ArticlePDF Available

The Security and Privacy of Smart Vehicles

Authors:

Abstract and Figures

The evolution of context awareness in the smart vehicles is reported. Context awareness refers to a vehicle being aware of its neighborhood. Modern cars now possess a network of processors connected to a central computing platform that provides Ethernet, USB, Bluetooth, and IEEE 802.11 interfaces. A vehicle is called smart if it is equipped with recording, processing, positioning, and location capabilities, and it can also run wireless security protocols. Smart cars promise to improve the safety in in the roads in the coming times.
Content may be subject to copyright.
Making Wireless Work
C
urrent traffic-safety statistics are notoriously
horrific. Approximately 40,000 people are
killed each year on the European Union’s roads,
with around 1.7 million people incurring criti-
cal injuries; the US reports similar statistics (http://
europa.eu.int/comm/transport/care/). The annual costs
associated with traffic accidents (such as hospital bills and
property damage) total nearly 3 percent of the world’s
gross domestic product (GDP), or roughly US$1 tril-
lion.
1
Further compounding this predicament, the num-
ber of vehicles is increasing faster than the number of
roads, leading to frequent traffic jams. Additional issues
include pollution and scarce parking spaces.
In response to these problems, governments and man-
ufacturers have launched several initiatives (such as
mandatory safety-belt laws, airbags, and antiblocking
brake systems), which have improved the situation some-
what. In October 1999, the US Federal Communica-
tions Commission allocated 75 MHz (the 5.85- to 5.925-
GHz portion) of the spectrum in America for dedicated
short-range communications (vehicle-vehicle or vehicle-
roadside). Upcoming traffic safety initiatives rely heavily
on information technology, which means that vehicles
must be able to authenticate themselves and be traceable
whenever necessary, be it for law enforcement (detection
of speeding vehicles, for example), crash reconstruction,
or toll collection. Today, most tracking operations rely on
reading license plates; this obsolete and error-prone tech-
nique is the equivalent of reading a credit card with opti-
cal character recognition technology rather than with
magnetic strips or embedded chips.
Reading plates has been replaced with authentication
over a radio link (requesting an onboard device to trans-
mit a cryptographic identity) in some
cases, most noticeably at toll roads and
bridges. As we will see, though, there is tremendous pres-
sure to adopt generalized wireless authentication, espe-
cially in advanced safety mechanisms. However, this has
deep implications for privacy, even greater than it does for
cellular networks: a mobile phone can be switched off at
any time, but a license plate can’t. This article provides a
brief overview of the relevant aspects of modern automo-
tive technology and discusses in greater detail the role se-
curity will play.
Smart vehicles and roads
An important evolution for the automotive industry is the
one toward context awareness, meaning that a vehicle is
aware of its neighborhood (including the presence and lo-
cation of other vehicles). Modern cars now possess a net-
work of processors connected to a central computing plat-
form that provides Ethernet, USB, Bluetooth, and IEEE
802.11 interfaces. Newer cars also have such features as
an event data recorder (EDR), inspired by the “black
boxes” found on airplanes (EDRs record all major data
from the vehicle for crash reconstruction);
a GPS receiver, the accuracy of which can be improved
by knowledge of road topology (GPS is currently used
in many navigation systems); and
front-end radar for detecting obstacles at distances as far
as 200 meters (such radar is often used for adaptive
cruise control)
2
and short-distance radar or an ultra-
sound system, typically used for parking.
Inter-vehicle communication (IVC) supports many
JEAN-PIERRE
HUBAUX,
SRDJAN
C
ˇ
APKUN, AND
JUN LUO
EPFL
PUBLISHED BY THE IEEE COMPUTER SOCIETY 1540-7993/04/$20.00 © 2004 IEEE IEEE SECURITY & PRIVACY 49
Road safety, traffic management, and driver convenience
continue to improve, in large part thanks to appropriate
usage of information technology. But this evolution has
deep implications for security and privacy, which the
research community has overlooked so far.
The Security and Privacy
of Smart Vehicles
Making Wireless Work
important features, particularly in the area of crash pre-
vention (for example, by informing vehicles about traffic
congestion).
3
A set of communicating vehicles is an ex-
ample of a mobile ad hoc network. The research com-
munity has devoted much attention to the security and
privacy of such networks in the past few years,
4–6
but
none of these contributions considers any such network
for smart vehicles, which is what we’ll study here.
In this article, we call a vehicle smart if it is equipped with
recording, processing, positioning, and location capabilities
and if it can run wireless security protocols (see Figure 1).
Roads can be made smart, too. Fixed communication de-
vices installed along a road can inform passing vehicles about
the road’s precise topology (see the PATH project,
www.path.berkeley.edu). However, this approach’s draw-
back is that it requires an enormous financial investment,
which, at first, would benefit a small minority of drivers.
The observation of what happens on roads is called
traffic monitoring,
7
which has a primary purpose of detect-
ing anomalous situations, such as those generated by an
accident or difficult driving conditions. It also optimizes
traffic flow, most notably by synchronizing traffic lights
with each other and with observed traffic, and civil engi-
neers often use it to help plan construction of new roads.
Traffic monitoring is based on different traffic measure-
ment techniques; one of the most conventional (and
popular) consists of inductive loop detectors buried in as-
phalt. Less “intrusive” techniques include video image
processors, microwave radar, infrared laser radar, and
acoustic/ultrasonic devices.
With more smart cars and roads, we can expect many
changes. First, the number and severity of accidents
should decrease: by integrating information about posi-
tion and mutual distance with other vehicles, a given ve-
hicle will be able to permanently assess the level of danger
and trigger a warning to the driver, if necessary. In the
more distant future, it could even override the driver—
activating the brakes or taking control of the steering
wheel, for example. Moreover, if an accident occurs, res-
cue teams will have immediate access to relevant infor-
mation; a posteriori data will also help determine driver
liability. With smart cars and roads, traffic monitoring it-
self will improve because it relies on much more accurate
data. Ideally, traffic monitoring will eventually provide
personalized advice to each driver via a personal naviga-
tion system. Ultimately, smart cars’ benefits will range
from simplifying the payment process for the driver (tolls,
parking, and fuel), to helping the driver find an available
parking place, to assisting authorities in fighting crime
and terrorism. (Because terrorist activities often involve
car bombs, automatic identification can help stop suspi-
cious vehicles before they can access sensitive areas.)
However, a major hurdle in moving forward is that,
for a lengthy time period, only a small subset of vehicles
will be smart, yet the safety mechanisms we’ve described,
especially those involving wireless authentication, require
most—if not all—vehicles to be smart. As a result, boot-
strapping the authentication mechanism’s deployment is
a formidable business challenge. An additional obstacle is
the negative perception that the population might have
about such mechanisms—especially the feeling of being
permanently monitored by some arbitrary authority.
Devising an appropriate production and marketing
strategy is beyond this article’s scope, but we believe the
solution is to deploy new features gradually, beginning
with those that are operational even if only a small subset
of vehicles can handle them—examples include access
control to specific areas, wireless toll collection, personal-
ized information about traffic congestion, and theft pre-
vention. Another possibility for gradually deploying such
systems without generating much resistance is to equip
professional vehicles first—commercial trucks, buses,
taxis, ambulances, and police cars, for example (in fact,
many trucks already have EDRs).
Security and privacy
Surprisingly, most people overlook the security and pri-
vacy questions that vehicular technology’s evolution
raises. Currently, every vehicle is registered with its na-
tional or regional authority, which allocates a unique
identifier to it, but in parts of the US and the EU, registra-
tion authorities have made substantial progress toward
electronically identifying vehicles and similar progress is
being made toward machine-readable driving licenses. To
allow the wireless authentification of vehicles, these au-
thorities must provide each vehicle with a private/public
key pair, along with a shared symmetric key, and a digital
certificate of its identity and public key. Such authorities
will most likely be cross certified, making it possible for
any vehicle to check any other vehicle’s certificates.
To guard against misuse, the overall organization for
such a system’s security architecture must be very care-
fully designed, especially if it’s deployed worldwide and
50 IEEE SECURITY & PRIVACY MAY/JUNE 2004
Display
Event data recorder (EDR)
Forward radar
Positioning system
Communication
facility
Rear radar
Computing platform
Figure 1. A smart vehicles onboard instrumentation. The computing
platform supervises protocol execution, including those related to
security. The communication facility supports wireless data
exchange with other vehicles or xed stations.
Making Wireless Work
because of the information it will protect, so registration
authorities must devise an appropriate Public Key Infra-
structure. In magnitude, this challenge is equivalent to se-
curing credit cards or mobile phones, but it also includes
newer, more difficult problems: it must embed security
features in stringent real-time protocols such as those
used to prevent accidents, secure physical location and
distance, and support communication within highly spo-
radic groups of participants.
Electronic tracking of vehicles could be derided as an
incarnation of Big Brother, depending on your view-
point, but it’s a fact that the level of traffic monitoring is
increasing. The public’s acceptance of electronic track-
ing might be fuelled by the prospect of improved safety
and optimized traffic for travelers and potential revenues
for manufacturers. After all, privacy concerns haven’t
prevented the widespread acceptance of the Internet,
cellular networks, or electronic payment systems.
Therefore, the right question is not whether it should
happen, but how to make it happen in the most desirable
way.
An important task is to devise appropriate privacy-
preserving protocols, which are typically based on
anonymity schemes, relying on temporary pseudonyms.
Fortunately, anonymity can be quantified, meaning that
we can compare different proposals. Let’s consider, for
example, an anonymity metric based on entropy,
8
and
let’s assume that an attacker wants to retrieve a given vehi-
cle’s identity by sniffing identification messages the victim
has transmitted.
Let X be a discrete random variable with probability
function p
i
= Pr(X = i), where i represents each possible
value that X can take. In our case, X represents the
pseudonym under the attacker’s scrutiny, and each i
corresponds to an element (a vehicle) of the anonymity
set. We use H(X) to denote entropy after the attack oc-
curs. For each vehicle belonging to the vehicle set of
size N, an attacker assigns a probability p
i
. We can cal-
culate H(X) as
thus the pseudonym’s maximum entropy is
H
max
= log
2
N,
where N is the anonymity set’s size. Based on this, we
compute the degree of anonymity d, provided by a given
privacy-protection system, as
The degree of anonymity quantifies the amount of in-
formation the system is leaking for a given pseudonym.
Electronic license plates
We call the certified identity that a vehicle provides via a
wireless link an electronic license plate. The protocols that
use such license plates can be designed in different ways—
when a vehicle’s engine is on, for example, it can period-
ically broadcast a beacon containing its electronic license
plate, road position, clock, and current speed. It also can
store any data related to itself in an EDR. Alternatively,
the vehicle can permanently listen to the environment
and register the beacons it hears (that is, it can hear other
vehicles’ beacons regardless of whether the engine is on
or off ). This last design decision helps support sophisti-
cated services, but it should be engineered carefully be-
cause it demands a lot of energy.
A possible application of electronic license plates is dy-
namic pricing. The onboard navigation system (or, alter-
natively, the driver can check a Web site before leaving or
while en route from a cellular terminal) can propose a
choice of routes to the driver, with an estimate of current
toll prices. The vehicle will then be charged when it en-
ters the related toll areas (see Figure 2).
Another way to use electronic license plates is to find
drivers who flee the scene of an accident: even if no vehi-
cle is in the radio power range, the culprit’s vehicle likely
will soon pass a parked car that can record its identity (see
Figure 3). By interrogating the EDRs of nearby parked
cars, police can retrieve the identities of all vehicles that
have passed a specific spot at a given time.
Although powerful, electronic license plates are vul-
nerable to attack. A first, obvious threat is the attempt by
the smart vehicle’s owner (or thief) to disable, at least par-
tially, its communication and storage capabilities (in par-
ticular, the EDR). Prevention is easier to automate for
electronic license plates than it is for physical ones: we can
d
HX
H
=
()
.
max
HX p p
ii
i
N
() log ,=−
=
2
1
www.computer.org/security/ IEEE SECURITY & PRIVACY 51
7 5
6
12
11
10
8 4
2
1
9 3
7 5
6
12
11
10
8 4
2
1
9 3
Payment request
Payment
Tariff estimation
Communications
tower
Tariff request
Figure 2. Dynamic pricing. The driver (possibly assisted by a
navigation system) decides on a route; the payment of any tolls
automatically occurs when entering the toll road or bridge.
Making Wireless Work
try to protect the EDR physically, or trigger an alarm or
alert law enforcement.
A second threat is the impersonation attack: a vehicle
owner deliberately stealing another vehicle’s identity and
attributing it to his or her own car, or vice versa. We can
prevent this type of attack by storing the vehicle’s identity
in tamper-resistant hardware, having it properly certified,
and using modern authentication protocols. Electronic li-
cense plates are much more resistant to this sort of attack
than physical ones.
A more dangerous attack is denial of service: an at-
tacker systematically or selectively jamming the signals
that vehicles exchange. There is no purely technical solu-
tion to such attacks, which is one of the reasons why we
won’t see a car overriding its driver in the near future.
To make the use of radio-transmitted information to
track a given car’s location (and therefore its driver) so-
cially acceptable, it should protect driver privacy, at least
as long as no collisions occur. For this reason, the broad-
casted certified identity must be a pseudonym that
changes over time; only the regional or national authori-
ties should be able to determine the relationship between
a pseudonym and its real identity. (Because the car’s pub-
lic key is broadcasted as well, it must also change periodi-
cally.) In this way, any personal information the electronic
license plate transmits would be negligible when com-
pared to that provided by its physical counterpart. The
scheme’s quality can be expressed by the degree of
anonymity we defined earlier.
Location verification
Any car’s location can be determined by using GPS or
with the help of on-road infrastructure; IVC can also
help. Existing positioning and distance estimation tech-
niques assume that vehicles cooperate in determining or
reporting their locations or distances, but some might try
to report false distances or locations. Let’s look at two so-
lutions for verifying vehicle locations.
Tamper-proof GPS
Each vehicle should have a tamper-proof GPS receiver that
registers its location at all times and provides this data to fixed
stations or other vehicles in an authentic manner. Fortu-
nately, this doesn’t require any additional infrastructure and
can be implemented independently in each vehicle. How-
ever, one drawback is its availability in urban environments:
buildings, bridges, or tunnels often block GPS signals. An-
other disadvantage is that this option relies on tamper-
resistant hardware, which has well-known weaknesses.
9
The most serious problem with this approach is that
GPS-based systems are vulnerable to several different
kinds of attack, including blocking, jamming, spoofing,
and physical attacks. Moreover, relatively unsophisticated
adversaries can successfully execute them. The most dan-
gerous attack involves fooling the GPS receiver with a
GPS satellite simulator, which produces fake satellite
radio signals that are stronger than legitimate ones. Such
simulators are routinely used to test new GPS products
and cost US$10,000 to $50,000. Some simple software
changes to most GPS receivers would let them detect rel-
atively unsophisticated spoofing attacks,
10
but more so-
phisticated ones would still be hard to detect.
Verifiable multilateration
A second solution for verifying vehicle location is based
on roadside infrastructure and uses distance bounding
and multilateration. (Distance bounding guarantees that
the distance is no greater than a certain value; multilater-
ation is the same operation in several dimensions.) This
approach removes the need for tamper-proof hardware,
but requires the installation of a set of base stations con-
trolled by a central authority. The infrastructure covers an
area of interest, such as specific roads or city blocks, and
can verify vehicle locations in two or three dimensions.
Verifiable multilateration works as follows: Four veri-
fying base stations with known locations perform distance
bounding to the vehicle, the results of which give them
four upper bounds on distance from the vehicle. If the ver-
ifiers can uniquely compute the vehicle’s location using
these distance bounds, and if this location falls into the tri-
angular pyramid formed between the verifiers, then they
conclude that the vehicle’s location is correct. Equiva-
lently, only three verifiers are needed to verify the vehicle’s
location in two dimensions; the verifiers still consider the
car’s location correct if they can be uniquely computed
and if it falls in the triangle formed between them.
Verifiable multilateration relies on distance bounding; a
claimant can always pretend to be further from the verifier
than it really is, but it can’t prove itself to be closer. Stefan
52 IEEE SECURITY & PRIVACY MAY/JUNE 2004
75
6
12
11
10
84
2
1
93
75
6
12
11
10
84
2
1
93
A parked vehicle records
the fleeing culprit vehicle that passes by.
The vehicle rolls
over a pedestrian.
Figure 3. A parked vehicle recording a eeing one. The recorded
data can help the police identify the culprit.
Making Wireless Work
Brands and David Chaum first introduced the notion of
distance-bounding protocols;
11
they proposed a technique
that lets a party (the verifier) determine an upper bound on
its physical distance to another party (the claimant). The
main idea is simple but powerful: it’s based on the fact that
light travels at a finite speed, and with current technology,
it’s possible to measure (local) time with nanosecond preci-
sion. Their protocol was recently extended to support
provable encounters in mobile wireless networks.
12
Figure 4 shows an example of how the distance-
bounding protocol unfolds. The protocol is performed
between a verifier v (a fixed base station) and a vehicle C
(which stands for claimant). After a mutual authentica-
tion phase (not shown in the figure), the vehicle commits
to two random values N
C
and N
C
by hashing them with
a collision-resistant one-way hash function h and sending
the result to v. The verifier then generates a challenge
nonce N
v
and sends it to C. On receiving the challenge, C
is expected to respond immediately with N
v
N
C
. The
verifier measures the challenge-response time of f light t
v
C
and estimates the distance to C, but because C can’t send
the correct response before receiving the challenge, it ei-
ther delays the response or sends it immediately after re-
ceiving the challenge. In the last stage of the protocol, C
signs the second part of the commitment N
C
. The veri-
fier then uses the signature of the second part of the com-
mitment to authenticate C and verify if the commitment
corresponds to Cs response.
When it estimates the distance to C, the verifier also
takes into account Cs processing delay. Here, this time is
relatively short, given that C needs to perform only an
XOR operation and does not need to perform any cryp-
tographic operation until the end of the protocol.
Figure 5 shows an example of verifiable multilatera-
tion. The intuition behind the technique is that a vehicle
might try to cheat about its location. As we mentioned
earlier, the vehicle can only pretend that it is further from
the verifier than it really is because of the distance-
bounding property. However, if it increases the measured
distance to one of the verifiers, it would need to prove
that at least one of these distances is shorter than it actually
is, to keep its claimed location consistent with the in-
creased distance. This property holds only if the claimed
location is within the triangular pyramid formed by the
verifiers: if an object is located within the pyramid and it
moves to a different location within the pyramid, it will
certainly reduce its distance to at least one of the pyramid
vertices. The same holds in two dimensions.
In a real deployment, the number of base stations
would of course be much larger than what we see in Fig-
ure 5; as a result, a vehicle would always be within the
geometric shape that three or four stations form.
Verifiable multilateration also detects distance enlarge-
ment attacks from outside attackers: If an attacker tries to
jam the signal that the vehicle sends to the verifiers and
delay its response, the verifiers detect this attack in the
same way as if the vehicle itself performed the distance
enlargement. The distance measurements’ precision is
very important. Today’s technology based on time of
flight and ultra wideband can achieve a precision of 15 cm
for distances up to 2 km.
13
An example application:
Cooperative driving
Once we verify a vehicle’s identity (via its electronic li-
cense plate) and location (via the mechanisms we just de-
www.computer.org/security/ IEEE SECURITY & PRIVACY 53
Figure 4. The distance-bounding protocol. The verier (v) upper-
bounds its distance to an untrusted vehicle C.
C : generate random nonces N
C
, N
C
: generate commitment commit = h(N
C
, N
C
)
C v: C, commit
v : generate random nonce N
v
v C: v, N
v
C v: N
v
N
C
v : measure the time t
v
C
between sending N
v
and
receiving N
v
N
C
C v: C, N
C
, sigK
C
(C, N
C
)
v : verify if the signature is correct and if commit = h(N
C
, N
C
)
v
1
v
3
v
2
v
4
v
5
Communication tower
Figure 5. Two examples of veriable multilateration. Base stations
v
1
, v
2
, v
3
, and v
4
can verify a vehicles location in three dimensions if
the vehicle is located in the triangular pyramid that v
1
, v
2
, v
3
, and v
4
forms. Base stations v
1
, v
3
, and v
5
can verify a vehicles location in
two dimensions if the vehicle is located in the triangle formed by v
1
,
v
3
, and v
5
.
Making Wireless Work
scribed), we can implement several new functions, in-
cluding cooperative driving.
Vehicles that pass through critical points such as high-
way entrances and blind crossings (those without light
control) must coordinate to avoid collisions. With the
IVC’s support, this coordination can be at least partially
automated. Coordination functions that share resources
among a group of nodes are usually achieved by group
communication primitives (such as mutual exclusion) in
computer networks, but the problem we face here is
more challenging: human lives are concerned, the nodes
are mobile, the groups are highly transient, and the com-
munications are wireless.
A potential solution to this challenge is a light-
weight group communication system managed by a
token (see Figure 6). Every vehicle sees the wireless link
with one of its neighbors (other vehicles within the
transmission range) as outgoing; the neighbors see this
link as incoming. As a result, a directed acyclic graph
(DAG) forms to link the members of a contention
group (those vehicles contending for a common point)
together. The sink (a node without an outgoing link) of
the DAG is elected among the nodes closest to the crit-
ical point. This node then initiates a token (a small mes-
sage that grants the right to access a resource) and goes
across the point. The token then passes to one of the
nodes that have outgoing links to the token holder,
which lets that node move forward.
We can apply different policies to control the behavior
of token passing; for example, the token can switch from
vehicles on one road to those on the other one at a high-
way’s entrance (which merges the two flows of vehicles).
In any case, a policy would use each vehicle’s verified po-
sition and identity to fine-tune the token’s circulation and
provide each driver with appropriate information.
A related problem is that when vehicles arrive at a
given spot (such as at a crossroad) or travel together for a
while (such as on a highway), they might need to ex-
change many messages and therefore may have to estab-
lish a shared symmetric key based on their certified pub-
lic keys. Many people have proposed solutions for this
recurring issue, usually based on so-called multiparty
Diffie-Hellman agreement protocols.
14
Most of these
protocols rely on an underlying group communication
system to achieve fault tolerance, but in our case, the pro-
tocols must cope with stringent real-time constraints and
the fact that human involvement is not possible. Obvi-
ously, such protocols still must be designed.
B
ecause many safety features require some level of co-
operation between vehicles, bootstrapping the adop-
tion of the necessary hardware is a major business chal-
lenge. Of course, this push requires a substantial effort
from the standardization bodies before it can materialize.
So far, the security and privacy challenges related to
this area have been overlooked,
15
but the two solutions
we’ve sketched in this article are a good place to start. In
particular, electronic license plates have the potential
benefit of allowing a much more accurate definition (and
control) of what data law-enforcement agencies can ac-
cess; this is likely to be one of the most relevant challenges
in the area of wireless security. Location verification is the
cornerstone of cooperative safety mechanisms, and the
smarter vehicles become, the more their safety features
will need to be secured.
Acknowledgments
We are indebted to Mario
˜
Cagalj, Robert Dick, Markus Jakobsson,
Ken Laberteaux, Jean-Yves Le Boudec, Christof Paar, and Pravin
Varaiya for their comments on early versions of this article. Special thanks
also to Matthias Grossglauser and Alcherio Martinoli for their thought-
provoking discussions on this topic.
References
1. W. Jones, “Building Safer Cars,IEEE Spectrum, vol. 39,
no. 1, 2002, pp. 82–85.
2. R. Moebus, A. Joos, and M. Morari, “Multi-Object Adap-
tive Cruise Control,Proc. Hybrid Systems: Computation and
Control, LNCS vol. 2623, Springer Verlag, 2003, pp.
359–376.
3. W. Franz, R. Eberhardt, and T. Luckenbach, “FleetNet:
Internet on the Road,Proc. 8th World Congress on Intel-
ligent Transport Systems, 2001.
4. L. Zhou and Z. Haas, “Securing Ad Hoc Networks,
IEEE Network, vol. 13, no. 6, 1999, pp. 26–30.
5. Y.-C. Hu, A. Perrig, and D.B. Johnson, “Ariadne: A
Secure On-Demand Routing Protocol for Ad Hoc Net-
works,Proc. 8th ACM Int’l Conf. Mobile Computing and
Networking (Mobicom), ACM Press, 2002, pp. 12–23.
54 IEEE SECURITY & PRIVACY MAY/JUNE 2004
(a) (b)
Figure 6. Cooperative driving. The red car holds the token that
lets it access the resource (a) at a blind crossing and (b) at a
highway entrance.
Making Wireless Work
6. J. Kong and X. Hong, “ANODR: Anonymous on
Demand Routing with Untraceable Routes for Mobile
Ad Hoc Networks,Proc. 4th ACM Int’l Symp. on Mobile
Ad Hoc Networking and Computing, ACM Press, 2003,
pp. 291–302.
7. L. Klein, Sensor Technologies and Data Requirements for ITS,
Artech House, 2001.
8. A. Serjantov and G. Danezis, “Toward an Information
Theoretic Metric for Anonymity,Proc. Privacy Enhanc-
ing Technologies (PET), Springer-Verlag, 2002.
9. R. Anderson and M. Kuhn, “Tamper Resistance: A Cau-
tionary Note,Proc. 2nd Usenix Workshop on Electronic
Commerce, Usenix Assoc., 1996, pp. 1–11.
10. J. Warner and R. Johnston, Think GPS Cargo Tracking =
High Security? Think Again, tech. report, Los Alamos Nat’l
Lab., 2003.
11. S. Brands and D. Chaum, “Distance-Bounding Proto-
cols,Theory and Application of Cryptographic Techniques,
Springer-Verlag, 1993, pp. 344–359.
12. S. C
ˇ
apkun, L. Buttyan, and J.-P. Hubaux, “SECTOR:
Secure Tracking of Node Encounters in Multi-Hop
Wireless Networks,Proc. ACM Workshop on Security in
Ad Hoc and Sensor Networks (SASN), ACM Press, 2003.
13. J.-Y. Lee and R.A. Scholtz, “Ranging in a Dense Mul-
tipath Environment Using a UWB Radio Link,IEEE
J. Selected Areas in Comm., vol. 20, no. 9, 2002, pp.
1677–1683.
14. G. Ateniese, M. Steiner, and G. Tsudik, “New Multi-
Party Authentication Services and Key Agreement Pro-
tocols,IEEE J. Selected Areas in Comm., vol. 18, no. 4,
2000, pp. 628–639.
15. J. Luo and J.-P. Hubaux, A Survey of Inter-Vehicle Com-
munications, tech. report IC/2004/04, EPFL, Mar. 2004.
Jean-Pierre Hubaux is a professor at EPFL. His research inter-
ests are mobile networking and computing, with a special
interest in fully self-organized wireless ad hoc networks. He
also serves as an associate editor on IEEE Transactions on
Mobile Computing and the Elsevier Journal on Ad Hoc Net-
works. He is a senior member of the IEEE and a member of
ACM. Contact him at jean-pierre.hubaux@epfl.ch; http://
lcawww.epfl.ch/hubaux.
Srdjan C
ˇ
apkun is working toward his PhD at EPFL. His current
research interests include security, privacy, and positioning in
wireless networks. He received a BSc in electrical engineering
and computer science from the University of Split, Croatia. He
is a member of the IEEE Communications and Computer Societies
and the ACM. Contact him at srdan.capkun@epfl.ch; http://
lcawww.epfl.ch/capkun.
Jun Luo is working toward a PhD in communication systems at
EPFL. His research interests include multicasting, mobile com-
puting (especially in ad hoc networks), reliable group commu-
nication, and network security. He received a BS and MS, both
in electrical engineering, from Tsinghua University, Beijing, PRC.
He is a student member of ACM. Contact him at jun.luo@epfl.ch;
http://lcawww.epfl.ch/luo.
www.computer.org/security/ IEEE SECURITY & PRIVACY 55
NEW for 2004!
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
Learn how others are achieving systems and networks design and develop-
ment that are dependable and secure to the desired
degree, without compromising performance.
This new journal provides original results in research, design, and develop-
ment of dependable, secure computing methodologies,
strategies, and systems including:
• Architecture for secure systems
• Intrusion detection and error tolerance
• Firewall and network technologies
• Modeling and prediction
• Emerging technologies
Publishing quarterly in 2004
Member rate:
$31 print issues
$25 online access
$40 print and online
Institutional rate: $525
Learn more about this new
publication and become a
charter subscriber today.
http://computer.org/tdsc
... Malicious nodes engaging in spreading false information can disrupt traffic systems, highlighting the need for message source authentication and integrity checks. Additionally, preserving the privacy of a vehicle's identity is a crucial concern, as any leakage of privacy may result in serious issues such as the disclosure of personal information for vehicle owners [12]. To resolve the issues, various privacy-preserving authentication schemes are available in the literature [13], [14]. ...
... In 2004, Hubaux et al. [12] noted that electronic license plates offer better data control for law enforcement and are integral to safety mechanisms, relying on location verification. Later in 2007, Raya et al. [17] pictured the necessity of securing vehicular networks and advocated for a tailored approach. ...
Article
Full-text available
Integrating cutting-edge communication technology with vehicular advancement has led to Vehicular Ad-Hoc Networks (VANETs). VANET architecture facilitates the exchange of vital safety-related messages among vehicles. However, ensuring the authentication and integrity of shared messages over wireless links poses challenges. To resolve the issues, various batch-verifiable authentication schemes have been devised previously. However, existing VANET batch-verifiable authentication schemes utilize number theory-based cryptography, and therefore are vulnerable to quantum computing attacks. Additionally, storing multiple pseudonyms for anonymity incurs storage overhead on vehicles. To address these issues, this paper presents a novel lattice-based dynamic anonymous batch-verifiable authentication scheme. Being a lattice-based design, it is robust against post-quantum threats. To achieve dynamic anonymity, a fuzzy extractor design has been utilized, which removes the storage of multiple pseudonyms. The provable security has been achieved via formal analysis in the random oracle model, and an extensive performance evaluation confirms its efficiency and suitability for VANETs.
... In PKIA-based schemes [16]- [20], the vehicle's true identity is concealed utilizing anonymous certificates, and each vehicle receives massive (public/secret) key pairs with corresponding certificates during the enrolment process. Rajput et al. [19] designed a PKIA-based scheme by adopting primary pseudonyms with longer lifetimes than secondary pseudonyms, which have shorter lives based on the length of time they have been in use. ...
Article
Full-text available
The functional characteristics of existing inter-vehicle communication networks are used to offer a certificateless authentication scheme that integrates fifth-generation (5G) communication and fog computing. Thus, CLA-FC5G, a novel certificateless authentication scheme for 5G-assisted vehicular networks equipped with fog computing and device-to-device communication in this paper. As opposed to prior schemes, which relayed on 802.11p-based inter-vehicle communication, our CLA-FC5G employs D2D technology, enabling vehicles to communicate directly while ensuring their respective safety and lightening the communication overhead. Our scheme contains six polynomial-time algorithms to handle the system setup, key generation, and message signing and verification processes. The results demonstrate that our method is both secure and efficient due to its lack of communication and computational overhead. We have discovered that our proposed CLA-FC5G system can lower overhead and is extremely efficient and scalable, which is well-suited for mass vehicular networks. The output reveals that CLA-FC5G, which affects both security and effectiveness, meets practical safety requirements for a believable 5G setting.
... The various security and privacy protection challenges associated with smart vehicles were extensively studied as early as the early 20th century by Hubaux et al. 4 and Raya et al., 6 Raya et al. proposed a set of security protocols using anonymous certificates to address these challenges. Meeting VANET's complex security requirements has become a daunting task as VANET increasingly focuses on improving transportation efficiency while ensuring user comfort, security and privacy. ...
Article
Full-text available
Guaranteeing the anonymity of the vehicle and the integrity of the transmitted message are two indispensable conditions in vehicular ad‐hoc network. Anonymous signature can achieve the two function. However, existing anonymous signature schemes constructed based on traditional cryptosystems cannot withstand quantum attacks. In addition, in some cases, the schemes need to satisfy the non‐transferability of signatures to solve the problem of signature misuse due to publicly verified signatures. In order to resist quantum attacks and address the problem of signature misuse, this article proposes a lattice‐based chameleon signcryption scheme, which aims to protect vehicle identity and data security. The scheme is resistant to quantum attacks and satisfies signature non‐transferability, signer rejectability and non‐repudiation. Especially, we prove that the proposed scheme is secure in the Standard Model based on the error learning problem and the classical lattice small integer solution problem.
... Early researchers in [18] introduced the concept of verifiable multilateration in position verification using roadside infrastructure. The study used four base stations (verifiers) placed at different known locations on the network to calculate the time of flight and distance from the vehicle based on the challenge-response process using the distance bounding protocol. ...
Article
Full-text available
Position verification is essential in connected and autonomous vehicle technology to enable secure vehicle-to-everything communication. Previous attempts to verify location information have used specific hardware, traffic parameters, and statistical model-based techniques dependent on neighbouring vehicles and roadside infrastructure and whose judgements can be influenced by untrustworthy entities. Considering the back-and-forth communications during verification, these techniques are also unsuitable in the dynamic vehicular networking environment. In this context, this paper proposes a self-reliant trust-based position verification technique using dynamic geofencing, neural network, and Mamdani fuzzy logic controller. The method uses vehicular dynamics, such as distance between the sender and receiver vehicles, magnitude of the speed difference, and direction, to verify the trustworthiness of vehicle positions. An experimental analysis of a dataset of simulated driving scenarios in MATLAB demonstrates that the feedforward neural network records the highest direction classification performance at 99.8% in conjunction with the centroid defuzzification method. Subsequently, further quantitative analysis, including the Receiver Operating Characteristic curve with Area Under Curve and trust level distribution histograms, indicates that the suggested classification model outperforms a random classifier and effectively identifies false position data from the actual during trust computation.
... The drawback of this plan, though, was how timeconsuming and intricate it was. (Hubaux et al., 2004) conducted a survey on the unicast, multicast, geo-cast, mob-cast, and broadcast protocols for VANETs. For WEBSITE: https://fugus-ijsgs.com.ng ...
Article
Full-text available
Within the VANET subset of Mobile Ad-hoc Network (MANET), automobiles can communicate with one another via roadside infrastructure or vehicle-to-vehicle communication. However, because nodes move around and topologies might alter at random, there could be a potential of attacks in a VANET. One well-known attack is the Sybil attack, in which the attacker assumes many wrong identities to interfere with the VANET's ability to function. Numerous solutions have been put forth in the literature to identify Sybil attacks. The authors of the recent work have developed a timestamp-based Sybil node discovery method. Every vehicle on the road in VANET is given a unique certificate by RSU, which is included in this work timestamp. We applied the Ad-hoc On-Demand Distance Vector (AODV) Routing protocol and timestamp as a hash function of the public key with addition of the speed of the vehicle in the planned work for node detection and data transmission. In addition, we used the NS2 simulator for Sybil node detection.
Article
Full-text available
Context: The growing number of linked devices, the limitations of some IoT devices, worries about data privacy, risks to physical safety, and the ever-changing threats all highlight why it’s crucial to have strong security measures in the IoT application layer. We need these measures to protect our devices and data, keep our personal information safe, and prevent potential harm or attacks. It’s important to make sure our IoT applications have effective security to counter these risks. Objective: The study’s goal is to examine the research on IoT application layer security with attacks, applications and protocols and demands further focus in current and future research areas. Method: To find the relevant literature, a systematic investigation was done, in 221 articles, 123 articles are selected as a most relevant articles and classified as security in IoT applications and protocols. Result: This paper mainly concentrated on security in IoT application layer, the articles are grouped as attacks, applications and protocols. Based on IoT applications, smart home (15.3%), smart health care (12.2%), smart home (13.3%), smart agriculture (17.3%), smart vehicles (16.3%), smart grid(15.3%) and Industrial IoT (10.2%) represents the majority of articles. This survey further analyses the performance metrics, parameters and performance evaluation of the existing literature. Conclusion: The results confirm that we need these measures to protect our devices and data, keep our personal information safe, and prevent potential harm or attacks. It’s important to make sure our IoT applications have effective security to counter these risks.
Article
As intelligent transportation develops by leaps and bounds, there has been a growing interest in leveraging Vehicular Ad-hoc Networks (VANETs) to improve efficiency and security. One key aspect of them is the Conditional Privacy-Preserving Authentication (CPPA) scheme, which addresses challenges of identity authentication and message integrity during communications. Most ID-Based CPPA schemes rely on Tamper-Proof Devices (TPDs), which are vulnerable to side-channel attacks. If sensitive data stored in TPDs are compromised, the entire system would be in danger. To tackle this issue, Xiong et al. introduced a CPPA scheme with double-insurance, claiming its security against adaptively chosen message attacks. However, this paper reveals that their scheme is universally forgeable, allowing anyone to create valid signatures on any message, rendering it inadequate for CPPA. In light of the weaknesses, we propose a novel scheme that inherits the time-tested Schnorr Signature and Abe-Okamoto Message Recovery Signature. Besides, we prove the security under the assumptions of Discrete Logarithms (DL) and Computational Diffie-Hellman (CDH), and conduct experiments and realistic evaluations. The results demonstrate its superiority, and establish its practicality in real-world scenarios.
Article
Full-text available
Many modern computing environments involve dynamic peer groups. Distributed simulation, multiuser games, conferencing applications, and replicated servers are just a few examples. Given the openness of today's networks, communication among peers (group members) must be secure and, at the same time, efficient. This paper studies the problem of authenticated key agreement in dynamic peer groups with the emphasis on efficient and provably secure key authentication, key confirmation, and integrity. It begins by considering two-party authenticated key agreement and extends the results to group Diffie-Hellman (1976) key agreement. In the process, some new security properties (unique to groups) are encountered and discussed
Article
Full-text available
In this paper we present SECTOR, a set of mechanisms for the secure verification of the time of encounters between nodes in multi-hop wireless networks. This information can be used notably to prevent wormhole attacks (without requiring any clock synchronization), to secure routing protocols based on last encounters (with only loose clock synchronization), and to control the topology of the network. SECTOR is based primarily on distance-bounding techniques, on one-way hash chains and on Merkle hash trees. We analyze the communication, computation and storage complexity of the proposed mechanisms and we show that, due to their efficiency and simplicity, they are compliant with the limited resources of most mobile devices.
Article
As a component of the intelligent transportation system (ITS) and one of the concrete applications of mobile ad hoc networks, inter-vehicle communication (IVC) has attracted research attention from both the academia and industry of, notably, US, EU, and Japan. The most important feature of IVC is its ability to extend the horizon of drivers and on-board devices (e.g., radar or sensors) and, thus, to improve road traffic safety and efficiency. This paper surveys IVC with respect to key enabling technologies ranging from physical radio frequency to group communication primitives and security issues. The mobility models used to evaluate the feasibility of these technologies are also briefly described. We focus on the discussion of various MAC protocols that seem to be indispensable components in the network protocol stack of IVC. By analyzing the application requirements and the protocols built upon the MAC layer to meet these requirements, we also advocate our perspective that ad hoc routing protocols and group communication primitives migrated from wired networks might not be an efficient way to support the envisioned applications, and that new coordination algorithms directly based on MAC could be designed for this purpose.
Conference Paper
Book
Beginning with descriptions of parameters that characterize the flow of vehicles on freeways, arterial roads, and feeder routes, this hands-on book examines intrusive and non-intrusive traffic sensors and associated technologies that measure traffic flow and assist in the management of congestion. It provides information about sensors that offer wider coverage areas and a larger variety of traffic flow parameters than the more conventional inductive loops. The operating characteristics of these devices is illustrated through detailed discussions of traffic-responsive arterial signal control, freeway incident detection, ramp metering, electronic toll and traffic management, commercial vehicle operations, advanced traveler information systems, and sensor installation and maintenance issues. Written by an acknowledged authority in the field, Sensor Technologies and Data Requirements for ITS is a convenient reference and textbook that includes valuable information about the functioning of video image processor, microwave radar, infrared, lidar, ultrasonic, acoustic, magnetic, and inductive loop sensors. The evolution of modern toll tag technology standards and weigh-in-motion sensors are also treated. The book reviews the role of sensors in intelligent transportation systems for mitigating congestion, secondary incidents, travel delays, pollution, and excess fuel consumption. It gives you a convenient analysis of traffic detector data, traffic flow characteristics, sensor performance as obtained from several U.S. Federal Highway Administration programs, and factors that contribute to measurement errors. The book assists you in selecting the appropriate sensors for your needs and contains tables that show sensor applications in traffic management systems and lists of sensor vendors, sensor performance, and interface characteristics.
Conference Paper
It is often the case in applications of cryptographic protocols that one party would like to determine a practical upper-bound on the physical distance to the other party. For instance, when a person conducts a cryptographic identification protocol at an entrance to a building, the access control computer in the building would like to be ensured that the person giving the responses is no more than a few meters away. The “distance bounding” technique we introduce solves this problem by timing the delay between sending out a challenge bit and receiving back the corresponding response bit. It can be integrated into common identification protocols. The technique can also be applied in the three-party setting of “wallets with observers” in such a way that the intermediary party can prevent the other two from exchanging information, or even developing common coinflips.
Conference Paper
In this paper we propose an algorithm for solving a Multi-Object Adaptive Cruise Control problem. In a multi-object traffic scene the optimal acceleration is to be found respecting traffic rules, safety distances and driver intentions. The objective function is modelled as a quadratic cost function for the discrete time piecewise affine system. We find the optimal state-feedback control law by solving the underlying constrained finite time optimal control problem via dynamic programming.
Conference Paper
Future road communication scenarios are expected to deploy a radio ad hoc communication technology for the transmission of data between vehicles. Such ad hoc networks are able to support low latencies and cost efficiency, which is very important for, e.g., safety related applications. In addition to vehicle-to-vehicle communication, users also will be interested in accessing Internet services from within the vehicular network. Access can be gained by using roadside installed Internet Gateways, which are able to communicate with the vehicles. However, several difficulties must be addressed in such a scenario. Examples are the interoperability of communication protocol, mobility support, communication efficiency, the discovery of Internet gateways, and the handover of connections from one gateway to the next. In this paper, we are focusing on the aspect of discovering the Internet gateways. We therefore developed a service discovery protocol, which is highly optimized for the characteristics of future vehicular ad hoc networks. Besides the benefit of efficient service discovery, our protocol is able to choose the most suitable Internet gateway among others using fuzzy methods. Furthermore, evaluations show that we are able to decrease the overhead caused by the service discovery process significantly.