Security, privacy and protection in different VANET applications

Mario Gerla

Vehicular application and security requirements - Outline

• VANETs Introduction• VANET Applications

– safe navigation (sensor =>actuator) – minimal (other speaker will focus on this)

– content distribution/uploading– collaborative markets, etc– urban sensing (Mobeyes)

• Threat model and different privacy/security/protection requirements

What is a VANET?

Penetration will be progressive (over 2 decades or so)

Vehicular communications: why?

Most of these problems can be solved by providing appropriate information to the driver or to the vehicle

Urban “opportunistic” vehicle ad hoc networking

From Wireless toWired networkVia Multihop

Opportunistic piggy rides in the urban meshPedestrian transmits a large file in blocks to passing cars,

bussesThe carriers deliver the blocks to the hot spot

Car to Car communications for Safe Driving

Vehicle type: Cadillac XLRCurb weight: 3,547 lbsSpeed: 65 mphAcceleration: - 5m/sec^2Coefficient of friction: .65Driver Attention: YesEtc.

Vehicle type: Cadillac XLRCurb weight: 3,547 lbsSpeed: 45 mphAcceleration: - 20m/sec^2Coefficient of friction: .65Driver Attention: NoEtc.

Vehicle type: Cadillac XLRCurb weight: 3,547 lbsSpeed: 75 mphAcceleration: + 20m/sec^2Coefficient of friction: .65Driver Attention: YesEtc.

Vehicle type: Cadillac XLRCurb weight: 3,547 lbsSpeed: 75 mphAcceleration: + 10m/sec^2Coefficient of friction: .65Driver Attention: YesEtc.

Alert Status: None

Alert Status: Passing Vehicle on left

Alert Status: Inattentive Driver on Right

Alert Status: None

Alert Status: Slowing vehicle aheadAlert Status: Passing vehicle on left

DSRC*/IEEE 802.11p : Enabler of Novel Applications

• Car-Car communications at 5.9Ghz

• Derived from 802.11a • three types of channels:

Vehicle-Vehicle service, a Vehicle-Gateway service and a control broadcast channel .

• Ad hoc mode; and infrastructure mode

• 802.11p: IEEE Task Group that intends to standardize DSRC for Car-Car communications

* DSRC: Dedicated Short Range Communications

F o r w a r d r a d a r

C o m p u t i n g p l a t f o r m

E v e n t d a t a r e c o r d e r ( E D R )

P o s i t i o n i n g s y s t e m

R e a r r a d a r

C o m m u n i c a t i o n f a c i l i t y

D i s p l a y

Hot Spot

Hot Spot

Vehicular Grid as Opportunistic Ad Hoc Net

Hot Spot

Hot Spot

PowerBlackout

ST O P

PowerBlackout

ST O P

Vehicular Grid as Emergency Net

PowerBlackout

ST O P

PowerBlackout

ST O P

Vehicular Grid as Emergency Net

CodeTorrent: Content Distribution using

Network Coding in VANETUichin Lee, JoonSang Park,

Joseph Yeh, Giovanni Pau, Mario GerlaComputer Science Dept, UCLA

ACM MobiShare 2006

14

Content Distribution in VANET

• Multimedia-based proximity marketing:– Virtual tours of hotel rooms– Movie trailers in nearby theaters

• Vehicular ad hoc networks (VANET):– Error-prone channel– Dense, but intermittent connectivity – High, but restricted mobility patterns– No guaranteed cooperativeness (only, users of the same

interests will cooperate)• How do we efficiently distribute content in VANET?

– Traditional approach: BitTorrent-like file swarming

15

BitTorrnet-like File Swarming• A file is divided into equal sized blocks• Cooperative (parallel) downloading among peers

From Wikipedia

16

Swarming Limitation: Missing Coupon!

C1 Sends Block 1

C3C2C1

C6C5C4

B1

B1

C3 Sends Block 2

B2

B2

C2 Sends Block 2

B1 B2

B2

B2

C5 Sends Block 2

B2

B2

B2

B1 is STILL missing!!

17

Network Coding• Let a file has k blocks: [B1 B2 … Bk] • Encoded block Ei is generated by

– Ei = ai,1*B1 + ai,2*B2 + … + ai,k*Bk

– ai,x : randomly chosen over the finite field• Any “k” linearly independent coded blocks can recover [B1

B2 … Bk] by matrix inversion• Network coding maximizes throughput and minimizes

delaya1,1=1

a1,2=0

Coded Block10E1

Coded Block11E2

Matrix Inversion

B110

B201

B1

B2

a2,1=1

a2,2=1

Network coding over the finite field GF(2)={0,1}

18

Network Coding Helps Coupon Collection

C1 Sends Block 1

C3C2C1

C6C5C4

B1

B1

C3 Sends Block 2

B2

B2

C2 Sends a Coded Block: B1+B2

B1 B2B2

B1+B2

B1+B2B1+B2

B1

C5 Sends a Coded Block: B1+B2

B1+B2 B1+B2

B1+B2

B2 B1

C4 and C6 successfully recovered both blocks

19

Previous Work: Cooperative Downloading with CarTorrent

Internet

Downloading Blocks from AP

Exchange Blocks via multi-hop pulling

G

RY

Y2

Gossiping Availability of Blocks

YY

Y

RRR

20

CodeTorrent: Basic Idea

Internet

Downloading Coded Blocks from AP

Outside Range of AP

Buffer

BufferBuffer

Re-Encoding: Random Linear Comb.of Encoded Blocks in the Buffer

Exchange Re-Encoded Blocks

Meeting Other Vehicles with Coded Blocks

• Single-hop pulling (instead of CarTorrent multihop)

“coded” block

B1

File

: k b

lock

s

B2B3

Bk

+

*a1

*a2*a3

*ak

Random Linear Combination

21

Design Rationale• Single-hop better than multihop

– Multi-hop data pulling does not perform well in VANET (routing O/H is high)

– Users in multi-hop may not forward packets not useful to them (lack of incentive)!

• Network coding– Mitigate a rare piece problem– Maximize the benefits of overhearing

• Exploits mobility – Carry-and-forward coded blocks

FleaNet : A Virtual Market Place on Vehicular Networks

Uichin Lee, Joon-Sang Park Eyal Amir, Mario Gerla

Network Research Lab, Computer Science Dept., UCLA

Advent of VANETs• Emerging VANET applications

– Safety driving (e.g., TrafficView)– Content distribution (e.g., CarTorrent/AdTorrent)– Vehicular sensors (e.g., MobEyes)

• What about commerce “on wheels”?

Flea Market on VANETs

• Examples– A mobile user wants to sell “iPod Mini, 4G”– A road side store wants to advertise a special offer

• How to form a “virtual” market place using wireless communications among mobile users as well as pedestrians (including roadside stores)?

Outline

• FleaNet architecture• FleaNet protocol design• Feasibility analysis• Simulation• Conclusions

FleaNet Architecture-- System Components

• Vehicle-to-vehicle communications• Vehicle-to-infrastructure (ad-station) communications

Inter-vehic lecommunications

Private Adstation

Vehic le-to-adstationcommunications

* Roadside stores (e.g., a gas station)

FleaNet Architecture -- Query Formats and Management

• Users express their interests using formatted queries– eBay-like category is provided

• E.g., Consumer Electronics/Mp3 Player/Apple iPod

• Query management– Query storage using a light weight DB (e.g., Berkeley DB)– Spatial/temporal queries– Process an incoming query to find matched queries (i.e.,

exact or approximate match)• E.g. Query(buy an iPod) Query(sell an iPod)

FleaNet Protocol Design• FleaNet building blocks

– Query dissemination– Distributed query processing – Transaction notification

• Seller and buyer are notified• This requires routing in the VANET

• VANET challenges– Large scale, dense, and highly mobile

• Goal: designing “efficient, scalable, and non-interfering protocols” for VANETs

Query Dissemination• Query dissemination exploiting vehicle mobility• Query “originator” periodically advertises its query to

1-hop neighbors– Vehicles “carry” received queries w/o further relaying

Q1

Q2

Q1

Q2

Yellow Car w/ Q1

Red Car w/ Q2

Distributed Query Processing• Received query is processed to find a match of

interests– Eg. Q1 – buy iPod / QM – sell iPod / Q2 – buy Car

QM

QM

Q2

Q2

(1) Find a matching query for Q2

No match found

QM

LocalMatchQMQ1

(2) Send a match notification msg to the originator of query QM

Red car w/ Q2 & carries Q1

Cyan car w/ QM

Q1

(1) Find a matching query for QM

Found query Q1

Transaction Notification• After seeing a match, use Last Encounter Routing

(LER) to notify seller/buyer– Forward a packet to the node with more “recent”

encounter

QM

LocalMatchQMQ1

Q1

Q1

Q1

Q1 T-1s

T-5s

T-10s

T

Encounter timestamp

Current Time: T

Originator of Q1

Cyan car

Red car

Blue car

Green carYellow carTRXRESP

TRXREQ

FleaNet Latency

• Restricted mobility patterns are harmful to opportunistic data dissemination

• However, latency can be greatly improved by the popularity of queries

• Popularity distribution of 16,862 posting (make+model) in the vehicle ad section of Craigslist (Mar. 2006)

Freq

uenc

y (l

og)

Items (log)

FleaNet Scalability• Assume that only the query originator can

“periodically” advertise a query to its neighbors• We are interested in link load• Load depends only on average number of neighbors

and advertisement period (not on network size)• Example:

– Parameter setting : R=250m, 1500B packet size, BW=11Mbps

– N=1,000 nodes in 2,400m x 2,400m (i.e., 90 nodes within one’s communication range)

– Advertisement period: 2 seconds– Worst case link utilization: < 4%

Simulations• Ns-2 network simulator• 802.11b - 2Mbps, 250M radio

range• Two-ray ground reflection

model• “Track” mobility model

– Vehicles move in the 2400mx2400m Westwood area in the vicinity of the UCLA campus

• Metric– Average latency: time to find a

matched query of interest

Westwood area, 2400mx2400m

Simulation Results

• Impact of density and speed

0

50

100

150

200

250

300

350

400

450

5 10 15 20 25

Average Speed (m/s)

Late

ncy

(S

eco

nd

s) N=100N=200N=300

Simulation Results• Impact of query popularity

– Popularity: the fraction of users with the same interest– For a single buyer, increase the number of sellers (e.g., N=200/0.1 =

20 sellers)

0

10

20

30

40

50

60

70

0.05 0.1 0.15 0.2 0.25

Popularity

Late

ncy

(S

eco

nds)

N=100/V=5

N=100/V=25

N=300/V=5

N=300/V=25

Simulation Results• Impact of ad-station location

– Given N=100, fix each node in its initial location, and set it as a “stationary” ad-station (as a buyer)

– measure the average latency to the remaining 99 mobile nodes (run 99 times, by taking turns as a seller: 1 buyer 1 seller)

0

50

100

150

200

250

300

350

400

450

500

1 11 21 31 41 51 61 71 81 91

Rank

Late

ncy

(S

eco

nds)

N=100/V=25m/s

avg. stationaryavg. mobile

Latency rank

Epidemic Diffusion - Idea: Mobility-Assist Data Harvesting

Meta-Data Req

1. Agent (Police) harvestsMeta-Data from its neighbors

2. Nodes return all the meta-datathey have collected so far

Meta-Data Rep

Threat Model and Security Requirements for VANET

applications

The Threat Model

An attacker can be:• Insider / Outsider• Malicious / Rational• Active / Passive

Attack 1 : Bogus traffic information

Attacker: insider, rational,active

Attack 2 : Disruption of network operations

Attacker: insider, malicious,active

Attack 3: Cheating with identity, speed, position

Attacker: insider, rational, active

Attack 4: Jamming

Attacker: insider or outsider, malicious,active

Attack 5: Tracking

Security system requirements

Sender authenticationVerification of data consistencyAvailabilityNon-repudiationPrivacyReal-time constraints

Security Architecture