A Low Overhead Cooperative-based Authentication Protocol for VANETs
AA Low Overhead Cooperative-based Authentication Protocol for VANETs
Vahid Ranjbar , Ali Mohammad Afshin Hemmatyar University of Tehran, Sharif University of Technology, Emails: [email protected], [email protected]
Abstract —Vehicular ad-hoc networks (VANETs) have been proposed to automate transportation industry in order to increase its accuracy, efficiency, throughput, and specially safety. Security plays an Undeniable important role on implementing VANETs in real life. Authentication is one of the basic elements of VANETs security. Proposed authentications protocols suffer from high overhead and cost. This paper presents a computation division based authentication which divide signature approvals between neighbor vehicles consequently decrease vehicles computation load. Simulation shows presented protocol propose an almost constant latency and closely zero message loss ratio related to traffic load, and improved efficiency compared with GSIS protocol. Keywords: VANET, authentication, security, privacy. I. I NTRODUCTION
Nowadays, the transportation industry has become one of the most important subjects of social affairs. Vehicular ad-hoc networks (VANETs) have been proposed to automate this industry and decrease its risk for human lives. These networks can be used to increase the efficiency of driver assistance advanced systems, safety and capacity of roads, and comfort level of driver and passengers. VANET applications can be divided in welfare and safety groups. Traffic management information, electronic payment systems, navigation improvement, and providing welfare information and entertainment for passengers can be considered as welfare ones, and Accident preventing and collaboration with relief and security vehicles are the safety group. In general, vehicular ad-hoc networks can be considered as mobile ad-hoc networks. In a VANET, each vehicle operates as a smart node and can connect to other vehicles and transportation equipment. VANETs may have infrastructure but there is usually no infrastructure in mobile ad-hoc networks. Also, VANETs have more dynamic topology and higher speed of nodes. Path limitation for vehicles, existence of tools to predict their motion, nonexistence of limitation for transmitted power and consumed energy by the network, and considerable nodes density variation related to area are the VANETs difference. One of the most important goal of VANETs is to increase the safety of transportation industry. To achieve this goal,
Fig. 1. Schematic for an ID-based method.
VANETs themselves must be accurate, secure, and safe in the first step. Any unintentional or intentional mistakes could be followed by irreversible results. Security protocols that are proposed to obtain security in VANETs must satisfy requirements including authentication, privacy protection and anonymity, ability to track malicious nodes and revoking their certificate, preventing denial of service, confidentiality, integrity, and efficiency. Obviously, there should be a tradeoff between these security requirements and the cost and complexity of protocol. Authentication is one of the fundamental elements of VANETs security that verify messages transmitting and receiving by network’s legitimate authorized nodes. Authentication also decrease illegal nodes attacks [1]. Privacy protection and anonymity prevent vehicles path tracking and privacy abuses. So, the proposed authentication model should provide appropriate level of anonymity [1]. Impossibility of linking data prevent tracking a vehicle by enemy through eavesdropping network messages [2]. he possibility of identification and removal of malicious
TABLE I A
DVANTAGES AND DISADVANTAGES OF RELATED PROTOCOLS . vehicle. Impossibility of denial of service prevent transmitter or receiver form denying that transmitting or receiving [3], Protocols Advantages Disadvantages [4]. So, false alarms are prevented and it will be possible to prove that a false alarm caused an accident [5]. Confidentiality and integrity grantee that other members specially a malicious one can not change a message [6]. The efficiency considers the protocol costs and latency requirements [2]. As VANETs have no infrastructure and subsequently a cen- ter node for network communication management and routing, nodes should perform routing, communication management and network topology configuration themselves. This can helps an attacker node to attack and destroy the network. Despite of low possibility of public key infrastructure and building VANETs for a short time premeditated plane, they need a key distribution and authentication protocol to prevent an attacker
GSIS [11] User authentication and anonymity, Tracking ability
Khomejani [22] User authentication and anonymity, No need for road side unit GAP [23] User authentication and anonymity, Tracking ability High loss rate, Ap- proval time increas- ment proportional to revoked certificates High loss rate, Track- ing disability, Trans- mitter can deny mes- sage transmitting High loss rate node entering. Security of vehicular ad-hoc networks is one of the major problems that prevent implementation of VANETs in recent years. Many solutions such as information encryption, net- work isolation, using authentication for new entering vehicles, applying hardware with more than 99.99 percent reliability are proposed to improve VANETs security. But, still there are many problems should be solved to make VANETs implementable. One of the most important elements of VANETs security is authentication of transmitted messages by vehicles to prevent unauthorized nodes entering and external attacks. Popular authentication protocols can be divided in two groups. Some protocols use public key infrastructure for authentication [7]– [9], and the others include Id-based encryption [10]–[12]. At the first group each vehicle receives a pair of public and private key and a valid certificate from a reliable center. Main drawback of this protocols is high calculation overhead due to public key that cause messages latency. In the second group of authentication that use id-based encryption, each vehicle has an exclusive Id. Key management center build a private key corresponding vehicle’s Id and transmit it to vehicle over a secure channel. Lower calculation overhead and easier signature approval are two main advantages of this protocols towards public key protocols. On the other hand, single point of failure (key management center) and possibility of Id forgery are disadvantages of the second group [13]–[16]. All above protocols are proposed without considering privacy and certificate revocation requirements. To satisfying certificate revocation requirement "certificate revoking list" is used that include all violator vehicles. This list is saved in all vehicles and used to prevent receiving a message from a violator vehicle. Two major problem of this solution is cost of keeping the list up-dated and saving it in all vehicles [17], [18]. Some protocols presented to solve the privacy protection and anonymity problems use "pseudonym" for user anonymity [19], [20]. Regarding this, each user receives several temporary certificates from a reliable center that are stored with user’s real profile in a reliable database. This protocols use almost more than 43 thousands temporary certificates over just one year to propose an acceptable level of efficiency and anonymity [17]. This amount of certificates is followed by problems such as memory overhead, long searching time, long certificate revoking time, up-dating cost, and high communication overhead. Group signature could be used for users' anonymity in order to remove temporary certificate weaknesses [9], [21]. In this protocol, group manager authenticates each user with its real identity at the first step. Also, the manager produces a private key for user and gives it to user with group public key After Authentication and saves the user private key and real identity in its database. In this protocol, each group manager has a master key which can be used with user signature to obtain user private key, then it can search its database to find message transmitter real identity. Hybrid protocols combine this two protocols to use their advantages together [11]. Advantages and drawbacks of three related protocols are summarized in Table I. II. P ROPOSED P ROTOCOL
In the proposed protocol, it is assumed that there is a reliable center for key distribution and management. Also, it assumes that roadside units (RSUs) have a high computing abilities and can build a proper communication coverage to up-date and revoke the certificates. It is assumed roadside units use an electronic elliptical curve signature algorithm as public key infrastructure for certification. This algorithm is usually used in other VANETs authentication protocols. In proposed protocol, each RSU is considered as a local reliable center on its zone. So, vehicles can receive local valid certificate for each zone from its RSU. Country transportation centers can act as backbone of this protocol. The protocol assumed each vehicle can at-least connect to one roadside unit to up-date its temporary certificate. Also, RSUs are physically protected and secure, connected to other units and reliable center over a secure Internet, satellite, radio waves or cable base channel. Each vehicles is loaded with an accurate navigation system. Moreover, it’s assumed that attacker can access and change all messages, so confidentiality
S S
TABLE II A
BBREVIATIONS
Abbreviations Explanation
𝐸𝑛𝑐𝑟𝑦𝑝𝑡 𝐾 ( M ) Message M asymmetric encryption algorithm by key K
𝐷𝑒𝑐𝑟𝑦𝑝𝑡 𝐾 ( M ) Message M asymmetric decryption algorithm by key K sign K − ( M ) Simple electronically signing algorithm for message M using private key K − Cert i Vehicle i certificate signed by reliable center
P Key − P Key +1 Roadside unit/ Vehicle (S) private key for electronically signing Roadside unit/ Vehicle S public key for elec- tronically signing
Fig. 2. Certificate receiving algorithm. RL Revoked certificates list (Revoking List) K − Vehicle S private key for temporary certificate in its database for future follow-up. Vehicle can use these K S Vehicle S private key for temporary certificate is required for all messages (every persons must not access messages text). In the proposed protocol electronic signature is used for confidentiality. As a result, each receiver can identify transmitter of its received messages and transmitter can not deny that transmitting. The proposed protocol is divided in two parts that use proper mechanisms due to theirs requirements and circumstances. Id- based electronic signature mechanisms is used in vehicle to infrastructure connection to satisfy vehicle tracking capability by reliable center and denial of service impossibility. A mechanism is required for legitimate vehicles identification and messages verification in vehicle to vehicle (V2V) connec- tion due to vehicles limited sources and network economical requirements. So, a simple electronic signature protocol based on pseudonym is used for privacy protection in proposed protocol. Major problems of previous protocols proposed for authenti- cation and privacy protection in VANETs are high calculation certificate and keys to communicate with roadside units for a long time (e.g. a year). Reliable center build a public and private key for each roadside unit depend on its zone. The roadside unit uses the private key for a period to communicate with vehicles. These keys are periodically updated after each technical checkpoint to prevent attacker manipulation.
B. Temporary Certificate Recieving
Every vehicle, in each zone, receives a temporary certificate from roadside unit to communicate with other vehicles that are in that zone. In this regard, vehicle should firstly authenticates itself to roadside unit. The roadside unit issues a temporary certificate after it makes sure the vehicle is legal and is not in the revoked list. When the vehicle certificate expired or it enter another roadside unit territory, it re-does this procedure to receive a new certificate. As Fig. 2 shows vehicle S (OBU), in order to receive or up-date its temporary certificate, firstly build a pair of public and private keys ( K − , K +1 ) using electronic signature S S and processing load that are forced to vehicles processors, consequently decreasing system efficiency and throughput severely. Solution of these problems is assignment of heavy calculation to network infrastructure as its possible or splitting calculations over the network. In this regard, a cooperative protocol is proposed to verifies each message signature that splits calculations between vehicles. Also, revoked certificates checking mechanism is done by roadside units. The proposed protocol include five subsequent steps.
A. Network Set-up
In the first step, each vehicle goes to a reliable center in person. The center issues a pair of public and private keys and a certificate for that vehicle after equipment technical checking. Also, it stores the keys and signed certificate on the vehicle and saves the signed certificate and vehicle identity key building algorithm and signs the built public key using its private key. Then it uses a hash function and connects the roadside unit zone to achieves roadside unit public key and sends encrypted message to the relevant roadside unit (R). Roadside unit uses its private key to decrypt certificate request message received from vehicle S. Then it uses vehicle certificate to confirm it is not in the revoking list. Finally, roadside unit issues a temporary certificate by its private key. The certificate includes vehicle public key, certificate validity period, and an Id produced randomly by roadside unit. Roadside unit saves the built certificate with vehicle certificate on its database. Then it wait for at-most δ second to prevent detection of any relation between new and old certificates before it sent the certificate to vehicle S. Henceforth, vehicle S can communicate anonymously with other vehicles using this certificate. × C. Message Signing and Sending
Each vehicle uses its private key ( K − ) to sign its messages. Then, it send the signed message with its temporary certificate and Id over the network. D. Signature Approval and Message Receiving
In previous proposed protocols for vehicle ad-hoc network, the vehicle checks each received message signature. Consid- ering each vehicle sent a message in every 100-300 ms, and there were almost 100 vehicles at each vehicle communication coverage, each vehicle should check 1000 messages signature in just one second. So, the time for confirmation of each message should be less than 1 ms that is a very short time for electronic signature approval which cause receiver buffer overflow, and increase of messages loss rate. In this protocols, each message is checked by all vehicles receive it that strongly decrease the efficiency and throughput and cause vehicles processors be busy to do duplicated processes. In the proposed protocol, each vehicle checks some of messages and informs other, in case of message signature was not verified. This solution reduces vehicles processing and computational load. So, strong processors are not required for vehicles result in system cost reduction. Also, high message loss rate due to electronic signature algorithms processing is reduced cause efficiency increasing. The most important part of above solution is vehicles cooperation in order to achieve an acceptable rate of efficiency and throughput. In this protocol, each vehicle keeps a list of its neighbors Ids and up-date it with each message reception from the list member. Then it singes its neighbors list with its private key and send signed list with its temporary certificate over the network every θ seconds. Other vehicles use this list to identify their mutual neighbors with the sender, and check that are they the verifier of its messages or not? if vehicle A be the vehicle B verifier, since then it will verify vehicle B messages else it will wait for another vehicle to verify B. Consider β as vehicle A & B Id difference, α as the highest and α k as the shortest difference between vehicle B Id and its mutual neighbors with A, and α p as the pth highest difference. In the proposed protocol, vehicle A verify B when, β be less or equal α p . Vehicle A receives message M from vehicle B and uses its Id that is in the M to check its neighbors list. If vehicle B Id wasn’t in the list or vehicle A be the B verifier, checks vehicle V certificate by its public key. If the signature was verified, vehicle A update its list and delivers the message to application layer. On the other side, if the signature wasn’t verified by vehicle B public key, vehicle A send a message over the network to informs others. In case vehicle A was not verifier of B, it waits for ∆ t ms. If it receives a message in relation to message M disapproval, it will forward it to its neighbors and recheck message M signature for more assurance. If it didn’t receive a message after ∆ t ms telling message M disapproval, it considers M as a verified message and delivers it to application layer. Fig. 3. Signature approval flowchart. E. Tracking and Certificate Revoking
Reliable center can extract the main certificate of vehicle off the roadside unit database using vehicle temporary certificate that is in its message. Then, the center can find malicious or attacker vehicle identity in its database. Finally, it add the target vehicle certificate to revoked certificates list and update it on all roadside units to prevent malicious vehicle from continuing its operation. III. A NALYSIS OF P ROPOSED P ROTOCOL
As it was said before, in previous protocols for VANETs each vehicle checks all received messages signature. It means each message is checked for n (number of vehicles received the message) times. While, in proposed protocol each message is checked at least p (not all vehicles received the message) times and at most 5 p times. The more p is decreased, less duplicated precesses are done by system and efficiency is increased. But, whatever p becomes lower, the probability of malicious abuses grows. So, there must be a trade off between efficiency and security. The best case of choosing verifiers is that there be verifiers in both directions of vehicle. If p(B) be considered as the probability of choosing one vehicle in front and one vehicle in the back of vehicle to verify and N be the number of vehicles that should verify message M, for N=15 p(B) is equal to 0.99998 as shown in Fig. 4 that can be considered as 1 and is acceptable. So, the best value for p is 5 that each message is on average checked by 15 vehicles. Another challenge in proposed protocol is determination of ∆ t. whatever this time gets longer, network end-to-end delay increases. On the other hand if this time wasn’t enough, it’s possible that an invalid message considered as valid. So, ∆ t must bo longer than sum of times of one message confirmation and transmission delay. In the worth case, it is equal to message end-to-end delay when, the vehicle is checked all messages itself. Based on done simulations, this time average is equal to 15 ms when there are 25 vehicles around the × Fig. 4. Probability of choosing verifier vehicles in both sides of a vehicle.
Fig. 5. Schematic of simulation zone. vehicle. As a precaution ∆ t is considered 30 ms to assure all messages will be checked. Temporary certificate (key) can have several consequences on the proposed protocol. Shorter lifetime means better privacy protection and more on-time revoking. But, fast certificate up- dating is followed by higher connection and commuting costs. Also, some application programs of VANETs require messages relationship detection in a specified time, So the certificate lifetime must not be less than this time. Beside these, it should be noted that certificate lifetime is combination of time- based expiration and zone-based expiration, as a result lifetime selection should be proper to zone dimensions. Considering all above factors, 10 to 20 minutes is recommended for temporary certificate lifetime. IV. S IMULATION AND R ESULT
A 3 3 km urban area is considered as simulation zone, shown in Fig. 5. In simulation, Vehicles coverage is 300 meter that every 300 ms a message containing velocity, direction, acceleration, and location of vehicle is broadcasting. Fig. 6. Variation off latency respect to traffic load obtained from simulation. waiting for message confirmation by neighbors. This delay is predictable and is equal to summation of signing, message broadcasting, and waiting ( ∆ t) times. It should be noted that in fact the simulated delay time (almost 35 ms) is very shorter than the acceptable delay value (100 ms) defined in IEEE1609 standard. So, from the standpoint of delay, the proposed protocol will mack no problem for application programs. Traffic load effect on messages-loss average rate for the proposed protocol, and the GSIS and Khomejani ones are shown in Fig. 7. It is seen that in GSIS and Khomejani protocols message loss rate increases with traffic load, but the loss rate for proposed protocol is almost zero. This is the result of vehicles cooperation for messages signature checking. Number of checked signature in proportion with received messages in the proposed protocol can be seen in Fig. 8. The more this value approaches to 1, it means vehicles cooperation decreases and more duplicated works is done in the network. In the proposed protocol, whatever traffic load gets higher, cooperation increase and each vehicle checks less messages. Also, number of messages checked by one vehicle in 30 ms period is illustrated in Fig. 9. Vehicle received messages increase with traffic load. In the GSIS protocol, the processor can only check 43 messages in every 300 ms, so in every period (300 ms) at most 43 messages is delivered to upper layer. But, vehicles cooperation in proposed protocol causes the processor checks fewer messages and loaded with less pro- cessing load. So, the proposed protocol has a better efficiency than the GSIS protocol. TABLE III S
IMULATION SETTING
Vehicle density is one the major factors have effect on system efficiency. Whatever vehicle density gets higher in a vehicle coverage, more vehicles receives transmitted message and also, the vehicle receives more messages. So, messages wait on the queue longer and end-to-end delay increases. Fig. 6 shows the effect of traffic load on end-to-end average delay for proposed protocol, and GSIS and Khomejani protocols. As Fig. 6 shows, end-to-end delay for proposed protocol is almost fix despite the GSIS and Khomejani protocols that their delay increase with traffic load. The proposed protocol
Abbreviations Explanation
Topology dimensions 3000 × delay is longer than other two protocols caused by vehicle Fig. 7. Estimated traffic message loss ratio versus different traffic loads.
Fig. 8. Message approval ratio obtained from simulation against traffic load. V. C ONCLUSION
In this paper, a new protocol is proposed for user authentication and privacy protection. In this protocol, vehicles co- operation is used for messages signature checking to decrease messages loss rate. The simulations results show significant improvement on message loss rate parameter with comparison to the GSIS and the Khomejani protocols. On the other hand, end-to-end delay of proposed protocol is longer than the other ones, but it’s still much less than the maximum acceptable value defined by standards and could be overlooked. R
EFERENCES [1]A.-N. Shen, S. Guo, D. Zeng, and M. Guizani, “A lightweight privacy- preserving protocol using chameleon hashing for secure vehicular com- munications,” in
Wireless Communications and Networking Conference (WCNC), 2012 IEEE , pp. 2543–2548, IEEE, 2012. [2]M.-C. Chuang and J.-F. Lee, “Ppas: A privacy preservation authentica- tion scheme for vehicle-to-infrastructure communication networks,” in
Consumer Electronics, Communications and Networks (CECNet), 2011 International Conference on , pp. 1509–1512, IEEE, 2011. [3]A. Wasef, R. Lu, X. Lin, and X. Shen, “Complementing public key in- frastructure to secure vehicular ad hoc networks [security and privacy in emerging wireless networks],”
Wireless Communications, IEEE , vol. 17, no. 5, pp. 22–28, 2010. [4]S. Busanelli, G. Ferrari, and L. Veltri, “Short-lived key management for secure communications in vanets,” in
ITS Telecommunications (ITST), 2011 11th International Conference on , pp. 613–618, IEEE, 2011. [5]J. Moslah and L. B. Azzouz, “Security services for esafety applications clusters,” in
Wireless Communications and Mobile Computing Confer- ence (IWCMC), 2011 7th International , pp. 707–712, IEEE, 2011. [6]R.-J. Hwang, Y.-K. Hsiao, and Y.-F. Liu, “Secure communication scheme of vanet with privacy preserving,” in
Parallel and Distributed Systems (ICPADS), 2011 IEEE 17th International Conference on , pp. 654–659, IEEE, 2011. [7]G. Samara, W. A. Al-Salihy, and R. Sures, “Security issues and challenges of vehicular ad hoc networks (vanet),” in
New Trends in Information Science and Service Science (NISS), 2010 4th International Conference on , pp. 393–398, IEEE, 2010.
Fig. 9. Messages verified in 300 ms by every vehicle on proposed and GSIS protocols. [8]G. Samara, W. A. Al-Salihy, and R. Sures, “Security analysis of vehicular ad hoc nerworks (vanet),” in
Network Applications Protocols and Services (NETAPPS), 2010 Second International Conference on , pp. 55–60, IEEE, 2010. [9]X. Lin, R. Lu, C. Zhang, H. Zhu, P.-H. Ho, and X. Shen, “Security in vehicular ad hoc networks,”
Communications Magazine, IEEE , vol. 46, no. 4, pp. 88–95, 2008. [10]X. Sun, X. Lin, and P.-H. Ho, “Secure vehicular communications based on group signature and id-based signature scheme,” in
Communications, 2007. ICC’07. IEEE International Conference on , pp. 1539–1545, IEEE, 2007. [11]X. Lin, X. Sun, P.-H. Ho, and X. Shen, “Gsis: a secure and privacy- preserving protocol for vehicular communications,”
Vehicular Technol- ogy, IEEE Transactions on , vol. 56, no. 6, pp. 3442–3456, 2007. [12]P. S. Barreto, B. Libert, N. McCullagh, and J.-J. Quisquater, “Efficient and provably-secure identity-based signatures and signcryption from bilinear maps,” in
Advances in Cryptology-ASIACRYPT 2005 , pp. 515– 532, Springer, 2005. [13]A. Khalili, J. Katz, and W. A. Arbaugh, “Toward secure key distribution in truly ad-hoc networks,” in
Applications and the Internet Workshops, 2003. Proceedings. 2003 Symposium on , pp. 342–346, IEEE, 2003. [14]Y. Feng and H. Liang, “Efficient anonymous authentication scheme in vanets,”
Jisuanji Gongcheng yu Yingyong(Computer Engineering and Applications) , vol. 46, no. 23, 2010. [15]Q. WANG, W. CHEN, and D.-j. MU, “Identity-based authentication scheme for vanet,”
Application Research of Computers , vol. 3, p. 079, 2010. [16]C.-l. Du, M.-z. Hu, and H.-l. Zhang, “New group key management framework for mobile ad hoc network based on identity authentication in elliptic curve field,”
JOURNAL-CHINA INSTITUTE OF COMMUNI- CATIONS , vol. 28, no. 12, p. 53, 2007. [17]G. Samara, S. Ramadas, and W. A. Al-Salihy, “Design of simple and efficient revocation list distribution in urban areas for vanet’s,” arXiv preprint arXiv:1006.5113 , 2010. [18]K. P. Laberteaux, J. J. Haas, and Y.-C. Hu, “Security certificate re- vocation list distribution for vanet,” in
Proceedings of the fifth ACM international workshop on VehiculAr Inter-NETworking , pp. 88–89, ACM, 2008. [19]J. J. Haas, Y.-C. Hu, and K. P. Laberteaux, “Design and analysis of a lightweight certificate revocation mechanism for vanet,” in
Proceedings of the sixth ACM international workshop on VehiculAr InterNETworking , pp. 89–98, ACM, 2009. [20]Y. Sun, R. Lu, X. Lin, X. Shen, and J. Su, “An efficient pseudonymous authentication scheme with strong privacy preservation for vehicular communications,” vehicular Technology, IEEE Transactions on , vol. 59, no. 7, pp. 3589–3603, 2010. [21]H. Weerasinghe, H. Fu, and S. Leng, “Anonymous service access for vehicular ad hoc networks,” in
Information Assurance and Security (IAS), 2010 Sixth International Conference on , pp. 173–178, IEEE, 2010. [22]S. Khomejani and A. Movaghar, “Privacy consideration for trustworthy vehicular ad hoc networks,” in
Electronics and Information Engineering (ICEIE), 2010 International Conference On , vol. 1, pp. V1–437, IEEE, 2010. [23]K. Priya and K. Karuppanan, “Secure privacy and distributed group authentication for vanet,” in