Академический Документы
Профессиональный Документы
Культура Документы
Abstract
Providing location privacy to users is one of the important issues that must be addressed in Vehicular Ad-Hoc Networks. Recent solutions address it by using cryptographic
mix-zones, which are anonymizing regions where nodes
change their temporary identities (pseudonym) without being tracked. However, existing solutions are vulnerable to
internal attackers since within a mix-zone messages are encrypted using a group secret key. In this paper we improve
location privacy of mix-zones via extensions to the CMIX
protocol. By carrying out extensive simulations, we investigate and compare the effective location privacy provided by
the proposed approach.
1. Introduction
Road safety, traffic efficiency and driving convenience
provided by cooperative applications are some of the benefits that motivate research on Vehicular Ad-Hoc Networks
(VANETs). However, several issues must be solved in order to make VANETs a viable technology. In particular, in
this paper we address the location tracking problem, which
is commonly accepted as a critical security threat that may
prevent the successful deployment of VANETs [9].
Most safety-related applications in VANETs rely on vehicular status information such as GPS position, velocity
and heading angle, which are periodically exchanged in a
vehicular network. Unfortunately, such information might
also be used by eavesdroppers to track users. To prevent the correlation of nodes identity with nodes location, researchers [11, 6] proposed frequently changing the
randomly chosen identifiers of a node, which are called
pseudonyms. However, such a solution is ineffective, since
vehicles can be distinguished by their different status information even if their pseudonyms are changed in the same
time [6, 10].
An approach to achieving unlinkability between the
2. Related Work
In the mix-context model proposed in [6], a node
changes its pseudonym when it finds a threshold number of other nodes with similar status, i.e., a mix-context.
This approach has been further extended in [10] by proposing the synchronous pseudonym change algorithm, which
increases the probability that k nodes with similar status
change pseudonyms at the same time. However, the effectiveness of such an approach against attacks based on some
analytical kinematic model that correlate pseudonyms is unknown. In our simulations, we evaluated such effectiveness
for comparison.
The mix-zone concept [1] suits some needs required by
VANETs since mix-zones are anonymizing regions where
mobile nodes change their identifiers in a way that obfuscates location tracking attacks. In the vehicular densitybased location privacy scheme provided in [14] to address
attacks that correlate pseudonyms of vehicles entering and
exiting a mix-zone, a node must change its pseudonym only
when it finds a threshold number of nodes within such a
region.
The only solution to provide an implementation of the
mix-zone concept in VANETs is the CMIX protocol (which
stands for Cryptographic MIX-zones) described in [5]. According to CMIX, when a node enters a mix-zone it receives
a group secret key sent by a Road-Side Unit (RSU). This
key is then used to encrypt heartbeat status messages while
the node is within the mix-zone. It is shared only with authenticated members of the VANET. However, the encryption of status information using a shared key turns such an
approach vulnerable to authenticated attackers. This paper
presents an approach to address such a vulnerability.
3. System Model
In VANETs, on-Board Unit (OBU) devices on vehicles and Roadside Units (RSUs) enable vehicle-tovehicle (V2V) and vehicle-to-roadside (V2R) communication. Safety-related applications in VANETs are mostly
concerned with collision avoidance and driver assistance
systems. Their implementation rely on broadcast messages
that are signed and have the sender certificate attached, but
are not encrypted. We consider the WAVE (1609.2) (Wireless Access in Vehicular Networks) standard [7], which defines secure message formats and services to process secure
messages for applications in VANETs. The message length
defined in WAVE is 251 bytes of which the status information comprises 43 bytes at most.
As in related work [11, 5, 14], we assume that a trustworthy public key operated by governmental organizations and/or car manufacturers that preserve the secrecy of
pseudonyms is available in the vehicular network. Prior
to entering the network, each node i is registered with a
long-term identity in a Certification Authority (CA). A node
uses such an identity to periodically request Pseudonym
Providers (PP) a set of pseudonyms Pi,k , where k {1, ...,
T} and T is the pseudonym set size. For each pseudonym
1
) and the
Pi,k , a unique public/private key pair (Ki,k , Ki,k
corresponding certificate Certi,k (Ki,k ) are generated by
the corresponding CA. Each certificate has a short validity period. Since a malicious node could use its set of
pseudonyms to perform Sybil attacks, namely when a node
illegitimately claims multiple identities, we assume the existence of a mechanism that detects such attacks as in[2].
When a RSU receives the request message from i (first message in Table 1), the RSU replies with the shared key S
and a private key Ci , which are both symmetric keys. The
replied message is encrypted using the public key Ki,k of
node i and is signed. Then, i acknowledges the received
message after decrypting and validating it. The S key is
used by i to encrypt its status beacons while within a mixzone, except the status information, which we propose to
200
100
100
200
300
400
500
Beacon
300
200
100
100
200
Time (ms)
Forwarded State
Beacon
300
300
400
500
Beacon
300
Forwarded State
200
100
100
200
Time (ms)
300
400
500
Time (ms)
(1.2a) Messages sent by a node in a mix-zone (1.2b) Messages sent by a node in a mix-zone exit
entrance road (only the communication reduction road (both forwarding mechanism and communistrategies are applied).
cation reduction strategies are applied).
Figure 1. Example scenarios for a node with six neighbors (100 ms period)
.
be encrypted using the Ci key. When the RSU receives
such messages, the status information is decrypted and forwarded to the neighborhood of i encrypted by the corresponding private key of is neighbors.
Note that since an internal eavesdropper only has access
to the status information of its neighbors, such an attacker
is not able anymore to track all nodes in a mix-zone using such type of information. However, if only one node
changes its pseudonym at any given time period, this node
can be tracked by comparing the pseudonyms used by each
node in such a period and in the period that succeeds. Fortunately, this kind of vulnerability has a straightforward solution: requiring that nodes change their pseudonyms simultaneously. This can be implemented by making the RSU send
periodic messages to the network nodes requesting them to
immediately change their pseudonyms.
It is worth mentioning that the overhead due to symmetric cryptography is tolerable. Based on the encryption algorithm [4] recommended by [7] and the experiments conducted by [3], our approach would take, e.g., approximately
6 microseconds for both decoding a 251 byte message and
coding a 266 byte message (considering six 43 byte payloads plus a 8 byte time stamp as recommended by [7]).
Also, the accuracy of the status information received by a
neighbor due to a message travel time such as 50 ms do not
compromise safety, since the accuracy will be off by 2.4 cm
at most [12], assuming the maximum acceleration of a vehicle to be limited by 1 g.
We also employ a second strategy to reduce the number
of messages sent by the RSU due to the forwarding mechanism. When this mechanism is only used at exit roads (see
Figure 2), the overhead due to the forwarding of status information at entrance roads is avoided and nodes are still
protected from an internal attacker, since such an attacker is
unable to figure out the exit road chosen by a node. Then,
in entrance roads nodes encrypt their entire broadcast messages using the S key.
Figure 1 shows the evaluation of the forwarding mechanism and the communication reduction strategies in a mixzone where a given node has six neighbors. Figure 1.1
presents a scenario where each status beacon sent produces
six extra encrypted messages every 100 ms. In this scenario, the communication reduction strategies are not applied. On the other hand, Figures 1.2a and 1.2b show how
the overhead can be reduced. As stated in Figure 1.2a, the
number of status beacons is reduced when a node enters a
mix-zone. Figure 1.2b presents the outcome of using the
forwarding mechanism, which happens in a exit road of a
mix-zone due to the second strategy. We performed a few
experiments to evaluate such scenarios, which are presented
in section 5.
4.3. Discussion
First, we must consider how an internal attacker may
track a node within a mix-zone. Since such an attacker only
can access the status information of its neighbors, he could
stop at the crossroad intersection in a mix-zone to discover
the exit roads chosen by each node using their forwarded
status information. To address this attack the RSU can avoid
forwarding status information to a node that remains within
the mix-zone for a given amount of time, which may vary
due to traffic conditions. If a node has stopped, e.g., due
to an engine problem, safety is not compromised since the
neighbors of such a node still avoid collisions by using its
status information. The only option to the attacker is to employ a kinematic model to establish the relation between
nodes entering and leaving a mix-zone. The following section describes an example of such an attack.
5. Experimental evaluation
In this section, we evaluate the location privacy and resulting overhead of the proposed approach. By using the
C++ language we extended the VeinS framework [13] to
implement mix-zones. VeinS is an inter-vehicular communication simulation framework based on a bidirectionallycoupled simulation model. It integrates the OMNeT++ /
INET [15] network simulator and the SUMO [8] road traffic
microsimulation tool. These simulators run in parallel and
status update events of a vehicle in SUMO are forwarded to
their node representation in OMNeT++/INET.
compute the variation of space Xn performed in each combination of enter and exit events. Then, the attacker com
pares the estimated distance Xn with the known distance
Xn and decides for the relation where the estimated error is
minimal.
(1)
In our mix-zone topology, a semaphore manages a crossroad intersection with four ports, where each road has two
lanes. The semaphore shows 30 seconds of green light for
two ports in the same direction, followed by 30 seconds of
red light (i.e. a 60 second period). The medium access control is IEEE 802.11 with a nominal data rate of 6 Mb/s and
transmission range of 250 meters, as in similar experimental settings [14]. Also, we assume a free-space path loss to
the signal attenuation. The maximum speed and the vehicle size are 30m/s and 5m, respectively. We perform two
kinds of experiments. The first one (Section 5.2) uses a simulation scenario with 2.000 vehicles crossing a single mixzone. The second experiment (Section 5.3) uses a realistic
environment based on data collected in the city of Cologne,
Germany.
original mix-zone scheme, a direct comparison is not possible. We first evaluate how effective our approach is against
such kind of attack based on ten simulation runs. To do
so, we measured the tracking success rate of the attacker,
which is the ratio between the number of successful attacks
and the total number of attacks. We assumed that car arrival events follows a Poisson distribution with arrival rate
within [0.1, 0.7] cars/s. Saturated traffic conditions in our
simulation environment occur when reaches 0.7 cars/s.
Figure 3 shows the effectiveness of attacks when the analytical attack described is used and when the attacker randomly guesses the correlation of pseudonyms. In both scenarios, the more cars enter a mix-zone, the lower the tracking success rate. This is expected since if the attacker registers more events it is less likely that he is able to choose
the correct pseudonyms. The effectiveness of the attacker
decreases when the radius of the mix-zone range increases.
Larger mix-zones are likely to contain more vehicles at a
given time, which contributes to make an attack less effective. It is worth mentioning that the privacy level obtained
for the internal attacker is similar to previous works that
considered only an external attacker [14, 5].
It is worth emphasizing the effectiveness of the proposed approach. The results presented in Figure 3 suggest
that even if we provide the attacker with data concerning
the dynamics of vehicles, his tracking capability does not
seem much improved compared to tracking vehicles at random. Also, considering that since vehicles actually pass
through several mix-zones during their journey, the cumulative probability for them to be tracked tends to be considerably low. For example, if a vehicle passed through four
similar mix-zones, with 0.3 mean arrival rate and radius set
to 200m, the successful tracking probability is around 1%.
6. Conclusion
In this paper we described an approach that improves location privacy in the cryptographic mix-zone model used in
vehicular networks by addressing its vulnerability against
internal attackers. Also, communication reduction strategies were provided to compensate communication overheads that result from the proposed solution.
We performed extensive simulations to measure the successful tracking rate achieved by an internal attacker. Our
References
[1] A. R. Beresford and F. Stajano. Location Privacy in Pervasive Comput. IEEE Pervasive Computing, 2, 2003.
[2] C. Chen, X. Wang, W. Han, and B. Zang. A Robust Detection of the Sybil Attack in Urban VANETs. ICDCS Workshops, 0:270276, 2009.
[3] W. Dai.
Crypto++ 5.6.0 Benchmarks. Available:
www.cryptopp.com/benchmarks-amd64.html.
[4] N. Dworkin. NIST Special Publication SP 800-38C. Recommendation for Block Cipher Modes of Operation: the CCM
Mode for Authentication and Confidentiality.
[5] J. Freudiger, M. Raya, M. Feleghhazi, P. Papadimitratos, and
J.-P. Hubaux. Mix-Zones for Location Privacy in Vehicular
Networks. WiN-ITS, 2007.
[6] M. Gerlach and F. Guttler. Privacy in VANETs Using
Changing Pseudonyms - Ideal and Real. In Proc. of the 65th
Vehicular Technology Conference (VTC), pages 25212525,
Dublin, Ireland, 2007.
[7] IEEEP1609.2. Institute of Electrical and Electronics Engineers. IEEE Trial-Use Standard for Wireless Access in Vehicular Environments - Security Services for Applications
and Management Messages, 2006.
[8] D. Krajzewicz and C. Rossel.
Simulation of Urban
MObility (SUMO). German Aerospace Centre. Available:
sumo.sourceforge.net/index.shtml, 2011.
[9] C. Laurendeau and M. Barbeau. Threats to Security in
DSRC/WAVE. In T. Kunz and S. Ravi, editors, Ad-Hoc, Mobile, and Wireless Networks, volume 4104 of Lecture Notes
in Computer Science, pages 266279. 2006.
[10] J. Liao and J. Li. Effectively Changing Pseudonyms for Privacy Protection in VANETs. Int. Symp. on Parallel Architectures, Algorithms and Networks, pages 648652, 2009.
[11] M. Raya and J.-P. Hubaux. The Security of Vehicular Ad
Hoc Networks. In 3rd ACM SASN, 2005.
[12] S. Rezaei, R. Sengupta, H. Krishnan, X. Guan, and R. Bhatia. Tracking the Position of Neighboring Vehicles Using
Wireless Communications. Transportation Research Part C:
Emerging Technologies, 18(3):335 350, 2010.
[13] C. Sommer, R. German, and F. Dressler. Bidirectionally
Coupled Network and Road Traffic Simulation for Improved
IVC Analysis. IEEE Trans. Mobile Comput., 2010.
[14] J.-H. Song, V. W. S. Wong, and V. C. M. Leung. Wireless
Location Privacy Protection in Vehicular Ad-hoc Networks.
In Proceedings of ICC, pages 26992704, 2009.
[15] A. Vargas. Objective Modular Network Testbed in C++
(OMNET++), version 4.0. Available: www.omnetpp.org.
[16] C. Varschen and P. Wagner. Mikroskopische Modellierung
der Personenverkehrsnachfrage auf Basis von Zeitverwendungstagebchern. AMUS, 2006.