Maxim Raya

Securing vehicular ad hoc networks

Vehicular networks are very likely to be deployed in the coming years and thus become the most relevant form of mobile ad hoc networks. In this paper, we address the security of these networks. We provide a detailed threat analysis and devise an appropriate security architecture. We also describe some major design decisions still to be made, which in some cases have more than mere technical implications. We provide a set of security protocols, we show that they protect privacy and we analyze their robustness and efficiency.

The security of vehicular ad hoc networks

Vehicular networks are likely to become the most relevant form of mobile ad hoc networks. In this paper, we address the security of these networks. We provide a detailed threat analysis and devise an appropriate security architecture. We also describe some major design decisions still to be made, which in some cases have more than mere technical implications. We provide a set of security protocols, we show that they protect privacy and we analyze their robustness, and we carry out a quantitative assessment of the proposed solution.

SECURING VEHICULAR COMMUNICATIONS

The road to a successful introduction of vehicular communications has to pass through the analysis of potential security threats and the design of a robust security architecture able to cope with these threats. In this article we undertake this challenge. In addition to providing a survey of related academic and industrial efforts, we also outline several open problems

Secure vehicular communication systems: design and architecture

Significant developments have taken place over the past few years in the area of vehicular communication systems. Now, it is well understood in the community that security and protection of private user information are a prerequisite for the deployment of the technology. This is so precisely because the benefits of VC systems, with the mission to enhance transportation safety and efficiency, are at stake. Without the integration of strong and practical security and privacy enhancing mechanisms, VC systems can be disrupted or disabled, even by relatively unsophisticated attackers. We address this problem within the SeVeCom project, having developed a security architecture that provides a comprehensive and practical solution. We present our results in a set of two articles in this issue. In this first one, we analyze threats and types of adversaries, identify security and privacy requirements, and present a spectrum of mechanisms to secure VC systems. We provide a solution that can be quickly adopted and deployed. In the second article we present our progress toward the implementation of our architecture and results on the performance of the secure VC system, along with a discussion of upcoming research challenges and our related current results.

Eviction of Misbehaving and Faulty Nodes in Vehicular Networks

Vehicular networks (VNs) are emerging, among civilian applications, as a convincing instantiation of the mobile networking technology. However, security is a critical factor and a significant challenge to be met. Misbehaving or faulty network nodes have to be detected and prevented from disrupting network operation, a problem particularly hard to address in the life-critical VN environment. Existing networks rely mainly on node certificate revocation for attacker eviction, but the lack of an omnipresent infrastructure in VNs may unacceptably delay the retrieval of the most recent and relevant revocation information; this will especially be the case in the early deployment stages of such a highly volatile and large-scale system. In this paper, we address this specific problem. We propose protocols, as components of a framework, for the identification and local containment of misbehaving or faulty nodes, and then for their eviction from the system. We tailor our design to the VN characteristics and analyze our system. Our results show that the distributed approach to contain nodes and contribute to their eviction is efficiently feasible and achieves a sufficient level of robustness.

On Data-Centric Trust Establishment in Ephemeral Ad Hoc Networks

We argue that the traditional notion of trust as a relation among entities, while useful, becomes insufficient for emerging data-centric mobile ad hoc networks. In these systems, setting the data trust level equal to the trust level of the data- providing entity would ignore system salient features, rendering applications ineffective and systems inflexible. This would be even more so if their operation is ephemeral, i.e., characterized by short-lived associations in volatile environments. In this paper, we address this challenge by extending the traditional notion of trust to data-centric trust: trustworthiness attributed to node-reported data per se. We propose a framework for data-centric trust establishment: First, trust in each individual piece of data is computed; then multiple, related but possibly contradictory, data are combined; finally, their validity is inferred by a decision component based on one of several evidence evaluation techniques. We consider and evaluate an instantiation of our framework in vehicular networks as a case study. Our simulation results show that our scheme is highly resilient to attackers and converges stably to the correct decision.

DOMINO: a system to detect greedy behavior in IEEE 802.11 hotspots

The proliferation of hotspots based on IEEE 802.11 wireless LANs brings the promise of seamless Internet access from a large number of public locations. However, as the number of users soars, so does the risk of possible misbehavior; to protect themselves, wireless ISPs already make use of a number of security mechanisms, and require mobile stations to authenticate themselves at the Access Points (APs). However, IEEE 802.11 works properly only if the stations also respect the MAC protocol. We show in this paper that a greedy user can substantially increase his share of bandwidth, at the expense of the other users, by slightly modifying the driver of his network adapter. We explain how easily this can be performed, in particular with the new generation of adapters. We then present DOMINO (System for Detection Of greedy behavior in the MAC layer of IEEE 802.11 public NetwOrks), a piece of software to be installed in the Access Point. DOMINO can detect and identify greedy stations, without requiring any modification of the standard protocol at the AP and without revealing its own presence. We illustrate these concepts by simulation results and by the description of our prototype.

TraNS: realistic joint traffic and network simulator for VANETs

Realistic simulation is a necessary tool for the proper evaluation of newly developed protocols for Vehicular Ad Hoc Networks (VANETs). Several recent efforts focus on achieving this goal. Yet, to this date, none of the proposed solutions fulfil all the requirements of the VANET environment. This is so mainly because road traffic and communication network simulators evolve in disjoint research communities. We are developing TraNS, an open-source simulation environment, as a step towards bridging this gap. This short paper describes the TraNS architecture and our ongoing development efforts.

Efficient secure aggregation in VANETs

In VANETs, better communication efficiency can be achieved by sacrificing security and vice versa. But VANETs cannot get started without either of them. In this paper, we propose a set of mechanisms that can actually reconcile these two contradictory requirements. The main idea is to use message aggregation and group communication. The first class of solutions is based on asymmetric cryptographic primitives, the second class uses symmetric ones, and the third one mixes the two. We have also evaluated the performance potential of one technique and arrived at the conclusion that aggregation in VANETs increases not only efficiency but also security.

Architecture for Secure and Private Vehicular Communications

The deployment of vehicular communication (VC) systems is strongly dependent on their security and privacy features. In this paper, we propose a security architecture for VC. The primary objectives of the architecture include the management of identities and cryptographic keys, the security of communications, and the integration of privacy enhancing technologies. Our design approach aims at a system that relies on well-understood components which can be upgraded to provide enhanced security and privacy protection in the future. This effort is undertaken by SeVeCom (http://www.sevecom.org), a transversal project providing security and privacy enhancing mechanisms compatible with the VC technologies currently under development by all EU funded projects.