Towards a comparable evaluation for VANET protocols: NS-2 experiments builder assistant and extensible test bed

Proceedings of: 9th Embedded Security in Cars Conference (ESCAR 2011), November 9 to 10, 2011, Dresden, GermanyIn order to validate an Intelligent Transportation System (ITS) application or service, simulation techniques are usually employed. Nowadays, there are two problems associated to this kind of validation: the relative complexity of existing simulators and the lack of common criteria in the creation of simulation experiments. The first one makes it hard for users not familiar with a simulation tool to create and execute comprehensive experiments. The second one leads to a situation in which different proposals are validated in different scenarios, thus making it difficult to compare their performance. This work contributes on addressing both problems by proposing VanSimFM, an open-source assistant tool for creating NS-2 simulation experiments, and by defining an extensible test bed which contains a set of simulation scenarios. The test bed is intended to represent the different situations that may be found in a real vehicular environment.This work is partially supported by Ministerio de Ciencia e Innovacion of Spain, project E-SAVE, under grant TIN2009-13461.No publicad

Security models in Vehicular ad-hoc networks: a survey

The security and privacy issues of vehicular ad-hoc networks (VANETs) must be addressed before they are implemented. For this purpose, several academic and industrial proposals have been developed. Given that several of them are intended to co-exist, it is necessary that they consider compatible security models. This paper presents a survey on the underlying security models of 41 recent proposals. Four key aspects in VANET security are studied, namely trust on vehicles, trust on infrastructure entities, existence of trusted third parties and attacker features. Based on the survey analysis, a basic mechanism to compare VANET security models is also proposed, thus highlighting their similarities and differences.This work is partially founded by Ministerio de Ciencia e Innovacion of Spain under grant TIN2009-13461 (project E-SAVE).Publicad

A Trust Model for Vehicular Network-Based Incident Reports

Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) networks are ephemeral, short-duration wireless networks that have the potential to improve the overall driving experience through the exchange of information between vehicles. V2V and V2I networks operate primarily by distributing real-time incident reports regarding potential traffic problems such as traffic jams, accidents, bad roads and so on to other vehicles in their vicinity over a multi-hop network. However, given the presence of malicious entities, blindly trusting such incident reports (even the one received through a cryptographically secure channel) can lead to undesirable consequences. In this paper, we propose an approach to determine the likelihood of the accuracy of V2V incident reports based on the trustworthiness of the report originator and those vehicles that forward it. The proposed approach takes advantage of existing road-side units (RSU) based V2I communication infrastructure deployed and managed by central traffic authorities, which can be used to collect vehicle behavior information in a crowd-sourcedfashion for constructing a more comprehensive view of vehicle trustworthiness. For validating our scheme, we implemented a V2V/V2I trust simulator by extending an existing V2V simulator with trust management capabilities. Preliminary analysis of the model shows promising results. By combining our trust modeling technique with a threshold-based decision strategy, we observed on average 85% accuracy

Reputation systems and secure communication in vehicular networks

A thorough review of the state of the art will reveal that most VANET applications rely on Public Key Infrastructure (PKI), which uses user certificates managed by a Certification Authority (CA) to handle security. By doing so, they constrain the ad-hoc nature of the VANET imposing a frequent connection to the CA to retrieve the Certificate Revocation List (CRL) and requiring some degree of roadside infrastructure to achieve that connection. Other solutions propose the usage of group signatures where users organize in groups and elect a group manager. The group manager will need to ensure that group members do not misbehave, i.e., do not spread false information, and if they do punish them, evict them from the group and report them to the CA; thus suffering from the same CRL retrieval problem. In this thesis we present a fourfold contribution to improve security in VANETs. First and foremost, Chains of Trust describes a reputation system where users disseminate Points of Interest (POIs) information over the network while their privacy remains protected. It uses asymmetric cryptography and users are responsible for the generation of their own pair of public and private keys. There is no central entity which stores the information users input into the system; instead, that information is kept distributed among the vehicles that make up the network. On top of that, this system requires no roadside infrastructure. Precisely, our main objective with Chains of Trust was to show that just by relying on people¿s driving habits and the sporadic nature of their encounters with other drivers a successful reputation system could be built. The second contribution of this thesis is the application simulator poiSim. Many¿s the time a new VANET application is presented and its authors back their findings using simulation results from renowned networks simulators like ns-2. The major issue with network simulators is that they were not designed with that purpose in mind and handling simulations with hundreds of nodes requires a massive processing power. As a result, authors run small simulations (between 50 and 100 nodes) with vehicles that move randomly in a squared area instead of using real maps, which rend unrealistic results. We show that by building tailored application simulators we can obtain more realistic results. The application simulator poiSim processes a realistic mobility trace produced by a Multi-agent Microscopic Traffic Simulator developed at ETH Zurich, which accurately describes the mobility patterns of 259,977 vehicles over regional maps of Switzerland for 24 hours. This simulation runs on a desktop PC and lasts approximately 120 minutes. In our third contribution we took Chains of Trust one step further in the protection of user privacy to develop Anonymous Chains of Trust. In this system users can temporarily exchange their identity with other users they trust, thus making it impossible for an attacker to know in all certainty who input a particular piece of information into the system. To the best of our knowledge, this is the first time this technique has been used in a reputation system. Finally, in our last contribution we explore a different form of communication for VANETs. The vast majority of VANET applications rely on the IEEE 802.11p/Wireless Access in Vehicular Environments (WAVE) standard or some other form of radio communication. This poses a security risk if we consider how vulnerable radio transmission is to intentional jamming and natural interferences: an attacker could easily block all radio communication in a certain area if his transmitter is powerful enough. Visual Light Communication (VLC), on the other hand, is resilient to jamming over a wide area because it relies on visible light to transmit information and ,unlike WAVE, it has no scalability problems. In this thesis we show that VLC is a secure and valuable form of communication in VANETs

Securing Data Dissemination in Vehicular ad hoc Networks

Vehicular ad hoc networks (VANETs) are a subclass of mobile ad hoc networks (MANETs) in which the mobile nodes are vehicles; these vehicles are autonomous systems connected by wireless communication on a peer-to-peer basis. They are self-organized, self-configured and self-controlled infrastructure-less networks. This kind of network has the advantage of being able to be set-up and deployed anywhere and anytime because it has no infrastructure set-up and no central administration. Distributing information between these vehicles over long ranges in such networks, however, is a very challenging task, since sharing information always has a risk attached to it especially when the information is confidential. The disclosure of such information to anyone else other than the intended parties could be extremely damaging, particularly in military applications where controlling the dissemination of messages is essential. This thesis therefore provides a review of the issue of security in VANET and MANET; it also surveys existing solutions for dissemination control. It highlights a particular area not adequately addressed until now: controlling information flow in VANETs. This thesis contributes a policy-based framework to control the dissemination of messages communicated between nodes in order to ensure that message remains confidential not only during transmission, but also after it has been communicated to another peer, and to keep the message contents private to an originator-defined subset of nodes in the VANET. This thesis presents a novel framework to control data dissemination in vehicle ad hoc networks in which policies are attached to messages as they are sent between peers. This is done by automatically attaching policies along with messages to specify how the information can be used by the receiver, so as to prevent disclosure of the messages other than consistent with the requirements of the originator. These requirements are represented as a set of policy rules that explicitly instructs recipients how the information contained in messages can be disseminated to other nodes in order to avoid unintended disclosure. This thesis describes the data dissemination policy language used in this work; and further describes the policy rules in order to be a suitable and understandable language for the framework to ensure the confidentiality requirement of the originator. This thesis also contributes a policy conflict resolution that allows the originator to be asked for up-to-date policies and preferences. The framework was evaluated using the Network Simulator (NS-2) to provide and check whether the privacy and confidentiality of the originators’ messages were met. A policy-based agent protocol and a new packet structure were implemented in this work to manage and enforce the policies attached to packets at every node in the VANET. Some case studies are presented in this thesis to show how data dissemination can be controlled based on the policy of the originator. The results of these case studies show the feasibility of our research to control the data dissemination between nodes in VANETs. NS-2 is also used to test the performance of the proposed policy-based agent protocol and demonstrate its effectiveness using various network performance metrics (average delay and overhead)

Soluciones para la autenticación y gestión de subredes en manets y vanets

En los últimos años las redes inalámbricas están ganando cada vez más popularidad conforme sus prestaciones aumentan y se descubren nuevas aplicaciones. Dichas redes permiten a sus usuarios acceder a información y recursos en tiempo real sin necesidad de estar físicamente conectados. Además, ofrecen una gran flexibilidad a un bajo coste ya que en general no hay necesidad de usar instalaciones cableadas lo que implica que sean fácilmente desplegables. Es por eso que resultan muy útiles en entornos donde es muy costoso instalar infraestructuras fijas, como son entornos militares, agrícolas, situaciones de emergencia, etc. Las redes móviles ad-hoc o MANETs (Mobile Ad-hoc NETworks) son un tipo de red inalámbrica, distribuida y sin autoridad central en las que los nodos son móviles. El comportamiento de una MANET es en muchos aspectos similar al de una red Peer-TO-Peer (P2P) pues en ambos casos los nodos de la red reciben y envían información de forma descentralizada. La gestión de las MANETs conlleva muchas dificultades ya que por ejemplo su topología cambia constantemente debido a la movilidad de los nodos y a la inexistencia de una infraestructura fija. Las redes ad-hoc vehiculares o VANETs (Vehicular Ad-hoc NETworks) pueden considerarse un subconjunto de las MANETs en las que los nodos móviles son vehículos. En su definición clásica, las VANETs permiten comunicar información no solo entre las unidades a bordo u OBUs (On Board Units) situadas en los vehículos, sino también con la infraestructura de la carretera o RSU (Road Side Unit). El objetivo principal de estos sistemas es proporcionar un mejor conocimiento de las condiciones de las carreteras a los conductores para reducir el número de accidentes y lograr que la conducción sea más cómoda y fluida, reduciendo con ello la cantidad de CO2 que los vehículos expulsan a la atmósfera. Las redes ad-hoc son especialmente vulnerables a varios tipos de ataques, tanto activos como pasivos. Por ejemplo, un atacante puede intentar emular a un nodo legítimo y capturar paquetes de datos y de control, destruir tablas de encaminamiento, etc. En particular, los efectos de los ataques a las VANETs pueden ser muy destructivos, ya que pueden llegar incluso a causar muertes. Por este motivo, el propósito fundamental de la presente Tesis es la propuesta de nuevas herramientas que permitan proteger las redes móviles ad-hoc contra diferentes ataques, asegurando en la medida de lo posible que la generación de información, así como su retransmisión se realizan correctamente. Para ello, se proponen y analizan aquí nuevos esquemas de autenticación y gestión de subredes en MANETs y VANETs. Hay que destacar que las simulaciones juegan un papel fundamental en este trabajo ya que permiten analizar y evaluar el comportamiento de las propuestas realizadas a gran escala y en diversas condiciones. En particular, gran parte de los algoritmos diseñados en esta Tesis han sido simulados con el simulador de redes NS-2 y el simulador de tráfico SUMO. También son de gran interés en esta Tesis las implementaciones de algunas de las propuestas en dispositivos reales, ya que no sólo permiten evaluar su comportamiento en entornos reales, sino descubrir problemas que las simulaciones no detectan, y obtener datos reales para alimentar simulaciones a gran escala. Las implementaciones en dispositivos reales se han llevado a cabo en particular en la plataforma Windows Mobile usando Visual Studio 2008. Como resultado práctico de este trabajo, y en colaboración con otras investigaciones, surge VAiPho (VANET in Phones), que es una herramienta para la asistencia a la conducción. VAiPho permite crear una red vehicular real utilizando únicamente teléfonos móviles inteligentes, sin necesidad de instalar ningún tipo de infraestructura ni en los vehículos ni en la carretera. VAiPho cuenta ya con varias aplicaciones en entornos urbanos, tales como la detección de atascos, plazas de aparcamiento libres y vehículo aparcado. Dicha herramienta es el producto de la implementación de una patente presentada

Diseño e implementación de VanSimFM, un asistente para la generación de escenarios vehiculares en NS-2

Las redes vehiculares ad-hoc (VANET) serán, con toda probabilidad, el gran salto de las TIC en la industria automovilística tan pronto como se disponga de modelos de comportamiento que justifiquen las inversiones necesarias para desarrollar los dispositivos hardware y las aplicaciones que den contenido a esas redes. En la práctica, estos modelos de comportamiento sólo pueden obtenerse, a un coste asumible, a través de aplicaciones de simulación capaces de predecir el comportamiento de una aplicación o protocolo para VANET en diferentes escenarios. Aunque se dispone de un gran número de simuladores, tanto de movilidad como de red, existen dificultades importantes para su uso de forma confortable: - Su manejo no es sencillo, y varía bastante de una herramienta a otra. - La interacción entre simuladores de movilidad y red también resulta compleja. - Al trabajar cada investigador sobre parámetros diferentes de los demás, a veces resulta difícil o imposible comparar resultados de simulaciones del mismo modelo realizadas con criterios distintos. Ante esta situación, este proyecto plantea el análisis, diseño y construcción de un sistema que: - Integre diferentes simuladores disponibles. - Automatice la interacción entre simuladores de movilidad y de red. - Simplifique y haga homogénea la creación de experimentos de simulación. - Permita la incorporación de nuevas funcionalidades y herramientas. Adicionalmente, el proyecto pretende construir un catálogo de experimentos de simulación con los escenarios más representativos del entorno real de las VANET. _________________________________________________________________________________________________________________Ad-hoc vehicular networks (VANET) will become, with a high probability, the big bet of the Information and Communication Technologies into the automotive industry, as soon as models of behavior are made available to justify the costs of developing new hardware devices and applications that build those nets and their contents. In practice, those behavioral models can only be obtained, at a reasonable cost, by using simulation applications capable of predicting the behavior of a VANET on different scenarios. Even though such tools already exist, for mobility and network simulations, there are some important difficulties for them to be used in a comfortable way: - Use is not simple, and quite different from tool to tool. - The interaction among mobility and network simulation tools is also fairly complex. - As each person works on parameters different from the others, sometimes is difficult or even impossible to compare simulation results of a single model elaborated by two different set of criteria. To face such situation, this project proposes the analysis, design and construction of a system that: - Integrates different simulation tools available. - Automates the interactions among mobility and network simulation tools. - Simplify and homogenize the definition of simulation experiments. - Allows the inclusion of new functionalities/tools. Additionally, the project will attempt to create a catalog of simulation experiments that includes the most representative scenarios of the VANET’s real environment.Ingeniería en Informátic

A vector symbolic approach for cognitive services and decentralized workflows

The proliferation of smart devices and sensors known as the Internet of Things (IoT), along with the transformation of mobile phones into powerful handheld computers as well as the continuing advancement in high-speed communication technologies, introduces new possibilities for collaborative distributed computing and collaborative workflows along with a new set of problems to be solved. However, traditional service-based applications, in fixed networks, are typically constructed and managed centrally and assume stable service endpoints and adequate network connectivity. Constructing and maintaining such applications in dynamic heterogeneous wireless networked environments, where limited bandwidth and transient connectivity are commonplace, presents significant challenges and makes centralized application construction and management impossible. The key objective for this thesis can be summarised as follows: a means is required to discover and orchestrate sequences of micro-services, i.e., workflows, on-demand, using currently available distributed resources (compute devices, functional services, data and sensors) in spite of a poor quality (fragmented, low bandwidth) network infrastructure and without central control. It is desirable to be able to compose such workflows on-the-fly in order to fulfil an ‘intent’. The research undertaken investigates how service definition, service matching and decentralised service composition and orchestration can be achieved without centralised control using an approach based on a Binary Spatter Code Vector Symbolic Architec-ture and shows that the approach offers significant advantages in environments where communication networks are unreliable. The outcomes demonstrate a new cognitive workflow model that uses one-to-many communications to enable intelligent cooperation between self-describing service entities that can self-organise to complete a workflow task. Workflow orchestration overhead was minimised using two innovations, a local arbitration mechanism that uses a delayed response mechanism to suppress responses that are not an ideal match and the holographic nature of VSA descriptions enables messages to be truncated without loss of meaning. A new hierarchical VSA encoding scheme was created that is scaleable to any number of vector embeddings including workflow steps. The encoding can also facilitate learning since it provides unique contexts for each step in a workflow. The encoding also enables service pre-provisioning because individual workflow steps can be decoded easily by any service receiving a multicast workflow vector. This thesis brings the state-of-the-art closer to the ability to discover distributed services on-the-fly to fulfil an intent and without the need for centralised management or the imperative definition of all service steps, including locations. The use of a mathematically deterministic distributed vector representation in the form of BSC vectors for both service objects and workflows enables a common language for all elements required to discover and execute workflows in decentralised transient environments and opens up the possibilities of employing learning algorithms that can advance the state-of-the-art in distributed workflows towards a true cognitive distributed network architectur