Browse > Article

Flexible, Extensible, and Efficient VANET Authentication  

Studer, Ahren (Carnegie Mellon University)
Bai, Fan (General Motors)
Bellur, Bhargav (General Motors)
Perrig, Adrian (Carnegie Mellon University)
Publication Information
Journal of Communications and Networks / v.11, no.6, 2009 , pp. 574-588 More about this Journal
Abstract
Although much research has been conducted in the area of authentication in wireless networks, vehicular ad-hoc networks (VANETs) pose unique challenges, such as real-time constraints, processing limitations, memory constraints, frequently changing senders, requirements for interoperability with existing standards, extensibility and flexibility for future requirements, etc. No currently proposed technique addresses all of the requirements for message and entity authentication in VANETs. After analyzing the requirements for viable VANET message authentication, we propose a modified version of TESLA, TESLA++, which provides the same computationally efficient broadcast authentication as TESLA with reduced memory requirements. To address the range of needs within VANETs we propose a new hybrid authentication mechanism, VANET authentication using signatures and TESLA++ (VAST), that combines the advantages of ECDSA signatures and TESLA++. Elliptic curve digital signature algorithm (ECDSA) signatures provide fast authentication and non-repudiation, but are computationally expensive. TESLA++ prevents memory and computation-based denial of service attacks. We analyze the security of our mechanism and simulate VAST in realistic highway conditions under varying network and vehicular traffic scenarios. Simulation results show that VAST outperforms either signatures or TESLA on its own. Even under heavy loads VAST is able to authenticate 100% of the received messages within 107ms. VANETs use certificates to achieve entity authentication (i.e., validate senders). To reduce certificate bandwidth usage, we use Hu et al.'s strategy of broadcasting certificates at fixed intervals, independent of the arrival of new entities. We propose a new certificate verification strategy that prevents denial of service attacks while requiring zero additional sender overhead. Our analysis shows that these solutions introduce a small delay, but still allow drivers in a worst case scenario over 3 seconds to respond to a dangerous situation.
Keywords
Broadcasting; computer network security; road vehicles;
Citations & Related Records

Times Cited By Web Of Science : 4  (Related Records In Web of Science)
Times Cited By SCOPUS : 10
연도 인용수 순위
1 A. Perrig, R. Canetti, J. D. Tygar, and D. Song, "The TESLA broadcast authentication protocol," RSA CryptoBytes, vol. 5, summer, 2002. [Online]. Available: http://paris.cs.berkeley.edu/perrig/projects/tesla-cryptobytes/tesla-cryptobytes.pdf
2 P. Ning, A. Liu, and W. Du, "Mitigating DoS attacks against broadcast authentication in wireless sensor networks," ACM Trans. Sensor Netw. vol. 4, no. 1, Jan. 2008
3 C. K. Wong and S. S. Lam, "Digital signatures for flows and multicasts," in Proc. IEEE ICNP, Oct. 1998
4 M. A. Lombardi, L. M. Nelson, and A. N. Novick, "Time and frequency measurements using the global positioning system," Cal Lab: The International Journal of Metrology, pp. 21–33, July–Sept. 2001. [Online]. Available: http://tf.nist.gov/general/pdf/1424.pdf
5 F. Bai and H. Krishnan, "Reliability analysis of DSRC wireless communication for vehicle safety applications," in Proc. IEEE ITSC, Sept. 2006
6 A. Perrig, R. Canetti, D. Tygar, and D. Song, "Efficient authentication and signature of multicast streams over lossy channels," in Proc. IEEE SRSP, May 2000
7 C. A. Gunter, S. Khanna, K. Tan, and S. S. Venkatesh, "DoS protection for reliably authenticated broadcast," in Proc. IEEE NDSS, Feb. 2004
8 IEEE 1609.2:2006, Trial-Use Standard for Wireless Access in Vehicular Environments-Security Services for Applications and Management Messages, IEEE Standards, 2006
9 F. Bai, T. Elbatt, G. Hollan, H. Krishnan, and V. Sadekar, "Towards haracterizing and classifying communication-based automotive applications from a wireless networking perspective," in Proc. IEEE AutoNet, Dec. 2006
10 C. Karlof, N. Sastry, Y. Li, A. Perrig, and J. D. Tygar, "Distillation codes and applications to DoS resistant multicast authentication," in Proc. IEEE NDSS Feb. 2004
11 IEEE (1999), Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, IEEE Standards. [Online]. Available: http://standards.ieee.org/getieee802/download/802.11-1999.pdf
12 VINT Project, University of Berkeley/LBNL, NS-2: Network simulator [Online]. Available: http://www.isi.edu/nsnam/ns/
13 A. Juels and J. Brainard, "Client puzzles: A cryptographic countermeasure against connection depletion attacks," in Proc. IEEE NDSS, Feb. 1999
14 A. Perrig, R. Canetti, D. Song, and D. Tygar, "Efficient and secure source authentication for multicast," in Proc. IEEE NDSS, Feb. 2001
15 R. J. Anderson, F. Bergadano, B. Crispo, J. H. Lee, C. Manifavas, and R. M. Needham, "A new family of authentication protocols," ACM Operat. Syst. Rev. vol. 32, no. 4, pp. 9–20, Oct. 1998   DOI   ScienceOn
16 M. Raya and J. P. Hubaux, "The security of vehicular ad-hoc networks," in Proc. ACM SASN Nov. 2005
17 S. M. Ross, Introduction to Probability Models, 8th ed., Academic Press, 2003
18 Y. C. Hu and K. P. Laberteaux, "Strong VANET security on a budget," in Proc. ESCAR Nov. 2006