1 covert communication based privacy preservation in mobile vehicular networks rasheed hussain*,...
TRANSCRIPT
![Page 1: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/1.jpg)
1
Covert Communication based Privacy Preservation in
Mobile Vehicular Networks
Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**, and Heekuck Oh***
*Department of Computer Science, Innopolis University, Kazan, Russia** Department of Mathematics and Physics, North Carolina Central University, Durham, NC, USA
***Department of Computer Science and Engineering, Hanyang University, South Korea
![Page 2: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/2.jpg)
22
Agenda
• Introduction• Problem Statement• Covert Communication-based Privacy Preservation
– Protocol Outline– Covert Communication– Proposed Covert-based Scheme
• Quantitative Evaluation• Conclusions and Future Work
![Page 3: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/3.jpg)
33
Introduction
• Vehicular Ad hoc NETwork (VANET)– Vehicle-to vehicle (V2V) and vehicle-to-infrastructure
(V2I) communication paradigms– Driving safety-related and the other applications– IEEE 802.11p standard mandates broadcasting
beacon messages in the order of milliseconds
![Page 4: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/4.jpg)
44
Agenda
• Introduction• Problem Statement• Covert Communication-based Privacy Preservation
– Protocol Outline– Covert Communication– Proposed Covert-based Scheme
• Quantitative Evaluation• Conclusions and Future Work
![Page 5: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/5.jpg)
5
Problem Statement
• Privacy is of prime concern in VANET
• Current solutions include:– Mix Zones, silent periods– Identityless schemes– Multiple pseudonyms (mostly used)
• However, even multiple pseudonyms do not necessarily preserve the privacy– Statistically, possible to link multiple pseudonyms to one entity [1]
[1]. Wiedersheim et al. “Privacy in inter-vehicular networks. Why simple pseudonym change is not enough,” IEEE WONS, pp. 176–183, 2010.
![Page 6: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/6.jpg)
66
Problem Statement – cont’
• How to prevent the statistical attack?– Assign multiple pseudonyms to nodes– Let nodes exchange their pseudonyms with each other
• Pseudonyms exchange should be carried out on a covert channel established on top of existing beaconing framework– Exchange their pseudonyms in corrupt beacons with the
help of a shared secret (key) among the exchanging parties• Revocation should be still possible• [8] provides an outline, but is without a firm detail
![Page 7: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/7.jpg)
77
Agenda
• Introduction• Problem Statement• Covert Communication-based Privacy Preservation
– Protocol Outline– Covert Communication– Proposed Covert-based Scheme
• Quantitative Evaluation• Conclusions and Future Work
![Page 8: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/8.jpg)
8
Protocol Outline
• Design Rationale– Identity exchange-based privacy preservation
• Unintended should not determine whether the exchange happens• Intermingle the exchange messages part of normal conversation
– Conditionally deniable– Privacy-preserving
• Minimize the use of cryptography and use natural ways to secure the communication
• No need for additional infrastructure or message structure to add this functionality
• Using others’ pseudonyms is good until and unless you can trace back when needed
![Page 9: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/9.jpg)
9
Protocol Outline – cont’
• Design Goals– Exchange pseudonyms for privacy preservation– Use covert channel to exchange the pseudonyms
• Only intended receivers know the position of the information in the corrupted beacon
– Provision of anonymity through pseudonym exchange– Unlinkability through pseudonym-exchange
??
?
![Page 10: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/10.jpg)
1010
Covert Communication
• Observation: Wireless is Noisy– Noise is a non-stationary and random process
– Idea: Use the random properties of wireless channel noise to hide secret message
• Packet corruption can be caused by interference, multipath, non-wifi, collisions, hidden terminals, low signal strength, etc.
• Hide messages in corrupted packets• Challenge: Make message indistinguishable from “normal”
corruption
![Page 11: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/11.jpg)
1111
Covert Communication – cont’
Rivest et al. “Chaffing and Winnowing: Confidentiality without Encryption.” Cryptobytes 4:1 pp. 12–17. 1998
• Chaffing and Winnowing [9]– Chaff
• the actual corrupted frames on the channel due to packet corruption
– Grain• the crafted frames which are deliberately corrupted by the
sender for the secret communication
• Two main security measures– Geolock key: spatio-temporal group secret– Session key: help to locate pseudonym from a
corrupted-looking beacon
![Page 12: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/12.jpg)
1212
Proposed Covert-based Scheme
• Security Goals– Deniable
• Ability to deny the communication
– Anonymous• Cannot be identified specifically
– Confidential• Adversary cannot recover message
– Robustness• Cannot be disrupted
![Page 13: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/13.jpg)
13
Proposed Covert-based Scheme
• Threat Model– Passive adversary
• Figure out the possible hidden communication• Wireless comm. is prone to such experiences
– From the messages, adversary wants to figure out who exchange identity with whom
• This leads to the traditional privacy and profilation problems
– Adversary is semi-global for some physical area• Accumulates the messages in that area to figure out the identity
exchange messages
– Ephemeral networks are going to be a challenge for even sophisticated adversary
![Page 14: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/14.jpg)
1414
Proposed Covert-based Scheme [1/11]
• Network Model
![Page 15: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/15.jpg)
15
• Baseline– Beacon-based communication– Play with the beacons frequency for covert communications– Make some beacons (frames) corrupted for intended purpose– The secret key is shared beforehand– CIT (CorruptInsertTransmit)
• Roadmap– Use the observable properties of the channel and exchange
information among users based on that channel
Proposed Covert-based Scheme [2/11]
![Page 16: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/16.jpg)
1616
Proposed Covert-based Scheme [3/11]
• Pseudonym Generation
– is the current count of generated pseudonyms– VIN is identification no. and contains 17 alphanumeric
elements according to ISO 3780– Pseudonyms databases maintained at DMV at Ras
(revocation authorities) indexed with
![Page 17: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/17.jpg)
1717
Proposed Covert-based Scheme [4/11]
• Pseudonym table at DMV
• Pseudonym table at RA
![Page 18: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/18.jpg)
1818
Proposed Covert-based Scheme [5/11]
– Encrypt two secret keys ( and ) and store in RAs
– Secret key is divided and each RA gets a share – DMV is trusted and saves the issued credentials ()
![Page 19: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/19.jpg)
1919
Proposed Covert-based Scheme [6/11]
• IEEE 802.11 frame format
• Corrupt beacon
• Same pseudonyms must be used during exchange process
Can be intentionally corrupted
Sender’s pseudonym
Actual pseudonym to beexchanged
Length of pseudonym
Shared key
Replace CRC
![Page 20: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/20.jpg)
2020
Proposed Covert-based Scheme [7/11]
– is normal beacon payload– is the length of the covert content (pseudonym)– is calculated and known to both parties
• To make it more indistinguishable, some salt is added• It is randomized• Calculated with (public), (group secret), • HMAC with session key for integrity because corrupted frame
has no other mean to check integrity
– Location-based Encryption (geolock) is used for location confidentiality
![Page 21: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/21.jpg)
2121
Proposed Covert-based Scheme [8/11]
• Geolock key ( construction
Hussain et al. “Secure and privacy-aware traffic information as a service in VANET-based clouds” in press, Pervasive and Mobile Computing, Elsevier, 2015
Only small number of spatio-temporal users can
make this
![Page 22: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/22.jpg)
2222
Proposed Covert-based Scheme [9/11]
• Exchange Initiation– Covert channel in broadcast is more challenging– flag is included (deliberate false alarms!)
• maybe sometimes even when no exchange happen• Only when there • The exchange takes place only when both the flags are
• Pseudonym Exchange– At initiator ()– Establish session key– At receiver ()
![Page 23: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/23.jpg)
2323
Proposed Covert-based Scheme [10/11]
• Revocation– RAs collude and get the warrant– Search for the used pseudonym with the value – Search the exchange record in PER table– Construct from – The session leader decrypts the keys
– Decrypt to extract
![Page 24: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/24.jpg)
2424
Proposed Covert-based Scheme [11/11]
• Revocation algorithm
![Page 25: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/25.jpg)
2525
Agenda
• Introduction• Problem Statement• Covert Communication-based Privacy Preservation
– Protocol Outline– Covert Communication– Proposed Covert-based Scheme
• Quantitative Evaluation• Conclusions and Future Work
![Page 26: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/26.jpg)
2626
Quantitative Evaluation [1/4]
• Security and Conditional Privacy– Exchange process is confidential– Without knowing , hard to follow the exchange process – is used to secure the beacon from outsiders and
insiders– When beacon with wrong CRC is received, only the
intended receivers try to retrieve the information from it– Revocation is possible at any level of the pseudonym
exchange and of the immediate user of the pseudonym is subject to revocation
![Page 27: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/27.jpg)
2727
Quantitative Evaluation [2/4]
• Theorem III.1. Proposed scheme increases the privacy of the user through exchanged pseudonyms– Suppose at uses a pseudonym at – Same was used by at at – If and are at ‘safe distance’ then
• is the distance travelled by the vehicle
• Theorem III.2. Revocation at any level is possible– Pseudonym exchange history table
• Which pseudonym was exchanged at what time• Latest pseudonym exchange will help to find out the
immediate user of the pseudonym
![Page 28: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/28.jpg)
2828
Quantitative Evaluation [3/4]
• Computation and Communication Overhead– Comm. overhead is the modified beacon frequency– Revocation cost
• Direct revocation
• Indirect revocationDirect revocation is done when the sender of pseudonym is the owner
of pseudonym, whereas indirect revocation is done when the
pseudonym is exchanged with someone else
![Page 29: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/29.jpg)
2929
Quantitative Evaluation [4/4]
• Comparison with known schemes
![Page 30: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/30.jpg)
3030
Agenda
• Introduction• Problem Statement• Covert Communication-based Privacy Preservation
– Protocol Outline– Covert Communication– Proposed Covert-based Scheme
• Quantitative Evaluation• Conclusions and Future Work
![Page 31: 1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,](https://reader036.vdocuments.net/reader036/viewer/2022062309/5697bfc81a28abf838ca889c/html5/thumbnails/31.jpg)
3131
Conclusions and Future Directions
• Privacy preservation in VANET• Identity-exchange based mechanism
– Pseudonyms are exchanged on a covert channel– Conditional privacy guarantees revocation
• Future Work– Implementation of covert communication– Incorporate the protocol to existing work for privacy
enhancement– Optimize covert channel in broadcast environment– Pseudonym exchange at multiple levels