Privacy Issues in Vehicular Ad Hoc Networks

Privacy Issues in Vehicular Ad Hoc Networks.

Florian DötzerBMW Group Research and Technology

Agenda.

Introduction

Privacy in VANETs

Exemplary Approach

Future Work / Conclusion

Agenda.

Introduction

Privacy in VANETs

Exemplary Approach


VANET PrivacyBMW GroupFlorian DötzerJune 1, 2005Page 4

Ad-hoc Networks.From Cellular to VANET.

CellularCellular

Cellular Network

MANETMANET

Mobile Ad-hoc NETwork

VANETVANET

Vehicular Ad-hoc NETwork


MANETsMANETs

MANETs and VANETs.Properties.

Decentralized

Self - Organizing

VANETsVANETs

Additionally:

High Node Mobility

Very Large Number of Nodes

Complex Administrative Structure


VANET.Application Local Danger Warning.

VSC – Vehicle Safety Communications


VANETs.Security Requirements.

Authentic InformationTrust Establishment vs. Information

Matching

AvailabilityNode Cooperation, DoS, Secure Routing

PrivacyLocation Privacy, Identities, Profiling

Agenda.

Introduction

Privacy in VANETs

Exemplary Approach



Cars = Personal Devices

Position is known

Cars get connected

Privacy.Importance for VANETs.

Attacks on Privacy become relevant

+ Privacy is essential for VANETs

BUT: Privacy cannot be “added” afterwards!


“Automated” Law Enforcement

Identity TrackingConfiguration Fingerprinting

RF-Fingerprinting

Location Recording

Movement Profiles

Communication Relations

VANET Privacy.Example Threats and Attacks.


Use of pseudonyms (no real-world identities)

Multiple pseudonyms may be used

Pseudonym change application requirements

Pseudonyms real-world ID mapping

Properties / privileges cryptographically bound

VANET Privacy.Requirements.

Agenda.

Introduction

Privacy in VANETs

Exemplary Approach



ID

Phase I: Separation of ID and service usage Privacy

Authority AID

Pseudonyms

ID1

Pseudonyms

PseudonymPseudonymPseudonym

2

Credentials

„Signature“

CredentialCredentialCredential

4Pseudonym

3

Organisation OPseudonym

Credentials

Trusted Authority Approach.A Car’s Setup Phase.


Sender

Phase II: Receiver can verify message

ID

Credentials

Pseudonyms

ID

Receiver

Credentials

Pseudonyms

Trusted Authority Approach.Normal Usage.


Phase III: Disclosure of sender ID

4

Sender

ID

Credentials

Pseudonyms

Receiver

1

ID2

Organisation OPseudonym

Credentials3

Authority AID

Pseudonyms

Signature OK!

BUT

Information is not correct

OR sender

malfunctioning

Trusted Authority Approach.“Revocation” Phase.


Trusted Authority Approach.Evaluation.

Pro’s

+ Fulfills given requirements

+ Provides strong privacy

Con’s

- Requires independent, trusted authority

- Problem of detecting wrong messages

Agenda.

Introduction

Privacy in VANETs

Exemplary Approach



Future Work.And Open Questions…

How to change pseudonyms?

Feasibility of Organizational Solution

Feasibility of Smart Card Approach

Location Related Pseudonyms

System without IDs?


Conclusion.

Privacy is essential for VANETs

Privacy must be considered at system

design

Trusted authority approach is far from

perfect

Additional research is necessary


Thanks for Listening.Questions?

Documents

Privacy Issues in Vehicular Ad Hoc Networks