Efficient Secure Aggregation in VANETs

Maxim Raya, Adel Aziz, and Jean-Pierre Hubaux

Laboratory for computer Communications and Applications (LCA)

EPFL

2

Outline

Motivation

Attacker model

Secure group formation

Secure aggregation mechanisms

Simulation results

Conclusion

3

Why efficient secure aggregation?

VANET security is indispensable but expensive De facto security: limited flooding of signed messages

Since many vehicles broadcast the same event, why not try aggregation?

1. Can we make it work in VANETs?

2. And can we make it secure?

The answer is in this presentation and it is: YES

Verifier

Signer

VerifierVerifier Safety message

Cryptographic material

{Position, speed, acceleration, direction,

time, safety events}

{Signer’s DS, Signer’s PK, CA’s certificate of PK}

4

How to make aggregation efficient and secure?

Requirements:• Channel efficiency

• Low delay

• Data correctness

• Non-repudiation

We propose 3 solutions:• Combined signatures

• Overlapping groups

• Dynamic group key creation

5

Who is the attacker?

Major threat: false information dissemination

Assumption:

Any group of more than 2 vehicles should contain a majority of honest nodes under normal density conditions

6

The secret of efficient aggregation: groups

Geographic group boundary

Group

Group communication

Group leader

Information is relayed between groups, not individual vehicles

7

How to make a group?

Preset groups: efficient but not flexible On-the-fly groups: flexible but not efficient Location-based groups: efficient and flexible

• The keyword is where and not who a vehicle’s neighbors are

Group formation step-by-step:1. Dissect the map into small area cells, each defining a group

2. Load map dissection function/dissected maps into vehicles

3. Cells (groups) overlap to ensure handover

4. One option for leader election: group leader = vehicle closest to center (with lowest ID if many), elected for a given duration

5. A vehicle checks its GPS position to determine its cell (group)

8

Group formation

9

Group formation

Cell

Overlap

TX range = 300 m

Cell size = 400 m

Leader

Not to scale

10

Group formation

I am in cell X

11

SVGP (Secure VANET Group Protocol)

Goal: establishment of a symmetric group key

Secure groups protect the network from outsiders only

Concept: group leader transports group key to members

Subsequent messages include only a HMAC

On leave, nothing needs to be done

Vehicles at boundaries receive messages from 2 groups

12

Aggregation mechanism 1:Combined signatures

Concept: a group of vehicles reporting the same event combine their signatures

Advantages:• Overhead is grouped in one message => better channel efficiency

• A group’s combined message => the group agrees on the content

Three types of combined signatures:

m S1(m) Sn(m)...

m Sn(...(S1(m)))

C1 ... Cn

C1 ... Cn

m C1 ... CnSn(...(Sj(m)))

Concatenated signature

Onion signature

Hybrid signature

Sn-1

Si-1 Si(...(S1(m))) Sn-1

m = message, S = Signature, C = Certificate

13

Aggregation mechanism 2: Overlapping groups

Concept: vehicles in the intersections of groups make a bridge for data

Group keys and messages are distributed using SVGP

The good:

• Cheap symmetric crypto

The bad:

• Need for position verification

• Need for honest majority

• Lack of non-repudiation

Geographic group boundary

Group

Group communication

Group leader

14

Aggregation mechanism 3:Dynamic Group Key Creation

Conciliates low overhead (symmetric crypto) with non-repudiation (digital signatures)

Dynamic group scenarios (e.g., platoon)

Step-by-step:

Dynamic group

Key request1. The leader sends a key request to the CA (Certificate Authority)

2. The CA generates an asymmetric group key pair and unique IDs for members (for non-repudiation)

3. Vehicles sign messages with the new group key and include their ID

15

Simulation results

ns-2 simulator Rice scenario generator EPFL VANET patch (available at

http://ivc.epfl.ch) Cell size: 400 meters ECC with key size of 256 bits 100 simulations Simulated mechanism: concatenated

signatures Correctness level of messages:

number of supporting signatures to consider a message correct. It is 4 in our simulations

2400 m

2400

m

Scenario

Source

Destination

16

Effect of density on channel usage

17

Effect of density on message delay

18

Effect of speed on channel usage

19

Effect of speed on message delay

20

Efficiency vs. Security (correctness level)

Destination aggregation

Source aggregation

21

Conclusion

Objective: the tradeoff between efficiency and security

Efficient secure aggregation is a feasible answer:• Combined signatures

• Overlapping groups

• Dynamic group key creation

The advantages:• Better channel usage

• Lower message delivery delay

• Better data correctness and hence security

Visit http://ivc.epfl.ch and http://www.sevecom.org

22

SEVECOM (SEcure VEhicular COMmunication)

Objectives: Identification of threats and Specification of a security architecture

23

CALL FOR PAPERS IEEE Journal on Selected Areas in Communications

Vehicular Networks

• Architecture of Vehicular networks  

• Vehicle-to-Vehicle   

• Vehicle-to-Roadside  

• Security and privacy    

• Cross-layer optimization techniques 

• Mobility and traffic models  

• Protocol design (low-power, multi-channel, etc.)  

• PHY, MAC, Network Layer (Routing protocols) 

• Channel Modeling  

• Cooperative aspects of vehicular communication 

• Scalability and Availability issues in Vehicular networks 

• Safety and commercial applications

Manuscript Submission February 1, 2007

Acceptance Notification  May 15, 2007

Final Manuscript Due to Publisher July 1, 2007

Publication Date 3rd Quarter 2007

http://www.jsac.ucsd.edu/Calls/vehnetwkcfp.htm