Frank Kargl

Secure vehicular communication systems: design and architecture

Significant developments have taken place over the past few years in the area of vehicular communication systems. Now, it is well understood in the community that security and protection of private user information are a prerequisite for the deployment of the technology. This is so precisely because the benefits of VC systems, with the mission to enhance transportation safety and efficiency, are at stake. Without the integration of strong and practical security and privacy enhancing mechanisms, VC systems can be disrupted or disabled, even by relatively unsophisticated attackers. We address this problem within the SeVeCom project, having developed a security architecture that provides a comprehensive and practical solution. We present our results in a set of two articles in this issue. In this first one, we analyze threats and types of adversaries, identify security and privacy requirements, and present a spectrum of mechanisms to secure VC systems. We provide a solution that can be quickly adopted and deployed. In the second article we present our progress toward the implementation of our architecture and results on the performance of the secure VC system, along with a discussion of upcoming research challenges and our related current results.

Communication patterns in VANETs

Vehicular networks are a very promising technology to increase traffic safety and efficiency, and to enable numerous other applications in the domain of vehicular communication. Proposed applications for VANETs have very diverse properties and often require nonstandard communication protocols. Moreover, the dynamics of the network due to vehicle movement further complicates the design of an appropriate comprehensive communication system. In this article we collect and categorize envisioned applications from various sources and classify the unique network characteristics of vehicular networks. Based on this analysis, we propose five distinct communication patterns that form the basis of almost all VANET applications. Both the analysis and the communication patterns shall deepen the understanding of VANETs and simplify further development of VANET communication systems.

Secure vehicular communication systems: implementation, performance, and research challenges

Vehicular communication systems are on the verge of practical deployment. Nonetheless, their security and privacy protection is one of the problems that have been addressed only recently. In order to show the feasibility of secure VC, certain implementations are required. we discuss the design of a VC security system that has emerged as a result of the European SeVe-Com project. In this second article we discuss various issues related to the implementation and deployment aspects of secure VC systems. Moreover, we provide an outlook on open security research issues that will arise as VC systems develop from todays simple prototypes to full-fledged systems.

Architecture for Secure and Private Vehicular Communications

The deployment of vehicular communication (VC) systems is strongly dependent on their security and privacy features. In this paper, we propose a security architecture for VC. The primary objectives of the architecture include the management of identities and cryptographic keys, the security of communications, and the integration of privacy enhancing technologies. Our design approach aims at a system that relies on well-understood components which can be upgraded to provide enhanced security and privacy protection in the future. This effort is undertaken by SeVeCom (http://www.sevecom.org), a transversal project providing security and privacy enhancing mechanisms compatible with the VC technologies currently under development by all EU funded projects.

Exploration of adaptive beaconing for efficient intervehicle safety communication

In the future intervehicle communication will make driving safer, easier, and more comfortable. As a cornerstone of the system, vehicles need to be aware of other vehicles in the vicinity. This cooperative awareness is achieved by beaconing, the exchange of periodic single-hop broadcast messages that include data on the status of a vehicle. While the concept of beaconing has been developed in the first phase of research on VANETs, recent studies have revealed limitations with respect to network performance. Obviously, the frequency of beacon messages directly translates into accuracy of cooperative awareness and thus traffic safety. There is an indisputable trade-off between required bandwidth and achieved accuracy. In this work we analyze this trade-off from different perspectives considering the consequences for safety applications. As a solution to the problem of overloading the channel, we propose to control the offered load by adjusting the beacon frequency dynamically to the current traffic situation while maintaining appropriate accuracy. To find an optimal adaptation, we elaborate on several options that arise when determining the beacon frequency. As a result, we propose situation-adaptive beaconing. It depends on the vehicles own movement and the movement of surrounding vehicles, macroscopic aspects like the current vehicle density, or microscopic aspects.

Protecting web servers from distributed denial of service attacks

Recently many prominent web sites face so called Distributed Denial of Service Attacks (DDoS). While former security threats could be faced by a tight security policy and active measures like using rewalls, vendor patches etc. these DDoS are new in such way that there is no completely satisfying protection yet. In this paper we categorize di erent forms of attacks and give an overview over the most common DDoS tools. Furthermore we present a solution based on Class Based Routing mechanisms in the Linux kernel that will prevent the most severe impacts of DDoS on clusters of web servers with a prepended load balancing server. The goal is to keep the web servers under attack responding to the normal client requests. Some performance tests and a comparison to other approaches conclude our paper.

POSITION VERIFICATION APPROACHES FOR VEHICULAR AD HOC NETWORKS

Intervehicle communication is regarded as one of the major applications of mobile ad hoc networks (MANETs). Compared to MANETs, these so-called vehicular ad hoc networks (VANETs) have special requirements in terms of node mobility and position-dependent applications, which are well met by geographic routing protocols. Functional research on geographic routing has already reached a considerable level, whereas security aspects have been vastly neglected so far. Since position dissemination is crucial for geographic routing, forged position information has severe impact regarding both performance and security. In this work, we first analyze the problems that may arise from falsified position data. Then, in order to lessen these problems, we propose detection mechanisms that are capable of recognizing nodes cheating about their location in position beacons. In contrast to other position verification approaches, our solution does not rely on special hardware or dedicated infrastructure. Evaluation based on simulations shows that our position verification system successfully discloses nodes disseminating false positions and thereby widely prevents attacks using position cheating

Advanced detection of selfish or malicious nodes in ad hoc networks

The fact that security is a critical problem when implementing mobile ad hoc networks (MANETs) is widely acknowledged. One of the different kinds of misbehavior a node may exhibit is selfishness. A selfish node wants to preserve own resources while using the services of others and consuming their resources. One way of preventing selfishness in a MANET is a detection and exclusion mechanism. In this paper, we focus on the detection phase and present different kinds of sensors that can be used to find selfish nodes. First we present simulation results that show the negative effects which selfish nodes cause in MANET. In the related work section we will analyze some of the detection mechanisms proposed in literature so far. Our new detection mechanisms described next are called activity-based overhearing, iterative probing, and unambiguous probing. Simulation-based analysis of these mechanisms show that they are highly effective and can reliably detect a multitude of selfish behaviors.

Privacy in inter-vehicular networks: Why simple pseudonym change is not enough

Inter-vehicle communication (IVC) systems disclose rich location information about vehicles. State-of-the-art security architectures are aware of the problem and provide privacy enhancing mechanisms, notably pseudonymous authentication. However, the granularity and the amount of location information IVC protocols divulge, enable an adversary that eavesdrops all traffic throughout an area, to reconstruct long traces of the whereabouts of the majority of vehicles within the same area. Our analysis in this paper confirms the existence of this kind of threat. As a result, it is questionable if strong location privacy is achievable in IVC systems against a powerful adversary.

Pseudonym Schemes in Vehicular Networks: A Survey

Safety-critical applications in cooperative vehicular networks require authentication of nodes and messages. Yet, privacy of individual vehicles and drivers must be maintained. Pseudonymity can satisfy both security and privacy requirements. Thus, a large body of work emerged in recent years, proposing pseudonym solutions tailored to vehicular networks. In this survey, we detail the challenges and requirements for such pseudonym mechanisms, propose an abstract pseudonym lifecycle, and give an extensive overview and categorization of the state of the art in this research area. Specifically, this survey covers pseudonym schemes based on public key and identity-based cryptography, group signatures and symmetric authentication. We compare the different approaches, give an overview of the current state of standardization, and identify open research challenges.