SAT: Situation Aware SAT: Situation Aware Trust Architecture for Trust Architecture for Vehicular NetworksVehicular Networks

Xiaoyan Hong, Univ of Alabama

Dijiang Huang, Arizona State Univ

Mario Gerla, UCLA

Zhen Cao, UCLA

Vehicular Networking AppsVehicular Networking Apps Safe navigation:

◦ Forward collision warning ◦ Advisories to other vehicles: ice on

bridge, congestion ahead, etc

Potholes

Forward Collision Warning

Non safety applications◦ Traffic monitoring (with

navigator)◦ Pollution probing◦ Pavement conditions (e.g.,

potholes)◦ Content distribution◦ Urban surveillance

Primary security goals: ◦ Message integrity and

authentication

◦ Detect misuse by naïve or malicious drivers.

◦ Guarantee message sender

privacy

Existing Trust in Vehicle NetsExisting Trust in Vehicle Nets

Hey buddy, traffic ahead

Entity Trust

Are you serious?-origin integrity-data integrity

Hey buddy, traffic ahead

Are you serious?-data evaluation-decision on event

Data Trust

• Not adaptive to situation changes.• Mostly a reactive approach• Can we be more proactive ??

Situation Aware Trust for VANETsSituation Aware Trust for VANETs

Are you kidding?I am on a country road

Hey buddy, traffic ahead

Key properties: protective and predictive building of cryptographic foundation for trustworthy exchange Proactive approach: set trust/security parameters

ahead of time (secure key, unique waveform, etc) Reduce on-line security/trust verification time Enable security/trust in exceptional situations

How to become Situation How to become Situation Aware?Aware?

time place affiliation

Attribute based Trust • Situation elements are encode into attributes• Static attributes (affiliation)• Dynamic attributes (time and place) ……

Dynamic attributes can be predicted

Proactive Trust • establish trust in advance• predict based on mobility and location service

Attributes bootstrapped by social networks

Social Trust • Bootstrap initial trust• Transitive trust relations

Situation?

An attribute based situation example:Yellow Cab AND Taxi AND Seattle Street AND 10-11pm 8/22/08

Security on attribute and policy Security on attribute and policy groupgroupburden is on receiver - must update private key every burden is on receiver - must update private key every hour/street??hour/street??A driver wants to alert taxi of

companyA on Washington Street between 10-11am that there was an accident somewhere nearby

Extension of Attribute based Encryption (ABE) scheme [IEEE S&P 07] to incorporate dynamic access tree Attribute (companyA AND

taxi AND Washington St. AND 10-11am)

Extended ABE Module

Ciphertext

Signature

plaintext

Receivers who satisfy those encoded attributes (have the corresponding private key) can decrypt the message

Attribute based encryptionZheng, can you please use a

graphic vignette to show operation of ABE

Say KSP function (KSP?)ABE like PKI, but no need for

central authority, etc

8

Attributed-Based Attributed-Based Encryption(ABE)Encryption(ABE)

Encrypt Data with descriptive “Attributes”

Users Private Keys reflect Decryption Policies

Based on Identity based Encryption and Secret Sharing, not need for credentials as long as the attributed based policy is known

master-key

CA/PKG

Authority is offline

Encryptw/attributes

9

Access Control via Situation-aware Access Control via Situation-aware Policy TreePolicy Tree

PK=Public Key

MSK=Master Secret Key

SKSarah:“companyA”“10:30am”“Washtington St.”

SKKevin:“companyA”“10: 20 am”“Westwood”

AND

companyA AND

10-11 am Washington St.

Sandra thesender

Authority

SAT Architecture: supporting situation awarenessSAT Architecture: supporting situation awareness

SAT layer

• Perception: communicate & sense environments

• Comprehension: extract & aggregate situations

• Projection: predict & create action profiles

• Assessment: evaluate and adjust trust situationsSupporting and trust layer (STL)

• Security primitive

• Comm. primitive

• Portal manage

Social Trust ModelSocial Trust ModelHow are you?

People like to socializeSocial trust is amplifier

In case of infrastructure failure, e.g., messenger is blocked by traffic

Social network help maintain trust◦ People gang up into communities

◦ Elected Leader is MASTER and constructs policy group (ie, Attribute Tree associated to group)

◦ Mobile users are situation aware

◦ ABE based Authenticate and encrypt

Future work:◦ How to establish social networks securely (eg authentication of

social graph update information)◦ How to incoporate social relations to SAT: social network

provides dynamic attributes in the policy tree.

SummarySummarySituation Aware Trust Architecture

◦ Handles dynamic attribute tree based on situation assessment

SAT architecture components◦ Attribute based trust ◦ Proactive trust◦ Social trust ◦ Architecture enabling the model.

Contribution to VANET: mobile proactive security for trustworthy communication!

Future work: Performance Evaluation of the proposed scheme via simulation and testbed experiments

Thanks for your attentionThanks for your attentionDo NOT rent a cab without SAT