Research On Security And Privacy In Vehicular Ad Hoc Networks

Car accidents continue to be a leading cause of death and injury all over the world each year. Many of these accidents could be avoided or made less damaging if the driver had been given some advance warning. Researchers have proposed using Vehicular Ad Hoc NETworks (VANETs) to allow vehicles to communicate with other, in support of vehicular safety applications, such as Emergency Electronic Brake Lights and Lane Change Warning. Different from other network environments, VANETs provide various safety-of-life services. As a result, VANETs must be resilient to security and privacy violations before a large-scale deployment.In VANETs, the safety beacon is one of the most fundamental applications. Each vehicle periodically broadcasts his current location along with some other data elements to one-hop neighbours, which forms the cornerstone of early accident warning systems and other high-level applications such as the network routing. This dissertation starts with safety beacons, investigates security and privacy issues in VANETs, and makes some achievements at some sub-directions.Safety beacons contain precise location information and vehicle indentities, which together creates a significant privacy risk. One method proposed to improve privacy is the use of many pseudonyms, and changing pseudonyms while in a mix zone where all other vehicles also change pseudonyms. From a practical perspective, this dissertation investigated the effectiveness of a single mix zone on VANET privacy. Previous work has evaluated the effectiveness of mix zones using traces generated based on traffic theory. The research presented in this dissertation is based on actual recordings of vehicle movements. For a mix zone we created at a busy intersection on a major arterial road, we propose a tracking algorithm that considers lane changes and traffic signals. Attackers using our proposed algorithm could successfully track about 48.0% of the exiting vehicles, much higher than the results from previous work. For mix zones we created on straight six-lane sections of highway, our evaluation suggests that even a small proportion of easily tracked vehicles among all vehicles significantly compromises the privacy provided by the mix zone.The introduction of safety beacons creates another security threat:a malicious vehicle can easily disseminate falsified location claims if they are not properly secured; such falsified claims may lead to substantial problems. Previous research about location verification in VANETs either depends on the deployment of a specific infrastructure (e.g., an infrastructure of verifiers), or inputs from neighboring vehicles (e.g., threshold-based voting schemes). This dissertation proposes an autonomous approach to detect false location claims by measuring the time of flight. Considering that time-of-flight based systems typically require that nodes must be tightly time synchronized, we also propose a mechanism to reduce time synchronization errors among neighboring vehicles by transmitting satellite information. The results show that the proposed algorithm could effectively detect false location claims. Moreover, we analyse the imapct of an attacker using directional antennas on the performance of our algorithm.Inspired from our research on location verification, this dissertation introduced a new general attack, the coward attack. In the coward attack, an attacker dynamically adjusts his attack strategy so that the attacker is confident that no detectors could detect the attack. That is, the attacker would stop attacking or scale back the attack temporarily if the attacker concludes that neighboring detectors could detect him misbehaving. This dissertation analyzes the requirements of launching the coward attack and illustrtated how to launch the coward attack against an existing VANET location verification protocol. The results show that the attacker could significantly improve his average success probability by only sacrificing a small amout of attacking opportunities. We further propose a general mechanism for mitigating the coward attack using physical constraints and evaluate the performance of the defense mechanism using simulations. We believe our methodology is generally applicable to many other detection mechanisms in both VANETs and other types of networks.The ultimate purpose of detecting attackers is to exclude these attackers from legitimate network nodes, in order to prevent further damages induced by the attackers. In networks using public key infrastructure (PKI), attackers are excluded from the network through certificate revocation. Depending on the identity of the decision maker of the revocation process, revocation approaches can be generally classified into two categories:local revocation and global revocation. This dissertation investigates the limits of existing revocation approaches from both practical and theoretical perspectives. We argue that local revocation may not work because they usually rely on the assumption of an honest majority, which may not be practical in VANETs. Our analysis based on graph theory shows that no global revocation approches that use only the accusations among vehicles can identify attackers without false positives and false negatives.In sum, this dissertation starts with safety beacons, and investigates the security and privacy issues in Vehicular Ad Hoc Networks. The main contributions of this dissertation are:(?) We propose a tracking algorithm using lane changes and traffic signals for intersections, and a tracking algorithm based on the sequence of vehicles entering and exiting the road section for straight roads;(?) To the best of our knowledge, we are the first to investigate the effectiveness of VANET mix zones built along high-density straight roads;(?) We are the first to evaluate the effectiveness of mix zones on VANET privacy using real vehicle mobility data, and to investigate the limitations of using entropy as the privacy metric;(?) We propose a novel, autonoumous algorithm to detect false location claims in VANETs; (?) We propose a novel mechanism to reduce time synchronization errors among neighboring vehicles by transmitting satellite information;(?) We propse a new general attack (the coward attack) and the defense mechanism against the attack;(?) We investigate the limits on certificate revocation in VANETs from both practical and theoretical perspectives.