Secure, LTE-based V2X Service: Kazi J. Ahmed, and Myung J. Lee

This article has been accepted for publication in a future issue of this journal, but has not been
fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2017.2697949, IEEE Internet of
Things Journal
Secure, LTE-based V2X Service

Kazi J. Ahmed, and Myung J. Lee
Abstract—Internet of Things (IoT) is the reality of a new and better, owing to its infrastructure, tremendous capacity increase
powerful ubiquitous technology. One of its main driving forces is in the near future (5G), and added direct device-to-device
the 3rd Generation Partnership Project (3GPP) Long Term (D2D) communication service. Their analyses were
Evolution (LTE), seeking to encompass all the applications of IoT. encouraging and expedited 3GPP to finally complete and
With this trend, 3GPP has finally made the Release 14 for
publish its Release 14 for V2X service in 2016. In this
LTE-based Vehicle to Everything (V2X) service. In this proposed
work, we evaluated the new LTE-based V2X architecture in
proposed work, we will critically analyze LTE-based V2X
regards to V2X message delivery and security requirements. We service, especially how it could accommodate different types of
showed that a proper resource allocation and reference point V2X message deliveries and fulfill the apropos security
(channel) selection could accommodate all types of V2X message requirements.
deliveries. However, focusing more on security, we deemed that The main motivations for connected vehicle are to reduce
LTE-based V2X security falls short of meeting adequate security
casualty, provide better safety and create efficient traffic
requirements, especially to well preserve the privacy. Hence, we
proposed a privacy preserving security for LTE-based V2X movement on the street. This can be done by exchanging
service. Considering the privacy as the top security requirement, messages between vehicles and infrastructures. To this regard,
we seamlessly integrate our security scheme with the specified National Highway Traffic Safety Administration (NHTSA) of
LTE security architecture. Our scheme is scalable while fulfilling USDOT makes a list of messages for V2X service. Among
basic wireless message security requirements. We also provide the them are basic safety message (BSM), Intersection Movement
security and performance analysis to show the robustness and Assist (IMA), Left Turn Assist (LTA) etc. [11]. The European
effectiveness of our proposed schemes. Telecommunications Standards Institute (ETSI) has also
Index Terms—Security, privacy, trust, scalability, Intelligent defined two types of messages: cooperative awareness
Transportation System (ITS), Long Term Evolution (LTE), messages (CAMs) and decentralized environmental
vehicle-to-everything (V2X) services. notification messages (DENMs) [12]. In a nutshell, all V2X
I. INTRODUCTION messages could be broadly classified as 1) periodic and 2)
event-triggered short messages [9].
I N an effort to connect everything with everything else, the
Internet of Things (IoT) becomes a reality of a new and Security is essential for any communication, and connected
vehicle (V2X) service is no exception. The most important
powerful ubiquitous technology. IoT is not only
interconnecting devices, vehicles, buildings, cities etc. but in an security requirement for V2X service is the privacy protection
efficient and smart way. Connected vehicle is one of the [5,19,20,22,23]. The message should not offer any inkling of
important focus areas of IoT, where the communication the identity of the sender, since most V2X messages include
between vehicle to vehicle (V2V), vehicle to infrastructure location information. However, the traceability has to be
(V2I), vehicle to pedestrian (V2P), and vehicle to Network enforced so that no one may create havoc on the street playing
(V2N) are provided. This vehicle to everything (V2X) false information [23]. Therefore, non-repudiation has to be
communication service promises to improve the efficiency and enacted as well [22]. Moreover, security has to be such that a
the safety of today's transportation system by regular-interval single V2X User Entity or a group should not able to plot
and event-triggered message broadcasts. IEEE 802.11p and (frame) against any other for false information that it did not
IEEE 1609 standards for Wireless Access for Vehicular commit [19].
Environments (WAVE) have already defined an architecture In this work, we attempt to evaluate LTE-based V2X service
and standardized set of services and interfaces that collectively regarding its message delivery and specified security. We also
enable this requirement. In the meantime, the 3rd Generation provide some suggestive solutions for its short comings,
Partnership Project (3GPP) have completed its Release 14, particularly in the preservation of privacy. However, due to
exclusively for Long Term Evolution (LTE)-based V2X limited space, our work focus more on security. Since NHTSA
service [1-4]. On the other hand, regulatory bodies of motor of USDOT and Department of Motor Vehicle (DMV) are
vehicles throughout the globe are planning to enforce V2X already heavily engaged in managing the vehicles, we feel their
technology soon. For example, United States Department of authoritative presence is important especially to enforce the
Transportation (USDOT) is pursuing to put V2V technology on security [5,7]. Therefore, our security solution deems LTE as
100% of the new car production by 2021 [5]. In the beginning the service provider and the Transportation Authority (TA) is
phase, Intelligent Transportation System (ITS) of USDOT the overseer of the safety and security of V2X service.
considered IEEE WAVE technology for connected vehicle.
However, it was not realized lack of infrastructure. Researchers The organization of the paper is as follows. Section II
also provided critical analyses between IEEE WAVE and LTE provides the LTE-based V2X architecture, and section III
for this emerging technology [6-10]. To them LTE seems to be evaluates the architecture with respect to the message delivery
and security requirements. Section IV presents our proposed
security scheme. Section V puts forth the security analysis of
2327-4662 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2017.2697949, IEEE Internet of
Things Journal
the proposed work, while section VI provides a performance resource allocation (mode 1), or autonomous resource
analysis, and finally section VII concludes the paper. allocation (mode 2). In mode 2, a V-UE can acquire resource
block (RB) by sensing or random selection from a pool of
II. LTE-BASED V2X ARCHITECTURE resources defined by eNB. To attain proper Quality of Service
Before we evaluate the LTE-based V2X service, we briefly (QoS), V-UE uses a parameter named, Proximity Service
describe its current architecture (Release 14). Also for the (ProSe) Per-Packet Priority (PPPP). V-UE provides priority
convenience of presentation, V2X User Entity (UE) will be information reflecting this PPPP to the eNB during resource
denoted as V-UE unless otherwise stated. request procedure [3]. However, PPPP is not viable for mode 2
autonomous resource allocation in Rel.14. For unicast
According to Rel. 14, there are two modes of operation for communication between V-UEs, a Source and a Destination
V2X messages [3]. These are 1) over LTE-Uu (radio interface Layer-2 IDs are used, whereas a Layer-2 Group ID is used for
between eNodeB and UE), 2) over PC5 (direct interface one-to-many communication. In addition, to ensure that a
between two UEs) reference points, as shown in Fig. 1. Over V-UE cannot be tracked or identified beyond a certain short
the LTE-Uu reference point, V-UE can either transmit/receive time-period, the source Layer-2 ID can be changed over time
unicast V2X messages or transmit unicast but receive broadcast [3]. Further, 3GPP also specified stationary infrastructure Road
message through Multimedia Broadcast Multicast Service Side Unit (RSU), but only regarded as an implementation
(MBMS) delivery. On the other hand, over PC5 reference option. This RSU could be a combination of a V-UE with the
point, V-UE can communicate V2X messages using Sidelink V2X application logic or comprise an eNB, a collocated Local
channel. This is generally perform in the form of one-to-many Gateway (L-GW), and a VAS.
communications, e.g. sending messages to members within a
group. III. LTE-BASED V2X MESSAGE DELIVERY AND SECURITY
Serving different V2X messages requires intelligent
utilization of specified LTE-based V2X resources. Moreover,
localized V2X data exchange should avoid the use of
infrastructure nodes to reduce message latency [9]. Depending
on the message periodicity, priority and the size of the target
area, we categorized V2X messages into four classes. First, for
periodic status message (m1) of V-UEs such as speed, direction,
location, semi-persistent resource allocation over LTE-Uu
reference point is used. This m1 message is not strictly time
critical (<300ms). V-UEs first sent m1 to VAS in unicast
Fig. 1. LTE-based V2X communication channels.
fashion, VAS then combines the information coming from
Two additional modules are specified by 3GPP for many V-UEs. Finally, VAS broadcasts the summary message
subscription, provision and delivery of the V2X service: V2X through MBMS delivery to proper target areas. Second,
Control Function (VCF), V2X Application Server (VAS). The localized, time critical (<100ms), event-triggered messages
VCF module provides the authorization and revocation of V2X (m2) such as Critical Event Warning (CEW), Intersection
service. During the authorization, VCF provisions V2X service Movement Assist (IMA), Left Turn Assist ( LTA) etc. are
specific parameters to a V-UE after mutual authentication and provided over Sidelink using mode 2 autonomous resource
security key generation [13]. On the other hand, Mobile allocation. Here V-UEs sense or randomly select RBs from the
Management Entity (MME) downloads subscription designated resource pool defined by eNB. This message has
information related to V2X from HSS. MME also provides local preference and is communicated through direct message
indication to the Evolved Universal Mobile exchange among V-UEs or by RSUs. Moreover, this message is
Telecommunications System Terrestrial Radio Access not necessarily periodic and occurs only at specific time and
Network (E-UTRAN) about the V-UE authorization status on place. Third, global event-triggered message (m3) such as lane
V2X use. Moreover, VAS module is responsible for closure, road construction, etc. can be allocated over LTE-Uu
distribution of V2X messages to different target areas. First, it using dynamic resource scheduling. This message needs to be
receives messages from V-UEs, then summarizes the reached widely; therefore, VAS can broadcast this to a larger
information to generate and broadcast specific V2X messages target region. This message does not need to maintain strict
to specific locations using MBMS. time delay (<300ms) and tight periodicity. Fourth, to assist
smooth movement of emergency vehicles such as ambulance,
Resource over LTE-Uu reference point is provisioned using fire truck, etc. scheduled semi-persistent resource allocation
the scheduled resource allocation. This provisioning could be (SRA) over Sidelink channel is utilized. This localized periodic
either dynamic or semi-persistent. The semi-persistent one is message (m4) has local significance and needs to be sent in
used for faster access of the resource in periodic fashion regular interval for a specific amount of time.
without requesting it repeatedly from the eNodeB (eNB) [4].
Communication over PC5 reference point uses Sidelink We consider end-to-end (e2e) delay in dealing with four
channel, and the resource grant may be provided by scheduled message classes. High priority m2 and m4 messages with 100 ms
while low priority m1 and m3 messages with 300 ms target. Note
Things Journal
however that in each group of priority, each class of message is of group members in V2X context can limit its viability. Many
handled with different resource allocation method. Further, the authors also proposed different security protocols over Sidelink
first three message types (m1, m2, and m3) can be channel using DHKE [14-16]. Their protocols can support
accommodated using the current 3GPP specification. But the integrity, authenticity, non-repudiation, as well as detection of
proposed resource allocation for m4 is not specified in 3GPP malicious nodes. Some also proposed random encryption key
Rel. 14 for V2X communication. However, SRA over Sidelink pre-distribution scheme to select keys from common large pool
is specified in 3GPP Rel. 12 for Device-to-Device (D2D) direct of keys [17]. Others used physical layer features to establish
discovery (type 2b) procedure. This resource allocation is security keys [18]. Nevertheless, all the proposed security
requested from eNB through dedicated RRC signaling by schemes including that of 3GPP use symmetric key algorithm
Radio Resource Control (RRC) connected UE. Message m4 can [13]. In one-to-many communication, symmetric key can hold
utilize this resource allocation procedure (SRA) without the anonymity, but it cannot provide the non-repudiation.
bringing forth any additional change to LTE protocols. Again,
To remedy this security dilemma, we provide a suggestive
for out of coverage case, V-UE can use preconfigured values
proposition for V2X security scheme that fulfills all the above
for accessing resource using the PC5 reference point.
mentioned security requirements. Our work assumes that TA
Moreover, all these messages require no acknowledgement; oversees security aspect of the V2X service. It makes sure that
hence, the number of collisions need to be reduced especially everyone follows according to the proposed scheme and
for emergency message communication. Collision may happen resolves any dispute regarding fraudulent messages. Our
when V-UEs use RBs from common resource pool of PC5 proposed scheme is also light weight and provides scalability.
channel for high priority messages (m2, m4). In case of resource
IV. PROPOSED V2X SECURITY SCHEME
allocation for a new m4 message, the V-UE needs to request
SRA to eNB. Upon receipt of this request, eNB selects new Our proposed work assumes Transport Authority (TA) as the
RBs for the requesting V-UE not to overlap with RBs allocated control and management entity of V2X service, whereas LTE is
already to other m4 messages. Therefore, no collision among m4 only the communication service provider. Moreover, TA is
messages. Further, eNB attaches control information blocks considered the trusty and cannot be compromised. To provide
preceding the data blocks. Hence, other messages (m2) can adequate scalability, whole region (e.g., whole USA) is divided
avoid collision from m4 by sensing based on Schedule into security domains (e.g., states) and each domain has its
Assignment (SA) and decoding [6]. In case of m2, the different level of authorities and members. TA resides at the top
assignment of RBs from shared resource pool is performed followed by Vehicle Pseudonym Distributors (VPDs). The
solely and randomly by V-UEs, not by eNB. As a result the V-UEs, VASs and RSUs reside at the lowest level as a member.
probability of collision between m2 messages is high. VPDs are agents of TA which are distributed throughout the
Nevertheless, substantial researches have been done already to domain and considered as trusty as TA. In addition to provide
reduce the effect of collision in shared resource access [24-26]. pseudonym seeds (to explain later), VPD assists V-UE to
For instance, the methods proposed in [24-25] make use of smoothly transfer security keys from one domain to another.
codes to increase the probability of successful transmission This helps V-UE continue its secure V2X service in the new
while sending same packet multiple times. On the other hand, domain. As V-UEs are by default connected to internet through
[26] employs Self-Organizing TDMA (STDMA) where an LTE network, they can easily access TA, VPD as well as VCF
additional setup phase is required before the actual assignment and VAS. Moreover, our proposed work does not consider RSU
of RBs. and VAS trusty. The proposed V2X security structure is
depicted in Fig. 2 and the detail is described in the following
As privacy is imperative for V2X service, message has to be paragraphs.
exchanged anonymously. However, non-repudiation,
traceability, non-frame-ability are also required at the same
time. 3GPP already makes a prerequisite that user specific
Layer-2 and IP level ID need to be changed for anonymity. For
communication between V-UE and VAS over LTE-Uu, either
shared-secret keys or generation of symmetric keys by
Diffie-Hellman Key Exchange (DHKE) can be used. It might
also be done by either SSL or TLS session creation, even
though the session establishment entails additional latency. But
symmetric key does not provide anonymity nor does it provide
non-repudiation.
For one-to-many V2X communication through Sidelink
channel, 3GPP specified to use a group security key, derived Fig. 2. Proposed security structure for V2X services
from shared secret [21]. For stronger security, session keys can
A. Key Distribution and Management
be generated from shared secret and distributed by the group
member initiating the communications. However, rapid change To provide privacy protection to a V-UE, two sets of security
keys, namely, long-term and short-term keys are created.
Things Journal
Long-term keys are used to contact authorities, for instance, to 〈 , 〉 (not the short-term keys which preserve privacy to
request pseudonym seeds from VPD, while short-term keys are be explained later) and the signature ; , and load
used to exchange V2X messages. However, these keys need to these into the temper resistant On Board Unit (OBU) of the
be distributed securely and, must be managed properly with no vehicle. Signature and other security processes of our security
scalability issues. The key distribution and management of our structure is presented in Table 2.
security scheme follows four phases described below.
3) V2X Service Registration
1) Domain Initialization After V2X domain registration, a V-UE sends Registration
At first each security domain TA sets up its master secret Request (Req.) message to VCF, including a DHKE key part
〈 , 〉, where 1 2 1,2 where is a (ga) as shown in Fig. 3. VCF in reply sends ID Req. message to
large prime number. Then it creates the domain parameters the V-UE with the other key part (gb) of DHKE. At this
〈 , , , , , , 〉, where is the primitive root of moment, both V-UE and VCF can create common symmetric
∗ key . Now, V-UE sends its
which is a prime residue class group of modulo , ,
. is a collision resistant hash, : International Mobile Subscriber Identity (IMSI) ID encrypted
0,1 ∗  = 0,1  ∗ \{ -1}, but  ∗ and is another by the symmetric key , ; to VCF. To get
optional hash, where : = 0,1 ∗  = 0,1  ∗ Authentication Vector (AV) for this V-UE, VCF sends V2X
Authentication (Auth.) data Req. to HSS. HSS creates AV
according to [19]. Here 〈 , 〉, is the public keys of the
including the integrity Key (IK") and Confidentiality Key
TA. TA also creates for each VPD two sets of keys, long term
(CK") from IDs of both V-UE and VCF. Now HSS responds
keys 〈 , 〉 and short-term keys 〈 , 〉 from
back to VCF using V2X Auth. data Response (Res.). Then,
VPD's ID and its master secret. The definitions and notations
VCF sends V2X Auth. Req. to V-UE including a part of the AV
related to different keys are provided in Table 1.
(AUTH, RAND). From the provided part of AV, V-UE creates
TABLE 1 same IK", CK", RES and sends V2X Auth. Res. including RES.
NOTATION OF SECURITY SYMBOLS AND KEYS VCF compares HSS provided RES and V-UE provided RES,
Notation Description and if they match, V-UE is considered authentic. After this
= , ∈ ∗ Long-term private key for entity
mutual authentication, VCF sends Registration Res. including
Actual ID for entity Par , Lp , Sp , and V2X related parameters. Finally,
Random number for entity V-UE submits its long-term public key Lp and the signature
∈ ∗ Long-term public key for entity of TA sig Lp ; M to VCF encrypted with the CK" as
Short-term private key for VPD or RSU E Lp ∥ sig Lp ; M ; CK " . VCF on the other hand,
verifies Lp by the provided signature of the TA,
Short-term public key for VPD or RSU
; . Symmetrical encryption with key
ver Lp ; P as defined in Table 2, and maps the public key
; . Asymmetrical encryption with key with the other information of the V-UE (vehicle) for later use as
Symmetric key between and map Lp IMSI, … .
∥ ∥ ∥ j-th pseudonym seed for V-UE
∥ ;
TABLE 2
A parameter of j-th seed for V-UE DEFINITION OF DIFFERENT SECURITY PROCESSES
j-th seed random number for V-UE Security processes Definition
j-th seed expiration time for V-UE
; Signature of TA
∥ ; Signature on j-th seed for V-UE
〈 ∥ 〉 j-th short-term public key for V
; : Verification of
First part of j-th public key ; signature of TA
. Second part of j-th public key ; : Signature of VPD,
First B parameter for j-th key , RSU, VAS
;
Random number for j-th key . ,
Second B parameter for j-th key ; : Verification of
j-th short-term private key for V signature of VPD,
 
 RSU, VAS
⊕
; : Asymmetric
, ⊕ encryption for VPD
The VPDs at the boundaries get keys from all neighboring
,
TAs. TA will also provide the domain parameter and ; : Asymmetric
public keys of VPD 〈 , 〉 to the VCF of its domain. ⊕ decryption by VPD
At this time, RSUs and VASs also get their keys from its or RSU
; ∶ Signature of V-UE
domain TA as 〈 , 〉 and 〈 , 〉 respectively. V
,
2) V2X Domain Registration  ,
To get V2X services, at first each vehicle has to register at its ; ∶ Verification of
 ⊕ signature of V
TA. At this time the TA will create only the long-term keys  
Things Journal
4) V-UE Pseudonym Generation When the pseudonym expires, V-UE immediately renews it
After V2X registration, each V-UE needs to create through the Pseu. Seed Req. and Pseu. Seed. Res. procedure.
short-term (pseudonym) keys in order to exchange V2X Whenever VPD is requested for a pseudonym seed, it checks
message securely. First, the V-UE sends Pseudonym (Pseu.) the revocation status of the V-UE from its domain TA. VPD
Seed Req. to VPD, encrypted by the public key of VPD provides the pseudonym seed only if the revocation status of
acquired at the time of registration as ∥ ∥ ∥ the V-UE is OK. Moreover, VPD removes stored information
; ; . Here is a request ID to of the V-UE (  , , ) once the is
expired and creates and stores whenever a new request is
distinguish the request message. VPD on the other hand,
completed. Consequently, the size of the stored information
decrypts the message using Dn, verifies the signature of TA,
does not grow constantly as opposed to CRL approach.
; (Table 2), and creates a symmetric key
B. Secure V2X Message Exchange
. In this subsection we explain how the four types of messages
mentioned in section III can be securely exchanged. Rather
than using encryption, which requires group keys, V-UE and
RSUs send signed plain text V2X messages. These messages
assist only to attain safety and the efficiency of the traffic
movement and do not produce confidential information. To
preserve the privacy, each V-UE frequently changes, as often as
every message, its short-term keys 〈 , 〉 (Table 1).
V-UE also requires to change its Layer-2 ID and IP address as
well for anonymity in MAC and Network layer. To prevent
replay attack, all types of messages include time stamp as mi =
(message || tstamp).
As we discussed earlier that the m1 is sent from V-UE to
VAS in unicast fashion, however with the following format.
∥ ∥ ∥ ∥ , ; ∥ ;
When VAS receives the message, it first performs ∥
; using , 〈 ∥ 〉 and , then it
checks validity of ; (Table 2). The first
verification assures that the pseudonym key is valid and
current, whereas the second one guarantees that the message
comes from a legitimate V-UE. When VAS broadcasts the
combined summary in response, the message is delivered
through MBMS to a target area. This MBMS is entirely
controlled by Evolved Packet Core (EPC) of LTE and
Fig. 3. V2X Service Registration and Pseudonym Generation
therefore, this broadcast does not need security signing. The m2
Next, VPD generates the pseudonym seed (SDV), encrypts it , which is localized event-triggered message, may be sent either
by the symmetric key, ; and sends it to the by V-UE or RSU. If the message is sent by a V-UE, the format
requested V-UE (Pseu. Seed Res.). This provided seed will is the same as that of the m1, however the receivers are other
include signed expiration time so that the generated pseudonym V-UEs. The verification process of this message follows the
will be valid only for a specific period. The definition and same procedure. If this is sent by RSU, then the format is
related parameters of seed are given in Table 1. To provide ∥ ∥ ; and the verification
scalability in key management and to speed up (light weight)
the verification process, we provide expiration time rather than requires to check ; . To assist this
Certificate Revocation List (CRL) according to [20]. On the verification process, a list of public keys of RSUs are
other hand V-UE creates the same symmetric key provided by VCF to a V-UE at the time of its registration. The
from 〈 , 〉 and decrypts the received (Pseu. Seed Res.) global triggered message m3 is sent by V-UEs to VAS, and the
seed from VPD. The V-UE now creates its pseudonym keys signing and verification process is the same as that of the m1
(short-term keys) and 〈 , 〉 from the given message. Localized periodic message m4, is sent mostly by the
seed for secure V2X message exchange. The first part of public emergency vehicle VE-UE with the format, ∥ ∥
key is created by the V-UE itself, whereas the second part
is provided by the VPD (Table 1). In the mean time VPD ; . The verification is done by performing
maps the given seed , a revocation parameter rep and ;
and again a list of public keys of
others with the public key of the V-UE as emergency vehicles VE-UEs are procured at the time of
 , , . This given seed and the created registration.
short-term keys from it works only for a specific time period.
If two V-UEs VX and VY want to communicate with each
Things Journal
other in unicast fashion, they can do so by encrypting the it is not possible in our security scheme since V-UE will
message. For this, a common symmetric key needs to be frequently change its short-term key to sign the V2X messages.
created. This is done by using the short-term public keys , Moreover, if an attacker compromises VPD, it only gets the
found from previous message exchange as long-term public key and associated materials that do not
provide V-UE's real identity. Finally, an attacker cannot get
. Refer to
actual IMSI from listening to the V2X Service Registration
Table 1 for parameters used here. The message format for this message exchange since it is encrypted by the symmetric key
unicast is ∥ ∥ ; where IDm is the ; .
message ID to recognize it as an encrypted V2X unicast
B. Traceability
message. The receiver VY finds its symmetric keys from the
attached in the message. A rogue V-UE may hide its trace under the identity of others.
The attacker V-UE X may capture and ∥
C. Revocation and Cross Domain Procedure ; from broadcast message of some V-UE Y and
A V-UE or a group of V-UEs may spread false information attach it to its own fraud message to pretend of being V-UE Y.
such as lane closure and road construction ahead, to gain some However when the message receivers use to perform
unfair advantage or even to send false emergency alert to panic ; , verification fails. Further, the V-UE X may
others. If a certain V-UE finds that its received message is forge the signature of VPD, ∥ ; by itself
fraudulent, it may start the revocation process by reporting the and use a corresponding fake public key
message of the rogue V-UE to VPD. Reporting message also 〈 ∥ 〉 , which has no trace of the V-UE. But when any
follows the same security measures as those of V2X messages.
other V-UE uses real public key of VPD to verify this
Before accepting any report, VPD verifies the reporter
false signature ∥ ; , again it fails. The
properly, i.e. it verifies that the reporter's short-term keys are
message can pass verification only when the legitimate V-UE
current ( ∥ ; ) and it is a registered
uses true . Likewise, a legitimate V-UE can always be
legitimate one ( ; ). After successful
traced by the authority as explained in revocation section.
verification, VPD increments the corresponding revocation
parameter rep (  , , ) by one. C. Frame-ability
However, this value is increased only if the report comes from As the revocation process needs to have a threshold number
disjoint events and for different short-term keys of reports to be in effect, some V-UEs might attempt to get
(  , , ). Once rep attains a certain other V-UE revoked. These V-UEs together may send the same
threshold value, VPD retrieves the public key from its reports multiple times to revoke a V-UE. However, without
map and provides it to its TA. To recover the public key, VPD being disjoint events, they are counted only as one report.
first retrieves from 〈 ∥ 〉 found in the Moreover, a V-UE or two may send a report and wait for the
rogue message and finds the corresponding , and then from same short-term key to be seen to place another report. But
multiple reports for same short-term key are also considered as
, finds (Table 1). The threshold value of rep can
one report.
range from two to some higher value depending on how harsh
or relaxed the revocation implementation is. TA on the other D. Attack from compromised user
hand, sends the public key ( ) of the corresponding rogue An attacker can use a compromised V-UE to broadcast false
V-UE to VCF. Finally, VCF searches for the ID of this V-UE message for its own benefit. However the revocation process
from its record (  , … ) and revokes it from kicks in immediately and the compromised V-UE will lose its
V2X service. TA also notifies all its VPDs about the revocation grant for V2X service. In addition, the attacker may use this
so that they stop providing any more pseudonym seed (SDV). V-UE to produce false pseudonym requests to VPD. However,
to retrieve the provided seed from the encrypted message,
When a V-UE moves to a new security domain, it will
attacker has to find the long-term private key of the V-UE
immediately request a new pseudonym seed from the nearest
resided inside the OBU. If the attacker attempts to break the
VPD it comes across. VPD always checks the revocation status
temper resistant OBU, it will end up destroying all security
of V-UE from the TA before it provides a new seed. If the TA is materials instantly.
not in the security domain of this VPD, it requests its TA to
verify the revocation status to the V-UE's TA (PTA found in the E. Attack from compromised VPD
request message) on its behalf. A compromised VPD can impersonate a V-UE by creating
pseudonym from the long-term public key , stored in its
V. SECURITY ANALYSIS map. However the B parameters, ,
In this section we analyze our proposed security protocol of short-term private key are generated from the long-term
with respect to the common security attacks. private key (Table 1). Hence to impersonate a V-UE, VPD has
to collude with the trustworthy TA which is not possible.
A. Privacy Attack
F. Replay Attack
To attack privacy of other V-UEs, an attacker could capture
many broadcast packets and try to link messages to the same In the proposed scheme, message format m (= message ||
V-UE to unfold, for instance, its location information. However tstamp) also includes the time stamp and is protected by the
Things Journal
sender signature ; . To successfully replay the Computer Cores, 2C + 3G, 2.2 GHz, 8 GB RAM, 64 bit OS and
same message, the attacker not only need to change the time is shown in Table 3.
stamp and also the corresponding signature. TABLE 3
PROCESSING TIME FOR DIFFERENT SECURITY MODULES
G. Key escrow problem Algorithm PT (256 bits) PT (512 bits)
In our proposed scheme, even though TA creates and hence ; 2ms 6ms
knows the long-term key pair of a V-UE, these keys will be ; 3 ms 8ms
used only for communicating with the authority. The V2X ; 4ms 9ms
message communication is secure only by short-term key pair ; 2ms 6ms
and ..These keys are solely generated by the V-UE ; <1ms <1ms
itself from the provided pseudonym seeds; hence, the key ; <1 ms <1ms
escrow problem does not exist in this proposed security , ; 2ms 6ms
scheme. , ; 3ms 8ms
; 2ms 6ms
VI. PERFORMANCE ANALYSIS ; 3ms 8ms
Even though security is the top requirement for V2X
services, the performance is also important specially for the Table 4 shows different parameters used to calculate e2e
practicality of the implementation. In the following, we will delay for all types of V2X messages. Note here that the bulk of
analyze the performance of our protocol for the effectiveness of the message generation process (GPT) time is coming from the
practicality. signature, whereas message reception process time (RPT) from
the verification. Hence, the main contribution to e2e delay
A. Overhead Cost comes GPT, RPT, and RBs procurement time (RBT). In case of
To calculate the total overhead cost of our security scheme, m1 and m3, an additional time is required for processing of
we assume 256 bit-size of short-term and 512 bit-size of messages and procurement of RBs by VAS (VPT).
long-term keys for a V-UE. On the other hand, for special TABLE 4
entities TA, RSU and VPD, we assume to use 512 bit keys for E2E DELAY CALCULATION FOR DIFFERENT V2X MESSAGES
better security. Message By GPT RPT RBT VPT
To calculate the overhead cost of V2X message sent by a m1 V-UE 2 ms 9 ms Yes yes
V-UE, we use the format presented in section IV subsection B. m2 V-UE 2 ms 9 ms Yes no
∥ ∥ ∥ ∥ , ; ∥ ; m2 RSU 6 ms 6 ms Yes no
This message could be m1,m2 or m3. In this message, the public m3 V-UE 2 ms 9 ms Yes Yes
m4 VE-UE 6 ms 6 ms Yes No
key of VPD takes 512 bits, public key of V-UE needs 256 bits,
expiration time (tV) and message timestamp (m = message || The e2e delay of messages m1 and m3 depends mostly on the
tstamp) require 2 4 bytes (Unix Timestamp), signature of LTE-Uu link (source to destination) delay. The current
V-UE occupies 2 256 bits and signature of VPD occupies theoretical LTE-Uu link delay is less than 10 ms [9]. However,
2 512 bits (Table 2), making a total amount of 512 practical LTE-Uu delay (including resource scheduling) can be
256 2 4 8 2 256 2 512 8 296 bytes. shown less than 50 ms using the delay analysis presented in
Message sent by RSUs or emergency vehicles VE-UE has this [27-28]. Hence, the total e2e delay for m1 and m3, from V-UE
format ∥ ∥ ; and the security overhead through LTE-Uu to VAS and from VAS to target area through
occupies 512 4 8 2 512 8 196 bytes. This MBMS, including security overhead could be made
message could be m2 by RSU or m4 by VE-UE. Note here that comfortably within 300 ms. For m4, SRA from shared resource
the overhead V-UE message is higher than that of RSU and of pool is allocated through eNB; therefore, e2e delay depends on
VE-UE because of the contradicting security requirement for the semi-persistence period (SPP). According to 3GPP, current
V-UE: privacy and traceability. According to current LTE SPP could be made as low as 10 ms. As a result, the e2e delay
structure, each RB is composed of 7 symbols and 12 for m4 including security overhead can be made well within the
subcarriers. Again for a bandwidth of 20 MHz, a single LTE critical time 100 ms. In case of m2, the effective e2e delay
Slot carries 100 RBs according to standard. Hence one depends on the probability of successful transmission. In low
Subframe which is two times the size of one Slot would carry density situation, multiple transmission of the same packet
200 RBs. Now, for a symbol of 6 bits (64-QAM) each RB is within a resource pool period (RPP) could increase the
6 7 12 8 63 bytes long. Hence the security probability of success close to 1[25]. Note that the localized
overhead of our proposed scheme occupies around 5 RBs for event-triggered message m2, such as CEW, IMA, LTA, is
message sent by V-UE (m1,m2,m3) and 4 RBs for message from generated by few users at a particular time and place.
RSU (m2) or VE-UE (m4). Moreover, according to 3GPP specification RPP could be
made as low as 40 subframes (40 ms); hence, the total e2e delay
B. End-to-End Delay
of m2 could also be achieved within the critical time 100 ms.
To calculate the e2e delay of different messages, we measure
the processing time (PT) of different security modules using C. Scalability
Java eclipse. The Java codes run on a Lenovo computer, with 5 In our protocol, each TA is responsible for storing
registration and revocation information of V2X entities only of
its own domain. VPD holds information related to current
Things Journal
pseudonym seeds of requested V-UEs. To find a rogue V-UE [10] Hameed Mir and Filali,"LTE and IEEE 802.11p for vehicular
networking: a performance evaluation," EURASIP Journal on Wireless
VPD needs to search through all the current seed-keys, Communications and Networking 2014.
〈 , 〉, 1 of all the N V-UEs. Here the
[11] http://www.safercar.gov/staticfiles/safercar/v2v/V2V_Fact_Sheet_10141
searching time for VPD is O(n) where n = m*N, whereas if it is 4_v2a.pdf, August 20, 2014.
done by a single TA covering the whole region, the required
[12] ETSI EN 302 665, Intelligent Transport Systems (ITS); Communications
time would be 5000 folds (50 states and 100 VPD in each state).
Architecture,Sept. 2010.
Again, VPD removes the map and the corresponding info once
the pseudonym seed is expired. This makes the list of provided [13] 3GPP, TS 33.833 V1.8.0, Study on security issues to support Proximity
Services.
seeds relatively constant over time unlike the ever increasing
CRL. Moreover, the authority does not have to distribute CRL [14] A. Zhang, J. Chen, R. Hu, and Y. Qian, “SeDS: Secure data sharing
every time an entity gets revoked. In that case it would consume strategy for D2D communication in LTE-Advanced networks,” in IEEE
Transactions on Vehicular Technology, vol. PP, no. 99, pp. 1, March,
a lot of bandwidth and is not very scalable (1% rate of revoked 2015.
vehicles of 5.2x106 will be 52x103 vehicles and equal size of
[15] W. Shen, W. Hong, X Cao, Bo Yin; D. Shila, and Y. Cheng, “Secure key
CRL). Again, the receiver of the V2X massage does not need to establishment for Device-to-Device communications,” in IEEE Global
go through time consuming CRL for verification process. Communications Conference (GLOBECOM), pp. 36-340, December
2014.
VII. CONCLUSION
[16] Abd-Elrahman, E.; Ibn-khedher, H.; Afifi, H.; Toukabri, T., "Fast group
We have proposed a security architecture of LTE-based V2X discovery and non-repudiation in D2D communications using IBE,"
communication. We seek to evaluate the LTE-based V2X in Wireless Communications and Mobile Computing Conference
architecture specified in 3GPP Release 14 regarding message (IWCMC), 2015 International , vol., no., pp.616-621, 24-28 Aug. 2015.
delivery and security requirements. We incorporate all types of [17] L. Goratti, G. Steri, K. Gomez, and G. Baldini, “Connectivity and security
V2X messages with the specified resource allocation and in a D2D communication protocol for public safety applications,” in 11th
International Symposium on Wireless Communications Systems (ISWCS),
reference points. We showed that an efficient resource pp. 548- 552, August. 2014.
allocation and proper reference point selection can successfully
provision any type of V2X message service. We also evaluated [18] W. Xi, X. Li, C. Qian, J. Han, S. Tang, J. Zhao, and K. Zhao, “KEEP: Fast
secret key extraction protocol for D2D communication,” in IEEE 22nd
its security based on the V2X security requirements and found International Symposium of Quality of Service (IWQoS), pp. 350- 359,
out that the privacy is not fully secured. Hence we proposed a May 2014.
practical solution, not only to provide privacy, but also to fulfill
[19] Ahmed, Kazi J.; Lee, Myung J.; Li, Jie, "Layered scalable WAVE
basic security requirements of wireless message exchange. We security for VANET," in IEEE Military Communications Conference,
seamlessly integrate our security scheme with the specified MILCOM 2015 - 2015 , vol., no., pp.1566-1571, 26-28 Oct. 2015.
LTE architecture. Finally, we put forth security and [20] André Weimerskirch," V2V Communication Security: A Privacy
performance analysis to show the robustness and effectiveness Preserving Design for 300 Million Vehicles," in Workshop on
of our protocol. In future we would extend our security Cryptographic Hardware and Embedded Systems 2014 (CHES 2014),
architecture for other applications like vehicle-to- smart grid. Sept. 2014.
[21] 3GPP, TS 23.303 V14.0.0, Proximity-based services (ProSe); Stage 2.
REFERENCES
[22] G. Calandriello, P. Papadimitratos, J.-P. Hubaux, A. Lioy, "Efficient and
[1] 3GPP, TS 36.331 V14.0.0, Evolved Universal Terrestrial Radio Access robust pseudonymous authentication in VANET" Proceedings of the
(E-UTRA); Radio Resource Control (RRC); Protocol specification. fourth ACM international workshop on Vehicular ad hoc networks, pp
[2] 3GPP, TS 36.321 V14.0.0, Evolved Universal Terrestrial Radio Access 19-28, 2007.
(E-UTRA); Medium Access Control (MAC) protocol specification. [23] X. Lin, X. Sun, P. Ho, and X. Shen, "GSIS: A secure and privacy
[3] 3GPP, TS 23.285 V14.0.0, Architecture enhancements for V2X services. preserving protocol for vehicular communications", IEEE Trans. Veh.
Technol., vol. 56, no. 6, pp. 3442–3456, 2007.
[4] C. Hoymann et al., "LTE release 14 outlook," in IEEE Communications
Magazine, vol. 54, no. 6, pp. 44-49, June 2016. [24] E. Paolini, C. Stefanovic, G. Liva and P. Popovski, "Coded random
access: applying codes on graphs to design random access protocols," in
[5] "20 questions about Connected Vehicles", last visited Feb. 2017, IEEE Communication Magazine, vol. 53, no. 6, pp. 144-150, June 2015
http://www.its.dot.gov/cv_basics/cv_basics_20qs.htm.
[25] Laurent Gallo and Jérôme Härri, " Self Organizing TDMA over LTE
[6] S. h. Sun, J. l. Hu, Y. Peng, X. m. Pan, L. Zhao and J. y. Fang, "Support Sidelink " Research Report RR-17-329, EURECOM, Jan. 2017
for vehicle-to-everything services based on LTE," in IEEE Wireless
Communications, vol. 23, no. 3, pp. 4-8, June 2016. [26] L. Gallo and J. Härri, “Short paper: A LTE-direct broadcast mechanism
for periodic vehicular safety communications,” in VNC 2013, IEEE
[7] H. Seo, K. D. Lee, S. Yasukawa, Y. Peng and P. Sartori, "LTE evolution Vehicular Networking Conference (VNC), Boston, USA, December
for vehicle-to-everything services," in IEEE Communications Magazine, 2013, pp. 166–169.
vol. 54, no. 6, pp. 22-28, June 2016.
[27] J. Fabini and T. Zseby, "The Right Time: Reducing Effective End-to-End
[8] Vinel, A., "3GPP LTE Versus IEEE 802.11p/WAVE: Which Technology Delay in Time-Slotted Packet-Switched Networks," in IEEE/ACM
is Able to Support Cooperative Vehicular Safety Applications?" Transactions on Networking, vol. 24, no. 4, pp. 2251-2263, Aug. 2016.
in Wireless Communications Letters, IEEE , vol.1, no.2, pp.125-128,
April 2012. [28] M. Laner, P. Svoboda, P. Romirer-Maierhofer, N. Nikaein, F. Ricciato
and M. Rupp, "A comparison between one-way delays in operating HSPA
[9] Araniti, G.; Campolo, C.; Condoluci, M.; Iera, A.; Molinaro, A., "LTE and LTE networks," 2012 10th International Symposium on Modeling
for vehicular networking: a survey," in IEEE Communications Magazine, and Optimization in Mobile, Ad Hoc and Wireless Networks (WiOpt),
, vol.51, no.5, pp.148-157, May 2013. Paderborn, Germany, 2012, pp. 286-292.
Things Journal
Mr. Kazi J. Ahmed received his B.Sc.

and M.Sc. degree from Bangladesh
University of Engineering and
Technology (BUET) in Electrical and
Electronic Engineering. He is a PhD
Candidate and working towards his PhD
in the City College of New York at City
University of NY. He is also an adjunct
faculty in the City College of New York. His research area
includes IEEE WAVE-based VANET, LTE-based V2X, IoT,
Vehicle-to-Grid, and their Security. He published two of his
papers in IEEE WAVE-based VANET Security at UKC 2015
and at Milcom 2015. He also has publised two of his papers in
Digital Signal Processing (DSP) at ICECE 2006 and at Journal
of IEB 2006. Currently he is working on Secure Resource
Allocation in LTE-based V2X service towards 5G Network.
Dr. Myung J. Lee (SM) received a B.S

and an MS from Seoul National
University in Korea and Ph.D degree
from Columbia University in
electrical/electronics engineering. He is
currently a professor at the Dept of
Electrical & Computer Engineering of
City College and Graduate Center of
City University of New York. He is also
an adjunct professor of GIST. Dr. Lee’s
recent research interests include V2X,
Security, IoT, mobile cloud computing, VANET,
Vehicle-to-Grid applications. He published extensively in these
areas including a book (Green IT: Technologies and
Applications, Springer)(ed.) and more than 25 U.S and
international patents. He is a technical editor for IEEE
communications magazine. Dr. Lee also actively contributes to
international standard organizations IEEE and ZigBee
(currently the chair of IEEE 802.15.8 PAC). Dr. Lee’s research
group developed the first NS-2 simulator for IEEE 802.15.4, a
standard NS-2 distribution widely used for wireless sensor
network researches. He co-received the best paper awards at
IEEE CCNC 2005 and 1st EAI conference on Smartgrid2016
and CUNY Excellence Performance Award. He is a past
president of KSEA.

Secure, LTE-based V2X Service: Kazi J. Ahmed, and Myung J. Lee

Uploaded by

Copyright:

Available Formats

Secure, LTE-based V2X Service: Kazi J. Ahmed, and Myung J. Lee

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Secure, LTE-based V2X Service: Kazi J. Ahmed, and Myung J. Lee

Uploaded by

Copyright:

Available Formats

This article has been accepted for publication in a future issue of this journal, but has not been

Secure, LTE-based V2X Service

Mr. Kazi J. Ahmed received his B.Sc.

Dr. Myung J. Lee (SM) received a B.S

You might also like