A survey on pseudonym changing strategies for Vehicular Ad-Hoc Networks

The initial phase of the deployment of Vehicular Ad-Hoc Networks (VANETs) has begun and many research challenges still need to be addressed. Location privacy continues to be in the top of these challenges. Indeed, both of academia and industry agreed to apply the pseudonym changing approach as a solution to protect the location privacy of VANETs'users. However, due to the pseudonyms linking attack, a simple changing of pseudonym shown to be inefficient to provide the required protection. For this reason, many pseudonym changing strategies have been suggested to provide an effective pseudonym changing. Unfortunately, the development of an effective pseudonym changing strategy for VANETs is still an open issue. In this paper, we present a comprehensive survey and classification of pseudonym changing strategies. We then discuss and compare them with respect to some relevant criteria. Finally, we highlight some current researches, and open issues and give some future directions

Towards a Framework for Preserving Privacy in VANET

Vehicular Ad-hoc Network (VANET) is envisioned as an integral part of the Intelligent Transportation Systems as it promises various services and benefits such as road safety, traffic efficiency, navigation and infotainment services. However, the security and privacy risks associated with the wireless communication are often overlooked. Messages exchanged in VANET wireless communication carry inferable Personally Identifiable Information(PII). This introduces several privacy threats that could limit the adoption of VANET. The quantification of these privacy threats is an active research area in VANET security and privacy domains. The Pseudonymisation technique is currently the most preferred solution for critical privacy threats in VANET to provide conditional anonymous authentication. In the existing literature, several Pseudonym Changing Schemes(PCS) have been proposed as effective de-identification approaches to prevent the inference of PII. However, for various reasons, none of the proposed schemes received public acceptance. Moreover, one of the open research challenges is to compare different PCSs under varying circumstances with a set of standardized experimenting parameters and consistent metrics. In this research, we propose a framework to assess the effectiveness of PCSs in VANET with a systematic approach. This comprehensive equitable framework consists of a variety of building blocks which are segmented into correlated sub-domains named Mobility Models, Adversary Models, and Privacy Metrics. Our research introduces a standard methodology to evaluate and compare VANET PCSs using a generic simulation setup to obtain optimal, realistic and most importantly, consistent results. This road map for the simulation setup aims to help the research \& development community to develop, assess and compare the PCS with standard set of parameters for proper analysis and reporting of new PCSs. The assessment of PCS should not only be equitable but also realistic and feasible. Therefore, the sub-domains of the framework need coherent as well as practically applicable characteristics. The Mobility Model is the layout of the traffic on the road which has varying features such as traffic density and traffic scenarios based on the geographical maps. A diverse range of Adversary Models is important for pragmatic evaluation of the PCSs which not only considers the presence of global passive adversary but also observes the effect of intelligent and strategic \u27local attacker\u27 placements. The biggest challenge in privacy measurement is the fact that it is a context-based evaluation. In the literature, the PCSs are evaluated using either user-oriented or adversary-oriented metrics. Under all circumstances, the PCSs should be assessed from both user and adversary perspectives. Using this framework, we determined that a local passive adversary can be strong based on the attacking capabilities. Therefore, we propose two intelligent adversary placements which help in privacy assessment with realistic adversary modelling. When the existing PCSs are assessed with our systematic approach, consistent models and metrics, we identified the privacy vulnerabilities and the limitations of existing PCSs. There was a need for comprehensive PCS which consider the context of the vehicles and the changing traffic patterns in the neighbourhood. Consequently, we developed a Context-Aware \& Traffic Based PCS that focuses on increasing the overall rate of confusion for the adversary and to reduce deterministic information regarding the pseudonym change. It is achieved by increasing the number of dynamic attributes in the proposed PCS for inference of the changing pattern of the pseudonyms. The PCS increases the anonymity of the vehicle by having the synchronized pseudonym changes. The details given under the sub-domains of the framework solidifies our findings to strengthen the privacy assessment of our proposed PCS

Security and Privacy Preservation in Vehicular Social Networks

Improving road safety and traffic efficiency has been a long-term endeavor for the government, automobile industry and academia. Recently, the U.S. Federal Communication Commission (FCC) has allocated a 75 MHz spectrum at 5.9 GHz for vehicular communications, opening a new door to combat the road fatalities by letting vehicles communicate to each other on the roads. Those communicating vehicles form a huge Ad Hoc Network, namely Vehicular Ad Hoc Network (VANET). In VANETs, a variety of applications ranging from the safety related (e.g. emergence report, collision warning) to the non-safety related (e.g., delay tolerant network, infortainment sharing) are enabled by vehicle-to-vehicle (V-2-V) and vehicle-to-roadside (V-2-I) communications. However, the flourish of VANETs still hinges on fully understanding and managing the challenging issues over which the public show concern, particularly, security and privacy preservation issues. If the traffic related messages are not authenticated and integrity-protected in VANETs, a single bogus and/or malicious message can potentially incur a terrible traffic accident. In addition, considering VANET is usually implemented in civilian scenarios where locations of vehicles are closely related to drivers, VANET cannot be widely accepted by the public if VANET discloses the privacy information of the drivers, i.e., identity privacy and location privacy. Therefore, security and privacy preservation must be well addressed prior to its wide acceptance. Over the past years, much research has been done on considering VANET's unique characteristics and addressed some security and privacy issues in VANETs; however, little of it has taken the social characteristics of VANET into consideration. In VANETs, vehicles are usually driven in a city environment, and thus we can envision that the mobility of vehicles directly reflects drivers' social preferences and daily tasks, for example, the places where they usually go for shopping or work. Due to these human factors in VANETs, not only the safety related applications but also the non-safety related applications will have some social characteristics. In this thesis, we emphasize VANET's social characteristics and introduce the concept of vehicular social network (VSN), where both the safety and non-safety related applications in VANETs are influenced by human factors including human mobility, human self-interest status, and human preferences. In particular, we carry on research on vehicular delay tolerant networks and infotainment sharing --- two important non-safety related applications of VSN, and address the challenging security and privacy issues related to them. The main contributions are, i) taking the human mobility into consideration, we first propose a novel social based privacy-preserving packet forwarding protocol, called SPRING, for vehicular delay tolerant network, which is characterized by deploying roadside units (RSUs) at high social intersections to assist in packet forwarding. With the help of high-social RSUs, the probability of packet drop is dramatically reduced and as a result high reliability of packet forwarding in vehicular delay tolerant network can be achieved. In addition, the SPRING protocol also achieves conditional privacy preservation and resist most attacks facing vehicular delay tolerant network, such as packet analysis attack, packet tracing attack, and black (grey) hole attacks. Furthermore, based on the ``Sacrificing the Plum Tree for the Peach Tree" --- one of the Thirty-Six Strategies of Ancient China, we also propose a socialspot-based packet forwarding (SPF) protocol for protecting receiver-location privacy, and present an effective pseudonyms changing at social spots strategy, called PCS, to facilitate vehicles to achieve high-level location privacy in vehicular social network; ii) to protect the human factor --- interest preference privacy in vehicular social networks, we propose an efficient privacy-preserving protocol, called FLIP, for vehicles to find like-mined ones on the road, which allows two vehicles sharing the common interest to identify each other and establish a shared session key, and at the same time, protects their interest privacy (IP) from other vehicles who do not share the same interest on the road. To generalize the FLIP protocol, we also propose a lightweight privacy-preserving scalar product computation (PPSPC) protocol, which, compared with the previously reported PPSPC protocols, is more efficient in terms of computation and communication overheads; and iii) to deal with the human factor -- self-interest issue in vehicular delay tolerant network, we propose a practical incentive protocol, called Pi, to stimulate self-interest vehicles to cooperate in forwarding bundle packets. Through the adoption of the proper incentive policies, the proposed Pi protocol can not only improve the whole vehicle delay tolerant network's performance in terms of high delivery ratio and low average delay, but also achieve the fairness among vehicles. The research results of the thesis should be useful to the implementation of secure and privacy-preserving vehicular social networks

A distributed mix-context-based method for location privacy in road networks

Preserving location privacy is increasingly an essential concern in Vehicular Adhoc Networks (VANETs). Vehicles broadcast beacon messages in an open form that contains information including vehicle identity, speed, location, and other headings. An adversary may track the various locations visited by a vehicle using sensitive information transmitted in beacons such as vehicle identity and location. By matching the vehicle identity used in beacon messages at various locations, an adversary learns the location history of a vehicle. This compromises the privacy of the vehicle driver. In existing research work, pseudonyms are used in place of the actual vehicle identity in the beacons. Pseudonyms should be changed regularly to safeguard the location privacy of vehicles. However, applying simple change in pseudonyms does not always provide location privacy. Existing schemes based on mix zones operate efficiently in higher traffic environments but fail to provide privacy in lower vehicle traffic densities. In this paper, we take the problem of location privacy in diverse vehicle traffic densities. We propose a new Crowd-based Mix Context (CMC) privacy scheme that provides location privacy as well as identity protection in various vehicle traffic densities. The pseudonym changing process utilizes context information of road such as speed, direction and the number of neighbors in transmission range for the anonymisation of vehicles, adaptively updating pseudonyms based on the number of a vehicle neighbors in the vicinity. We conduct formal modeling and specification of the proposed scheme using High-Level Petri Nets (HPLN). Simulation results validate the effectiveness of CMC in terms of location anonymisation, the probability of vehicle traceability, computation time (cost) and effect on vehicular applications

Secure and Authenticated Message Dissemination in Vehicular ad hoc Networks and an Incentive-Based Architecture for Vehicular Cloud

Vehicular ad hoc Networks (VANETs) allow vehicles to form a self-organized network. VANETs are likely to be widely deployed in the future, given the interest shown by industry in self-driving cars and satisfying their customers various interests. Problems related to Mobile ad hoc Networks (MANETs) such as routing, security, etc.have been extensively studied. Even though VANETs are special type of MANETs, solutions proposed for MANETs cannot be directly applied to VANETs because all problems related to MANETs have been studied for small networks. Moreover, in MANETs, nodes can move randomly. On the other hand, movement of nodes in VANETs are constrained to roads and the number of nodes in VANETs is large and covers typically large area. The following are the contributions of the thesis. Secure, authenticated, privacy preserving message dissemination in VANETs: When vehicles in VANET observe phenomena such as accidents, icy road condition, etc., they need to disseminate this information to vehicles in appropriate areas so the drivers of those vehicles can take appropriate action. When such messages are disseminated, the authenticity of the vehicles disseminating such messages should be verified while at the same time the anonymity of the vehicles should be preserved. Moreover, to punish the vehicles spreading malicious messages, authorities should be able to trace such messages to their senders when necessary. For this, we present an efficient protocol for the dissemination of authenticated messages. Incentive-based architecture for vehicular cloud: Due to the advantages such as exibility and availability, interest in cloud computing has gained lot of attention in recent years. Allowing vehicles in VANETs to store the collected information in the cloud would facilitate other vehicles to retrieve this information when they need. In this thesis, we present a secure incentive-based architecture for vehicular cloud. Our architecture allows vehicles to collect and store information in the cloud; it also provides a mechanism for rewarding vehicles that contributing to the cloud. Privacy preserving message dissemination in VANETs: Sometimes, it is sufficient to ensure the anonymity of the vehicles disseminating messages in VANETs. We present a privacy preserving message dissemination protocol for VANETs

SECURITY, PRIVACY AND APPLICATIONS IN VEHICULAR AD HOC NETWORKS

With wireless vehicular communications, Vehicular Ad Hoc Networks (VANETs) enable numerous applications to enhance traffic safety, traffic efficiency, and driving experience. However, VANETs also impose severe security and privacy challenges which need to be thoroughly investigated. In this dissertation, we enhance the security, privacy, and applications of VANETs, by 1) designing application-driven security and privacy solutions for VANETs, and 2) designing appealing VANET applications with proper security and privacy assurance. First, the security and privacy challenges of VANETs with most application significance are identified and thoroughly investigated. With both theoretical novelty and realistic considerations, these security and privacy schemes are especially appealing to VANETs. Specifically, multi-hop communications in VANETs suffer from packet dropping, packet tampering, and communication failures which have not been satisfyingly tackled in literature. Thus, a lightweight reliable and faithful data packet relaying framework (LEAPER) is proposed to ensure reliable and trustworthy multi-hop communications by enhancing the cooperation of neighboring nodes. Message verification, including both content and signature verification, generally is computation-extensive and incurs severe scalability issues to each node. The resource-aware message verification (RAMV) scheme is proposed to ensure resource-aware, secure, and application-friendly message verification in VANETs. On the other hand, to make VANETs acceptable to the privacy-sensitive users, the identity and location privacy of each node should be properly protected. To this end, a joint privacy and reputation assurance (JPRA) scheme is proposed to synergistically support privacy protection and reputation management by reconciling their inherent conflicting requirements. Besides, the privacy implications of short-time certificates are thoroughly investigated in a short-time certificates-based privacy protection (STCP2) scheme, to make privacy protection in VANETs feasible with short-time certificates. Secondly, three novel solutions, namely VANET-based ambient ad dissemination (VAAD), general-purpose automatic survey (GPAS), and VehicleView, are proposed to support the appealing value-added applications based on VANETs. These solutions all follow practical application models, and an incentive-centered architecture is proposed for each solution to balance the conflicting requirements of the involved entities. Besides, the critical security and privacy challenges of these applications are investigated and addressed with novel solutions. Thus, with proper security and privacy assurance, these solutions show great application significance and economic potentials to VANETs. Thus, by enhancing the security, privacy, and applications of VANETs, this dissertation fills the gap between the existing theoretic research and the realistic implementation of VANETs, facilitating the realistic deployment of VANETs

Location Privacy in VANETs: Improved Chaff-Based CMIX and Privacy-Preserving End-to-End Communication

VANETs communication systems are technologies and defined policies that can be formed to enable ITS applications to provide road traffic efficacy, warning about such issues as environmental dangers, journey circumstances, and in the provision of infotainment that considerably enhance transportation safety and quality. The entities in VANETs, generally vehicles, form part of a massive network known as the Internet of Vehicles (IoV). The deployment of large-scale VANETs systems is impossible without ensuring that such systems are themselves are safe and secure, protecting the privacy of their users. There is a risk that cars might be hacked, or their sensors become defective, causing inaccurate information to be sent across the network. Consequently, the activities and credentials of participating vehicles should be held responsible and quickly broadcast throughout a vast VANETs, considering the accountability in the system. The openness of wireless communication means that an observer can eavesdrop on vehicular communication and gain access or otherwise deduce users' sensitive information, and perhaps profile vehicles based on numerous factors such as tracing their travels and the identification of their home/work locations. In order to protect the system from malicious or compromised entities, as well as to preserve user privacy, the goal is to achieve communication security, i.e., keep users' identities hidden from both the outside world and the security infrastructure and service providers. Being held accountable while still maintaining one's privacy is a difficult balancing act. This thesis explores novel solution paths to the above challenges by investigating the impact of low-density messaging to improve the security of vehicle communications and accomplish unlinkability in VANETs. This is achieved by proposing an improved chaff-based CMIX protocol that uses fake messages to increase density to mitigate tracking in this scenario. Recently, Christian \etall \cite{vaas2018nowhere} proposed a Chaff-based CMIX scheme that sends fake messages under the presumption low-density conditions to enhance vehicle privacy and confuse attackers. To accomplish full unlinkability, we first show the following security and privacy vulnerabilities in the Christian \etall scheme: linkability attacks outside the CMIX may occur due to deterministic data-sharing during the authentication phase (e.g., duplicate certificates for each communication). Adversaries may inject fake certificates, which breaks Cuckoo Filters' (CFs) updates authenticity, and the injection may be deniable. CMIX symmetric key leakage outside the coverage may occur. We propose a VPKI-based protocol to mitigate these issues. First, we use a modified version of Wang \etall's \cite{wang2019practical} scheme to provide mutual authentication without revealing the real identity. To this end, a vehicle's messages are signed with a different pseudo-identity “certificate”. Furthermore, the density is increased via the sending of fake messages during low traffic periods to provide unlinkability outside the mix-zone. Second, unlike Christian \etall's scheme, we use the Adaptive Cuckoo Filter (ACF) instead of CF to overcome the effects of false positives on the whole filter. Moreover, to prevent any alteration of the ACFs, only RUSs distribute the updates, and they sign the new fingerprints. Third, mutual authentication prevents any leakage from the mix zones' symmetric keys by generating a fresh one for each communication through a Diffie–Hellman key exchange. As a second main contribution of this thesis, we focus on the V2V communication without the interference of a Trusted Third Party (TTP)s in case this has been corrupted, destroyed, or is out of range. This thesis presents a new and efficient end-to-end anonymous key exchange protocol based on Yang \etall's \cite{yang2015self} self-blindable signatures. In our protocol, vehicles first privately blind their own private certificates for each communication outside the mix-zone and then compute an anonymous shared key based on zero-knowledge proof of knowledge (PoK). The efficiency comes from the fact that once the signatures are verified, the ephemeral values in the PoK are also used to compute a shared key through an authenticated Diffie-Hellman key exchange protocol. Therefore, the protocol does not require any further external information to generate a shared key. Our protocol also does not require interfacing with the Roadside Units or Certificate Authorities, and hence can be securely run outside the mixed-zones. We demonstrate the security of our protocol in ideal/real simulation paradigms. Hence, our protocol achieves secure authentication, forward unlinkability, and accountability. Furthermore, the performance analysis shows that our protocol is more efficient in terms of computational and communications overheads compared to existing schemes.Kuwait Cultural Offic

Reputation systems and secure communication in vehicular networks

A thorough review of the state of the art will reveal that most VANET applications rely on Public Key Infrastructure (PKI), which uses user certificates managed by a Certification Authority (CA) to handle security. By doing so, they constrain the ad-hoc nature of the VANET imposing a frequent connection to the CA to retrieve the Certificate Revocation List (CRL) and requiring some degree of roadside infrastructure to achieve that connection. Other solutions propose the usage of group signatures where users organize in groups and elect a group manager. The group manager will need to ensure that group members do not misbehave, i.e., do not spread false information, and if they do punish them, evict them from the group and report them to the CA; thus suffering from the same CRL retrieval problem. In this thesis we present a fourfold contribution to improve security in VANETs. First and foremost, Chains of Trust describes a reputation system where users disseminate Points of Interest (POIs) information over the network while their privacy remains protected. It uses asymmetric cryptography and users are responsible for the generation of their own pair of public and private keys. There is no central entity which stores the information users input into the system; instead, that information is kept distributed among the vehicles that make up the network. On top of that, this system requires no roadside infrastructure. Precisely, our main objective with Chains of Trust was to show that just by relying on people¿s driving habits and the sporadic nature of their encounters with other drivers a successful reputation system could be built. The second contribution of this thesis is the application simulator poiSim. Many¿s the time a new VANET application is presented and its authors back their findings using simulation results from renowned networks simulators like ns-2. The major issue with network simulators is that they were not designed with that purpose in mind and handling simulations with hundreds of nodes requires a massive processing power. As a result, authors run small simulations (between 50 and 100 nodes) with vehicles that move randomly in a squared area instead of using real maps, which rend unrealistic results. We show that by building tailored application simulators we can obtain more realistic results. The application simulator poiSim processes a realistic mobility trace produced by a Multi-agent Microscopic Traffic Simulator developed at ETH Zurich, which accurately describes the mobility patterns of 259,977 vehicles over regional maps of Switzerland for 24 hours. This simulation runs on a desktop PC and lasts approximately 120 minutes. In our third contribution we took Chains of Trust one step further in the protection of user privacy to develop Anonymous Chains of Trust. In this system users can temporarily exchange their identity with other users they trust, thus making it impossible for an attacker to know in all certainty who input a particular piece of information into the system. To the best of our knowledge, this is the first time this technique has been used in a reputation system. Finally, in our last contribution we explore a different form of communication for VANETs. The vast majority of VANET applications rely on the IEEE 802.11p/Wireless Access in Vehicular Environments (WAVE) standard or some other form of radio communication. This poses a security risk if we consider how vulnerable radio transmission is to intentional jamming and natural interferences: an attacker could easily block all radio communication in a certain area if his transmitter is powerful enough. Visual Light Communication (VLC), on the other hand, is resilient to jamming over a wide area because it relies on visible light to transmit information and ,unlike WAVE, it has no scalability problems. In this thesis we show that VLC is a secure and valuable form of communication in VANETs

A Blockchain Based Certificate Revocation Scheme For Vehicular Communication Systems

Both the academy and industry believe that Intelligent Transportation System (ITS) would be achievable in one decade since modern vehicle and communication technologies advanced apace. Vehicular Communication System (VCS) introduces information technology to the ITS and aims to improve road safety and traffic efficiency. In recent year, security and privacy schemes in VCS are becoming important. However, recovery mechanisms to eliminate the negative effect of security and privacy attacks are still an important topic for research. Therefore, the certificate revocation scheme is considered as a feasible technique to prevent the system from potential attacks. The major challenge of the certificate revocation scheme is to achieve low-cost operation since the communication resources must be capable of carrying various applications apart from the security and privacy purposes. In this paper, we propose an efficient certificate revocation scheme in VCS. The Blockchain concept is introduced to simplify the network structure and distributed maintenance of the Certificate Revocation List (CRL). The proposed scheme embeds part of the certificate revocation functions within the security and privacy applications, aiming to reduce the communication overhead and shorten the processing time cost. Extensive simulations and analysis show the effectiveness and efficiency of the proposed scheme, in which the Blockchain structure costs fewer network resources and gives a more economic solution to against further cybercrime attacks