Beruflich Dokumente
Kultur Dokumente
Outline
Security on Mobile Ad hoc Networks (MANETs) Security in Vehicular Ad hoc Networks (VANETs)
2
A. Benslimane IWCMC2010
Outline Part I
Security on Mobile Ad hoc Networks (MANETs)
Mobile Ad hoc Networks characteristics MANETs Applications Vulnerability and Challenges Network Security Requirements MANET Security Attacks Security protocols A new MAC layer contribution A new cross-layer contribution Some secure routing protocols Two new contributions at the routing layer
A Secure Architecture for MANET A Confident Community to Secure MANET
A. Benslimane IWCMC2010
4
A. Benslimane IWCMC2010
MANETs Applications
Rescue missions, Military operations, WLAN extension, Video-conferencing
5
A. Benslimane IWCMC2010
De-centralized Control
No trustworthy third party
Unreliable communication
Constantly changing topology
Limited Resources
Limited battery power Limited computational power
Unfriendly Environment
Malicious nodes, Selfish nodes,
Physical vulnerability
Vulnerable to theft,
6
A. Benslimane IWCMC2010
Security Requirements
Authentification
With a key or a card, With a password or a code, With a biometric identification
(1/2)
Confidentiality
protection against non-authorized disclosure of information
Integrity
protection against non-authorized modification of data
Availability
protection against services disturbances (Dos)
Non-repudiation
guarantee that the sender of a message cannot later deny A. Benslimane IWCMC2010 having sent the message
7
9
A. Benslimane IWCMC2010
Malicious collision: the attacker produces a collision in order to prevent its neighbours nodes to communicate or cooperate
10
A. Benslimane IWCMC2010
Flood network
False reply
Route request
12
A. Benslimane IWCMC2010
13
A. Benslimane IWCMC2010
Security Protocols
Symmetric cryptography
the key which is used for encryption is the same that is used for decryption, DES, 3DES, ...) (
Digital signatures
allows the message receiver to check the sender's identity and the sender also cannot refuse the message content then
14
A. Benslimane IWCMC2010
Security Protocols
Threshold cryptography
(n, k +1) threshold cryptography scheme, the secret key is divided into n partial shares where at least k+1 of n are partial shares which are needed to generate a secret S. The advantage is its increased availability,
Security Protocols
Trust models
1. Hierarchical model
16
A. Benslimane IWCMC2010
17 A. Benslimane IWCMC2010
18 A. Benslimane IWCMC2010
A. Benslimane IWCMC2010
The Problem
cw, Due to the random selection of cw, manipulation of cw is t he most difficult selfish behavior to be detected Some work has been done on the detection and reaction of selfish behavior
UIUC scheme: 1) Let the receiver to assign the contention window for the tran smitter; 2) The receiver will monitor the idle time slots between consecu tive multiple transmissions, it will give an alarm if the transmit ter fails to obey the assignment upon a pre-defined threshold DOMINO: 1) No reaction scheme, only detection 2) Detection of manipulation of cw is similar to UIUC, however it can also detect manipulation of NAV and IFS
A. Benslimane IWCMC2010
Detour: selectively using large cw to reduce the chance to be selected as a forwarding node Shortcut: selectively using small cw to increase t he chance to be selected as forwarding node A misbehaved node does not need to know the ex act packet type, i.e., a broadcast packet most lik ely indicates a route request packet Hard to be detected because less packet informa tion can be collected for statistical analysis
Therefore, we need some new methods to mitigate these new at tacks
A. Benslimane IWCMC2010
Case (I):
Route Changes: Original: Original: S W0 M1 W2 D Attack: M2 D (M0, M2 attracts route request pkts) Shortcut Attack: S M0 M1 Detour Attack: S W0 W1 W2 D (M1 delays route request pkts)
24 A. Benslimane IWCMC2010
Case (II):
Route Changes: Original: three hops A. nine hops Detour: Benslimane IWCMC2010
Securing Ad hoc Routing Protocols (SAODV) [13] Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks (endairA) [14]
26
A. Benslimane IWCMC2010
Ariadne [8] is a reactive routing protocol, proposed by Hu, Perrig and Johnson. Goal: to secure the former DSR protocol
The packets integrity is insured by the symmetric cryptography and MAC (Message Authentication Code). The end-to-end authentication of original and destination nodes and of intermediate nodes which participate to the routing thanks to an authentication mechanism (TESLA: Timed Efficient Stream Loss-tolerant Authentication ) [5]
i-1
i+1
i+2
n t
F1
S1 F2
F1
...
F1
Sn-1 F2 Kn-1
F1
Sn F2 Kn TESLA key
28
<ROUTE REQUEST, Source, Destination, ID, Time interval, hash chain, nodes list, MACs list >
ID : identification number of RREQ packet Time interval: TESLA interval: this is the maximum duration which is necessary so that an original node reaches its destination in the network Hash chain(i)=H(current node, hach chain(i-1)) Nodes list: nodes that have participated to the routing Macs list: calculated with TESLA keys at each nodes level
4. After the TESLA key has been broadcast, the receiver checks the packet integrity, if everything worked well, the RREP is sent to an original node. If it did not, the packet is rejected
Advantages:
Every replay attack are avoided Non-centralized management of keys
Disadvantages:
Ariadne protocol is vulnerable to DoS attacks (buffer overflow before the packets have been checked) Not all real time protocols are supported
Same as Ariadne:
Instead of signing the rreq, intermediate nodes sign the rrep
security
endairA is provably secure if the signature scheme is secure against chosen message attacks
efficiency
endairA requires less computation
route reply is signed and verified only by the nodes on the route in Ariadne, route request is signed (and potentially verified) by every node in the network
operation
initially Hash is set to the seed each time a node increases HopCount, it also replaces Hash with H(Hash) verification of the HopCount is done by hashing the Hash field MaxHopCountHopCount times and checking if the result matches TopHash 33
A. Benslimane IWCMC2010
The principle: in order to participate to the routing, nodes must own a valid certification from CA
34
A. Benslimane IWCMC2010
A R
Nud A
A N
Operations principle:
1. The node A must request its certification to CA in order to join the network 2. CA gives the certification after it has checked the node s identity
CA A : CertA = [IPA, KA+, t, e] KCA-A. Benslimane IWCMC2010
35
4. The node As neighbours will check the certification validity and then they add their certifications and broadcast the packet
B broadcast : [[RDP, IPX, NA, t]KA--]KB-- , certA, certB
5. When a node C receives the RDP packet, it will check both A and Bs certifications and then it removes Bs certification an d it adds its own
C broadcast : [[RDP, IPX, NA, t]KA--]KC--,certA, certC 36
A. Benslimane IWCMC2010
7. The REP packet will follow the same RDP path until the node A
B A : [[REP, IPA, NA, t]KX--]KB--, certX, CertB
8. If the node C does not find the path until the node X, it will generate the error message which will be sent to the node B
C B : [ERR, IPA, IPX, NC]KC--, CertC
37
A. Benslimane IWCMC2010
A R A N
Non-authorized modifications are detected The nodes authentication and the non-repudiation are insured
Disadvantages :
The asymmetric cryptography is expensive in terms of computational and energy requirements (eg.: RSA and keys size 512 bits (Laptop: 1200MHz and RAM= 512 Mo)=> 2,2 ms). ARAN dont protect against the Wormhole attack (Tunneling) A heavy charge on the CA, if it breaks down, the network security will not be insured anymore
38
A. Benslimane IWCMC2010
39
A. Benslimane IWCMC2010
40
A. Benslimane IWCMC2010
=> To use the diversity with trust level and mobility among nodes in order to secure a network
41
A. Benslimane IWCMC2010
42
A. Benslimane IWCMC2010
43
A. Benslimane IWCMC2010
44
A. Benslimane IWCMC2010
45
A. Benslimane IWCMC2010
46
A. Benslimane IWCMC2010
47
A. Benslimane IWCMC2010
48
A. Benslimane IWCMC2010
49
A. Benslimane IWCMC2010
51
A. Benslimane IWCMC2010
52
A. Benslimane IWCMC2010
53
A. Benslimane IWCMC2010
54
A. Benslimane IWCMC2010
55
A. Benslimane IWCMC2010
In order to maintain the network security when unknown nodes join the network, the monitoring process is necessary. The security of the cluster is insured by the cluster manager. The concept robustness of the DDMZ require to be well investigated
56
A. Benslimane IWCMC2010
57
A. Benslimane IWCMC2010
Network layer: Monitor nodes supervise the packet forwarding activities of its neighbor nodes and packet integrity. As solutions: Watchdog [12]
58
A. Benslimane IWCMC2010
Each unknown node starts with a low trust metric (Tm=0.1) and increases when it proves its cooperation and well-behavior If R1 is the report generated for MAC layer, the final report about a node y is:
60
A. Benslimane IWCMC2010
The different functions of the CM and the interaction with monitoring module
62
A. Benslimane IWCMC2010
63
A. Benslimane IWCMC2010
The probability that a node (i) can directly communicate with a node (j) is:
65
A. Benslimane IWCMC2010
The higher the transmission range is, the greater the probability of connected network is The probability to get two nodes i and j directly connected, knowing that they belong to the set of confident community |K|=k in the networ k of n total number of nodes is:
66
A. Benslimane IWCMC2010
67
A. Benslimane IWCMC2010
69
A. Benslimane IWCMC2010
References
[1]A. Rachedi and A. Benslimane, "A Secure and Resistant Architecture against Attacks for Mobile Ad Hoc Networks", Journal of Security and Communication Network, John Wiley InterScience, Vol. 3, N 2-3, March-June 2010, pp.150-166. [2] A. Rachedi, A. Benslimane, Lei Guang and Chadi Assi , A Confident Community to Secure Mobile Ad-Hoc Networks, IEEE International Conference on Communications (ICC 2007), 24-28 June 2007, Glasgow, Scotland, UK. [3] P. Basu and N. Khan and T. Little, " A mobility based metric for clustering in MANET ", In Proceedings of Distributed Computing Systems Workshop, :4351, 2001. [4] M. Gerla and J. T.-C. Tsai, " Multicluster, Mobile Multimedia Radio Networks" , Wireless Networks. (1995) 255256 [5] S. Yi and R. Kravets, " Quality of Authentication in Ad Hoc Networks" , ACM, MobiCom 2004. [6] S. Capkun and J. P. Hubaux and L. Buttyan, " Mobility Helps Peer-to-Peer Security " , IEEE Transactions on Mobile Computing. 5 (2006) 4860 [7] Kimaya sanzgiri, Bridget Dahill, Secure Rourting Protocol for Ad Hoc Networks , IEEE ICNP 02 [8] Yih-Chun Hu, Adrian Perrig, David B. Johnson Ariadne : A Secure On-Demand Routing Protocol for Ad Hoc Networks, MobiCom2002
70
A. Benslimane IWCMC2010
References
[9] Adrian Perrig, Ran Canetti, J. D. Tygar, Dawn Song, The TESLA Broadcast Authentication Protocol, RSA CryptoBytes, 2002. [10] M. Raya and J.-P. Hubaux and I. Aad, DOMINO: A System to Detect Greedy Behavior in IEEE 802.11 Hotspots, In Proc. of MobiSys04 [11] L. Guang, C. Assi, and A. Benslimane, Enhancing IEEE 802.11 Random Backoff in Selfish Environments, IEEE Transactions on Vehicular Technology Journal, May 2008, Vol. 57, N 3, pp. 1806-1822. [12] K. L. S. Marti, T.J. Giuli et M. Baker, Mitigating Routing Misebehavior in Mobile Ad Hoc Networks, ACM/IEEE International Conference on Mobile Computing and Networking, 255265. [13] M. G. Zapata and N. Asokan, Securing Ad hoc Routing Protocols, ACM Workshop on Wireless Security (WiSe 2002), pages 1-10. September 2002. [14] G. Acs, L. Buttyan, and I. Vajda, Provably Secure On-demand Source Routing in Mobile A d Hoc Networks, IEEE Trans on Mob. Comp. 5(11), 2006. [15] L. Guang, C. Assi, and A. Benslimane, Enhancing IEEE 802.11 Random Backoff in Selfish Environments, IEEE Transactions on Vehicular Technology Journal, May 2008, Vol. 57, N 3, pp. 1806-1822. [16] L. Guang, C. Assi and A. Benslimane, On MAC Layer Misbehavior in Wireless Networks: C hallenges and Solutions, IEEE Wireless Communications Magazine, Special Issue on Security in W 71 ireless Mobile Ad Hoc and Sensor Networks, , Vol. 15, N 4, August 2008, pp. 6-14.
A. Benslimane IWCMC2010
Outline Part II
Security on Vehicular Ad hoc Networks (VANETs)
Motivations Security issues and solutions Applications based Dissemination Optimized Dissemination of Alarm Messages: ODAM A risk aware MAC protocol: CRCCA Connecting VANET to Internet: VANETII References
72
A. Benslimane IWCMC2010
Outline
Motivations and applications of vehicular communications
Security issues and solutions Applications based Dissemination Optimized Dissemination of Alarm Messages: ODAM A risk aware Mac protocol: CRCCA Connecting VANET to Internet: VANETII References
6/26/2010
Background on Safety
In the US: 6+ million traffic accidents per year
90% driver errors, 43 000 deaths, 3 million injuries,
Financial cost: more than $230 billion Overall Goal: Reduce traffic accidents
Fewer injuries and fatalities Lower direct and indirect cost Reduced traffic congestion
In Europe:
Specific Goal: to reduce the car accidents of 50% by 2010 All world is compact in putting money on safety issues
6/26/2010 3
Background on Traffic Management Unregulated traffic cost much Congestion is a big source of waste
3.6 billion vehicle-hours of delay 5.7 billion gallons of wasted fuel
Smart traffic signals Enhanced transit system Central traffic management Electronic toll collection
4
Wireless communications
GPRS/UMTS
Expensive, reliability, capacity, timing
IEEE 802.11-based
DSRC: Dedicated Short Range Communications Car-Car communications at 5.9Ghz 802.11p: IEEE Task Group that intends to standardize DSRC for Car-Car communications 802.11-based Mesh Networks
IEEE 802.16
802.20: extension to high mobility scenarios
Sensor Networks
Bluetooth (in-vehicle communications) ZigBee
6/26/2010 5
Smart Vehicles
Communication facility
6/26/2010
VANET characteristics
High mobility: Fast topology changes, Predictable movements of vehicles : Trajectory are linked to roads, There are no constraints of weight or problems with energy conservation, Communications are short and the intervals are about microseconds.
6/26/2010 7
Communication paradigms:
V2V V2I, Hybrid.
V2V V2V
Cooperative Driving*
Violation warning, Turn Conflict and Curve warning Lane merging warning
* Life critical
6/26/2010 9
Payment Services
Electronic toll payment
Location-based Services
Parking spot locator Enhanced route guidance and navigation
6/26/2010 10
6/26/2010
12
Challenges
Trade-off between authentication and non-repudiation versus privacy Nature of VANET
High speed Open network
Some protocols cannot be employed: voting, consensus and based-reputation Sheer scale
not for protocols that require pre-stored information about participants
Mitigating characteristics
Mobility of VANET can sometimes be beneficial, Circulation in two opposite directions, Well specified limits: road, motorway, determined number of lanes, etc. Not limited in power: complex cryptographic operations, All vehicles are to be registered in a central authority, Vehicles can leverage their knowledge from the drivers response.
6/26/2010
14
Adversaries
Rational or Malicious
Rational seeks personal benefits, more predictable attack, Malicious No personal benefit, intends to harm other users,
Some attacks
Security Hardware
Event Data Recorder (EDR)
Records all emergency-related information received: position data, speed data, acceleration data, time, etc. Liability-related messages should be stored in the EDR
Authentication
Digital Signature Each message should be signed and accompanied with a Timestamp/replay, Symmetric cryptography is not suitable messages are standalone, large scale, non-repudiation required, Cryptosystem based on asymmetric cryptography (VPKI: Vehicular PKI ) Hash function: message space
6/26/2010
Non-repudiation
A single unique identity to each vehicle : Electronic License Plate (Affected by the Government) Electronic Chassis Number (Affected by the manufacturer) A CA store a mapping between the unique identity of the vehicle and its set of public keys. Digital signature (using the unique private key of the sender)
6/26/2010
19
6/26/2010
20
Example: in application of congestion avoidance: Position and speed of vehicles can be approximated step by step:
It is not very useful to have a high degree of accuracy of the position of an accident if this is further away from the originating nodes (neighboring of the accident)
6/26/2010
21
6/26/2010
22
6/26/2010
23
6/26/2010
24
( R Dsx )
R
26
Accident (1) Initial (0) Waiting (2) Relay broadcasts (4) Passive (5) Direction of circulation
6/26/2010 27
6/26/2010
28
Traditional CCA:
A vehicle dispatches warning messages to vehicles behind it, Warning messages are transmitted over multiple hops, A recipient takes on account the direction of the message Message will be ignored if it arrives from behind generation of large number of messages generation of redundant messages access medium
6/26/2010
Collision in the
29
Back-off mechanism Increase of the data delivery latency, In case of CCA, decrease of the 802.11 effectiveness, Some vehicles will not have time to react.
6/26/2010
30
The clustering considers only vehicles moving in the same road towards the same direction, Three roles of nodes: CH: cluster head, SCH: sub cluster head, the last vehicle reached by the CA ON: ordinary member
6/26/2010
31
6/26/2010
32
i
S: cluster size : skew factor
(1 ) =
(1 S )
1 i S
CW
j =1
(1 i ) .cw .
k : the number of transmission attempts cw : window size : the slot time of the used PHY layer
6/26/2010 33
Calculate of i , maximum latency since the detection of emergency situation: if Ci and Ci +1 slow down with ae and ar respectively:
i max = Max (
Vi ae
V 2 Vi .( (V i + 1 i ) d i +1, i _ L v ) , 0 ) ar ae 2
ar :Is the regular deceleration, ae : is the emergency deceleration, Lv : the average vehicle length.
6/26/2010 34
As consequence :
(1 i ) j .cw. j =0
Min ( j = 0 (1 i ) j .cw. , i
k max
CWi =
if i max = 0
) otherwise
6/26/2010
35
6/26/2010
36
routing protocols do not typically select a route with sufficient lifetime to maintain the longest possible duration of communication with a mobility agent. The handover mechanism is not sufficiently fast to manage handovers in VANET environment known as Strong Mobility. More than one gateway may be available at the same time, How to discover gateways with the best quality of service (QoS) without wasting network resources.
6/26/2010
37
Problems
Do not take vehicle movement parameters into account, Do not cover handovers.
6/26/2010 38
The aims :
reducing the overhead during the gateway discovery process selecting the most stable route to gateways performing seamless handovers.
6/26/2010 40
6/26/2010
42
X Y
A B C
LETij =
Where :
( ab + cd ) + ( a 2 + c 2 ) r 2 ( ad bc ) 2 a 2 +c2
6/26/2010
S = 1 e
LET a
a: a constant that defines the rate at which the function is rising: the lower is a, the faster the function rises:
Effect of selecting different values of a on function S
6/26/2010
45
S = 1 e
6/26/2010
2 LET RET
46
P=
F = S + (1 ) P
For the contention in our protocol we select the timer runtime as:
t ( F ) = T (1 F )
Where: T: the maximum forwarding delay. The next hop will be the one with the longest lifetime and the largest progress in the opposite direction of the road.
6/26/2010
48
Conclusion
We presented Security issues of vehicular networks and We proposed: ODAM, a protocol for disseminating alarm messages, CRCCA, a risk aware Mac protocol, VANETII, a protocol for connecting VANET to Internet Still open field in security: Group formations and management of public/private key, group signature Preserving privacy: attacks against privacy in different layers.
6/26/2010 49
Further readings
Securing Vehicle ad hoc networks, M. Raya and J.P. Hubaux, J. of comp. Science, Vol. 15, pp. 39-68, 2007. Secure Vehicular Communication Systems: Design and Architecture, P. Papadimitratos, et al., IEEE Communication Magazine, 2008. A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks, Computer Communications, 2008. Optimized Dissemination of Alarm messages in Vehicular Ad-Hoc Networks (VANET), A. Benslimane, 7th IEEE HSNMC 2004, LNCS 3079, Springer Publisher, pp.655-666. An Efficient Routing Protocol for Connecting Vehicular Networks to the Internet, S. Barghi, A. Benslimane and C. Assi, 10th IEEE WoWMoM 15-19 June 2009, Greece. Towards an Effective Risk-conscious and Collaborative Vehicular Collision Avoidance System, T. Taleb, Z. Fadlullah, A. Benslimane, and K. Ben Letaief, IEEE Transaction on Vehicular Technology.
6/26/2010
50
Thank you
COCONCLUSIONS AND FUTUREWORKS
6/26/2010
51