Security in Vehicular Ad
hoc Networks (VANETs)
Presentation based on:
Maxim Raya and Jean-Pierre Hubaux, “The security
of vehicular ad hoc networks”, SASN 2005.
Bryan Parno and Adrian Perrig, “Challenges in
securing vehicular networks”, SECON 2005.
Some slides courtesy above authors.
What is a VANET?
Security threats and attacks
Security primitives for attack prevention or
A modern vehicle
F o r w a r d r a d a r
C o m p u t i n g p l a t f o r m
E v e n t d a t a r e c o r d e r ( E D R )
P o s i t i o n i n g s y s t e m
R e a r r a d a r
C o m m u n i c a t i o n
f a c i l i t y
D i s p l a y
A modern vehicle is a network of sensors/actuators on wheels !A modern vehicle is a network of sensors/actuators on wheels !
What is a VANET (Vehicular Ad hoc
• Communication: typically over the Dedicated Short Range Communications
(DSRC) (5.9 GHz)
• Example of protocol: IEEE 802.11p
Motivation for VANET
Hundreds of thousands of people are killed
world-wide due to road accidents yearly.
Many more are injured.
Congestion/traffic jams cost time and fuel.
Both these problems can be solved or mitigated
by giving timely information to the drivers!
Differences from MANET
Large scale – potentially billion
Fleeting contact with other vehicles
Nodes not as constrained in terms of
energy, storage and computation.
1. Safety alerts
a. Requirement: Bounded latency
b. Primary Issue: Broadcast storm
2. Congestion warning
a. Requirement: Message persistence
b. Primary Issue: Disconnected network
a. Requirement: End-to-end connectivity
b. Primary Issue: Disconnection due to high
Application-2 : Deceleration Warning
Prevent pile-ups when a vehicle decelerates
Insider or outsider
Insider – valid user
Outsider – Intruder, limited attack options
Malicious or rational
Malicious – No personal benefit, intends to harm
Rational – seeks personal benefits, more predictable
Active or passive
Active: Generates packets, participates in the network
Passive: Eavesdrop, track users
Denial of service
React only to legitimate events. Authenticate senders of
Verification of data consistency
Legitimate senders can send false data (attack/unintentional). Can
cause immense damage even fatalities.
Network should be available under jamming attacks
Drivers causing accidents should be reliably identified
Privacy (conflicts with authentication)
Privacy of drivers against unauthorized observers.
High speed means constraints on time
How will the key be distributed ?
Who will certify the keys ?
When the key is compromised, what is the
revocation procedure ?
Each vehicle carries a tamper-proof device
Contains the secrets of the vehicle itself
Has its own battery
Has its own clock (notably in order to be able to sign
Is in charge of all security operations
Is accessible only by authorized personnel
(GPS, speed and
Symmetric cryptography is not suitable: messages are
standalone, large scale, non-repudiation requirement
Hence each message should be signed with a DS
Liability-related messages should be stored in the EDR
VPKI (Vehicular PKI)
Each vehicle carries in its Tamper-Proof Device (TPD):
A unique and certified identity: Electronic License
A set of certified anonymous public/private key pairs
Before a vehicle sends a safety message, it signs it with its
private key and includes the CA’s certificate.
Mutual authentication can be done without involving a
Authorities (national or regional) are cross-certified
The CA hierarchy: two options
Region 1 Region 2
District 1 District 2
Car A Car B Car A Car B
Manuf. 1 Manuf. 2
The governments control certification
Long certificate chain
Keys should be recertified on borders
to ensure mutual certification
Vehicle manufacturers are trusted
Only one certificate is needed
Each car has to store the keys of all
All cryptographic material of a vehicle is
CA sends revocation message to the TPD.
A particular key is compromised:
CA sends revocation message to the TPD for
each revoked key. High overhead.
Short key certificate lifetimes. Large storage
Authenticated localization of message origin
Beacons broadcast location with timestamp and
signature. Include this packet in all messages.
Option 2: Use relative localization
Security primitives Contd.
Attempt to balance authentication and privacy
Key changing algorithm that adapts to vehicle speed
A large set of keys needs to be stored in the vehicle
and periodically renewed (during regular vehicle
Drivers authenticate to a service with their permanent
Id and receive a temporary Id that cannot be traced
back to the driver.
Security primitives Contd.
Vehicle count the number of vehicles it
passes and reports the sum. Receiving
vehicle authenticates the information and is
able to estimate the amount of traffic ahead.