Privacy Implications of In-Network Aggregation Mechanisms for VANETs

Research on vehicular ad hoc networks (VANETs) is active and ongoing. Proposed applications range from safety applications, and traffic efficiency applications to entertainment applications. Common to many applications is the need to disseminate possibly privacy-sensitive information, such as location and speed information, over larger distances. In-network aggregation is a promising technology that can help to make such privacy-sensitive information only available in the direct vicinity of vehicles instead of communicating it over larger areas. Further away, only aggregated information that is not privacy-relevant anymore will be known. At the same time, aggregation mechanisms help to cope with the limited available wireless bandwidth. However, the exact privacy properties of aggregation mechanisms have still not been thoroughly researched. In this paper, we propose a metric to measure privacy enhancements provided by in-network aggregation and use it to compare existing schemes

Mandatory Enforcement of Privacy Policies using Trusted Computing Principles

Modern communication systems and information technology create significant new threats to information privacy. In this paper, we discuss the need for proper privacy protection in cooperative intelligent transportation systems (cITS), one instance of such systems. We outline general principles for data protection and their legal basis and argue why pure legal protection is insufficient. Strong privacy-enhancing technologies need to be deployed in cITS to protect user data while it is generated and processed. As data minimization cannot always prevent the need for disclosing relevant personal information, we introduce the new concept of mandatory enforcement of privacy policies. This concept empowers users and data subjects to tightly couple their data with privacy policies and rely on the system to impose such policies onto any data processors. We also describe the PRECIOSA Privacy-enforcing Runtime Architecture that exemplifies our approach. Moreover, we show how an application can utilize this architecture by applying it to a pay as you drive (PAYD) car insurance scenario

On the Potential of Generic Modeling for VANET Data Aggregation Protocols

In-network data aggregation is a promising communication mechanism to reduce bandwidth requirements of applications in vehicular ad-hoc networks (VANETs). Many aggregation schemes have been proposed, often with varying features. Most aggregation schemes are tailored to specific application scenarios and for specific aggregation operations. Comparative evaluation of different aggregation schemes is therefore difficult. An application centric view of aggregation does also not tap into the potential of cross application aggregation. Generic modeling may help to unlock this potential. We outline a generic modeling approach to enable improved comparability of aggregation schemes and facilitate joint optimization for different applications of aggregation schemes for VANETs. This work outlines the requirements and general concept of a generic modeling approach and identifies open challenges

Misbehavior detection in vehicular ad-hoc networks

In this paper we discuss misbehavior detection for vehicular ad-hoc networks (VANETs), a special case of cyber-physical systems (CPSs). We evaluate the suitability of existing PKI approaches for insider misbehavior detection and propose a classification for novel detection schemes

CANE: A Controlled Application Environment for privacy protection in ITS

Many of the applications proposed for intelligent transportation systems (ITS) need to process and communicate detailed personal identifiable information. Examples are detailed location traces or unique identifiers for authentication towards paid services. Existing applications often run as monolithic black boxes inside users’ cars. Hence, users cannot verify that applications behave as expected. We propose CANE, an application sandboxing approach that enhances user control over privacy properties while, at the same time, supporting common application requirements. CANE makes privacy-relevant application properties explicit and allows their analysis and enforcement during application runtime. We evaluate CANE using a common ITS use case and demonstrate feasibility with a proof-of-concept implementation

Modeling In-Network Aggregation in VANETs

The multitude of applications envisioned for vehicular ad hoc networks requires efficient communication and dissemination mechanisms to prevent network congestion. In-network data aggregation promises to reduce bandwidth requirements and enable scalability in large vehicular networks. However, most existing aggregation schemes are tailored to specific applications and types of data. Proper comparative evaluation of different aggregation schemes is difficult. Yet, comparability is essential to properly measure accuracy, performance, and efficiency. We outline a modeling approach for VANET aggregation schemes to achieve objective comparability. Our modeling approach consists of three models, which provide different perspectives on an aggregation scheme. The generalized architecture model facilitates categorization of aggregation schemes. The aggregation information flow model supports analysis of where information is aggregated by a scheme. The aggregation state graph models how knowledge about the road network and its environment is represented by a scheme. Furthermore, it facilitates error estimation with respect to the ground truth. We apply each modeling approach to existing aggregation schemes from the literature and highlight strengths, as well as weaknesses, that can be used as a starting point for designing a more generic aggregation scheme

Resilient Secure Aggregation for Vehicular Networks

Innovative ways to use ad hoc networking between vehicles are an active research topic and numerous proposals have been made for applications that make use of it. Due to the bandwidth-limited wireless communication medium, scalability is one crucial factor for the success of these future protocols. Data aggregation is one solution to accomplish such scalability. The goal of aggregation is to semantically combine information and only disseminate this combined information in larger regions. However, the integrity of aggregated information cannot be easily verified anymore. Thus, attacks are possible resulting in lower user acceptance of applications using aggregation or, even worse, in accidents due to false information crafted by a malicious user. Therefore, it is necessary to design novel mechanisms to protect aggregation techniques. However, high vehicle mobility, as well as tight bandwidth constraints, pose strong requirements on the efficiency of such mechanisms. We present new security mechanisms for semantic data aggregation that are suitable for use in vehicular ad hoc networks. Resilience against both malicious users of the system and wrong information due to faulty sensors are taken into consideration. The presented mechanisms are evaluated with respect to their bandwidth overhead and their effectiveness against possible attacks

Technical light-field setup for 3D imaging of the human nerve head validated with an eye model

With the new technology of 3D light field (LF) imaging, fundus photography can be expanded to provide depth information. This increases the diagnostic possibilities and additionally improves image quality by digitally refocusing. To provide depth information in the human optic nerve head such as in glaucoma diagnostics, a mydriatic fundus camera was upgraded with an LF imager. The aim of the study presented here was the validation of the technical setup and resulting depth estimations with an appropriate eye model. The technical setup consisted of a mydriatic fundus camera (FF450, Carl Zeiss Meditec AG, Jena, Germany) and an LF imager (R12, Raytrix GmbH, Kiel, Germany). The field of view was set to 30°. The eye model (24.65 mm total length) consisted of a two-lens optical system and interchangeable fundus models with papilla excavations from 0.2 to 1 mm in steps of 0.2 mm. They were coated with red acrylic lacquer and vessels were drawn with a thin brush. 15 images were taken for each papilla depth illuminated with green light (wavelength 520 nm ± 20 nm). Papilla depth was measured from the papilla ground to the surrounding flat region. All 15 measurements for each papilla depth were averaged and compared to the printed depth. It was possible to perform 3D fundus imaging in an eye model by means of a novel LF-based optical setup. All LF images could be digitally refocused subsequently. Depth estimation in the eye model was successfully performed over a 30° field of view. The measured virtual depth and the printed model papilla depth is linear correlated. The presented LF setup allowed high-quality 3D one-shot imaging and depth estimation of the optic nerve head in an eye model

Misbehavior Detection in Vehicular Ad-hoc Networks

In this paper we discuss misbehavior detection for vehicular ad-hoc networks (VANETs), a special case of cyber-physical systems (CPSs). We evaluate the suitability of existing PKI approaches for insider misbehavior detection and propose a classification for novel detection schemes. Cyber-physical systems (CPSs) are digital systems that are closely embedded into the physical world with which they interact through sensors and actuators. In contrast to classical embedded systems, they often form networks with a large number of sensor or actuator devices. These devices sense information, process it in a distributed system, and then influence the physical world using actuators. Notable examples of CPS are wireless sensor networks (WSNs), smart factories, distributed eHealth systems, and VANETs. In this paper, we focus on VANETs, which are a prime example for CPS and will soon be deployed on a large scale. Vehicular ad-hoc networks (VANETs) are networks that are created by equipping vehicles with wireless transmission equipment. VANETs offer great potential to improve road safety and to provide information and entertainment applications for drivers and passengers

ANOTEL: Cellular Networks with Location Privacy (Extended Version)

Location management is a key component of cellular networks. From a privacy perspective, however, it is also a major weakness: location management empowers the network operator to track users. In today\u27s public and scientific discussion, the centralized storage of location data is mostly taken as a fact, and users are expected to trust the network operator. ANOTEL presents a novel, clean-slate approach of location management in cellular networks that challenges this assumption. We developed a design that is able to route calls to users who move through cellular networks, without violating their location privacy. We evaluate our approach using simulations and a practical user tracking algorithm