Stefan Dietzel

Resilient secure aggregation for vehicular networks

Innovative ways to use ad hoc networking between vehicles are an active research topic and numerous proposals have been made for applications that make use of it. Due to the bandwidth-limited wireless communication medium, scalability is one crucial factor for the success of these future protocols. Data aggregation is one solution to accomplish such scalability. The goal of aggregation is to semantically combine information and only disseminate this combined information in larger regions. However, the integrity of aggregated information cannot be easily verified anymore. Thus, attacks are possible resulting in lower user acceptance of applications using aggregation or, even worse, in accidents due to false information crafted by a malicious user. Therefore, it is necessary to design novel mechanisms to protect aggregation techniques. However, high vehicle mobility, as well as tight bandwidth constraints, pose strong requirements on the efficiency of such mechanisms. We present new security mechanisms for semantic data aggregation that are suitable for use in vehicular ad hoc networks. Resilience against both malicious users of the system and wrong information due to faulty sensors are taken into consideration. The presented mechanisms are evaluated with respect to their bandwidth overhead and their effectiveness against possible attacks.

Modeling in-network aggregation in VANETs

The multitude of applications envisioned for vehicular ad hoc networks requires efficient communication and dissemination mechanisms to prevent network congestion. In-network data aggregation promises to reduce bandwidth requirements and enable scalability in large vehicular networks. However, most existing aggregation schemes are tailored to specific applications and types of data. Proper comparative evaluation of different aggregation schemes is difficult. Yet, comparability is essential to properly measure accuracy, performance, and efficiency. We outline a modeling approach for VANET aggregation schemes to achieve objective comparability. Our modeling approach consists of three models, which provide different perspectives on an aggregation scheme. The generalized architecture model facilitates categorization of aggregation schemes. The aggregation information flow model supports analysis of where information is aggregated by a scheme. The aggregation state graph models how knowledge about the road network and its environment is represented by a scheme. Furthermore, it facilitates error estimation with respect to the ground truth. We apply each modeling approach to existing aggregation schemes from the literature and highlight strengths, as well as weaknesses, that can be used as a starting point for designing a more generic aggregation scheme.

In-Network Aggregation for Vehicular Ad Hoc Networks

In-network aggregation mechanisms for vehicular ad hoc networks (VANETs) aim at improving communication efficiency by summarizing information that is exchanged between vehicles. Summaries are calculated, while data items are generated in and forwarded through the network. Due to its high bandwidth saving potential, aggregation is a vital building block for many of the applications envisioned in VANETs. At the same time, the specific environment of VANETs calls for novel approaches to aggregation, which address their challenging requirements. In this paper, we survey and structure this active research field. We propose a generic model to describe and classify the proposed approaches, and we identify future research challenges.

Graph-Based Metrics for Insider Attack Detection in VANET Multihop Data Dissemination Protocols

Vehicular networks (VANETs) are a growing research area with a large number of use cases. Foreseen applications include safety applications, traffic efficiency enhancements, and infotainment services. To make future deployment successful, it is imperative that all applications are matched with proper security mechanisms. Current proposals mostly focus on entity authorization by establishing a public key infrastructure. Such proactive security efficiently excludes nonauthorized entities from the network. However, in the face of insider attackers possessing valid key material, we need to consider data-centric methods to complement entity-centric trust. A promising approach for consistency checks, particularly in multihop scenarios, is to exploit redundant information dissemination. If information is received from both honest and malicious vehicles, chances are that attacks can be detected. In this paper, we propose three graph-based metrics to gauge the redundancy of dissemination protocols. We apply our metrics to a baseline protocol, a geocast protocol, and an aggregation protocol using extensive simulations. In addition, we point out open issues and applications of the metrics, such as colluding attackers and eviction of attacker nodes based on detected attacks. Results show that Advanced Adaptive Geocast behaves almost optimally from a routing efficiency point of view but fails to offer sufficient redundancy for data consistency mechanisms in many scenarios. The simulated aggregation protocol shows sufficient redundancy to facilitate data consistency checking.

Channel switch and quiet attack: New DoS attacks exploiting the 802.11 standard

Network communication using unprotected air as a medium leads to unique challenges ensuring confidentiality, integrity and availability. While newer amendments of IEEE 802.11 provide acceptable confidentiality and integrity, availability is still questionable despite broad usage of Wi-Fi technologies for tasks where availability is critical. We will present new security weaknesses that we have identified in the 802.11 standard and especially the 802.11h amendment. Our results are underlined by an extensive analysis of attacks addressing the quiet information element and channel switch announcement in management frames. For some stations a complete DoS effect can be achieved with a single packet for more than one minute. This shows that the newly identified attacks are more efficient than earlier approaches like a deauthentication attack. Tests were performed with a large variety of network interface cards, mobile devices, and operating systems.

A structure-free aggregation framework for vehicular ad hoc networks

One of the major difficulties for cooperative, decentralized information dissemination in vehicular networks is the heavily varying node density, which can lead to capacity issues of the wireless channel when many vehicles are driving or standing closely together. At the same time, a number of applications do not require exact information from all participating nodes, but higher-level aggregated information. For example, reports on road conditions or on flow of traffic can be aggregated before further dissemination, since remote drivers just need to know a coarse-grained picture of the situation. In this paper, we propose an information aggregation framework using the example of cooperative traffic congestion detection. The difference of our aggregation framework compared to other approaches is that it completely abandons any predefined structures such as grids and any group establishment. First evaluation results show that our approach works well for average speed dissemination on a highway.

Mandatory Enforcement of Privacy Policies using Trusted Computing Principles

Modern communication systems and information technology create significant new threats to information privacy. In this paper, we discuss the need for proper privacy protection in cooperative intelligent transportation systems (cITS), one instance of such systems. We outline general principles for data protection and their legal basis and argue why pure legal protection is insufficient. Strong privacy-enhancing technologies need to be deployed in cITS to protect user data while it is generated and processed. As data minimization cannot always prevent the need for disclosing relevant personal information, we introduce the new concept of mandatory enforcement of privacy policies. This concept empowers users and data subjects to tightly couple their data with privacy policies and rely on the system to impose such policies onto any data processors. We also describe the PRECIOSA Privacy-enforcing Runtime Architecture that exemplifies our approach. Moreover, we show how an application can utilize this architecture by applying it to a pay as you drive (PAYD) car insurance scenario.

A flexible, subjective logic-based framework for misbehavior detection in V2V networks

Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I) communication aims to increase safety, efficiency, and comfort of drivers. Vehicles periodically broadcast their current status, such as position, velocity, and other information. Received information is stored in a local knowledge base, often called world model, and used for application decisions. Because of the potential impact, V2V communication is an interesting target for malicious attackers. Message integrity protection using cryptographic signatures only protects against outsider attackers. In addition to signatures, misbehavior detection mechanisms comparable to intrusion detection systems (IDS) are needed to detect insider attackers. Given the complexity and large number of foreseen V2V and V2I applications, misbehavior detection cannot be a one-size-fits-all solution. In this paper, we present a flexible framework that can combine a range of different misbehavior detection mechanisms by modeling their outputs using subjective logic. We demonstrate the feasibility of our framework by using a combination of existing detection mechanisms to increase their misbehavior detection results.

SeDyA: secure dynamic aggregation in VANETs

In vehicular ad-hoc networks (VANETs), a use case for mobile ad-hoc networks (MANETs), the ultimate goal is to let vehicles communicate using wireless message exchange to provide safety, traffic efficiency, and entertainment applications. Especially traffic efficiency applications benefit from wide-area message dissemination, and aggregation of information is an important tool to reduce bandwidth requirements and enable dissemination in large areas. The core idea is to exchange high quality summaries of the current status rather than forwarding all individual messages. Securing aggregation schemes is important, because they may be used for decisions about traffic management, as well as traffic statistics used in political decisions concerning road safety and availability. The most important challenge for security is that aggregation removes redundancy and the option to directly verify signatures on atomic messages. Existing proposals are limited, because they require roads to be segmented into small fixed-size regions, beyond which aggregation cannot be performed. In this paper, we introduce SeDyA, a scheme that allows more dynamic aggregation compared to existing work, while also providing stronger security guarantees. We evaluate SeDyA against existing proposals to show the benefits in terms of information accuracy, bandwidth usage, and resilience against attacks.

Privacy context model for dynamic privacy adaptation in ubiquitous computing

Ubiquitous computing is characterized by the merger of physical and virtual worlds as physical artifacts gain digital sensing, processing, and communication capabilities. Maintaining an appropriate level of privacy in the face of such complex and often highly dynamic systems is challenging. We argue that context awareness not only enables novel UbiComp applications but can also support dynamic regulation and configuration of privacy mechanisms. We propose a higher level context model that abstracts from low level details and contains only privacy relevant context features. Context changes in our model can trigger reconfiguration of privacy mechanisms or facilitate context-specific privacy recommendations to the user. Based on our model, we analyze potential privacy implications of context changes and discuss how these results could inform actual reconfiguration of privacy mechanisms.