Scalable privacy-enhanced traffic monitoring in vehicular ad hoc networks

Size: px

Start display at page:

Download "Scalable privacy-enhanced traffic monitoring in vehicular ad hoc networks"

Hope McCoy
6 years ago
Views:

1 Scalable privacy-enhanced traffic monitoring in vehicular ad hoc networks Yi Liu1,2,3 Jie Ling 1 Qianhong Wu4,6 Bo Qin5 Presented By Khaled Rabieh

2 Introduction & Problem Statement In traffic monitoring systems, vehicles need to send traffic reports to traffic management center to obtain global view of the traffic conditions. If vehicles use their identities, this will degrade the privacy of the reporting vehicles If the identities of vehicles are hidden, insider attackers (vehicles) can misbehave and abuse the network. So malicious vehicles need to be traced and punished. However revealing the identify of a vehicle by only one party can be a problem. One party can misbehave and use its credentials to reveal the identities of even honest vehicles.

3 Main Objectives of the paper privacy-enhanced traffic monitoring hide the identity of the reporting vehicles from external attackers, malicious vehicles and compromised RSUs. Scalable Traceability misbehaving vehicles abusing the privacy mechanisms can be jointly traced by the semi trusted vehicle management authorities

4 Network Model A number of vehicle management (VM) authorities One traffic monitoring (TM) center A number of RSUs located at critical points of the road Vehicles moving on the road Vehicles need to send traffic reports to the TM in securely and priva

5 Network Model, Continue VM: The responsibility of the VMs consists of two aspects. Enroll (Register) the vehicles that are joining the system. Trace the maliciously behaving vehicles. The system will work if a threshold of VMs are available. Traffic monitoring center collect and validate the traffic reports in VANET The TM obtains a global view of the traffic in the current time and provides arguments for real time traffic management decisions. RSUs Serve as a router to relay the received traffic report to the TM (and VMs if the tracing procedure is invoked).

6 Attack Model Protecting the privacy od the vehicles against Who? All Vehicles are not trusted A single VM is not trusted, but a threshold number of the VMs are assumed to be trustable RSUs are not trusted Securing the traffic reports Vehicles should not know other vehicles reports

7 Has a global traffic view Jointly register and trace vehicles Anonymous authentication decipher encrypted report Sign it again using scnor signature Sign the report Encrypt the report

8 High level System Architecture The VMs jointly play the role of the group manager of the MLGS scheme to set up the system and manage the vehicles. Vehicles send authentic and anonymous reports to RSUs using MLGS, RSUs relay the reports to the traffic management center. The RSUs distributively serve as the verifiers of the MLGS scheme to validate the anonymous reports of vehicles The do not know the exact identities of the vehicles. RSUs forward the vehicles to the TM The tripartite Joux protocol is incorporated to guarantee that the traffic reports are only readable by the originating vehicles, intended RSUs and the TM The vehicles generate a onetime session key with the intended RSU and the TM to encrypt the report using an efficient symmetric cryptosystem The unforgeability and traceability of the MLGS scheme assure that the vehicle generated reports are authentic and traceable

9 Schnorr signature Multiplicative Group G r v =g s y e = g (k xe) *(g x ) e = g (k xe+xe) =g k e v = H(M r v ) = H(M g k ) =e Zero Knowledge Proof is the same without a message

10 Joux tripartite Diffie Hellman key agreement The protocol allows three parties, say, Alice, Bob and Carol to negotiate a common secret key only known to the participants in one round. Let g 1, g 2 be generators of bilinear groups G1,G2, respectively and g 1 = φ(g 2 ). To negotiate a secret key K, Alice randomly chooses x 1 Z p and publishes g x1 1 ; Bob randomly chooses x 2 Z p and publishes g x2 2 and Carol randomly chooses x 3 Z p and publishes g x3. 2 The three participants can share a common secret session key K = e(g1, g2) x1x2x3

11 Shamir s secret sharing scheme A dealer picks a polynomial f (α) of degree at most n 1 at random, whose free term is the secret η, that is, f (0) = η. The polynomial f (α) can be written as Secret a 1,..., a n 1 Z p are randomly chosen. Each shareholder k is assigned a known index i {1,..., N} and the dealer privately sends to shareholder i a share η i = f (i ). We need minimum 3 (k) points to determine a polynomial function of degree 2 (k 1). (X 2 )

12 Message linkable group signature (MLGS) How it works? Each group member anonymously signs on any message on behalf of the group. If the member sign on the same message multiple times, then anyone can find that these signatures are originated from the same signer The group manager can reveal the identity of the group member if needed Used to guarantee the anonymity, authentication of vehicle s reports sent from the vehicles to the RSUs

13 Vehicle Registration A vehicle V contacts n out N vehicle management authorities Vmi for the registration The vehicle generates public private pair for itself and runs zeroknowledge proof protocol to proof to the VMs that it has the corresponding private key. VMs verify the proof of knowledge of the private key and then each VM generates a partial certificate to the vehicle using MLGS. A vehicle certificate is valid only if it receives all the parts from all the VMs

14 Traffic Report Vehicles encrypts and signs a traffic report has the following format and sends it to the RSU Message Group Signature The RSU decrypts the traffic report using its derived K session key It, then validates the group certificate using the group manager s public key The RSU verifies the signature without knowing the identity of the vehicles

15 Detailed steps, Cont. It signs a group of reports using Schnorr signature. It then forwards the signed reports to the TMC. TMC The TMC verifies the Schnorr signature of the reports. The TMC deciphers the reports using the derived session key K. It then, can make real time global traffic guidance decisions.

16 Scalable Tracing Any n vehicle management authorities VM i for i A can jointly does this work. Each VM i computes e(σ 1,U i ). look up its local database to check wether there exists (V,U) such that e(σ 3, g 2 ) = e(σ 1,U).

ENEE 459-C Computer Security. Security protocols

ENEE 459-C Computer Security. Security protocols ENEE 459-C Computer Security Security protocols Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public.