Mini-Project 2006

Secure positioning in vehicular networks based on

map sharing with radarsMini-Project

IC-29 Self-Organized Wireless and Sensor Networks

Csaba Árendás

Tutors: Maxim Raya Prof. Jean-Pierre Hubaux

Mini-Project 2006 2

Motivation

• Positioning– Positioning without need for strong

evidence– Navigation systems– GPS, GSM

• Secure positioning– To be sure that the position is correct– Military applications (smart bombs)

• Secure positioning in vehicular network– Collision warning– Life critical application

Mini-Project 2006 3

Problem statement – secure positioning in vehicular

networksG

PS sig

nal

[You

r pos

ition

is 1]

A

B`s map:A is at 55B is at 2

DS

RC

broadcast

signal

SignedB

yA [I am

A,

my position is 55] B

GPS signal

[Your position is 2]

GPS position 1 GPS position 2

Mini-Project 2006 4

Solution overview

• Precise distance measurement– ACC radars, relative positions

• Position authentication– Position keys

• ID authentication– Conventional cryptography– Public key cryptography

• Communication– Radar communication– DSRC broadcast radio communication

Mini-Project 2006 5

System model, assumptions

• Precise ACC radars– Precise distance measurement,– Radar communication– Vehicle's 360 degrees area is covered

• Broadcast radio communication device• TPD for each vehicle

– Contains Certificate, ID, public, private keys– Issued by CA at the police station– Given with the number plate registration– Hash, sign, verify a message, RND generation

Mini-Project 2006 6

State of the art Adaptive cruise control systems

Zone 8Zone 7Z

one

2

Zon

e 6

Zone 5

Zone 3Zone 4

1

Zone 7

Zon

e 2

Zon

e 6

Zone 5

Zone 3 Zone 4

A

B

Top left point

T

op right point

2 3

Shortest point

Mini-Project 2006 7

Zone 8Zone 7

Zon

e 2

Zone 1Z

one

6

Zone 4

Zone 8Zone 7

Zone 1Z

one

6

Zone 5

Zone 3Zone 4

Zone 8

Zon

e 2

Zone 1

Zone 5

Zone 3Zone 4

distance = PositionKey[1] A<->B

A

B

C

distance = PosK

ey[2] B<->C

Distance = PositionKey[3] A<->C

Generation of the position key - ideal case

Mini-Project 2006 8

Generation of the position key - real case

• Since the other vehicle front side figure (or other side) is not a standard the distance measurements might differ from each other

• The key length in this way is limited by the maximal distance measurement difference

]BA[dis Vehicle A Vehicle B

RADAR

RADAR

Distance measurement A->B (radar)

Distance measurement B->A (radar)

]AB[dis

)YX(cesin,C]AB[disC]BA[dis BA

AC

BC

X

Y

Mini-Project 2006 9

Generation of the position key - final solution

1t]BA[dis

Vehicle A Vehicle B

RADAR

RADAR

1t]AB[dis

yPositionKe]BA[dis]BA[dis21t t

2t]BA[dis

2t]AB[dis

Vehicle A

RADAR

Vehicle B

RADAR

1t

2t

21t t]AB[dis]AB[disyPositionKe

A’s clo

sest

point for B

B’s closest point for A

Mini-Project 2006 10

Zon

e 6

Zone 5

Zone 7

Zon

e 2

Zon

e 6

Zone 5

Zone 3 Zone 4

A

B

Cert|RND|)RND|yPositionKe(hash|Dzone|Szone|ID:ABBAB sigBAABBZoneZone

Cert|)RND|yPositionKe(hash|Dzone|Szone|ID:BAABA sigBBAAZoneZone

Neighborhood distance measurement no. 1

Neighborhood distance measurement no. 2

AAAZ RND|Szone|ID|Hello:odneighborhoAN..1

PositionKey = trunc(abs(distance measurement 1 - distance measurement 2))

Mutual neighbor authentication

Mini-Project 2006 11

Neighbor map broadcasting (DSRC)

AsigADSRCDSRC eCertificat|map|ID_AreaA

Broadcasting neighbor map thought DSRC radio channel

Neighbor mapID Zone Dis AngleID Zone Dis AngleID Zone Dis AngleID Zone Dis AngleID Zone Dis Angle

MyID MySig PubKey[A]

Sig[CA] Sig[A]

Zone 8

Left side radars

Zon

e 2

Zone 1Z

one

6

Zone 5

Zone 3Zone 4

Right side radars

Fro

nt s

ide

rada

rs

Bac

k si

de r

adar

s

DSRC

radio

channel

DSRC

radio

channel

DSRC

radio

channel

Mini-Project 2006 12

Neighbor map sharing, world map assembly

G H

B C

JI

D

K

E

F

A

Phase one: Neighbor discovery+authentication (radar)

BA

F G

A`s neighbor map ID B F GZone 1 2 2Angle alfa1 alfa2 alfa3Dis(t) dis1 dis2 dis4Dis(t+1) dis2 dis3 dis5Key key1 key2 key3

BA

F G

B`s neighbor map ID C I H G F AZone 1 2 2 3 4 4Angle alfa4 alfa5 alfa6 alfa7 alfa8 alfa9Dis(t) dis6 dis8 dis10 dis12 dis14 dis16Dis(t+1) dis7 dis9 dis11 dis13 dis15 dis17Key key4 key5 key6 key7 key8 key1

BA

F G

C

H I

F`s neighbor map ID B G AZone 8 1 5Angle alfa10 alfa11 alfa12Dis(t) dis18 dis20 dis22Dis(t+1) dis19 dis21 dis23Key key8 key9 key2

Phase two: Neighbor map sharing (DSRC)

A: Neighbor map sharing

A,B,C: neighbor discovery and authentication

B: Neighbor map sharing F: Neighbor map sharing

A`s world map A->B A->G A->F B->C B->I B->H B->G B->F F->G

Angle alfa1 alfa3 alfa2 alfa4 alfa5 alfa6 alfa7 alfa8 alfa11Dist dis1 dis4 dis2 dis6 dis8 dis10 dis12 dis14 dis20

A B

F G

C

H I

Mini-Project 2006 13

Evaluation

• Necessary sensors with minimal precision

• Effect of precision on position key length

• Position error• Effect of digital signature

computation time

Mini-Project 2006 14

Environment sensors

Optical Ultrasound Lidar Radar

Automotive

Low

ran

ge

Med

ium

ran

ge

Long

ran

ge

Ala

sca

Ala

sca

XT

Vol

ksw

agen

, 24

GH

z

Toy

ota,

76

GH

z

TR

W, 7

6 G

Hz

Dai

mle

r-C

hryr

lise

r, 7

6 G

Hz

Pre

-cra

sh, 2

4 G

Hz

Par

king

rad

ar, 2

4 G

Hz

Rad

ar n

etw

ork,

76

GH

z

Sho

rt r

ang

e, 7

6 G

Hz

Med

ium

ran

ge,

10

GH

z

Long

ran

ge, 9

4.5

GH

z

Long

ran

ge, u

p to

100

GH

z

Dis

tanc

e ra

nge

Acc

urac

y by

80

m

Dis

tanc

e ac

cura

cy

MilitaryIndustrialAutomotive

ACC Imaging

Industrial

1 cm

1 m

100 m

1 km

1 m

50 cm

10 cm

1 cm 0.1 mm

1 cm

10 cm

1 m

Ade

quat

eP

oor

50 cm

5 cm

1 mm

75 cm

25 cm

5 cm

10 cm

10 m

500 m

Mini-Project 2006 15

Effect of precision on key length

Mini-Project 2006 16

Position error

Mini-Project 2006 17

Effect of digital signature computation time

Mini-Project 2006 18

Conclusion

• Independent positioning from other systems, real ad hoc network– Precise positioning (not as distance bounding)– Scalable system

• Shared map– Containing IDs, distances, speed– Therefore location of a broadcasted emergency

message is easy, collision avoidance is possible

• Strongly valuable against attacks– Position keys– Directional antennae

Mini-Project 2006 19

Back up slides

Mini-Project 2006 20

Problem statement – secure positioning in vehicular

networks

GPS s

igna

l

Your p

ositio

n is

1

A

DS

RC

broadcast

signal

I am A

,

my position is 1 B

GPS signal

Your position is 2

GPS position 1 GPS position 2

Attack

er's

GPS s

igna

l

Your p

ositio

n is

3

A

A`s map:A is at 3C is at 4

DS

RC

broadcast

signal

I am A

,

my position

is 3

B

GPS signal

Your position is 2

B`s map:A is at 3B is at 2

GPS position 1 GPS position 2A

ttacker's

DS

RC

signal

I am C

,

my position

is 4

Mini-Project 2006 21

GPS s

igna

l

Signe

dByG

PS

[You

r pos

ition

is 1]

A

B`s map:A is at 1B is at 2

DS

RC

broadcast

signal

SignedB

yA [I am

A,

my position is 1] B

GPS signal

SignedByGPS

[Your position is 2]

GPS position 1 GPS position 2

GPS signal

SignedByGPS

[Your positio

n is 3]

A

DS

RC

bro

adca

stsi

gnal

Sig

nedB

yD [I

am

D,

my

posi

tion

is 4

]

B

GPS signalSignedByGPS

[Your position is 5]

GPS position 1 GPS position 2

Wormhole channel

Wormhole channel

Wormhole channel

Mini-Project 2006 22

Synchronized positioning and authentication

HELLO

0.000s

A

B

C

Authentication

Distance measure one

D

ST

AR

T (

DS

RC

)

Broadcast neighbor

map

0,0003 0,0003 0,0003 0,0003

0,0012s

0,0073s

50x0,0003=0,0135s

Broadcast neighbor

map

Message sign

Neighbor map signMessage verify

HELLO Authentication

HELLO Authentication

HELLO Authentication

0,0036

0,0171s

Broadcast neighbor

map

Broadcast neighbor

map

Broadcast neighbor

map

Neighbor map sign

Neighbor map sign

Neighbor map sign

0,0244s

Neighbor discovery and authenticationPhase one

Neighbor map signing and broadcastingPhase two

Position changing 0,68 m

Distance measure

two

Distance measure

one

Message sign

Message sign

Message sign

Message verify

Message verify

Message verify

Mini-Project 2006 23

Zon

e 6

Zone 5

2t

Zone 7

Zon

e 2

Zon

e 6

Zone 5

Zone 3 Zone 4

2t

A

B

BAB sigBAABBZoneZone Cert|RND|)RND|)key(trunc(hash|Dzone|Szone|ID_AB

AAAZ RND|Szone|ID|Hello_tenvironmenAN..1

ABA sigBBAAZoneZone Cert|))RND|)key(trunc(hash|Dzone|Szone|ID_BA

Neighborhood distance measurement no. 1

Neighborhood distance measurement no. 2

A`s neighbor map ID JohnDoe JohnDoe2 Zone 1 7Angle Beta omegaDis(t) dis1 dis2Dis(t+1) dis2 dis3Key trunc(key) trunc(key2)

B`s neighbor map ID JaneDoeZone 1Angle BetaDis(t) dis1Dis(t+1) dis2 Key trunc(key)

B`s neighbor map ID A Zone 1Angle BetaDis(t) dis1Dis(t+1) dis2 Key trunc(key)

Zone 8Z

one

2

Zon

e 6

Zone 5

Zone 3 Zone 4

C

2t2t

A`s neighbor map ID B JohnDoe2 Zone 1 7Angle Beta omegaDis(t) dis1 dis2Dis(t+1) dis2 dis3Key trunc(key) trunc(key2)

CAC sigCAACCZoneZone Cert|RND|))RND|)2key(trunc(hash|Dzone|Szone|ID_AC

ACA sigCCAAZoneZone Cert|))RND|)2key(trunc(hash|Dzone|Szone|ID_CA

A`s neighbor map ID B C Zone 1 7Angle Beta omegaDis(t) dis1 dis2Dis(t+1) dis2 dis3Key trunc(key) trunc(key2)

Authentication without angle communication measurement

Mini-Project 2006 24

Distance measuring the radar and the measuring surface are on one axis (ideal

case)

• Since both partners are measuring the same distance it is easy to use it as a key

• The length of the key is limited by the precision of used radars

]BA[dis Vehicle A Vehicle B

RADAR

RADAR

Distance measurement A->B (radar)

Distance measurement B->A (radar)

]AB[dis key]AB[dis]BA[dis

Mini-Project 2006 25

Distance measuring problemThe radar and the measuring

surface are not on the same axes

• The radar`s position is not on the surface of the vehicle

• The radars are embedded in the front side of the vehicle

– Exact position might differ from vehicle to vehicle

– With factory calibration this problem is solvable

]BA[dis Vehicle A Vehicle B

RADAR

RADAR

Distance measurement A->B (radar)

Distance measurement B->A (radar)

]AB[dis

]AB[dis]BA[dis

keyC]AB[disC]BA[dis BA

AC

BC

Mini-Project 2006 26

Distance measuring problemwe might measure the different

distance

• Since the other vehicle front side figure (or other side) is not a standard the distance measurements might differ from each other

• The key length in this way is limited by the maximal distance measurement difference

]BA[dis Vehicle A Vehicle B

RADAR

RADAR

Distance measurement A->B (radar)

Distance measurement B->A (radar)

]AB[dis

)YX(cesin,C]AB[disC]BA[dis BA

AC

BC

X

Y

Mini-Project 2006 27

Distance measuring problem (solution one)

closest point detectionfactory calibration is necessary

• Calibrating my most exterior point (factory calibration)

– Not easy to do it precisely since sometimes the number plate is the exterior point

• Measuring neighbors closest point

– Calculating the distance between my exterior point and between its closest point

• Theoretically works but

– What if my exterior point is changed by a little accident

– Or I use a new, different number plate

]BA[dis

Vehicle A Vehicle B

RADAR

RADAR

Distance measurement A->B (radar)

Distance measurement B->A (radar)

]AB[dis

keyC]AB[disC]BA[dis BA

AC

BC

A’s exte

rior p

ointB’s exterior point

Mini-Project 2006 28

Generation of the position key - final solution

1t]BA[dis

Vehicle A Vehicle B

RADAR

RADAR

1t]AB[dis

yPositionKe]BA[dis]BA[dis21t t

2t]BA[dis

2t]AB[dis

Vehicle A

RADAR

Vehicle B

RADAR

1t

2t

21t t]AB[dis]AB[disyPositionKe

A’s clo

sest

point for B

B’s closest point for A