Date post: | 29-Dec-2015 |
Category: |
Documents |
Upload: | silas-elliott |
View: | 212 times |
Download: | 0 times |
KAIST
In-Vehicle Secure Wireless Personal Area Network(SWPAN)
Reference:
S. M. Mahmud and Shobhit Shanker, “In-Vehicle Secure Wireless Personal
Area Network (SWPAN)”, IEEE Transactions on Vehicular Technology,
vol. 55, no3, MAY 2006
2007. 9. 6
Seung Jae Shin
22/15/15In-Vehicle Secure WPAN
Contents
Introduction
Bluetooth Security
In-Vehicular Secure WPAN (SWPAN)
Performance and Cost Efficiency
Conclusion
33/15/15In-Vehicle Secure WPAN
Introduction
In-Vehicle WPAN
WPAN (Wireless Personal Area Network) within a vehicle
Mostly uses Bluetooth enabled devices
cell-phone, PDA, laptop, headset, RKE (Remote Keyless Entry)
Can be used in conjunction with wired In-vehicular network
Uses AP (Access Point) connecting to CAN (Control Area Network)
Figure 1 In-Vehicle WPAN with CAN
44/15/15In-Vehicle Secure WPAN
Introduction
In-Vehicle WPAN (cont’d)
Possible usage examples
Access the Internet through the laptop within the vehicle
Listen to music through the wireless headset in driving
Turn on head-lights just by speaking through the voice activated headset
Start the engine from the office by using RKE during the winter season
55/15/15In-Vehicle Secure WPAN
Bluetooth Security
Security Mechanisms in Bluetooth
Authentication
Challenge-and-response process using 128-bit link (authentication) key
Performs E1 algorithm to compute response value
Link key is changed after each authentication
Data Privacy
Performs E0 algorithm using encryption key derived from link key
48-bit BD_ADDR
128-bit RAND
E1Klink(BD_ADDR || RAND)
Secure Communication Session
Link Key (128 bit) Link Key
Encryption KeyEncryption Key
(8 ~ 128bit)
Figure 2 Authentication process
supplicant authenticator
66/15/15In-Vehicle Secure WPAN
Bluetooth Security
Security Mechanisms in Bluetooth (cont’d)
Link key Generation
Type of link key
Initialization key (Kinit): used during initialization only
Unit key (KA): derived from the information of a single unit A
Combination key (KAB): derived from the information in both units A and B
Master key (Kmaster): only used during current session for broadcast
KA, KAB and Kmaster are derived from Kinit
PIN plays a vital role in initialization key generation
Figure 3 Generation of initialization key by Units A and B
77/15/15In-Vehicle Secure WPAN
Bluetooth Security
Security Mechanisms in Bluetooth (cont’d)
Problems with Bluetooth Security
Importance of Initialization key
If it is compromised, keys generated from it are also compromised
Generation of Initialization key depends on RANDA, BD_ADDRB, PIN
RANDA and BD_ADDRB is transmitted publicly
So secrecy of PIN is required
Problems with PIN management
In most case, PIN is configured manually
Possibility of the brute force key derivation: 4-digit PIN is generally used
The PINs are “0000” as default value in 50% of the devices
Considerable Solutions
Long-size PIN: difficult and cumbersome to manually configure the device
Certificate based PIN exchange: high cost
Diffie-Hellman exchange: threat of man-in-the-middle attack
88/15/15In-Vehicle Secure WPAN
In-Vehicle Secure WPAN (SWPAN)
NDM based ArchitectureNDM (Network Device Monitor)
Bluetooth enabled AP attached to CAN
Responsible for keeping track of Bluetooth devices within WPANAll communication is occurred via NDM
Generates and transfers link key for each deviceBy using user-triggered device registration
Operated by user in same manner as car navigator system I/O devices installed (key pad, monitor, USB port, etc.)
Password protected
Figure 4 In-Vehicle SWPAN using NDM
99/15/15In-Vehicle Secure WPAN
In-Vehicle Secure WPAN (SWPAN)
NDM based Architecture (cont’d)
Registration and Key Transfer process
User registers the device to NDM
By entering some device information such as UID, serial number
NDM generates a set of link keys (unit key or combination key)
Link keys are generated automatically and randomly
Key generation is transparent for user
NDM transfers link keys to device through the local port
USB port, IR (Infrared) link, VSRW (Very Short Range Wireless) link
Almost handheld devices have at least one of above types
Figure 5 Key Transfer through local port
1010/15/15In-Vehicle Secure WPAN
In-Vehicle Secure WPAN (SWPAN)
NDM based Architecture (cont’d)
Establishing a secure session
Figure 6 Secure Session Establishment Process
1111/15/15In-Vehicle Secure WPAN
In-Vehicle Secure WPAN (SWPAN)
NDM based Architecture (cont’d)
Link key management
Distribution of new link keys
NDM uses secure channel established by last link key of previous set
Registration by user required only once
if he want to use it within a car continuously
Device de-registration
User can remove registered device in NDM
User may do not want to use some device no more
Device may be stolen or lost
NDM delete key sets for the device from its memory
1212/15/15In-Vehicle Secure WPAN
In-Vehicle Secure WPAN (SWPAN)
NDM based Architecture (cont’d)
Link key management (cont’d)
Example
NDM establishes and completes session with D1, D2, D3 respectively
Then, it establishes another session with D1 again
Figure 6 Changes of the memory contents during sequence of sessions
1313/15/15In-Vehicle Secure WPAN
Performance and Cost Efficiency
Performance and Cost Efficiency of SWPAN
Rough Analysis of In-Vehicle SWPAN
Easy to program devices using the NDM
Key-transfer interface can be implemented at a marginal cost
Easy to program a small device
Scalable architecture
128-bit n link keys of N devices: 16nN bytes of memory is required (O(N))
Typical link establishment time is around 0.6s in Bluetooth network
Secure against brute-force attack
Link key is changed after each session establishment
No threat caused in on-line key distribution
Link key is transferred through local port such as usb, IR, VSRW link, etc.
Inconvinience for device registration is not considerable
Just once when user wants to use the device within a car first time
1414/15/15In-Vehicle Secure WPAN
Conclusion
Architecture for Secure WPAN within a vehicle
Naïve and intuitive approach
Based on practical usage of Bluetooth alliances
NDM based Architecture
Production cost could be reasonable
Just consider the car navigation system!
User-triggered registration process
More secure compared with on-line link key distribution
Can be designed to user-friendly form
Required only once when user want to use new devices within a car