07-01-2013, 04:23 PM
SeDyA: Secure Dynamic Aggregation in VANETs1
Secure Dynamic Aggregation.pdf (Size: 1.56 MB / Downloads: 25)
Abstract
In Vehicular Ad-hoc Networks (VANETs), the ultimate goal is to let vehicles communicate by exchanging
messages through wireless networks to provide safety, trac eciency and entertainment applications. Aggregation
of information in these messages contributes to this goal by reducing the bandwidth requirements
that prevent applications from disseminating messages over a large area. Aggregation will allow applications
to exchange high quality summaries of the current status in a specic region, rather than forwarding all
individual status messages from this region, increasing the available information for all vehicles.
Most existing work on aggregation in VANETs has neglected to consider security, not providing any
guarantees on the data that is collected. Security for aggregates is important because they may be used
by other cars for decisions about routing, as well as trac statistics that may be used in political decisions
concerning road safety and availability. The most important challenge for security is that aggregation
removes redundancy and the option to directly verify signatures on messages, because multiple messages are
merged into one. The few works that discuss secure aggregation are limited because they require roads to
be segmented into small regions, beyond which aggregation cannot be performed. The main contribution
of this thesis is the introduction of SeDyA, a scheme that allows more dynamic aggregation compared to
existing work, while also providing stronger security guarantees for the receiving vehicles.
Introduction
In recent years, much work has been performed by industry and academia alike to develop Vehicular Ad-hoc
Networks (VANETs) to improve safety on the road, as well as introducing information and entertainment
applications. A VANET is created by equipping vehicles with an on-board unit (OBU) that is capable of
wireless communication, typically using IEEE 802.11p, developed specically for VANETs. In addition to
communication between OBUs, some VANET research envisions the availability of road-side units (RSUs),
although in the early phases of VANETs these are expected to be sporadic. RSUs will also use IEEE
802.11p, but will typically also be connected to a backend, and will provide access to the Internet, contact
with certicate authorities and the possibility to distribute updates for applications. The greatest challenges
of VANETs compared to other types of Ad-hoc Networks include the highly dynamic network conditions,
bandwidth constraints and the large amount of vehicles.
For VANETs, security is of essential importance, as attacks on vehicular networks can easily lead to safety
risks, in addition to typical security concerns. This gives rise to some types of VANET-specic attacks,
including dissemination of false information, large scale privacy violation through tracking and position
spoong. Aside from these attacks, VANETs also pose an additional challenge to security research through
its bandwidth and time constraints, requiring novel ideas to provide small signatures, small certicates and
ecient signature verication.
Currently, the rst VANET protocols are undergoing standardization, including security mechanisms to
protect them. The rst deployments in real world scenarios are forseen in 3 to 5 years. One of the rst of these
protocols, for which standardization is nearing completion, is the periodic beaconing service. This protocol
denes the basis for many other protocols, as it requires every vehicle to periodically transmit a beacon
message to announce its presence, typically with a frequency of 10 Hz. Beacons are strictly single-hop, but
will enable many essential safety applications, including brake warnings, collision avoidance and cooperative
adaptive cruise control [9,17]. The integrity of the beacon messages, as well as other messages transmitted by
the network, will be protected by cryptographic signatures. For these signatures, it is commonly assumed that
a public key infrastructure (PKI) specically designed for VANETs will exist. Since these beacon messages
typically include location and speed information, VANETs also raise privacy concerns, especially when one
considers a typical X.509-style PKI, where a public key is linked to a person or device. To address this issue,
but still satisfy the integrity requirements, pseudonym schemes have been proposed, which in essence provide
a vehicle with multiple identities (and thus multiple keys) to use. However, for some applications, such as
cooperative adaptive cruise control, it is necessary to link sequences of messages from the same vehicle, to
estimate its trajectory. The exchange between dierent identities and the trade-o between the provided
privacy, security and functionality is an active area of research [10, 24].
Problem Statement
This chapter provides an overview of the issues that the scheme from Chapter 4 aims to solve, as well as a
discussion of the assumptions on network conditions and the attacker model. Section 2.1 discusses the latter,
while Section 2.2 provides a high level overview of the challenges involved. The assumptions in this chapter
are similar to those of related work, which is discussed in Chapter 3; the dierences are discussed. Finally,
Section 2.3 will conclude with some requirements for VANET aggregation.
Models
This thesis will use assumptions similar to those in the state of the art; these assumptions are made explicit
in this section. The dierences with assumptions in related work are discussed and motivated. Specically,
some of the assumptions can be considered unrealistic and are thus adapted to a more general setting for this
thesis. Finally, note that dierent requirements and use cases for aggregation exist; the aggregation model
will make explicit what is assumed for this thesis. However, rst the network and attacker models will be
discussed, rst in a general VANET setting and then indicating the specic challenging for aggregation.
Network model
Current literature assumes a VANET will have a typical communication range of about 300 meters [45],
with up to 1000 meters under optimal conditions [1]. It should be possible for the VANET to improve safety
and provide services even when relatively few vehicles are equipped with wireless technology, as this will
facilitate introduction of VANETs into the real world [25]. The network is very dynamic; most communication
is expected to occur over single-hop broadcast, as there is no guarantee that sequences of more than one
message can be exchanged between two vehicles. For this reason, clustering and other schemes that require
knowledge of the network topology, as is common in sensor networks, are typically avoided, although sensor
networks are an important source of inspiration for many VANET protocols.
There are several existing ways to dissiminate information in VANETs, each more appropriate for certain
types of applications [43]; the most important three are beaconing, geobroadcast and (in-network)
aggregation.