SECURITY, PRIVACY AND APPLICATIONS IN VEHICULAR AD HOC NETWORKS

With wireless vehicular communications, Vehicular Ad Hoc Networks (VANETs) enable numerous applications to enhance traffic safety, traffic efficiency, and driving experience. However, VANETs also impose severe security and privacy challenges which need to be thoroughly investigated. In this dissertation, we enhance the security, privacy, and applications of VANETs, by 1) designing application-driven security and privacy solutions for VANETs, and 2) designing appealing VANET applications with proper security and privacy assurance. First, the security and privacy challenges of VANETs with most application significance are identified and thoroughly investigated. With both theoretical novelty and realistic considerations, these security and privacy schemes are especially appealing to VANETs. Specifically, multi-hop communications in VANETs suffer from packet dropping, packet tampering, and communication failures which have not been satisfyingly tackled in literature. Thus, a lightweight reliable and faithful data packet relaying framework (LEAPER) is proposed to ensure reliable and trustworthy multi-hop communications by enhancing the cooperation of neighboring nodes. Message verification, including both content and signature verification, generally is computation-extensive and incurs severe scalability issues to each node. The resource-aware message verification (RAMV) scheme is proposed to ensure resource-aware, secure, and application-friendly message verification in VANETs. On the other hand, to make VANETs acceptable to the privacy-sensitive users, the identity and location privacy of each node should be properly protected. To this end, a joint privacy and reputation assurance (JPRA) scheme is proposed to synergistically support privacy protection and reputation management by reconciling their inherent conflicting requirements. Besides, the privacy implications of short-time certificates are thoroughly investigated in a short-time certificates-based privacy protection (STCP2) scheme, to make privacy protection in VANETs feasible with short-time certificates. Secondly, three novel solutions, namely VANET-based ambient ad dissemination (VAAD), general-purpose automatic survey (GPAS), and VehicleView, are proposed to support the appealing value-added applications based on VANETs. These solutions all follow practical application models, and an incentive-centered architecture is proposed for each solution to balance the conflicting requirements of the involved entities. Besides, the critical security and privacy challenges of these applications are investigated and addressed with novel solutions. Thus, with proper security and privacy assurance, these solutions show great application significance and economic potentials to VANETs. Thus, by enhancing the security, privacy, and applications of VANETs, this dissertation fills the gap between the existing theoretic research and the realistic implementation of VANETs, facilitating the realistic deployment of VANETs

Design and performance evaluation of smart dissemination of emergence messages in vehicular ad-hoc networks

The growing demand to improve road safety and optimize road traffic has generated great interest in vehicular ad-hoc network (VANETs). Serious traffic accidents can cause financial losses, physical disability, and even death. However, if drivers were informed about the danger in advance through a warning message, this would give drivers enough time to react appropriately to the situation. There are many approaches that can prevent car accidents, and VANETs have been conceived as an excellent solution to improve road safety, through the use of a variety of applications enabled by vehicle communications. The key objective of this research is to achieve information dissemination from a vehicle to other vehicles around that migth be interested in receiving the content. We focus on the network layer and application layer protocols, which are discussed and developed as a protocol over the respective access technologies. We primarily present the research results of our proposals, and also provide a comprehensive review of existing challenges and solutions in data dissemination in VANETs. Our proposals include the design of three dissemination protocols compatible with the IEEE 802.11p standards for road safety applications. These dissemination protocols can be differentiated by their application trigger condition and the broadcast scheme. All three dissemination protocols have been implemented in the simulator VEINS to perform several large-scale experiments. The results of the experiments have shown that all three dissemination protocols are able to cope with an increasing number of vehicles in large scale scenarios without sufering a noticeable loss in performance. Finally, we have investigated solutions to increase the driver's privacy because VANETs can also introduce some location privacy risk by periodically broadcast beacon messages that include the vehicle's position. We evaluate the performance of the privacy schemes, described the experiments and discussed the results.La creixent demanda per millorar la seguretat viària i optimitzar el trànsit viari ha generat gran interès en les xarxes vehiculars ad-hoc (VANETs). Els accidents de trànsit greus poden causar pèrdues financeres, discapacitat física i fins i tot la mort. No obstant això, si els conductors van ser informats per endavant sobre el perill a través d’un missatge d’advertència, això donaria als conductors el temps suficient per reaccionar de manera apropiada a la situació. Hi ha molts enfocaments que poden prevenir accidents automobilístics, i les VANETs s’han concebut com una excel·lent solució per millorar la seguretat viària, a través de l’ús d’una varietat d’aplicacions habilitades per les comunicacions vehiculars. L’objectiu principal d’aquesta investigació és aconseguir la disseminació de la informació des d’un vehicle a altres vehicles que estiguin interessats en rebre el contingut. Ens enfoquem en la capa de xarxa i els protocols de capa d’aplicació, que es discuteixen i desenvolupen com un protocol sobre les respectives tecnologies d'accés. Principalment vam presentar els resultats d’investigació de les nostres propostes, i també provem una revisió exhaustiva dels desafiaments i solucions existents en la disseminació de dades en les VANETs. Les nostres propostes inclouen el disseny de tres protocols de disseminació compatibles amb els estàndards IEEE 802.11p per a aplicacions de seguretat viària. Aquests protocols de disseminació es poden diferenciar per la condició d’activació de l’aplicació i l’esquema de difusió. Els tres protocols de disseminació s’han implementat en el simulador VEINS per a realitzar diversos experiments a gran escala. Els resultats dels experiments han demostrat que els tres protocols de disseminació són capaços de fer front a un nombre creixent de vehicles en escenaris de gran escala sense patir una pèrdua notable en el rendiment. Finalment, hem investigat solucions per augmentar la privacitat del conductor perquè les VANETs també poden introduir algun risc de privacitat de la ubicació mitjanant missatges beacon emesos periòdicament que inclouen la posició dels vehicles. Avaluem l’acompliment dels esquemes de privacitat, descrivim els experiments i discutim els resultats.Postprint (published version

A comprehensive survey of V2X cybersecurity mechanisms and future research paths

Recent advancements in vehicle-to-everything (V2X) communication have notably improved existing transport systems by enabling increased connectivity and driving autonomy levels. The remarkable benefits of V2X connectivity come inadvertently with challenges which involve security vulnerabilities and breaches. Addressing security concerns is essential for seamless and safe operation of mission-critical V2X use cases. This paper surveys current literature on V2X security and provides a systematic and comprehensive review of the most relevant security enhancements to date. An in-depth classification of V2X attacks is first performed according to key security and privacy requirements. Our methodology resumes with a taxonomy of security mechanisms based on their proactive/reactive defensive approach, which helps identify strengths and limitations of state-of-the-art countermeasures for V2X attacks. In addition, this paper delves into the potential of emerging security approaches leveraging artificial intelligence tools to meet security objectives. Promising data-driven solutions tailored to tackle security, privacy and trust issues are thoroughly discussed along with new threat vectors introduced inevitably by these enablers. The lessons learned from the detailed review of existing works are also compiled and highlighted. We conclude this survey with a structured synthesis of open challenges and future research directions to foster contributions in this prominent field.This work is supported by the H2020-INSPIRE-5Gplus project (under Grant agreement No. 871808), the ”Ministerio de Asuntos Económicos y Transformacion Digital” and the European Union-NextGenerationEU in the frameworks of the ”Plan de Recuperación, Transformación y Resiliencia” and of the ”Mecanismo de Recuperación y Resiliencia” under references TSI-063000-2021-39/40/41, and the CHIST-ERA-17-BDSI-003 FIREMAN project funded by the Spanish National Foundation (Grant PCI2019-103780).Peer ReviewedPostprint (published version

ESPR: Efficient Security Scheme for Position-Based Routing in Vehicular Ad Hoc Networks

Vehicular Ad hoc Network (VANET) is a promising emerging technology that enables road safety, traffic management, and passengers and drivers comfort applications. Many applications require multi-hop routing; position-based routing (PBR) is a well-recognized routing paradigm that performs well in the vehicular context to enable these applications. However, there are many security challenges and various routing attacks which may prevent the deployment of PBR protocols. In this study, we propose a novel security scheme called ESPR to secure PBR protocols in VANETs. ESPR considers both digital signature and keyed Hash Message Authentication Code (HMAC) to meet the unique requirements of PBR. In ESPR, all legitimate members share a secret key. ESPR scheme applies a novel probabilistic key distribution to allow unrevoked members to update the shared secret key. Furthermore, it defines a set of plausibility checks that enables network members to detect and avoid PBR attacks autonomously. By conducting security analysis and performance evaluation, ESPR scheme demonstrated to outperform its counterparts in terms of communication overhead and delay while achieving robust and secure operation

Anonymous authentication mechanism based on group signature and pseudonym public key infrastructure for safety application of vechicular ad hoc network

Safety applications of Vehicular Ad hoc Network (VANET) demand delay intolerant and are vulnerable to attacks due to the mobility of nodes and wireless nature of their communications. These applications require an integrated security mechanism, which provides message integrity, anonymity, non-repudiation, revocation, availability, and location authentication services. This mechanism should provide acceptable message delay with or without dependency to Road Side Units (RSUs). Realizing the importance of VANET security, two mechanisms are proposed and evaluated in this research. The mechanisms are aimed at fulfilling the VANET security requirements for safety applications with acceptable message delay. Two new lightweight security mechanisms, RSU-Aided Anonymous Authentication (RAAA) and Group Signature-based Anonymous Authentication (GSAA) have been proposed. These mechanisms are based on Group Signature (GS) and Pseudonym Public Key Infrastructure (PPKI). GS scheme was applied to ensure anonymity, non-repudiation and revocation, whereas PPKI was applied to achieve authentication and message integrity. Additionally, a novel function for location verification was proposed to guarantee availability and location authentication. Simulations were performed using NS2 to verify and evaluate the efficiency of the mechanisms for urban and highway scenarios with various traffic conditions. Simulation results showed that RAAA and GSAA outperformed Group Signature and Identity-based Signature (GSIS), and Short-Term Linkable Group Signatures with Categorized Batch Verification (STLGSCBV). In comparison to GSIS and STLGSCBV, the results indicated improvements of at least 5.26% and 7.95% in terms of vehicle density impact on message delay, and at least 11.65% and 11.22% in the case of vehicle density impact on message loss ratio. Furthermore, the simulated RAAA and GSAA methods resulted in approximately 11.09% and 10.71% improvement in message delay during signature verification in comparison to GSIS and STLGSCBV. Additionally, RAAA and GSAA proved to achieve at least 13.44% enhancement by considering signature verification on message loss ratio in comparison to GSIS and 7.59% in comparison to STLGSCBV. The simulation results also demonstrated that less than 20ms message delay was achieved by RAAA and GSAA mechanisms in the case of less than 90 vehicles within the communication range. This is an acceptable message delay and hence, the proposed mechanisms have a great potential to be used in safety critical applications

A trust-driven privacy architecture for vehicular ad-hoc networks

Vehicular Ad-Hoc NETworks (VANETs) are an emerging technology which aims to improve road safety by preventing and reducing traffic accidents. While VANETs offer a great variety of promising applications, such as, safety-related and infotainment applications, they remain a number of security and privacy related research challenges that must be addressed. A common approach to security issues widely adopted in VANETs is the use of Public Key Infrastructures (PKI) and digital certificates in order to enable authentication, authorization and confidentiality. These approaches usually rely on a large set of regional Certification Authorities (CAs). Despite the advantages of PKI-based approaches, there are two main problems that arise, i) the secure interoperability among the different and usually unknown- issuing CAs, and ii) the sole use of PKI in a VANET environment cannot prevent privacy related attacks, such as, linking a vehicle with an identifier, tracking vehicles ¿big brother scenario" and user profiling. Additionally, since vehicles in VANETs will be able to store great amounts of information including private information, unauthorized access to such information should be carefully considered. This thesis addresses authentication and interoperability issues in vehicular communications, considering an inter-regional scenario where mutual authentication between nodes is needed. To provide interoperability between vehicles and services among different domains, an Inter-domain Authentication System (AS) is proposed. The AS supplies vehicles with a trusted set of authentication credentials by implementing a near real-time certificate status service. The proposed AS also implements a mechanism to quantitatively evaluate the trust level of a CA, in order to decide on-the-y if an interoperability relationship can be created. This research work also contributes with a Privacy Enhancing Model (PEM) to deal with important privacy issues in VANETs. The PEM consists of two PKI-based privacy protocols: i) the Attribute-Based Privacy (ABP) protocol, and ii) the Anonymous Information Retrieval (AIR) protocol. The ABP introduces Attribute-Based Credentials (ABC) to provide conditional anonymity and minimal information disclosure, which overcome with the privacy issues related to linkability (linking a vehicle with an identifier) and vehicle tracking (big brother scenario). The AIR protocol addresses user profiling when querying Service Providers (SPs), by relying in a user collaboration privacy protocol based on query forgery and permutation; and assuming that neither participant nodes nor SPs could be completely trusted. Finally, the Trust Validation Model (TVM) is proposed. The TVM supports decision making by evaluating entities trust based on context information, in order to provide i) access control to driver and vehicle's private information, and ii) public information trust validation

Location Privacy in VANETs: Improved Chaff-Based CMIX and Privacy-Preserving End-to-End Communication

VANETs communication systems are technologies and defined policies that can be formed to enable ITS applications to provide road traffic efficacy, warning about such issues as environmental dangers, journey circumstances, and in the provision of infotainment that considerably enhance transportation safety and quality. The entities in VANETs, generally vehicles, form part of a massive network known as the Internet of Vehicles (IoV). The deployment of large-scale VANETs systems is impossible without ensuring that such systems are themselves are safe and secure, protecting the privacy of their users. There is a risk that cars might be hacked, or their sensors become defective, causing inaccurate information to be sent across the network. Consequently, the activities and credentials of participating vehicles should be held responsible and quickly broadcast throughout a vast VANETs, considering the accountability in the system. The openness of wireless communication means that an observer can eavesdrop on vehicular communication and gain access or otherwise deduce users' sensitive information, and perhaps profile vehicles based on numerous factors such as tracing their travels and the identification of their home/work locations. In order to protect the system from malicious or compromised entities, as well as to preserve user privacy, the goal is to achieve communication security, i.e., keep users' identities hidden from both the outside world and the security infrastructure and service providers. Being held accountable while still maintaining one's privacy is a difficult balancing act. This thesis explores novel solution paths to the above challenges by investigating the impact of low-density messaging to improve the security of vehicle communications and accomplish unlinkability in VANETs. This is achieved by proposing an improved chaff-based CMIX protocol that uses fake messages to increase density to mitigate tracking in this scenario. Recently, Christian \etall \cite{vaas2018nowhere} proposed a Chaff-based CMIX scheme that sends fake messages under the presumption low-density conditions to enhance vehicle privacy and confuse attackers. To accomplish full unlinkability, we first show the following security and privacy vulnerabilities in the Christian \etall scheme: linkability attacks outside the CMIX may occur due to deterministic data-sharing during the authentication phase (e.g., duplicate certificates for each communication). Adversaries may inject fake certificates, which breaks Cuckoo Filters' (CFs) updates authenticity, and the injection may be deniable. CMIX symmetric key leakage outside the coverage may occur. We propose a VPKI-based protocol to mitigate these issues. First, we use a modified version of Wang \etall's \cite{wang2019practical} scheme to provide mutual authentication without revealing the real identity. To this end, a vehicle's messages are signed with a different pseudo-identity “certificate”. Furthermore, the density is increased via the sending of fake messages during low traffic periods to provide unlinkability outside the mix-zone. Second, unlike Christian \etall's scheme, we use the Adaptive Cuckoo Filter (ACF) instead of CF to overcome the effects of false positives on the whole filter. Moreover, to prevent any alteration of the ACFs, only RUSs distribute the updates, and they sign the new fingerprints. Third, mutual authentication prevents any leakage from the mix zones' symmetric keys by generating a fresh one for each communication through a Diffie–Hellman key exchange. As a second main contribution of this thesis, we focus on the V2V communication without the interference of a Trusted Third Party (TTP)s in case this has been corrupted, destroyed, or is out of range. This thesis presents a new and efficient end-to-end anonymous key exchange protocol based on Yang \etall's \cite{yang2015self} self-blindable signatures. In our protocol, vehicles first privately blind their own private certificates for each communication outside the mix-zone and then compute an anonymous shared key based on zero-knowledge proof of knowledge (PoK). The efficiency comes from the fact that once the signatures are verified, the ephemeral values in the PoK are also used to compute a shared key through an authenticated Diffie-Hellman key exchange protocol. Therefore, the protocol does not require any further external information to generate a shared key. Our protocol also does not require interfacing with the Roadside Units or Certificate Authorities, and hence can be securely run outside the mixed-zones. We demonstrate the security of our protocol in ideal/real simulation paradigms. Hence, our protocol achieves secure authentication, forward unlinkability, and accountability. Furthermore, the performance analysis shows that our protocol is more efficient in terms of computational and communications overheads compared to existing schemes.Kuwait Cultural Offic