Cluster Oriented ID Based Multi-signature Scheme for Traffic ...

Cluster Oriented ID Based Multi-signature Scheme for Traffic Congestion Warning in Vehicular Ad Hoc Networks Bevish Jinila1 and Komathy2 1 Faculty of Computing, Sathyabama University, Chennai, India – 600119 [email protected] 2 School of Computing Sciences, Hindustan University, Chennai, India – 603103 [email protected]

Abstract. To report safety messages like traffic congestion warning in a Vehicular Ad hoc Network (VANET) vehicles communicate with each other and with the fixed Road Side Units (RSU). To ensure the messages communicated are true, message authentication plays a vital role. Since the number of incoming messages received by the RSU grows exponentially with time, delay in authentication increases. Existing batch and priority based verification schemes addresses issues like re-verification when there is a single false message. This leads to delay in authentication. In this paper, a cluster oriented ID based multi-signature scheme is proposed to overcome the delay in authentication. In this scheme, the network is clustered and each cluster holds a cluster head which is responsible for generating a multi-signature. Experimental analysis shows that this scheme incurs less delay in authentication, communication overhead and loss ratio when compared to existing approaches. Keywords: Authentication, Multi-signature, Cluster, Vehicular Ad hoc Networks.

1

Introduction

Safety and comfort on travel has become an important concern in human life. Wireless innovations help public to access internet services everywhere on travel. The present day vehicles are equipped with certain wireless devices known as On Board Unit (OBU) that enable communication between vehicles and the RSUs deployed for every one kilometer and thereby organizing a network known as Vehicular Ad hoc Network (VANET). Such feature helps the vehicles and RSU to report events like traffic congestion warning to other vehicles and thereby making them to take an alternate path to avoid congestion. Such events when not addressed immediately can lead to a great havoc in the network. Since the network is subject to varied attacks, it is mandatory to verify the authenticity of the messages received and take necessary action. When traffic © Springer International Publishing Switzerland 2015 S.C. Satapathy et al. (eds.), Emerging ICT for Bridging the Future − Volume 2, Advances in Intelligent Systems and Computing 338, DOI: 10.1007/978-3-319-13731-5_37

337

338

B. Jinila and Komathy

congestion is reported, all the vehicles involved in the event will report this message to the nearby RSU for every 100 to 300 milliseconds. The number of incoming messages in the RSU goes high when the number of vehicles reporting the event increases. This leads to an increased authentication overhead and delay. Existing approaches introduced pseudonymous public key certificates to generate and verify the signatures where each message send from a particular vehicle was verified individually. To overcome the delay, batch verification was introduced by Zhang et.al [1] where incoming messages are grouped into batches and each batch is verified for its authenticity. Since the applications in VANET are time critical applications, this scheme lead to the loss of some important messages thereby degrading the efficiency of the network. In priority based verification proposed by Subir et.al.[2] each message is assigned a priority and verification of the incoming messages is done based on the priority of the messages. This scheme of prioritization leads to the drop of more incoming messages leading to the degradation of the network. In this paper, we propose a cluster oriented ID based multi-signature scheme to reduce the authentication delay and signature size. This scheme is cluster oriented where all the vehicles travelling in the communication range of an RSU are grouped together into a single cluster and a cluster head is elected and this cluster head generates a multi signature representing all the other vehicles which is ready to report the same event. This scheme eventually reduces the delay in authentication and the signature size. The rest of the paper is organized as follows. Section 2 describes the related work of signature generation and verification. Section 3 details about the system model and the preliminaries. Section 4 describes the proposed scheme of cluster oriented ID based multi-signature scheme. Section 5 analyses the performance of the proposed scheme. Section 6 concludes the work and proposes the future ideas to enhance the work.

2

Related Work

Problems on security and privacy enhancing mechanisms in a Vehicular Ad hoc Network plays a vital role. Recently many schemes are proposed to enhance the security and privacy of communication in this network. The IEEE 1609.2 standard for VANET [3] has included the public key algorithm Elliptic Curve Digital Signature Algorithm (ECDSA) for authentication. Since the processing time is more, during heavy traffic conditions this scheme leads to increased packet loss. For applications like traffic congestion warning, where the density of the traffic is very high it is better to verify the messages by the nearby RSU than verifying by the nearby vehicle, since OBU cannot verify all the incoming messages within a short span of time. Lin et. al.[4] proposed a centralized group signature protocol which combines the features of ID based signatures. In this scheme, the time for signature generation grows linearly based on the number of revoked vehicles and this increases the delay in authentication. To overcome this limitation, Lei et. al.[5] proposed a

Cluster Oriented ID Based Multi-signature Scheme

339

decentralized group signature protocol. This scheme doesn’t rely on a tamper proof device and the RSUs are responsible to maintain on the fly groups in its communication range. Since the RSU is completely involved for group formation, a single point of failure may cause a great havoc in the network. And, since the group manager is given the authority to verify the signatures there is a possibility that the manager can be compromised. In [6], a privacy preserved authentication scheme is proposed. In both the categories, sender generates the signatures and receiver verifies it. In [7],[8]the authors proposed an RSU aided message authentication scheme where RSUs are used to verify the authenticity of all the incoming messages and to reply back. In this scheme, incoming messages are buffered by the vehicle in its local database and once when the signed packet is received from the RSU, the messages are verified. Since the incoming messages are buffered and verified, this increases the delay in authentication. To reduce the delay in authentication, Zhang et. al [1] proposed a scheme where all the incoming messages are verified in batch by the RSU. This reduces the overhead of the RSU to a greater extent but, this verification fails for Denial of Service (DoS) attacks. To overcome this limitation, Subir et.al.[2] has proposed a priority based verification scheme where messages are assigned priorities and first the verification is done for the high priority messages. This may lead to the drop of more number of medium and low prioritized messages which too can lead to a great havoc in the network. To summarize as in [9], these limitations can be overcome by a multisignature method.

3

System Model and Preliminaries

3.1

System Model

In this section, we formalize the network and the adversarial model to define the problem. a) Network Model The VANET in the metropolitan area is considered. It consists of many number of vehicles, RSUs deployed at various locations which supports the communication and TAs are assumed to be centralized. Fig 1 shows the network model considered for the proposed scheme. •

•

Trusted Authorities: The centralized TA is responsible for vehicle registration. During vehicle registration process, TA is responsible for generating and issuing secret passwords for the vehicle user. In addition, it is responsible for storing all the information regarding the vehicle user in its database for further reference. Traffic Management System (TMS):These management systems are distributed across three different zones namely south, north and central and are responsible for any occurrence of events in its zone.

340

B. Jinila and Komathy

• •

Vehicles: In order to use the applications of the network, each vehicle should be a registered user. All registered vehicles are equipped with an OBU which can communicate with other vehicles and RSU. Road Side Units: These are deployed across various locations and are responsible for communicating with the vehicles and other RSUs.

Fig. 1. Network Model

b) Attack Model The communication channel in VANET is insecure and is susceptible to various attacks. The safety applications liketraffic congestion warning are susceptible to the attacks listed below. Forging Attack: The messages communicated during regular intervals or for reporting an event can be forged by an adversary. There is also a possibility where a valid signature is generated even if the message is altered. False Signature Attack: In case of batch verification, even if one of the signatures is a false signature there is a possibility for the drop of the entire batch. This attack is difficult to be traced where if there is any problem encountered verification has to be done for the entire batch again which consumes a lot of time and resource. 3.2

Assumptions Made • • •

The task of traceability is distributed to the Traffic Management Server (TMS) distributed across various zones (North, South, and Central). During registration, the TA generates passwords for driver authentication and issues it to the vehicle user. Cluster formation and cluster head selection is based on rough a fuzzy set which is out of the scope of the paper.

Cluster Oriented ID Based Multi-signature Scheme

4

341

Cluster Oriented ID Based Multi-signature Scheme

This section briefly describes the proposed cluster oriented ID based multi-signature scheme. Initially, the network is grouped into clusters. For a perfect formation of clusters and cluster head selection, it is assumed that rough fuzzy sets are used. The cluster formation and cluster head selection is out of the scope of the paper. If the same event is to be reported by all the cluster members, the cluster center coordinates and generates a multi-signature representing all the cluster members. This signature is delivered to the RSU and the verification is done for this multi-signature. This greatly reduces the number of incoming messages and thus reduces the authentication delay. In the proposed scheme, the improved multi-signature scheme proposed by Jun [10] is adopted for signature generation and verification.This scheme is an improvement to the basic Shamir’s ID based scheme and Harari’s scheme. Table 1 show the notations used in the proposed scheme. Table 1. Notations Used Notation TA TMS RSU p,q ID H(.) M Si

Description Trusted Authority Traffic Management System Road Side Unit Prime numbers Pseudo ID Hash function SHA-1 Message Signing Key

The multi-signature scheme consists of three sections. a) Setup Let (n,e) be the public key and ‘d’ be the private key. Let H(.) be a secured one way hash function. The cluster head selects a random integer ri corresponding to signer ‘i’ and calculates as shown in equation (1),(2) and (3). ∏

mod

(1) (2)

||

(3)

Then is send to signer i. The cluster head then calculates the signing key sias shown in equation (4) and sends to the signer through a secure channel. φ

(4)

b) Signature Generation Initially, sub signatures are generated for random signer ‘i’, as shown in equation (5). (5)

342

B. Jinila and Komathy

All the sub signatures are then send to the cluster head. The cluster head computes the multi-signature as shown in equation (6), ∏ c)

(6)

Then the multi-signature computed, MS=(S,T) is send to the RSU for verification. Signature Verification Given the multi-signature MS=(S,T) for a message ‘m’, the verification is done as shown in equation (7). ∏

(7)

From the equation (7), if H(R*) = H(R) then the signature is valid.

5

Performance Evaluation

5.1

Scenario Characteristics

The mobility of the vehicles is generated using the traffic simulator SUMO. This is provided as an input to OMNET++. The scenario includes the creation of a vehicular network which varies from 10 to 100 nodes. The acceleration is taken as 10% of the maximum velocity. The minimum velocity Vmin is fixed to 20 km/hr and the maximum velocity is varied from 20 km/hr to 100 km/hr. The road structure is created with 6 junctions. The radio model used in the simulation is LAN 802.11p which provides a transmission rate of 2 Mbps and a transmission range of 1000m. The update interval for safety messages is fixed to 300 milliseconds. The total simulation time is 1000s. 5.2

Evaluation Criteria

The performance of the proposed scheme is compared with the existing schemes of batch verification and priority based verification. Analysis is done based on the authentication delay, loss ratio and communication overhead. 5.2.1 Message Authentication Delay The average message authentication delay is computed by the equation (8). In equation (8), N represents the total number of vehicles in the simulation; M is the number of messages sent by the ith vehicle. ∑

∑

∑

(8)

Fig. 2 shows the performance of the authentication delay for batch verification, priority verification and the proposed multi-signature scheme. From Fig. 2 it can be inferred that, compared to the existing batch and priority based verification schemes the proposed multi-signature scheme has less authentication delay. Even though, the number of vehicles increases, the delay in verification is less by 10% to 15% when compared to existing approaches.

Cluster Oriented ID Based Multi-signature Scheme

343

Fig. 2. Number of vehicles vs Message Authentication Delay

5.2.2

Communication Overhead

The overhead in communication is computed based on signature generation.

Fig. 3. Number of Vehicles vs Communication Overhead

All the signature generation approaches are assumed to be ID based. The safety message format adopted for the simulation is shown in Table 2.From Fig. 3 it is

344

B. Jinila and Komathy

evident that if the signatures are generated individually by all vehicles, the number of messages received by the RSU increases, and when the RSU adopts batch verification and if there is a false signature, the whole batch should be re-verified which creates an extra overhead of 10 to 50 Mbytes. In the case of priority method of verification, all the important messages are verified and loss of certain messages causes the system to re-verify the messages and creates a relative overhead of 7 to 40 Mbytes. Compared to the existing methods, since the proposed method adopts a cluster head and creates multi-signature, the overhead is relatively less from 5 to 20 Mbytes. Table 2. Format of an Unsigned Safety Message

6

Type ID

Pseudo ID

Location& Time

2 bytes

2 bytes

10 bytes

Speed 4 bytes

Event ID 2bytes

Conclusion

In this paper, the concept of multi-signatures is adopted for authentication in traffic warning application of VANET. From the analysis, it can be concluded that cluster oriented ID based multi-signature scheme has less authentication delay and less communication overhead when compared to the existing approaches. In future, the multi-signatures can be tested for other applications in VANET and an improved scheme can be proposed to increase the efficiency of the network.

References 1. Zhang, C., Lu, R., Lin, X., Shen, X.: An efficient identity based batch verification scheme for vehicular sensor networks. In: Proceedings of the 27th IEEE INFOCOM, Phoenix, AZ, USA, pp. 246–250 (2008) 2. Biswas, S., Misic, J.: A Cross-Layer Approach to Privacy Preserving Authentication in WAVE-Enabled VANETs. IEEE Transactions on Vehicular Technology 62(5) (2013) 3. IEEE Trial – Use Standard for Wireless Access in Vehicular Environments (WAVE) – Security Services for Applications and Management Messages, IEEE Std.1609.2 (2006) 4. Lin, X., Sun, X., Ho, P.-H., Shen, X.: GSIS: A secure and privacy preserving protocol for vehicular communications. IEEE Trans. Veh. Technol. 56(6), 3442–3456 (2007) 5. Zhang, L., Wu, Q., Solanas, A., Josep: A Scalable Robust Authentication Protocol for Secure Vehicular Communications. IEEE Transactions on Vehicular Technology 59(4) (2010) 6. Ming-Chin, Jeng-Farn: PPAS: A privacy preservation authentication scheme for vehicle to infrastructure communication networks. In: International Conference on Consumer Electronics, Communications and Networks, CECNet 2011 (2011) 7. Zhang, C., Lin, X., Lu, R., Ho, P.-H.: RAISE: An efficient RSU-aided message authentication scheme in vehicular communication networks. In: Proc. IEEE ICC, Beijing, China, pp. 1451–1457 (2008)

Cluster Oriented ID Based Multi-signature Scheme

345

8. Hsin-Te, Wei-Shuo, Tung-Shih, Wen: A novel RSU based message authentication scheme for VANET. In: Proceedings of the Fifth International Conference on Systems and Network Communications (2010) 9. BevishJinila, Y., Komathy, K.: A privacy preserving authentication framework for safety messages in VANET. In: Proceedings of IET Chennai 4th International Conference on Sustainable Energy and Intelligent System (2013) 10. Jun, L.V.: Improvement of an Identity Based Multi-signature Scheme. In: 4th International Conference on Computational and Information Sciences (2012)