trusted computing in vanet

AWERProcedia

Information Technology &

Computer Science

1 (2012) 928-933

2nd World Conference on Information Technology (WCIT-2011)

Trusted computing in vehicular ad hoc network (VANET)

Irshad Ahmed Sumraa, Halabi Hasbullah

a, J. Ab Mananb

, Iftikhar Ahmadc, M.Y

Aalsalemd

1Department of Computer and Information Sciences, Universiti Teknologi PETRON AS, Bandar Seri Iskandar, 31750 Tronoh, Perak, Malaysia.

2

Advanced Analysis & Modeling Cluster, MIMOS BerhadTechnology Park Malaysia, 57000 Kuala Lumpur, Malaysia . 3Department of Software Engineering, College of Computer and Information Sciences,P.O. Box 51178, Riya dh 11543, King Saud University,

Riyadh, KSA. 4Faculty of Computer and Information System Jazan University Saudi Arabia

Abstract

Trust is the key part of the security and challenges task in future life safety vehicular communication. Vehicular communication is based on peer to peer communication and each peer has embedded sensors inside and performs all computational tasks as well as security functions. The trusted Platform module (TPM) is used inside the vehicle and plays a key role to establish trust within the vehicle and also with other vehicles and network infrastructure. In this paper, a protocol

is proposed which is based on a property based attestation (PBA) also known as Vehicular Property based attestation Protocol (VPP). In this proposed protocol, it is not based on the properties of the hardware and software of the vehicle; rather it depends on the static or dynamic properties of the system which has been pre configured. We would expect that

the protocol will fulfil the need for a more secure and trusted mechanism for users using the safety and non-safety applications and services in the vehicular network. Keywords: Security, Trust Safety and non Safety applications, Attacker, Trusted user, Behavior, Malicious User, Trust levels.

Selection and peer review under responsibility of Prof. Dr. Hafize Keser.

2012 Academic World Education & Research Center. All rights reserved.

1. Introduction

Trusted Computing Group (TCG) is a non profit group whose aim is to define a set of specifications that will create a trustworthy computer system with a trusted platform. The main idea behind these specifications is to enhance security in computer networks by using a security hardware module (called the Trusted Platform Module).Trust is the key security module of any system and the TCG has defined trust as Trust is the expectation that a device will behave in a particular manner for a specific purpose [1].

ADDRESS FOR CORRESPONDENCE: Irshad Ahmed, Sumra, Department of Computer and Information Sciences, Universiti Teknologi PETRON AS, Bandar Seri Iskandar, 31750 Tronoh, Perak, Malaysia.

E-mail address: [email protected]/ Tel.: +60125586597

*

*

Irshad Ahmed Sumra/ AWERProcedia Information Technology & Computer Science (2012) 928-933

NODEA

NODEB

RSUNODEA

TPM TPM TPM TPM

Considering this definition in the context of VANET, it may be defined that all components of the network (vehicles and road side units) are behaving in an expected manner (trusted communication between the components) and serve users through their safety and non safety applications. The user, vehicle and RSU are the main components of a vehicular network and it is necessary in a trusted computing environment that they behave in the expected manner and serve the user through safety and non safety applications. With new applications being deployed in VANET arise new questions for security requirements in a heterogeneous network. Due to the high mobility of vehicles which makes it to become a dynamic network topology, it is very difficult to ensure security and trust. An import factor to consider in such an environment is the behavior of the various components (users, vehicles and road side unit (RSU)) of the vehicular network.

Hartenstein et al. [2] describes the two basic properties in a Trusted Computing based VANET;

The sender sends messages (safety and non safety) in vehicle to vehicle or vehicle to road side unit (RSU) is accepted as a trusted entity.

The content of the message source is not changed during transmission, i.e. it meets the integrity requirement.

If for whatever reason, a vehicle in a vehicular network does not behave in an expected manner or changes its behavior, then many human lives are possibly affected. Hence it is absolutely necessary to embed some security hardware module inside the main components of the vehicular network (vehicle, RSU) to ensure that we can know the status of its trustworthiness. The trusted platform module (TPM) is the main component of the TCG specification and it provides secure storage and resistance to software attacks inside the vehicle. Fig.1 shows that each module of the vehicular network is embedded with security hardware module i.e. TPM which would enable monitoring of the behavior of the vehicle and also road side unit (RSU).

Fig. 1 TPM ensure the behavior of the entities in VANET Fig.2 Vehicular Trusted Platform (VTP)

Trusted Platform: Sadeghi and Stuble [3,4] defineed some general functionalities of a trusted plaftrom and these functionalities in a vehicular netwrok have been considered here and are given as follows.

(a) Hardware and software integrity: Trusted platfroms ensure the integrity of the hardware, software and embeded senors of the vehicle. It is required that all embedded modules inculding the software of the system will perform their tasks accurately. During the storage and execution of application data, the integrity of the users personal information should be maitanined. (b) Confidentiality of Data: TPs ensure a secure channel and trusted path between the different applications and they also provide confidentility, intergirty and authenticity of user data. (c) Platform Attestation: it is a very important task in a trusted platform and it is definded as the process that shows the accuracy of the information. The following are types of attestations used in trusted plaforms. (d) Attestation by TPM: It provides the proof of the data that is only known by the TPM. It is necessary to first attest to the TPM, because the TPM provides the root of trust and also plays a key role in developing the trusted computing envrionment. (e) Attestation to the Platform: In a vehicle there are many embeded sensors and it is very important to make attestation of the platform.TPMs communciate with other componets of the plaftorm and should be ensured that all components of the trusted paltfrom work properly. Integrity metrics reports provide the proof of the trusted platform and this report is provided by the platform credential.Attestation of the platform is an important thing and checks that the platform of any particular moduleof the network is behaving in a proper manner for any particular task.

929


George et al. [5] defines the attestation as Attestation is the activity of making a claim to an appraiser about the properties of a target by supplying evidence which supports that claim. An attester is a party performing this activity. An appraiser's decision-making process based on attested information is appraisal. Aarthi et al. [6] describes the two phases of attestation of a platform. (a) All the operations that correspond to the secure collection and storage of stated information. (b) provides the safe reporting of that information to a third party. TPMs use special kinds of registers i.e. Platform Configuration Registers (PCR) and the purpose of these registers is to securely store the measurement values inside it. This paper is divided into three sections; Section 2 discusses in detail the related work in the field of trusted computing in vehicular communication. In Section 3, vehicular property based attestation protocol (VPP) is proposed and the internal and external attestation mechanism in a vehicular network is explained. The VPP is actually based on a property based attestation and a detailed explanation as to why a PBA with its unique features was chosen as compared to any other attestation method is given. Finally, Section 4 describes the conclusion.

2. Related Work

Frederic et al. [7] described the trust, security and privacy in a VANET environment who gave an overview of trusted computing and its core component i.e. the TPM. The core functionality of a TPM is to provide the root of trust in a platform. A TPM has a set of registers for recording the platform states, secure volatile and non-volatile memories, a random number generator; a SHA-1 hashing engine; and asymmetric key generation, encryption and digital signature capabilities. The special kinds of registers called Platform Configuration Registers (PCRs) are used to store the integrity values. The following function are used to calculate the PCR register N values and cryptographic hash function used by the TPM through SHA1 and || denotes a concatenation in eq.(1).

Extend (PCRN ; value) = SHA1 (PCRN || value) (1) Their proposed solution is based on two main schemes: (a) Attestation of virtualized system components and (b) secure revocable anonymous authenticated communication. Since the TPM chip itself is temper proof, it is used to ensure that the sensitive software components are not tampered and to store the results in a protected storage. The authors have proposed a multi-layered security protocol (Secure Revocable Anonymous Authenticated Inter-Vehicle Communication- SRAAC) that enables a vehicle to take part in inter-vehicle communication for safety information. The proposed SRAAC Protocol (Secure Revocable Anonymous Authenticated Inter-Vehicle Communication) has the following components: AA (authentication authority), OBU (on-board-units) and ICS (inter-vehicle communication certificate servers). Arbitrary validity time, OBU collusion attacks and Injecting false safety messages are some of the possible attacks which the authors have mentioned. Also mentioned is a solution to prevent SRAAC attacks, which is by using a trusted inter- vehicle communication certificate (T-IVC) and this solution is based on tampering with the software running on the vehicles. Hisashi et al. [8] proposed a new attestation based security architecture for a vehicle network. The author discussed proposed vehicles embedded with electronic control units (ECUs). This vehicle is able to communicate with other public networks and make use of many kinds of safety and non safety services. Authors however noted that this vehicle will suffer from a wide variety of threats and the embedded ECUs may execute malicious programs because of possible tampering. The proposed vehicle makes use of TPM to provide remote attestation mechanism to mitigate such kinds of issues. In summary the proposed security architecture provides (a) authentication of the software configuration (b) authenticated and encrypted communication and (c) flexibility of replacement. And finally, the author believes that the proposed key pre-distribution system (KPS) based architecture has a lower security overhead than the RSA-based.

930


3. Vehicular Property Based Attestation Protocol (VPP)

The foundation of the Property Based Attestation (PBA) [9] is binary attestation; however it has been extended to attest to the security properties, behavior or functions of a system of the system. In comparison to hash measurements, the information available which fulfills one or more security properties would be more useful to a verifier. By using PBA in VANET, issues such as disclosure of a platform configuration, lack of flexibility and less scalability which are some drawbacks to binary attestation [10] would be resolved.

Our proposed protocol is also based on the PBA protocol which provides attestation on some security properties in a vehicular environment. We view that attestation is critically necessary for vehicles and RSU trusted platforms. In this proposed protocol, the focus is mainly on properties making attestation on the basis of the required properties only which should be dynamic and may consist of security, trust or privacy properties. If users conform to the required properties for using the applications or services, then they would be allowed to become a part of the network and use the services. VPP is divided into two parts. Internal Attestation: A smart vehicle has many embedded sensors inside the vehicle and it must communicate with and attest all sensors by using the TPM. Electronic Control Units (ECU) should be first attested internally which assures its integrity for any changes its behavior using the TPM, and handles situations which does not conform to internal attestation. Liqun et al. [11, 12] proposed a model whereby the sensor information also is being saved inside the registers of the TPM. They also proposed three algorithms of the PBA system model as shown in Fig.3 (a) which explains the internal attestation mechanism. Setup: This is the first probabilistic algorithm that is used in the setup phase and it provides the security parameter 1k.This algorithm selects a set of public parameters which are used to run the PBA protocol and generate a private/public key pair for the TPM. The status of embedded sensors is also saved in the PCR register of the TPM. Sign: The sign algorithm takes as its input configuration values CSp, list of configuration values CS and nonce Nv. The output of this algorithm is the signature . Verify: This algorithm takes the candidate signature and the CS as inputs and produces output values which can be of two possible values 0 or 1. The valid signature is taken from the CS and assigned the 1 value; which means it is accepted, otherwise if the value is 0, it will be rejected.

- Speed of vehicle

- Direction of vehicle - Position of vehicle - Unique Identity of vehicle - Type of vehicle: Private/ Govt.

- Property List (Lp): LSP, LDP - Behavior of user (BU): Normal/Malicious

- Service region (SR): local/global Fig.3 (a) Internal Attestation Fig.3 (b) External attestation Fig.3 (c) List of Properties (Lp)

External attestation: If users meet the pre service requirements of the property list (Lp) as shown in Fig 3 (c), then external attestation should be performed. External attestation is required when users send messages (m) to other users and also want to communicate with the RSU. Messages could be safety or non safety, and the communication type may also change i.e. vehicle to vehicle or vehicle to road side unit (RSU). Our own properties list has been defined and on the basis of this list, attestation has been performed while communicating with other vehicles or the RSU of the network. These properties are not static; they are dynamic and government authorities of any country or any other vehicular authorized party can configure their own properties based on their own security, trust and privacy requirements. Fig.3 (b) describes the external attestation mechanism in which vehicle A communicates with other vehicle B and sending message (m) with list of properties (LpA). Other vehicle B checks the list of property and if vehicle A meets the required property then

RSUVehicle AVehicle B

mA, LpA

Vehicle A

mA, LpA

931


the latter accepts the message. When vehicle A wants to communicate with road side unit (RSU), it will also send a message with property list and RSU checks the required properties and attest it and give permission to take required services. This proposed protocol provides the following unique features. Roaming Concept: In this concept, we assume users travel in their vehicles from one area to a different area. So it is necessary to provide applications and services in the new area and the users must be accepted as part of the vehicular network. Malicious Behavior: Attackers dynamic behavior is a challenging task for other users of the network. Whenever users change their behavior (which can be a possible attacker), then their messages should not be attested i.e. if an attacker increase the vehicles speed from some specific range then it should be excluded from the network. Communication in Red Zone Area: Some areas are very restricted due to army activity so local users cannot perform their communication in that red zone area due to security reasons. Only army vehicles can perform tasks in that specific region. VIP movement: Government vehicles and also any official visit of any official person in some city areas have the need for configuration of some different kinds of security properties and local users cannot communicate with that specific group of vehicles. Maintain the Property list: In property lists, the features or behaviours of any component of the network can be included. When the platform of the vehicle is considered, then the software and hardware and other embedded sensors of the vehicle will also be considered and their behaviour will be checked related to any security policies. There are two types of properties defined here. Fig.3 (c) show the list of properties which we can change based on requirements. Static Property List (LSP): It is a fixed property list in which all users are covered and can make communication between vehicles and also with the road side unit (RSU).Government authorities are the ones who configure it and other users follow it; one copy of this list is copied onto vehicles. When they want to communicate with other vehicles or with a road side unit, then this list is checked and if they meet the requirements of the property list, they can perform their required task otherwise it will not possible for them to do so. Dynamic Property List (LDP): There is flexibility for government vehicles (police, ambulance and army) to change their property lists according to the situation. Police make a plan to perform some operation against terrorists in some specific region so they configure their properties in their group of vehicles to provide more secure communication between the users of those particular vehicles. 4. Conclusion Trusted computing ensures security and trust in a vehicular environment. The TPM is the key module of a trusted computing group (TCG) and plays a key role for the security of a platform. The attestation mechanism is to ensure the security of the platform and the Property based attestation is one of the possible attestation mechanisms used to attest platforms on the basis of some particular properties. In this paper, a protocol has been proposed and this protocol is based on the property based attestation (PBA).The purpose of using this attestation method in a vehicular network is due to its dynamic behavior and the high mobility of the network node. More research is needed to define more security, trust and privacy properties for attestation purposes and to make secure and reliable communication between users and with the infrastructure. As compared to the DAA attestation method, the PBA is more suitable for a vehicular environment, due to its nature of being more complex. Configuration of the security properties (policies) will be a challenging task in different countries and this task can be considered in future directions. Acknowledgements This work is funded by Universiti Teknologi PETRONAS postgraduate assistantship scheme in Collaboration with MIMOS Berhad.

932


References [1] A.L. Thorp, Attestation in Trusted Computing: Challenges and Potential Solutions, Technical Report, 31st March 2010. http://www.rhul.ac.uk/mathematics/techreports [2] H.Hartenstein, K. P. Laberteaux, A tutorial survey on vehicular ad hoc networks, Communications Magazine, (2008), IEEE 46(6) : 164-171.

[3] Trusted Computing Group.TCG specification architecture overview, version 1.2, april 2004. [4] X-Yong et al. An Efficient Attestation for Trustworthiness of Computing Platform. Intell igent Information Hiding and Multimedi a Signal

Processing, 2006. IIH-MSP '06.

[5] George Coker et.al , Attestation: Evidence and Trust, 10th International Conference on Information and Communications Security ICICS '08, LNCS 5308, pp. 118, 2008.

[6] A.Nagarajan, et al. Property Based Attestation and Trusted Computing: Analysis and Challenges. Network an d System Security, NSS '09, 2009. pp: 278 285.

[7] Frederic et.al ,Trust, Security and Privacy in VANETs A Multilayered Security Architecture for C2C-Communication, 23. VDI/VW-Gemeinschaftstagung: Automotive Security, pp. 55-70, Wolfsburg, Germany, VDI-Verlag, 2007.

[8] H. Oguma et al.New Attestation Based Security Architecture for In-Vehicle Communication. Global Telecommunications Conference, 2008. IEEE GLOBECOM 2008.

[9] A.R. Sadeghi, C.Stuble, Property based Attestation for Computing Platforms: Caring about properties, not mechanisms, New Security Paradigms Workshop (NSPW) 2004.ACM New York, NY, USA.

[10] J.Poritz et.al,Property AttestationScalable and Privacy-friendly Security Assessment of Peer Computers, IBM Research GmbH, Zurich

Research Laboratory,8803 Ruschlikon Switzerland (Research Report 05/10/04). [11] Liqun Chen et.al,Property-Based Attestation without a Trusted Third Party,11th international conference on Information Security,ISC '08,

pp 31-46. [12] Liqun Chen, A Protocol for PropertyBased Attestation. In: Proceedings of the 1st ACM Workshop on Scalable Trusted Computing (STC),

November 3, 2006, Alexandria,Virginia, USA. ACM. Nova Scotia Canada,2006, pp.7-16.

933

trusted computing in vanet

Documents