A Structured Approach to Securing the Connected Car

<p>Vehicles of today have become increasingly dependent on software to handle their functionalities. Updating and maintaining the software in vehicles has therefore become a costly process for the automotive industry. By introducing wireless communications to vehicles, vehicular maintenance can greatly be improved and many other new applications can also be brought to the vehicles. However, the vehicle was not designed with security in mind. Since the vehicle is safety-critical, it is vital that such new remote services do not violate the safety and security requirements of the vehicle. Thus, this thesis presents a general approach to securing the connected car and the usefulness of the approach is demonstrated in a vehicular diagnostics scenario.</p> <p>The thesis comes in two main parts. In the first part, we address security mechanisms for the connected car. First, a survey of current mechanisms to secure the in-vehicle networks is made. Then, a description of possible communication methods with vehicles is given and a taxonomy of current entities involved in such communication is presented. The taxonomy is organised in actors, vehicle-to-X communications, network paths, and dependability and security attributes. The usefulness of the taxonomy is demonstrated by two examples.</p> <p>In the second part, we address security with respect to vehicular diagnostics. First, an overall security analysis of the interaction between the connected car and the repair shop is conducted. We find that the most imminent risk in the repair shop is the loss of authentication keys. The loss of such keys allows masquerading attacks against vehicles. To address this problem, we propose a Kerberos-inspired protocol for authentication and authorisation of the diagnostics equipment and a trusted third party is introduced.</p> <p>To conclude, this thesis shows the value of adopting a structured approach to securing the connected car. The approach has been shown to be useful for identifying threats and countermeasures and thus help improving security.</p

RITA: RIsk-aware Trust-based Architecture for collaborative multi-hop vehicular communications

This is the pre-peer reviewed version of the following article: Kerrache, C. A., Calafate, C. T., Lagraa, N., Cano, J. C., & Manzoni, P. (2016). RITA: RIsk‐aware Trust‐based Architecture for collaborative multi‐hop vehicular communications. Security and Communication Networks, 9(17), 4428-4442, which has been published in final form at http://onlinelibrary.wiley.com/doi/10.1002/sec.1618/abstractTrust establishment over vehicular networks can enhance the security against probable insider attackers. Regrettably, existing solutions assume that the attackers have always a dishonest behavior that remains stable over time. This assumption may be misleading, as the attacker can behave intelligently to avoid being detected. In this paper, we propose a novel solution that combines trust establishment and a risk estimation concerning behavior changes. Our proposal, called risk-aware trust-based architecture, evaluates the trust among vehicles for independent time periods, while the risk estimation computes the behavior variation between smaller, consecutive time periods in order to prevent risks like an intelligent attacker attempting to bypass the security measures deployed. In addition, our proposal works over a collaborative multi-hop broadcast communication technique for both vehicle-to-vehicle and vehicle-to-roadside unit messages in order to ensure an efficient dissemination of both safety and infotainment messages. Simulation results evidence the high efficiency of risk-aware trust-based architecture at enhancing the detection ratios by more than 7% compared with existing solutions, such as T-CLAIDS and AECFV, even in the presence of high ratios of attackers, while offering short end-to-end delays and low packet loss ratios.This work was partially supported by both the Ministerio de Economia y Competitividad, Programa Estatal de Investigacion, Desarrollo e Innovacion Orientada a los Retos de la Sociedad, Proyectos I+D+I 2014, Spain, under Grant TEC2014-52690-R, and the Ministere de l'enseignement superieur et de la recherche scientifique, Programme National Exceptionnel P.N.E 2015/2016, Algeria.Kerrache, CA.; Tavares De Araujo Cesariny Calafate, CM.; Lagraa, N.; Cano Escribá, JC.; Manzoni, P. (2016). RITA: RIsk-aware Trust-based Architecture for collaborative multi-hop vehicular communications. Security and Communication Networks. 9(17):4428-4442. https://doi.org/10.1002/sec.1618S4428444291

A trust-driven privacy architecture for vehicular ad-hoc networks

Vehicular Ad-Hoc NETworks (VANETs) are an emerging technology which aims to improve road safety by preventing and reducing traffic accidents. While VANETs offer a great variety of promising applications, such as, safety-related and infotainment applications, they remain a number of security and privacy related research challenges that must be addressed. A common approach to security issues widely adopted in VANETs is the use of Public Key Infrastructures (PKI) and digital certificates in order to enable authentication, authorization and confidentiality. These approaches usually rely on a large set of regional Certification Authorities (CAs). Despite the advantages of PKI-based approaches, there are two main problems that arise, i) the secure interoperability among the different and usually unknown- issuing CAs, and ii) the sole use of PKI in a VANET environment cannot prevent privacy related attacks, such as, linking a vehicle with an identifier, tracking vehicles ¿big brother scenario" and user profiling. Additionally, since vehicles in VANETs will be able to store great amounts of information including private information, unauthorized access to such information should be carefully considered. This thesis addresses authentication and interoperability issues in vehicular communications, considering an inter-regional scenario where mutual authentication between nodes is needed. To provide interoperability between vehicles and services among different domains, an Inter-domain Authentication System (AS) is proposed. The AS supplies vehicles with a trusted set of authentication credentials by implementing a near real-time certificate status service. The proposed AS also implements a mechanism to quantitatively evaluate the trust level of a CA, in order to decide on-the-y if an interoperability relationship can be created. This research work also contributes with a Privacy Enhancing Model (PEM) to deal with important privacy issues in VANETs. The PEM consists of two PKI-based privacy protocols: i) the Attribute-Based Privacy (ABP) protocol, and ii) the Anonymous Information Retrieval (AIR) protocol. The ABP introduces Attribute-Based Credentials (ABC) to provide conditional anonymity and minimal information disclosure, which overcome with the privacy issues related to linkability (linking a vehicle with an identifier) and vehicle tracking (big brother scenario). The AIR protocol addresses user profiling when querying Service Providers (SPs), by relying in a user collaboration privacy protocol based on query forgery and permutation; and assuming that neither participant nodes nor SPs could be completely trusted. Finally, the Trust Validation Model (TVM) is proposed. The TVM supports decision making by evaluating entities trust based on context information, in order to provide i) access control to driver and vehicle's private information, and ii) public information trust validation

Mobile Edge Computing

This is an open access book. It offers comprehensive, self-contained knowledge on Mobile Edge Computing (MEC), which is a very promising technology for achieving intelligence in the next-generation wireless communications and computing networks. The book starts with the basic concepts, key techniques and network architectures of MEC. Then, we present the wide applications of MEC, including edge caching, 6G networks, Internet of Vehicles, and UAVs. In the last part, we present new opportunities when MEC meets blockchain, Artificial Intelligence, and distributed machine learning (e.g., federated learning). We also identify the emerging applications of MEC in pandemic, industrial Internet of Things and disaster management. The book allows an easy cross-reference owing to the broad coverage on both the principle and applications of MEC. The book is written for people interested in communications and computer networks at all levels. The primary audience includes senior undergraduates, postgraduates, educators, scientists, researchers, developers, engineers, innovators and research strategists

Design Models for Trusted Communications in Vehicle-to-Everything (V2X) Networks

Intelligent transportation system is one of the main systems which has been developed to achieve safe traffic and efficient transportation. It enables the road entities to establish connections with other road entities and infrastructure units using Vehicle-to-Everything (V2X) communications. To improve the driving experience, various applications are implemented to allow for road entities to share the information among each other. Then, based on the received information, the road entity can make its own decision regarding road safety and guide the driver. However, when these packets are dropped for any reason, it could lead to inaccurate decisions due to lack of enough information. Therefore, the packets should be sent through a trusted communication. The trusted communication includes a trusted link and trusted road entity. Before sending packets, the road entity should assess the link quality and choose the trusted link to ensure the packet delivery. Also, evaluating the neighboring node behavior is essential to obtain trusted communications because some misbehavior nodes may drop the received packets. As a consequence, two main models are designed to achieve trusted V2X communications. First, a multi-metric Quality of Service (QoS)-balancing relay selection algorithm is proposed to elect the trusted link. Analytic Hierarchy Process (AHP) is applied to evaluate the link based on three metrics, which are channel capacity, link stability and end-to-end delay. Second, a recommendation-based trust model is designed for V2X communication to exclude misbehavior nodes. Based on a comparison between trust-based methods, weighted-sum is chosen in the proposed model. The proposed methods ensure trusted communications by reducing the Packet Dropping Rate (PDR) and increasing the end-to-end delivery packet ratio. In addition, the proposed trust model achieves a very low False Negative Rate (FNR) in comparison with an existing model

Using Aerial and Vehicular NFV Infrastructures to Agilely Create Vertical Services

5G communications have become an enabler for the creation of new and more complex networking scenarios, bringing together different vertical ecosystems. Such behavior has been fostered by the network function virtualization (NFV) concept, where the orchestration and virtualization capabilities allow the possibility of dynamically supplying network resources according to its needs. Nevertheless, the integration and performance of heterogeneous network environments, each one supported by a different provider, and with specific characteristics and requirements, in a single NFV framework is not straightforward. In this work we propose an NFV-based framework capable of supporting the flexible, cost-effective deployment of vertical services, through the integration of two distinguished mobile environments and their networks: small sized unmanned aerial vehicles (SUAVs), supporting a flying ad hoc network (FANET) and vehicles, promoting a vehicular ad hoc network (VANET). In this context, a use case involving the public safety vertical will be used as an illustrative example to showcase the potential of this framework. This work also includes the technical implementation details of the framework proposed, allowing to analyse and discuss the delays on the network services deployment process. The results show that the deployment times can be significantly reduced through a distributed VNF configuration function based on the publish&-subscribe model.This article has been partially supported by the European H2020 5GinFIRE project (grant agreement 732497). The work of the Universidad Carlos III team members was partially supported by the European H2020 LABYRINTH project (grant agreement H2020-MG-2019-TwoStages-861696), and by the TRUE5G project (PID2019-108713RB-C52PID2019-108713RB-C52/AEI/10.13039/501100011033) funded by the Spanish National Research Agency; and the work of the Instituto de Telecomunicações team members, by the Competitiveness and Internationalization Operational Programme (COMPETE 2020) of the Portugal 2020 framework Mobilizer Project 5G with Nr. 024539 (POCI-01-0247-FEDER-024539)

On-demand service architecture for wireless vehicular networks

Vehicular Networks (VN) or VANETS has become a cutting-edge topic in the development of innovative solutions for the automotive industry and of special interest to transit management authorities. Well known examples of the potential benefits of enabling communications in vehicles is fostering a better driving by reducing the risk of accidents on the road. Besides the transmission of safety messages among vehicles in the vicinity, the development of non-safety applications will allow the delivery of information services to potential users willing to request them in on-demand basis. To provide such type of services, major challenges need to be tackled to offer secure and reliable communication in anonymous and sometimes hostile communication environments on the roads. These challenges cover security, billing and accounting issues to provide a secure access to services. The objective of this thesis work is to propose a service architecture for on-demand services in vehicular environments. A key point to keep a robust information service supply, stands in the capacity to provide and manage security mechanisms which comprise authentication and authorization of subscribers following a temporary subscription model. These features, along with privacy mechanisms, will offer to the communicating peers a secure way to mutually access and exchange information even if no previous knowledge of each other is available. Policies of service providers can regulate the supply of information services according to the subscribers' profiles. Providers can also define the implementation of accountability models in the form of metering and billing schemes appropriate for VANETS. This will result in the implementation of incentive and collaborative mechanisms to foster service delivery among vehicles