Design and Implementation of Secure Vehicular Communication System VPKI

secure vehicular communication system design n.w
1 / 48
Embed
Share

"Explore the thesis on VPKI for secure VANET communication, addressing system security requirements, adversary models, and performance evaluations. Key concepts, algorithms, and methodologies are discussed to enhance the infrastructure's security."

  • Secure Communication
  • Vehicular Networks
  • Thesis
  • Security Protocols
  • VANET
rayaanacharya
mano_ir Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Secure Vehicular Communication System: Design & Implementation of VPKI (Providing Credential Management in a Secure VANET) Supervisor: MSc Thesis: Mohammad Khodaei Prof. Panos Papadimitratos LCN KTH October, 2012 1 / 38

  2. Outline Introduction Problem Statement Contribution Key Concepts Security Requirements Adversary Model Protocol Design Performance Evaluation Conclusion Future Direction 2 / 38

  3. Outline Introduction Problem Statement Contribution Key Concepts Security Requirements Adversary Model Protocol Design Performance Evaluation Conclusion Future Direction 3 / 38

  4. Introduction The life cycle of vehicles is pretty long Security has to be put in place Many attacks which could jeopardize the system performance from security point of view Mitigating unknown threats and upcoming attacks 4 / 38

  5. Problem The lack of an infrastructure Exposed to different threats and attacks Staging attacks to jeopardize users privacy and disclose confidential information Exploiting the vulnerabilities Violating the VC system security policy What to do to thwart the threats and make the system operations secure? 5 / 38

  6. Contribution Research Purpose o Design and Implementation of VPKI for the secure VC system o An infrastructure called VPKI, to enable entities communicate securely o Providing Credential Management in a Secure VC system o PKI is considered as an essential requirement to provide security services Goal o Build an artifact, using the currently available open-source PKI, OpenCA, equiped with extra protocols for VANET Methodology o Designing and Implementation of extra protocols for VANET o Using Open-Source OpenCA 6 / 38

  7. Key Concepts 7 / 38

  8. Key Algorithms and Size Entities Algorithm PCA RSA, key size: 1024-bit ECDSA, key size: 256-bit RSA, key size: 1024-bit ECDSA, key size: 256-bit RSA, key size: 1024-bit ECDSA, key size: 256-bit RSA, key size: 1024-bit ECDSA, key size: 256-bit RSA, key size: 1024-bit ECDSA, key size: 256-bit LTCA PRA Police Vehicle 8 / 38

  9. Why not normal PKI? Pseudonymity Unlinkability Unobservability User's Privacy 9 / 38

  10. Security Requirements Message Authentication and Integrity Message Non-Repudiation Privacy Anonymity Unlinkability and Unobservability Pseudonym Resolution Liability Identification, Forensics Investigation Message Confidentiality Availability, Fault-Tolerant and Robustness Scalability and Performance 10 / 38

  11. Adversary Model Localized and Selective Denial of Communication Internal Active Adversaries a. Modification and Tampering b. Forgery c. Recollecting Past Messages d. Multiple Adversarial Nodes Bounded Adversarial Presence Input-Controlling Adversary Other Adversary Models (Byzantine, Dolev-Yao (DY)) 11 / 38

  12. Related Work V-Tokens for Conditional Pseudonymity in VANETs o Resolution information is embedded in pseudonyms o Vehicle signs using its current valid pseudonym o Pseudonym information is encrypted with PK_PR o Uses separation of duties o Cooperation of a subset of RAs is required to perform pseudonym resolution 12 / 38

  13. Outline Introduction Problem Statement Contribution Key Concepts Security Requirements Adversary Model Protocols Design Performance Evaluation Conclusion Future Direction 13 / 38

  14. Protocol Design How to Request for Pseudonymous Certificates How to Request the Latest Pseudonym CRL How to Perform Pseudonym Resolution 14 / 38

  15. Obtaining Pseudonym Cert. Two Steps: a. Obtain a Token i. Vehicle queries LTCA ii. LTCA issues an encrypted Token with PCA s Public key, if it is a legitimate vehicle iii. Vehicle stores the Token for the second step b. Obtain Pseudonymous Certificates i. Vehicle sends the Token to PCA ii. PCA verified the Token locally iii. PCA issues short-term certificate 15 / 38

  16. Obtaining a Token 16 / 38

  17. Obtaining Pseudonym Cert. 17 / 38

  18. Obtaining Pseudonym CRL 18 / 38

  19. Pseudonym Resolution 19 / 38

  20. Token & Pseudonym Format Token Format Pseudonym Cert. Format Token-Type Serial No. Token-Serial No. Pseudonym Cert. Identifiable Key Token-Identifiable-Key Signer-ID LTCA-Id, PCA-Id Valid-From Valid-To EC Public key Maximum Number of Pseudonym Certificates Token Start-Time Token Expiry-Time Pseudonym Start-Time Pseudonym Expiry-Time Signature Signature 20 / 38

  21. Pseudonym CRL Format Pseudonym CRL Format Pseudonym-CRL Serial No. CRL Version PCA-Id Revoked Pseudonym-Cert. No. Revoked Pseudonym-Cert. Serial No. Time-Stamp Signature 21 / 38

  22. Binding Token to Pseudo- Cert. LTCA: o Token-Identifiable-Key = hash(Vehicle Long- Term Certificate Serial No. || Time-Stamp || Nonce) PCA: o PseuCertIdentifiableKey = hash(Token- Identifiable-Key || Pseudo-Public Key || Time- Stamp || Nonce) 22 / 38

  23. Outline Introduction Problem Statement Contribution Key Concepts Security Requirements Adversary Model Protocols Design Performance Evaluation Conclusion Future Direction 23 / 38

  24. Network Topology 24 / 38

  25. Servers & Client Spec. Servers: Processor Model Name Intel(R), Dual-Core, Xeon(TM), CPU 3.40GHz Bogomips 6782.71 RAM 8 GB Client: Processor Model Name Intel(R), Dual-Core(TM), CPU 3.00 GHz Bogomips 5960.58 RAM 2 GB 25 / 38

  26. Obtaining Token from LTCA 26 / 38

  27. Time Interval to Obtain 10 Pseudonyms 27 / 38

  28. Time Intervals for Different Operations to Obtain Pseudonym Certificates 28 / 38

  29. Time Interval to Obtain 20,000 Pseudonyms from PCA 29 / 38

  30. Time Intervals for Different Operations to Obtain Pseudonym CRL 30 / 38

  31. Pseudonym CRL File Size No. of Revoked Pseudonyms in CRL 1 10 100 1000 10,000 20,000 100,000 Size in bytes 778 bytes (778 bytes) 1.36 KB (1,398 bytes) 7.33 KB (7,507 bytes) 67.1 KB (68,723 bytes) 664 KB (680,718 bytes) 1.29 MB (1,360,714 bytes) 6.48 MB (6,800,715 bytes) 31 / 38

  32. Outline Introduction Problem Statement Contribution Key Concepts Security Requirements Adversary Model Protocols Design Performance Evaluation Conclusion Future Direction 32 / 38

  33. Conclusion Three protocols are integrated into OpenCA to provide security functionality for VANETs Improvement in compare with similar projects Linkability Privacy Pseudonym Resolution Performance evaluation shows reasonable time to obtain pseudonyms, CRL and pseudonym resolution Experiments should be done on a vehicle for a more precise result 33 / 38

  34. Future Direction Providing a PKI Trust Model in VANETs o Introducing a new PCA, LTCA and PRA o Foreign Pseudonym Certificates o Integrating Short-Term CRLs from Different PCAs Token Should be Used Only Once Mitigate the Threat of Sybil Attack o resource testing techniques, social networking approaches, radio testing, trusted certification 34 / 38

  35. Future Direction Cont. Token Verification by any PCA to Enhance Privacy Performing Reverse Pseudonym Resolution Resolving Multiple Pseudonyms in a Request Using FastCGI instead of CGI Performance and Efficiency for VANETs 35 / 38

  36. Acknowledgement 36 / 38

  37. References Secure Vehicular Communication Systems: Design and Architecture Sevecom - Secure Vehicle Communication Efficient and Robust Pseudonymous Authentication in VANET Securing Vehicular Communications - Assumptions, Requirements, and Principles V-Tokens for Conditional Pseudonymity in VANETs Intelligent Transport Systems (ITS), Security, Stage 3 mapping for IEEE 1609.2. V0.0.6 "On the Road" - Reflections on the Security of Vehicular Communication Systems Secure Vehicular Communication Systems: Implementation, Performance, and Research Challenges 37 / 38

  38. Questions Thanks for your attention! 38 / 38

  39. Obtaining Pseudonym Cert. 39

  40. OpenCA Written in C Two packages: o openca-base o openca-tools Uses Open-SSL Libraries Support Open-LDAP Web-based Interface With an Apache-style license 40

  41. Token Req-Res Format Token Request Req. Type X509 VLTC Length X509 VLTC Pseudonym Cert. No. Request LTCA-Id PCA-Id Nonce Time-Stamp Signature Token Response Req. Type Token Size Token Max No. Pseudonym Cert. LTCA-Id PCA-Id Nonce Time-Stamp Error-Info Signature 41

  42. Pseudonym Req-Res Format Pseudonym Request Pseudonym Response Req. Type Token Size Token LTCA-Id PCA-Id Location Pseudonym Cert. No Pseudonym Public-Key(s) Nonce Time-Stamp Req. Type Req. Identification LTCA-Id PCA-Id Pseudonym Cert No Pseudonym Cert. Nonce Time-Stamp Error-Info Signature 42

  43. Pseudonym CRL Res-Res Format Pseudonym CRL Request Pseudonym CRL Response Req. Type Req. Type PCA-Id CRL Size CRL Nonce Time-Stamp Error-Info Signature Current CRL Version PCA-Id Region-Id Pseudonym Cert. Length Pseudonym Cert. Nonce Time-Stamp Signature 43

  44. Obtaining Pseudonyms from PCA 44

  45. Obtaining Pseudonym CRL 45

  46. Percentage of Different Operations to Obtain 20000 Pseudonyms 46

  47. Implementation C++ OpenCA as the base implementation Installed and configured PCA , LTCA and PRA on Different Servers Libraries: o OpenSSL o Xmlrpc o MySQL o Boost-Serialization 47

  48. Time Intervals to Obtain a Token from LTCA Operations Latency in ms 4.95 ms 8.75 ms 83.6 ms 3.65 ms 100.75 ms Preparing Token Request Issuing the Token (Server Side) Entire Communication Verification and Storage of the Token Entire Operations Token Size 477 bytes Pseudonym Certificate Size Pseudonym Private-Key File Size 2.0 KB (2078 bytes) 5.0 KB (5153 bytes) 48

Related


Buy Master Kush 50g Bag Online - herbalincense24.com

Buy Master Kush 50g Bag Online - herbalincense24.com

Dorothy1
Mastering Thesis Statements for Effective Essays

Mastering Thesis Statements for Effective Essays

ramsay
Python 2 Thesis Support: Business Rules for Estimated Departure Date

Python 2 Thesis Support: Business Rules for Estimated Departure Date

romy
Thesis Template for Computer Science Master's Thesis Presentation by Jane Doe

Thesis Template for Computer Science Master's Thesis Presentation by Jane Doe

nela
Innovative Master Thesis on Improving Alzheimer's Patients' Lives

Innovative Master Thesis on Improving Alzheimer's Patients' Lives

affan
Importance of Bachelor Thesis in Computer Science Education

Importance of Bachelor Thesis in Computer Science Education

marnie
Stock Pitch Competition: Crafting a Winning Investment Thesis

Stock Pitch Competition: Crafting a Winning Investment Thesis

cillian
Exploring Thesis Writing in Government: An Informal Workshop for Prospective Writers

Exploring Thesis Writing in Government: An Informal Workshop for Prospective Writers

viva
Mastering Thesis Statements in Writing: A Complete Guide

Mastering Thesis Statements in Writing: A Complete Guide

vain926
Award-Winning Thesis Research in Health Sciences

Award-Winning Thesis Research in Health Sciences

rum_mun
Crafting a Strong Thesis Statement for Literary Analysis

Crafting a Strong Thesis Statement for Literary Analysis

sam_lo
Insights into Writing an MA Thesis

Insights into Writing an MA Thesis

mel_bus
Python Thesis Support Service Reps List Management Tool

Python Thesis Support Service Reps List Management Tool

spai_der
Strategies for Effective Thesis Development

Strategies for Effective Thesis Development

mcenaney_k
Crafting Strong Thesis Statements and Paragraphs for Effective Writing

Crafting Strong Thesis Statements and Paragraphs for Effective Writing

lyda_ir
Typical Course Sequences in Bioengineering and Engineering Master's Programs

Typical Course Sequences in Bioengineering and Engineering Master's Programs

aust_ik
Crafting a Strong Thesis Statement

Crafting a Strong Thesis Statement

rmers
Unlocking the Power of a Thesis Buddy for Academic Success

Unlocking the Power of a Thesis Buddy for Academic Success

yan_sif
Interactive Presentation Slides Showcase

Interactive Presentation Slides Showcase

touchstone_a
Automatic Extraction Model of Thesis Research Conclusion Sentences

Automatic Extraction Model of Thesis Research Conclusion Sentences

hast_re
Expository Writing: Exposition and Thesis Statements

Expository Writing: Exposition and Thesis Statements

egeur
Thesis Awards Highlights from ENPHE Conference 2020

Thesis Awards Highlights from ENPHE Conference 2020

fleener_e

More Related Content