The deployment of vehicular communication (VC) systems is strongly dependent on their security and privacy features. In this paper, we propose a security architecture for VC. The primary objectives of the architecture include the management of identities and cryptographic keys, the security of communications, and the integration of privacy enhancing technologies. Our design approach aims at a system that relies on well-understood components which can be upgraded to provide enhanced security and privacy protection in the future. This effort is undertaken by SeVeCom (http://www.sevecom.org), a transversal project providing security and privacy enhancing mechanisms compatible with the VC technologies currently under development by all EU funded projects.

Vehicular networks (VNs) are emerging, among civilian applications, as a convincing instantiation of the mobile networking technology. However, security is a critical factor and a significant challenge to be met. Misbehaving or faulty network nodes have to be detected and prevented from disrupting network operation, a problem particularly hard to address in the life-critical VN environment. Existing networks rely mainly on node certificate revocation for attacker eviction, but the lack of an omnipresent infrastructure in VNs may unacceptably delay the retrieval of the most recent and relevant revocation information; this will especially be the case in the early deployment stages of such a highly volatile and large-scale system. In this paper, we address this specific problem. We propose protocols, as components of a framework, for the identification and local containment of misbehaving or faulty nodes, and then for their eviction from the system. We tailor our design to the VN characteristics and analyze our system. Our results show that the distributed approach to contain nodes and contribute to their eviction is efficiently feasible and achieves a sufficient level of robustness.

The need to evict compromised, faulty, or illegitimate nodes is well understood in prominent projects designing security architectures for Vehicular Communication (VC) systems. The basic approach envisioned to achieve this is via distribution of Certificate Revocation Lists (CRLs). Nonetheless, the problem of how to distribute CRLs effectively and efficiently has not been investigated. In this paper, we addresses exactly this problem. We propose a flexible, simple, and scalable design that leverages on road-side VC infrastructure. Our scheme can distribute large CRLs across wide VC regions within minutes, by utilizing a bandwidth of only a few Kbps at each road-side infrastructure unit.

Significant developments have taken place over the past few years in the area of vehicular communication systems. Now, it is well understood in the community that security and protection of private user information are a prerequisite for the deployment of the technology. This is so precisely because the benefits of VC systems, with the mission to enhance transportation safety and efficiency, are at stake. Without the integration of strong and practical security and privacy enhancing mechanisms, VC systems can be disrupted or disabled, even by relatively unsophisticated attackers. We address this problem within the SeVeCom project, having developed a security architecture that provides a comprehensive and practical solution. We present our results in a set of two articles in this issue. In this first one, we analyze threats and types of adversaries, identify security and privacy requirements, and present a spectrum of mechanisms to secure VC systems. We provide a solution that can be quickly adopted and deployed. In the second article we present our progress toward the implementation of our architecture and results on the performance of the secure VC system, along with a discussion of upcoming research challenges and our related current results.

Determining whether the number of vehicles reporting an event is above a threshold is an important mechanism for VANETs, because many applications rely on a threshold number of notifications to reach agreement among vehicles, to determine the validity of an event, or to prevent the abuse of emergency alarms. We present the first efficient and secure threshold-based event validation protocol for VANETs. Quite counter-intuitively, we found that the z-smallest approach offers the best tradeoff between security and efficiency since other approaches perform better for probabilistic counting. Analysis and simulation shows that our protocol provides> 99 % accuracy despite the presence of attackers, collection and distribution of alerts in less than 1

von Sicherheitsmeldungen in Fahrzeugnetzen vor. Es gewährleistet dabei die Anonymität der Fahrzeughalter und verhindert dadurch, dass unerlaubt Bewegungsprofile eines Fahrzeuges erstellt werden können. Gleichzeitig implementiert das Protokoll einen Mechanismus, der erlaubt die Anonymität aufzuheben, was es ermöglicht ein Fahrzeug aus dem Fahrzeugnetz zu isolieren. Aufgrund der Tatsache, dass Verkehrsnachrichten äußerst sensible und kritische Informationen enthalten, ist es von entscheidender Bedeutung, dass die vom Fahrzeug verwendete Software nicht unzulässig manipuliert wurde. Dies würde es ansonsten ermöglichen, dass manipulierte Sicherheitsmeldungen eingespielt werden. Um dies zu verhindern, bedient sich das in diesem Beitrag vorgestellte Protokoll eines zweiten Mechanismus, der sicherstellt, dass nur die Fahrzeuge in der Lage sind, Nachrichten zu verschicken, deren Software nicht manipuliert wurde. 1

important application is to let moving vehicles collaborate with each other by sharing traffic information and alerting others of any emergency or accidental scenarios. To make this application possible, a security mechanism must be designed in the beginning to guarantee that no malicious vehicles or persons can intercept, manipulate, or modify traffic information propagating in a VANET without being detected. In this paper, we present a novel approach to provide reliable traffic information propagation in a VANET: two-directional data verification. Two-directional data verification approach uses vehicles in both directions of a two-way road as two separated media channels to propagate traffic data. By receiving messages from both channels, a recipient vehicle verifies the message integrity by checking if data received from both channels are matched. This approach exploits the fact that it is difficult for an adversary to have two collaborative vehicles on both driving directions in the same region. Even if an adversary can do this, it is costly and attacks can be done only in a short time period. The proposed approach is simple and readily to be implemented, requiring no complicated public-key infrastructure to protect traffic information propagation in VANET. I.

Abstract—With a number of projects developing vehicular communication systems, there is rising awareness on threats and the need to introduce security and privacy-enhancing mechanisms. With recent results, in principle in agreement across different major projects, there has been little work on implementation and demonstration of security and privacyenhancing mechanisms. The contribution of this work is exactly in this direction: we present a demonstration of our system, comprising a range of mechanisms, developed to secure vehicular communications (VC) and enhance the location privacy of the users of VC systems.

Abstract — Vehicular communication (VC) systems have recently drawn the attention of industry, authorities, and academia. A consensus on the need to secure VC systems and protect the privacy of their users led to concerted efforts to design security architectures. Interestingly, the results different project contributed thus far bear extensive similarities in terms of objectives and mechanisms. As a result, this appears to be an auspicious time for setting the corner-stone of trustworthy VC systems. Nonetheless, there is a considerable distance to cover till their deployment. This paper ponders on the road ahead. First, it presents a distillation of the state of the art, covering the perceived threat model, security requirements, and basic secure VC system components. Then, it dissects predominant assumptions and design choices and considers alternatives. Under the prism of what is necessary to render secure VC systems practical, and given possible non-technical influences, the paper attempts to chart the landscape towards the deployment of secure VC systems. I.

Switzerland. The event brought together experts, from a variety of organizations, working on vehicular communication systems, security and privacy. The fourteen presentations offered an overview of the latest results and reflected the views of public authorities, academia, and industry. During the one and a half days of the workshop, the thirty-five attendees had the opportunity to have an in-depth discussion on future research and development directions for vehicular communication systems security and privacy. The developments in the area of vehicular networks and communication systems, and the increasing attention from industry, academia and authorities, motivated us to organize this workshop. Vehicular communications (VC), including vehicle-to-infrastructure