1. Towards Secure Vehicular Clouds
Submitted in Partial Fulfillment of
The Degree of M.Tech(Software Engineering)
for Colloquium Project Report
October, 2012
Submitted By
Durgesh Kumar Shukla
Reg.No. - (2010PTSW24)
M.Tech( Software Engineering -Part Time ) - V Sem
Department of Computer Science and Engineering
Motilal Nehru National Institute of Technology Allahabad
2. Contents
1 Introduction 1
2 Motivation 2
3 Cloud Computing 3
4 Overview Of VCC 4
5 Application Of VCC 5
6 Security Requirements For VCC 5
7 Candidate Solution to Secure VCC 6
8 Limitation/Challenges 8
9 Conclusion and Statement of Associated Future Work 9
References 10
3. 1 Introduction
With an immense improvement in technological innovations, the Vehicular Communication
(VC) is very good solution to many problems of our modern day communication system on
roads. Today the Vehicular Ad Hoc Networks (VANET) grows very rapidly so the researchers
try to find more advancement in vehicular network and its application. Instead of installing
all types of sensors and devices on each vehicle, individual drivers can subscribe to the cloud-
provided infrastructure, platform and applications as services on-demand. The Vehicular
Cloud Computing (VCC) can be thought as, vehicles and road-side infrastructure with idle
sophisticated on-board devices for long periods of time can be use to form a computing cloud.
Olariu and his co-workers [2], [3], [4] have given the vision of VCC, which is a non-trivial
extension of conventional cloud computing, intended to use the excess capabilities in our
vehicles. A vehicular cloud can be formed on the fly by dynamically integrating resources
and collecting information. Vehicles can access the cloud and obtain, at the right time and the
right place, all the needed resources and applications the need or want. Vehicles, especially
cheaper ones, can receive tremendous benefits from the VCC. So the VCC concept has a
significant societal impact, security and privacy issues. VCC has great potential security
and privacy challenges that are different from the conventional wireless networks or VANET
or cloud computing. In VCC there are few security and privacy issues are fundamental. But
there are many security and privacy challenges are unique.
This report focuses on providing the overview of VCC and its security issues. Firstly, the
overview of VCC discussed; it will be followed by the security challenges associated in VCC
security and provide effective solutions to those challenges and later ending the paper by
covering future research directions and conclusion.
1
4. 2 Motivation
In our roadways, airways, and waterways, the number of vehicles regularly increasing and
most of them are with a permanent Internet presence, substantial on-board computational,
storage, and sensing capabilities. So this can be thought as a big collection of computers
on the move. These attributes make vehicles ideal candidates for nodes in a cloud. In
this, the owner of a vehicle may decide to rent out their in-vehicle capabilities on demand,
or per instance, or a per-day, per-week or per-month basis. Since most of the vehicle on
our roadways, streets and parking lots will be recognized as an abundant and underutilized
computational resource that can be merged together for the purpose of providing third-party
or community services[5]. Since, large numbers of vehicles spend most of time on the road
and may be involved in dynamically changing situations so in this situations, the vehicles
must be able to deal with the problems that require a centralized system. Vehicles will
be pooled autonomously to create a cloud that can provide services to authorized users.
This cloud can provide real-time services such as intelligent transportation systems, smart
cities, smart electric power grids, etc. Vehicles will share the capability of computing power,
Internet access and storage to form conventional clouds. Since cloud security becomes one of
the major barriers of a widespread adoption of conventional cloud services. So it is obvious
that the same problems will be present in VCC.
2
5. 3 Cloud Computing
Cloud Computing (CC) can be stated as hosted services over the Internet. The NIST
defines CC as a model for enabling convenient, on-demand network access to a shared pool of
configurable computing resources (e.g. networks, servers, storage, applications, and services)
that can be rapidly provisioned and released with minimal management effort or service
provider interaction.
The emergence of cloud computing started from the realization of the fact that instead of
investing in infrastructure, it useful to rent the infrastructure and sometimes the needed
software to run their applications. This powerful idea has been suggested, at least in part,
by ubiquitous and relatively low-cost highspeed Internet, virtualization and advances in
parallel and distributed computing and distributed databases. One of the key benefits of
cloud computing is that it provides scalable access to computing resources and information
technology (IT) services.
Following are the few properties of Cloud Computing:
• It provides the illusion of having infinite computing resources available on demand.
• It decreses the up-front investment, thus it allows companies to start small and increase
hardware resources only when there is an increase in their needs because of their
applications getting more popular.
• It gives the users the ability to pay for computing resources on a short-term basis
as needed (e.g., processors by the hour and storage by the day) and release them
as needed, thereby rewarding conservation by releasing resources (e.g. machines and
storage) when they are no longer useful.
There are three different types of cloud computing defined in [8] as:
• Infrastructure as a Service (IaaS): It offers computing, network and storage resources.
Example of this category is Amazon Web Services (AWS).
• Platform as a Service (PaaS) : It offers development platforms for which the develop-
ment tool itself is hosted in the cloud and accessed through a browser. With PaaS,
developers can build web applications without installing any tools on their comput-
ers and then deploy those applications without any specialized systems administration
skills. Example of this category is Google AppEngine and Microsoft Azure.
• Software as a Service (SaaS): This allow customers to use expensive software as much
as their application require and no need to pay ahead much money or even hire more
operators to install and maintain that software. With SaaS a provider licenses an
application to customers as a service on demand, through a subscription, in a pay-as-
you-go model. Example of this category is IBM.
3
6. 4 Overview Of VCC
VCC provide services through vehicular networks. The VCC can be distinguished from the
conventional cloud on the basis of characteristics mobility, agility and autonomy. There
are two types of VCC. The first type of VC is similar to the traditional cloud computing,
just like a service provider that will provide services to all vehicles. Drivers will be able
to access these services by network communications which involve roadside infrastructure.
Therefore, this type of VCC is called infrastructure-based vehicular cloud (IVC).For example,
obtaining GPS navigation services is just like accessing Google Map by Internet. Another
example, Vehicles, especially the ones with cheaper and fewer devices, only need a few
devices installed, such as transceiver and GPS sensor. The VC, on the other hand, collects
information from vehicles with appropriate sensor devices and the roadside infrastructure
with needed sensor devices. The second type of VCC called autonomous vehicular cloud
(AVC), which is slightly different from IVC. It can be seen that many devices (computing,
sensing and storing devices) on vehicles are idle for a long time. Olariu and his colleagues
[2], [3], [4] proposed to share these devices as the computational engine of the cloud. In
AVC, vehicles can be organized on demand to form autonomous vehicular cloud to handle
emergencies like hurricane and earthquake which can damage the roadside infrastructures
can be relieved by automated vehicular cloud because infrastructure may not be available.In
VCC the underutilized computing, networking and storage facilities of VANET can be used
effectively to be shared between drivers or rented out to other customers over the Internet.
There are following types of cloud computing services possible in the VCC:
• Network as a Service (NaaS): The vehicles with Internet access will offer their excess
capacity to the other vehicles that may need to access the Internet because they have no
Internet connection. Since many vehicles have persistent connectivity to the Internet
through cellular networks and other fixed access points on the road while moving. It
can be observed that network resource are underutilize by many drivers while driving,
so these important resource can then be shared between drivers on the road providing
Internet to those drivers who are interested to rent it. The expectation is that each
driver with Internet connectivity, who is willing to share this resource, will advertise
such information to all vehicles around them on the road.
• Storage as a Service (STaaS): Some vehicles have huge on-board storage capabilities,
and some other vehicles may need extra storage for their applications. So it is natural,
the vehicles with excess capacity can provide storage as a service. Thus putting that
huge persistent storage setting idle is a waste of resources, so this available storage can
then be used in many applications in the cloud. This available storage can be rented
out by the VC for customers over the Internet.
• Cooperation as a Service (CaaS): The information like driver safety, traffic information
and warnings regarding traffic jams and accidents, weather or road condition, park-
ing availability and advertisements can be obtained by cooperation among vehicles
4
7. on move. CaaS uses a hybrid publish/subscribe mechanism where the driver (or sub-
scriber) expresses his/her interests regarding a service (or a set of services) and where
cars having subscribed to the same service will cooperate to provide the subscriber
with the necessary information regarding the service subscribed to, by publishing this
information in the network.
5 Application Of VCC
Traffic management. Drivers can access vehicular clouds to learn about traffic conditions,
including congestion. Drivers will receive optional routes to help mitigate congestion in an
autonomous way.
Road condition sharing. Road conditions such as flooding areas, black ice on roadway, etc.,
can be shared in vehicular clouds. Drivers will be alerted if there are serious road conditions.
Accident alerts at intersections. This will be a service to drivers. In some demanding traffic
situations such as fog, heavy storm, and the like, drivers can order this service to alert them
of possible accidents at intersections.Another example is that black ice on a bridge can be
monitored and alerted by VC. Infrastructure, for example a tall building, can include high
precision radar to detect car accidents. This infrastructure will cover the whole intersection
and frequently scan the intersection. An intelligent algorithm will be applied to each scan
result and predict the possibility of accidents of cars.
Safety critical applications. Applications related to lifecritical scenarios such as collision
avoidance, adaptive cruise control, etc., requires strong security protection even surrounding
environmental security threats. These applications also are time-sensitive. Therefore, over-
head of security routines will be seriously considered.
Intelligent parking management. Vehicles will be able to book a parking spot in vehicular
cloud. All the parking spot information will be available on clouds without central control.
Requests from different physical places can be transferred to the most desired parking lots.
Managed disaster evacuation. In some disaster such as hurricane drivers can be well orga-
nized to evacuate the disaster area.
6 Security Requirements For VCC
Security and privacy are the two main point of concerns when we allowing multiple users
to share same set of resources. When we are sharing computing resources between different
users, two constraints have to be met. First, the privacy and security of the vehicle’s owner
should be preserved. Second, the security and privacy for customers who rent these resources
must also be preserved. The answer for both concerns lays in the use of virtualization
techniques In the VCC environment the main targets of an attack are:
• Confidentiality, such as identities of other users, valuable data and documents stored
on VCC, and the location of the virtual machines (VMs) where the targets services are
executing
5
8. • Integrity, such as valuable data and documents stored on VCC, executable code and
result on VCC
• Availability, such as physical machines and resources, services, and applications.
The possible forms of attacks includes: Narrow down the possible areas where the target
users services are executing by mapping the topology of VC, launch multiple experimental
accesses to the cloud and find out if the target user is currently on the same VM, request
the services on the same VM where the target user is on and using the system leakage to
obtain higher privilege to collect the assets
Rather than these possible attackes in VCC there are certain security threats like Spoofing
of user identity, Tampering of data, Repudiation (data manipulation in the name of other
users), Information disclosure (privacy breach or data leak), Denial of Service, Elevation of
privilege etc.
7 Candidate Solution to Secure VCC
The main motivation of VANETs is safety applications thus safety-related messages are
major information in the network. Based on the emergency level, there are three types of
safety messages:(1) Public traffic condition information. Vehicles switch traffic information
(e.g. traffic jam) that indirectly affect other vehicles safety as traffic jam will increase the
likelihood of accidents. This type of message is not sensitive to communication delay but
privacy needs to be protected. (2) Cooperative safety messages. Vehicles exchange messages
in cooperative accident avoidance applications. These messages are bounded by a certain
time range (normally people think it is real-time communication) and privacy needs to be
protected. (3) Liability messages. After accidents happen, there will be liability messages
generated by law enforcement or authorities. These messages are important evidence for
liability claim and are bonded by a certain time range. Privacy information is naturally
protected. The safety messages can include the following details: time-stamp, geographic
position, speed, percentage of speed change since last message, direction, acceleration, and
percentage of acceleration change since last message. The safety message will append infor-
mation such as public traffic condition and accidents etc. The appended message can help
to determine liability. Driver identity information is not necessary to be part of the safety
message. Pseudonyms can be applied to protect the drivers identities.The signature of safety
message can be calculated by applying ElGamal signature scheme [8],
To preserve the confidentiality of sensitive message, the message must be both signed and
encrypted. Since each vehicle has its own set of PKI public/private key pairs. The proposed
solution uses symmetric encryption algorithm. But here the technique still uses the PKI
support for exchange of the secret key.
Data is shared by vehicles in the VCC. Traffic congestion information is reported to the VCC
and redistributed by all vehicles in the VCC. Traffic accident data is also reported by vehicles
or polices in the VC. Therefore, data must be stored and accessed securely. Sensitive data
needs to be isolated from the publicly accessible data and to be stored in encrypted mode
6
9. and at physically separated devices and locations. Access to sensitive data will be strictly
authenticated and identity-based. Sensitive data must be secured in storage, transit and use.
Encryption to sensitive data will be utilized in almost all transmission protocol. Sanitization
of sensitive data is also important in VC. The devices that store, transit, and use sensitive
data need to be specially processed to removal sensitive data from these devices.
Applications that do not contain sensitive messages but require integrity can apply digital
signature. Confidentiality is not required because of no sensitive messages included. There-
fore, the messages will be authenticated but not encrypted. For example, accident alert
application will not include sensitive message but require the integrity of the message.
Messages in VC can include sensitive information. To protect confidentiality of sensitive
information, messages can be encrypted. There are multiple ways to encrypt messages. The
simple ones include XOR, Caesar cipher, etc.
For location validation in VCC there are two approach: active and passive. Vehicles or
infrastructure with radar (or camera, etc.) can perform active location validation. The lo-
cation measurement of radar can validate the claimed location. Vehicles or infrastructure
without radar, or in a situation that radar detection is not within line of sight, can validate
location information by applying statistical methods.
Other techniques that are proposed for different secuirty solutions are validation of user
identity by validating physical location which can detected and validated by using wirless
signal strength, the puzzle can also be used to validate users.
7
10. 8 Limitation/Challenges
Vehicular clouds are complex entities that must be designed and engineered to withstand
structural stresses induced by the inherent instability in the operating environment. A VC
is defined by its aggregated cyber-physical resources; their aggregation, coordination and
control are facing challenges, as outlined below.
• Key management: Securing keys are extremely important in a VCC environment.
Since most security and privacy solutions rely on secret keys or PKI. and a VCC is
decentralized with large population of vehicles which have high mobility.
• Trust management: In clouds, trust management can be used to aid the automated
verification of actions. If a cloud request includes sufficient credentials which is defined
by a cloud service, the cloud service will accept the request without authorization of
those who actually launched the request. Therefore, clouds or the third party will
monitor the behavior of activities and respond accordingly by increasing or decreasing
trust value of the clouds.
• Location security: Locations of vehicles are very valuable and unique. Many applica-
tions and security validations rely on location information. But the security of locations
is an open problem. Although GPS receiver can provide location information of ve-
hicles installed the device, the location of other vehicles cannot be validated by GPS
receiver.
• DoS prevention: For wireless media, DoS is extremely hard to prevent. There is no
valid solution of DoS for vehicular cloud computing networks. One of the reasons is
that all the vehicles are equal. There is no higher level of control to shut down the
DoS attacker when the DoS is detected.
• Message aggregation and validation: Users with different perspective are interested in
different layers of information. Efficient algorithms will aggregate and validate message
to represent as much as possible information and consume as few resources as possible.
• Message Delivery Deadlines: As the major VCC applications are used for collision
avoidance, hazard warning and accident warning information, so applications require
strict deadlines for message delivery.
8
11. 9 Conclusion and Statement of Associated Future Work
Shifting VANETs to clouds there are many security and privacy challenges. Few of them
are addressed with the existing security techniques, but most of them are unique challenges.
Since VCC will become a complex so it need a systematic and synthetic way of implementa-
tion to get intelligent transportation system. So only with joint efforts and close cooperation
among different organizations such as law enforcement, government, auto-industry and aca-
demic can provide solid and feasible security and privacy solutions for the vehicular cloud
computing.
9
12. References
[1] Gongjun Yan Indiana Univ., Kokomo, IN, USA Rawat, D.B. ; Bista, B.B. Towards
Secure Vehicular Clouds. 2012 Sixth International Conference on Complex, Intelligent
and Software Intensive Systems (CISIS)
[2] M. Abuelela and S. Olariu, Taking vanet to the clouds, Proceedings of The 8th Interna-
tional Conference on Advances in Mobile Computing and Multimedia MoMM 2010, pp.
810, 2010.
[3] M. Eltoweissy, S. Olariu, and M. Younis, Towards autonomous vehicular clouds, in Pro-
ceedings of AdHocNets2010, Victoria, BC, Canada, August 2010.
[4] S. Olariu, I. Khalil, and M. Abuelela, Taking vanet to the clouds, International Journal
of Pervasive Computing and Communication, vol. 7, no. 1, pp. 721, 2011.
[5] M. Eltoweissy, S. Olariu and M. Younis, Towards Vehicular Clouds, Proc. AdHocNets,
2010, Victoria, BC, August 2010.
[6] Fay Hui: A survey on the characterization of Vehicular Ad Hoc Networks routing solu-
tions ECS 257 Winter 2005
[7] T. ElGamal, A public key cryptosystem and a signature scheme based on discrete loga-
rithms, IEEE Transactions on Information Theory, vol. 31, no. 4, pp. 469472, 1985.
[8] Hodgson S., What Is Cloud Computing? http://www.winextra.com/2008/ 05/02/what-
is-cloud-computing.pdf, May 2, 2008.
10