Context-based Pseudonym Changing Scheme for Vehicular Adhoc Networks

Vehicular adhoc networks allow vehicles to share their information for safety and traffic efficiency. However, sharing information may threaten the driver privacy because it includes spatiotemporal information and is broadcast publicly and periodically. In this paper, we propose a context-adaptive pseudonym changing scheme which lets a vehicle decide autonomously when to change its pseudonym and how long it should remain silent to ensure unlinkability. This scheme adapts dynamically based on the density of the surrounding traffic and the user privacy preferences. We employ a multi-target tracking algorithm to measure privacy in terms of traceability in realistic vehicle traces. We use Monte Carlo analysis to estimate the quality of service (QoS) of a forward collision warning application when vehicles apply this scheme. According to the experimental results, the proposed scheme provides a better compromise between traceability and QoS than a random silent period scheme.Comment: Extended version of a previous paper "K. Emara, W. Woerndl, and J. Schlichter, "Poster: Context-Adaptive User-Centric Privacy Scheme for VANET," in Proceedings of the 11th EAI International Conference on Security and Privacy in Communication Networks, SecureComm'15. Dallas, TX, USA: Springer, June 2015.

Privacy in Inter-Vehicular Networks: Why simple pseudonym change is not enough

Inter-vehicle communication (IVC) systems disclose rich location information about vehicles. State-of-the-art security architectures are aware of the problem and provide privacy enhancing mechanisms, notably pseudonymous authentication. However, the granularity and the amount of location information IVC protocols divulge, enable an adversary that eavesdrops all traffic throughout an area, to reconstruct long traces of the whereabouts of the majority of vehicles within the same area. Our analysis in this paper confirms the existence of this kind of threat. As a result, it is questionable if strong location privacy is achievable in IVC systems against a powerful adversary.\u

Traceability and safety tradeoffs in modern vehicles

Dissertação de mestrado integrado em Engenharia InformáticaIn this dissertation, the efficiency of privacy protecting mechanisms in short-range vehicular communications, namely Pseudonym Change Strategies, is investigated. To evaluate these strategies, a set of simulation tools is used, that allow for the assessment of several metrics, such as the privacy level obtained and the real pseudonym consumption, resulting from the use of a representative set of pseudonym change strategies. Most importantly, hybrid strategies were considered, which combine schemes that were previously analysed separately. The results show that combining mix-zones with another scheme provides better privacy in most cases. Lastly, we showcase and analyse the problems found in the process of trying to make the simulated scenarios more realistic, which easily comes into conflict with tool limitations and/or subtle and hard to anticipate interactions between different components.Nesta dissertação investiga-se a eficácia de mecanismos de protecção da privacidade em comunicações veiculares de curto alcance, nomeadamente recorrendo a Estratégias de Alteração de Pseudónimos. Para a avaliação dessas estratégias, recorre-se a um conjunto de ferramentas de simulação que permitem aferir diferentes métricas, como o nível de privacidade obtido e o consumo efectivo de pseudónimos, decorrentes da utilização de um conjunto representativo de estratégias de alteração de pseudónimos. Mais importante ainda, foram consideradas estratégias híbridas, que combinam esquemas antes analisados separadamente. Os resultados mostram que combinar zonas mistas com outro esquema proporciona melhor privacidade na maioria dos casos. Por último, apresentam-se e analisam-se problemas encontrados no processo de procurar tornar mais realistas os cenários das simulações realizadas, e que facilmente esbarra com limitações das ferramentas e/ou interações subtis e dificilmente antecipáveis de diferentes componentes

SECURITY, PRIVACY AND APPLICATIONS IN VEHICULAR AD HOC NETWORKS

With wireless vehicular communications, Vehicular Ad Hoc Networks (VANETs) enable numerous applications to enhance traffic safety, traffic efficiency, and driving experience. However, VANETs also impose severe security and privacy challenges which need to be thoroughly investigated. In this dissertation, we enhance the security, privacy, and applications of VANETs, by 1) designing application-driven security and privacy solutions for VANETs, and 2) designing appealing VANET applications with proper security and privacy assurance. First, the security and privacy challenges of VANETs with most application significance are identified and thoroughly investigated. With both theoretical novelty and realistic considerations, these security and privacy schemes are especially appealing to VANETs. Specifically, multi-hop communications in VANETs suffer from packet dropping, packet tampering, and communication failures which have not been satisfyingly tackled in literature. Thus, a lightweight reliable and faithful data packet relaying framework (LEAPER) is proposed to ensure reliable and trustworthy multi-hop communications by enhancing the cooperation of neighboring nodes. Message verification, including both content and signature verification, generally is computation-extensive and incurs severe scalability issues to each node. The resource-aware message verification (RAMV) scheme is proposed to ensure resource-aware, secure, and application-friendly message verification in VANETs. On the other hand, to make VANETs acceptable to the privacy-sensitive users, the identity and location privacy of each node should be properly protected. To this end, a joint privacy and reputation assurance (JPRA) scheme is proposed to synergistically support privacy protection and reputation management by reconciling their inherent conflicting requirements. Besides, the privacy implications of short-time certificates are thoroughly investigated in a short-time certificates-based privacy protection (STCP2) scheme, to make privacy protection in VANETs feasible with short-time certificates. Secondly, three novel solutions, namely VANET-based ambient ad dissemination (VAAD), general-purpose automatic survey (GPAS), and VehicleView, are proposed to support the appealing value-added applications based on VANETs. These solutions all follow practical application models, and an incentive-centered architecture is proposed for each solution to balance the conflicting requirements of the involved entities. Besides, the critical security and privacy challenges of these applications are investigated and addressed with novel solutions. Thus, with proper security and privacy assurance, these solutions show great application significance and economic potentials to VANETs. Thus, by enhancing the security, privacy, and applications of VANETs, this dissertation fills the gap between the existing theoretic research and the realistic implementation of VANETs, facilitating the realistic deployment of VANETs

Towards a Framework for Preserving Privacy in VANET

Vehicular Ad-hoc Network (VANET) is envisioned as an integral part of the Intelligent Transportation Systems as it promises various services and benefits such as road safety, traffic efficiency, navigation and infotainment services. However, the security and privacy risks associated with the wireless communication are often overlooked. Messages exchanged in VANET wireless communication carry inferable Personally Identifiable Information(PII). This introduces several privacy threats that could limit the adoption of VANET. The quantification of these privacy threats is an active research area in VANET security and privacy domains. The Pseudonymisation technique is currently the most preferred solution for critical privacy threats in VANET to provide conditional anonymous authentication. In the existing literature, several Pseudonym Changing Schemes(PCS) have been proposed as effective de-identification approaches to prevent the inference of PII. However, for various reasons, none of the proposed schemes received public acceptance. Moreover, one of the open research challenges is to compare different PCSs under varying circumstances with a set of standardized experimenting parameters and consistent metrics. In this research, we propose a framework to assess the effectiveness of PCSs in VANET with a systematic approach. This comprehensive equitable framework consists of a variety of building blocks which are segmented into correlated sub-domains named Mobility Models, Adversary Models, and Privacy Metrics. Our research introduces a standard methodology to evaluate and compare VANET PCSs using a generic simulation setup to obtain optimal, realistic and most importantly, consistent results. This road map for the simulation setup aims to help the research \& development community to develop, assess and compare the PCS with standard set of parameters for proper analysis and reporting of new PCSs. The assessment of PCS should not only be equitable but also realistic and feasible. Therefore, the sub-domains of the framework need coherent as well as practically applicable characteristics. The Mobility Model is the layout of the traffic on the road which has varying features such as traffic density and traffic scenarios based on the geographical maps. A diverse range of Adversary Models is important for pragmatic evaluation of the PCSs which not only considers the presence of global passive adversary but also observes the effect of intelligent and strategic \u27local attacker\u27 placements. The biggest challenge in privacy measurement is the fact that it is a context-based evaluation. In the literature, the PCSs are evaluated using either user-oriented or adversary-oriented metrics. Under all circumstances, the PCSs should be assessed from both user and adversary perspectives. Using this framework, we determined that a local passive adversary can be strong based on the attacking capabilities. Therefore, we propose two intelligent adversary placements which help in privacy assessment with realistic adversary modelling. When the existing PCSs are assessed with our systematic approach, consistent models and metrics, we identified the privacy vulnerabilities and the limitations of existing PCSs. There was a need for comprehensive PCS which consider the context of the vehicles and the changing traffic patterns in the neighbourhood. Consequently, we developed a Context-Aware \& Traffic Based PCS that focuses on increasing the overall rate of confusion for the adversary and to reduce deterministic information regarding the pseudonym change. It is achieved by increasing the number of dynamic attributes in the proposed PCS for inference of the changing pattern of the pseudonyms. The PCS increases the anonymity of the vehicle by having the synchronized pseudonym changes. The details given under the sub-domains of the framework solidifies our findings to strengthen the privacy assessment of our proposed PCS

Flowsim: A Modular Simulation Platform for Microscopic Behavior Analysis of City-Scale Connected Autonomous Vehicles

As connected autonomous vehicles (CAVs) become increasingly prevalent, there is a growing need for simulation platforms that can accurately evaluate CAV behavior in large-scale environments. In this paper, we propose Flowsim, a novel simulator specifically designed to meet these requirements. Flowsim offers a modular and extensible architecture that enables the analysis of CAV behaviors in large-scale scenarios. It provides researchers with a customizable platform for studying CAV interactions, evaluating communication and networking protocols, assessing cybersecurity vulnerabilities, optimizing traffic management strategies, and developing and evaluating policies for CAV deployment. Flowsim is implemented in pure Python in approximately 1,500 lines of code, making it highly readable, understandable, and easily modifiable. We verified the functionality and performance of Flowsim via a series of experiments based on realistic traffic scenarios. The results show the effectiveness of Flowsim in providing a flexible and powerful simulation environment for evaluating CAV behavior and data flow. Flowsim is a valuable tool for researchers, policymakers, and industry professionals who are involved in the development, evaluation, and deployment of CAVs. The code of Flowsim is publicly available on GitHub under the MIT license

Secure Position-Based Routing for VANETs

Vehicular communication (VC) systems have the potential to improve road safety and driving comfort. Nevertheless, securing the operation is a prerequisite for deployment. So far, the security of VC applications has mostly drawn the attention of research efforts, while comprehensive solutions to protect the network operation have not been developed. In this paper, we address this problem: we provide a scheme that secures geographic position-based routing, which has been widely accepted as the appropriate one for VC. Moreover, we focus on the scheme currently chosen and evaluated in the Car2Car Communication Consortium (C2C-CC). We integrate security mechanisms to protect the position-based routing functionality and services (beaconing, multi-hop forwarding, and geo-location discovery), and enhance the network robustness. We propose defense mechanisms, relying both on cryptographic primitives, and plausibility checks mitigating false position injection. Our implementation and initial measurements show that the security overhead is low and the proposed scheme deployable

Privacy-preserving Cooperative Services for Smart Traffic

Communication technology and the increasing intelligence of things enable new qualities of cooperation. However, it is often unclear how complex functionality can be realized in a reliable and abuse-resistant manner without harming users\u27 privacy in the face of strong adversaries. This thesis focuses on three functional building blocks that are especially challenging in this respect: cooperative planning, geographic addressing and the decentralized provision of pseudonymous identifiers