AWERProcedia

Information Technology
&
Computer Science
1 (2012) 928-933

2nd World Conference on Information Technology (WCIT-2011)

Trusted computing in vehicular ad hoc network (VANET)

a

Irshad Ahmed Sumra *, Halabi Hasbullah , J. Ab Manan b , Iftikhar Ahmad c, M.Y

Aalsalemd
1

Department of Computer and Information Sciences, Universiti Teknologi PETRON AS, Bandar Seri Iskandar, 31750 Tronoh, Perak, Malaysia.
2

Advanced Analysis & Modeling Cluster, MIMOS BerhadTechnology Park Malaysia, 57000 Kuala Lumpur, Malaysia .
Department of Software Engineering, College of Computer and Information Sciences,P.O. Box 51178, Riya dh 11543, King Saud University,
Riyadh, KSA.
4
Faculty of Computer and Information System Jazan University Saudi Arabia

Abstract
Trust is the key part of the security and challenges task in future life safety vehicular communication. Vehicular
communication is based on peer to peer communication and each peer has embedded sensor s inside and performs all
computational tasks as well as security functions. The trusted Platform module (TPM) is used inside the vehicle and plays a
key role to establish trust within the vehicle and also with other vehicles and network infrastructure. In this paper, a protocol
is proposed which is based on a property based attestation (PBA) also known as Vehicular Property based attestation
Protocol (VPP). In this proposed protocol, it is not based on the properties of the hardware and software of the vehicle;
rather it depends on the static or dynamic properties of the system which has been pre configured. We would expect that
the protocol will fulfil the need for a more secure and trusted mechanism for users using the safety and non-safety
applications and services in the vehicular network.
Keywords: Security, Trust Safety and non Safety applications, Attacker, Trusted user, Behavior, Malicious User, Trust levels.
Selection and peer review under responsibility of Prof. Dr. Hafize Keser.
2012 Academic World Education & Research Center. All rights reserved.

1. Introduction
Trusted Computing Group (TCG) is a non profit group whose aim is to define a set of specifications that will
create a trustworthy computer system with a trusted platform. The main idea behind these specifications is to
enhance security in computer networks by using a security hardware module (called the Trusted Platform
Module).Trust is the key security module of any system and the TCG has defined trust as Trust is the
expectation that a device will behave in a particular manner for a specific purpose [1].

* ADDRESS FOR CORRESPONDENCE: Irshad Ahmed, Sumra, Department of Computer and Information Sciences, Universiti Teknologi PETRON
AS, Bandar Seri Iskandar, 31750 Tronoh, Perak, Malaysia.
E-mail address: isomro28@gmail.com/ Tel.: +60125586597

Irshad Ahmed Sumra/ AWERProcedia Information Technology & Computer Science (2012) 928-933

Considering this definition in the context of VANET, it may be defined that all components of the network
(vehicles and road side units) are behaving in an expected manner (trusted communication between the
components) and serve users through their safety and non safety applications. The user, vehicle and RSU are the
main components of a vehicular network and it is necessary in a trusted computing environment that they
behave in the expected manner and serve the user through safety and non safety applications. With new
applications being deployed in VANET arise new questions for security requirements in a heterogeneous
network. Due to the high mobility of vehicles which makes it to become a dynamic network topology, it is very
difficult to ensure security and trust. An import factor to consider in such an environment is the behavior of the
various components (users, vehicles and road side unit (RSU)) of the vehicular network.
Hartenstein et al. [2] describes the two basic properties in a Trusted Computing based VANET;
The sender sends messages (safety and non safety) in vehicle to vehicle or vehicle to road side unit
(RSU) is accepted as a trusted entity.
The content of the message source is not changed during transmission, i.e. it meets the integrity
requirement.
If for whatever reason, a vehicle in a vehicular network does not behave in an expected manner or changes its
behavior, then many human lives are possibly affected. Hence it is absolutely necessary to embed some security
hardware module inside the main components of the vehicular network (vehicle, RSU) to ensure that we can
know the status of its trustworthiness. The trusted platform module (TPM) is the main component of the TCG
specification and it provides secure storage and resistance to software attacks inside the vehicle. Fig.1 shows
that each module of the vehicular network is embedded with security hardware module i.e. TPM which would
enable monitoring of the behavior of the vehicle and also road side unit (RSU).

NODE
A

NODE
B

TPM

TPM

NODE
A

RSU

TPM

TPM

Fig. 1 TPM ensure the behavior of the entities in VANET

Fig.2 Vehicular Trusted Platform (VTP)

Trusted Platform: Sadeghi and Stuble [3,4] defineed some general functionalities of a trusted plaftrom and these
functionalities in a vehicular netwrok have been considered here and are given as follows.
(a) Hardware and software integrity: Trusted platfroms ensure the integrity of the hardware, software and
embeded senors of the vehicle. It is required that all embedded modules inculding the software of the
system will perform their tasks accurately. During the storage and execution of application data, the integrity
of the users personal information should be maitanined.
(b) Confidentiality of Data: TPs ensure a secure channel and trusted path between the different applications
and they also provide confidentility, intergirty and authenticity of user data.
(c) Platform Attestation: it is a very important task in a trusted platform and it is definded as the process that
shows the accuracy of the information. The following are types of attestations used in trusted plaforms.
(d) Attestation by TPM: It provides the proof of the data that is only known by the TPM. It is necessary to
first attest to the TPM, because the TPM provides the root of trust and also plays a key role in developing
the trusted computing envrionment.
(e) Attestation to the Platform: In a vehicle there are many embeded sensors and it is very important to
make attestation of the platform.TPMs communciate with other componets of the plaftorm and should be
ensured that all components of the trusted paltfrom work properly. Integrity metrics reports provide the
proof of the trusted platform and this report is provided by the platform credential.Attestation of the
platform is an important thing and checks that the platform of any particular moduleof the network is
behaving in a proper manner for any particular task.
929

Irshad Ahmed Sumra/ AWERProcedia Information Technology & Computer Science (2012) 928-933

George et al. [5] defines the attestation as Attestation is the activity of making a claim to an appraiser about the
properties of a target by supplying evidence which supports that claim. An attester is a party performing this
activity. An appraiser's decision-making process based on attested information is appraisal. Aarthi et al. [6]
describes the two phases of attestation of a platform. (a) All the operations that correspond to the secure
collection and storage of stated information. (b) provides the safe reporting of that information to a third party.
TPMs use special kinds of registers i.e. Platform Configuration Registers (PCR) and the purpose of these registers
is to securely store the measurement values inside it.
This paper is divided into three sections; Section 2 discusses in detail the related work in the field of trusted
computing in vehicular communication. In Section 3, vehicular property based attestation protocol (VPP) is
proposed and the internal and external attestation mechanism in a vehicular network is explained. The VPP is
actually based on a property based attestation and a detailed explanation as to why a PBA with its unique
features was chosen as compared to any other attestation method is given. Finally, Section 4 describes the
conclusion.
2. Related Work
Frederic et al. [7] described the trust, security and privacy in a VANET environment who gave an overview of
trusted computing and its core component i.e. the TPM. The core functionality of a TPM is to provide the root of
trust in a platform. A TPM has a set of registers for recording the platform states, secure volatile and non-volatile
memories, a random number generator; a SHA-1 hashing engine; and asymmetric key generation, encryption
and digital signature capabilities. The special kinds of registers called Platform Configuration Registers (PCRs) are
used to store the integrity values. The following function are used to calculate the PCR register N values and
cryptographic hash function used by the TPM through SHA1 and || denotes a concatenation in eq.(1).
Extend (PCRN ; value) = SHA1 (PCRN || value) (1)
Their proposed solution is based on two main schemes: (a) Attestation of virtualized system components and (b)
secure revocable anonymous authenticated communication. Since the TPM chip itself is temper proof, it is used
to ensure that the sensitive software components are not tampered and to store the results in a protected
storage. The authors have proposed a multi-layered security protocol (Secure Revocable Anonymous
Authenticated Inter-Vehicle Communication- SRAAC) that enables a vehicle to take part in inter-vehicle
communication for safety information. The proposed SRAAC Protocol (Secure Revocable Anonymous
Authenticated Inter-Vehicle Communication) has the following components: AA (authentication authority), OBU
(on-board-units) and ICS (inter-vehicle communication certificate servers). Arbitrary validity time, OBU collusion
attacks and Injecting false safety messages are some of the possible attacks which the authors have mentioned.
Also mentioned is a solution to prevent SRAAC attacks, which is by using a trusted inter- vehicle communication
certificate (T-IVC) and this solution is based on tampering with the software running on the vehicles.
Hisashi et al. [8] proposed a new attestation based security architecture for a vehicle network. The author
discussed proposed vehicles embedded with electronic control units (ECUs). This vehicle is able to communicate
with other public networks and make use of many kinds of safety and non safety services. Authors however
noted that this vehicle will suffer from a wide variety of threats and the embedded ECUs may execute malicious
programs because of possible tampering. The proposed vehicle makes use of TPM to provide remote attestation
mechanism to mitigate such kinds of issues. In summary the proposed security architecture provides (a)
authentication of the software configuration (b) authenticated and encrypted communication and (c) flexibility
of replacement. And finally, the author believes that the proposed key pre-distribution system (KPS) based
architecture has a lower security overhead than the RSA-based.

930

Irshad Ahmed Sumra/ AWERProcedia Information Technology & Computer Science (2012) 928-933

3. Vehicular Property Based Attestation Protocol (VPP)

The foundation of the Property Based Attestation (PBA) [9] is binary attestation; however it has been extended
to attest to the security properties, behavior or functions of a system of the system. In comparison to hash
measurements, the information available which fulfills one or more security properties would be more useful to
a verifier. By using PBA in VANET, issues such as disclosure of a platform configuration, lack of flexibility and less
scalability which are some drawbacks to binary attestation [10] would be resolved.
Our proposed protocol is also based on the PBA protocol which provides attestation on some security properties
in a vehicular environment. We view that attestation is critically necessary for vehicles and RSU trusted
platforms. In this proposed protocol, the focus is mainly on properties making attestation on the basis of the
required properties only which should be dynamic and may consist of security, trust or privacy properties. If
users conform to the required properties for using the applications or services, then they would be allowed to
become a part of the network and use the services.
VPP is divided into two parts.
Internal Attestation: A smart vehicle has many embedded sensors inside the vehicle and it must communicate
with and attest all sensors by using the TPM. Electronic Control Units (ECU) should be first attested internally
which assures its integrity for any changes its behavior using the TPM, and handles situations which does not
conform to internal attestation. Liqun et al. [11, 12] proposed a model whereby the sensor information also is
being saved inside the registers of the TPM. They also proposed three algorithms of the PBA system model as
shown in Fig.3 (a) which explains the internal attestation mechanism.
Setup: This is the first probabilistic algorithm that is used in the setup phase and it provides the security
parameter 1 k.This algorithm selects a set of public parameters which are used to run the PBA protocol and
generate a private/public key pair for the TPM. The status of embedded sensors is also saved in the PCR register
of the TPM.
Sign: The sign algorithm takes as its input configuration values CSp, list of configuration values CS and nonce N v.
The output of this algorithm is the signature .
Verify: This algorithm takes the candidate signature and the CS as inputs and produces output values which
can be of two possible values 0 or 1. The valid signature is taken from the CS and assigned the 1 value; which
means it is accepted, otherwise if the value is 0, it will be rejected.

Vehicle A

Vehicle B

mA, LpA

Fig.3 (a) Internal Attestation

Vehicle A

RSU

mA, LpA

Fig.3 (b) External attestation

- Speed of vehicle
- Direction of vehicle
- Position of vehicle
- Unique Identity of vehicle
- Type of vehicle: Private/ Govt.
- Property List (Lp): L SP, L DP
- Behavior of user (BU):
Normal/Malicious
- Service region (SR): local/global
Fig.3 (c) List of Properties (Lp)

External attestation: If users meet the pre service requirements of the property list (Lp) as shown in Fig 3 (c),
then external attestation should be performed. External attestation is required when users send messages (m)
to other users and also want to communicate with the RSU. Messages could be safety or non safety, and the
communication type may also change i.e. vehicle to vehicle or vehicle to road side unit (RSU). Our own
properties list has been defined and on the basis of this list, attestation has been performed while
communicating with other vehicles or the RSU of the network. These properties are not static; they are dynamic
and government authorities of any country or any other vehicular authorized party can configure their own
properties based on their own security, trust and privacy requirements. Fig.3 (b) describes the external
attestation mechanism in which vehicle A communicates with other vehicle B and sending message (m) with list
of properties (LpA). Other vehicle B checks the list of property and if vehicle A meets the required property then
931

Irshad Ahmed Sumra/ AWERProcedia Information Technology & Computer Science (2012) 928-933

the latter accepts the message. When vehicle A wants to communicate with road side unit (RSU), it will also send
a message with property list and RSU checks the required properties and attest it and give permission to take
required services.
This proposed protocol provides the following unique features.
Roaming Concept: In this concept, we assume users travel in their vehicles from one area to a different area. So
it is necessary to provide applications and services in the new area and the users must be accepted as part of the
vehicular network.
Malicious Behavior: Attackers dynamic behavior is a challenging task for other users of the network. Whenever
users change their behavior (which can be a possible attacker), then their messages should not be attested i.e. if
an attacker increase the vehicles speed from some specific range then it should be excluded from the network.
Communication in Red Zone Area: Some areas are very restricted due to army activity so local users cannot
perform their communication in that red zone area due to security reasons. Only army vehicles can perform
tasks in that specific region.
VIP movement: Government vehicles and also any official visit of any official person in some city areas have the
need for configuration of some different kinds of security properties and local users cannot communicate with
that specific group of vehicles.
Maintain the Property list: In property lists, the features or behaviours of any component of the network can be
included. When the platform of the vehicle is considered, then the software and hardware and other embedded
sensors of the vehicle will also be considered and their behaviour will be checked related to any security policies.
There are two types of properties defined here. Fig.3 (c) show the list of properties which we can change based
on requirements.
Static Property List (LSP): It is a fixed property list in which all users are covered and can make communication
between vehicles and also with the road side unit (RSU).Government authorities are the ones who configure it
and other users follow it; one copy of this list is copied onto vehicles. When they want to communicate with
other vehicles or with a road side unit, then this list is checked and if they meet the requirements of the
property list, they can perform their required task otherwise it will not possible for them to do so.
Dynamic Property List (LDP): There is flexibility for government vehicles (police, ambulance and army) to change
their property lists according to the situation. Police make a plan to perform some operation against terrorists in
some specific region so they configure their properties in their group of vehicles to provide more secure
communication between the users of those particular vehicles.
4. Conclusion
Trusted computing ensures security and trust in a vehicular environment. The TPM is the key module of a
trusted computing group (TCG) and plays a key role for the security of a platform. The attestation mechanism is
to ensure the security of the platform and the Property based attestation is one of the possible attestation
mechanisms used to attest platforms on the basis of some particular properties. In this paper, a protocol has
been proposed and this protocol is based on the property based attestation (PBA).The purpose of using this
attestation method in a vehicular network is due to its dynamic behavior and the high mobility of the network
node. More research is needed to define more security, trust and privacy properties for attestation purposes
and to make secure and reliable communication between users and with the infrastructure. As compared to the
DAA attestation method, the PBA is more suitable for a vehicular environment, due to its nature of being more
complex. Configuration of the security properties (policies) will be a challenging task in different countries and
this task can be considered in future directions.
Acknowledgements
This work is funded by Universiti Teknologi PETRONAS postgraduate assistantship scheme in Collaboration with
MIMOS Berhad.

932

Irshad Ahmed Sumra/ AWERProcedia Information Technology & Computer Science (2012) 928-933

References
[1] A.L. Thorp, Attestation in Trusted Computing: Challenges and Potential Solutions, Technical Report, 31st March 2010.
http://www.rhul.ac.uk/mathematics/techreports
[2] H.Hartenstein, K. P. Laberteaux, A tutorial survey on vehicular ad hoc networks, Communications Magazine, (2008), IEEE 46(6) :
164-171.
[3] Trusted Computing Group.TCG specification architecture overview, version 1.2, april 2004.
[4] X-Yong et al. An Efficient Attestation for Trustworthiness of Computing Platform. Intelligent Information Hiding and Multimedi a Signal
Processing, 2006. IIH-MSP '06.
[5] George Coker et.al, Attestation: Evidence and Trust, 10th International Conference on Information and Communications Security ICICS
'08, LNCS 5308, pp. 118, 2008.
[6] A.Nagarajan, et al. Property Based Attestation and Trusted Computing: Analysis and Challenges. Network an d System Security, NSS '09,
2009. pp: 278 285.
[7] Frederic et.al ,Trust, Security and Privacy in VANETs A Multilayered Security Architecture for C2C -Communication, 23. VDI/VWGemeinschaftstagung: Automotive Security, pp. 55-70, Wolfsburg, Germany, VDI-Verlag, 2007.
[8] H. Oguma et al.New Attestation Based Security Architecture for In-Vehicle Communication. Global Telecommunications Conference,
2008. IEEE GLOBECOM 2008.
[9] A.R. Sadeghi, C.Stuble, Property based Attestation for Computing Platforms: Caring about properties, not mechanisms, New Security
Paradigms Workshop (NSPW) 2004.ACM New York, NY, USA.
[10] J.Poritz et.al,Property AttestationScalable and Privacy-friendly Security Assessment of Peer Computers, IBM Research GmbH, Zurich
Research Laboratory,8803 Ruschlikon Switzerland (Research Report 05/10/04).
[11] Liqun Chen et.al,Property-Based Attestation without a Trusted Third Party,11th international conference on Information Security,ISC '08,
pp 31-46.
[12] Liqun Chen, A Protocol for PropertyBased Attestation. In: Proceedings of the 1st ACM Workshop on Scalable Trusted Computing (STC),
November 3, 2006, Alexandria,Virginia, USA. ACM. Nova Scotia Canada,2006, pp.7-16.

933