Cognitive Radio Adhoc Vehicular Network - IEEE Xplore

3 downloads 0 Views 390KB Size Report
ever grower demand for spectrum, there exists an urgent need to improve spectrum utilization in wireless networks. Cognitive radio technology, which serves as ...
Cognitive Radio Adhoc Vehicular Network (CRAVENET): Architecture, Applications, Security Requirements and Challenges Sachin Sharma

Seshadri Mohan

Systems Engineering University of Arkansas at Little Rock Little Rock, Arkansas 72204 Email: [email protected]

Systems Engineering University of Arkansas at Little Rock Little Rock, Arkansas 72204 Email: [email protected]

Abstract—This paper proposes and discusses the topic of cognitive radio ad-hoc vehicular networks (CRAVENET) and their architecture along with applications, security requirements and challenges that arise in architecting such networks. With the ever grower demand for spectrum, there exists an urgent need to improve spectrum utilization in wireless networks. Cognitive radio technology, which serves as a means to improve spectrum utilization, is expected to become an important part of diverse fields including the field of vehicular ad-hoc networking. The CRAVENET paradigm introduces entirely new challenges and security threats. This paper proposes an architecture with reliable authentication scheme to enhance security in CRAVENET. Index Terms—Cognitive Radio (CR), Cognitive Radio ad-hoc Vehicular Network (CRAVENET), Security, Privacy, Intelligent Transport System (ITS).

I. I NTRODUCTION Spurred on by rapid advances in wireless communications and networking, sophisticated applications, including social applications, have emerged that have revolutionized peoples life by providing convenient and flexible access to information, products, services, and people. Consequently, the demand for spectrum has grown drastically. Principally designed to improve spectrum utilization, it is anticipated that cognitive radio technology will find wide applicability in a number of diverse fields including the field of vehicular ad-hoc networking and fuel the evolution of communication networks and social applications. A Cognitive Radio ad-hoc Vehicular Network (CRAVENET) is a mobile network with vehicles equipped with CR devices to facilitate the vehicles to communicate with each other and with fixed CR devices. In other words, CRAVENET facilitates communication between mobile and fixed CR devices. It may provide a promising approach to facilitate traffic management and road safety management as social applications for users of CRAVENET. One of the requirements of this network is to ensure secure communication between participants, safeguard private information, and facilitate high volume data exchange. With a suitable multi-applications suite, CRAVENET can engineer an intelligent transportation system requiring no special purpose routers. Moreover, the network is dynamic

with mobile vehicular CR devices along with, possibly, fixed CR devices forming the nodes of the network and capable of reorganizing when existing nodes leave and new nodes join. Each CR enabled vehicle in CRAVENET is free to move independently in any allowed direction, and may therefore change its connectivity to other devices frequently. While some vehicle manufacturers and telecommunication companies have been taking advantage of the available technology in the vehicles and existing cellular infrastructure to enable vehicular users to communicate with each other, by exploiting CR technology, CRAVENET will continue to provide connectivity among vehicles even when cellular connectivity is sparse, poor, or unavailable and, consequently, will improve the user experience and make driving safer. In its role as a social networking facilitator, CRAVENET enables vehicle occupants to broadcast their interests and receive information such as road hazards, accidents along their chosen route, nearby restaurants, grocery stores, shopping places, gas stations, tourist attractions, upcoming traffic jam related messages, speed limit related messages and local events. Emergency messages may also be generated and broadcast among the participants. In the area of security and privacy in communication, there are many requirements to meet and challenges to overcome. Security concerns range from malicious behavior of users to denial of service attacks to guarding users privacy. Mobility of vehicles and the dynamic nature of nodes in CRAVENET bring about additional challenges in ensuring security and privacy. The individual vehicle data including the user name, license id, speed, current position, source address, destination address, traveled routes and other related information must be secured and protected. The number of accidents on the roads in today’s world is increasing rapidly. About 1.3 million people annually or on the average about 3,287 people per day die in road accidents worldwide. About 20-50 million are injured in accidents annually that costs about USD $518 billion globally. Equivalently, the traffic accidents cost individual countries

about 1-2% of their annual GDP , ignoring the impact of traffic congestion that results in loss of productivity and wasted fuel leading to increased pollution [1]. Many new projects like Network On Wheels (NOW)have been successfully implemented. Data security and privacy issues in vehicle-to-vehicle (V2V) wireless communication systems were addressed in that project [2]. To create a European industrial standard for V2V communications six European car manufacturers initiated the project PRESERVE to provide cost-efficient V2V security subsystem[3]. Federal Communications Commission (FCC) has allocated spectrum band (75 MHz at 5.9 GHz frequency) for radio communication for Intelligent Transport System (ITS) applications in North America [2]. CRAVENET reliable authentication scheme should ensure the information authenticity, message integrity, source and destination authenticity, privacy and system robustness.CRAVENET consists of large number of CR nodes that can be installed in approximately 1.3 billion vehicles in the world today [4] and each vehicle can then communicate with other vehicles using CR nodes [5]. The rest of the paper is organized as follows. Section II describes the architecture of CRAVENET. Section III describes the applications of CRAVENET. Section IV describes the security issues. Section V describes the proposed reliable authentication scheme. Section VI describes the performance evaluation of the proposed scheme and section VII describes the conclusion. II. A RCHITECTURE OF CRAVENET CRAVENET architecture (Fig. 1) includes spectrum management, traffic management, vehicle properties like acceleration and braking, individual vehicle mobility patterns and spectrum band demand patterns. It includes the following characteristics: a. Real-time local map characteristic: This characteristic includes intersections, street views, speed limits, multiple lanes, new constructed lanes, new developed attraction points, new stores, new business buildings, new traffic laws at particular locations. b. User characteristic: This includes driver’s vehicle driving patterns, their real time decision patterns on controlling the vehicle at different situations like at an obstacle, red light, stop sign, yield sign and traffic jam. c. Vehicle characteristic: This includes vehicle motion properties on streets and highways, trip maps including source and destination details with their interests, accelerations and deceleration behavior of the vehicle. CRAVENET architecture consists of the following functional blocks or generators (Fig. 2). a. Path Map Generator (PMG): It observes the user interest and generates the source to destination map accordingly. It includes the constraints like temporary road works, new constructions, real time traffic status, speed limits, stop signs and yield signs.

Fig. 1. Architecture of CRAVENET

Fig. 2. Generators of CRAVENET

b. Path Cost Estimator (PCE): It observes the source to destination pathway and includes the gas cost, traffic conditions, weather conditions and road conditions. c. Spectrum Demand Generator (SDG): It observes the real time demand for spectrum bands by the individual user at a particular location. It may alter the computation technique to detect the requirement of spectrum bands based on the user behaviour. d. Traffic Demand Generator (TDG): It observes the density of vehicles at peak hours and non-peak hours. It estimates the upcoming traffic based on previous experiences. It detects the motion of vehicle and estimates their traffic flows. It may alter the path, if required based on the user interest. Securing mobility of CR equipped vehicle is a formidable challenge. The high speed, direction and route may be affecting the vehicle communication in CRAVENET. Two vehicles that are traveling on the same path but in the opposite directions may end the established communication connection after going too far from each other, so securing mobility in CRAVENET is considerably. Many researchers have attempted to address this issue yet [6], [7]. CRAVENET lacks the relatively long life context in high mobility of vehicle. To prevent Sybil Attack in CRAVENET that has been discussed in [8], specific identity code can be provided to each CR equipped vehicle. But it cannot be applicable for those users who want to keep their information secured [6]. In CRAVENET, privacy of the user like user identity, driving map history and personal toll account information cannot be violated but legal body must have access to those data in the case of an accident or as is allowed by the user. There is not such a global authority to govern the standards for CRAVENET.

III. A PPLICATIONS OF CRAVENET The CRAVENET applications must take into account user safety, comfort and local resources. a. Comfort based application: It provides traffic congestion alerts, inclement weather alerts, next toll alerts, parking availability alerts, no-parking zone alerts, gas station alerts and rest area alerts. b. Local resources based application: It provides users interest based notifications about restaurants, parks, attractions, historical places, zoos, shopping malls, designer stores, service centers, grocery stores, theaters, fitness centers, book stores, gaming centers, body care centers, and hospitals. c. Safety based application: It provides road monitoring services in real time, Pre-Collision Notifications (PCN), Emergency Notifications (EN), Traffic Aware Notifications (TAN) and Road Hazard Notifications (RHN). IV. S ECURITY I SSUES IN CRAVENET CRAVENET suffers from various security attacks. In this paper, we discuss nine different categories of attacks targeted against the delivery of message to the end vehicle. a. Active level attack: This attack occurs when an attacker mutates an existing active number of CR users at a particular location that may affect the supply-demand of spectrum bands and misguide a user. b. Acknowledgment message attack: This attack occurs when an attacker mutates an existing acknowledgement message at the time of delivery. Basic 802.11 security has no such protection against acknowledgement message. Such an attack may confuse the CR user and may prevent the user from accessing useful information. c. Message modeling attack: This attack occurs when an attacker transmits false information to the end CR user. d. Message mutation attack: This attack occurs when an attacker mutates an existing message that may delay delivery of message to the destination and may misguide the end CR user. e. Message voiding attack: This attack occurs when an attacker voids the particular message packet containing critical information or warning before delivery of message to the end user. It may affect the driver decision that may cause of accident. f. Service message attack: This attack occurs when the attacker takes control of end vehicle’s communication channel used by CRAVENET that may cause the end driver to get involved in an accident. The CR device on the vehicle with secured ID operating at random multiple frequency bands may solve this problem. g. Spectrum demand attack: This attack occurs when an attacker alters an existing demand for spectrum bands that may introduce delay in the scanning of spectrum bands and communication to the end user. h. Spectrum supply attack: This attack occurs when an attacker alters an existing list of available spectrum bands that may introduce delay in establishing communication.

i. Sybil attack: This attack occurs when an attacker forges identities in CRAVENET by creating a large number of pseudonymous identities thereby subverting the trustworthiness of CRAVENET operation. With the forged identities, the attacker can create the appearance that there are many CR users on the road than there actually are and that no more spectrum bands are available for communication and convince the genuine users to follow another route. In general, we may categorize the attackers into three different categories. a. Predatory attacker: This category of attackers may try to maximize their gains by confusing other users to send ’change the spectrum band notification’. They may take control of network resources illegally and reduce revenue that may be generated. b. Vicious attacker: This category of attackers may try to damage the entire CRAVENET system and operations and/or may also target specific group(s) of CR user. Consequences of such an attack will be damage the trustworthiness of the entire CRAVENET system.. c. Waggery attacker: This category of attackers might intentionally share entirely incorrect information with other users, for example, information such as available number of spectrum bands and number of active CR users at particular locations. Consequences of such an attack will be to deprive genuine users of available spectrum bands and network resources, thereby reducing network utilization and revenue generation. In the next section, we propose a reliable authentication scheme intended to thwart the security attacks just discussed. Many security solutions have been proposed to solve above mentioned issues. In [9], the authors suggested the use of VPKI (Vehicular Public Key Infrastructure), where public/private key for each node plays a major role. In [10], the authors suggested the use of group signature, but this proposal increases overhead. Every time when any new user enters a group, the group public key and the signature key needs to be changed, possibly very frequently depending upon the frequency with which new users enter the system. Consequences of such frequent changes may be to cause delay in reception or loss of messages. In [11], the authors suggested the use of a set of anonymous keys that change frequently (every couple of minutes) according to the user speed. Each time only one key can be used that expires after its usage and the increased storage for storing the keys is a drawback. In [12], the authors mentioned that regular yearly inspections may provide security maintenance. Security systems are often analyzed and compared based on rate of packet loss as a measure since larger message size due to signature and certificate increases the probability of collision, and thus of packet loss. ID-based encryption technique for pseudonym generation, signature control and authentication through threshold scheme has been introduced in [13]. In [14], an ID-based signature scheme both online and offline have

been discussed. In [15], the authors introduced an architecture for flexible secret key management, trust information and rapid establishment of trust mechanism in social websites. In [16], the authors assume that vehicles on the road serve as intelligent agents transmitting information over the network. They have proposed a trust stimulation algorithm that secures information transmitted by the agents. V. R ELIABLE AUTHENTICATION S CHEME IN CRAVENET In this section, we propose the design of the reliable authentication scheme for implementation in CRAVENET. The following notations are introduced: S −→ R : SID , RID , t, n, SB, GC, λ[M |t]. where S = sender, R = receiver, M = message, SID = sender ID, RID = receiver ID, t = time-stamp, n = a unique number used only once, which provides uniqueness or freshness to the communication. λ = digital signature, SB = spectrum bands, GC = geographic coordinates, | = concatenation operator. In the proposed scheme, the vehicle can be in different areas like city, a province or a country. Before a vehicle gets onto the road in a specific area, the driver first registers with CRAVENET. For each vehicle, CRAVENET registration authority provides a set of certified domain parameters for security and authentication. During the authentication process, the vehicles can use the received set of parameters to conduct secure and authenticated communication. A vehicle first computes the digital signature, then time stamp, spectrum bands and geographic coordinates. When a vehicle enters a new area, it updates its location with its unique ID information in real-time. In CRAVENET security protocol initialization, the sender vehicle generates a unique sender id, time-stamp, spectrum bands, geographic coordinates and security parameters for the generation of private secret key (psk). To enhance the security, a psk is created by using the unique SID for every registered identified vehicle. Initially, it takes as input a unified security parameter that consists of encapsulation, decapsulation and unique secret keys generations. Then the sender S picks a random number and computes CS = MS ||tS ||αS . CS = encrypted message by sender , MS = original message of sender, tS = original message generation time-stamp by sender. where αS = SID ||RID ||nS ||SBS ||GCS . λS = psk ∗ CS . where λS is the digital signature of S on encrypted message CS , ∗ = encryption operator. Upon receiving the message, each R verifies the authenticity in the following way. It checks the t and n and determines whether the received message is fresh. Then, if t and n verified to be correct or received message is fresh then R further computes CS and λS using the time stamp tS , nS and psk. If R considers the received message is authentic then

R propagates the message to the next vehicle or delivers to the next multiple users. But if the above verification process fails then R considers the received message as either broken or a misplaced one. Then R ignores the message and sends a request to S to resend the message again. The aim of the new approach is to increase the reliability of message delivery in CRAVENET. Traffic jam in CRAVENET can be avoided by switching to another spectrum band channel when the current band channel is blocked or has encountered interference at the specific area. A notification message should be delivered or broadcast to other users when any suspicious activities are detected by any authenticated or unauthenticated users. The efficiency and security in CRAVENET can be increased by blocking those users in real-time who try to break the security protocol. Due to page limitation, providing a formal proof of authentication scheme is beyond the scope of the paper. VI. P ERFORMANCE E VALUATION OF THE P ROPOSED S CHEME In this section, we discuss the simulations and analysis of the proposed scheme using secure IEEE 802.11 protocol. In CRAVENET-based communication scenario, we assume that each vehicle has to rely on its own resources for securing communications. Each vehicle needs to broadcast messages to all the nearby vehicles. We simulate the proposed scheme in OMNeT++, which is an open source software simulator. OMNeT++ is an extensible, modular, component-based C++ simulation library and framework, primarily for building network simulators. We extend OMNeT++ with CRAVENET modules, a realistic vehicular mobility model. In this simulations, each vehicle broadcasts the basic data. Basic data consists of the available spectrum bands, authenticate users lists, their behavior analysis details and the users traffic at specific geographic coordinates. Using that analysis any CRAVENET authorized vehicle can change their route to improve the efficiency of the communication system as well as the utilization of the transportation system. In our simulations, we assume that each vehicle is operating on a different set of spectrum band channels. For each channel, we apply the basic parameters of IEEE 802.11. In particular, the main parameters are basic data rate 10 Mb/sec, slot time 25 millisecond, size of RTS/ACK 120/112 bits, size of frame header 224 bits, size of preamble 48 bits, minimum window size 31, maximum window size 1023, packet size 150 bytes, average time interval 5 milliseconds and retry limits 10. In the simulation models, message mutation attack, sybil attack, spectrum demand attack, spectrum supply attack, service message attack and acknowledgment message attack are generated in frequency of 6 per millisecond and targeted

Fig. 3. Number of vehicles vs network performance analysis

Fig. 5. Number of vehicles vs end-to-end message loss ratio analysis

Fig. 4. Number of vehicles vs end-to-end message delay analysis

Fig. 6. Average relative velocity of vehicles vs network performance analysis

against the delivery of message to the end vehicles. Fig. 3 illustrates behavior of the proposed scheme characterized by network throughput versus the number of vehicles in the system. We observe that in CRAVENET incorporating the proposed scheme, throughput increases linearly as the number of vehicles increases and able to thwart attacks successfully. Also we observe that CRAVENET without scheme performs similarly as CRAVENET with the scheme but suffers from attacks with loss of spectrum access as a result network throughput is less. We also observe that without CRAVENET performs the worst and suffers from multiple attacks, with throughput increasing linearly at first as the number of vehicles increases but drastically begins to fall as the number of vehicles continues to increase beyond a limit due to loss of spectrum access. Fig. 4 illustrates the number of vehicles vs end-to-end message delay analysis of the proposed scheme. We observe that CRAVENET incorporating the proposed scheme, exhibits the least increase in message delay and able to thwart attacks successfully among the three schemes shown as the number of vehicles increases. This also implies that, besides

incorporating security and privacy, the scheme delivers messages to end users with the least probability of message loss. We also observe that without CRAVENET, the average message delay increases exponentially if the number of vehicles increases and suffers from attacks which causes message loss or re-transmitted as a result of message delay. Fig. 5 illustrates the behavior of the three schemes with respect to end-to-end message loss ratio as the number of vehicles increases within the communication range of each vehicle. We observe that CRAVENET incorporating the proposed scheme exhibits the least message loss ratio able to thwart multiple attacks successfully among the schemes simulated in the figure. The end-to-end message loss ratio is defined as the average ratio between the numbers of messages dropped every 25 millisecond, due to the multiple attacks, and the total number of messages received every 25 millisecond by receiver R . Fig. 6 illustrates the behavior of the schemes with respect to the network throughput as the average relative velocity of vehicles increases. We observe that CRAVENET incorporating the proposed scheme exhibits the best performance and able

to thwart attacks successfully among the schemes simulated here with respect network throughput as a function of the average relative velocity of vehicles. This implies that the proposed scheme has wide acceptance under a wide ranging traffic flow conditions while simultaneously providing appropriate security and privacy. Without the proposed scheme, CRAVENET performs worse and suffers from multiple attacks which causes message re-transmitted with loss of spectrum access as a result network throughput is less. In either case, the throughput increases linearly as the average velocity increases to about 15 mph and then decreases. Again, the decrease is the least for the proposed scheme. Without the CRAVENET architecture in place, the system throughout falls off rapidly and suffers from attacks as the average velocity increases. At about 60 mph, the throughput is only 10%. With CRAVENET, with and without the proposed scheme, at about 60 mph, the throughout is approximately 77% and 55%, respectively. This proposed scheme basically runs on each vehicle and handles spectrum sensing, analysis, user behavior and related network protocols. Proposed scheme supports the interactions among the vehicles and includes cryptography techniques and communication protocols. By implementing and deploying this scheme, a service provider can provide an efficient trust infrastructure required to ensure multi-user privacy and security. The proposed scheme helps to predict and transfer accurate and secured information among senders and receivers in the CRAVENET environment. The scheme helps in the prediction of free available spectrum bands for establishing vehicle-to-vehicle communication in CRAVENET at particular geographic coordinates for future use. The scheme also protects the user secured information from the various attackers and provides the feature to create their own personal network to avoid flooding of data packets or traffic. Additionally, it provides the security feature by giving access to the individual user to create a group of hosts. It also helps in broadcasting traffic management, providing security, avoiding overlapping individual user IDs and adapting the topology as per the requirement in the CRAVENET environment. VII. C ONCLUSION We have proposed the CRAVENET architecture along with a reliable authentication scheme. Successful data communication with security can be achieved by using the proposed scheme. The inadequacy of secure communication in CRAVENET has been addressed. The simulation results show that the proposed secure scheme outperforms in terms of reliability and security than the without scheme for CRAVENET and without CRAVENET architecture. This paper has attempted to illustrate the multi-disciplinary nature of developing CRAVENET architecture with multi-applications, and has attempted to illustrate the security issues in CRAVENET. In the future, additional efforts are needed to extend beyond a security architecture for CRAVENET to enable other security

and privacy requirements such as end-to-end message delivery at high speed and network availability. R EFERENCES [1] “http://asirt.org/Initiatives/Informing-Road-Users/Road-SafetyFacts/Road-Crash-Statistics,” accessed on March 2016. [2] GMT Abdalla and SM Senouci, “Current Trends in Vehicular Ad-Hoc Networks,” UBIROADS workshop, 2007. [3] Car-2-Car Communications, “http://www.car-2-car.org,” accessed on March 2016. [4] Green car reports, “http://www.greencarreports.com,” accessed on March 2016 . [5] Sachin Sharma and Seshadri Mohan, “Dynamic Spectrum Leasing Methodology (DSLM): A Game Theoretic Approach,” Proceeding of the 37th IEEE Sarnoff Symposium, 2016. [6] B. Parno and A. Perrig, “Challenges in Securing Vehicular Networks,” HotNets-IV, 2005. [7] F. Karnadi and Z. Mo, “Rapid Generation of Realistic Mobility Models for VANET,” IEEE Wireless Communications and Networking Conference, 2007. [8] J. Douceur, “The Sybil Attack,”First International Workshop on Peer-toPeer Systems, 1st ed, USA, Springer, 2003. [9] M. Raya and J.P. Hubaux, “The security of VANETs,” 2nd ACM international workshop on Vehicular ad-hoc networks, 2005. [10] W. Ren, K. Ren, W. Lou and Y. Zhang, “Efficient user revocation for privacy-aware PKI,” 5th International ICST Conference, 2008. [11] M. Raya, P. Papadimitratos and J.P. Hubaux, “Securing Vehicular Communications,” IEEE Wireless Communications, vol.13, October 2006. [12] S. K. Bhoi and P. M. Khilar, “Vehicular Communication - A Survey,”IET Networks, vol. 3,pp.204-217, 2014. [13] Jinyuan Sun, Chi Zhang and Yuguang Fang, “An ID-based Framework Achieving Privacy and Non-Repudiation in Vehicular Ad Hoc Networks,” Military Communications Conference, pp.1-7, Oct. 2007. [14] Huang Lu, Jie Li and Guizani M., “A novel ID-based authentication framework with adaptive privacy preservation for VANETs,” Computing, Communications and Applications Conference, pp.345-350, Jan. 2012. [15] Dijiang Huang, Xiaoyan Hong and Mario Gerla, “Situation-Aware Trust Architecture for Vehicular Networks,” IEEE Communications pp.128-135, 2010. [16] Minhas, U.F., Jie Zhang, Tran T., and Cohen R., “Intelligent Agents in Mobile Vehicular Ad-Hoc Networks: Leveraging Trust Modeling Based on Direct Experience with Incentives for Honesty,”Web Intelligence and Intelligent Agent Technology (WI-IAT), IEEE/WIC/ACM International Conference, vol.2, no., pp.243-247, Aug. 2010.