24-28
June 2007, Glasgow, Scotland, UK.
• [3] P. Basu and N. Khan and T. Little, " A mobility based metric for clustering in MANET ", In Proceedings of Distributed Computing Systems Workshop, :43–51, 2001.
• [4] M. Gerla and J. T.-C. Tsai, " Multicluster, Mobile Multimedia Radio Networks" , Wireless Networks. (1995) 255–256
• [5] S. Yi and R. Kravets, " Quality of Authentication in Ad Hoc Networks" , ACM, MobiCom 2004.
• [6] S. Capkun and J. P. Hubaux and L. Buttyan, " Mobility Helps Peer-to-Peer Security " , IEEE Transactions on Mobile Computing. 5 (2006) 48–60
• [7] Kimaya sanzgiri, Bridget Dahill, “ Secure Rourting Protocol for Ad Hoc Networks “, IEEE ICNP’02
• [8] Yih-Chun Hu, Adrian Perrig, David B. Johnson “Ariadne : A Secure On-Demand Routing Protocol for Ad Hoc Networks”, MobiCom’2002
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
71
References
• [9] Adrian Perrig, Ran Canetti, J. D. Tygar, Dawn Song, “The TESLA Broadcast Authentication Protocol”, RSA CryptoBytes, 2002.
• [10] M. Raya and J.-P. Hubaux and I. Aad, “DOMINO: A System to Detect Greedy Behavior in IEEE 802.11 Hotspots”, In Proc. of MobiSys’04
• [11] L. Guang, C. Assi, and A. Benslimane, “Enhancing IEEE 802.11 Random Backoff in Selfish Environments”, IEEE Transactions on Vehicular Technology Journal, May 2008, Vol. 57, N° 3, pp. 1806-1822.
• [12] K. L. S. Marti, T.J. Giuli et M. Baker, “Mitigating Routing Misebehavior in Mobile Ad Hoc Networks”, ACM/IEEE International Conference on Mobile Computing and Networking, 255–265.
• [13] M. G. Zapata and N. Asokan, “Securing Ad hoc Routing Protocols”, ACM Workshop on Wireless Security (WiSe 2002), pages 1-10. September 2002.
• [14] G. Acs, L. Buttyan, and I. Vajda, “Provably Secure On-demand Source Routing in Mobile A
d Hoc Networks”, IEEE Trans on Mob. Comp. 5(11), 2006.
• [15] L. Guang, C. Assi, and A. Benslimane, Enhancing IEEE 802.11 Random Backoff in Selfish
Environments, IEEE Transactions on Vehicular Technology Journal, May 2008, Vol. 57, N° 3, pp.
1806-1822.
• [16] L. Guang, C. Assi and A. Benslimane, On MAC Layer Misbehavior in Wireless Networks: C
hallenges and Solutions, IEEE Wireless Communications Magazine, Special Issue on Security in W
ireless Mobile Ad Hoc and Sensor Networks, , Vol. 15, N° 4, August 2008, pp. 6-14.
A. Benslimane – IWCMC’2010A. Benslimane – IWCMC’2010
72
• Motivations
• Security issues and solutions
• Applications based Dissemination
• Optimized Dissemination of Alarm Messages:
ODAM
• A risk aware MAC protocol: CRCCA
• Connecting VANET to Internet: VANETII
• References
Outline Part IISecurity on Vehicular Ad hoc Networks (VANETs)
Part II
Vehicular
Ad Hoc Networks:
Security and Dissemination Security and Dissemination
Professor Abderrahim BENSLIMANE
IWCMC June 28, 2010
Outline
• Motivations and applications of vehicular communications
• Security issues and solutions
2
•Applications based Dissemination
• Optimized Dissemination of Alarm Messages: ODAM
• A risk aware Mac protocol: CRCCA
• Connecting VANET to Internet: VANETII
• References
6/26/2010
Background on Safety
• In the US:
• 6+ million traffic accidents per year• 90% driver errors,
• 43 000 deaths,
• 3 million injuries,
3
• Financial cost: more than $230 billion
• Overall Goal: Reduce traffic accidents• Fewer injuries and fatalities
• Lower direct and indirect cost
• Reduced traffic congestion
• In Europe:• Specific Goal: to reduce the car accidents of 50% by 2010
All world is compact in putting money on safety issues
6/26/2010
Background on Traffic Management
• Unregulated traffic cost much
• Congestion is a big source of waste
• 3.6 billion vehicle-hours of delay
• 5.7 billion gallons of wasted fuel
4
• 5.7 billion gallons of wasted fuel
Improve traffic flow and reduce congestion
• Smart traffic signals
• Enhanced transit system
• Central traffic management
• Electronic toll collection
6/26/2010
Wireless communications
• GPRS/UMTS– Expensive, reliability, capacity, timing
• IEEE 802.11-based
– DSRC: Dedicated Short Range Communications Car-Car
communications at 5.9Ghz
5
communications at 5.9Ghz
– 802.11p: IEEE Task Group that intends to standardize
DSRC for Car-Car communications
– 802.11-based Mesh Networks
• IEEE 802.16
– 802.20: extension to high mobility scenarios
• Sensor Networks
– Bluetooth (in-vehicle communications)
– ZigBee6/26/2010
(GPS)Forward radar
Event data recorder (EDR)
Positioning system
Communication
facility
Smart Vehicles
6
Computing platform
Rear radar
facility
Display
6/26/2010
Different components of a Smart vehicles
VANET characteristics
• High mobility:
Fast topology changes,
•Predictable movements of vehicles :
•Trajectory are linked to roads,
7
•Trajectory are linked to roads,
•There are no constraints of weight or problems with energy
conservation,
•Communications are short and the intervals are about
microseconds.
6/26/2010
•Communication paradigms:•V2V
•V2I,
•Hybrid.
DSRC Network Architecture
6/26/2010 8
•DSRC: Dedicated Short
Range Communications(75
MHz in the 5.8/5.9 GHz band)
•IEEE802.11p (PHY and MAC
layers)
V2V
V2I
V2V
V2I
Some applications (1/2)
• Collision Avoidance*
• Warn a driver that is not safe to enter an intersection
• Prevent many vehicle rear-ending each other after a single accident
• Early braking, Distance keeping and speed management, Lane
changing/merging/crossing
9
changing/merging/crossing
• Cooperative Driving*
• Violation warning,
• Turn Conflict and Curve warning
• Lane merging warning
* Life critical
6/26/2010
Some applications (2/2)
• Traffic Optimization *
• Traffic delay continues to increase: Waste time, specially when peak time
travelers
Vehicles can serve as data collectors
• Transmit the traffic condition information: Number of neighbors and
10
• Transmit the traffic condition information: Number of neighbors and
their mean velocities.
• Payment Services
• Electronic toll payment
• Location-based Services
• Parking spot locator
•Enhanced route guidance and navigation
6/26/2010
Security Requirements
• Authentication and data integrity:
• Verify properties of the sender: vehicle, ambulance, traffic sign
• Detect replay (Timestamp)
• The sender can be authenticated but the message is falsified
11
• The sender can be authenticated but the message is falsified
• Driver Privacy
• Detect the actual and not the virtual
• Sybil attack: an adversary can transmit safety-related packets
• i.e., falsely identify a road as congested
6/26/2010
Security Requirements
• Non-repudiation
• Secure vehicles localization:
• Verify if the sender is actually at the claimed position
12
• Verify if the sender is actually at the claimed position
• High availability and strict message delivery deadline
• Adversaries will always be able to reduce availability: Denial-
of-service attacks
6/26/2010
Challenges
• Trade-off between authentication and non-repudiation versus
privacy
• Nature of VANET
– High speed
– Open network
13
– Open network
Some protocols cannot be employed: voting, consensus
and based-reputation
• Sheer scale
– not for protocols that require pre-stored information about participants
• Opposing incentives of participants
– Law enforcement agencies (≠) Drivers
6/26/2010
Mitigating characteristics
• Mobility of VANET can sometimes be beneficial,
• Circulation in two opposite directions,
• Well specified limits: road, motorway, determined number
of lanes, etc.
14
of lanes, etc.
• Not limited in power: complex cryptographic operations,
• All vehicles are to be registered in a central authority,
• Vehicles can leverage their knowledge from the driver’s
response.
6/26/2010
Adversaries
• Rational or Malicious
• Rational – seeks personal benefits, more predictable attack,
• Malicious – No personal benefit, intends to harm other users,
15
• Industrial Insider is a valid user
• Active or passive attacks
• Active: Generates packets, participates in the network,
• Passive: Eavesdrop, track users, etc.
6/26/2010
Some attacks
•Disruption of network operation:•Deny of service,
•Selfish misbehavior
6/26/2010 16
• Disclosure of identities,
• Wormhole attack
• Cheating with identity or positioning information,
Some Solutions 1/6
• Security Hardware
• Event Data Recorder (EDR)
• Records all emergency-related information received: position data, speed
data, acceleration data, time, etc.
17
data, acceleration data, time, etc.
• Liability-related messages should be stored in the EDR
• Tamper-Proof device (TPD)
• Provides the ability of processing
• Verify and signs messages
• Protects Hardware : a set of sensors to detect hardware tampering
• Has its own battery, own clock,
• High cost
6/26/2010
Some Solutions 2/6
• Authentication• Digital Signature
• Each message should be signed and accompanied with a
Timestamp/replay,
18
• Symmetric cryptography is not suitable
messages are standalone, large scale, non-repudiation required,
• Cryptosystem based on asymmetric cryptography (VPKI: Vehicular PKI )
• Hash function: message space hash-codes of specific size
6/26/2010
Some Solutions 3/6
• Non-repudiation
• A single unique identity to each vehicle :
• Electronic License Plate (Affected by the Government)
19
• Electronic Chassis Number (Affected by the manufacturer)
• A CA store a mapping between the unique identity of the vehicle and its set of
public keys.
• Digital signature (using the unique private key of the sender)
6/26/2010
• Save anonymity of drivers• Relationship between the unique identity and public keys must be not visible
Use of pseudonyms (one or more):
Some Solutions 4/6
6/26/2010 20
• only authorities know the mapping to the unique identity
Use of group key:
• To each group of vehicle is assigned a key
Some Solutions 5/6
• Authentication of aggregated data– Emergency road condition warning applications:
• In large network, a simple forward of all messages is inefficient:
significant overhead
21
– Message related to the same road condition
• Fusion, extrapolation, etc
• Reduce overhead : redundant transmissions
– Example: in application of congestion avoidance:
• Position and speed of vehicles can be approximated step by step:
– It is not very useful to have a high degree of accuracy of the position of an accident if
this is further away from the originating nodes (neighboring of the accident)
6/26/2010
Some Solutions 6/6
• Group formation and Communication
• Static group formation:
• specific vehicles are part of specific group
22
• specific vehicles are part of specific group
Rigid and not scalable not suitable for VANET
• Dynamic group formation:
• Vehicles form groups based their driving pattern and their location
Overhead of group formation must be very limited
6/26/2010
• Geographic-based group formation:
• The map is divided into small cells: use of localization system (GPS )
• Each vehicle knows which group it belongs to at any moment based on its
location
Some Solutions 6/6
6/26/2010 23
location
• One group leader per cell: the one closest to the center
limited overhead
Optimized Dissemination of Alarm
24
Optimized Dissemination of Alarm
Messages: ODAM
6/26/2010
ODAM:
Optimized Dissemination of Alarm Messages
• To face the network fragmentation while avoiding neighbors computation
• Solution
• Geocast: use GPS coordinates of vehicles
25
• Geocast: use GPS coordinates of vehicles
• Introduce Defer Time Distance
>> reduce the number of message collisions
>> reduce the number of retransmission
>> best use of bandwidth
>> reduce the delay • Dynamical Relays >> to face the fragmentation
• Tacking into account the direction of circulation
6/26/2010
ODAM:
Optimized Dissemination of Alarm Messages
Defer Time Distance
26
→ Alarm message propagation
Risk zone
Accident
x
ab
c
Transmission range
ε
εε
R
DRtimedeferxdefertime
sx )(_max_)(
−⋅=
6/26/2010
ODAM:
Optimized Dissemination of Alarm Messages
27
Initial (0)
Accident (1)
Waiting (2)
Relay broadcasts (4)
Passive (5) Direction of circulation
6/26/2010
A
A cluster Based Risk aware cooperative
6/26/2010 28
A cluster Based Risk aware cooperative
collision avoidance: CRCCA
CRCCA: Related Work
•Traditional CCA:•A vehicle dispatches warning messages to vehicles behind it,
•Warning messages are transmitted over multiple hops,
6/26/2010 29
• A recipient takes on account the direction of the message
•Message will be ignored if it arrives from behind
generation of large number of messages
generation of redundant messages Collision in the
access medium
The 802.11 Mac layer: Issues
•Back-off mechanism
Increase of the data delivery latency,
In case of CCA, decrease of the 802.11
6/26/2010 30
In case of CCA, decrease of the 802.11
effectiveness,
Some vehicles will not have time to react.
CRCCA: Dynamic clustering of vehicles
•The clustering considers only vehicles moving in the same road
towards the same direction,
•Three roles of nodes:
6/26/2010 31
•Three roles of nodes:
•CH: cluster head,
•SCH: sub cluster head, the last vehicle reached by the CA
•ON: ordinary member
CRCCA: An example of three clusters
6/26/2010 32
CRCCA: a risk aware Mac protocol(1/3)
•In a cluster i, to each vehicle correspond an emergency level as
follow: ( )( )S
i
iωω
ωω
−
−=Ω
1
1 Si ≤≤1
6/26/2010 33
•S: cluster size
• : skew factor
•The contention windows of a vehicle in cluster i:
•k : the number of transmission attempts
• : window size
• : the slot time of the used PHY layer
( )ωω −1
ω
ξ..)1(1
cwCW
jk
j
ii ∑=
Ω−=
cw
ξ
CRCCA: a risk aware Mac protocol(2/3)
•Calculate of , maximum latency since the detection of
emergency situation:
• if slow down with and respectively:
iδ
1ii C and C + raea
6/26/2010 34
•Then is:
• :Is the regular deceleration,
• : is the emergency deceleration,
• : the average vehicle length.
)0,)_)2
(.(2
( ,11
max
viii
i
e
i
re
ii Ld
VV
a
V
aa
VMax ++ −−−=δ
max
iδ
ra
ea
vL
CRCCA: a risk aware MAC protocol(3/3)
•As consequence :
if
= ∑ =
Ω−k
j
j
i cw0
..)1( ξ
),..)1((maxk j
cwMin δξ∑ Ω−iCW
0max
=iδ
6/26/2010 35
=
otherwise),..)1((
max
0 i
k
j
j
i cwMin δξ∑ =Ω−
i
Connecting VANET to Internet: An efficient
routing protocol
36
routing protocol
6/26/2010
Connecting VANET to Internet:
Related Work
• Ad hoc routing protocols do not typically select a route with
sufficient lifetime to maintain the longest possible duration of
communication with a mobility agent.
37
• The handover mechanism is not sufficiently fast to manage
handovers in VANET environment known as “Strong Mobility”.
•More than one gateway may be available at the same time,
How to discover gateways with the best quality of service (QoS)
without wasting network resources.
6/26/2010
Connecting VANET to Internet:
Related Work
•FleetNet Project • The FleetNet investigated the VANET Internet Integration through
stationary roadside gateways,
• Use of a modified version of Mobile IPv6 to handle the mobility,
38
•Use of a service discovery protocol for gateway discovery,
• Use location based routing protocols.
•ProblemsDo not take vehicle movement parameters into account,
Do not cover handovers.
6/26/2010
MMIP6
•A mobility management protocol (for VANETs):
•integrate IPv6-based VANETs into the Internet
Connecting VANET to Internet:
Related Work
39
• Use of a proactive service discovery protocol for Foreign Agent (FA) discovery.
•The service announcements are restricted to a limited broadcast zone:
•Using of geocast capabilities of VANET routing protocols.
Avoid of the flooding of the overall network
• In route selection, a fuzzy-based approach is used
•It considers available information about gateways.
6/26/2010
•VANETII (VANET Internet Integration):•Purpose:
•discover of gateways
•creation routes to them.
Connecting VANET to Internet:
VANETII
40
•Three phases in VANETII :
Agent (gateway) discovery
Route selection
handing the connection to the new gateway.
•The aims :
reducing the overhead during the gateway discovery process
selecting the most stable route to gateways
performing seamless handovers.
6/26/2010
• In VANETII network , two types of nodes :
• Vehicles : stationary or mobile
• Gateways : stationary.
• Each vehicle is equipped with a positioning system, e.g., GPS,
Connecting VANET to Internet:
VANETII
41
• Each vehicle is equipped with a positioning system, e.g., GPS,
• The coordinate of a vehicle u is denoted as (xu, yu). Each vehicle is
also able to calculate its speed, Vu, and direction, θu.
• Links between vehicles are established if the distance between
them is less than their transmission range R.
6/26/2010
Field Description
Gateway Address of the source gateway
Relay Relay address
Table : Agent Advertisement Message Fields
Connecting VANET to Internet:
VANETII
42
Sequence Number Message Sequence Number
Sender Position Geographical Position of the sender
Sender Speed Speed of the sender
Sender Direction Direction of the sender
RET Expiration time of the route
Zm Message Broadcast Zone
6/26/2010
Connecting VANET to Internet:
VANETII
•Proactive Gateway discovery:
43
X A
CBY
•A Gateway broadcasting an advertisement message periodically, then relays
rebroadcast
6/26/2010
•Stability metric
• Link Expiration Time (LET): time duration such that two nodes will remain
connected.
Connecting VANET to Internet:
VANETII
44
• Let (xi , yi) and (xj , yj) be the coordinate of the vehicles i and j which are moving
in direction θi ,θj (0 ≤ θi , θj < 2π ) with the speed of vi and vj, LETij is as follows :
Where :
22
2222 )()()(
ca
bcadrcacdab
ijLET+
−−+++−=
jijjii xxbvva −=−= ;coscos θθ
jijjii yydvvc −=−= ;sinsin θθ
6/26/2010
•Stability function :
aLET
eS−
−= 1
Connecting VANET to Internet:
VANETII
45
• ‘a’: a constant that defines
the rate at which the
function is rising: the lower
is a, the faster the function
rises:
Effect of selecting different values of a on function S
6/26/2010
• Let Rk be a route, which consists of n − 1 links l01, l12, ... , l(n−2)(n−1) between n vehicles 0, 1, ...,
n − 1
•To compute the Route Expiration Time (RET) we should find the link which expires before
the others, hence:
Connecting VANET to Internet:
VANETII
46
•With analytical studies, we compute ‘a’, and then the stability function will be:
6/26/2010
RETLET
eS2
1−
−=
1 -n .. 0 i | MinLET RET 1)(ii,k == +
•If two nodes have the same stability function value
introduce a second function to eliminate duplications
•We will take into account the progress that the packet has made in the opposite
direction of the movement:
Connecting VANET to Internet:
VANETII
47
Where:
• i sender,
•j,k,l receivers (j is the farther).
•The second function is as follow:
r
dijjiP×−
=)cos( θθ
6/26/2010
•We should combine S and P together.
P should not be as effective as S for next hop selection:
PSF ×−+×= )1( αα
Connecting VANET to Internet:
VANETII
48
•For the contention in our protocol we select the timer runtime as:
Where:
• T: the maximum forwarding delay.
•The next hop will be the one with the longest lifetime and the largest progress
in the opposite direction of the road.
)1()( FTFt −=
6/26/2010
sConclusion
•We presented Security issues of vehicular networks and
• We proposed:
• ODAM, a protocol for disseminating alarm messages,
• CRCCA, a risk aware Mac protocol,
49
• CRCCA, a risk aware Mac protocol,
• VANETII, a protocol for connecting VANET to Internet
•Still open field in security:
• Group formations and management of public/private key,
group signature
• Preserving privacy: attacks against privacy in different layers.
6/26/2010
Further readings
• Securing Vehicle ad hoc networks, M. Raya and J.P. Hubaux, J. of comp. Science, Vol. 15,
pp. 39-68, 2007.
• Secure Vehicular Communication Systems: Design and Architecture, P. Papadimitratos,
et al., IEEE Communication Magazine, 2008.
• A secure and efficient communication scheme with authenticated key establishment
and privacy preserving for vehicular ad hoc networks, Computer Communications,
50
and privacy preserving for vehicular ad hoc networks, Computer Communications,
2008.
• Optimized Dissemination of Alarm messages in Vehicular Ad-Hoc Networks (VANET),
A. Benslimane, 7th IEEE HSNMC 2004, LNCS 3079, Springer Publisher, pp.655-666.
• An Efficient Routing Protocol for Connecting Vehicular Networks to the Internet, S.
Barghi, A. Benslimane and C. Assi, 10th IEEE WoWMoM 15-19 June 2009, Greece.
• Towards an Effective Risk-conscious and Collaborative Vehicular Collision Avoidance
System, T. Taleb, Z. Fadlullah, A. Benslimane, and K. Ben Letaief, IEEE Transaction on
Vehicular Technology.
6/26/2010
Thank you
51
COCONCLUSIONS AND FUTUREWORKS
6/26/2010