Virtual Pseudonym-Changing and Dynamic Grouping Policy for Privacy Preservation in VANETs

Location privacy is a critical problem in the vehicular communication networks. Vehicles broadcast their road status information to other entities in the network through beacon messages to inform other entities in the network. The beacon message content consists of the vehicle ID, speed, direction, position, and other information. An adversary could use vehicle identity and positioning information to determine vehicle driver behavior and identity at different visited location spots. A pseudonym can be used instead of the vehicle ID to help in the vehicle location privacy. These pseudonyms should be changed in appropriate way to produce uncertainty for any adversary attempting to identify a vehicle at different locations. In the existing research literature, pseudonyms are changed during silent mode between neighbors. However, the use of a short silent period and the visibility of pseudonyms of direct neighbors provides a mechanism for an adversary to determine the identity of a target vehicle at specific locations. Moreover, privacy is provided to the driver, only within the RSU range; outside it, there is no privacy protection. In this research, we address the problem of location privacy in a highway scenario, where vehicles are traveling at high speeds with diverse traffic density. We propose a Dynamic Grouping and Virtual Pseudonym-Changing (DGVP) scheme for vehicle location privacy. Dynamic groups are formed based on similar status vehicles and cooperatively change pseudonyms. In the case of low traffic density, we use a virtual pseudonym update process. We formally present the model and specify the scheme through High-Level Petri Nets (HLPN). The simulation results indicate that the proposed method improves the anonymity set size and entropy, provides lower traceability, reduces impact on vehicular network applications, and has lower computation cost compared to existing research work

Traceability and safety tradeoffs in modern vehicles

Dissertação de mestrado integrado em Engenharia InformáticaIn this dissertation, the efficiency of privacy protecting mechanisms in short-range vehicular communications, namely Pseudonym Change Strategies, is investigated. To evaluate these strategies, a set of simulation tools is used, that allow for the assessment of several metrics, such as the privacy level obtained and the real pseudonym consumption, resulting from the use of a representative set of pseudonym change strategies. Most importantly, hybrid strategies were considered, which combine schemes that were previously analysed separately. The results show that combining mix-zones with another scheme provides better privacy in most cases. Lastly, we showcase and analyse the problems found in the process of trying to make the simulated scenarios more realistic, which easily comes into conflict with tool limitations and/or subtle and hard to anticipate interactions between different components.Nesta dissertação investiga-se a eficácia de mecanismos de protecção da privacidade em comunicações veiculares de curto alcance, nomeadamente recorrendo a Estratégias de Alteração de Pseudónimos. Para a avaliação dessas estratégias, recorre-se a um conjunto de ferramentas de simulação que permitem aferir diferentes métricas, como o nível de privacidade obtido e o consumo efectivo de pseudónimos, decorrentes da utilização de um conjunto representativo de estratégias de alteração de pseudónimos. Mais importante ainda, foram consideradas estratégias híbridas, que combinam esquemas antes analisados separadamente. Os resultados mostram que combinar zonas mistas com outro esquema proporciona melhor privacidade na maioria dos casos. Por último, apresentam-se e analisam-se problemas encontrados no processo de procurar tornar mais realistas os cenários das simulações realizadas, e que facilmente esbarra com limitações das ferramentas e/ou interações subtis e dificilmente antecipáveis de diferentes componentes

A Secure and Distributed Architecture for Vehicular Cloud and Protocols for Privacy-preserving Message Dissemination in Vehicular Ad Hoc Networks

Given the enormous interest in self-driving cars, Vehicular Ad hoc NETworks (VANETs) are likely to be widely deployed in the near future. Cloud computing is also gaining widespread deployment. Marriage between cloud computing and VANETs would help solve many of the needs of drivers, law enforcement agencies, traffic management, etc. The contributions of this dissertation are summarized as follows: A Secure and Distributed Architecture for Vehicular Cloud: Ensuring security and privacy is an important issue in the vehicular cloud; if information exchanged between entities is modified by a malicious vehicle, serious consequences such as traffic congestion and accidents can occur. In addition, sensitive data could be lost, and human lives also could be in danger. Hence, messages sent by vehicles must be authenticated and securely delivered to vehicles in the appropriate regions. In this dissertation, we present a secure and distributed architecture for the vehicular cloud which uses the capabilities of vehicles to provide various services such as parking management, accident alert, traffic updates, cooperative driving, etc. Our architecture ensures the privacy of vehicles and supports secure message dissemination using the vehicular infrastructure. A Low-Overhead Message Authentication and Secure Message Dissemination Scheme for VANETs: Efficient, authenticated message dissemination in VANETs are important for the timely delivery of authentic messages to vehicles in appropriate regions in the VANET. Many of the approaches proposed in the literature use Road Side Units (RSUs) to collect events (such as accidents, weather conditions, etc.) observed by vehicles in its region, authenticate them, and disseminate them to vehicles in appropriate regions. However, as the number of messages received by RSUs increases in the network, the computation and communication overhead for RSUs related to message authentication and dissemination also increases. We address this issue and present a low-overhead message authentication and dissemination scheme in this dissertation. On-Board Hardware Implementation in VANET: Design and Experimental Evaluation: Information collected by On Board Units (OBUs) located in vehicles can help in avoiding congestion, provide useful information to drivers, etc. However, not all drivers on the roads can benefit from OBU implementation because OBU is currently not available in all car models. Therefore, in this dissertation, we designed and built a hardware implementation for OBU that allows the dissemination of messages in VANET. This OBU implementation is simple, efficient, and low-cost. In addition, we present an On-Board hardware implementation of Ad hoc On-Demand Distance Vector (AODV) routing protocol for VANETs. Privacy-preserving approach for collection and dissemination of messages in VANETs: Several existing schemes need to consider safety message collection in areas where the density of vehicles is low and roadside infrastructure is sparse. These areas could also have hazardous road conditions and may have poor connectivity. In this dissertation, we present an improved method for securely collecting and disseminating safety messages in such areas which preserves the privacy of vehicles. We propose installing fixed OBUs along the roadside of dangerous roads (i.e., roads that are likely to have more ice, accidents, etc., but have a low density of vehicles and roadside infrastructure) to help collect data about the surrounding environment. This would help vehicles to be notified about the events on such roads (such as ice, accidents, etc.).Furthermore, to enhance the privacy of vehicles, our scheme allows vehicles to change their pseudo IDs in all traffic conditions. Therefore, regardless of whether the number of vehicles is low in the RSU or Group Leader GL region, it would be hard for an attacker to know the actual number of vehicles in the RSU/GL region

Adjusted Location Privacy Scheme in VANET Safety Applications

The primary aim of Vehicular Ad hoc NETworks (VANET) is to enhance traffic safety by enabling frequent broadcasting of location information between vehicles. In VANET safety applications, a vehicle requires to broadcast messages, which usually contain its location information, every (1-10 Hz) with other vehicles in its communication area (300m) to facilitate cooperative awareness. This would arise privacy issues because vehicles are vulnerable to tracking attacks via their locations. To prevent long-term linking, many privacy schemes have adopted a silent period in which a vehicle stops sharing its locations for a period. However, silent periods could have a negative impact on safety applications as an accident could have happened if a vehicle stop sharing its locations with other neighbours. Thus, in this paper, we first discuss three privacy schemes (RSP, SLOW and CAPS), which adopted silent periods but in different concepts. Then, we improve the privacy and safety level of CAPS. A privacy simulator PREXT is used to evaluate and compare the performance of schemes

Towards a Framework for Preserving Privacy in VANET

Vehicular Ad-hoc Network (VANET) is envisioned as an integral part of the Intelligent Transportation Systems as it promises various services and benefits such as road safety, traffic efficiency, navigation and infotainment services. However, the security and privacy risks associated with the wireless communication are often overlooked. Messages exchanged in VANET wireless communication carry inferable Personally Identifiable Information(PII). This introduces several privacy threats that could limit the adoption of VANET. The quantification of these privacy threats is an active research area in VANET security and privacy domains. The Pseudonymisation technique is currently the most preferred solution for critical privacy threats in VANET to provide conditional anonymous authentication. In the existing literature, several Pseudonym Changing Schemes(PCS) have been proposed as effective de-identification approaches to prevent the inference of PII. However, for various reasons, none of the proposed schemes received public acceptance. Moreover, one of the open research challenges is to compare different PCSs under varying circumstances with a set of standardized experimenting parameters and consistent metrics. In this research, we propose a framework to assess the effectiveness of PCSs in VANET with a systematic approach. This comprehensive equitable framework consists of a variety of building blocks which are segmented into correlated sub-domains named Mobility Models, Adversary Models, and Privacy Metrics. Our research introduces a standard methodology to evaluate and compare VANET PCSs using a generic simulation setup to obtain optimal, realistic and most importantly, consistent results. This road map for the simulation setup aims to help the research \& development community to develop, assess and compare the PCS with standard set of parameters for proper analysis and reporting of new PCSs. The assessment of PCS should not only be equitable but also realistic and feasible. Therefore, the sub-domains of the framework need coherent as well as practically applicable characteristics. The Mobility Model is the layout of the traffic on the road which has varying features such as traffic density and traffic scenarios based on the geographical maps. A diverse range of Adversary Models is important for pragmatic evaluation of the PCSs which not only considers the presence of global passive adversary but also observes the effect of intelligent and strategic \u27local attacker\u27 placements. The biggest challenge in privacy measurement is the fact that it is a context-based evaluation. In the literature, the PCSs are evaluated using either user-oriented or adversary-oriented metrics. Under all circumstances, the PCSs should be assessed from both user and adversary perspectives. Using this framework, we determined that a local passive adversary can be strong based on the attacking capabilities. Therefore, we propose two intelligent adversary placements which help in privacy assessment with realistic adversary modelling. When the existing PCSs are assessed with our systematic approach, consistent models and metrics, we identified the privacy vulnerabilities and the limitations of existing PCSs. There was a need for comprehensive PCS which consider the context of the vehicles and the changing traffic patterns in the neighbourhood. Consequently, we developed a Context-Aware \& Traffic Based PCS that focuses on increasing the overall rate of confusion for the adversary and to reduce deterministic information regarding the pseudonym change. It is achieved by increasing the number of dynamic attributes in the proposed PCS for inference of the changing pattern of the pseudonyms. The PCS increases the anonymity of the vehicle by having the synchronized pseudonym changes. The details given under the sub-domains of the framework solidifies our findings to strengthen the privacy assessment of our proposed PCS

A trust-driven privacy architecture for vehicular ad-hoc networks

Vehicular Ad-Hoc NETworks (VANETs) are an emerging technology which aims to improve road safety by preventing and reducing traffic accidents. While VANETs offer a great variety of promising applications, such as, safety-related and infotainment applications, they remain a number of security and privacy related research challenges that must be addressed. A common approach to security issues widely adopted in VANETs is the use of Public Key Infrastructures (PKI) and digital certificates in order to enable authentication, authorization and confidentiality. These approaches usually rely on a large set of regional Certification Authorities (CAs). Despite the advantages of PKI-based approaches, there are two main problems that arise, i) the secure interoperability among the different and usually unknown- issuing CAs, and ii) the sole use of PKI in a VANET environment cannot prevent privacy related attacks, such as, linking a vehicle with an identifier, tracking vehicles ¿big brother scenario" and user profiling. Additionally, since vehicles in VANETs will be able to store great amounts of information including private information, unauthorized access to such information should be carefully considered. This thesis addresses authentication and interoperability issues in vehicular communications, considering an inter-regional scenario where mutual authentication between nodes is needed. To provide interoperability between vehicles and services among different domains, an Inter-domain Authentication System (AS) is proposed. The AS supplies vehicles with a trusted set of authentication credentials by implementing a near real-time certificate status service. The proposed AS also implements a mechanism to quantitatively evaluate the trust level of a CA, in order to decide on-the-y if an interoperability relationship can be created. This research work also contributes with a Privacy Enhancing Model (PEM) to deal with important privacy issues in VANETs. The PEM consists of two PKI-based privacy protocols: i) the Attribute-Based Privacy (ABP) protocol, and ii) the Anonymous Information Retrieval (AIR) protocol. The ABP introduces Attribute-Based Credentials (ABC) to provide conditional anonymity and minimal information disclosure, which overcome with the privacy issues related to linkability (linking a vehicle with an identifier) and vehicle tracking (big brother scenario). The AIR protocol addresses user profiling when querying Service Providers (SPs), by relying in a user collaboration privacy protocol based on query forgery and permutation; and assuming that neither participant nodes nor SPs could be completely trusted. Finally, the Trust Validation Model (TVM) is proposed. The TVM supports decision making by evaluating entities trust based on context information, in order to provide i) access control to driver and vehicle's private information, and ii) public information trust validation

A distributed mix-context-based method for location privacy in road networks

Preserving location privacy is increasingly an essential concern in Vehicular Adhoc Networks (VANETs). Vehicles broadcast beacon messages in an open form that contains information including vehicle identity, speed, location, and other headings. An adversary may track the various locations visited by a vehicle using sensitive information transmitted in beacons such as vehicle identity and location. By matching the vehicle identity used in beacon messages at various locations, an adversary learns the location history of a vehicle. This compromises the privacy of the vehicle driver. In existing research work, pseudonyms are used in place of the actual vehicle identity in the beacons. Pseudonyms should be changed regularly to safeguard the location privacy of vehicles. However, applying simple change in pseudonyms does not always provide location privacy. Existing schemes based on mix zones operate efficiently in higher traffic environments but fail to provide privacy in lower vehicle traffic densities. In this paper, we take the problem of location privacy in diverse vehicle traffic densities. We propose a new Crowd-based Mix Context (CMC) privacy scheme that provides location privacy as well as identity protection in various vehicle traffic densities. The pseudonym changing process utilizes context information of road such as speed, direction and the number of neighbors in transmission range for the anonymisation of vehicles, adaptively updating pseudonyms based on the number of a vehicle neighbors in the vicinity. We conduct formal modeling and specification of the proposed scheme using High-Level Petri Nets (HPLN). Simulation results validate the effectiveness of CMC in terms of location anonymisation, the probability of vehicle traceability, computation time (cost) and effect on vehicular applications

Vehicular Internet: Security & Privacy Challenges and Opportunities

The vehicular internet will drive the future of vehicular technology and intelligent transportation systems (ITS). Whether it is road safety, infotainment, or driver-less cars, the vehicular internet will lay the foundation for the future of road travel. Governments and companies are pursuing driver-less vehicles as they are considered to be more reliable than humans and, therefore, safer. The vehicles today are not just a means of transportation but are also equipped with a wide range of sensors that provide valuable data. If vehicles are enabled to share data that they collect with other vehicles or authorities for decision-making and safer driving, they thereby form a vehicular network. However, there is a lot at stake in vehicular networks if they are compromised. With the stakes so high, it is imperative that the vehicular networks are secured and made resilient to any attack or attempt that may have serious consequences. The vehicular internet can also be the target of a cyber attack, which can be devastating. In this paper, the opportunities that the vehicular internet offers are presented and then various security and privacy aspects are discussed and some solutions are presented