Journal of Communications and Networks

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지

Flexible, Extensible, and Efficient VANET Authentication

  • Published : 2009.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Although much research has been conducted in the area of authentication in wireless networks, vehicular ad-hoc networks (VANETs) pose unique challenges, such as real-time constraints, processing limitations, memory constraints, frequently changing senders, requirements for interoperability with existing standards, extensibility and flexibility for future requirements, etc. No currently proposed technique addresses all of the requirements for message and entity authentication in VANETs. After analyzing the requirements for viable VANET message authentication, we propose a modified version of TESLA, TESLA++, which provides the same computationally efficient broadcast authentication as TESLA with reduced memory requirements. To address the range of needs within VANETs we propose a new hybrid authentication mechanism, VANET authentication using signatures and TESLA++ (VAST), that combines the advantages of ECDSA signatures and TESLA++. Elliptic curve digital signature algorithm (ECDSA) signatures provide fast authentication and non-repudiation, but are computationally expensive. TESLA++ prevents memory and computation-based denial of service attacks. We analyze the security of our mechanism and simulate VAST in realistic highway conditions under varying network and vehicular traffic scenarios. Simulation results show that VAST outperforms either signatures or TESLA on its own. Even under heavy loads VAST is able to authenticate 100% of the received messages within 107ms. VANETs use certificates to achieve entity authentication (i.e., validate senders). To reduce certificate bandwidth usage, we use Hu et al.'s strategy of broadcasting certificates at fixed intervals, independent of the arrival of new entities. We propose a new certificate verification strategy that prevents denial of service attacks while requiring zero additional sender overhead. Our analysis shows that these solutions introduce a small delay, but still allow drivers in a worst case scenario over 3 seconds to respond to a dangerous situation.

Keywords

References

  1. F. Bai, T. Elbatt, G. Hollan, H. Krishnan, and V. Sadekar, "Towards haracterizing and classifying communication-based automotive applications from a wireless networking perspective," in Proc. IEEE AutoNet, Dec. 2006
  2. IEEE 1609.2:2006, Trial-Use Standard for Wireless Access in Vehicular Environments-Security Services for Applications and Management Messages, IEEE Standards, 2006
  3. M. Raya and J. P. Hubaux, "The security of vehicular ad-hoc networks," in Proc. ACM SASN Nov. 2005
  4. A. Perrig, R. Canetti, D. Song, and D. Tygar, "Efficient and secure source authentication for multicast," in Proc. IEEE NDSS, Feb. 2001
  5. C. A. Gunter, S. Khanna, K. Tan, and S. S. Venkatesh, "DoS protection for reliably authenticated broadcast," in Proc. IEEE NDSS, Feb. 2004
  6. Y. C. Hu and K. P. Laberteaux, "Strong VANET security on a budget," in Proc. ESCAR Nov. 2006
  7. C. Karlof, N. Sastry, Y. Li, A. Perrig, and J. D. Tygar, "Distillation codes and applications to DoS resistant multicast authentication," in Proc. IEEE NDSS Feb. 2004
  8. A. Perrig, R. Canetti, J. D. Tygar, and D. Song, "The TESLA broadcast authentication protocol," RSA CryptoBytes, vol. 5, summer, 2002. [Online]. Available: http://paris.cs.berkeley.edu/perrig/projects/tesla-cryptobytes/tesla-cryptobytes.pdf
  9. P. Ning, A. Liu, and W. Du, "Mitigating DoS attacks against broadcast authentication in wireless sensor networks," ACM Trans. Sensor Netw. vol. 4, no. 1, Jan. 2008
  10. A. Juels and J. Brainard, "Client puzzles: A cryptographic countermeasure against connection depletion attacks," in Proc. IEEE NDSS, Feb. 1999
  11. S. M. Ross, Introduction to Probability Models, 8th ed., Academic Press, 2003
  12. C. K. Wong and S. S. Lam, "Digital signatures for flows and multicasts," in Proc. IEEE ICNP, Oct. 1998
  13. A. Perrig, R. Canetti, D. Tygar, and D. Song, "Efficient authentication and signature of multicast streams over lossy channels," in Proc. IEEE SRSP, May 2000
  14. M. A. Lombardi, L. M. Nelson, and A. N. Novick, "Time and frequency measurements using the global positioning system," Cal Lab: The International Journal of Metrology, pp. 21–33, July–Sept. 2001. [Online]. Available: http://tf.nist.gov/general/pdf/1424.pdf
  15. IEEE (1999), Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, IEEE Standards. [Online]. Available: http://standards.ieee.org/getieee802/download/802.11-1999.pdf
  16. VINT Project, University of Berkeley/LBNL, NS-2: Network simulator [Online]. Available: http://www.isi.edu/nsnam/ns/
  17. F. Bai and H. Krishnan, "Reliability analysis of DSRC wireless communication for vehicle safety applications," in Proc. IEEE ITSC, Sept. 2006
  18. R. J. Anderson, F. Bergadano, B. Crispo, J. H. Lee, C. Manifavas, and R. M. Needham, "A new family of authentication protocols," ACM Operat. Syst. Rev. vol. 32, no. 4, pp. 9–20, Oct. 1998 https://doi.org/10.1145/302350.302353