Privacy Aspect in

workablejeansMobile - Wireless

Nov 21, 2013 (3 years and 11 months ago)

94 views

Privacy Aspect in
Vehicular Ad
-
hoc
Network (VANET)

By:

Daniel BRAVO

Ge WANG

Hendrik

Yue LI



direction ou services

page
1

Outline


Context


Introduction to smart
vehicles


Introduction to VANET


Paper

1
:

A

Secure

Anonymous

Key

Mechanism

For

Privacy

Protection

in

VANET


Paper

2
:

Secure

Communication

Scheme

of

VANET

with

Privacy

Preserving


Paper

3
:

Secure

Privacy

and

Distributed

Group

Authentication

for

VANET


General conclusions



Research Seminar

direction ou services

Context


Present

methods

to

protect/preserve

the

privacy

of

smart

vehicle

users

page
2

direction ou services

Introduction to Smart Vehicle


Smart vehicle requirements


1. Recording



2. Processing


3. Positioning


4. Location


5. Wireless security protocols

page
3

direction ou services





Introduction to Smart Vehicle


Electronic license plates



-

Periodically

broadcast

a

beacon

containing

its

e
-
license


plate,

road

position,

clock

and

current

speed


-

Listen

to

the

environment

and

register

the

beacon

it

hears



Solution to protect privacy:


-

Using pseudonym


-

Change over time


-

Disclosal only to regional/national authority




page
4

direction ou services

page
5

Introduction to VANET


Vehicular Ad hoc network (VANET)


A mobile network
created

by
using

the
moving

cars as
nodes



Employs wireless communication networks to facilitate
vehicles to communicate


Vehicles periodically broadcast safety messages



Problems


Track the vehicle location and collect

private
information


Determine user behavior from the collected information


direction ou services

Introduction to VANET


Privacy

related

properties
:


-

Anonymity
:



The sent message
cannot

reveal

the
sender’s

identity


-

Unlinkability
:



A
specific

user
cannot

be

linked

to the
received

message


-

Traceability
:


The real
identity

of a
broadcast

message
can

be

recovered

by
a
trusted

third

party





page
6

direction ou services

page
7

A Secure Anonymous Key Mechanism For
Privacy Protection in VANET


By:

Yue LI

direction ou services

The problem of personal privacy


With the fixed identity, driver’s location, speed,
direction and travel route can be easily found.
Even the driver’s behavior can be revealed, too.


Governmental authority can issue and manage the
anonymous identities, but if there is only one
organization do these things, the inside attack is
hard to prevent.


The anonymity has to be traceable by the Law
Enforcement Authority (LEA).

direction ou services

Secure Anonymous Key Mechanism

Main characteristics:


The proposed scheme
satisfies the basic
security requirements

by using anonymous
identities


The operation procedures are secure and the
architecture
can avoid the inside attack


The anonymity
can be traced by LEA

when
necessary


The aim:


For each driver can use
the anonymous identity
AID

&
an anonymous key pair AKS

to exchange
the information

direction ou services

System Initiation Mechanism

Fig.1.System initiation mechanism

Generate the
public keys for
other members

Generate

the private
keys by
themselves

KGC

is a trusted third party

MVO

is a local vehicle management
authority

LEA

such as polices

SP

can provide

the services to

the drivers

direction ou services

Anonymous Key Pair Application
Mechanism (1/3)

Fig.2.Anonymous Key Pair application mechanism
: application phase

r1
:
a secret key only knew by
the vehicle’s & MVO

r2
:
a secret key only knew by
the vehicle’s & KGC

LA
:
a vehicle that can prove
the vehicle’s real identity

ELP
: a vehicle electronic license
plate

RID
: Any one of the applicant’s
real identities

RIN
: A number to record which
real identity is the HMAC key.

AC
: Area code of the MVO



signature

encrypt

direction ou services

Anonymous Key Pair Application
Mechanism (2/3)

Fig.
3
.Anonymous Key Pair application mechanism
: key generating phase

KGC decrypts E2 &
verifies the signature
SMAC

UID

Generates the anonymous identity
AID

KGC can generate an anonymous
key pair
AKS

unique check value

KGC makes a
signature and encrypts
m2

direction ou services

Anonymous Key Pair Application
Mechanism (3/3)

Fig.
4
.Anonymous Key Pair application mechanism
: application finish phase

MVO decrypts E3 &
verifies the signature

MVO makes a
signature and
encrypts m3

Vehicle decrypts E4 & checks
the signature and timestamps

direction ou services

Information stored in MVO & KGC

In the MVO, it stores:



Applicant’s real identity


Related information


ELP


RIN


AC


In the KGC, it stores:



EMAC


IBE(AC||RIN)


A set of anonymous
identity AID


Correspondent
anonymous key pair set
AKS

direction ou services

Anonymity Trace Mechanism (1/2)

Fig.5.Anonymity trace mechanism
: EMAC obtainment phase

LEA
signs &
encrypts

AID

KGC
signs &
encrypts

direction ou services

Anonymity Trace Mechanism (2/2)

Fig.
6
.Anonymity trace mechanism
: anonymity tracing phase

LEA decrypts
E6 & verifies
the signature

LEA signs &
encrypts

MVO decrypts
E7 & verifies
the signature

1. MVO finds a group of targets that
records the same
RIN
in target area
AC
.

2. Then, the MVO calculates
HMAC(ELP) and compares

3. MVO sends ELP back to LEA secretly


LEA gets
the real
information

direction ou services

Security Analysis

This mechanism can



Make anonymity with unforgeability


Apply authentication and non
-
repudiation


Apply confidentiality


Against the insider attack


Against the replay attack


Provide the allowed traceability

direction ou services

page
18

Secure Communication Scheme of VANET
with Privacy Preserving


By:

Daniel BRAVO

direction ou services

Main Characteristics


Anonymity based on a self
-
generated pseudonym



Pseudonyms and key
-
pairs are per message



Pseudonyms are not stored in vehicles



Requires central unit: Authentication Server



Based on Elliptic Curve Discrete Logarithm
Problem (ECDLP) and Weil pairing

page
19

direction ou services

Components


Vehicle


Send anonymous messages over the network



Authorization Server


Gives / revokes authorization to send messages



Retrieves real identity of a vehicle that sends
malicious messages


page
20

direction ou services

Architecture

page
21


MK
AS


C
AS


List ID
V

and SK
V


List of
revokated

SK
V



C
AS


SK
V

and ID
V


pseudonym
.
PR
V

and PU
V


(List of
revokated

SK
V
)


MK
AS
: Secret
key AS


C
AS
: Certificate


SK
V
: Secret key
vehicle


ID
V
: real ID of
the vehicle

direction ou services

Registration Phase

page
22

SK
V

= MK
AS
-
1

H
0
(ID
V
)

(ID
V
,

H
0
(ID
V
))

direction ou services

Broadcasting phase

page
23

1.
Generating

of a
random

number

r and a
private

key

PR
V


2.
Computing

of
pseudonym

α

and PU
V


3.
Computing

of the signature
(L,
σ
)


4.
Computing

of the
verification

parameter

S
from

r and SK
V


5.
Sending

of


{
α
|M| (L,
σ
)| PU
V
|
ts
V
|S}

direction ou services

Message Authentication phase

page
24

1.
Check
validity

of
ts
V


2.
(
Verify

if the
pseudonym

is

revoked

or not:


2.1
downloading

revokation

list


2.2
computing

β
=P
α


2.3

checking

if
e(
α
,S
)=e(
SK
i
,

β
))


3.
Checks

the
validity

of a
pseudonym

and the
integrity

of the message


direction ou services

Online Secret Key renewal phase

page
25

1.
Vehicle

sends

renewing

key

request

E
PU
AS

(ID
V
,
H
0

(ID
V
))


2.
AS
decrypts

to
get

ID
V

and
checks

its

validity


3.
AS
computes

the new
SK’
V

and
sends

it

as
E
ε
(SK’
V
) to the
vehicle

direction ou services

Recovering Identity phase

page
26

1.
Given

{
α
|M| (L,
σ
)|
PU
V
|
ts
V
|S},
compute

δ

= e(
α
, MK
AS
.S)


2.
Compute

β
=P
α


3.
Looks for H
0
(ID
V
)
such

that

e(
H
0
(ID
V
)
,
β
) =
δ


4.
Retrieves

ID
V
from

the
list

of (ID
V
,

H
0
(ID
V
))



direction ou services

Security Analysis


Authentication (based on ECDLP)


Anonymity


Unlinkability


Traceability


Integrity


Non


Repudiation


Revoking vehicle


Resisting Replay Attack (because of the ts)

page
27

direction ou services

Secure Privacy and Distributed Group
Authentication for VANET


By:

Ge WANG

page
28

direction ou services

Design of gap protocol


System Architecture



TA

-
Generates the digital certificates

-
Distributes them back to RSUs

-
Revokes certificate of malicious
vehicle

-
Adds the ID in its black list

-
Broadcasts the black list to all
RSUs


page
29

direction ou services

Design of gap protocol



RSUs

-
Issue the pseudonyms to the
vehicles

-
Maintain certificate revocation
list (CRL) and black list

-
Act as relay Nodes between TA
and vehicles



Vehicle

-
Obtains a pseudonym from
RSU

-
Broadcast the safety messages
anonymously


page
30

direction ou services

Design of gap protocol


Security Requirements of GAP protocol



Message integrity and authentication

-
A vehicle should be able to verify that a message is indeed
sent and signed by another vehicle without being modified


Identity privacy preserving

-
The real identity of a vehicle should be kept anonymous from
other vehicles


Traceability and revocability

-
If necessary, TA should have the ability to obtain a vehicle’s
real ID and to revoke it


page
31

direction ou services

Gap protocol


Certificate management:


TA performs certificate generation, distribution and
revocation

1.
When a vehicle needs a certificate from TA, it sends
its request through RSU

2.
RSU consolidates such requests from vehicles and
sends them to TA

-
The consolidated request message takes the form


M={VIDs, RID, N}


VIDs : set of vehicle IDs


RID : ID of requesting RSU


N : number of requests that are packed within the message

page
32

direction ou services

Gap protocol


Certificate management:


3.
TA generates certificates for all the requesting
vehicles


4.
RSU distributes certificates individually to vehicles


If the vehicle has moved out of its range, the RSU forwards
the certificate to its neighboring RSU

page
33

direction ou services

Gap protocol


Pseudonym Generation and Distribution:


RSU identifies a group of on
-
the
-
fly vehicles within its
communication range

1.
Periodically broadcasts its public key to this group

2.
The vehicle uses this key for signing the request
message

3.
RSU uses its private key for verifying the signature

4.
For each vehicle, RSU maps the original identity with
the generated pseudonym using pseudonym link
table (PLT)

5.
PLT is used for tracking the vehicle by TA

page
34

direction ou services

Gap protocol


Group Signing:


1.
A vehicle broadcasts the safety message to the
members of the group by using the pseudonym

2.
The message contains its pseudonym, payload
and lifetime T

-
Lifetime T represents the expiry duration of the safety
message

page
35

direction ou services

Gap protocol


Identity Tracing:



Adversary vehicles present in VANETs originate
fake safety messages to falsify the traffic messages
intentionally



TA discloses the identity of the vehicle

-

Put that vehicle’s ID into the adversary list

-

Forwards the list to all RSU’s.


page
36

direction ou services



Conclusion



GAP uses session based pseudonym to support
anonymous communication



Enables the vehicles to verify a large number of
messages in the case of high vehicular density



Trusted third party (TA) has the complete control of
tracing the vehicles both benign and misbehaving
vehicles


page
37

direction ou services

page
38

General Conclusions


User privacy is an important aspect which needs to
be considered in a VANET



Privacy is like a double
-
edged sword