A COMPARATIVE STUDY ON VARIOUS MESSAGE AUTHENTICATION SCHEMES IN

VEHICULAR NETWORKS1Sandhya Kohli, Department of Computer Science, RIMT, Mandi Gobindgarh

2Rakesh Kumar, Department of Information Technology, M.M. University, Mullana, Ambala3Bandan Jot Kaur, Department of Computer Science, RIMT, Mandi Gobindgarh

1 ersimranpreet1@gmail.com , 2 raakeshdhiman@gmail.com , 3 bandan_arora@yahoo.in

ABSTRACTVehicular Ad Hoc Networks (VANET) is a subclass of Mobile ad hoc networks which provides a distinguish approach for intelligent transport system (ITS).An effective and robust operations as well as security and privacy are critical for deployment of Vehicular ad hoc Networks (VANET). Efficient and easy to manage security and privacy enhancing mechanisms are essential for the wide spread adoption of the VANET technology. In this paper we have compared the various security methods and draw a conclusion that Digital signature scheme is an efficient method for message authentication.

KEYWORDS: Vehicular Networks, Digital Signatures, Pair wise Keys, Group Keys.

1. INTRODUCTIONVehicular communication plays a central role to create safer and more efficient driving conditions. IVC provides variety of applications for safety, improving traffic efficiency, driver assistance & infotainment. To enhance the safety & efficiency of transportation system vehicles and roadside infrastructure units (RSU’s) i.e. network nodes will be equipped with onboard processing & wireless communication modules. Various safety related applications supported by Vehicular networks are: - 1. Safety related applications e.g early warning messages, 2.Best effort applications e.g. Infotainment, traffic optimization, 3. Secure transactions e.g. toll collection. Mostly the critical messages in VANET are broadcast oriented and should be delivered in short time. These messages must be secure and should not leak personnel, identifying or linkable information to unauthorized parties. The inherent characteristics of VANET like relatively uncontrolled operational environment ([1], [2]) the high mobility of the nodes and the wireless medium make them a suitable target for abuse and introduce a number of security challenges to the research community. A number of passive and active attacks against the vehicular nodes and the infrastructure has been pointed out .The self organizing operation and unique features of Vehicular communication [3] are a double edge sword: a rich set of tools are offered to drivers and authorities but a formidable set of abuses and attacks becomes possible. Hence the security of vehicular

network is indispensable because otherwise these systems could make antisocial and criminal behavior easier. Due to tight coupling between applications with rigid requirement s and the networking fabric makes the vehicular security hard to achieve. The paper is organized in the following ways: In Section 2 we present the Security Needs. In Section 3 we describe the Attacks on Vehicular Networks .In Section 4 we describe Security Architecture. In Section 5 we compare the various security methods and draw the conclusion table and In Section 6 we present the Open research areas in VANET Security.

2. SECURITY NEEDS A Comprehensive set of security mechanism s integrated into the VC system is critical for their deployment. Otherwise, the efficiency of the transportation system and the physical safety of the driver will be jeopardized. Depending on the applications the various security mechanisms proposed for VC should assure some or all the following properties:-Authentication: - The system must assure that the messages generated by trusted source. Vehicles reaction to events should base on legitimate messages. Therefore we need to authenticate the sender of these messages.Data Consistency: -The legitimacy of messages also encompasses their consistency with similar ones, because sometimes the sender can be legitimate while message contains the false data. This is also known as plausibility.Location Accuracy: -is very crucial security requirement, this is due to the fact that accuracy of any information on accidents and other traffic conditions depends on location accuracy.Availability: -Some attacks like DOS attacks are very severe that they bring down the network. So availability should be supported by alternative means.Real Time Constraints:- Due to dynamic speed in Vehicular networks , strict time constraints should be respected.

3. ATTACKS ON VEHICULAR NETWORKS The nature and resources of adversary [4] will largely determine the scope of defense needed to secure vehicular networks. In this section we describe the various security threats faced by vehicular networks we categorize the attacks on the bases of types of attacker and then on types of attacks.

3.1 Types of Attackers: - a. Insider/Outsider: - Insider attacker is the authenticated member of the network having a certified public key. Outsider is considered as the intruder in the network. An Insider attacker is much more harmful than outsider, as he is aware of all the public and associated private keys. b. Malicious/Rational: - Malicious attacker deliberately attempts to cause harm. He seeks no personnel benefits from the attack and aims to harm the members of network or network functionality. Rational attacker seeks personnel benefits from the attack and thus his attack is more predictable in terms of target, causalities and profit. c. Pranksters: - Pranksters include bored teenagers probing for vulnerabilities and hackers seeking fame through their exploits. d. Local or Extended: - An attacker can have limited scope even if he controls several entities. An extended attacker controls several entities scattered across network thus extending his scope. 3.2 Types of Attacks: - In this paper we categorize the types of attacks into two categories 3.2.1. Basic Attacks 3.2.2 Sophisticated Attacks.3.2.1 Basic Attacks: - consist of following: -Bogus Information Attack:- In this case attacker diffused the false information in the network to affect the behavior of other driver for e.g. attacker wants to divert the entire traffic to specific location just to make the path clear for his unauthorized activities. Disruption of Network Operation or Denial of Service (DOS) Attack: - In this attack the aim is to prevent the network from carrying out safety related function. There are many ways to perform this attack like Jamming in transit traffic tampering. In jamming the attackers deliberately generates interfacing transmissions that prevent communication within the reception ranges. The DOS attack, which includes jamming the wireless channel, thus interrupts all communications. In Transit Traffic Tampering in DOS also proves very fatal because in this any node acts as a relay and can disrupt communication of other nodes. It can drop or corrupt messages. Cheating With Sensor Info (Identity, Speed or Positioning info):- In this type of attack an attacker can alter their perceived position, speed, direction etc. In order to escape liability especially in case of accidents. Some time the attacker alters the security material stored in tamper proof hardware thus making his clone.ID Disclosure: - Id disclosure of other vehicles in order to track their location. This is Big Brother Scenario where global observer can monitor trajectories of targeted vehicles and use this data for range of purpose. To monitor the global observer on leverage on the roadside infrastructure or the vehicle around its target. . The attacker in this case is passive, it does not make use of cameras, physical pursuit or onboard tacking device to uncover the identity of his target. Masquerading: - Attacker actively pretends to be another vehicle by using false identities and can have rational or malicious objectives.3.2.2 Sophisticated attacks: - consists of followingHidden Vehicle: In this attack a vehicle broadcasting warnings will listen for feed back from its neighbor and stop

its broadcast if it realizes that one of its neighbors is better position for warning other vehicles. This reduces congestion on wireless channel. In the hidden vehicle attack an attacker vehicle behaves like a neighbor vehicle placed at a better position for message forwarding, thus leading to silencing of original vehicle and making hidden, thereby introduces the false information into the network. Tunnel: - Since GPS signals disappears in the tunnel, attacker may exploit [4], this temporary loss of positioning information to inject false in data once the vehicle leaves the tunnel and before it reaches and authentic position. The physical tunnel can also be replaced by jammed area by the attackers; it will also result in same effects. Wormhole: - In wireless networking the wormhole attack consist of tunneling packets between two remote nodes. An attacker that controls at least two entities remote from each other and a high speed communication link between them can tunnel packets broadcasted in one location to another, thus introducing erroneous messages in the destination area.Bush Telegraph: -This also like bogus information attack, the difference is that in this case the attacker controls several entities spread over several wireless hops. This attack adds incremental errors to the information at each hop. 4. SECURITY ARCHITECTURE: VANET’s are typically hybrid networks [5] i.e. communication takes place between two or more vehicles in ad-hoc environment (Vehicle to Vehicle-V2V) and between vehicles and roadside infrastructure (Vehicle to infrastructure- V2I). These vehicles have sufficient power and computational/ Storage resources required to run cryptographic mechanism and to record history of emergency events and messages. The various components used to protect Vehicular communication against wide range of threats are: Event data recorder (EDR), Tamper proof device (TPD), Electronic License plates, vehicular PKI, Digital signatures.Event Data Recorder (EDR): EDR’s will be used in vehicles to register to all parameters especially during critical situations like accidents. Data stored in EDR will be used for crash reconstruction and to verify the reason for casualty. EDR also used to collect information related to driving habits like average speed and no. of driving hours.Temper Proof Device (TPD): The user of secret information like private keys incurs the need for a TPD in each vehicle. TPD will keep the material safe from attackers thus decreasing the possibility the information of leakage. Since car electronics is vulnerable to attacks especially the data buses, which are responsible for transferring information and control commands between the different electronic components of a vehicle. The TPD device will take care of signing and verifying messages so that they cannot be altered if the data buses are hacked. To provide security the TPD has its own battery, which can be recharged from the vehicles.Electronic License Plate (ELP): ELP’s are unique cryptographically verifiable numbers that will be used as traditional license plates. The advantage of ELP’s is that they will automate the paper based document checkups of vehicles. It will help in detection of stolen cars [2], identifying vehicles

on crossing country borders or during annual technical checkups. An ELP is issued by government or an Electronic chassis no. (ECN) issued by vehicle manufacturer [4]. Since the ELP’s the electronic equivalent of physical license plate, it should be installed in the vehicle by using similar procedure, which is followed by government transportation authority at the time of vehicle registration. Anonymous keys are preloaded by transportation authorities or the manufacturer. Moreover, ELP’s are fixed and accompany the vehicle for the long duration while anonymous keys sets have to be periodically renewed after their lifetime expired. Both the ELP’s and anonymous keys should be preloaded in each vehicle with certification authorities (CA) public key. Vehicular PKI: A PKI (Public Key Infrastructure) is typical [2], security architecture used for networks where the presence of online authorities is not always guaranteed. A Vehicular PKI is a good choice for enabling IVC security. In VPKI, each vehicle is equipped with one or more private/public Key payers certified by certification authorities. So that a message sender will use the private keys to generate digital signatures on messages that need to be certified and message receivers will have corresponding public key to verify the validity of messages. Although this architecture seems very convenient for vehicular networks, but some problems still exists. One of them is key distribution, which allows message receiver to obtain the public keys of message senders. Other problem is certificate revocation by CA, which invalidates some public/private key payers. A third problem of PKI is increased overhead in terms of digital signature sizes and verification, transmission delays. Assuming the key structure certified by certain CA, a certificate Certv[PuKi] of the ith anonymous key PuKi of the vehicle should include the following PKICertv[PuKi] = PuKi |SigPrKCA[PuKi |IDCA]Where PrKCA is a CA’s private key and IDCA is the unique ID of CA.Digital Signatures: The simplest and the most efficient method is to assign each vehicle a set of public/private key pair that will allow the vehicle to digitally sign messages and authenticate itself to receivers. Due to the liability issue present in VANET, a self-trust management approach such as PGP (Pretty Good Privacy) is not satisfactory. These public keys should be issued and signed by a trusted authority. The certificate issued by a authority implies the use of PKI. Under the PKI solution each vehicle send a safety message, sign it with its private key and includes the CA’s (Certification Authority) Certificate as V→*:M, SigPrKV [M|T],CertV

Where V designate the sending vehicle, * represents all the messages receivers, M is a message, | is the concatenation operator and T is the timestamp of ensure message freshness, CertV is the public key certificate of vehicle. The receivers of message extract and verify the public key of vehicle using the certificate and then verify the signature by using its certified public key. If the messages send in emergency context then this message along with signature and certificate should be

sold in the EDR for further potential investigation in the emergency.Pair wise Keys: If we assume that each vehicle will broadcast its encryption certificate, when it detects [5], a new neighbor. Vehicles V and V* establish a symmetric secret key K as following: One of the vehicle V* chooses a random key K appends a timestamp T* and sign the message with its private signature key SKs

v*. It then sends the result to V, encrypted with its public encryption key PKe

v. V decrypts the message, verifies the signature to obtain the session key K, then conforms the receipt of session key by signing and acknowledgement with its signature SKs

v, appends its certificate CERTs

v and return the result encrypted with session key K. The following messages must be sent by using pair wise keys:V→* : CERTs

e,

V→V : {SIGSKS

V*(K||T*),CERT SV*}PKeV

V→V* : [SIGSKS

V(K||T),CERT SV]K,

Group Keys: In this case a group leader vehicle L will be periodically broadcast its encryption certificate. All other vehicles of the group return their encryption certificates CERTe

Vi, encrypted with public key of group leader, PKeL

who chooses a group session key K, sign it with its private signature key SKL and transmit this privately to group members. L→* : CERTe

l,

Vi→L : {CERTeVi}PKe

L

L→Vi : {SIGSKLS

V(K||T),CERT SL] PKe

Vi,Where PKe

Vi is the public encryption key of vehicle VI and T is time stamp.

5. COCLUSION: We compare the performance of different authentication mechanism discuss in the paper like digital signatures, pair wise keys and group keys. If we use the digital signature method on following messages format: V→*:M, SigPrKV [M|T],CertV then the size of the overhead is the same for each message and is equal to 56+84=140 bytes/vehicle* message. If we used pair wise keys as authentication for following message format:A→B:{B|K|T}PuKB, SigPrKA [B|K|T]then total overhead to send one message is (56/M+28)(N-1) bytes/V* message. The total number of messages is M*(N-1)/Vehicle. If we used group key as authentication method for following message format L→*:HA,{K}PuKA,HB,{K} PuKB,HC,{K} PuKC,SigPrKL

the total overhead is 56/M+28+140/10+336/10=56/M+75.6 bytes/vehicle*message. The total number of message is M+(M*1/10+M*3/10)/N=M(1+0.4/N)/vehicle.

Overhead in terms of

Digital Signature

Pair Wise Keys Group Keys

Cost Low High HighBandwidth consumption

Saved Wasted Wasted

Complexity in transmission

More Less Less

Table A

Figure 1:Comparison of various authentication schemes So by comparing the overhead of these three authentication approach, we notice that pair-wise keys result in bigger overhead then digital signatures when there are few vehicles, group keys save 54% of message overhead, but group key establishment and membership updation require more messages than digital signature approach. So we conclude that digital signature is an efficient method for authentication as it saves the bandwidth consumption but it requires more complex implementation for group protocols.6. Open Research issues: Identity authentication vs Message Authentication: Most security mechanism proposed for vehicular networks focus on authentication of the identity of sending On Board Unit (OBU), rather than correctness of data. Identification of the OBU that sends a message is unnecessary in vehicular networks; more important task in VANET is detection & correction of malicious data, which is enforced into the network by insider attacker. An Efficient scheme is required to develop to identify the data from a malicious car & then discard it Balance Anonymity and Accountability: To ensure accountability all messages need to be uniquely signed, signature allows the tracing of true identity of signer. However unconditional anonymity may be abused, undesirable uses of anonymity includes sending bogus information, denial of service attacks and spam.Efficiency of Cryptography algorithms: Efficiency is a major concern in VANET and requires real time transmission of data; most security mechanisms proposed earlier will result in significant overhead. The security services like confidentiality, authenticity and integrity are often provided by cryptographic mechanisms like secret key algorithm and public key algorithms. So the need is to reduce this overhead from security system

REFRENCES [1] Maxim Raya,Panos Papadimitratos, and jean-pierre

Habaux,EPFL ,”Securing Vehicular Communications”, 1536-1284/06, IEEE wireless Communication , October 2006.

[2] Maxim Raya , EPFL Jean-pierre Hubaux, EPFL ,” Security Aspects Of Inter –Vehicle Communications”, Conference paper STRC 2005 , 5th

Swiss transport Research Conference , Monte Veritia/Ascona , March 9-11 2005.

[3] Maxim Raya and Jean-Pierre Hubaux “Securing vehicular ad hoc networks”, Journal of Computer security, IOS Press Amsterdam, The Netherlands, Volume 15, Issue 1(January 2007), pages 39-68

[4] Maxim Raya and Jean –Pierre Hubaux, “ The Security of Vehicular Ad-Hoc Networks “, Laboratory of Computer Communication and applications (LCA) School of computer communication sciences , SASN’05 , November 7,2005

[5] Kargal, F. Papadimitratos, P. Buttyan, L. Muter, M. Schoch, E. Wiedersheim, B. Ta-Vinh Thong Calandriello, G. Held, A. Kung, A. Hubaux, J. -P. Ulm Univ., Ulm “Secure Vehicular Communication Systems: Implementation, Performance and Research Challenges”, IEEE Communication Magazine, Vol. 46 issue: 11, November 2008

[6] P.papadimitratos et al, “Secure Vehicular Communications: Design Architecture” IEEE Communication Magazine Nov 2008.

[7] SeVeCom, “Secure Vehicular Communications: Security Architecture and Mechanisms for V2V/V2I, Deliverable 2.1,” 2007-2008; http://www.sevecom.org

[8] T. Leinmuller, “Car2X Communication-Challenges, standardization and Implementation in Europe and in the Us,”2007

[9] S.Batkir et al, “A state of the Art Elliptic Curve Cryptographic Processor Operating in the Frequency Domain”, Mobile Networks and Apps. J. Vol 12 no 4,2007, pp 259-70

[10] Nasser Mozayani,Maryam Barzegar,Hoda Madani, “Strategies for Securing Safety Messages with Fixed Key Infrastructure in Vehicular Network”, World Academy of Science, Engineering & Technology, 48 2008.

[11] P. Ning, A. Liu, and W. Du. Mitigating DoS attacks against broadcast authentication in wireless sensor networks. ACM Transactions on Sensor Networks (TOSN), 2007.

[12] I. Doh, K. Chae, H. Kim, and K. Chung,\Security Enhancement Mechanism for Ad-Hoc OLSR Protocol," in ICOIN, 2006, pp. 317{326.

[13] S. Sivagurunathan, P. Subathra , V. Mohan, N. Ramaraj , “Authentic Vehicular Environment Using a Cluster Based Key Management”, European Journal of Scientific Research ISSN 1450-216X Vol.36 No.2 (2009), pp.299-307

[14] Emanuel Fonseca, Andreas Festag, 2006, “ A Survey of Existing Approaches for Secure Ad Hoc Routing and Their Applicability to VANETS”, NEC Technical Report NLE-PR-2006-19,NEC Network Laboratories.

[15] Charalampos Konstantopoulos, Damianos Gavalas,Grammati Pantziou, 2008, “Clustering in mobile ad hoc networks through neighborhood stability-based mobility prediction”, Elsevier

[16] Giorgio Calandriello, Panos Papadimitratos, Jean-Pierre Hubaux, Antonio Lioy, “Efficient and Robust Pseudonymous Authentication in VANET”, VANET’07, September 10, 2007, Montréal, Québec, Canada. Copyright 2007 ACM 978-1-59593-739-1/07/0009

[17] F. Armknecht, A. Festag, D. Westho., and K. Zeng. Cross-layer privacy enhancement and non-repudiation in vehicular communication. In WMAN 2007, Bern, March 2007.

[18] IEEE1609.2. IEEE trial-use standard for wireless access in vehicular environments - security services for applications and management messages, July 2006.

[19] J. Guo, J.P. Baugh, and S. Wang, “ A Group Signature Based Secure and

[20] Privacy-Preserving Vehicular Communication Framework”, Proceedings of the Mobile Networking for Vehicular Environments (MOVE) workshop in conjunction with IEEE INFOCOM, May 2007.

[21] Christine Laurendeau and Michel Barbeau, “Secure Anonymous Broadcasting in Vehicular Networks”, Proceedings of the 32nd IEEE Conference on Local Computer Networks (LCN), October 2007

[22] Anjum F, Mouchtaris P, “Security For Wireless Ad Hoc Networks”, Wiley-Interscience Publishing, chapter 8, IEEE 2007.

[23] S. Rahman and U. Hengartner, “Secure crash reporting in vehicular ad hoc networks” in Third International Conference on Security and Privacy in Communication Networks (SecureComm 2007). New York, NY, USA: To appear, 2007.

[24] P. Cencioni and R. Di Pietro, ìVipe: “A vehicle-to-infrastructure communication privacy enforcement protocol,” IEEE Internatonal Conference on Mobile Adhoc and Sensor Systems, 2007. MASS 2007, pp. 1-6, 8-11 Oct. 2007.

[25] M. Raya, A. Aziz, and J.P. Hubaux, “Efficient secure aggregation in vanets” in VANET '06: Proceedings of the 3rd international workshop

on Vehicular ad hoc networks. New York, NY, USA: ACM, 2006, pp. 67-75.