Probabilistic Validation of
Aggregated Data in VANETs
Fabio Picconi**, Nishkam Ravi, Marco Gruteser*, Liviu Iftode
Computer Science,
*Winlab,
Rutgers University
** Lip6, UPMC, France
INS & ContextSphere | Columbia Univ. - Feb. 25, 2003 | Confidential
© 2002 IBM Corporation
Motivation
• Traffic information systems based on V2V data exchange (e.g
TrafficView)
• Applications: safety messaging, cooperative driving, route planning,
congestion avoidance
• Some applications require information about large number of cars
– Aggregation for saving communication and data overhead
False information
a
b
c
a
e
e
c
Location
Speed
Car Id
a
a,b,c
•
a
– Spoofs/bogus information
– Masquerade
a,b
d
a
b
b
c
d
e
a
•
•
b
• How can data be validated?
False information dissemination
Data omission
DoS attacks
Existing Solutions
• Cross-validation (Golle 2004)
–
–
–
–
Cross-validate data against a set of rules
Cross-validate data from different cars
Assumes adversarial parsimony (only a few malicious cars)
Assumes multiple sources of information
• Use PKI and strong identities (Raya 2005)
–
–
–
–
A tamper-proof box stores keys, signs data
Keys are changed periodically for privacy
Cross-validation used
High data overhead
Location
Speed
Timestamp
Signature
Certificate
4 bytes
88 bytes
Goal
• Design a secure data aggregation mechanism that
– Provides high security
– Produces low data overhead
– Preserves flexibility of applications
– Preserves privacy
– Does not require majority of honest cars
Syntactic Aggregation
Location 1
Speed 1
Send out records separately
High communication and data overhead
Timestamp
Signature
Certificate
Location 2
Speed 2
Timestamp
Signature
Certificate
.
.
.
Location n
Speed n
Timestamp
Signature
Certificate
Location 1, speed 1
Location 2, speed 2
.
.
.
Location n, speed n
Timestamp
Signature
Certificate
Application
data
Secure
data
Syntactically aggregated message
Malicious aggregator can add/modify data during aggregation
Semantic Aggregation
Location 1
Speed 1
Timestamp
Signature
Certificate
Location 2
Speed 2
Timestamp
Signature
Certificate
.
.
.
n cars in segment:
{(x1,y1), (x2,y2)}
Timestamp
Signature
Certificate
Semantically aggregated message
Location n
Speed n
Timestamp
Signature
Certificate
Malicious aggregator can modify n during aggregation
How can aggregated data be secured?
Outline
•
•
•
•
•
•
Motivation
Existing solutions
Aggregation and attacks
Secure aggregation
Evaluation
Conclusions
Solution Sketch
R1
R2
R2
R3
R4
Sender
• Two-way communication
• Additional latency
• Requires reliable network
Compare
Challenge (R2)
Receiver
Solution Sketch
R1Challenge
R2
R2
R2 R3
R4
Sender
Receiver
Tamper-proof service
Solution Sketch
R1
R2
R3
R4
Sender
R2
Compare
Receiver
Tamper-proof service
• Validation is probabilistic in nature
• Probability of getting caught increases with severity of attack
Assumptions
• Tamper-proof service
– Stores keys
– Signs, timestamps, generates random numbers
– Provides a transmit buffer
• Applications are untrusted and implement their own
aggregation modules
• Principle of economy of mechanism
– “the protection system’s design should be as simple and
small as possible”
Tamper-proof Service
• Trusted Computing
– Every layer of the software stack is attested using binary hash
– Only well-known software/applications allowed to execute
• BIND (Shi,Perrig,Leendert 2005)
– Partial attestation
– Data isolation
– Provides flexibility
• Implement tamper-proof service in software
– Attest using BIND
Secure Aggregation
Location 1
Speed 1
Timestamp
Signature
Certificate
Location 2
Speed 2
Timestamp
Signature
Certificate
.
.
.
id: small hash of the
key used to sign
the corresponding
regular message
Location 1, speed 1, id 1
Location 2, speed 2, id 2
.
.
.
Location n, speed n, id n
Location 1, speed 1, id 1
Location 2, speed 2, id 2
.
.
.
Location n, speed n, id n
Timestamp
Random number r
Aggregated data
Location n
Speed n
Timestamp
Signature
Certificate
Secure transmit buffer
Secure
data
Secure Aggregation
Location 1
Speed 1
Timestamp
Signature
Certificate
Location 2
Speed 2
Timestamp
Signature
Certificate
.
.
.
Location n
Speed n
Timestamp
Signature
Certificate
r mod n = 2
Location 1, speed 1, id 1
Location 2, speed 2, id 2
.
.
.
Location n, speed n, id n
Location 1, speed 1, id 1
Location 2, speed 2, id 2
.
.
.
Location n, speed n, id n
Timestamp
Random number r
Location 2, speed 2, id 2
Timestamp, Sign., Cert.
Broadcast
Aggregated data
Signature
Certificate
record 2 must be
pushed into the
transmit buffer
Secure transmit buffer
Secure
data
Validation

Check the message signature

Calculate index i = r mod n
•

in this case i = 2
Check proof record
Location 1, speed 1, id 1
Location 2, speed 2, id 2
.
.
.
Location n, speed n, id n
Timestamp
Random number r
Location 2, speed 2, id 2
Timestamp, Sign., Cert.
Signature
Certificate
Validation

Check the message signature

Calculate index i = r mod n
•

in this case i = 2
Check proof record
Location 1, speed 1, id 1
Location 2, speed 2, id 2
.
.
.
Location n, speed n, id n
Timestamp
Random number r
•
data matches
•
secure data is valid
Location 2, speed 2, id 2
•
id matches key used for signature
Timestamp, Sign., Cert.
Signature
Certificate
How good is probabilistic validation?
Multiple Proof Records
Location 1
Speed 1
Location 1, speed 1, id 1
Location 2, speed 2, id 2
.
.
.
Location n, speed n, id n
Timestamp
Signature
Certificate
Location 2
Speed 2
Timestamp
Signature
Certificate
.
.
.
Location n
Speed n
Timestamp
Signature
Certificate
Timestamp
Random number r
Location 1, speed 1, id 1
Location 2, speed 2, id 2
.
.
.
Location n, speed n, id n
Timestamp, Sign., Cert.
Aggregated data
Location j, speed j, id j
i = r mod n
j = r’ mod n
Location i, speed i, id i
Timestamp, Sign., Cert.
Signature
Certificate
Secure transmit buffer
Broadcast
Evaluation
• New metric: security/bandwidth (sec/bw)
• Compare security, bandwidth, security/bandwidth
• Base Case 1
– All records signed and certified
– High security, high bandwidth usage
• Base Case 2
– Semantic aggregation, no certificates
– Minimal bandwidth usage, no security
• Secure syntactic aggregation
• Secure semantic aggregation
Evaluation
• Notation:
–
–
–
–
–
m : number of records aggregated
n : number of proof records
d : application data size
s : secure data size (timest., cert., sign.) ~ 88 bytes
b : number of bogus values in aggregated message
• Base Case 1
– security = 1, bandwidth = m *(d + s)
• Base Case 2
– security = 0, bandwidth = d + k
• Secure syntactic aggregation
– security = Pdetect
b

 1  1  
 m
n
, bandwidth = m*d + n*(d + s) + s
• Secure semantic aggregation
– security = Pdetect
 b
 1  1  
 m
n
, bandwidth = (n + 1)(d + s)
Bandwidth Usage
n = 1, d = 4 bytes
n = 4, d = 4 bytes
Lower bandwidth requirement than Base Case 1 for m > c
Security
For n = 4, security > 93% (b/m = 0.5)
Security/Bandwidth
Highest sec/bw when n >= 4, m >= 5
Conclusions and Future Work
• Conclusions
– Used the idea of random checks to validate aggregated data
– Used PKI based authentication, tamper-proof service
– Evaluated our solution on a new metric: security/bandwidth
• Future Work
–
–
–
–
Implement and integrate with TrafficView
Evaluate empirically and identify equilibrium state
Further explore semantic aggregation and reaggregation
Relax assumptions on tamper-proof service
Thank You!
[email protected]
http://discolab.rutgers.edu/traffic/