Protocols and Architecture for Privacy-preserving Authentication and Secure Message Dissemination in Vehicular Ad Hoc Networks

The rapid development in the automotive industry and wireless communication technologies have enhanced the popularity of Vehicular ad hoc networks (VANETs). Today, the automobile industry is developing sophisticated sensors that can provide a wide range of assistive features, including accident avoidance, automatic lane tracking, semi-autonomous driving, suggested lane changes, and more. VANETs can provide drivers a safer and more comfortable driving experience, as well as many other useful services by leveraging such technological advancements. Even though this networking technology enables smart and autonomous driving, it also introduces a plethora of attack vectors. However, the main issues to be sorted out and addressed for the widespread deployment/adoption of VANETs are privacy, authenticating users, and the distribution of secure messages. These issues have been addressed in this dissertation, and the contributions of this dissertation are summarized as follows: Secure and privacy-preserving authentication and message dissemination in VANETs: Attackers can compromise the messages disseminated within VANETs by tampering with the message content or sending malicious messages. Therefore, it is crucial to ensure the legitimacy of the vehicles participating in the VANETs as well as the integrity and authenticity of the messages transmitted in VANETs. In VANET communication, the vehicle uses pseudonyms instead of its real identity to protect its privacy. However, the real identity of a vehicle must be revealed when it is determined to be malicious. This dissertation presents a distributed and scalable privacy-preserving authentication and message dissemination scheme in VANET. Low overhead privacy-preserving authentication scheme in VANETs: The traditional pseudonym-based authentication scheme uses Certificate Revocation Lists (CRLs) to store the certificates of revoked and malicious entities in VANETs. However, the size of CRL increases significantly with the increased number of revoked entities. Therefore, the overhead involved in maintaining the revoked certificates is overwhelming in CRL-based solutions. This dissertation presents a lightweight privacy-preserving authentication scheme that reduces the overhead associated with maintaining CRLs in VANETs. Our scheme also provides an efficient look-up operation for CRLs. Efficient management of pseudonyms for privacy-preserving authentication in VANETs: In VANETs, vehicles change pseudonyms frequently to avoid the traceability of attackers. However, if only one vehicle out of 100 vehicles changes its pseudonym, an intruder can easily breach the privacy of the vehicle by linking the old and new pseudonym. This dissertation presents an efficient method for managing pseudonyms of vehicles. In our scheme, vehicles within the same region simultaneously change their pseudonyms to reduce the chance of linking two pseudonyms to the same vehicle

A security and privacy scheme based on node and message authentication and trust in fog-enabled VANET

Security and privacy are the most important concerns related to vehicular ad hoc network (VANET), as it is an open-access and self-organized network. The presence of ‘selfish’ nodes distributed in the network are taken into account as an important challenge and as a security threat in VANET. A selfish node is a legitimate vehicle node which tries to achieve the most benefit from the network by broadcasting wrong information. An efficient and proper security model can be useful to tackle advances from attackers, as well as selfish nodes. In this study, a privacy-preserving node and message authentication scheme, along with a trust model was developed. The proposed node authentication ensures the legitimacy of the vehicle nodes, whereas the message authentication was developed to ensure the message's integrity. To deal with selfish nodes, an experience-based trust model was also designed. Additionally, to fulfill the privacy-preserving aspect, the mapping of each vehicle was performed using a different pseudo-identity. In this paper, fog nodes instead of road-side units (RSUs), were distributed along the roadside. This was mainly because of the fact that fog computing reduces latency, and results in increased throughput. Security analysis indicated that our scheme met the VANETs' security requirements. In addition, the performance analysis showed that the proposed scheme had a lower communication and computation overhead, compared to the other related works. Monte-Carlo simulation results were applied to estimate the false-positive rates (FPR), which also proved the validity of the proposed security scheme

SECURITY, PRIVACY AND APPLICATIONS IN VEHICULAR AD HOC NETWORKS

With wireless vehicular communications, Vehicular Ad Hoc Networks (VANETs) enable numerous applications to enhance traffic safety, traffic efficiency, and driving experience. However, VANETs also impose severe security and privacy challenges which need to be thoroughly investigated. In this dissertation, we enhance the security, privacy, and applications of VANETs, by 1) designing application-driven security and privacy solutions for VANETs, and 2) designing appealing VANET applications with proper security and privacy assurance. First, the security and privacy challenges of VANETs with most application significance are identified and thoroughly investigated. With both theoretical novelty and realistic considerations, these security and privacy schemes are especially appealing to VANETs. Specifically, multi-hop communications in VANETs suffer from packet dropping, packet tampering, and communication failures which have not been satisfyingly tackled in literature. Thus, a lightweight reliable and faithful data packet relaying framework (LEAPER) is proposed to ensure reliable and trustworthy multi-hop communications by enhancing the cooperation of neighboring nodes. Message verification, including both content and signature verification, generally is computation-extensive and incurs severe scalability issues to each node. The resource-aware message verification (RAMV) scheme is proposed to ensure resource-aware, secure, and application-friendly message verification in VANETs. On the other hand, to make VANETs acceptable to the privacy-sensitive users, the identity and location privacy of each node should be properly protected. To this end, a joint privacy and reputation assurance (JPRA) scheme is proposed to synergistically support privacy protection and reputation management by reconciling their inherent conflicting requirements. Besides, the privacy implications of short-time certificates are thoroughly investigated in a short-time certificates-based privacy protection (STCP2) scheme, to make privacy protection in VANETs feasible with short-time certificates. Secondly, three novel solutions, namely VANET-based ambient ad dissemination (VAAD), general-purpose automatic survey (GPAS), and VehicleView, are proposed to support the appealing value-added applications based on VANETs. These solutions all follow practical application models, and an incentive-centered architecture is proposed for each solution to balance the conflicting requirements of the involved entities. Besides, the critical security and privacy challenges of these applications are investigated and addressed with novel solutions. Thus, with proper security and privacy assurance, these solutions show great application significance and economic potentials to VANETs. Thus, by enhancing the security, privacy, and applications of VANETs, this dissertation fills the gap between the existing theoretic research and the realistic implementation of VANETs, facilitating the realistic deployment of VANETs

5G-based V2V broadcast communications: A security perspective

The V2V services have been specified by the 3GPP standards body to support road safety and non-safety applications in the 5G cellular networks. It is expected to use the direct link (known as the PC5 interface), as well as the new radio interface in 5G, to provide a connectivity platform among vehicles. Particularly, vehicles will use the PC5 interface to broadcast safety messages to inform each other about potential hazards on the road. In order to function safely, robust security mechanisms are needed to ensure the authenticity of received messages and trustworthiness of message senders. These mechanisms must neither add significantly to message latency nor affect the performance of safety applications. The existing 5G-V2V standard allow protection of V2V messages to be handled by higher layer security solutions defined by other standards in the ITS domain. However having a security solution at the 5G access layer is conceivably preferable in order to ensure system compatibility and reduce deployment cost. Accordingly, the main aim of this paper is to review options for 3GPP access layer security in future 5G-V2V releases. Initially, a summary of 5G-V2V communications and corresponding service requirements is presented. An overview of the application level security standards is also given, followed by a review of the impending options to secure V2V broadcast messages at the 5G access layer. Finally, paper presents the relevant open issues and challenges on providing 3GPP access layer security solution for direct V2V communication

A comprehensive survey of V2X cybersecurity mechanisms and future research paths

Recent advancements in vehicle-to-everything (V2X) communication have notably improved existing transport systems by enabling increased connectivity and driving autonomy levels. The remarkable benefits of V2X connectivity come inadvertently with challenges which involve security vulnerabilities and breaches. Addressing security concerns is essential for seamless and safe operation of mission-critical V2X use cases. This paper surveys current literature on V2X security and provides a systematic and comprehensive review of the most relevant security enhancements to date. An in-depth classification of V2X attacks is first performed according to key security and privacy requirements. Our methodology resumes with a taxonomy of security mechanisms based on their proactive/reactive defensive approach, which helps identify strengths and limitations of state-of-the-art countermeasures for V2X attacks. In addition, this paper delves into the potential of emerging security approaches leveraging artificial intelligence tools to meet security objectives. Promising data-driven solutions tailored to tackle security, privacy and trust issues are thoroughly discussed along with new threat vectors introduced inevitably by these enablers. The lessons learned from the detailed review of existing works are also compiled and highlighted. We conclude this survey with a structured synthesis of open challenges and future research directions to foster contributions in this prominent field.This work is supported by the H2020-INSPIRE-5Gplus project (under Grant agreement No. 871808), the ”Ministerio de Asuntos Económicos y Transformacion Digital” and the European Union-NextGenerationEU in the frameworks of the ”Plan de Recuperación, Transformación y Resiliencia” and of the ”Mecanismo de Recuperación y Resiliencia” under references TSI-063000-2021-39/40/41, and the CHIST-ERA-17-BDSI-003 FIREMAN project funded by the Spanish National Foundation (Grant PCI2019-103780).Peer ReviewedPostprint (published version

Security and Privacy Preservation in Vehicular Social Networks

Improving road safety and traffic efficiency has been a long-term endeavor for the government, automobile industry and academia. Recently, the U.S. Federal Communication Commission (FCC) has allocated a 75 MHz spectrum at 5.9 GHz for vehicular communications, opening a new door to combat the road fatalities by letting vehicles communicate to each other on the roads. Those communicating vehicles form a huge Ad Hoc Network, namely Vehicular Ad Hoc Network (VANET). In VANETs, a variety of applications ranging from the safety related (e.g. emergence report, collision warning) to the non-safety related (e.g., delay tolerant network, infortainment sharing) are enabled by vehicle-to-vehicle (V-2-V) and vehicle-to-roadside (V-2-I) communications. However, the flourish of VANETs still hinges on fully understanding and managing the challenging issues over which the public show concern, particularly, security and privacy preservation issues. If the traffic related messages are not authenticated and integrity-protected in VANETs, a single bogus and/or malicious message can potentially incur a terrible traffic accident. In addition, considering VANET is usually implemented in civilian scenarios where locations of vehicles are closely related to drivers, VANET cannot be widely accepted by the public if VANET discloses the privacy information of the drivers, i.e., identity privacy and location privacy. Therefore, security and privacy preservation must be well addressed prior to its wide acceptance. Over the past years, much research has been done on considering VANET's unique characteristics and addressed some security and privacy issues in VANETs; however, little of it has taken the social characteristics of VANET into consideration. In VANETs, vehicles are usually driven in a city environment, and thus we can envision that the mobility of vehicles directly reflects drivers' social preferences and daily tasks, for example, the places where they usually go for shopping or work. Due to these human factors in VANETs, not only the safety related applications but also the non-safety related applications will have some social characteristics. In this thesis, we emphasize VANET's social characteristics and introduce the concept of vehicular social network (VSN), where both the safety and non-safety related applications in VANETs are influenced by human factors including human mobility, human self-interest status, and human preferences. In particular, we carry on research on vehicular delay tolerant networks and infotainment sharing --- two important non-safety related applications of VSN, and address the challenging security and privacy issues related to them. The main contributions are, i) taking the human mobility into consideration, we first propose a novel social based privacy-preserving packet forwarding protocol, called SPRING, for vehicular delay tolerant network, which is characterized by deploying roadside units (RSUs) at high social intersections to assist in packet forwarding. With the help of high-social RSUs, the probability of packet drop is dramatically reduced and as a result high reliability of packet forwarding in vehicular delay tolerant network can be achieved. In addition, the SPRING protocol also achieves conditional privacy preservation and resist most attacks facing vehicular delay tolerant network, such as packet analysis attack, packet tracing attack, and black (grey) hole attacks. Furthermore, based on the ``Sacrificing the Plum Tree for the Peach Tree" --- one of the Thirty-Six Strategies of Ancient China, we also propose a socialspot-based packet forwarding (SPF) protocol for protecting receiver-location privacy, and present an effective pseudonyms changing at social spots strategy, called PCS, to facilitate vehicles to achieve high-level location privacy in vehicular social network; ii) to protect the human factor --- interest preference privacy in vehicular social networks, we propose an efficient privacy-preserving protocol, called FLIP, for vehicles to find like-mined ones on the road, which allows two vehicles sharing the common interest to identify each other and establish a shared session key, and at the same time, protects their interest privacy (IP) from other vehicles who do not share the same interest on the road. To generalize the FLIP protocol, we also propose a lightweight privacy-preserving scalar product computation (PPSPC) protocol, which, compared with the previously reported PPSPC protocols, is more efficient in terms of computation and communication overheads; and iii) to deal with the human factor -- self-interest issue in vehicular delay tolerant network, we propose a practical incentive protocol, called Pi, to stimulate self-interest vehicles to cooperate in forwarding bundle packets. Through the adoption of the proper incentive policies, the proposed Pi protocol can not only improve the whole vehicle delay tolerant network's performance in terms of high delivery ratio and low average delay, but also achieve the fairness among vehicles. The research results of the thesis should be useful to the implementation of secure and privacy-preserving vehicular social networks

A Trust Management Framework for Vehicular Ad Hoc Networks

The inception of Vehicular Ad Hoc Networks (VANETs) provides an opportunity for road users and public infrastructure to share information that improves the operation of roads and the driver experience. However, such systems can be vulnerable to malicious external entities and legitimate users. Trust management is used to address attacks from legitimate users in accordance with a user’s trust score. Trust models evaluate messages to assign rewards or punishments. This can be used to influence a driver’s future behaviour or, in extremis, block the driver. With receiver-side schemes, various methods are used to evaluate trust including, reputation computation, neighbour recommendations, and storing historical information. However, they incur overhead and add a delay when deciding whether to accept or reject messages. In this thesis, we propose a novel Tamper-Proof Device (TPD) based trust framework for managing trust of multiple drivers at the sender side vehicle that updates trust, stores, and protects information from malicious tampering. The TPD also regulates, rewards, and punishes each specific driver, as required. Furthermore, the trust score determines the classes of message that a driver can access. Dissemination of feedback is only required when there is an attack (conflicting information). A Road-Side Unit (RSU) rules on a dispute, using either the sum of products of trust and feedback or official vehicle data if available. These “untrue attacks” are resolved by an RSU using collaboration, and then providing a fixed amount of reward and punishment, as appropriate. Repeated attacks are addressed by incremental punishments and potentially driver access-blocking when conditions are met. The lack of sophistication in this fixed RSU assessment scheme is then addressed by a novel fuzzy logic-based RSU approach. This determines a fairer level of reward and punishment based on the severity of incident, driver past behaviour, and RSU confidence. The fuzzy RSU controller assesses judgements in such a way as to encourage drivers to improve their behaviour. Although any driver can lie in any situation, we believe that trustworthy drivers are more likely to remain so, and vice versa. We capture this behaviour in a Markov chain model for the sender and reporter driver behaviours where a driver’s truthfulness is influenced by their trust score and trust state. For each trust state, the driver’s likelihood of lying or honesty is set by a probability distribution which is different for each state. This framework is analysed in Veins using various classes of vehicles under different traffic conditions. Results confirm that the framework operates effectively in the presence of untrue and inconsistent attacks. The correct functioning is confirmed with the system appropriately classifying incidents when clarifier vehicles send truthful feedback. The framework is also evaluated against a centralized reputation scheme and the results demonstrate that it outperforms the reputation approach in terms of reduced communication overhead and shorter response time. Next, we perform a set of experiments to evaluate the performance of the fuzzy assessment in Veins. The fuzzy and fixed RSU assessment schemes are compared, and the results show that the fuzzy scheme provides better overall driver behaviour. The Markov chain driver behaviour model is also examined when changing the initial trust score of all drivers

Traceability and safety tradeoffs in modern vehicles

Dissertação de mestrado integrado em Engenharia InformáticaIn this dissertation, the efficiency of privacy protecting mechanisms in short-range vehicular communications, namely Pseudonym Change Strategies, is investigated. To evaluate these strategies, a set of simulation tools is used, that allow for the assessment of several metrics, such as the privacy level obtained and the real pseudonym consumption, resulting from the use of a representative set of pseudonym change strategies. Most importantly, hybrid strategies were considered, which combine schemes that were previously analysed separately. The results show that combining mix-zones with another scheme provides better privacy in most cases. Lastly, we showcase and analyse the problems found in the process of trying to make the simulated scenarios more realistic, which easily comes into conflict with tool limitations and/or subtle and hard to anticipate interactions between different components.Nesta dissertação investiga-se a eficácia de mecanismos de protecção da privacidade em comunicações veiculares de curto alcance, nomeadamente recorrendo a Estratégias de Alteração de Pseudónimos. Para a avaliação dessas estratégias, recorre-se a um conjunto de ferramentas de simulação que permitem aferir diferentes métricas, como o nível de privacidade obtido e o consumo efectivo de pseudónimos, decorrentes da utilização de um conjunto representativo de estratégias de alteração de pseudónimos. Mais importante ainda, foram consideradas estratégias híbridas, que combinam esquemas antes analisados separadamente. Os resultados mostram que combinar zonas mistas com outro esquema proporciona melhor privacidade na maioria dos casos. Por último, apresentam-se e analisam-se problemas encontrados no processo de procurar tornar mais realistas os cenários das simulações realizadas, e que facilmente esbarra com limitações das ferramentas e/ou interações subtis e dificilmente antecipáveis de diferentes componentes