Privacy issues and pitfalls in VANET standards

Wireless vehicular networks are about to enter the deployment stage in the next years with important progress being made in Europe and the USA. Thereby, one of the core concerns is privacy of vehicles and their drivers, especially in Europe. Prior work has regarded only a small sub-set of the information exposed by current standards to an attacker for vehicle tracking. Thus, we take a close look on the data contained on different protocol layers of an ETSI ITS system. We find that much data is very distinctive and can be used to identify static vehicle parameters such as manufacturer or even model. This greatly reduces the usability of formerly proposed cooperative pseudonym switching strategies. Many more constraints have to be applied for selecting cooperation partners significantly reducing their availability. Therefore, current techniques cannot provide the level of privacy defined in VANET standards. Suggestions for improving the security entity and facility layer of ETSI ITS are given to limit the impact of the found issues