Technology, Chennai, Tamil Nadu, India. ... pseudo id generation by the vehicles, id based signature ... elliptic curve digital signature algorithm (ECDSA) for.
Proceeding of Chennai 4th International Conference on Sustainable Energy and Intelligent System (SEISCON 2013), K.C.G College of Technology, Chennai, Tamil Nadu, India. December 12-14, 2013.
A PRIVACY PRESERVING AUTHENTICATION FRAMEWORK FOR SAFETY MESSAGES IN VANET Y. Bevish Jinila, Research Scholar, Faculty of Computer Science and Engg, Sathyabama University, Chennai. K. Komathy, Professor, Department of Computer Science and Engg, Easwari Engg College, Chennai. Keywords: Authentication, privacy preservation, group preservation schemes related to vehicle id. So, user privacy signatures, pseudonyms, id based signatures.
here we mean the privacy of the vehicle id and not the driver id.
Abstract
The IEEE trial use standard [4] provides a detailed description for security services in vehicular network. The security architecture of IEEE 802.11p has incorporated the elliptic curve digital signature algorithm (ECDSA) for authentication. Table 1 shows the message format for safety messages used by the trial standard where a 125 bytes certificate and 56 bytes ECDSA signature for every 69 byte message is used for authentication and no pseudo id is provided for privacy preservation. The signature generation for authentication uses any cryptographic operations and privacy preservation requires the generation of pseudo identities. And, it is essential that the identities should be conditionally traceable by the authorities in case of any dispute. The generated signature has to be verified by the receiver to confirm the legitimacy of the sender. So, it is mandatory to have a signature verification scheme that verifies a collection of signatures within a short period of time. And, the privacy of the user is preserved due to the use of pseudo identities. Table 1: Safety Message Format
In Vehicular ad hoc networks, security and privacy are the major concerns. A single point of failure may cause great havoc in the network for safety related applications. In this paper, we analyse the recent trends in authentication and privacy preservation based on the signature size, verification time and anonymity. Our investigation shows that the id based signatures are suitable for VANET based safety applications due to its reduced signature size. And, the usage of pseudo identities with id based signatures provides a better solution for privacy preservation. Based on this we propose a framework for privacy preserving authentication which includes key generation by the trusted authority, distribution of keys to the registered vehicles, driver authentication, pseudo id generation by the vehicles, id based signature generation and priority based verification for prioritized messages and batch verification for non-prioritized messages.
1 Introduction Vehicular Ad hoc Network (VANET) enables the vehicles to communicate with each other and with the fixed Road Side Units. In VANETs, each vehicle is equipped with an On Board Unit (OBU) communication device to make the Vehicle to Vehicle and Vehicle to Infrastructure communication possible. In addition, there is a Centralized Authority (CA) who is responsible for the registration and renewal of the vehicles. The IEEE802.11p standard is utilized by this network and it offers a variety of services including both safety and non-safety applications. Though the network offers safety and comfort to the public, there may be a situation where these safety messages can be compromised by an adversary where by the id of the vehicle can be revealed. So, security and privacy is an important concern in VANETs. One of the important security requirements is authentication. When not addressed properly it leads to impersonation attack. An adversary can impersonate some legitimate user to send improper safety messages to its peers which enables improper utilization of network resources. When authentication is addressed it is mandatory that the privacy of the user is preserved. We assume that user privacy relates to the privacy of the driver and the privacy of the vehicle. So, it can be the preservation of the driver id and the vehicle id. We denote the user privacy as U= (Did, Vid) where Did is the driver id and is the Vid vehicle id. In this paper we analyse the privacy
Protocol Version
Type
Message
Certificate
Signature
1 byte
1 byte
67 bytes
125 bytes
56 bytes
In this paper, we have analysed the recent solutions for authentication and privacy preservation for safety messages. Section 2 gives a detailed description of the related works towards authentication and privacy preservation. In section 3, analysis of various schemes based on signature size, signature verification time and anonymity are presented. Section 4 describes the framework proposed for privacy preserving authentication. And, section 5 concludes the work.
2 Related Works The source of the message origin is checked for its authenticity by the receiver. During signature verification, to preserve the privacy of the user, it is required that the id of the vehicle should not be revealed. According to the analysis, the schemes can be categorized based on group signatures, pseudonymous certificates, anonymous certificates based on public key infrastructure and id based signatures. Increased signature size creates overhead and there by increases the verification time. And, the id of the vehicle should not be revealed while checking authenticity. So, the
Proceeding of Chennai 4th International Conference on Sustainable Energy and Intelligent System (SEISCON 2013), K.C.G College of Technology, Chennai, Tamil Nadu, India. December 12-14, 2013.
key factor for authentication is the signature size and anonymization of the source vehicle id. Based on the key factors like signature size, verification time and anonymity the recent solutions are analysed.
2.1 Group Signatures In this scheme, a member of the group can sign a message on behalf of the group. This member remains anonymous in the group. But, a group manager can reveal the actual identity of the member. The scheme proposed in [14] uses a group signature based technique which provides conditional privacy without pseudonym change. This is a centralized group signature protocol which also combines the features of id based signatures. Based on the number of revoked vehicles, time for signature verification grows linearly and the Verifier Local Revocation (VLR) procedure becomes time consuming like Certificate Revocation List (CRL) in Public Key Infrastructure. The scheme in [8] has proposed a decentralized group signature protocol. The challenges like certificate distribution and revocation, limiting the amount of communication and computational bottleneck. This scheme doesn’t strongly depend on any tamper proof device. In this approach, RSUs are used to maintain the on the fly generated group within their communication range. The limitation with this approach is that when a particular Road Side Unit (RSU) fails, the vehicles moving in that area will be heavily affected. If there is an emergency situation to be communicated, a single point of failure can cause a great havoc to the vehicular applications.
RSUs. In case, if two messages are received with the same hash at a particular time, the RSU checks if any Sybil attack has happened. If it’s not sure, it confirms with the authority to check whether it is a Sybil attack or not. Though, this scheme has an efficient hash mechanism to check the abusing of pseudonyms, the limitation with this approach is that it incurs a lot of computation and storage overhead. The RSU has to store the fine grained values of all the vehicles. And, each vehicle should store a collection of pseudonyms generated by the authority and use it when required which incurs more storage overhead. Lu et. Al [9] have proposed an approach ECCP (Efficient Conditional Privacy Preserving Protocol). Anonymous keys are retrieved from the RSU to prevent the vehicles being traced and it is based on elliptic curve cryptography. This scheme requires the effective distribution of the RSUs, Since, RSUs are prone to attacks, it cannot be completely trusted. Also, this scheme doesn’t suggest any efficient revocation scheme. Sun et. al. [16] proposes solutions for revocation of anonymous certificates. This scheme fully relies upon the RSU. Since RSUs cannot be fully trusted as they are installed in the roadside they are vulnerable to compromise attack. So, such schemes are susceptible to malicious attacks and would be expensive. Authors in [8,13] proposed solutions for preserving the privacy by changing pseudonyms at mix zones like social spots. In [10], self-delegation of pseudonym generation is proposed where the authorised anonymous key is provided by the TA to the user during its registration.
In this category of group signatures, group formation and selection of a group leader becomes an important issue.
Authors in [13] claim that simple pseudonym change is not enough for privacy preservation using multi hypothesis tracking and kalman filters.
2.2 Pseudonymous Certificates
2.3 Public key Certificates
If the id of the vehicle is disclosed, there is a higher probability that the privacy of the user cannot be preserved. Certain authors have proposed the use of pseudonyms. These are alternate identifiers generated by the certificate authority during vehicle registration or renewal. This can be used to hide a vehicle’s unique identity. So, when a vehicle needs to report an event, it randomly picks one pseudonym and signs it using public key cryptography. This makes a third party difficult to track the vehicle simply by observing the pseudonym it uses. So, with this the privacy can be preserved.
This scheme is a widely accepted solution. The security architecture developed by VSC (Vehicle safety and communication) Project uses a PKI based approach for securing messages. However, it doesn’t address any privacy issues. Several works were based on this approach. This scheme gives rise to extra communication and storage overhead. The Certificate Revocation List (CRL) produced by the trusted authority will become huge in size. When a vehicle validates a certificate, it checks whether the sender is revoked by the certificate authority. If not, it validates the message. Also, they fail to satisfy the limited time requirement of vehicular communication applications.
Calandriello et. al. [1] proposed the generation of pseudonyms by the vehicle itself on the fly. Their approach combines the features of both pseudonyms and group signatures. Tong et. al. [12] proposed a pseudonym based scheme using two level hashing to thwart Sybil attacks and there by preserving the privacy of the user. Set of pseudonyms are assigned to a vehicle during its yearly registration with the Department of Motor Vehicle. Two stage hashing is done to obtain the coarse and fine grained values. The corresponding coarse and fine grained hash values are alone stored with the authority. The fine grained hash is also distributed to all
The IEEE 1609.2 [4] has proposed the use of ECDSA (Elliptic Curve Digital Signature Algorithm) for vehicular network authentications. This is a public key approach of digital signatures. ECDSA incurs more processing delay at the receiver’s side. Though the delay may be in order of certain milliseconds, there may be a possibility for the messages being discarded during heavy traffic conditions. Sensitive safety messages when discarded causes a great havoc in vehicular network.
Proceeding of Chennai 4th International Conference on Sustainable Energy and Intelligent System (SEISCON 2013), K.C.G College of Technology, Chennai, Tamil Nadu, India. December 12-14, 2013.
The authors in [6] have proposed a protocol ABAKA which is based on the elliptic curve cryptography for authentication. They have also proposed the pseudo identities for privacy preservation. The authors have compared their results with ECDSA and it is shown that ABAKA has less signature size and less verification time when compared to ECDSA. But, this scheme is suitable for value added services and the authors have not mentioned the use of their protocol for safety message communication.
Signature Algorithm) is used in combination with Id based signature. For privacy preserving authentication, all the vehicles are assumed to have a common identifier. This common identifier is selected based on the common geographical area of all participating vehicles within a communication range. In this scheme, priority based message verification is done based on the MAC layer priorities where emergency messages are given higher priorities. In this scheme, though identities are anonymized by providing a common identifier, conditionally it cannot be traced on dispute.
Xiaolei et.al [15] has proposed the use of CA based public key cryptography approach which is based on the technique of on path onion encryption which allows the message to be re encrypted during their transmission from source to destination in multihop mode. This enhances the privacy of the scheme. Compared to classical PKC, in this scheme the users maintain the partial public keys by themselves. The limitation with this scheme is the increased delay which is unsuitable for safety message services.
Based on factors like signature size, verification time and anonymity, the recent solutions based on group signatures, id based signatures, pseudonyms and anonymous certificates based on public key infrastructure are analysed.
2.4 Id based signatures
3.1 Signature Size
Id based schemes use publicly known id strings like user names or user ids to represent an individual and to be used as a public key, instead of digital certificates used in Public Key Infrastructure. It involves users and a Private Key Generator (PKG) having a master public/secret key pair. This PKG is responsible for generating private keys for the user. Any pair of users can communicate with each other securely without exchanging private and public keys and without using the services of the third party. This feature reduces the complexity of generating certificates.
For any communication to be secure, it is essential that the source of the message origin should be authenticated to the receiver. Any authentication done requires the generation of a signature at the source side. It is essential that the size of the signature should be probably small to have a quick verification time and less delay for reception.
Boneh and Franklin [3] introduced the first and efficient Id based encryption scheme based on bilinear pairings on elliptic curves. The security of these signatures is based on the assumption that the bilinear maps chosen are one way functions. It means, it is easy to calculate the result but, it is difficult to inverse. This feature is called Bilinear DiffieHellman Assumption. This scheme eliminates the need for a Certificate Revocation List (CRL) and reduces the transmission overhead.
3 Analysis Based on Various Factors
Accordingly, the schemes provided by varied authors are analysed. From table 2, it is evident that the signature size of [14], [8] are high and are based on group signatures. So, it can be known that higher the signature size, higher will be the computational overhead. Table 2: Comparison of the signature size Signature Techniques Size (Bytes) Lin et. al [14] 201 Lu et. al [9]
189
Jinyuan Sun et.al [5] have used threshold based signature scheme for authentication and Pseudonym for user privacy.. This scheme also uses group signatures with id based techniques to satisfy the security requirements. Since, group signatures create more computational overhead this scheme will not be suitable for safety applications in vehicular network.
Lei et. al [8]
368
WAVE 1609.2 [4]
182
Jiun et. al. [6]
84
Jinyuan et. al [5]
43
Sun et. al [16]
66
Kyung Shim [7] has proposed an efficient conditional privacy preserving scheme. In this scheme, each message send from the vehicle is mapped to a distinct pseudo identity. This scheme uses a tamper proof device for storing the master secret and the MapToPoint function used by Zhang et. Al [2] is replaced. Though, the master secret is not stored in the tamper proof device for a long time, it is known that such tamper proof devices can be easily cracked by side channel attacks. This becomes a major drawback for this approach.
Kyung-Ah Shim [7]
60
Subir Biswas [11]
56
Subir Biswas and Jelena Misic [11] have proposed a cross layer approach to privacy preserving authentication. In their scheme, a variation of ECDSA (Elliptic Curve Digital
The signature size of the schemes proposed by [9] and [16] are pseudonymous based. The signature size of scheme [9] is considerably high and the one proposed by [16] is quite low. Since, these pseudonymous certificates require the maintenance of revocation list handling a huge revocation list is critical for VANET based applications. The schemes proposed by [6] and [4] are PKC based. These schemes employ ECDSA and improved ECDSA for their schemes. Though, the signature size becomes evident in
Proceeding of Chennai 4th International Conference on Sustainable Energy and Intelligent System (SEISCON 2013), K.C.G College of Technology, Chennai, Tamil Nadu, India. December 12-14, 2013.
[7], it is known that handling huge revocation lists becomes difficult. The schemes proposed by [5], [7] and [11] are id based and the signature size is less when compared to other schemes. And, this approach will be better for VANET based applications due to its reduced signature size and nonrequirement for a certificate revocation list.
3.2 Signature Verification For applications like safety messaging in VANETs, it is mandatory that the time taken for signature verification should be less. Table 3: Verification Schemes Techniques
Verification Schemes
issued during vehicle registration. It generates a set of coarse grained and fine grained group of pseudonyms as follows, ��pl | kc τm
(1)
��pl’ | kc Θn
(2)
Where τm is equation (1) is the set of coarse grained group of pseudonyms and Θn in equation (2) is the set of fine grained group of pseudonyms which is assigned to each vehicle. The TA stores the (τm | Θn) as the vehicles secure plate number. This incurs more computation and communication overhead. RongXing Lu et. Al [10] has proposed the self-delegation of pseudonym generation by the vehicle itself. This paper addresses the issue on changing the pseudonyms at social spots to preserve the privacy of the user but doesn’t address any verification schemes.
[14],[8],[6],[7],[9]
Batch
4. Framework
[5],[16]
Random
[11]
Priority
As VANET based safety applications are time stringent, it is known that reduced signature size and fast verification works well. Also, the privacy of the user must be preserved. We propose a new framework which includes id based signatures and quicker verification approach for prioritized messages and batch verification for non-prioritized messages. Figure 1 shows the secret key distribution by the Trusted Authority.
Table 3 shows the categories of verification schemes which include random, batch and priority based verification. Random verification of signatures, leads to random verification attack. Batch verification is an efficient way of assuring the trust for multiple messages received in a unit time. But, there is a possibility for false signature attack. To reduce the verification time and to handle the safety messages without loss, the authors in [11] has proposed a priority based verification based on cross layer approach where the prioritized messages are identified using MAC layer priorities. In this case, there is a possibility for the drop of non-prioritized messages.
Trusted Authority
V1 Generation of Secret Keys Ki
V2
Vn
3.3 Privacy Though suitable mechanisms are available to ensure the security of the system, it is desirable that the privacy of the user should be preserved. So, it is essential to anonymize the id of the user. Anonymization techniques like k-anonymity can be used for privacy preservation, by anonymizing the id of the vehicle, but conditional traceability is difficult. Also, the authors in [11] have proposed the use of pseudo identities which is the use of a common id like the id of the RSU or a common geographical location. This scheme of generating pseudo identities is too conditionally untraceable. Using group signatures and public key cryptosystem alone doesn’t satisfy the concept of privacy. Authors in [9, 16] adopt the generation of pseudonymous certificates where any revocation of certificates requires a revocation list to store the certificates. When revocation list becomes huge, it becomes difficult to handle. One method proposed by Zhang et.al [2] for pseudo id generation is referred by [6, 7]. The other method proposed by Tong et.al [12], uses a 2 stage hashing for pseudonym generation. The pseudonym is generated by the TA and is
Figure 1: Secret Key Distribution
4.1 Steps 1. Secret key generation by the TA using its master secret ‘α’. 2. Generated secret key Ki is distributed to the registered vehicles. 3. A password is generated for each vehicle and issued to the driver for the purpose of driver authentication. 4. At the start of a trip, after diver authentication vehicles generate their list of pseudo id’s required for a trip. 5. Using the pseudo id, signatures are generated based on id based signatures. 6. The generated signature is send to the destination with the message. 7. In the destination, the received message is checked for priority. 8. Signature verification is done. 9. Decision to accept/reject. 10. Take necessary action.
Proceeding of Chennai 4th International Conference on Sustainable Energy and Intelligent System (SEISCON 2013), K.C.G College of Technology, Chennai, Tamil Nadu, India. December 12-14, 2013.
TA
SOURCE VEHICLE
Secret Key Generation Pseudo id generation
DESTINATION VEHICLE/ INFRASTRUCTURE
Signature generation Priority Check
Signature Verification
Accept/ Deny
Message
Driver Authentication
Figure 2: Privacy Preserving Authentication Framework As shown in figure 2, this framework includes a new feature, driver authentication to avoid vehicle theft. And id based signatures are employed to make signature generation and verification easier.
5. Conclusion and Future Work In this paper, various schemes related to privacy preserving authentication in vehicular networks are analysed. The solutions are surveyed based on the level of security provided by the technique, signature size, privacy provided and the time required for signature verification. Based on the analysis, it is evident that id based signatures are suitable for VANET applications since they incur less computational overhead and less signature size. These signatures can be used as a best solution for authentication and in order to preserve the privacy of the source of message origin it is mandatory to use pseudo identities. In addition, to avoid vehicle theft, a driver authentication module is introduced. We conclude that this framework makes a better secure and privacy preserved VANET. In future, we will experimentally analyse our approach and extend our work towards the generation of new signature schemes that incurs less signature size, the relationship between the id of the vehicle and the driver id and the privacy preserving schemes for driver privacy.
References [1] Calandriello. G, P. Papadimitratos, J.P. Hubaux and A.Lioy, “Efficient and Robust Pseudonymous Authentication in VANET”, Proc. 4th ACM Int. Workshop VANRT, Montreal, QC, Canada, pp. 19-28, Sept 2007. [2] C. Zhang, RongXing Lu, Xiadong, Pinhan and Shen, “An efficient identity based batch verification scheme for vehicular sensor networks”, IEEE INFOCOM, 2008. [3] D. Boneh and M. Franklin, “Identity based encryption from the Weil pairing, “SIAM Journal of Computing, volume 32, No. 3, pp. 586-615, 2003. [4] IEEE Trial – Use Standard for Wireless Access in Vehicular Environments (WAVE) – Security Services for Applications and Management Messages, IEEE Std. 1609.2, July 2006.
[5] Jinyuan Sun, Chi Zhang, Yanchao Zhang, and Yuguang Fang, “ An Identity based Security System for User Privacy in Vehicular Adhoc Networks”, IEEE Transactions on Parallel and Distributed Systems, volume 21, No. 9, September 2010. [6] Jiun-Long Huang, Lo-Yao Yeh, and Hung-Yu Chien, ABAKA: An Anonymous Batch Authenticated and Key Agreement Scheme for Value-Added Services in Vehicular Ad Hoc Networks, IEEE Transactions On Vehicular Technology, volume 60, NO. 1, January 2011. [7] Kyung-Ah Shim, “CPAS: An Efficient Conditional Privacy Preserving Authentication Scheme for Vehicular Sensor Networks”, IEEE Transactions on Vehicular Technology, volume 61, No.4, May 2012. [8] Lei Zhang, Qianhong Wu, Agusti Solanas, Josep, “ A Scalable Robust Authentication Protocol for Secure Vehicular Communications”, IEEE Transactions on Vehicular Technology, volume 59, No. 4, May 2010. [9] R. Lu, X. Lin, H. Zhu, P. Ho, and X. Shen, “ECPP: Efficient conditional privacy preservation protocol for secure vehicular communications,” in Proc. IEEE INFOCOM, Apr. 2008, pp. 1229–1237. [10]RongXing Lu et.al, “Pseudonym changing at social spots: An effective strategy for location privacy in VANETs”, IEEE Transactions on Vehicular Technology, volume 61, No. 1, January 2012. [11]Subir Biswas and Jelena Misic,” A Cross-Layer Approach to Privacy Preserving Authentication in WAVE-Enabled VANETs”, IEEE Transactions on Vehicular Technology, volume 62, No.5, June 2013. [12]Tong Zhou, Romit Roy Choudhury, Peng Ning, Krishnendu Chakrabarty, “ Privacy Preserving Detection of Abuses of Pseudonyms : Sybil Attacks Detection in Vehicular Ad hoc Networks”, IEEE Journal on Selected Areas in Communication, volume 29, No. 3, March 2011. [13] Wiedersheim. B, Ma Z, Z. Kargi, F. Papadimitratos, “Privacy in Inter Vehicular Networks: Why simple pseudonym change is not enough”, Seventh International Conference on wireless on-demand network systems and services (WONS) 2010. [14] X. Lin, X. Sun, P.-H. Ho, and X. Shen, “GSIS: A secure and privacy preserving protocol for vehicular
Proceeding of Chennai 4th International Conference on Sustainable Energy and Intelligent System (SEISCON 2013), K.C.G College of Technology, Chennai, Tamil Nadu, India. December 12-14, 2013.
communication,” IEEE Trans. Veh.Technology, volume 56, no. 6, pp. 3442–3456, Nov. 2007 [15] Xiaolei Dong, Haojin Zhu, Zhenfu, Licheng, “An efficient privacy preserving data forwarding scheme for service-oriented vehicular adhoc networks”,IEEE Transactions on Vehicular Technology, volume 60, No. 2, February 2011. [16]Y. Sun, R.Lu, X. Lin, X.S.Shen and J.Su,” An efficient pseudonymous authentication scheme with strong privacy preservation for vehicular communications”, IEEE Transactions on Vehicular Technology, volume 59, No. 7, pp. 3589-3603, Sept 2010.
BIOGRAPHY Y. Bevish Jinila is presently Assistant Professor in the Department of Information Technology, Sathyabama University, Chennai, India. She obtained her master degree from Anna University, Chennai and she is currently pursuing her research in the Faculty of computer science and engineering, Sathyabama University, Chennai. Her research interests include privacy and security in VANETs.
Komathy K graduated from Madras University, India in 1982, obtained her Master and Doctorate degree in Computer Science and Engineering from Anna University, India. She acquired her expertise from serving in Industry, academic and research. Her recent publications of about 50 research papers are based on wired and wireless networking, network security, social networking and artificial intelligence. Under her supervision, six students are pursuing their Doctorate degree. She has also received a research fund from AICTE India, for monitoring air pollution of metro roads using VANET.
