Networking And Security Solutions For Vanet Initial Deployment Stage

Vehicular ad hoc network (VANET) is a special case of mobile networks, where vehicles equipped with computing/communicating devices (called smart vehicles ) are the mobile wireless nodes. However, the movement pattern of these mobile wireless nodes is no more random, as in case of mobile networks, rather it is restricted to roads and streets. Vehicular networks have hybrid architecture; it is a combination of both infrastructure and infrastructure-less architectures. The direct vehicle to vehicle (V2V) communication is infrastructure-less or ad hoc in nature. Here the vehicles traveling within communication range of each other form an ad hoc network. On the other hand, the vehicle to infrastructure (V2I) communication has infrastructure architecture where vehicles connect to access points deployed along roads. These access points are known as road side units (RSUs) and vehicles communicate with other vehicles/wired nodes through these RSUs. To provide various services to vehicles, RSUs are generally connected to each other and to the Internet. The direct RSU to RSU communication is also referred as I2I communication. The success of VANET depends on the existence of pervasive roadside infrastructure and sufficient number of smart vehicles. Most VANET applications and services are based on either one or both of these requirements. A fully matured VANET will have pervasive roadside network and enough vehicle density to enable VANET applications. However, the initial deployment stage of VANET will be characterized by the lack of pervasive roadside infrastructure and low market penetration of smart vehicles. It will be economically infeasible to initially install a pervasive and fully networked iv roadside infrastructure, which could result in the failure of applications and services that depend on V2I or I2I communications. Further, low market penetration means there are insufficient number of smart vehicles to enable V2V communication, which could result in failure of services and applications that depend on V2V communications. Non-availability of pervasive connectivity to certification authorities and dynamic locations of each vehicle will make it difficult and expensive to implement security solutions that are based on some central certificate management authority. Nonavailability of pervasive connectivity will also affect the backend connectivity of vehicles to the Internet or the rest of the world. Due to economic considerations, the installation of roadside infrastructure will take a long time and will be incremental thus resulting in a heterogeneous infrastructure with non-consistent capabilities. Similarly, smart vehicles will also have varying degree of capabilities. This will result in failure of applications and services that have very strict requirements on V2I or V2V communications. We have proposed several solutions to overcome the challenges described above that will be faced during the initial deployment stage of VANET. Specifically, we have proposed: A VANET architecture that can provide services with limited number of heterogeneous roadside units and smart vehicles with varying capabilities. A backend connectivity solution that provides connectivity between the Internet and smart vehicles without requiring pervasive roadside infrastructure or large number of smart vehicles. A security architecture that does not depend on pervasive roadside infrastructure or a fully connected V2V network and fulfills all the security requirements. v Optimization solutions for placement of a limited number of RSUs within a given area to provide best possible service to smart vehicles. The optimal placement solutions cover both urban areas and highways environment

Defense against Sybil attack in the initial deployment stage of vehicular ad hoc network based on roadside unit support

In this paper, we propose two certificate mechanisms for preventing the Sybil attack in a vehicular ad hoc network (VANET): the timestamp series approach and the temporary certificate approach. We focus on an early-stage VANET when the number of smart vehicles is only a small fraction of the vehicles on the road and the only infrastructure components available are the roadside units (RSUs). Our approach does not require a dedicated vehicular public key infrastructure to certify individual vehicles but RSUs are the only components issuing certificates. The vehicles can obtain certificates by simply driving by RSUs, without the need to pre-register at a certificate authority. The timestamp series approach exploits the fact that because of the variance of the movement patterns of the vehicles, it is extremely rare that the two vehicles pass by a series of RSUs at exactly the same time points. The vehicles obtain a series of certificates signed by the RSUs, which certify their passing by at the RSU at a certain time point. By exploiting the spatial and temporal correlation between vehicles and RSUs, we can detect the Sybil attack by checking the similarity of timestamp series. In the temporary certificate-based approach, an RSU issues temporary certificates valid only in a particular area for a limited time. To guarantee that each vehicle is assigned only a single certificate, at the issuance of the first certificate, it is required that the RSU physically authenticate the vehicle. When driving by the subsequent RSUs, however, the certificate can be updated in a chained manner. By guaranteeing that each vehicle is issued a single certificate in a single area, the Sybil attack is prevented. We provide mathematical analysis and simulation for the timestamp series approach. The simulation shows that it works with a small false-positive rate in simple roadway architecture

DISTRIBUTED CERTIFICATE AND APPLICATION ARCHITECTURE FOR VANETs

Privacy, authentication, confidentiality and non repudiation are the most desired security attributes for all vehicular ad hoc network (VANET) applications. A lot of solutions have been presented to address these issues. However, they are mostly dependent on centralized certificate architecture and some sort of hardware-based security. These solutions are expensive to carry out and lack the incentive for both users and service providers to deploy, which make them especially difficult to be implemented during the important initial deployment stage of VANET. In this paper, we present a distributed security architecture for VANET that does not rest on expensive security hardware or elaborate security infrastructure. The architecture can be incrementally deployed, facilitating small companies to jump in the VANET business, and can fill the void during the VANET initial deployment phase. Our solution is based on spatial and temporal restricted certificates, which are issued upon user’s request and can be used for various VANET applications. Due to the restricted nature of these certificates, the certificate revocation process is simple and efficient, which solves another drawback of existing solutions

Optimal Roadside Units Placement Along Highways

Roadside units (RSUs) are a critical component of Vehicular ad hoc network (VANET). Ideally, RSUs should be deployed pervasively to provide continuous coverage or connectivity. However, during the initial stages of VANET, it will not be possible to ensure such a pervasive RSU deployment due to the huge cost and/or the lack of market penetration of VANET enabled vehicles. Given a limited number of RSUs, in this paper, we address the issue of optimal placement of these RSUs along highways with the goal of minimizing the average time taken for a vehicle to report an event of interest to a nearby RSU. We present a so-called balloon optimization method the optimal solution is found by using a dynamic process similar to the natural expansion of multiple balloons in a two-dimensional space where each balloon corresponds to the coverage area of one RSU. Our preliminary evaluation shows that the balloon method performs optimal or near optimal compared with the exhaustive method and it can be used for the optimal placement of RSUs along highways. © 2011 IEEE

One-Way-Linkable Blind Signature Security Architecture For Vanet

Security attributes of a Vehicular ad hoc network (VANET) include confidentiality, integrity, authentication, non-repudiation (liability), revocation and privacy. Privacy, having characteristics opposing to the rest of the attributes, makes design of a security architecture quite difficult. A commonly used solution is to have a large number of temporary certificates (i.e., pseudonyms) to achieve these security attributes. To guard against their malicious use, these pseudonyms are stored in expensive tamper-proof-devices (TPDs). Further, a large number of valid pseudonyms, at any given time, make non-repudiation and revocation quite complex and difficult to achieve. Another solution is to get pseudonyms blindly signed from a certificate server, thus eliminating the need of TPDs (given the pseudonyms are not generated in bulk). However, blind signatures provide unconditional privacy and thus require complex/multi-transaction procedures to ensure non-repudiation/revocation. We present a security architecture by revising the original Blind signature scheme. Our proposed architecture provides one-way-link-ability that helps to achieve all the security attributes without introducing complex/multi-transaction procedures. It does not require expensive TPDs or complex pseudonym issuance/revocation procedures and is especially suited to VANET during initial deployment phase which is characterized with intermittent connectivity. Further, non-repudiation/revocation requires cooperation between multiple entities thus ensuring privacy without a single point of failure. © 2011 IEEE

CRITERIA FOR VALIDATING SECURE WIPING TOOLS

Part 6: FORENSIC TOOLSInternational audienceThe validation of forensic tools is an important requirement in digital forensics. The National Institute of Standards and Technology has defined standards for many digital forensic tools. However, a standard has not yet been specified for secure wiping tools. This chapter defines secure wiping functionality criteria for NTFS specific to Windows 7 and magnetic hard drives. The criteria were created based on the remnants of user actions – file creation, modification and deletion – in $MFT records, the$LogFile and the hard disk. Of particular relevance is the fact that the $LogFile, which holds considerable forensic artifacts of user actions, is not wiped properly by many tools. The use of the proposed functionality criteria is demonstrated in an evaluation of the Eraser secure wiping tool