Emerging privacy challenges and approaches in CAV systems

The growth of Internet-connected devices, Internet-enabled services and Internet of Things systems continues at a rapid pace, and their application to transport systems is heralded as game-changing. Numerous developing CAV (Connected and Autonomous Vehicle) functions, such as traffic planning, optimisation, management, safety-critical and cooperative autonomous driving applications, rely on data from various sources. The efficacy of these functions is highly dependent on the dimensionality, amount and accuracy of the data being shared. It holds, in general, that the greater the amount of data available, the greater the efficacy of the function. However, much of this data is privacy-sensitive, including personal, commercial and research data. Location data and its correlation with identity and temporal data can help infer other personal information, such as home/work locations, age, job, behavioural features, habits, social relationships. This work categorises the emerging privacy challenges and solutions for CAV systems and identifies the knowledge gap for future research, which will minimise and mitigate privacy concerns without hampering the efficacy of the functions

A Review of Research on Privacy Protection of Internet of Vehicles Based on Blockchain

Numerous academic and industrial fields, such as healthcare, banking, and supply chain management, are rapidly adopting and relying on blockchain technology. It has also been suggested for application in the internet of vehicles (IoV) ecosystem as a way to improve service availability and reliability. Blockchain offers decentralized, distributed and tamper-proof solutions that bring innovation to data sharing and management, but do not themselves protect privacy and data confidentiality. Therefore, solutions using blockchain technology must take user privacy concerns into account. This article reviews the proposed solutions that use blockchain technology to provide different vehicle services while overcoming the privacy leakage problem which inherently exists in blockchain and vehicle services. We analyze the key features and attributes of prior schemes and identify their contributions to provide a comprehensive and critical overview. In addition, we highlight prospective future research topics and present research problems

A comprehensive survey of V2X cybersecurity mechanisms and future research paths

Recent advancements in vehicle-to-everything (V2X) communication have notably improved existing transport systems by enabling increased connectivity and driving autonomy levels. The remarkable benefits of V2X connectivity come inadvertently with challenges which involve security vulnerabilities and breaches. Addressing security concerns is essential for seamless and safe operation of mission-critical V2X use cases. This paper surveys current literature on V2X security and provides a systematic and comprehensive review of the most relevant security enhancements to date. An in-depth classification of V2X attacks is first performed according to key security and privacy requirements. Our methodology resumes with a taxonomy of security mechanisms based on their proactive/reactive defensive approach, which helps identify strengths and limitations of state-of-the-art countermeasures for V2X attacks. In addition, this paper delves into the potential of emerging security approaches leveraging artificial intelligence tools to meet security objectives. Promising data-driven solutions tailored to tackle security, privacy and trust issues are thoroughly discussed along with new threat vectors introduced inevitably by these enablers. The lessons learned from the detailed review of existing works are also compiled and highlighted. We conclude this survey with a structured synthesis of open challenges and future research directions to foster contributions in this prominent field.This work is supported by the H2020-INSPIRE-5Gplus project (under Grant agreement No. 871808), the ”Ministerio de Asuntos Económicos y Transformacion Digital” and the European Union-NextGenerationEU in the frameworks of the ”Plan de Recuperación, Transformación y Resiliencia” and of the ”Mecanismo de Recuperación y Resiliencia” under references TSI-063000-2021-39/40/41, and the CHIST-ERA-17-BDSI-003 FIREMAN project funded by the Spanish National Foundation (Grant PCI2019-103780).Peer ReviewedPostprint (published version

INRISCO: INcident monitoRing in Smart COmmunities

Major advances in information and communication technologies (ICTs) make citizens to be considered as sensors in motion. Carrying their mobile devices, moving in their connected vehicles or actively participating in social networks, citizens provide a wealth of information that, after properly processing, can support numerous applications for the benefit of the community. In the context of smart communities, the INRISCO [1] proposal intends for (i) the early detection of abnormal situations in cities (i.e., incidents), (ii) the analysis of whether, according to their impact, those incidents are really adverse for the community; and (iii) the automatic actuation by dissemination of appropriate information to citizens and authorities. Thus, INRISCO will identify and report on incidents in traffic (jam, accident) or public infrastructure (e.g., works, street cut), the occurrence of specific events that affect other citizens' life (e.g., demonstrations, concerts), or environmental problems (e.g., pollution, bad weather). It is of particular interest to this proposal the identification of incidents with a social and economic impact, which affects the quality of life of citizens.This work was supported in part by the Spanish Government through the projects INRISCO under Grant TEC2014-54335-C4-1-R, Grant TEC2014-54335-C4-2-R, Grant TEC2014-54335-C4-3-R, and Grant TEC2014-54335-C4-4-R, in part by the MAGOS under Grant TEC2017-84197-C4-1-R, Grant TEC2017-84197-C4-2-R, and Grant TEC2017-84197-C4-3-R, in part by the European Regional Development Fund (ERDF), and in part by the Galician Regional Government under agreement for funding the Atlantic Research Center for Information and Communication Technologies (AtlantTIC)

Reputation systems and secure communication in vehicular networks

A thorough review of the state of the art will reveal that most VANET applications rely on Public Key Infrastructure (PKI), which uses user certificates managed by a Certification Authority (CA) to handle security. By doing so, they constrain the ad-hoc nature of the VANET imposing a frequent connection to the CA to retrieve the Certificate Revocation List (CRL) and requiring some degree of roadside infrastructure to achieve that connection. Other solutions propose the usage of group signatures where users organize in groups and elect a group manager. The group manager will need to ensure that group members do not misbehave, i.e., do not spread false information, and if they do punish them, evict them from the group and report them to the CA; thus suffering from the same CRL retrieval problem. In this thesis we present a fourfold contribution to improve security in VANETs. First and foremost, Chains of Trust describes a reputation system where users disseminate Points of Interest (POIs) information over the network while their privacy remains protected. It uses asymmetric cryptography and users are responsible for the generation of their own pair of public and private keys. There is no central entity which stores the information users input into the system; instead, that information is kept distributed among the vehicles that make up the network. On top of that, this system requires no roadside infrastructure. Precisely, our main objective with Chains of Trust was to show that just by relying on people¿s driving habits and the sporadic nature of their encounters with other drivers a successful reputation system could be built. The second contribution of this thesis is the application simulator poiSim. Many¿s the time a new VANET application is presented and its authors back their findings using simulation results from renowned networks simulators like ns-2. The major issue with network simulators is that they were not designed with that purpose in mind and handling simulations with hundreds of nodes requires a massive processing power. As a result, authors run small simulations (between 50 and 100 nodes) with vehicles that move randomly in a squared area instead of using real maps, which rend unrealistic results. We show that by building tailored application simulators we can obtain more realistic results. The application simulator poiSim processes a realistic mobility trace produced by a Multi-agent Microscopic Traffic Simulator developed at ETH Zurich, which accurately describes the mobility patterns of 259,977 vehicles over regional maps of Switzerland for 24 hours. This simulation runs on a desktop PC and lasts approximately 120 minutes. In our third contribution we took Chains of Trust one step further in the protection of user privacy to develop Anonymous Chains of Trust. In this system users can temporarily exchange their identity with other users they trust, thus making it impossible for an attacker to know in all certainty who input a particular piece of information into the system. To the best of our knowledge, this is the first time this technique has been used in a reputation system. Finally, in our last contribution we explore a different form of communication for VANETs. The vast majority of VANET applications rely on the IEEE 802.11p/Wireless Access in Vehicular Environments (WAVE) standard or some other form of radio communication. This poses a security risk if we consider how vulnerable radio transmission is to intentional jamming and natural interferences: an attacker could easily block all radio communication in a certain area if his transmitter is powerful enough. Visual Light Communication (VLC), on the other hand, is resilient to jamming over a wide area because it relies on visible light to transmit information and ,unlike WAVE, it has no scalability problems. In this thesis we show that VLC is a secure and valuable form of communication in VANETs

Differential Privacy for Industrial Internet of Things: Opportunities, Applications and Challenges

The development of Internet of Things (IoT) brings new changes to various fields. Particularly, industrial Internet of Things (IIoT) is promoting a new round of industrial revolution. With more applications of IIoT, privacy protection issues are emerging. Specially, some common algorithms in IIoT technology such as deep models strongly rely on data collection, which leads to the risk of privacy disclosure. Recently, differential privacy has been used to protect user-terminal privacy in IIoT, so it is necessary to make in-depth research on this topic. In this paper, we conduct a comprehensive survey on the opportunities, applications and challenges of differential privacy in IIoT. We firstly review related papers on IIoT and privacy protection, respectively. Then we focus on the metrics of industrial data privacy, and analyze the contradiction between data utilization for deep models and individual privacy protection. Several valuable problems are summarized and new research ideas are put forward. In conclusion, this survey is dedicated to complete comprehensive summary and lay foundation for the follow-up researches on industrial differential privacy