Secure Authentication and Privacy-Preserving Techniques in Vehicular Ad-hoc NETworks (VANETs)

In the last decade, there has been growing interest in Vehicular Ad Hoc NETworks (VANETs). Today car manufacturers have already started to equip vehicles with sophisticated sensors that can provide many assistive features such as front collision avoidance, automatic lane tracking, partial autonomous driving, suggestive lane changing, and so on. Such technological advancements are enabling the adoption of VANETs not only to provide safer and more comfortable driving experience but also provide many other useful services to the driver as well as passengers of a vehicle. However, privacy, authentication and secure message dissemination are some of the main issues that need to be thoroughly addressed and solved for the widespread adoption/deployment of VANETs. Given the importance of these issues, researchers have spent a lot of effort in these areas over the last decade. We present an overview of the following issues that arise in VANETs: privacy, authentication, and secure message dissemination. Then we present a comprehensive review of various solutions proposed in the last 10 years which address these issues. Our survey sheds light on some open issues that need to be addressed in the future

A transparent distributed ledger-based certificate revocation scheme for VANETs

The widespread adoption of Cooperative, Connected, and Automated Mobility (CCAM) applications requires the implementation of stringent security mechanisms to minimize the surface of cyber attacks. Authentication is an effective process for validating user identity in vehicular networks. However, authentication alone is not enough to prevent dangerous attack situations. Existing security mechanisms are not able to promptly revoke the credentials of misbehaving vehicles, thus tolerate malicious actors to remain trusted in the system for a long time. The resulting vulnerability window allows the implementation of complex attacks, thus posing a substantial impairment to the security of the vehicular ecosystem. In this paper we propose a Distributed Ledger-based Vehicular Revocation Scheme that improves the state of the art by providing a vulnerability window lower than 1 s, reducing well-behaved vehicles exposure to sophisticated and potentially dangerous attacks. The proposed scheme harnesses the advantages of the underlying Distributed Ledger Technology (DLT) to implement a privacy-aware revocation process while being fully transparent to all participating entities. Furthermore, it meets the critical message processing times defined by EU and US standards, thus closing a critical gap in the current international standards. Theoretical analysis and experimental validation demonstrate the effectiveness and efficiency of the proposed scheme, where DLT streamlines the revocation operation overhead and delivers an economically viable yet scalable solution against cyber attacks on vehicular systems

Vehicular Internet: Security & Privacy Challenges and Opportunities

The vehicular internet will drive the future of vehicular technology and intelligent transportation systems (ITS). Whether it is road safety, infotainment, or driver-less cars, the vehicular internet will lay the foundation for the future of road travel. Governments and companies are pursuing driver-less vehicles as they are considered to be more reliable than humans and, therefore, safer. The vehicles today are not just a means of transportation but are also equipped with a wide range of sensors that provide valuable data. If vehicles are enabled to share data that they collect with other vehicles or authorities for decision-making and safer driving, they thereby form a vehicular network. However, there is a lot at stake in vehicular networks if they are compromised. With the stakes so high, it is imperative that the vehicular networks are secured and made resilient to any attack or attempt that may have serious consequences. The vehicular internet can also be the target of a cyber attack, which can be devastating. In this paper, the opportunities that the vehicular internet offers are presented and then various security and privacy aspects are discussed and some solutions are presented

Data-centric trust in ephemeral networks

New network types require new security concepts. Surprisingly, trust – the ultimate goal of security – has not evolved as much as other concepts. In particular, the traditional notion of building trust in entities seems inadequate in an ephemeral environment where contacts among nodes are often short-lived and non-recurrent. It is actually the trustworthiness of the data that entities generate that matters most in these ephemeral networks. And what makes things more interesting is the continuous "humanization" of devices, by making them reflect more closely their owners' preferences, including the human sense of costs. Hence, in this thesis we study the notion of data-centric trust in an ephemeral network of rational nodes. The definition of a new notion requires specifying the corresponding basis, measures, and raison d'être. In the following chapters, we address these issues. We begin by defining the system and security models of an example ephemeral network, namely a vehicular network. Next, we delve into the subject of revocation in vehicular networks, before creating and analyzing a game-theoretic model of revocation, where the notion of cost-aware devices makes its first appearance in this thesis. This model not only makes possible the comparison of different revocation mechanisms in the literature, but also leads to the design of an optimal solution, the RevoGame protocol. With the security architecture in place, we formally define data-centric trust and compare several mechanisms for evaluating it. Notably, we apply the Dempster-Shafer Theory to cases of high uncertainty. Last but not least, we show that data-centric trust can reduce the privacy loss resulting from the need to establish trust. We first create a model of the trust-privacy tradeoff and then analyze it with game theory, in an environment of privacy-preserving entities. Our analysis shows that proper incentives can achieve this elusive tradeoff

Detecting Rogue Nodes In Vehicular Ad-hoc Networks (DETER)

Vehicular ad hoc Networks (VANETs) are self-organizing networks of vehicles equipped with radios and processors. VANETs are very promising as they can make driving safer by improving road awareness through sharing of information from sensors. Vehicles communicate with each other wirelessly to exchange information and this exchange of information is susceptible to attacks of different kinds. There are some very important issues that need to be resolved before VANETs can be deployed on large scale. Security and privacy issues are undoubtedly the most important factors that need to be resolved. Amongst various problems to be solved in VANETs is the issue of rogue nodes and their impact on the network. This thesis discusses the problems associated with the security and privacy of vehicular networks in the presence of rogue nodes. The rogue nodes can share / inject false data in the network which can cause serious harm. The techniques proposed make VANETs secure and prevent them from the harmful impact of rogue nodes. The proposed work makes the network safer by making it fault tolerant and resilient in the presence of rogue nodes that can be detected and reported. As VANETs are highly dynamic and fast moving so, a data centric scheme is proposed that can determine if a node is rogue or not just by analysing its data. The work then enhances the developed mechanism by applying hypothesis testing and other statistical techniques to detect intrusions in the network by rogue nodes. The technique is simulated using OMNET++, SUMO and VACAMobil and the results obtained have been presented, discussed and compared to previous works. In order to prevent rogue nodes from becoming part of the VANETs this thesis also presents a novel framework for managing the digital identity in the vehicular networks. This framework authenticates the user and the vehicle separately from two authorities and allows him to communicate securely with the infrastructure using IBE (Identity Based Encryption). The proposed technique also preserves the privacy of the user. The proposed scheme allows traceability and revocation so that users can be held accountable and penalised. The results have been compared to previous works of similar nature. The thesis also discusses the Sybil attack and how to detect them using game theory in a VANET environment

Protocols and Architecture for Privacy-preserving Authentication and Secure Message Dissemination in Vehicular Ad Hoc Networks

The rapid development in the automotive industry and wireless communication technologies have enhanced the popularity of Vehicular ad hoc networks (VANETs). Today, the automobile industry is developing sophisticated sensors that can provide a wide range of assistive features, including accident avoidance, automatic lane tracking, semi-autonomous driving, suggested lane changes, and more. VANETs can provide drivers a safer and more comfortable driving experience, as well as many other useful services by leveraging such technological advancements. Even though this networking technology enables smart and autonomous driving, it also introduces a plethora of attack vectors. However, the main issues to be sorted out and addressed for the widespread deployment/adoption of VANETs are privacy, authenticating users, and the distribution of secure messages. These issues have been addressed in this dissertation, and the contributions of this dissertation are summarized as follows: Secure and privacy-preserving authentication and message dissemination in VANETs: Attackers can compromise the messages disseminated within VANETs by tampering with the message content or sending malicious messages. Therefore, it is crucial to ensure the legitimacy of the vehicles participating in the VANETs as well as the integrity and authenticity of the messages transmitted in VANETs. In VANET communication, the vehicle uses pseudonyms instead of its real identity to protect its privacy. However, the real identity of a vehicle must be revealed when it is determined to be malicious. This dissertation presents a distributed and scalable privacy-preserving authentication and message dissemination scheme in VANET. Low overhead privacy-preserving authentication scheme in VANETs: The traditional pseudonym-based authentication scheme uses Certificate Revocation Lists (CRLs) to store the certificates of revoked and malicious entities in VANETs. However, the size of CRL increases significantly with the increased number of revoked entities. Therefore, the overhead involved in maintaining the revoked certificates is overwhelming in CRL-based solutions. This dissertation presents a lightweight privacy-preserving authentication scheme that reduces the overhead associated with maintaining CRLs in VANETs. Our scheme also provides an efficient look-up operation for CRLs. Efficient management of pseudonyms for privacy-preserving authentication in VANETs: In VANETs, vehicles change pseudonyms frequently to avoid the traceability of attackers. However, if only one vehicle out of 100 vehicles changes its pseudonym, an intruder can easily breach the privacy of the vehicle by linking the old and new pseudonym. This dissertation presents an efficient method for managing pseudonyms of vehicles. In our scheme, vehicles within the same region simultaneously change their pseudonyms to reduce the chance of linking two pseudonyms to the same vehicle

Host Based Intrusion Detection for VANETs: A statistical approach to Rogue Node Detection

In this paper, an intrusion detection system (IDS) for vehicular ad hoc networks (VANETs) is proposed and evaluated. The IDS is evaluated by simulation in the presence of rogue nodes (RNs) that can launch different attacks. The proposed IDS is capable of detecting a false information attack using statistical techniques effectively and can also detect other types of attacks. First, the theory and implementation of the VANET model that is used to train the IDS is discussed. Then, an extensive simulation and analysis of our model under different traffic conditions is conducted to identify the effects of these parameters in VANETs. In addition, the extensive data gathered in the simulations are presented using graphical and statistical techniques. Moreover, RNs are introduced in the network, and an algorithm is presented to detect these RNs. Finally, we evaluate our system and observe that the proposed application-layer IDS based on a cooperative information exchange mechanism is better for dynamic and fast-moving networks such as VANETs, as compared with other techniques available

SECURITY, PRIVACY AND APPLICATIONS IN VEHICULAR AD HOC NETWORKS

With wireless vehicular communications, Vehicular Ad Hoc Networks (VANETs) enable numerous applications to enhance traffic safety, traffic efficiency, and driving experience. However, VANETs also impose severe security and privacy challenges which need to be thoroughly investigated. In this dissertation, we enhance the security, privacy, and applications of VANETs, by 1) designing application-driven security and privacy solutions for VANETs, and 2) designing appealing VANET applications with proper security and privacy assurance. First, the security and privacy challenges of VANETs with most application significance are identified and thoroughly investigated. With both theoretical novelty and realistic considerations, these security and privacy schemes are especially appealing to VANETs. Specifically, multi-hop communications in VANETs suffer from packet dropping, packet tampering, and communication failures which have not been satisfyingly tackled in literature. Thus, a lightweight reliable and faithful data packet relaying framework (LEAPER) is proposed to ensure reliable and trustworthy multi-hop communications by enhancing the cooperation of neighboring nodes. Message verification, including both content and signature verification, generally is computation-extensive and incurs severe scalability issues to each node. The resource-aware message verification (RAMV) scheme is proposed to ensure resource-aware, secure, and application-friendly message verification in VANETs. On the other hand, to make VANETs acceptable to the privacy-sensitive users, the identity and location privacy of each node should be properly protected. To this end, a joint privacy and reputation assurance (JPRA) scheme is proposed to synergistically support privacy protection and reputation management by reconciling their inherent conflicting requirements. Besides, the privacy implications of short-time certificates are thoroughly investigated in a short-time certificates-based privacy protection (STCP2) scheme, to make privacy protection in VANETs feasible with short-time certificates. Secondly, three novel solutions, namely VANET-based ambient ad dissemination (VAAD), general-purpose automatic survey (GPAS), and VehicleView, are proposed to support the appealing value-added applications based on VANETs. These solutions all follow practical application models, and an incentive-centered architecture is proposed for each solution to balance the conflicting requirements of the involved entities. Besides, the critical security and privacy challenges of these applications are investigated and addressed with novel solutions. Thus, with proper security and privacy assurance, these solutions show great application significance and economic potentials to VANETs. Thus, by enhancing the security, privacy, and applications of VANETs, this dissertation fills the gap between the existing theoretic research and the realistic implementation of VANETs, facilitating the realistic deployment of VANETs