Privacy in Vehicular Ad-hoc Networks Nikolaos Alexiou, LCN, EE KTH alexiou@kth.se 2/10/2012
Outline •Introduction •VANETs: an overview •VANET privacy - Anonymity - Location Privacy - VPKI •Privacy Attacks •Countermeasures •Conclusion 2012-10-04 Illustrations from Car2Car Consortium, unless specified otherwise
VANETs: An overview 2012-10-04
VANETs: An overview (cont'd) •V2V Communications: - Safety applications - Location Based Services - Proprietary Applications •Two types of messages: - Cooperative Awareness Messages (CAM) - Decentralized Enviromental Notification Messages (DENM) 2012-10-04
VANETs: An overview (cont'd) •CAM messages: - Beacons, periodically sent - Basic status information (speed, location, acceleration, vehicle identifier ) - Very important for safety applications - A vehicle's neighborhood receives these messages •DENM messages: - Report information related with events - Sent on event detection - Contain: event location, timestamp etc - Usually distributed to many vehicles over a large area 2012-10-04
VANETs: An overview (Cont'd) •V2I Communications: - Vehicle to RSU (Road Side Units) - VANET Services: • Location based Safety Applications • • Proprietary: eg Tolling Systems - Privacy Services - 802.11p / LTE 2012-10-04
Privacy & threats?
V2V/V2I communications •V2V and V2I communications expose sensitive data: - To other vehicles - Eavesdroppers - To infrastructure •[1] CAM messages contain information such as: - Direction to be taken - Vehicle length - Vehicle width - Occupancy (passengers as percentage) •Anonymity: conceal identity •Location Privacy: position cannot be systematically recorded [1]ETSI TS 102 637-2 V1.2.1 (2011-03) Picture:P. Papadimitratos, L. Buttyan, T. Holczer, E. Schoch, J. Freudiger, M. Raya, Z. Ma, F. Kargl, A. Kung, 2012-10-04 and J.-P. Hubaux, "Secure Vehicular Communication Systems: Design and Architecture," IEEE Communications Magazine, November 2008.
Authentication in VANETs •Each vehicle should be identifiable - To develop services and applications - To issue tickets - To resolve accidents •Vehicle authentication can be achieved using a PKI → the Vehicular PKI (VPKI) •Each vehicle will store: - private keys to sign packets - public keys signed by a CA (eg the car manufacturer) • Certificates For other vehicles and infrastructure to verify packets • 2012-10-04
VANET Privacy (Cont'd) image: P. Papadimitratos, L. Buttyan, T. Holczer, E. Schoch, J. Freudiger, M. Raya, Z. Ma, F. Kargl, A. Kung, J.-P. Hubaux, 2012-10-04 Secure Vehicular Communication Systems: Design and Architecture
Generally about privacy: Why? •If you have nothing to hide, why do you need privacy? •If I have nothing to hide, you have no cause to watch me. •Who defines what is wrong behavior or not? Bruce Schneier on Security, Chapter 4: Privacy and Surveillance 2012-10-04
So far we know: •V2V/V2I communications leak information •Privacy threat - Anonymity - Location Privacy •VPKI needed to authenticate vehicles - Certificates from a trusted CA •The next question is... 2012-10-04
How to protect privacy in VANETs?
Pseudonyms: Anonymity •Pseudonyms to provide anonymity •Where and how to store pseudonyms at the car? - Hardware Security Module (HSM) - Tamper-Proof crypto device - Corner stone of in-vehicle security •How to obtain pseudonyms? •How to protect location privacy? •Why need many pseudonyms? 2012-10-04
Pseudonyms: Location Privacy Each pseudonym is valid for a specific period of time 2012-10-04
The VANET Architecture •Vehicular Public Key Infrastructure - pseudonyms signed by CA Pseudonym Certification • Authority (PCA) - Why? Trust in signatures • •PCA per manufacturer? •Hierarchical VPKI - Cross-certification between countries 2012-10-04
How to generate pseudonyms? •Each vehicle can generate a set of: - Private/Public keys in the HSM - A large set of keys (e.g to be enough for a week) - Short life-time • Each needed for a limited number of beacons •Public keys need to be signed by a CA - Send over wireless to be signed •Private keys stay in the HSM •Pseudonymous Certificates: A signature of a CA over each of the public keys 2012-10-04
A first bad VPKI architecture example
Pseudonymous Certificates PCA EPuKpca{Sigv(Alexiou, KBZ 5567,t),Certv(PuKv)}* EPuKv{Sigpca(Sheldon1)...Sigpca(Sheldonx)}* *This is just an illustration example 2012-10-04
Pseudonymous Certificates (Cont'd) PCA EPuKpca{Sigv(Alexiou, KBZ 5567,t),Certv(PuKv)}* EPuKv{Sigpca(Sheldon1)...Sigpca(Sheldonx)}* Preserves location privacy and anonymity for V2V The PCA knows who (alexiou) and which (pseudonyms) 2012-10-04
Pseudonymous Certificates (Cont'd) •The vehicle should be protected against the infrastructure •The PCA must NOT learn the identity of the vehicle or the driver •To achieve that, another authority is needed •Long Term Certification Authority (LTCA) - Holds real information of the vehicle (and possibly the drivers) •The new architecture - LTCA: knows only real identities - PCA: knows only pseudonyms 2012-10-04
A better VPKI architecture example
Pseudonymous Certificates (Cont'd) PCA EPuKpca{EPuKLTCA(Alexiou, KBZ 5567,t),Certv(PuKv)}* LTCA EpuK_ltca(Alexiou,KBZ5567,t) OK (You can grant pseudonyms) EPuKv{Sigpca(Sheldon1)...Sigpca(Sheldonx)}* SK_pca PuK_pca SK_ltca PuK_ltca 2012-10-04
Pseudonymous Certificates (Cont'd) PCA EPuKpca{EPuKLTCA(Alexiou, KBZ 5567,t),Certv(PuKv)}* LTCA EpuK_ltca(Alexiou,KBZ5567,t) OK (You can grant pseudonyms) EPuKv{Sigpca(Sheldon1)...Sigpca(Sheldonx)}* SK_pca PuK_pca Doesn't know who SK_ltca PuK_ltca Doesn't know which 2012-10-04
Pseudonymous Certificates (Cont'd) PCA EPuKpca{EPuKLTCA(Alexiou, KBZ 5567,t),Certv(PuKv)}* LTCA EpuK_ltca(Alexiou,KBZ5567,t) OK (You can grant pseudonyms) EPuKv{Sigpca(Sheldon1)...Sigpca(Sheldonx)}* SK_pca PuK_pca Doesn't know who SK_ltca PuK_ltca Doesn't know which A possible threat?? 2012-10-04
Pseudonym Resolution Resolution Authority Tell me which? PCA EPuKpca{EPuKLTCA(Alexiou, KBZ 5567,t),Certv(PuKv)}* LTCA EpuK_ltca(Alexiou,KBZ5567,t) OK (You can grant pseudonyms) EPuKv{Sigpca(Sheldon1)...Sigpca(Sheldonx)}* SK_pca PuK_pca Doesn't know who SK_ltca PuK_ltca Doesn't know which 2012-10-04
Pseudonym Resolution Resolution Authority Tell me who? PCA EPuKpca{EPuKLTCA(Alexiou, KBZ 5567,t),Certv(PuKv)}* LTCA EpuK_ltca(Alexiou,KBZ5567,t) OK (You can grant pseudonyms) EPuKv{Sigpca(Sheldon1)...Sigpca(Sheldonx)}* SK_pca PuK_pca Doesn't know who SK_ltca PuK_ltca Doesn't know which 2012-10-04
Pseudonym Resolution •When does the resolution happen? - Accidents - Misbehavior •Alternative resolution methods exist - [2]: encrypting vehicle's identity with Res. CA's PuK - Others: additional CA's for: • Misbehavior, Grant of Access, Legal Aspects [2] Kargl, F. ; Zhendong Ma ; Weber, M. , V-Tokens for Conditional Pseudonymity in VANETs 2012-10-04
Pseudonym Revocation •Certificates will eventually expire •Vehicles may - Misbehave - Destroyed - Retired •Revocation of pseudonym certificates to prevent malicious behavior 2012-10-04
Other Pseudonymous Schemes •Group Signatures - Hide the identity within a group of vehicles - Each vehicle stores: • A group secret key • A group public key Tokens for revocation • •Problems: - Efficiency - More difficult to handle revocations - Difficult to handle dynamic groups 2012-10-04
Attacks against location privacy
Tracking attacks: Location Privacy •Each beacon contains the vehicle's location/direction etc •Adversaries can collect the beacons •LP is highly dependable on the anonymity set - E.g. how many cars on the road? •Cannot assume that vehicles can change pseudonyms for each packet transmitted 2012-10-04
Tracking attacks: Location Privacy •Change pseudonyms to avoid tracking •Beacon frequency e.g. 10Hz •Given that there are many cars on the road: - It should be very difficult to track a vehicle •Is this the case? - Multi-hypothesis testing, kalman filters 2012-10-04
Multi-Hypothesis testing: An overview •Tracking as data association problem - Position & velocity •For each measurement a new set of data association hypothesis - Essentially guessing the next state •New measurements arrive •Probability of association of the guess to the measurement •Higher probability is chosen 2012-10-04
Tracking Results Images: B. Wiedersheim, F. Kargl, Z. Ma, and P. Papadimitratos, 2012-10-04 “Privacy in Inter-Vehicular Networks: Why simple pseudonym change is not enough”
Reasoning about Location Privacy •How to increase: - Increasing pseudonym changing frequency - Spatial noise • Impact on safety? •Adversarial models - Eavesdropper: needs many devices - Internal: is the most dangerous one •What else could be done? - Mixing zones 2012-10-04
Recommend
More recommend