Abstract — Despite recent progress for vehicular communication in research, development, field tests, and standardization, security is still in an early phase though it represents a crucial part of the vehicular communication system. So far, no vehicular security architecture has been proposed which integrates existing individual solutions for vehicle registration, data integrity, authentication, and so on. By description of different architectural perspectives, we identify the stakeholders and their responsibilities. Then, we focus on the functional layer view and highlight the concepts which jointly secure the vehicular communication. Based on these concepts, we present an implementation approach which introduces the security concepts into the protocol stack of a vehicular communication system. The proposed security architecture follows a clean and modular design. It is the basis for our prototype implementation which will serve as a proof-of-concept. We will also submit this architecture to the ongoing standardization process of the Car2Car Communication Consortium (C2C-CC). I.

nikodin.ristanovic

The need to evict compromised, faulty, or illegitimate nodes is well understood in prominent projects designing security architectures for Vehicular Communication (VC) systems. The basic approach envisioned to achieve this is via distribution of Certificate Revocation Lists (CRLs). Nonetheless, the problem of how to distribute CRLs effectively and efficiently has not been investigated. In this paper, we addresses exactly this problem. We propose a flexible, simple, and scalable design that leverages on road-side VC infrastructure. Our scheme can distribute large CRLs across wide VC regions within minutes, by utilizing a bandwidth of only a few Kbps at each road-side infrastructure unit.

Abstract—Although much research has been conducted in the area of authentication in wireless networks, Vehicular Ad hoc Networks (VANETs) pose unique challenges, such as realtime constraints, processing limitations, memory constraints, frequently changing senders, requirements for interoperability with existing standards, extensibility and flexibility for future requirements, etc. No currently proposed technique addresses all of the requirements for message and entity authentication in VANETs. After analyzing the requirements for viable VANET message authentication, we propose a modified version of TESLA, TESLA++, which provides the same computationally efficient broadcast authentication as TESLA with reduced memory requirements. To address the range of needs within VANETs we propose a new hybrid authentication mechanism, VANET Authentication using Signatures and TESLA++ (VAST), that combines the advantages of ECDSA signatures and TESLA++. ECDSA signatures provide fast authentication and non-repudiation, but are computationally expensive. TESLA++ prevents memory and computation-based Denial of Service attacks. We analyze the security of our mechanism and simulate VAST in realistic highway conditions under varying network and vehicular traffic scenarios. Simulation results show that VAST outperforms either signatures or TESLA on its own. Even under heavy loads VAST is able to authenticate 100 % of the received messages within 107ms. VANETs use certificates to achieve entity authentication (i.e., validate senders). To reduce certificate bandwidth usage, we use Hu et al.’s strategy of broadcasting certificates at fixed intervals, independent of the arrival of new entities. We propose a new certificate verification strategy that prevents Denial of Service attacks while requiring zero additional sender overhead. Our analysis shows that these solutions introduce a small delay, but still allow drivers in a worst case scenario over 3 seconds to respond to a dangerous situation.

Transportation safety, one of the main driving forces of the development of vehicular communication (VC) systems, relies on high-rate safety messaging (beaconing). At the same time, there is consensus among authorities, industry, and academia on the need to secure VC systems. With specific proposals in the literature, a critical question must be answered: can secure VC systems be practical and satisfy the requirements of safety applications, in spite of the significant communication and processing overhead and other restrictions security and privacy-enhancing mechanisms impose? To answer this question, we investigate in this paper the following three dimensions for secure and privacy-enhancing VC schemes: the reliability of communication, the processing overhead at each node, and the impact on a safety application. The results indicate that with the appropriate system design, including sufficiently high processing power, applications enabled by secure VC can be in practice as effective as those enabled by unsecured VC.

Abstract — Vehicular Ad hoc Networks (VANETs) are on the verge of deployment. In the near future, wireless vehicle-to-vehicle and vehicle-to-infrastructure communication will enable numerous safety, convenience, and business applications. Security is a necessary pre-requisite for adoption of these technologies. As we demonstrate in this paper, VANETs require two new security properties: Convoy Member Authentication (CMA) and Vehicle Sequence Authentication (VSA). These security properties detect a range of VANET attacks. We propose novel protocols that provide CMA and VSA. We analyze and evaluate our protocols and conclude that they represent an important step towards enhancing VANET security. I.

Abstract—In this paper, we introduce a novel roadside unit (RSU)-aided message authentication scheme named RAISE, which makes RSUs responsible for verifying the authenticity of messages sent from vehicles and for notifying the results back to vehicles. In addition, RAISE adopts the k-anonymity property for preserving user privacy, where a message cannot be associated with a common vehicle. In the case of the absence of an RSU, we further propose a supplementary scheme, where vehicles would cooperatively work to probabilistically verify only a small percentage of these message signatures based on their own computing capacity. Extensive simulations are conducted to validate the proposed scheme. It is demonstrated that RAISE yields a much better performance than previously reported counterparts in terms of message loss ratio (LR) and delay. Index Terms—Cooperation, privacy, security, vehicular communications.

Determining whether the number of vehicles reporting an event is above a threshold is an important mechanism for VANETs, because many applications rely on a threshold number of notifications to reach agreement among vehicles, to determine the validity of an event, or to prevent the abuse of emergency alarms. We present the first efficient and secure threshold-based event validation protocol for VANETs. Quite counter-intuitively, we found that the z-smallest approach offers the best tradeoff between security and efficiency since other approaches perform better for probabilistic counting. Analysis and simulation shows that our protocol provides> 99 % accuracy despite the presence of attackers, collection and distribution of alerts in less than 1

Abstract — Vehicular ad hoc networks (VANETs) will enable new applications that increase safety and convenience of the passengers in the car. Most applications for VANETs are applications in a distributed system. They use information provided by different cars, and road side units. Different, sometimes complementary means exist to establish a trustworthy and privacy preserving system; they include certification, reputation systems, plausibility checking, and frequently changing pseudonyms. Often, these measures are tailored to specific aspects of the system and cannot easily be combined in an overall security architecture, nor can they easily be used by application developers. In this work, we present a framework to integrate trust and privacy services for the use in vehicular environments. The main contributions of this paper are (1) a consistent architecture for securing vehicular communications that can easily be used by application developers, (2) the principle of security sensors including a model for trust establishment for the vehicular domain and (3) the context mix model for preserving location privacy of vehicles. I.

Digital signatures are one of the fundamental security primitives in Vehicular Ad-Hoc Networks (VANETs) because they provide authenticity and non-repudiation in broadcast communication. However, the current broadcast authentication standard in VANETs is vulnerable to signature flooding: excessive signature verification requests that exhaust the computational resources of victims. In this paper, we propose two efficient broadcast authentication schemes, Fast Authentication (FastAuth) and Selective Authentication (Sel-Auth), as two countermeasures to signature flooding. FastAuth secures periodic single-hop beacon messages. By exploiting the sender’s ability to predict its own future beacons, FastAuth enables 50 times faster verification than previous mechanisms using the Elliptic Curve Digital Signature Algorithm. SelAuth secures multi-hop applications in which a bogus signature may spread out quickly and impact a significant number of vehicles. SelAuth provides fast isolation of malicious senders, even under a dynamic topology, while consuming only 15%–30 % of the computational resources compared to other schemes. We provide both analytical and experimental evaluations based on real traffic traces and NS-2 simulations. With the near-term deployment plans of VANET on all vehicles, our approaches can make VANETs practical.