Mobile Vehicular Cloud (MVC), Mobile Personal Cloud. (MPC) and Mission ... mation as a Service) on the top of Cloud Computing Stack. The service offers ...
2014 International Conference on Connected Vehicles and Expo (ICCVE)
Cloud Enabled Secure Communication in Vehicular Ad-hoc Networks Sanoop Mallissery, Manohara Pai M.M., Radhika M. Pai, Smitha A. Department of Information and Communication Technology Manipal Institute of Technology, Manipal University Karnataka, India {sanoop.m, mmm.pai, radhika.pai, smitha.a}@manipal.edu Clouds [4] [5]. VANET cloud takes advantage of cloud computing to serve to the owners or drivers of vehicles who participate in VANET communication with a pay as you go model. VANET cloud can provide several computational services for minimizing traffic congestion, traveling time, accidents, environmental pollution etc with low cost. In VANET cloud the vehicle can share its own resources and can also use the conventional cloud resources. The architectural framework for VANET cloud is classified as Vehicular Cloud (VC), VANET using Cloud (VuC), and Hybrid Vehicular Cloud (HVC) [6].
Abstract—Security is one of the existing challenge in cloud enabled Vehicular Ad-hoc Network (VANET) communication. To address the security issues and to reduce payload overhead a novel method has been proposed for classification of VANET messages along with a Multi-hashed Binary Tree (MuBT) Algorithm. This algorithm verifies the identity and authenticity of the vehicles and messages exchanged. In addition to this, the concept of public cloud is used to store the location of vehicles, keys, messages and certificates involved in VANET communication. This ensures any time data accessibility from anywhere and helps to track the messages when necessary. The messages exchanged and the Transient Certificates (TCs) used in VANET communication is encrypted using the geolocation key of the RSU. The use of geolocation key provides location confidentiality against vehicles outside the zone and also ensures that a message can be sent only if the vehicle is physically present in the location.
•
Keywords-VANET, MuBT Algorithm, TC, Geolocation Key, Cloud Computing
•
I. I NTRODUCTION The development of Vehicular Ad-hoc Networks (VANETs) has received much attention from the automotive industry and government agencies, including the Federal Highway Administration (FHWA), an agency within the United States Department of Transportation (US-DOT), which has launched the IntelliDrive initiative. According to the Highway Statistics 2013 report of FHWA, in the period of 2012-13, 33,908 peoples are fatally injured in motor vehicle crashes in the US. The agency reports that, compared to the previous years the number of motor accidents is reduced with the help of Intelligent Transportation System (ITS) and VANET communication [1] [2]. This promise of vehicular networking has led to a fast convergence with ITS and to the advent of Intelligent Vehicular Networks with Cloud Computing (CC). Thus, it ensures a new versatile system that enhances traffic-transportation efficiency and safety by creating a secure, safe and healthy environment in our busy city streets and highways. In VANET communication, the frequency that has been allocated exceeds the required frequency for VANET safety applications. So the additional bandwidth could be used for infotainment and other services [3]. This led to new thoughts for Professor Olariu and his colleagues to visualize to a paradigm shift from conventional VANET to VANET
978-1-4799-6729-2/14/$31.00 ©2014 IEEE
•
VC: A group of largely autonomous vehicle with computing, sensing, communication and physical resources can be coordinated and dynamically allocated to authorized users. VuC: VANET uses public cloud services on the move. Vehicles with Internet connectivity can contact the cloud through a gateway to access the registered services. HVC: It is the combination of VC and VuC where VC serves to both service provider and consumer at same time. Vehicles on the move that uses HVC can rent their resources and also use the cloud services.
In the proposed work the concept of VuC is used for the vehicles, where the cloud provides two services: Application as a Service (AaaS) and Storage as a Service (STaaS). It is assumed that all the vehicles are registered with the public cloud through the Certification Authority (CA). The use of public cloud will provide better storage facility; secure accessibility and easy availability of messages, public keys and certificates involved in VANET communication. The proposed system also addresses security attacks in VANET and reduces the overhead involved in communication. The rest of the paper is organized as follows: Section II discusses the related works on VANET cloud computing, security issues and geolocation based trust for VANET privacy. Section III focuses on the proposed architecture. Section IV discusses the methodology for vehicle registration, message dissemination and message classification and MuBT Algorithm. Finally, section V concludes with future scope.
596
DOI 10.1109/ICCVE.2014.147
II. R ELATED W ORKS
an infrastructure-based Short-time Certificate Management (SCM) scheme to realize public key certificate revocation. Yannick Do [13] proposed a classification of messages that include Safety Applications, Traffic Monitoring and Optimization and Infotainment Services. G. Becker [14] proposed the concept of One Time Signature (OTS) schemes based on digital signatures that can be used to sign a single message for each pair of verification/ signing key. Merkle signature scheme [MSS] is an OTS, which involves constructing a binary hash tree and provides nonrepudiation. The authors have used MSS because of its implicit hash functions utilized for tree construction and speed of computation that is in order of microseconds. J. Serna et al. [15] have proposed the basis of privacy mechanism that uses an authorization paradigm based on a Mandatory Access Control model and a novel mechanism that propagates trust information based on a vehicles geolocation. With the change in geographical location, the trust information is passed to new regional CA. The authors have considered geographic location change happens only when a vehicle crosses the border of another country. Y. Sun et al. [16] have proposed an efficient pseudonymous authentication scheme with strong privacy preservation. Here a certificate is randomly selected from a pool of pseudonymous certificates, which is valid for long duration and contains a single public key. All the vehicles are storing pseudonymous certificates issued by the CA. The authors have not considered any location privacy issues. A. Wasef et al. [17] have proposed an Expedite Message Authentication Protocol (EMAP) for VANETs, which replaces the time-consuming CRL checking process by an efficient revocation checking process. The security issue related to this has not been considered as part of work except the security policy while sharing of keys. The authors have mainly focused on the delay, which takes place during checking process. B. Mishra et al. [18] have proposed a protocol that ensures both message authentication and privacy preservation. The proposed scheme is based on a secure elliptic curve digital signature algorithm approach. Here the authors have considered that the transport authority is sending all the vehicle registration details to the RSU. This can be considered as an invasion of privacy on vehicular users.
The basic objective of a cloud enabled VANET is to facilitate secure communication in an adversary environment. The communication parties would definitely want to make sure that the messages exchanged should remain private and maintain the authenticity of the message. All the messages that has been exchanged should be stored in the cloud. The stored messages can be used to track an adversary and to analyse necessary situations. There have been numerous work performed by the researchers to achieve security goals and to provide a safe and flexible cloud enabled VANET environment. Some of the contributions are as discussed below. Md Whaiduzzaman et al. [7] carried out a survey on Vehicular Cloud Computing (VCC) to understand the fundamental VCC mechanisms and focus on the potential applications for improving vehicular network and road safety. The authors have presented taxonomy of vehicular networking and a comparative study between VCC and CC. The authors have also pinpointed the VCC architecture, autonomous VC formation and the applications. The concept of VCC has been used in the proposed approach because of its adaptability in various applications of vehicular networks. S. Olariu et al. [8] illustrates the power of VC concept by enumerating a numerous application scenarios. The authors have also discussed a number of security and privacy issues specific to VCs with possible solution by emphasizing more on the research challenges in vehicular cloud. G. Yan et al. [9] identified and analyzed a number of security challenges and potential privacy threats in vehicular cloud like authentication of high mobility vehicles, scalability and single interface, tangled identities and locations, trust relationships among multiple players etc., with some solutions. In this work the authors have partitioned a region or a traffic area into zones and sub partitioned into cells. M. Gerla [10] discussed the design principles and research issues in mobile cloud computing and also focused on the mobile vehicular cloud. The authors have also reviewed the cloud applications ranging from urban sensing to intelligent transportation with an envision on three scenarios namely Mobile Vehicular Cloud (MVC), Mobile Personal Cloud (MPC) and Mission Oriented Mobile Clouds (MOMC). R. Hussain et al. [11] used the concept of VuC framework and proposed another layer named as TIaaS (Traffic Information as a Service) on the top of Cloud Computing Stack. The service offers fine-grained traffic information for all the vehicles that subscribed to TIaaS from the Cloud. The authors have proposed Geolock-based encryption to provide security, privacy and conditional anonymity. Haojin Zhu et al. [12] have proposed a method to minimize V2I authentication latency and distributed public key revocation. For authentication latency they proposed mobility prediction scheme based on Multilayer Perceptron (MLP) and
III. P ROPOSED A RCHITECTURE The proposed architecture ensures cloud enabled secure VANET communication environment by using the concept of Transient Certificate (TC) and Multi-hashed Binary Tree (MuBT) Algorithm to reduce the privacy and security issues and to reduce payload overhead. The proposed architecture is shown in Figure 1, where the Vehicles and Road Side Units (RSUs) use cloud as the medium of storage. This ensures that vehicles, which are registered with the cloud through the CA, can access the data any time from anywhere.
597
This will also help to track the messages for the CA/ RSUs when necessary. By storing all the details in the cloud we are reducing the cost of the hardware used for storage in the vehicles or in RSUs. The concerned parties should sign the details, which are stored in the cloud; otherwise cloud will be discarding the packet. While registering to the cloud the vehicles and RSUs will be generating a shared secret key with cloud for their communication. The Diffie-Hellman (DH) key exchange method will be used here to generate the shared secret key between Vehicle and Cloud (KCV ) and RSU and Cloud (KCRSU ). The DH Key Exchange is one of the most popular and interesting methods of key distribution in VANETs. It is based on public key cryptographic system whose sole purpose is for distributing keys, whereby it is used to exchange a single piece of information, and where the value obtained is normally used as a session key for a private key scheme. This shared secret key is used for encrypting the contents while sending the data to the cloud.
for registering the vehicle under CA. CA is the trusted authority that has the privilege to take necessary action against any vehicle on its misconduct. CA will be generating the Certificate Revocation List (CRL) and send the CRL periodically to the RSUs. CRL will be consisting of the revoked vehicle details. RSU stores these details and uses for its future reference Vehicle requests a TC to RSU for communication. TC helps to solve the issues with respect to the verification of vehicles approved services from CRL. In the existing scenario, in response to the vehicles request, CA sends the CRL to the vehicle and verification is done from their end. This is a time consuming process and storage of CRL at vehicles end is also difficult. In order to reduce the delay, the concept of TC is used in the proposed approach. The vehicle appends pseudo ID (PID ), four public key pairs (Pu0 , Pu1 , Pu2 , Pu3 ) and their hash values in the request sent for issuing the TC from RSU. Vehicle will be generating the PID by performing the XOR operation on vehicle ID (VID ) and its hash value (h(VID )) as in equation (1). The same is generated by the CA at the time of registration and this will be used in the CRL. PID = (VID
(1)
h(VID ))
The four private-public key pairs (Pr0 Pu0 , Pr1 Pu1 , Pr2 Pu2 , Pr3 Pu3 ) are generated by using the Elliptic Curve Digital Signature Algorithm (ECDSA). On receiving the request, RSU checks the PID in the CRL list. If the PID is not there in the CRL, then RSU checks the integrity of the private-public key pairs. Otherwise, RSU discards the request packet. If the integrity check fails, then the request will be discarded without notifying the vehicle. If the integrity check is successful, then the RSU issues the TC to vehicle, which will be used by vehicle to communicate with other vehicles. The TC issued by the RSU expires when a vehicle sends a message of particular category possessing certain priority and the vehicle is willing to send another message (or same message) belonging to same category. Since the TC expires, the vehicle has to requests RSU to issue a new TC. The validity of TC (VT C ) is also decided based on the following factors as in equation (2) when a vehicle has not transmitted any messages.
Figure 1: Proposed Architecture
•
The distance between two RSUs (Datt )
•
The transmission range of a RSU (TrRSU )
•
The average velocity of a vehicle (Avgvel )
•
IV. M ETHODOLOGY Step 1: Vehicle Registration All vehicles having the facility of ITS should register with a CA. Vehicle sends a registration request to CA
A relaxing factor, which ensures that certificate wont be revoked before the vehicle approaches the next RSU at a high probability ( t ) VT C =
598
Datt + T rRSU + Avgvel
t
(2)
The TC issued by the RSU will be signed using its private key (PrRSU ). The issued TC will be stored into a public cloud by the vehicle. The TC consists of Certificate Number (CN) , RSU identifier (RSUID ) of the RSU that issued the TC, Timestamp (TIS ), Name of the Algorithm (AID ) and four public keys (Pu0 , Pu1 , Pu2 , Pu3 ) that certified by RSU. Therefore any vehicle who has been registered in cloud can access the cloud and authenticate the identity of vehicle and messages.
unique private key. Message signature is then appended with the authentication path that has been generated using the MuBT algorithm and TC before broadcasting the packet. Step 3: Message Classification and MuBT Algorithm The entire set of messages in VANET may be event oriented, position based or service rendering messages. Among them, few messages like the position-based messages are periodic in nature. Few others like event driven messages are non-periodic as it is to be broadcast only when an event occurs. Classifying these VANET messages according to the criticality helps to reduce the payload overhead [19]. In this proposed work the VANET messages are classified into 4 categories namely Normal (M0 ), Safety critical (M1 ), highly safety critical (M2 ) and very highly safety critical (M3 ) messages as shown in Table 1. This necessitates four private-public key pairs (Pr0 Pu0 , Pr1 Pu1 , Pr2 Pu2 , Pr3 Pu3 ) to be used by the vehicle. The key has to be renewed every time when a message belonging to same category need to be sent successively or when the validity of the key expires.
Step 2: Message Dissemination RSU stores the regional geolocation key (GLKey ) in the public cloud along with RSUID , which is used by the vehicle to encrypt and decrypt the messages. The purpose of GLKey is to provide location confidentiality against vehicles outside the zone and to ensure that a message can be sent only if the vehicle is physically present in the location. The (GLKey ) is formed using the location coordinates (LocC ), timestamp (TS ), region ID (RID ) and RSUID as shown in equation (3). Here the secrecy of generating GLKey is maintained by using RID , which is uniquely generated by the RSU. GLKey = (LocC
TS
RID
RSUID )
Table I: Message Type Classification
(3)
Any vehicle that is willing to broadcast the message will encrypt it using geolocation key local to the regional RSU and stores a copy of the message sent in the public cloud. Hence the message can be decrypted only in the region defined by these parameters. If an attacker encrypts the message using an invalid key, it can be identified at the time of decryption of message. Storing all the messages in the cloud will helps to track the message or the vehicle that has generated the message.
Message Classification
Hash Functions
Normal (M0 )
MD5
Safety Critical (M1 )
SHA-1
Highly Safety Critical (M2 )
SHA-256
Very Highly Safety Critical (M3 )
SHA-512
Types of Messages Stolen Vehicle Tracking, Point of Interest Notification Location, Speed and Direction of Vehicle, Direction of RSU Traffic Signal Warning, Work Zone Warning, Visibilty Enhancer Signal Violation, Emergency Vehicle Approaching, Accident Related Information, Lane Change Signal
Authentication provided by using MuBT algorithm is as follows. For any message to be sent, the sender computes MuBT to obtain a root node public key (PU Root ) of the tree. Four private-public key pairs (Pr0 k Pu0 , Pr1 k Pu1 , Pr2 k Pu2 , Pr3 k Pu3 ) are generated for this purpose using ECDSA. The hash values of public keys serve as the base for MuBT construction, forming the leaf nodes of the tree. Different hash functions are used to obtain the base nodes of MuBT depending on the criticality of message. MD5 is used to hash the public key of normal messages. SHA-1 is used for safety critical messages. Highly safety critical messages are hashed using SHA-256; Very highly safety critical messages are hashed using SHA-512. The process of hashing repeats until the PU Root is obtained which forms the public key of MuBT signature that is necessary for entity authentication. Utilization of four different hash functions lead to varying number of hashed output bits, which varies
Figure 2: Encryption and Signing By using the concept of geolocation key, it is ensured that the sender and receiver are physically present in the region. In addition to geolocation key, use of TC also ensures the physical presence of vehicles. The encrypted message is signed using corresponding private key generated by ECDSA as shown in Figure 2. Here we are considering four types of messages and each type of message has a
599
the length of authentication path.
and messages are stored in the cloud) and increase the processing speed since the computations are performed in cloud. An adaptive authentication technique has been integrated that depends on the message priority to reduce the payload overhead in VANET communication. In the first level of authentication the vehicles use a geolocation key generated by the RSU to encrypt and decrypt the VANET messages, which guarantees the physical presence of the vehicle in that region. In order to limit the replay attacks, RSU issues TC for every authorized vehicle. The use of MuBT algorithm ensures the second level of entity authentication apart from the use of geolocation key. As a future work a specific application has to be developed to analyze the proposed security solutions. Further, the developed application will contribute for enhancing and expanding the security services in VANET cloud. It also meets the increasing demand of ITS services.
Figure 3: MuBT Construction Any vehicle that is willing to send a particular message needs to send an authentication path along with the message signature. This will be generated from the MuBT as shown in Figure 3. For example if a message M3 has to be broadcast by the sender in accordance to the classification, then, the private-public key pair for signing this message is (Pr3 k Pu3 ) and the path to the PU Root will be [H3 , H23 ]. Before broadcasting the message M3 , it is appended to an authentication path [H01 , H2 ]. On reception of this, the receiver will perform an entity authentication check and verification of ECDSA signature as in Figure 4. Once the message signature is validated the receiver accepts the message and sends an ACK to the sender.
R EFERENCES [1] “Budget estimates fiscal year 2013,” US Department of Transportation Federal Highway Administration, 1200 New Jersey Avenue, SE, Washington, DC 20590, Tech. Rep. FHWA FY 2013, November 2013. [Online]. Available: www.dot.gov/mission/budget/fy2013-budget-estimates [2] “Highway statistics 2012,” US Department of Transportation Federal Highway Administration, 1200 New Jersey Avenue, SE , Washington, DC 20590, Tech. Rep. FI-10, October 2013. [Online]. Available: www.fhwa.dot.gov/policyinformation/statistics.cfm [3] C. Barberis, E. Gueli, M. T. Le, G. Malnati, and A. Nassisi, “A customizable visualization framework for vanet application design and development,” in Proceedings of 2011 IEEE International Confernce on Consumer Electronics, January 2011, pp. 569–570. [4] M. Eltoweissy, S. Olariu, and M. Younis, “Towards autonomous vehicular clouds,” in Ad Hoc Networks, ser. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, J. Zheng, D. Simplot-Ryl, and V. C. Leung, Eds. Springer Berlin Heidelberg, 2010, vol. 49, pp. 1–16. [5] M. Abuelela and S. Olariu, “Taking vanet to the clouds,” in Proceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia. ACM, 2010, pp. 6– 13.
Figure 4: Entity Authentication and Verification of Signature V. C ONCLUSION In this paper, we have addressed the authentication and privacy issues of security in cloud enabled VANETs. A security scheme for the proposed cloud enabled VANET architecture has been developed to handle the privacy and information security in VANET cloud communication. The use of public cloud reduces the storage space requirement in the on board units of RSUs and vehicles, reduces the communication overhead of RSUs with vehicles (as the keys
[6] R. Hussain, J. Son, H. Eun, S. Kim, and H. Oh, “Rethinking vehicular communications: Merging vanet with cloud computing,” in Proceedings of 2012 IEEE 4th International Confernce on Cloud Computing Technology and Science, December 2012, pp. 606–609. [7] M. Whaiduzzaman, M. Sookhak, A. Gani, and R. Buyya, “A survey on vehicular cloud computing,” Journal of Network and Computer Applications, vol. 40, pp. 325–344, April 2014.
600
[8] S. Olariu, T. Hristov, and G. Yan, The Next Paradigm Shift: From Vehicular Networks to Vehicular Clouds. Wiley-IEEE Press, 2013, ch. Mobile Ad Hoc Networking: Cutting Edge Directions, Second Edition (eds. Stefano Basagni and Marco Conti and Silvia Giordano and Andlvan Stojmenovic), pp. 645–700. [9] G. Yan, D. Wen, S. Olariu, and M. C. Weigle, “Security challenges in vehicular cloud computing,” in IEEE Transactions on Intelligent Transportation System, March 2013, pp. 284– 294. [10] M. Gerla, “Vehicular cloud computing,” in Proceedings of 11th Annual Mediterranean Ad-Hoc Networking Workshop, June 2012, pp. 152 – 155. [11] R. Hussain, F. Abbas, J. Son, and H. Oh, “Tiaas: Secure cloud-assisted traffic information dissemination in vehicular ad hoc networks,” IEEE International Symposium on Cluster Computing and the Grid, vol. 0, pp. 178–179, 2013. [12] H. Zhu, R. Lu, X. Shen, and X. Lin, “Security in service-oriented vehicular networks,” Wireless Communications, vol. 16, pp. 16 – 22, August 2009. [13] Y. Do, “Centrality analysis in vehicular ad hoc networks,” T-Labs/EPFL, Tech. Rep., August 2008. [14] G. Becker, “Merkle signature schemes, merkle trees and their cryptanalysis,” Ruhr-University Bochum, Tech. Rep., July 2008. [15] J. Serna, J. Luna, and M. Medina, “Geolocation-based trust for vanet’s privacy,” in Proceedings of the 4th International Conference on Information Assurance and Security, September 2008, pp. 287–290. [16] Y. Sun, R. Lu, X. Lin, X. Shen, and J. Su, “An efficient pseudonymous authentication scheme with strong privacy preservation for vehicular communications,” IEEE Transactions on Vehicular Technology, vol. 59, pp. 3589–3603, September 2010. [17] A. Wasef and X. S. Shen, “Emap: Expedite message authentication protocol for vehicular ad hoc networks,” IEEE Transactions on Mobile Computing, vol. 12, pp. 78–89, January 2013. [18] B. Mishra, S. K. Panigrahy, T. C. Tripathy, D. Jena, and S. K. Jena, “A secure and efficient message authentication protocol for vanets with privacy preservation,” in Proceedings of the 2011 World Congress on Information and Communication Technologies, December 2011, pp. 880 – 885. [19] A. Smitha, M. M. ManoharaPai, N. Ajam, and J. Mouzna, “An optimized adaptive algorithm for authentication of safety critical messages in vanet,” in Proceedings of the 8th International Conference on Communications and Networking in China (CHINACOM), August 2013, pp. 149 – 154.
601
