Vehic icle-to to-Vehicle Message Content Pla lausibil ility Check - PowerPoint PPT Presentation

Vehic icle-to to-Vehicle Message Content Pla lausibil ility Check through Low-Power Beaconing Taeho Kim , Hyogon Kim Department of Computer Science and Engineering Korea University VTC2017-Fall September 24-27 2017, Toronto, Canada

Outline • Our question! • Why is it a problem? • Solution approach: Neighbor check through low-power beaconing • Simulation and result • Expanded solution • Significance and discussion 2

Background – Basic Safety Message (BSM) Part Ι , Sent at all times with each message 𝑓𝑦. Frequency: 10 Hz Transmission power: 23 dBm msgCnt MsgCount, id TemporaryID, secMark Dsecond, Compulsory lat Latitude, long Longitude, elev Elevation, Speed Speed, Heading Heading, … . Part ΙΙ , Content Part ΙΙ SEQUENCE (SIZE (1..8) ) OF Optional Part ΙΙ Content OPTIONAL, Regional SEQUENCE (SIZE (1..4) ) OF Regional Extension OPTIONAL, … 3

Our Question! • How can we believe vehicle-to-vehicle message contents? • IEEE 1609.2 addresses the security aspect in WAVE except for plausibilility • Authorized vehicle (O), Message credibility (O), Message contents plausibility (X) < A ’s checking list for B > - The existence of B (O) - Not change B ’s BSM after sending (O) - Check whether the data of B are plausible or not (X) - A , B : general vehicles A B 4

Why is it a problem? • An attacker can send its forged message directly near the road • There may exist a myriad of attacks K’ A B < A ’s ways for checking position K’ > < B ’s ways for checking position K’ > - Vehicular communication (O) - Vehicular communication (O) - Sensors (X) - Sensors (O) - A , B : general vehicles - K : an attacker sending the fake BSM - K’ : a false position for an attacker K K 5

Solution approach • Solution: Add low-power beaconing message (Whisper) for BSM contents verification d W • good : not need hardware components or sensors K • The maximum low-power beaconing distance (𝑓𝑦. 170𝑛 ) is lower than the maximum BSM beaconing distance ( 𝑓𝑦. 760𝑛 ) d W - V , U : general vehicles - K : an attacker sending the fake BSM V U - 𝑒 𝑋 : the maximum low-power beaconing d W distance 6

Neighbor check through low-power beaconing (Whisper check) • Vehicle V ’s Whisper • 𝒆𝒋𝒉(𝑫 𝑾 ) : digest of V ’s certificate d W • 𝐽 𝑊 : Whisper identifier (WID) of V • 𝑀 𝑊 : list of WIDs heard by V K V ’s whisper : • Vehicle V ’s BSM + Certificate 𝑒𝑗𝑕(𝑫 𝑾 ) 𝐽 𝑊 𝑀 𝑊 = {𝐽 𝐵 , 𝐽 𝐶 , 𝑱 𝑽 } • 𝒆𝒋𝒉(𝑫 𝑾 ) : digest of V ’s certificate • Part 1 data (Compulsory) U ’s whisper • Part 2 data (Optional) d W d W - V, U, A, B : general vehicles - K : an attacker sending the fake BSM V U - 𝑒 𝑋 : the maximum low-power beaconing A B distance 7

Neighbor check through low-power beaconing (Whisper check) • Vehicle V ’s Whisper • 𝑒𝑗𝑕(𝐷 𝑊 ) : digest of V ’s certificate d W • 𝐽 𝑊 : Whisper identifier (WID) of V • 𝑀 𝑊 : list of WIDs heard by V K V ’s whisper : • Vehicle V ’s BSM + Certificate 𝑒𝑗𝑕(𝑫 𝑾 ) 𝐽 𝑊 𝑀 𝑊 = {𝐽 𝐵 , 𝐽 𝐶 , 𝑱 𝑽 } • 𝑒𝑗𝑕(𝐷 𝑊 ) : digest of V ’s certificate V ’s BSM + Certificate : • Part 1 data (Compulsory) V ’s whisper 𝒆𝒋𝒉(𝑫 𝑾 ) 𝑒𝑏𝑢𝑏 • Part 2 data (Optional) 𝑼 𝑽 𝐽 𝐶 , 𝑒𝑗𝑕(𝑫 𝑪 ) d W d W - V, U, A, B : general vehicles 𝐽 𝑊 , 𝒆𝒋𝒉(𝑫 𝑾 ) - K : an attacker sending the fake BSM V U - 𝑒 𝑋 : the maximum low-power beaconing B A distance - 𝑈 𝑉 : list of trust vehicles’ WID and digest in vehicle U V ’s BSM 8

Neighbor check through low-power beaconing (Whisper check) K ’s whisper : • Vehicle V ’s Whisper 𝑒𝑗𝑕(𝑫 𝑳 ) 𝐽 𝐿 𝑴 𝑳 = { } • 𝑒𝑗𝑕(𝐷 𝑊 ) : digest of V ’s certificate d W • 𝐽 𝑊 : Whisper identifier (WID) of V K ’s BSM + Certificate : • 𝑀 𝑊 : list of WIDs heard by V K 𝑒𝑗𝑕(𝑫 𝑳 ) 𝑒𝑏𝑢𝑏 𝑗𝑜𝑑𝑚𝑣𝑒𝑗𝑜𝑕 𝑔𝑏𝑙𝑓 𝑤𝑏𝑚𝑣𝑓 • Vehicle V ’s BSM + Certificate • 𝑒𝑗𝑕(𝐷 𝑊 ) : digest of V ’s certificate • Part 1 data (Compulsory) U ’s whisper • Part 2 data (Optional) 𝑼 𝑽 𝐽 𝐶 , 𝑒𝑗𝑕(𝑫 𝑪 ) d W d W - V, U, A, B : general vehicles 𝐽 𝑊 , 𝑒𝑗𝑕(𝑫 𝑾 ) - K : an attacker sending the fake BSM V U - 𝑒 𝑋 : the maximum low-power beaconing A B distance - 𝑈 𝑉 : list of trust vehicles’ WID and digest in vehicle U 9

Simulation scenario • An attacker K controls 𝑒 𝐿 and broadcasts its forged messages. 120 km/h 33.3 m d K - BSMs at 10Hz, 23dBm - Whispers at 7Hz, 9dBm - K : an attacker sending the fake BSM - 𝑒 𝐿 : the distance between the attacker K K and the center of the road 10

Whisper check simulation result: “Attack success” • “Attack success”: The case that the attacker delivers its fake message to a certain vehicle at first with passing “Whisper check” • BSM + Whisper increases the Channel Busy Percentage (CBP) in some measure ( ≈ 20%) • The number of attack success per sec: The number of entering vehicles at first in the attack range during one second 4 The number of attack success / s 3.5 - BSMs at 10Hz, 23dBm 3 - Whispers at 7Hz, 9dBm (vehicles/sec) 2.5 - Vehicle speed: 120km/h 2 BSM - Vehicle-to-Vehicle 1.5 BSM + Whisper spacing: 33.3m 1 0.5 0 10 110 210 310 410 510 610 710 Attacker distance from the road (m) 11

How can we cope with much closer attackers from the road? • Attacker K receives Whisper messages from vehicles A and B • K broadcasts its forged BSM with passing “Whisper check” of A and B - 𝑒𝑗𝑕(𝐷 𝑊 ) : digest of V ’s certificate 𝑼 𝑩 𝑼 𝑪 - 𝐽 𝑊 : Whisper identifier (WID) of V d W - 𝑀 𝑊 : list of WIDs heard by V 𝐽 𝐶 , 𝑒𝑗𝑕(𝑫 𝑪 ) 𝐽 𝐵 , 𝑒𝑗𝑕(𝑫 𝑩 ) - 𝑈 𝑊 : list of trust vehicles’ WID and digest 𝐽 𝐿 , 𝒆𝒋𝒉(𝑫 𝑳 ) 𝐽 𝐿 , 𝒆𝒋𝒉(𝑫 𝑳 ) in V A ’s whisper B ’s whisper B A - 𝑒 𝑋 : the maximum low-power beaconing distance K ’s whisper K ’s whisper - A, B : general vehicles K K ’s BSM K ’s BSM - K : an attacker sending the fake BSM K ’s whisper : 𝑒𝑗𝑕(𝑫 𝑳 ) 𝐽 𝐿 𝑀 𝐿 = { 𝑱 𝑩 , 𝑱 𝑪 } K ’s BSM + Certificate : 𝒆𝒋𝒉(𝑫 𝑳 ) 𝑒𝑏𝑢𝑏 𝑗𝑜𝑑𝑚𝑣𝑒𝑗𝑜𝑕 𝑔𝑏𝑙𝑓 𝑤𝑏𝑚𝑣𝑓 12

Expanded solution: Whispering with credit • Expanded solution: Using the maximum number of sending Whispers from a closer attacker to a certain vehicle while the vehicle moves the distance that the closer attacker can attack • First, calculating the attack range of a closer attacker • Second, introduction the concept “Trust credit” and application it 13

Expanded solution: 1. The attack range of a closer attacker • Four sections for the attack range of a closer attacker ⓐ ⓑ ⓒ ⓓ d W v U’’ U’ E F U K d W d W d W d W d(t u ) = v(t u +1/c) d X 14

Expanded solution: 1. The attack range of a closer attacker • Section ⓐ and ⓒ E ’s Whisper : : U ’s Whisper  E ’s Whisper  K ’s Whisper  K ’s 𝑒𝑗𝑕(𝑫 𝑭 ) 𝐽 𝐹 𝑀 𝐹 = {𝑱 𝑽 } 𝑼 𝑽 BSM K ’s Whisper : 𝐽 𝐹 , 𝑒𝑗𝑕(𝑫 𝑭 ) ⓐ ⓑ ⓒ ⓓ 𝑒𝑗𝑕(𝑫 𝑳 ) 𝐽 𝐿 𝑀 𝐿 = {𝑱 𝑭 , 𝑱 𝑽 } 𝐽 𝐿 , 𝒆𝒋𝒉(𝑫 𝑳 ) d W U ’s Whisper E ’s Whisper - 𝑒𝑗𝑕(𝐷 𝑊 ) : digest of V ’s certificate v U’ E F U - 𝐽 𝑊 : Whisper identifier (WID) of V - 𝑀 𝑊 : list of WIDs heard by V K - 𝑈 𝑊 : list of trust vehicles’ WID and digest in V K ’s Whisper - 𝑒 𝑋 : the maximum low-power beaconing d W d W d W d W distance - U, E, F, U’ : general vehicles K ’s BSM + Certificate : - K : an attacker sending the fake BSM 𝒆𝒋𝒉(𝑫 𝑳 ) 𝑔𝑏𝑚𝑡𝑓 𝑒𝑏𝑢𝑏 15

Expanded solution: 1. The attack range of a closer attacker • Section ⓑ K ’s Whisper : : Whispers of E and F  K ’s Whisper  K ’s BSM 𝑒𝑗𝑕(𝑫 𝑳 ) 𝐽 𝐿 𝑀 𝐿 = {𝑱 𝑭 , 𝑱 𝑮 } ⓐ ⓑ ⓒ ⓓ 𝑼 𝑭 𝑼 𝑭 𝑼 𝑮 𝑼 𝑮 𝐽 𝐿 , 𝒆𝒋𝒉(𝑫 𝑳 ) 𝐽 𝐿 , 𝒆𝒋𝒉(𝑫 𝑳 ) E ’s Whisper F ’s Whisper - 𝑒𝑗𝑕(𝐷 𝑊 ) : digest of V ’s certificate E F - 𝐽 𝑊 : Whisper identifier (WID) of V - 𝑀 𝑊 : list of WIDs heard by V - 𝑈 𝑊 : list of trust vehicles’ WID and digest in V K ’s Whisper K ’s Whisper K - 𝑒 𝑋 : the maximum low-power beaconing d W d W distance - E, F : general vehicles K’s BSM + Certificate : - K : an attacker sending the fake BSM 𝒆𝒋𝒉(𝑫 𝑳 ) 𝑔𝑏𝑚𝑡𝑓 𝑒𝑏𝑢𝑏 16