Secure Vehicular Communication Systems: Implementation, Performance, and Research Challenges

Vehicular Communication (VC) systems are on the verge of practical deployment. Nonetheless, their security and privacy protection is one of the problems that have been addressed only recently. In order to show the feasibility of secure VC, certain implementations are required. In [1] we discuss the design of a VC security system that has emerged as a result of the European SeVeCom project. In this second paper, we discuss various issues related to the implementation and deployment aspects of secure VC systems. Moreover, we provide an outlook on open security research issues that will arise as VC systems develop from today's simple prototypes to full-fledged systems

A-VIP: Anonymous Verification and Inference of Positions in Vehicular Networks

MiniconferenceInternational audienceKnowledge of the location of vehicles and tracking of the routes they follow are a requirement for a number of applications, including e-tolling and liability attribution in case of accidents. However, public disclosure of the identity and position of drivers jeopardizes user privacy, and securing the tracking through asymmetric cryptography may have an exceedingly high computational cost. Additionally, there is currently no way an authority can verify the correctness of the position information provided by a potentially misbehaving car. In this paper, we address all of the issues above by introducing A-VIP, a lightweight framework for privacy preserving and tracking of vehicles. A-VIP leverages anonymous position beacons from vehicles, and the cooperation of nearby cars collecting and reporting the beacons they hear. Such information allows an authority to verify the locations announced by vehicles, or to infer the actual ones if needed. We assess the effectiveness of A-VIP through both realistic simulation and testbed implementation results, analyzing also its resilience to adversarial attacks

On the security of software-defined next-generation cellular networks

In the recent years, mobile cellular networks are ndergoing fundamental changes and many established concepts are being revisited. Future 5G network architectures will be designed to employ a wide range of new and emerging technologies such as Software Defined Networking (SDN) and Network Functions Virtualization (NFV). These create new virtual network elements each affecting the logic of the network management and operation, enabling the creation of new generation services with substantially higher data rates and lower delays. However, new security challenges and threats are also introduced. Current Long-Term Evolution (LTE) networks are not able to accommodate these new trends in a secure and reliable way. At the same time, novel 5G systems have proffered invaluable opportunities of developing novel solutions for attack prevention, management, and recovery. In this paper, first we discuss the main security threats and possible attack vectors in cellular networks. Second, driven by the emerging next-generation cellular networks, we discuss the architectural and functional requirements to enable appropriate levels of security

Improving Air Interface User Privacy in Mobile Telephony

Although the security properties of 3G and 4G mobile networks have significantly improved by comparison with 2G (GSM), significant shortcomings remain with respect to user privacy. A number of possible modifications to 2G, 3G and 4G protocols have been proposed designed to provide greater user privacy; however, they all require significant modifications to existing deployed infrastructures, which are almost certainly impractical to achieve in practice. In this article we propose an approach which does not require any changes to the existing deployed network infrastructures or mobile devices, but offers improved user identity protection over the air interface. The proposed scheme makes use of multiple IMSIs for an individual USIM to offer a degree of pseudonymity for a user. The only changes required are to the operation of the authentication centre in the home network and to the USIM, and the scheme could be deployed immediately since it is completely transparent to the existing mobile telephony infrastructure. We present two different approaches to the use and management of multiple IMSIs

"On the Road" - Reflections on the Security of Vehicular Communication Systems

Vehicular communication (VC) systems have recently drawn the attention of industry, authorities, and academia. A consensus on the need to secure VC systems and protect the privacy of their users led to concerted efforts to design security architectures. Interestingly, the results different project contributed thus far bear extensive similarities in terms of objectives and mechanisms. As a result, this appears to be an auspicious time for setting the corner-stone of trustworthy VC systems. Nonetheless, there is a considerable distance to cover till their deployment. This paper ponders on the road ahead. First, it presents a distillation of the state of the art, covering the perceived threat model, security requirements, and basic secure VC system components. Then, it dissects predominant assumptions and design choices and considers alternatives. Under the prism of what is necessary to render secure VC systems practical, and given possible non-technical influences, the paper attempts to chart the landscape towards the deployment of secure VC systems

Privacy through Pseudonymity in Mobile Telephony Systems

Abstract—To protect mobile phone from tracking by third parties, mobile telephony systems rely on periodically changing pseudonyms. We experimentally and formally analyse the mechanism adopted to update these pseudonyms and point out design and implementation weaknesses that defeat its purpose by allowing the identification and/or tracking of mobile telephony users. In particular, the experiments show that the pseudonym changing mechanism as implemented by real networks does not achieve the intended privacy goals. Moreover, we found out that the standard is flawed and that it is possible to exploit the procedure used to assign a new pseudonym, the TMSI reallocation procedure, in order to track users. We propose countermeasures to tackle the exposed vulnerabilities and formally prove that the 3GPP standard should require the establishment of a fresh ciphering key before each execution of the TMSI reallocation procedure to provide unlinkability. I