Embed Size (px)
Citation preview
Secure and Trustworthy Data Secure and Trustworthy Data Management for Vehicular Cyber Management for Vehicular Cyber
Physical SystemsPhysical Systems
Dr. Wenjia LiAssistant Professor in Computer Science
New York Institute of Technology
04/18/23 1
AgendaAgenda
• Introduction and Motivation
• Prior Research Efforts
• The Proposed Approach
• Research Challenges/Opportunities
• Conclusion
04/18/23 2
VariousVarious Applications of Wireless Network and CPS Applications of Wireless Network and CPS
04/18/23 3
Wireless Network
Emergency/Disaster Rescue
Intelligent Transportation
Situation Awareness for Battlefield
Mobile Healthcare System
ABCs of Wireless NetworksABCs of Wireless Networks• Wireless Network: a kind of computer network that offers
ubiquitous access for various devices (laptops, smart phones, tablets, sensors, RSUs, etc.)
• Basic features of wireless networks– Limited battery life of each device
• Ever complained about short battery life of your smart phone?
– Short, open & error-prone transmission medium• Don’t forget to encrypt your WiFi network
– Constantly changing network topology• Keep in mind devices (and cars which carry them) are always moving
04/18/23 4
Cooperation among devices is very important for wireless networks Cooperation among devices is very important for wireless networks
What if Devices What if Devices DON’TDON’T Cooperate? Cooperate?
• Some nodes can exhibit uncooperative behaviors due to one of the following two reasons– Anomalies (such as device malfunctioning, power outage,
high wind, etc.)• These behaviors are classified as faulty behaviors
– Intentionally disturbing network and causing damage• These behaviors are known as malicious behaviors
• Both faulty behaviors and malicious behaviors are regarded as MISBEHAVIORS– Which type is MORE dangerous, malicious or faulty?
04/18/23 5
Node MisbehaviorsNode Misbehaviors• Why we want to detect and fight
against node misbehaviors?– Minimize the harm they cause– Punish misbehaving nodes– Encourage node cooperation
Countermeasures are NEEDED to address the security threats led by various node misbehaviors, especially those malicious ones
04/18/23 6
Watching Your NeighborsWatching Your Neighbors: Example: Example
04/18/23 7
Observer
Observed Nodes
Incoming Incoming PacketPacketIncoming Incoming PacketPacket Incoming Incoming
PacketPacket AAIncoming Incoming PacketPacket AA
11 22
33
Outgoing Packet BOutgoing Packet B
1: Packet 1: Packet DroppedDropped
2: Packet 2: Packet ModifiedModified2: Packet 2: Packet ModifiedModified
3: DoS attack3: DoS attack
Radio
RangeRadio
Range
Sending MANY dummy data to occupy channelSending MANY dummy data to occupy channel
Traffic Monitoring – An ITS ApplicationTraffic Monitoring – An ITS Application
• Data security and trustworthiness are CRITICAL to the traffic monitoring application
04/18/23 8
How to How to SecureSecure Vehicular CPS?Vehicular CPS?
04/18/23 9
04/18/23 10
Misbehavior DetectionMisbehavior Detection
• An important method to protect wireless networks and CPS from BOTH external attackers AND internal compromised nodes
• Previous misbehavior detection methods– Intrusion detection system (IDS) for wireless networks
• IDS sensor deployed on each node– NOT energy-efficient
• Cluster-based IDS by Huang et al.
– Cross-layer misbehavior detection by Parker et al.– Efforts to identify routing misbehaviors
• “Watchdog” & “Pathrater” by Marti et al.
Trust ManagementTrust Management• Goal: assess various behaviors of other nodes and
build a trust for each node based on the behavior assessment
• Node behavior observation– First-hand observation
• Directly observed• Most trustworthy but only contains behaviors of DIRECT neighbors
– Second-hand observation• Exchanged with other nodes• Less trustworthy but contains behavior observations for all the nodes
04/18/23 11
PreviousPrevious Research Efforts in Trust Research Efforts in Trust ManagementManagement
• Cooperation Of Nodes, Fairness In Dynamic Ad-hoc NeTworks (CONFIDANT) by Buchegger et al.– Aim: encourage the node cooperation and punish misbehaving nodes – Components: Monitor, Reputation System, Trust Manager, and Path Manager – Exchange both positive and negative observations with neighbors
• CORE by Michiardi et al. – Similar to CONFIDANT– ONLY exchange POSITIVE observation with neighbors
• Reputation system by Patwardhan et al.– Reputation determined by data validation– A few nodes named Anchor Nodes are trustworthy data sources– Data validation by either agreement among peers or direct communication
with an anchor node
04/18/23 12
MotivationMotivation
04/18/23 13
Wireless Network
Misbehavior Detection
Trust Management
Context Awareness
1
3
2
45
6
Node 1 is misbehaving
because it drops packets
Node 1 is NOT trustworthy
because it drops packets
Nodes 2 and 4 (1’s neighbors)
are busy sending packets
TraditionalTraditional Security Solutions Security Solutions
04/18/23 14
Q: Is Node 1 really malicious or not?
An Example ScenarioAn Example Scenario
• Can we survive at -173 oC ?– Probably NO!
• Error reading from sensor?– Maybe YES!
• Malicious or faulty?– Totally NO clue!
04/18/23 15
Another Example ScenarioAnother Example Scenario
• Node 1 are Node 1 are equallyequally trustworthy in both cases? trustworthy in both cases?– Probably Probably YESYES according to traditional security mechanisms according to traditional security mechanisms– But actually But actually NONO because of the context in which the packet dropping because of the context in which the packet dropping
occurs!occurs!04/18/23 16
Our Solution – A Our Solution – A HolisticHolistic Framework Framework
• A holistic framework that integrates misbehavior detection, trust management, context awareness and policy management in a cooperative and adaptive manner– Misbehavior detection that does not rely on pre-defined fixed
threshold– Models node trust as a vector instead of a scalar in wireless
networks– Declares and enforces policies that better reflect the context
in which misbehaviors occur
04/18/23 17
Why Our Solution is Better? – An ExampleWhy Our Solution is Better? – An Example
04/18/2318
Mobile Ad-hoc Network
Misbehavior Detection
Trust Management
Context Awareness
1
3
2
45
6
Data
Data
Data
Node 1 is misbehaving
because it drops packets
Node 1 is NOT trustworthy
because it drops packets
Nodes 2 and 4 (1’s neighbors)
are busy sending packets
Policy Management
Busy channel for node 1
Node 1 is forced to drop packets but it is NOT malicious
its trust gets punished less
A A CloserCloser Look at the Look at the Proposed SolutionsProposed Solutions
04/18/23 19
How do How do TraditionalTraditional Misbehavior Misbehavior Detection Methods Work?Detection Methods Work?
• Threshold-based solution:– “If total bad behavior > 10, then the node is misbehaving.”
04/18/23 20
Packet Drop Packet Modify Packet Flooding Total Bad Behavior
Node 1 18 4 8
Node 2 5 15 10
Node 3 4 10 16
Weight 0.1 0.4 0.5Weights sum up to 1
7.411.512.4
GOOD
BAD
• Challenges:– Both the weights and the threshold are hard to decide manually because
they heavily depend on environment and context!
Our Solution: Support Vector Machine (Our Solution: Support Vector Machine (SVMSVM))
• Support Vector Machine (SVM): a machine learning algorithm that is used to automatically classify nodes into misbehaving nodes and normal ones– SVM requires a set of training data to build the model
• Training stage:
04/18/23 21
Packet Drop
Packet Modify
Packet Flooding
Bad Guy?
Node 1 18 4 8 No
Node 2 5 15 10 Yes
Node 3 4 10 16 Yes
…
SVM Algorithm
An SVM Model
Support Vector Machine: Detection StageSupport Vector Machine: Detection Stage
04/18/23 22
• Detection stage:
The SVM Model
Packet Drop
Packet Modify
Packet Flooding
Bad Guy?
Node X 16 6 8 ?
Node Y 2 19 9 ?
Node Z 6 11 13 ?
Packet Drop
Packet Modify
Packet Flooding
Bad Guy?
Node X 16 6 8 No
Node Y 2 19 9 Yes
Node Z 6 11 13 Yes
Trust: A Scalar or A Vector?Trust: A Scalar or A Vector?
• Majority of current trust management schemes in wireless network model trust in ONE single scalar (i.e., one single value)– Observations to all types of misbehaviors are
used to determine ONE single trust value for each node
– Neither expressive nor accurate in complicated scenarios
04/18/23 23
How did How did OthersOthers Evaluate Trust? Evaluate Trust?
Observer
04/18/23 24
10 10 Incoming Incoming PacketsPackets
10 10 Incoming Incoming PacketsPackets
1010 Incoming Incoming PacketsPackets AAii
1010 Incoming Incoming PacketsPackets AAii
11
22
33
10 Outgoing Packets Bi
10 Outgoing Packets Bi
Node 1: Node 1: 1010 Packets Packets
DroppedDropped
Node 2: Node 2: 1010 Packets Packets
ModifiedModified
Node 2: Node 2: 1010 Packets Packets
ModifiedModified
Ten Misused RTS requests
Ten Misused RTS requests
Node 3: 10 RTS flooding
attack
Node 3: 10 RTS flooding
attack
Radio Range
Radio Range
Trust_1 =Trust_2 = Trust_3 =
0.9
Trust_1 =Trust_2 = Trust_3 =
0.9
OurOur Solution for Trust Management Solution for Trust Management
04/18/23 25
Observer
10 10 Incoming Incoming PacketsPackets
10 10 Incoming Incoming PacketsPackets
1010 Incoming Incoming PacketsPackets AAii
1010 Incoming Incoming PacketsPackets AAii
11
22
33
10 Outgoing Packets Bi
10 Outgoing Packets Bi
Node 1: Node 1: 1010 Packets Packets
DroppedDropped
Node 2: Node 2: 1010 Packets Packets
ModifiedModified
Node 2: Node 2: 1010 Packets Packets
ModifiedModified
Ten Misused RTS requests
Ten Misused RTS requests
Node 3: 10 RTS flooding
attack
Node 3: 10 RTS flooding
attack
Radio Range
Radio Range
T1 T2 T3
Node1 0.9 1 1
Node2 1 0.9 1
Node3 1 1 0.9
MultiMulti-dimensional Trust Management-dimensional Trust Management
• Multi-dimensional trust management– Decide the trustworthiness
of a node from several perspectives (for example 3)
– Each dimension of trustworthiness is decided by a subset of misbehaviors
04/18/23 26
Research Challenges/OpportunitiesResearch Challenges/Opportunities
• Short-term trust V.S. long-term trust (Data V.S. Device)– Sometimes you will NOT see your next car in highway again
(not for a long time or never)!– In many cases we are also (or MORE) interested in how
trustworthy a traffic event/alert is rather than the guy who reported it
– So we want to evaluate and track the trustworthiness of the traffic data!
04/18/23 27
Research Challenges/ Opportunities (Cont.)Research Challenges/ Opportunities (Cont.)
• Heterogeneous Sensor Data– Smartphone sensor data V.S. on-board vehicular
sensor data (and even more)– How can we properly interpret and integrate these
heterogeneous sensor data?– One solution: use policy rules as well as contextual
information to help fuse these sensor data to better utilize them
04/18/23 28
ConclusionConclusion
• Security and trustworthiness are BOTH very important for wireless network and its applications
• A holistic framework better secures wireless network than the existing solutions– Context makes you better understand the threats– Policy makes your countermeasure more accurate and
adaptive
04/18/23 29
