Post on 23-Mar-2016
description
Group-based Source Authentication in VANETs
You Lu, Biao Zhou, Fei Jia, Mario GerlaUCLA
{youlu, zhb, feijia, gerla}@cs.ucla.edu
VANET slide
• VANET Scenario
The problem: authentication
• VANET broadcast messages:– Beacons for safe driving, surveillance, situation etc
• Problem: malicious sources can generate bogus messages– Attack models
• Critical issue we address here: – Sender authentication (within group)– Not addressed here:
• Non repudiation• Privacy protection, • Secret delivery to selected group (e.g. police agents, taxi cabs,
coalition members), etc
Existing Authent. solutions
• PKI – a bit too expensive• TESLA – cheaper, but ..slow (Toyota et al)
TESLA: One Way Hash Chain
• In TESLA a source generate a one way chain of length L by randomly picking the last element SL of the chain S and by repeatedly applying the Hash function F( ) to get the next values one after the other.
• After creating the one way chain, the source stamps each packet with the chain values in reverse order. The receiver can verify Si+1 only after it receives Si from the source.
• At this time, the receiver also verifies the source authenticity
TESLA overview (cont)
• TESLA (Time efficient stream loss tolerant authentication)– Assumption: 2- time slot delay in authentication
• Packet P1 received in slot 5; K5 received in slot 7
– Authentication of P1: • Verify K5 from K4 pr K3 (explain how)• MAC(K5, P1) = Verify MAC
– Pros: Robust to packet loss; Data all in plain text.– Con: delayed authentication.
Exploit Group Motion to reduce latency
• Group Scenario– Nodes move in groups– Each group is a closed broadcast group:
• Military peace keeping patrols; police agents in a mission; presidential motorcade.
– Group nodes acquire SECRET initial group attribute, and initial mobility counter before joining
• Our Goal: reduce the key disclosure delay in group broadcast
Group-based Source Authentication (GSA)
• Basic Idea:
• Protocol Design– How to define a group?
• Group Identifier, such as group name, group ID…• Dynamic Attributes, such location intersection, group speed etc Must be
better explained • Initial Group property is shared by the same group.
– How to ensure disclosure key cannot be captured and replayed by attacker? • Encrypt the disclosure key with secret group ID.
• External nodes cannot get K7, • secret group ID never transmitted in plain text.• Proactively updated dynamic attributed for extra security
Encrypt (K7, secret group ID)
Group-based Source Authentication (GSA)
• Group Authentication Phase– The sender broadcasts nonce with own GID and requests receivers in the
group to authenticate themselves– Each Receiver R uses individual TESLA reverse hash chain. Receiver Packet: Time interval 3
– After key disclosure delay period, each receiver sends K3 – Sender checks if R is in the same group as itself.
Same Group member– Now all group members are authenticated and “in synch”– Periodically authenticate group membership after timeout
Step 1: Group Authentication
• Data Transfer Phase– Inter-group• Use conventional TESLA-like scheme (large latency)
– Intra-group• Instant KEY disclosure• Packet sent at time i:
• Group members: – decrypt K_i using group_property key– verify Packet_i immediately using decrypted K_i.
Step 2: Group-based Source Authentication (GSA)
Evaluation
Experiments
• Average End-to-End Latency:
• Testbed: 7 Laptops with Intel M740 processor, 1.73 Ghz• Number of active GSA Sessions: from 5 to 500
Experiments (cont)
• CPU and Memory Usage:
Experiments (cont)
• MAC Average Computing Time:
Experiments (cont)
• Performance Comparison of GSA and TESLA for single session:
• GSA guarantees efficient, safe delivery of vehicular alarms within a group
MAC Compute Time End-to-End Delay Verification Time
TESLA 11ms 186ms 2.3s
GSA 10ms 195ms 0.44ms
Conclusions• GSA is applicable in the following scenarios:
– Nodes move in group– Group nodes know initial group secret and initial mobility attributes– Incremental addition of attributes supported
• Experiment results:– In TESLA, large latency due to key disclosure delay– GSA reduces key disclosure delay to significant groups (e.g., vehicles
in the same convoy)• Future work:
– Dynamic Group ID certificates to short lived urban vehicle platoons– Safety improvement resulting from of reduced latency– Secret content to selected groups (e.g., police)– Privacy preservation
ThanksQ & A