Secure Message Communication using Digital Signatures andAttribute Based Cryptographic Method in VANET

Sandhya Kohli1 & Rakesh Dhiman2

The Vehicles will become increasingly intelligent in the near future, they will be equipped with radio interfaces. Securityand privacy are the two primary concerns in the design of Vehicular Ad hoc Networks (VANET). Poorly designed VANETcauses serious attacks on the network and jeopardize the goal of increased driving safety. While designing VANET securityfeatures, it must ensure that no third party can collect private information about drivers. This paper provides a way by whichmessage authenticity is improved by combining two schemes digital signatures and attribute based cryptographic schemes.Keywords: VANET, Certification Authority, RSU, Public Key Infrastructure, Attributes.

1. INTRODUCTION

Traffic congestion on the roads is today a large problem inbig cities. Issues related to accidents, driver safety andcongestion pose a threat to not only to human life but toour environment also, other negative consequences areenergy wastage, leakage of secret information. Untilrecently road Vehicles were the realm of mechanicalengineers, but with the emergence of VANET the vehiclesare becoming “Computer on Wheels”. A modern carconsists of tens of interconnected processor, usually knownas EDR (Event Data Recorder), GPS (Global positioningsystem) a receiver, a navigator system and several radars.For vehicular communication in US the FCC has allocateda bandwidth of 75 MHz, which is referred as DSR(Dedicated short Range Communication). The self-organizing operation and unique features of Vehicularcommunication is a double edge sword i.e. a rich set oftools is offered to drivers and authorities but a [5] formidableset of abuses and attacks are also becomes possible. Hencethe security of vehicular network is indispensable becauseotherwise these systems could make antisocial and criminalbehavior easier. Due to tight coupling between applicationswith rigid requirements and the networking fabric makesthe vehicular security hard to achieve.

2. IDENTIFYING VARIOUS ATTACKS

The nature and resources of adversary [5] will largelydetermine the scope of defense needed to secure vehicularnetworks. In this section we describe the various securitythreats faced by vehicular networks. The various types ofAttacks in Vehicular communications (VC) are:

International Journal of Information Technology and Knowledge ManagementJuly-December 2010, Volume 2, No. 2, pp. 591-594

1Lecturer, RIMT Mandi Gobindgarh, Punjab, INDIA2Astt Prof., M.M. University, Mullana, Ambala, Haryana, INDIA

Email: 1ersimranpreet1@gmail.com, 2raakeshdhiman@gmail.com

a. Disruption of Network Operation or Denial ofService (DOS) Attack: In this case the main aim ofattacker is to prevent the network from carrying outsafety related function. The DOS attack, whichincludes jamming the wireless channel, thusinterrupts all communications. In Transit TrafficTampering in DOS also proves very fatal becausein this any node acts as a relay and can disruptcommunication of other nodes. It can drop orcorrupt messages.

b. ID Disclosure: This attack includes Id disclosureof other vehicles in order to track their location.This is Big Brother Scenario where global observercan monitor trajectories of targeted vehicles and usethis data for range of purpose. The attacker in thiscase is passive, it does not make use of cameras,physical pursuit or onboard tacking device touncover the identity of his target.

c. Hidden Vehicle Attacks: In this attack a vehiclebroadcasting warnings will listen for feed back fromits neighbor and stop its broadcast if it realizes thatone of its neighbors is better positioned for warningother vehicles. This reduces congestion on wirelesschannel. In the hidden vehicle attack an attackervehicle behaves like a neighbor vehicle placed at abetter position for message forwarding, thus leadingto silencing of original vehicle and making hidden,thereby introduces the false information into thenetwork.

d. Wormhole Attacks: In wireless networking thewormhole attack consist of tunneling packetsbetween two remote nodes. An attacker that controlsat least two entities remote from each other and ahigh speed communication link between them cantunnel packets broadcasted in one location to

592 SANDHYA KOHLI & RAKESH DHIMAN

another, thus introducing erroneous messages inthe destination area.

3. VARIOUS HARDWARE PROPOSED FOR VC

The successful deployment of inter vehicularcommunication requires [6] a robust and securedmechanism. Like in many areas of networking inter vehiclecommunication (IVC) is also prone to set of abuses andsecurity related attacks. The security of vehicular networksis indispensable because misbehavior in these systems couldlead to anti social and criminal tasks easier. In this step someof the hardware used in security is described.

The various components used to protect Vehicularcommunication against wide range of threats are: Event datarecorder (EDR), Tamper Proof Device (TPD), ElectronicLicense plates, vehicular PKI.

a. Event Data Recorder (EDR): EDR’s will be used invehicles to register to all parameters especiallyduring critical situations like accidents. Data storedin EDR will be used for crash reconstruction andto verify the reason for casualty. EDR also used tocollect information related to driving habits likeaverage speed and no. of driving hours.

b. Temper Proof Device (TPD): The user of secretinformation like private keys incurs the need for aTPD in each vehicle. TPD will keep the materialsafe from attackers thus decreasing the possibilityof the information leakage. Since car electronicsis vulnerable to attacks especially the data buses,which are responsible for transferring informationand control commands between the differentelectronic components of a vehicle. The TPDdevice will take care of signing and verifyingmessages so that they cannot be altered if the databuses are hacked. To provide security the TPD hasits own battery, which can be recharged from thevehicles.

c. Electronic License Plate (ELP): ELP’s are uniquecryptographically verifiable numbers that will beused as traditional license plates. The advantageof ELP’s is that they will automate the paper baseddocument checkups of vehicles. It will help indetection of stolen cars, identifying vehicles oncrossing country borders or during annual technicalcheckups. An ELP is issued by government or anElectronic chassis no. (ECN) issued by vehiclemanufacturer [1]. Since the ELP’s are the electronicequivalent of physical license plate, it should beinstalled in the vehicle by using similar procedure,which is followed by government transportationauthority at the time of vehicle registration.Anonymous keys are preloaded by transportation

authorities or the manufacturer. Moreover, ELP’sare fixed and accompany the vehicle for the longduration while anonymous keys sets have to beperiodically renewed after their lifetime expired.

d. Vehicular PKI: A PKI (Public Key Infrastructure)is typical [3], security architecture used fornetworks where the presence of online authoritiesis not always guaranteed. A Vehicular PKI is a goodchoice for enabling IVC security. In VPKI, eachvehicle is equipped with one or more private/publicKey pairs certified by certification authorities. Sothat a message sender will use the private keys togenerate digital signatures on messages that needto be certified and message receivers will havecorresponding public key to verify the validity ofmessages. Although this architecture seems veryconvenient for vehicular networks, but someproblems still exists. One of them is keydistribution, which allows message receiver toobtain the public keys of message senders. Otherproblem is certificate revocation by certificationauthority (CA), which invalidates some public/private key pairs. A third problem of PKI isincreased overhead in terms of digital signaturesizes and verification, transmission delays.

4. SECURITY MECHANISMS FOR MESSAGE AUTHENTION

a. Digital Signatures: The simplest and the most efficientmethod is to assign each vehicle a set of public/private keypair that will allow the vehicle [5] to digitally sign messagesand authenticate itself to receivers. Due to the liability issuepresent in VANET, a self-trust management approach suchas PGP (Pretty Good Privacy) is not satisfactory. Thesepublic keys should be issued and signed by a trustedauthority. The certificate issued by a authority implies theuse of PKI. Under the PKI solution each vehicle send a safetymessage, sign it with its private key and includes the CA’s(Certification Authority) Certificate as

V → *:M, SigPrK

V [M|T], Cert

V

Where V designate the sending vehicle, * represents allthe messages receivers, M is a message, | is the concatenationoperator and T is the timestamp to ensure message freshness,Cert

V is the public key certificate of vehicle. The receivers

of message extract and verify the public key of vehicle usingthe certificate and then verify the signature by using itscertified public key. If the messages send in emergencycontext then this message along with signature andcertificate should be stored in the EDR for further potentialinvestigation in the emergency.

b. Attribute based Cryptographic Schemes: Proposedsecurity solutions by using traditional public keycryptography are not very flexible [2], in providing specified

SECURE MESSAGE COMMUNICATION USING DIGITAL SIGNATURES AND ATTRIBUTE BASED CRYPTOGRAPHIC METHOD IN VANET 593

levels of privacy. Symmetric Keys solution proposed are alsonot suitable for delay sensitive vehicle-to-vehiclecommunication. So various cryptographic schemes basedon user’s attributes have been proposed. User Identities likename, email address are often used [4] to access severalinformation sources .The encryptor restricts the decryptorto indicate the identity of the decryptor. The hierarchy ofthese schemes is as follows:

4.1. Identity Based Encryption Scheme (IBE)

IBE was first proposed by Shamir in 1984, this mechanismprovides authentication, confidentiality, message integrity,non repudiation and pseudonymity. IBE scheme wasoriginally used to simplify certificate management in emailsystems. The identity based encryption scheme is specifiedby four algorithms: Setup, Extract, Encrypt, and Decrypt

Setup: It takes security parameter k and returns systemparameter with master key. The system parameters includea description of finite message space M and description offinite cipher text space C. These system parameters will bepublicly known whereas the master key will be known onlyto private key generator (PKG).

Extract: This phase takes input from systemparameters, master key and arbitrary ID and returns a privatekey d. Here ID is the arbitrary stream that will be used aspublic key and d is the corresponding private decryptionkey. So the extract phase generate private key from the givenpublic key.

Encrypt: Input parameter for this phase are systemparameters, ID, M, with these parameter it will generate thecipher text C.

Decrypt: It takes input parameters like systemparameters cipher text C and private key d and returns theoriginal message M. These algorithms must satisfy thestandard consistency constraints i.e. the private key d mustbe generated through Extract phase when it is supplied withID as the public key.

4.2. Attribute Based Encryption Scheme (ABE)

ABE has been envisioned as a promising cryptographicprimitive for realizing secure and flexible access control.In ABE [2], the encryption keys or cipher texts are labeledwith sets of descriptive attributes defined for the systemusers. In this scheme attributes act as the basic properties ofvehicles for access control and secure groupcommunications. Attributes describe the role of VANETcommunication participants. Attributes abstract entity anddata trust at a certain level and they can be used to identifya group of entities In ABE a user’s identity is composed ofset S of strings, which act as descriptive attributes for users.ABE system also leverage threshold construction where auser with identity S will be able to decrypt a message if it

has at least K attributes that overlap with a set S’ chosen byencryptor. ABE scheme is often criticized for its high schemeoverhead due to the requirement of extensive pairingoperation. ABE scheme is of two types KP-ABE and CP-ABE.

4.2.1. Key Pair Attribute Based Encryption (KP-ABE)

KP-ABE is a cryptographic primitive [1] which enables finegrained access control over sensitive data so KP-ABE wasproposed to resolve the problem of fine grained data accesscontrol in one to many communications. In KP-ABE a ciphertext is associated with a set of attributes and each user’ssecret key is embedded with an access structure, which isthe logic combination of certain set of attributes. User candecrypt a cipher text if the set of attributes are associatedwith cipher text satisfies the access structure embedded intheir secret keys. KP-ABE also provides collusion resistanceand provable security under standard difficult assumptions.There are certain issues, which impede its direct applicationin targeted broadcast system. The KP-ABE secret key isdefined over the access structure and does not have one toone correspondence with any particular users. Thus a paiduser is able to share his secret key and abuse his accessprivilege without being identifying. This is known as KeyAbuse Attack. The ideal way for defending against key abuseattacks is to technically prevent illegal users from usingothers decryption keys.

4.2.2. Cipher Text -Policy Attribute Based Encryption(CP-ABE)

In several distributed systems a user is able to access thedata if it possesses a certain set of credentials or attributes[4]. One method to enforce such policy is to employ a trustedserver to store data and mediate access control. If any serverstoring the data is compromised, then the confidentiality ofthe data will be compromised. By using CP-ABE schemeencrypted data can be kept confidential even if the storageserver is untrusted. It also secures the data against collusionattacks. In this scheme user’s private key is associated witharbitrary number of attributes expressed as strings. When aparty encrypts a message using CP-ABE system they specifythe associated access structure over attributes. User will beable to decrypt a cipher-text if user attributes pass throughcipher text’s access structure. CP-ABE scheme consist offour phases: Setup, Encryption, Key Generation, andDecryption.

5. CONCLUSION

A comparison of various attribute based cryptographicschemes for message authentication is done on the basis ofDynamicity i.e. whether the attributes are dynamic in natureor not. Computation overhead is more in case of IBE & KP-ABE schemes where as overhead incurred in case of CP-

594 SANDHYA KOHLI & RAKESH DHIMAN

ABE is minimum. Both the KP-ABE & CP-ABE schemesprovide collusion security. KP-ABE scheme suffers fromthe key abuse attack where as CP-ABE scheme do not haveany affect of this attack. So it is concluded from table 1.that CP-ABE is better technique as compared to IBE & KP-ABE.

Table 1Comparison of Various AttributeBased Cryptographic Methods

Overhead in terms of IBE KP-ABE CP-ABE

Dynamic Property Does not exist Exist Exist

Overhead caused by Yes Yes NoOperation Extensivepairing

Provides Collusion No Yes YesSecurity

Key Abuse Attack Does not exist Exist Does not exist

6. FUTURE PROSPECTS

To provide secure Vehicular Communication in both thescenarios (V2V AND V2I) digital signatures as well asattribute based cryptographic methods should be used in ahand-shaking manner to provide message authenticity. Thesecurity of group and sub group communication is basedon the private key component generated by RSU. Thecertificate based mutual authentication procedure isperformed when a vehicle enters in the coverage area ofRSU. The RSU coverage range hinders the attacker’sbehavior. In this case digital signatures provide the messageauthenticity. But to protect vehicle from Sybil attack thereis a need of attribute based cryptographic methods. These

methods prevent the adversary to generate valid signaturesfor the cipher text transmitted to other vehicles as a resultattacker will not have genuine vehicles private keys and thusattacker will be failed to impersonate another valid user.Using attribute based cryptographic methods alone does notprevent attackers from encrypting a message containing aset of attributes because both attributes and encryptingparameters are publicly known, therefore a digital signaturescheme must be incorporated with attribute basedcryptographic methods for message authentication.

REFRENCES

[1] Dan Boneh, Matthew Franklin, “Identity-Based Encryptionfrom the Weil Pairing”, in Proceedings of Crypto 2001,Volume 2139 of Lecture Notes in Computer Science, Pages213-229, Springer-Verlag, 2001.

[2] Dijiang Huang, Mayank Verma, “ASPE : Attribute-basedSecure Policy Enforcement in Vehicular Ad hoc Networks”,from Journal on Ad hoc Networks 7, 2009, 1526-1535.

[3] Kargal, F. Papadimitratos, P. Buttyan, L. Muter, M. Schoch,E. Wiedersheim, B. Ta-Vinh Thong Calandriello, G. Held,A. Kung, A. Hubaux, J. -P. Ulm Univ., Ulm “SecureVehicular Communication Systems: Implementation,Performance and Research Challenges”, IEEECommunication Magazine, 46, Issue: 11, November 2008.

[4] Keita Emura, Atsuko Miyaji and Kazumasa Omote,“A Dynamic Attribute-Based Group Signature Scheme andIts Application in Anonymous Survey for the Collection ofAttribute Statistics”, Journal of Information Processing, 17:216-231 (2009).

[5] Maxim Raya, Panos Papadimitratos, and Jean-pierreHabaux, EPFL, “Securing Vehicular Communications”,1536-1284/06, IEEE Wireless Communication, October2006.