parrots position altered random repetition of transportation signature george corser oakland...
TRANSCRIPT
PARROTSPosition Altered Random Repetition of Transportation Signature
George CorserOakland UniversityMay 23, 2013
1. Introduction: VANET Privacy
3
VANET Privacy: Scope
Privacy
MobileWirelessNetwork
VehicleSurveillan
ce
Virtue we wish to promote
Activity we wish to control System
possible to implement
Scope
VANET: Technical Standards
•Two stacks▫WSMP (Safety)▫TCP/IP (Other)
•IEEE 1609.2▫Security Services
•J2735▫DSRC Message Set
•J2945.1▫Comm. Performance (Graphic source: Kenney, 2010)
IEEE 1609.2 – Security Services
•Certificates and Certificate Authority Hierarchy
•Formats for Public Key, Signature, Certificate, and CRL
•Message Formats and Processing for Generating Encrypted Messages
•Sending Messages
•Request Certificates from the CA
•Request and Processing CRL
First non-draft version released April 2013
Jared: Trust George: Privacy
Source: IEEE 1609.2 – Security Services
SAE J2735 – DSRC Message Set
•Basic Safety Message (BSM)•Probe Vehicle Data Message (PVDM)•Traveler Information (TIM)
Image source: http://www.sae.org/exempt/misc/dsrc/docs.htm#complexType_TravelerInformation_Link0780A7A0
Basic Crypto: Vi queries LBS• i = identity (pseudo identity, actually)•Vi = vehicle with identity, i•Cert(i) = CA-(i, Vi+, validity, authority, …)
▫the digital certificate for Vi is the identity, the public key and the key’s valid date/time range
•q = query (could have used: m = message)•SigVi(q) = V-[H(q),q]
•Query Vi →LBS (q) = LBS+[ SigVi(q) , Cert(i) ]
•Reply LBS→Vi (r) = Vi+[r]
Crypto validates identities and keeps messages confidential
Properties, Techniques, Problems
•Unlinkability, pseudo IDs, key management
•Untrackability, synchronized pseudo ID change, sparsity/density of vehicle traffic
•Scalability, no solution, sparsity/density (unpublished: FLARES addresses this issue)
•Efficiency, minimize privacy message requests, efficient protocols not usually as effective
•Conditionality, distributed PKI, tends to work against unlinkability
VANET Privacy:
Properties, Techniques, Problems
•User choice, PARROTS, driver-controlled privacy may circumvent conditionality (note: other models could offer a software switch, but none in the literature have so suggested)
•Defense against collaboration, PARROTS, requires different BSM, PVM, GSM pseudo IDs
VANET Privacy: PARROTS
PARROTS: Contribution of Paper•Model for defending
against collaborative location privacy attacks in VANETs
2. PARROTS
Threat Model: Collaborative Attack
Attacker has access to both LBS and RSU
Privacy Technique: Pseudo-ID
•Real identity never broadcast▫Ensures unlinkability
•Pseudo ID changes every 5 minutes
•Key distribution and certificate revocation also open research issues
Certificate Authority
Many models use this technique
Privacy Technique: Group Leader•Vehicles travel in groups
▫Ensures untrackability•Groups serve as mix zones•Followers synchronize pseudo ID changes
(may also use silent period)•Group leader does not have privacy
Many models use this technique
PARROTS: Before Group Change
Vi and Vj drive within communication range,Vj agrees to PARROT
Vi
Vj
Original work
PARROTS: After Group Change
Vj changes group andbegins parroting Vi
Vi
Vi
Vj
Original work
PARROTS: Defeats Attack
Vj
Vi
Vi
?Both Vi and Vj send LBS requests signed by Vi, and both locations confirmed by RSUs
Vj
Problems with PARROTS Model
•Vehicles would need separate sets of pseudo IDs for safety applications. The pseudo ID for the BSM cannot be the same as the pseudo ID for the TIM (or whatever message type is used for the LBS) otherwise attacker could check for BSM
•Parrotee would need to construct maybe 5 mins worth of messages to send to LBS
•Location cannot be part of signed request•Malicious parroter could flood LBS
Basic Crypto: Vi queries LBS• i = identity (pseudo identity, actually)•Vi = vehicle with identity, i•Cert(i) = CA-(i, Vi+, validity, authority, …)
▫the digital certificate for Vi is the identity, the public key and the key’s valid date/time range
•q = query (could have used: m = message)•SigVi(q) = V-[H(q),q]
•Query Vi →LBS (q) = LBS+[ SigVi(q) , Cert(i) ]
•Reply LBS→Vi (r) = Vi+[r]
Crypto validates identities and keeps messages confidential
Conditionality Problem
•PARROTS increases the complexity of conditional privacy. If LBS kept records of all requests from Vi, and RSUs kept records of all pseudo IDs of BSMs in range of RSU, then the CA could correlate pseudo IDs to identify which was the “real” request (assuming no spoofing).
3. Simulation
Image source: http://vc.inf.h-bonn-rhein-sieg.de/?page_id=1025
Mobility Model: Manhattan• 3000 m by 3000 m • Roads every 100 m• All vehicles are on roads• Vehicle communication
range 300 m• Cars travel average 30
m/sec
Privacy Metrics
•Anonymity set size: ▫|ASi|
•Entropy of anonymity set size: ▫H(|ASi|) = Σ p(i,j) log2p(i,j)
•Tracking probability:▫Prob(|ASi| = 1)
Simulation: Python 2.7 Code# ----------------------------------------------------------------------# parrots.py# George Corser, January 28, 2013# Simulation of PARROTS, a VANET privacy model, wirtten in Python 2.7# PARROTS: Position Altered Random Repetition of Transporation Signature## See the "Main" section at the bottom of this file to change parameters.# This simulation assumes a grid of roads 100m apart on a 3000mx3000m area# ----------------------------------------------------------------------
def PARROTS(t, v, parrotee_percent, parroter_percent, seednum): # Function arguments ---------------------------------------------- # t is number of time slices. Each time slice is: comfreq = 300 ms # v is number of vehicles in simulation # parrotee_percent is the ratio of vehicles that wish to request parroting # parroter_percent is the ratio of vehicles that volunteer to be parrots # seednum is seed in random.seed(seednum) for random.randint()
continued…
Simulation: Python 2.7 Code# ------------------------------------------------------------------------ ## Step 1.a. Initialize vehicle locations# ------------------------------------------------------------------------ #for ti in range(1): # initialize vehicles at random coordinates on road grid for vi in range(v): # ----- Vehicles, Groups and Leaders ----------------------------- # if vi % 2 == 0: # if vi is even, let x be an even 100 and y be random x.append(100*random.randint(0,xmax/100)) y.append(random.randint(0,ymax)) else: x.append(random.randint(0,xmax)) y.append(100*random.randint(0,ymax/100)) xprior.append(0) yprior.append(0) xdir.append((-1)**random.randint(1,2)) # randomly select -1 or 1 ydir.append((-1)**random.randint(1,2))
continued…
continued
Simulation: Output
ti viSum(as) pep prp
Sum(pe)
Sum(pr)
Sum(pas)
Count
(pas)600 100 132 0 0 0 0 0 0600 100 132 0 100 0 98 0 0600 100 132 100 0 99 0 0 0600 100 132 100 100 99 98 103 73600 200 398 0 0 0 0 0 0600 200 398 0 100 0 195 0 0600 200 398 100 0 197 0 0 0600 200 398 100 100 197 195 364 170
PARROT-ing almost doubles AS size
Simulation: Graphed Output
Average Parrotee Anonymity Set Sizes Based on Parroter Percentage after 5 mins
Problems with simulation
•In simulation, all cars are on road. In real life cars would be in parking lots, driveways, alleys, and other places that are not roads.
•In simulation, when cars reach edge of grid they turn around and go back into the grid. In real life they would leave the grid area and perhaps new cars would enter.
•In simulation, cars are uniformly distributed. In real life they are concentrated in certain spots.
4. Conclusion
1. VANET Privacy2. PARROTS Model3. Simulation