An evaluation framework for pre-distribution strategies of certificates in VANETs

Security and privacy in vehicular communication are expected to be ensured by the pervasive use of pseudonymous certificates and signed messages. The design and establishment of necessary public key infrastructure and hierarchies of cer- tificate authorities is ongoing in industry consortia, such as the Car-to-Car Communication Consortium. The privacy pre- serving dissemination of pseudonymous certificates is however still expected to be limited to single-hop exchanges between vehicles. This limitation to one-hop strategies might not be ideal, especially considering the importance of ensuring trustworthy stateless information exchange upon reception of the very first communication packets. We propose to investigate multi-hop pre- distribution strategies for certificates to significantly reduce this first encounter problem

Congestion-based Certificate Omission in VANETs

Telematic awareness of nearby vehicles is a basic foundation of electronic safety applications in Vehicular Ad hoc Networks (VANETs). This awareness is achieved by frequently broadcasting beacon messages to nearby vehicles that announce a vehicle's location and other data like heading and speed. Such safety-related beacons require strong integrity protection and high availability, two properties that are hard to combine because the communication and computation overhead introduced by security mechanisms affects reliability. This applies especially to the signatures and certificates needed for authentication. We propose a mechanism to reduce the communication overhead of secure safety beacons by adaptively omitting the inclusion of certificates in messages. In contrast to similar earlier proposals, we control the omission rate based on channel congestion. A simulation study underlines the advantages of the congestion-based certificate omission scheme compared to earlier approaches. Moreover, we show that the benefits of certificate omission outweigh the negative effect of cryptographically unverifiable beacons

Scalable Broadcast Authentication for V2V Communication

Vehicular Ad Hoc Networking (VANET) technology is, at it’s core, the simple idea of outfitting vehicles with wireless data communication equipment for automatic information exchange. This technology is expected to serve as a foundation for a set of novel safety, automation, and infotainment applications. The most prominent among these appli- cations are expected to be driver assistance systems which also support advanced levels of automated driving. These applications stand to benefit from enhanced situational awareness, which is made possible through the cooperative exchange of information about environmental influences and the presence and condition of surrounding vehicles. Wireless networking technology and networking in general are well understood domains in computer science. However, the context of con- nected vehicles and the associated requirements and communication patterns imposes a set of unique challenges, which require solutions that differ from established networking practices. The susceptibility of wireless communication to packet loss and the very high mobility of vehicular communication nodes make VANET technology extremely volatile. At the same time the usage in safety critical applications de- mands very low latency and high availability of the communication infrastructure for frequent information exchange. And on top of these challenges security and privacy need taken into account in the design of the overall communication infrastructure. Classic solutions for stable networks cannot provide optimal performance characteristics under these conditions. The focus of this work is specifically on vehicle-to-vehicle technology (V2V), which is a subset of the more general vehicle-to-anything (V2X) topic. This subset of VANET is concerned with the direct informa- tion exchange among vehicles without the involvement of additional infrastructure, which may or may not be available to vehicles which driving. Direct V2V communication is expected to always be available between vehicle within a safety critical range. Therefore, this commu- nication path is expected to be used to enable the most safety critical applications. The scalability of security solutions for vehicular communication remains an untested aspect of ongoing efforts to bring VANET technol- ogy to the market on a larger scale. Filed operational test projects have started to trial VANET deployments to investigate, but penetration rates are too low to allow for realistic extrapolations of future scala- bility problems. This dissertations contributes to the research efforts that support the development of secure vehicular communication technology through investigations of attributes and solutions for scalable security for V2V broadcast communication. Part II reviews security requirements and provides detailed quan- tifications of performance requirements for security in V2V broadcast communication. These requirements define the solution space for ap- plicable broadcast authentication techniques. Additionally, the review of achievable security and privacy goals enables informed trade-offs between security and privacy in the context of effective and efficient pseudonymity schemes. Finally, an information flow analysis shows the broader need to consider attacker models beyond the classic net- work oriented view, in order to capture the full spectrum of the threat landscape for connected vehicle technology. Part III contributes a study of hardware assisted scalability solutions for the relevant cryptographic algorithms in V2V broadcast authen- tication. This specifically concerns the performance characteristics of dedicated hardware security modules and the feasibility of reaching sufficient performance levels to satisfy the requirements of the expected communication patterns in vehicular environments. A second contri- bution under the topic of hardware assisted scalability solutions is a novel storage systems for pseudonymous identities. An application of Physically Inclinable Functions (PUF) allows for very efficient and secure storage of large sets of private key material, as it is expected to be used for privacy protection on vehicular communication. Part IV contributes detailed simulation studies of the costs and benefits of in-line certificate management in the V2V communication channel with a focus on scalability. The increased communication load due to the inclusion of certificate material can cause availability prob- lems in highly congested situations. Proposals for certificate omission schemes exist, but do not sufficiently take scalability in extremely con- gested situations into account. A novel congestion-based certificate omission scheme is proposed and evaluated in simulation studies. Ad- ditionally, a novel certificate pre-distribution approach is proposed, which is permissible under the assumptions of achievable privacy and can offer enhanced availability during privacy preserving pseudonym changes

Real world privacy expectations in VANETs real world privacy expectations in VANETs

Vehicular communication technology is nearing de- ployment in the market. We see initial plug tests in 2013 to con- firm interoperability of multiple independent implementations. As the entrance into the market is coming closer it is time to consider the privacy expectations of the relevant standards. These expectations are built upon location privacy through unlinkable pseudonyms. In this paper we focus on the real world privacy expectations that can be fulfilled in the first generation of vehicular communication technology using pseudonymity. What level of privacy is really achievable and does the effort to achieve this level privacy justify the cost and complexity of introducing pseudonymity into vehicular communication

Spoofed Data Detection in VANETs using Dynamic Thresholds

Vehicular ad hoc networks aim at enhancing road safety by providing vehicle-to-vehicle communications and safety-related applications. But safety-related applications, like Local Danger Warning, need a high trust level in received messages. Indeed, decisions are made depending on these messages. To increase the trustworthiness, a consensus mechanism is used. Thus, vehicles make a decision when a threshold is reached. Setting this threshold is of main importance because it impacts the decision delay, and thus, the remaining time for a driver reaction. In this paper, we investigate the problem of threshold establishment without globally unique identifier system (GUID). We propose to model the threshold as a Kalman filter and provide an algorithm to dynamically update the threshold. By simulations, we investigate the problem of insider attackers that generate information forgery attacks. Simulation results show that our dynamic method suffers from a bootstrapping phase but reduces the percentage of wrong decisions. Nevertheless, as future work, further analysis of default threshold value will be done

Formal model of certificate omission schemes in VANET

The benefits of certificate omission schemes in VANET have been so far proven by simulation. However, the research community is lacking of a formal model that would allow implementers and policy makers to select the optimal parameters for such schemes. In this paper, we lay the foundations of the formal model for certificate omission schemes in VANET. We apply the model to ’No Omission’ and ’Periodic Omission’, which validates the previous simulation and formulates the optimal parameters for these schemes

Efficient and secure storage of private keys for pseudonymous vehicular communication

Current standardization efforts for cooperative Intelligent Transportation Systems both in the U.S. and Europe foresee vehicles to use a large number of changeable pseudonyms for privacy protection. Provisioning and storage of these pseu- donyms require efficient and secure mechanisms to prevent malicious use of pseudonyms. In this paper we investigate several techniques to improve secure and efficient storage of pseudonyms. Specifically, we propose schemes based on Physical Unclonable Functions (PUFs) that allow to replace expensive secure key storage by regular unsecured memory and still provide fully secure pseudonyms storage

Evaluation of congestion-based certificate omission in VANETs

Telematic awareness of nearby vehicles is a basic foundation of electronic safety applications in Vehicular Ad hoc Networks (VANETs). This awareness is achieved by frequently broadcasting beacon messages to nearby vehicles that announce a vehicle’s location and other data like heading and speed. Such safety-related beacons require strong integrity protection and high reliability, two properties that are hard to combine because the communication and computation overhead introduced by security mechanisms affects reliability. This applies especially to the signatures and certificates needed for authentication. We propose a mechanism to reduce the communication overhead of secure safety beacons by adaptively omitting the inclusion of certificates in messages. In contrast to similar earlier proposals, we control the omission rate based on estimated channel congestion. A simulation study underlines the advantages of the congestion-based certificate omission scheme compared to earlier approaches. Moreover, we show that the benefits of certificate omission outweigh the negative effect of cryptographically unverifiable beacons

Revisiting attacker model for smart vehicles

Because of the potential impact on user's life in cooperative automated safety applications, the security of Vehicle-to-X communication (V2X) is mandatory. However, the current attacker model used in literature is often too network-oriented, and it is unclear what realistic attacks could be. In this paper, we use the V2X data lifecycle to derive the attack surfaces. From this, we lay the foundations of a revisited attacker model, which details realistic attacks and identify appropriate countermeasures. We demonstrate that while the security of data processing, data at rest, and data in-transit is well-advanced, the security of meta-data and data acquisition requires extra attention by the research community

Pseudonym schemes in vehicular networks: a survey

Safety-critical applications in cooperative vehicular networks require authentication of nodes and messages. Yet, privacy of individual vehicles and drivers must be maintained. Pseudonymity can satisfy both security and privacy requirements. Thus, a large body of work emerged in recent years, proposing pseudonym solutions tailored to vehicular networks. In this survey, we detail the challenges and requirements for such pseudonym mechanisms, propose an abstract pseudonym lifecycle, and give an extensive overview and categorization of the state of the art in this research area. Specifically, this survey covers pseudonym schemes based on public key and identity-based cryptography, group signatures and symmetric authentication. We compare the different approaches, give an overview of the current state of standardization, and identify open research challenges