MAC Protocol for Highway Safety Messaging - IEEE Xplore

Download PDF
1 downloads 0 Views 4MB Size Report
Comment
Chakkaphong Suthaputchakun#l, Aura Ganz*2 ... Abstract- In this paper we propose a secure MAC protocol for security guidelines for IVC. In [6], the authors ...
Secure Priority Based Inter-Vehicle Communication MAC Protocol for Highway Safety Messaging Chakkaphong Suthaputchakun#l, Aura Ganz*2 #Computer Engineering Department, Bangkok University Phahonyothin Road, Pathum Thani 12120, Thailand [email protected]

Electrical and Computer Engineering, University of Massachusetts at Amherst Holdsworth Way, Amherst, M4 01003, USA 2ganz@ecs . umass . edu

Abstract- In this paper we propose a secure MAC protocol for Inter-Vehicle Communication in conjunction with message priority for highway safety messaging. The protocol that can be

security guidelines for IVC. In [6], the authors propose secure communication, but do not account for priority messages. The objective of this paper is to introduce a protocol that

integrity, non-repudiation, and privacy. Using OPNET Modeler

message priorities. The proposed approach, which leverages our priority based protocols, presented in [7, 15] and uses IEEE 802. le standard, provides proportional service differentiation in both infrastructure and ad hoc networks in terms of security, reliability and delay. Our OPNET [19] based simulations reveal that the proposed protocol is a viable

implemented in both vehicular infrastructure and ad hoc networks provides the following security services: authentication,

we evaluate the performance of our proposed secure protocol and compare it against a basic protocol without security provisions. The comparison considers performance metrics such as the percentage of successful transmissions and average delay, for different system parameters such as number of vehicles, and percentage of priority 1 messages. We also discuss the tradeoffs between the security provision and the system performance. Our simulations reveal that the proposed secure protocol is a viable solution for secure priority based IVC, i.e., the protocol provides: 1) secure communication, 2) low average delays (lower than the tolerated delays in IVC), and 3) high reliability for priority 1

messages. Moreover, the proposed protocol is fully compatible with both IEEE 802.11 and IEEE 802.11e standards.

I. INTRODUCTION Over the last decades, the number of vehicle has grown drastically, leading to traffic congestion, accidents and transportation delays [1 1, 18]. Intelligent Transportation Systems (ITS) was tasked to address these concerns. InterVehicle Communication (IVC), recognized by ITS, is expected to lead to at least 20% decrease in average number of accidents [16]. The safety messages' importance leads to different message priorities, which pose their own requirements in terms of reliability, delay and security. In our previous papers [7, 15], we proposed priority based IVC MAC protocol for highway safety messaging, providing proportional service differentiation for different prioritized messages without considering security. Nevertheless, wireless communication is prone to higher security threats than their wired counterparts. It is essential to make sure that life-critical information meets authentication, integrity, non-repudiation, and freshness. Therefore, it is imperative to address these security issues in the communication protocol design. There are a few papers [4, 5, 6] that address some of the IVC security aspects. In [4], the authors focus mainly on location verification of each vehicle at each particular time, so that an investigator can reconstruct the sequence events for

. . .

solution for secure priority based IVC, i.e., it provides: 1) secure communication, 2) low delay (lower than tolerated

IV) and3 ig reabiity forlugen m essages. delayoi hef rest oft paerios organized as follows: Section II briefly discusses our revious iority based IVC and Sction III describes the security requirements for secure IVC. Detail

of the proposed secure protocol and assumptions are presented in Section IV. Sections V and VI show the simulation results for both infrastructure and ad hoc networks, respectively. Section VII analyses security achievements and provides implementation guidelines. Section VIII concludes the paper.

Enhanced Distributed Channel Access (EDCA). Each message that arrives at the MAC from the higher layer is mapped into one priority. Examples of message priorities are shown in Table I. We assume four internal queues per vehicle for the four different priority messages. Each message will be queued in the queue according to its priority. There is a virtual collision handler, which handles the internal collision. The virtual collision handler will allow higher priority messages to be transmitted before lower priority messages. TABLE I

law investigation. In [5], the authors described several

vulnerabilities and attacks in vehicular network, and some

1-4244-0979-9/07/$25.00 ©C 2007 IEEE

II. PRIORITY BASED INTER-VEHICLE COMMUNICATION In this section we describe the priority based protocol we introduced in [7, 15] based on the 802.11e standard [1],

518

Priority Pri(1) Pri(2)

Pri(3)

Pri(4)

EXAMPLES OF SAFETY MESSAGE PRIORITIES

Type Accident

Possibility of

Accident Warning

General

Examples Air bag sensor, and Vehicle's body sensor Thermal sensor, and Hard break

Surface condition, and Road work warning

Trafficreport, and Weather condition

IEEE ISWCS 2007

We adopt a non-preemptive policy. For each priority i there are different values of the following contention parameters: minimum Contention Window (CWmin[i]), maximum Contention Window (CWmax[i]), Arbitrary Inter-Frame Space (AIFS[i]), and Transmission Opportunity (TXOP[i]). These parameters provide proportional delay differentiation for different priority messages, i.e., higher priority message will access the channel faster than lower priority messages. Moreover, retry limit and number of retransmission of each message is also assigned based on its priority so that higher priority message will gain higher communication reliability than lower priority message.

TABLE II CRYPTOGRAPHY OPERATIONS BENCHMARKS ECC-160 RSA-1024 ECC-224 9.2 32.1 Time (ms) Sign 13 1.7 18.1 Verify Time (mns) 6.8 Total Time (ms) 19.8 33.8 27.3

RSA-2048 205.5 6.1 211.6

4) Messages Freshness. Even if a sender and a message can be proved to be legitimate, the received information may be stale, by message replaying. Thus, freshness is required to guarantee updated and useful information. 5) Anonymity. Privacy of each driver should be protected from unauthorized observers. To meet this challenge, anonymity should be provided to all vehicles. Since safety message is public information, confidentiality III. SECURE INTER-VEHICLE COMMUNICATION In this section we describe the unique characteristics of is not required in the communication system. vehicular networks, all possible threats and risks, and security D. System Constraints requirements and constraints for secure IVC. The integrated security mechanism must not violate

A. Unique Characteristics ofInter-Vehicle Communication IVC networks possess the following unique characteristics: a) high number of vehicles, b) network members change rapidly and dynamic topology and c) safety messaging is mainly based on broadcast communication. In addition, safety messages are time-sensitive, require high reliability, have a small packet, and have different priorities.

following performance constraints: 1) Time Constraint. Time constraint is the other crucial issue. Because a safety message has its own lifetime, usually 0. Isec [3], security mechanisms must not violate this time. 2) Reliability Constraint. The security mechanisms should not cause low reliability, especially for urgent information. IV. PROPOSED SECURE PROTOCOL To achieve security in vehicular networks, cryptography B. Threats and Risks should be integrated into the protocol. Since non-repudiation Several possible attacks can be launched in IVC: is required in IVC, asymmetric cryptography becomes a better cause can vehicle malicious A / Interference: 1) Jamming communication interference to prevent other vehicles from solution, even it requires larger overhead. One solution can be communicating. Consequently, some vehicles may not be able the use of Elliptic Curve Cryptography (ECC) [17]. ECC's security increases as key length increases. Table II depicts to receive urgent safety information, leading to lost of lives. 2) Message Forgery / Replay: An attacker can forge cryptography operations benchmarks [2] measured on messages or replay stale messages to others. Thus, some 450MHz UltraSparc II processor. From this table, ECC-224, which is equivalent to RSA-2048, is even faster than RSAvehicles may make wrong decision, leading to accidents. 3) Impersonation. Message fabrication, alteration, and 1024. In order to achieve both high security and low replay can be used to impersonate other vehicles. For example, processing time, we decide to implement ECC-224 in our an attacker masquerades an emergency vehicle to mislead proposed secure MAC protocol. other vehicles to slow down. 4) Privacy. Due to broadcast communication, an attacker A Assumptions We assume each vehicle has a secure database [6], which may keep tracking messages sent from a particular vehicle. Therefore, the attacker can gain information such as time, stores all cryptography components used for signing and verifying each safety message. We also assume each vehicle location, and vehicle identifier, violating driver's privacy, has enough computing resources to perform asymmetric cryptography. These two assumptions are reasonable because C. Security Requirements To prevent the attacks described above, the protocol must unlike thin clients, a vehicle includes a high speed processor. provide the following requirements: 1) Authentication. Driving decision must be decided based B. Key Management Based on the PKI concept, each vehicle has to have on legitimate messages. Thus, each vehicle needs to be usually issued by a central trusted party called authenticated in order to transmit any safety messages. certificate Authority (CA) [6]. However, in vehicular Certificate is authenticated, 2) Integrity. Even if the transmitter we lack the central trusted party. Therefore, key networks, transmission, during be altered may legitimate messages resulting in legitimate sender but false information. Thus, management becomes a major problem in secure IVC. Nevertheless, because all vehicles have to be registered with integrity is needed to guarantee correctness of messages. 3) Non-Repudiation. Drivers causing accident should be vehicle registration authorities, the authorities can acts as CA reliably identified for law investigation, i.e., a sender should to issue certificate for all legitimate vehicles, and can be cross-certificated with CAs from different regions. To conceal not be able to deny the transmission of any messages. the vehicle privacy, such as identity and travel route, we use a

acvalid

519

TABLE IV set of anonymous keys to sign each message that will be DEFAULT CONTENTION PARAMETER VALUES changed periodically. These keys are preloaded in the Priority CWmin/4 CWmin CWmax 2AIFSN 7 RL TXOP vehicle's secure database for a long duration, e.g., for one year 1 MSDU CWmin/2 the next until the next yearly checkup. Each key iSuntil by theyalcePri(l) Pri(4) CWmin CWmax 7 1 1 MSDU certified issuing CA and has a short lifetime. In addition, in case of law investigation, the government can track back to the real A. Network Model identity of vehicles, Electronic License Plate (ELP). This We assume a vehicular infrastructure network in which feature also helps provide non-repudiation in case of accidents. IVC is controlled by Road Side Units (RSUs) [12, 13, 14] as C. Secure Protocol Description Each secure safety messagesuall

consists of4pats

shown in Figure 1. Each RSU acts as an access point that broadcasts the messages received from one vehicle to all Each vehicle transmits signed messages others in itsallrange.

directly a using protocol. (1). Safety message is transmitted in plaintext, receives message, it re-broadcasts it immediately (the RSU since there is no need for confidentiality. The time-stamp, does not compete with other vehicles for channel access since which is needed to guarantee the freshness, is also sent in it has the highest priority- RSU uses Point Inter-Frame Space plaintext. However, attackers cannot alter both message and (PIFS), which is shorter than all AIFS[i]), to all other vehicles time-stamp, due to digital signature. Since no other vehicle in range. In conjunction with EDCA, different values of retry knows the private key of the sender, no other vehicle can alter limits are assigned to different priorities (RL[i] is assigned to the content in the packet. Finally, the certificate of the sender priority i messages). However, the actual number of safety message,time-stamp, signatur

as shown in

and sene

to the RSU,

the EDCA

Once the RSU

is included into the packet, so that other vehicles can extract retransmissions of each message may be lower than the retry the sender's public key and verify the correctness of each limit since the retransmission process will be terminated once message. The total overhead per packet is 140-Byte comprised the transmitting vehicle receives the acknowledgement from of 56-Byte signature and 84-Byte certificate. the RSU. The largest RL[i] will be assigned to the highest M, T, {H(M,T)}Ks, Certs (1) priority messages, increasing reliability of such messages. S4* In order to reduce the security overhead, no verification is where S is the sender of the safety message, * repsts done at the RSU, since each message can be altered again any receivers, M is safety message, T is time-stamp, during message broadcast from the RSU, even if the RSU has {H(M,T)}Ks is the hash of the message, M, and time-stamp, verified it. Therefore, we assign responsibility for message T, signed by the private key of the sender, Ks, and Certs is the verification only to the receivers. pre-stored certificate of the sender issued by any CAs. Once other vehicles receive a message, they proceed as B. Simulation Results and Analysis follows: 1) retrieve the sender's public key, Ks,, from Certs in This section describes the simulation scenarios, network order to decrypt the signature-obtain H(M,T), 2) hash the configuration and the performance in terms of percentage of message and time-stamp, 3) compare the hash with H(M,T) successful transmissions (reliability) and average delay (this and if both of them are the same, the message is verified. delay includes the queuing and transmission delays incurred Otherwise, the message is falsified and will be ignored. by the message at the source vehicles and at the RSU) for each priority message. In our simulation we consider one RSU [27] V.EHCULRNFRENETWORK and two priorities, Pril and Pri4. Each vehicle generates In this section, we introduce the infrastructure network Poisson traffic [8, 9, 10] with exponentially distributed packet system model and discuss the OPNET [19] simulation results inter-arrival time with mean 0.1 sec. The default packet size is obtained from the proposed secure protocol. 100 Bytes for all massages. Due to secure IVC, the total size of the messages becomes 240 Bytes, consisting of 100-Byte RSU ,~ ~. -message and time-stamp, and additional 140-Byte security *¢ overhead from 56-Byte signature and 84-Byte certificate. - r > >- w . | Table III summarizes all other default parameter values used in the simulation. The default parameters for each priority CWmin[i], CWmax[i], AIFSN[i], RL[i], and TXOP[i], are Figure 1. Vehicular Infrastructure Network. provided in Table IV. TABLE III We show the study of the protocol performance as a DEFAULT PARAMETER VALUES function of the number of vehicles, N, and percentage of Parameters Values priority 1 vehicles, P1. We also show the comparison of the 1 and 4 Priorities of Vehicles performance in terms of reliability and average delay of the Percentage of Pril Vehicles 5%0 Percentage of Pri4 Vehicles 95% following three communication modes: Network Interface

Packet Payload Size

Packet Generation Interval

Communication Data Rate

Bit Error Rate (BER)

IEEE8O2.1 la

1) Insecure Communication: No security mechanism is

100 Bytes

implemented. Thus, all messages are broadcasted insecurely.

6 Mbps 10~6dB

prvie baralySedonmncan exmpe the ur proiyo esg s.For1 rvddbsdo h roit fmsae.Freape

0.1 second

2

520

atal

eueCmuiain

h

euiyi

0.04 accident related messages will be transmitted securely, with weather in this the : -0.035 mode, security compared report. Thus, mechanism is applied to Pril messages only. Fully Secure 0 3) Fully Secure Communication: All messages are securely broadcasted, regardless their priorities, in order to achieve the 2 0°015 highest level communication security. 0.01 PartiaySecur/lnsecur . 0.005 In order to investigate the impact of the proposed security 0 mechanism, in the simulation each individual secure message 80 160 240 320 incurs an additional signing delay of 9.2 ms (see Table II) NumberofVehicles (N) - 5%before the message contends for the channel. Similarly, each 5%-FullySecure 10%-Fully Secure .:Pualriall Secure 10%-Partially Secure 1 0%%-Insecu re 5%-Insecure received secure message faces additional verification delay of 18.1 ms (see Table II). Furthermore, since each secure Figure 5. Comparison of Pri4 average delay in all 3 communication massage consists of additional 56-Byte digital signature and scenarios asafunction of N and PI. 84-Byte certificate, in all simulations the extra 140-Byte overhead is also added into each individual secure message. a

_

99.9 Om

_

_

__

Figure 6. Vehicular Ad hoc Network.

Insecure

99.85 99.8

1) Percentage ofPril Vehicles The percentage of Pril messages, P1, depends upon the hc traffic a)299.65 Fully/ Partially Secure]ta fc ° l-99.65 IFully/Par\allySecurel congestion, which is a function of the road setting (e.g., 99.6 urban or rural areas) and the time of day (e.g., rush hours). As 9985580 we observe, P1 can significantly affect the IVC reliability. To 160 240 320 Number ofVehicles (N) study the effect of P1 on both the system reliability and -- 5%-Par llSecure S ecure 10%-Pally average delay in the vehicular infrastructure networks, we -.5 Pafally Secure 10 Paially Secure --1 0%-Insecure 5%-Insecure by the values of and Figure 2. Comparison of percentage of Pril successful transmissions in all 3 10%. All other default parameter values are given in Tables communication scenarios as a function ofN and PI. III and IV. Figures 2 and 4 depict the percentage of successful 0.035 transmissions for Pril and Pri4, respectively, versus N for 0.03 l.different values of P1 in all insecure, partially secure and fully LO 0.025 PartiallySecure Fully/ secure communications. Figure 2 shows that the percentage of >,0.02 Pril successful transmissions slightly decreases, due to the a 0.015 additional security overhead applied to Pril messages. From O 0.01 Figure 4, we observe that Pri4 messages obtain the highest 0.005 inEc7 reliability in insecure communication and the lowest 0 reliability in fully secure communication, due to the impact of 80 160 240 320 the security overhead. This is a tradeoff between security and Number of Vehicles (N) Secure Secure reliability of Pri4 messages. Moreover, we observe that a 10%-Fully 5%-Fullv Secure 5%-Parfially Secure -8-5%necure 110%-Partially re 0%- Insecu decreases the reliability of both higher value of Figure 3. Comparison of Pril average delay in all 3 communication priority messages. This is due to the fact that larger P1 causes scenarios as a function of N and PI. higher collisions which decrease the system reliability. 120 Figures 3 and 5 depict the comparison of Pril and Pri4 100 average delay, respectively, for all three communication scenarios and different values of P1. From Figure 3, Pril ° 80 Parall 60 Seaverage delay in both partially and fully secure modes 6')° becomes roughly ten times higher than that in insecure E40 network due to the fact that all Pril messages have to be 20 t::::r:: W signed at the sender and verified at the receiver causing larger 99.75

:

99.7

perform simulations varying

P1, P1=5%,

P1, P1=100o,

0

8

80

160

240

320

Number of Vehicles (N) 5%-Partially Secure 10%-Partially Secure

Figure 4. Comparison ofpercentage ofPri4 successful transmissions in all 3

communication scenarios as a function of N and Pt.

521

delay. On the other hand, Pri4 average delay increases only in the fully secure mode as shown in Figure 5, because all messages including Pri4 messages are signed. Thus, the Pri4 average delay increases due to the security mechanism overhead. In contrast, Pri4 average delay in both partially

secure and insecure communications are roughly the same, i.e., the Pri4 delay in partially secure mode is a bit higher than that in insecure mode. This can be explained as follows. Pri4

messages are not signed in both communication modes. Thus, there is no direct impact of the security mechanism on Pri4 average delay. However, we observe a small increase in Pri4 delay in a partially secure network, due to the impact of the secure overhead of Pril messages (larger size of Pril message), causing higher collisions and longer Pri4 average delay. However, in all cases the average delay of all messages is lower than default lifetime of safety messages, 0.1 sec. VI. VEHICULAR AD HOC NETWORK In this section, we turn our attention to secure IVC in a vehicular ad hoc network.

,

120 100

ar a

80 60

E40

20 0

80 -

160 240 Number of Vehicles (N)

5%-Fully Secure --- 5%-Partially Secure

o

5%-Insecure

320

10%-Fully Secure

10%-Parial ly Secure --0%-Insecure

Figure 9. Comparison of percentage of Pri4 successful transmissions in all 3 communication scenarios as a function of N and PI.

A. Network Model 0.035 Because RSU may not be provided in all segments of 0.03 in in this we focus on IVC vehicular ad hoc Fully Secure section, highways, 0.025 networks, shown in Figure 6. Since there is no RSU, each 0.02 vehicle has to rely on its own for communication, i.e., it has to a 0.015 o0.01 broadcast messages using EDCA. Thus, there is no Partially Secure/e acknowledgement in the ad hoc network, unlike in the .0005 infrastructure network where acknowledgement is created by 0 , 80 160 240 320 the RSU. Therefore, one-time broadcasting can cause very 80 Vehicle FumSer Scr low reliability. To alleviate this issue, each vehicle retransmits Seur each message multiple times. Higher number of 5%-aIasecure r°10%-anisecaulYe retransmissions, NR[i] (number of retransmissions for priority Figure 10. Comparison of Pri4 average delay in all 3 communication i messages), is assigned to higher priority messages to scenarios as a function ofN and PI. increase the reliability. The protocol has been published in [7]. B. Simulation Results and Analysis TABLE V SimulationResult s Analysisthe o

-

DEFAULT CONTENTION PARAMETER VALUES

This

section

describes

the

simulation

scenario,

configuration values and the performance in terms of average 3 Pri(1) delay and percentage of successful transmissions for each 1 Pri(4) priority. We study the impact of different parameters on the system performance for two priorities, Pri 1 and Pri4. We 100 investigate performance of our secure protocol as functions of P1=5% 99 the number of vehicles, N, and percentage of Pril vehicles, P1. --_ . 98 Table III summarizes all default parameters in the simulation. 97 The default parameters for each priority CWmin[i], CWmax[i], cnO P1=10% "., AIFSN[i], TXOP[i] and NR[i] are provided in Table V. 0, E 96 X 95 1) Percentage ofPril Vehicles 94 "E 93 In this subsection, we study the effect of the percentage of 80 160 240 320 Pril vehicles, Pl, in vehicular ad hoc network. Figures 7 and 9 Number of Vehicles (N) vehicles, afigures - 5%-Fully Secure depict the comparison of the percentage of Pril and Pri4 Secure 1- 10/0%-Fully 5%-Partially Secure -Partially Secure successful transmissions, respectively, versus N for different o- 5%-lnsecure 1 10°/°-Insecu re Figure 7. Comparison of percentage of Pril successful transmissions in all 3 values of P1 in all three communication modes. We notice communication scenarios as a function ofN and PI. that the percentage of successful transmissions of both priority 0.03 messages in both partially and fully secure IVC is lower than in insecure communication due to the security overhead 0.025 -FullyI P\ially c 0.02 -(larger size), causing higher collisions. The impact is more pronounced at higher number of vehicles, due to higher load. 0.015Furthermore, we observe that when P1 increases, the a)0.01 of successful transmissions of all messages in all percentage insecure