Security of Wireless Networks in Intelligent Vehicle Systems

Similar documents
ON SECURITY OF BLUETOOTH WIRELESS SYSTEM. Pavel Kucera, Petr Fiedler, Zdenek Bradac, Ondrej Hyncica

Wireless Technologies

Authentication. Strong Password Protocol. IT352 Network Security Najwa AlGhamdi

CS 494/594 Computer and Network Security

Wireless LAN Security (RM12/2002)

Password. authentication through passwords

Real-time protocol. Chapter 16: Real-Time Communication Security

White Paper for UC, Office & Contact Center Professionals. Bluetooth Security

Authentication Handshakes

Secure Protocol For Inter-Vehicle Communication Networks

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

CSC 474/574 Information Systems Security

Wireless Security Security problems in Wireless Networks

Cryptographic Protocols 1

ECE596C: Handout #9. Authentication Using Shared Secrets. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

CSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018

Bluetooth. Quote of the Day. "I don't have to be careful, I've got a gun. -Homer Simpson. Stephen Carter March 19, 2002

On the Internet, nobody knows you re a dog.

6 Vulnerabilities of the Retail Payment Ecosystem

1. Diffie-Hellman Key Exchange

SE 4C03 Winter 2005 Bluetooth Wireless Network Technology

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

Security Analysis of Bluetooth v2.1 + EDR Pairing Authentication Protocol. John Jersin Jonathan Wheeler. CS259 Stanford University.

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

6. Security Handshake Pitfalls Contents

Cryptography and Network Security

T Cryptography and Data Security. Lecture 11 Bluetooth Security. Outline

CNT4406/5412 Network Security

Videolinq. Movi 4.0. Setup and User Guide

CSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

Security. Nelli Gordon and Sean Vakili May 10 th 2011

Linux Network Administration

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Smart cards and smart objects communication protocols: Looking to the future. ABSTRACT KEYWORDS

CIS 4360 Secure Computer Systems Applied Cryptography

Total points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Understanding TETRA Security

CIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols

CSE 565 Computer Security Fall 2018

Pass, No Record: An Android Password Manager

SSH. Partly a tool, partly an application Features:

Authentication Methods

Identification, authentication, authorisation. Identification and authentication. Authentication. Authentication. Three closely related concepts:

Endpoint Security - what-if analysis 1

Lecture Note 6 KEY MANAGEMENT. Sourav Mukhopadhyay

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Security Handshake Pitfalls

Chapter 5 Local Area Networks. Computer Concepts 2013

CS 161 Computer Security

Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing

Main area: Security Additional areas: Digital Access, Information Literacy, Privacy and Reputation

Bluetooth low energy security, how good is it? Petter Myhre Bluetooth World, San Jose March 2017

Viber Encryption Overview

WLAN Security. Dr. Siwaruk Siwamogsatham. ThaiCERT, NECTEC

Security and Anonymity

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...

For Windows Users - Meetings Best Practice Guide

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Bank Infrastructure - Video - 1

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:

Strong Password Protocols

International Journal of Computer Engineering and Applications, Volume XI, Issue XII, Dec. 17, ISSN

Outline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication

Wireless Network and Mobility

A Survey on Security Threats and Vulnerability attacks on Bluetooth Communication

CS Computer Networks 1: Authentication

[A SHORT REPORT ON BLUETOOTH TECHNOLOGY]

Securing A Bluetooth Device

Spring 2010: CS419 Computer Security

Securing Internet Communication: TLS

SECURING YOUR BUSINESS INFRASTRUCTURE Today s Security Challenges & What You Can Do About Them

Introduction: Broadcom BCM943142HM Wireless Communication Device User's Guide

Key Management and Distribution

SPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Key Management and Distribution

Overview. Terminology. Password Storage

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Graphical Authentication System

Analytics, Insights, Cookies, and the Disappearing Privacy

Cryptography III Want to make a billion dollars? Just factor this one number!

Blackjacking. Daniel Hoffman. Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise. Wiley Publishing, Inc.

Fall 2010/Lecture 32 1

Crypto meets Web Security: Certificates and SSL/TLS

OPSEC and defense agains social engineering for devels, execs, and sart-ups

Key Agreement in Ad-hoc Networks

Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1

A mechanical device. Today, a significant part of a

Biometrics problem or solution?

1 Identification protocols

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Wireless Terms. Uses a Chipping Sequence to Provide Reliable Higher Speed Data Communications Than FHSS

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

5. Authentication Contents

Wireless technology Principles of Security

GSMK CryptoPhone PSTN/1i. User Manual

Tokenisation for PCI-DSS Compliance

Transcription:

Security of Wireless Networks in Intelligent Vehicle Systems Syed M. Mahmud and Shobhit Shanker Electrical and Computer Engg. Dept. Wayne State University Detroit, MI 48202 Email: smahmud@eng.wayne.edu Phone: (313) 577-3855 Webpage: http://www.ece.eng.wayne.edu/~smahmud Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 1

Outline of the Presentation Why wireless communications? Applications of wireless communications in Intelligent Vehicles. Problems with wireless communications. Our solution for an in-vehicle wireless network. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 2

Why wireless communications? Because, no cables or wires are necessary. It s the only way, two vehicles can talk to each other when they are moving. Occupants of a vehicle can easily access internet through wireless enabled Laptops and PDAs from anywhere within the vehicle. The driver of a vehicle can easily make phone calls and control other items inside a vehicle, through a wireless enabled headset and voice activated devices. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 3

Applications of wireless communications in Intelligent Vehicles. 1. Personal Wireless Networks within a vehicle. (Internet access, fax service, phone calls using Bluetooth enabled headsets, etc.) 2. Inter-Vehicle Wireless Networks for exchanging Vehicles dynamic information. (Speed, acceleration, position, direction, etc.) 3. Wireless Networks for accessing information from the infrastructure of intelligent highways and freeways. (Road condition, lane detection, speed limit, local information about hotel/motel, weather, etc.) Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 4

Need For Inter-Vehicle Wireless Communication Links To exchange vehicles dynamic information, which is necessary in order to build Collision Warning, Collision Avoidance and Cooperative Driving systems Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 5

No Wireless System Will Work Properly Unless it is Secured If a wireless system is not secured, then it is vulnerable to many types of attacks from the hackers, such as: Eavesdropping: : Someone could record a sensitive conversation, or intercept classified information. Tampering: : Information in transit is changed or replaced and then sent to the recipient. Impersonation: : Information passes to a person who poses as the intended recipient. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 6

Why Do We Need Security for Intelligent Vehicle Networks? To protect personal information, such as fax, computer files, credit card numbers, etc. To protect inter-vehicle messages from tampering by hackers. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 7

A Bluetooth Enabled Vehicle General Motor Corporation introduced a Wireless Personal Area Network (WPAN) in its 2003 Saab 9-39 3 model car using the Bluetooth technology. In future, other companies may come up with similar networks for a vehicle. But, the security of a Bluetooth system is very weak. Thus, we tried to come up with a technique to protect the WPAN of a vehicle. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 8

Contribution of Our Paper The main contribution of our paper is the development of a security technique for the Wireless Personal Area Network (WPAN) within a vehicle. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 9

BLUETOOTH SECURITY Four different entities are used for maintaining security at the Bluetooth Link Layer: a public address which is unique for each Bluetooth device, two secret keys,, and a random number which is different for each new transaction. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 10

48-Bit Bluetooth Address The Bluetooth device address (BD_ADDR) is a 48-bit number which is unique for each Bluetooth unit. The Bluetooth addresses are publicly known, and can be obtained automatically, via an inquiry process by a Bluetooth Unit. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 11

Authentication Key and Encryption Key The secret keys are derived during initialization and are further never disclosed. The encryption key is derived from the authentication key during the authentication process. Each time encryption is activated, a new encryption key is generated. The authentication key will be more static- once established, the particular application running on the Bluetooth device decides when, or if, to change it. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 12

Link Key The authentication key is also known as the Link Key. In order to accommodate for different types of applications, four types of link keys have been defined: the combination key K AB the unit key K A the temporary key K master the initialization key K init Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 13

Initialization Key The initialization key, K init, is used as the link key during the initialization process when no combination or unit keys have been defined and exchanged yet or when a link key has been lost. It is derived from four entities: the Bluetooth address BD_ADDR B of the claimant unit, a PIN code, the length of the PIN (L), and a random number RAND A issued (and created) by the verifier Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 14

Generation of the Initialization Key when Unit B wants to establish a connection with Unit A Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 15

Unit A is Authenticating Unit B Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 16

The PIN is the Cause of Security Problems in a Bluetooth System The PIN is a 4-digit 4 number (0000 9999). For two Bluetooth devices to form an ad-hoc network (automatically( automatically), the PINs of the two devices must be same. In 50% of the devices it is always 0000, so that they can automatically form an ad-hoc network when they come close to each other. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 17

The Problem with a 4-Digit PIN Since the PIN is a 4-digit 4 number, the hackers may be able to get it using a Brute Force attack. If a user is required to manually enter a PIN, every time the user is going to use a Bluetooth device for a certain application, then it won t be convenient for the user if the PIN is very long. As a result, the security threat still remains in Bluetooth devices. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 18

How to Build a Secured In-Vehicle Wireless Network? 1. Make the PIN a very large number so that it can t t be easily obtained through a Brute Force attack. 2. Make the PIN transparent to the user so that the user doesn t t have to remember it. 3. Change the PIN from time to time so that it can t t be obtained by analyzing data recorded over a period of several communication sessions. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 19

How to Build a Secured In-Vehicle Wireless Network (contd.)? 4. Use different PINs for different in-vehicle devices (e.g. laptop, PDA, cell phone, etc.) so that PINs of other devices can t be obtained from a stolen device. 5. Don t t allow two in-vehicle devices to start a communication without being authenticated by a Gate-Way device. 6. Register all devices (to be used in the vehicle) to the Gate-Way device, so that the Gate-Way device can know who is allowed to participate in a secured communication. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 20

How to Build a Secured In-Vehicle Wireless Network (contd.)? 7. The user should be able to remove a stolen device from the list of registered devices, maintained in the Gate-Way device. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 21

Our Solution for an In-Vehicle Wireless Network We proposed to have a device, called the Network Device Monitor (NDM). The NDM is the Gate-Way device. The NDM can be installed in the dashboard of the vehicle. The NDM should be equipped with a keypad or another type of interface in order to enter a password by the users of the vehicle. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 22

Our Solution for an In-Vehicle Wireless Network (contd.) The NDM and each Bluetooth device, to be used in the vehicle, should have either a wired or infrared serial link interface. Every device, to be used in the vehicle, must be registered to the NDM via the serial link and a password protected user interface (e.g. a keypad). The device will be registered only once during its life time. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 23

Registering a Device Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 24

The Set of PINs The NDM also keeps the set of PINs that was sent to a device during the registration process. Let the set of PINs be PIN 1, PIN 2,... PIN k. Where, k >= 1. The following figure shows the contents of NDM s and Device1 s memory (for k=2) after Device1 is registered. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 25

Memory of NDM and Four Devices The following figure shows the memory contents of the NDM and four devices after the devices are registered. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 26

Authenticating a Device by the NDM Every time a device wants to participate in a secured in-vehicle communication, first the device must be authenticated by the NDM. If it is the i th session of the device after it received the last set of PINs from the NDM, then the device and the NDM will use PIN i for the authentication process. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 27

An Example of Authenticating Device1 by the NDM for the First Time Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 28

Encryption Key for Device1 and the NDM Both the NDM and Device1 will use the first PIN (24..4) to generate an Encryption Key (EK 1 1) using the Bluetooth algorithms. This Encryption Key will then be used by the NDM and Device1 to exchange all messages between them. Syntax of an Encryption Key : Ek i n (n = device number, i = session number). Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 29

Communication Between the NDM and Device2 If Device2 also wants to start a communication, the NDM and Device 2 will use the first PIN (30..5) of Device2 in exactly the same way as the NDM and Device1 did. The NDM and Device2 will generate another Encryption Key (EK 1 2), based on the PIN 30..5, to securely transfer messages between them. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 30

Communication Between the NDM and two devices Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 31

Forming a Secured Network When the NDM talks to Device1 using the encryption key EK 1 1, no other devices can understand that conversion. Similarly, when the NDM talks to Device2 using the encryption key EK 1 2, no other devices can understand that conversion. If all devices and the NDM want to form a Secured Network,, then another encryption key, called the Session Key,, is necessary. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 32

Session Key The session key will be created by the NDM. This session key will then be sent to all the devices using the encryption keys of the corresponding devices. For example, the session key will be sent to Device1 after encrypting it using EK 1 1. Similarly, the session key will be sent to Device2 after encrypting it using EK 1 2. Once all the devices received the session key, they can talk among themselves by encrypting messages using the session key. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 33

A Secured Wireless Network Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 34

The Life of a Session Key The maximum length of the life of a session key is the length of the current session. However, the NDM may decide to change the session key from time to time if the length of the session is too long. A new session key will be distributed to all active devices using the devices own encryption keys. Every new session will always start with a new session key. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 35

Leaving and Reentering a Secured Network A device can leave a secured network at any time. If the device wants to come back and join another session of the network at a later time, then the device must be authenticated by the NDM again. This time, the device will be authenticated using the second PIN of the device. The NDM and the device will use a new encryption key, derived from the second PIN, to talk to each other. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 36

Device1 Comes Back and Participates for the Second Time in a New Session Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 37

Device1 Needs Another Set of PINs Both PINs of Device1 have been used. Thus, Device1 needs another set of PINs to come back and join a future session. During the second session of Device1, the NDM will send another set of two PINs (k=2) to Device1. There after, the NDM will send a set of two PINs after every 2 (k=2) sessions. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 38

Transmission of a New Set of PINs Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 39

Disadvantages of Our Technique The NDM must have enough memory to keep all the PINs of all the devices. In a standard Bluetooth device, the previously used Link Key is used for successive authentications, but in our technique a new link key is generated using a new PIN for every new session. This may take little bit extra time to get connected to the NDM. If the NDM becomes faulty, then no device will be able to communicate with any other devices. The built-in in algorithms of Bluetooth devices may need to be changed (slightly( slightly) ) in order to implement our technique. The above disadvantages are the price that we have to pay in order to obtain security. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 40

Advantages of Our Technique Since the PINs of a device are known only to the NDM and the device itself, it is very secured. Since the PIN is very long, it is not vulnerable to the Brute Force attack. Since the PIN is secured, the encryption key (generated based on the PIN) of a device is also secured. The Session Key is sent in encrypted form. Thus, unlike the Diffie-Hellman key exchange algorithm, the exchange of our session key is not vulnerable to the Man-in in-the-middle attack. Since the system is not complicated, compared to the standard Bluetooth devices, it can be implemented at a low cost. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 41

Future Work Currently, we are developing techniques to implement secured inter-vehicle wireless links. Secured inter-vehicle wireless links are necessary to develop collision warning, collision avoidance and cooperative driving systems. Hopefully, next year we will be able to present our work related to inter- vehicle networks. Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 42

ANY QUESTIONS? Copyright 2003 by Syed M. Mahmud and Shobhit Sankar 43

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback