Transcript VANET-privacy-final-official

Privacy Issues in Vehicular Ad
Hoc Networks.
Florian Dötzer
BMW Group Research and Technology
Agenda.
Introduction
Privacy in VANETs
Exemplary Approach
Future Work / Conclusion
Agenda.
Introduction
Privacy in VANETs
Exemplary Approach
Future Work / Conclusion
VANET Privacy
BMW Group
Florian Dötzer
June 1, 2005
Page 4
Ad-hoc Networks.
From Cellular to VANET.
Cellular
Cellular Network
MANET
Mobile Ad-hoc
NETwork
VANET
Vehicular Ad-hoc
NETwork
VANET Privacy
BMW Group
Florian Dötzer
June 1, 2005
Page 5
MANETs and VANETs.
Properties.
MANETs
Decentralized
Self - Organizing
VANETs
Additionally:
High Node Mobility
Very Large Number of Nodes
Complex Administrative Structure
VANET Privacy
BMW Group
Florian Dötzer
June 1, 2005
Page 6
VANET.
Application Local Danger Warning.
VSC – Vehicle Safety Communications
VANET Privacy
BMW Group
Florian Dötzer
June 1, 2005
Page 7
VANETs.
Security Requirements.
Authentic Information
Trust Establishment vs. Information Matching
Availability
Node Cooperation, DoS, Secure Routing
Privacy
Location Privacy, Identities, Profiling
Agenda.
Introduction
Privacy in VANETs
Exemplary Approach
Future Work / Conclusion
VANET Privacy
BMW Group
Florian Dötzer
June 1, 2005
Page 9
Privacy.
Importance for VANETs.
Cars = Personal Devices
Position is known
Cars get connected
Attacks on Privacy become relevant
+ Privacy is essential for VANETs
BUT: Privacy cannot be “added” afterwards!
VANET Privacy
BMW Group
Florian Dötzer
June 1, 2005
Page 10
VANET Privacy.
Example Threats and Attacks.
“Automated” Law Enforcement
Identity Tracking
Configuration Fingerprinting
RF-Fingerprinting
Location Recording
Movement Profiles
Communication Relations
VANET Privacy
BMW Group
Florian Dötzer
June 1, 2005
Page 11
VANET Privacy.
Requirements.
Use of pseudonyms (no real-world identities)
Multiple pseudonyms may be used
Pseudonym change  application requirements
Pseudonyms  real-world ID mapping
Properties / privileges cryptographically bound
Agenda.
Introduction
Privacy in VANETs
Exemplary Approach
Future Work / Conclusion
VANET Privacy
BMW Group
Florian Dötzer
June 1, 2005
Page 13
Trusted Authority Approach.
A Car’s Setup Phase.
Organisation O
Authority A
ID
Pseudonym
Pseudonyms
Credentials
Pseudonym
Pseudonym
Pseudonym
2
ID
1
3
4
Pseudonym
„Signature“
Credential
Credential
Credential
ID
Pseudonyms
Credentials
Phase I: Separation of ID and service usage
Privacy
VANET Privacy
BMW Group
Florian Dötzer
June 1, 2005
Page 14
Trusted Authority Approach.
Normal Usage.
Sender
ID
Pseudonyms
Credentials
Receiver
ID
Pseudonyms
Credentials
Phase II: Receiver can verify message
VANET Privacy
BMW Group
Florian Dötzer
June 1, 2005
Page 15
Trusted Authority Approach.
“Revocation” Phase.
Sender
BUT
1
Information is
not correct
OR
sender
malfunctioning
ID
Pseudonyms
Credentials
ID
Receiver
Authority A
ID
Pseudonyms
Signature OK!
4
2
Organisation O
Pseudonym
3
Credentials
Phase III: Disclosure of sender ID
VANET Privacy
BMW Group
Florian Dötzer
June 1, 2005
Page 16
Trusted Authority Approach.
Evaluation.
Pro’s
+ Fulfills given requirements
+ Provides strong privacy
Con’s
- Requires independent, trusted authority
- Problem of detecting wrong messages
Agenda.
Introduction
Privacy in VANETs
Exemplary Approach
Future Work / Conclusion
VANET Privacy
BMW Group
Florian Dötzer
June 1, 2005
Page 18
Future Work.
And Open Questions…
How to change pseudonyms?
Feasibility of Organizational Solution
Feasibility of Smart Card Approach
Location Related Pseudonyms
System without IDs?
VANET Privacy
BMW Group
Florian Dötzer
June 1, 2005
Page 19
Conclusion.
Privacy is essential for VANETs
Privacy must be considered at system design
Trusted authority approach is far from perfect
Additional research is necessary
VANET Privacy
BMW Group
Florian Dötzer
June 1, 2005
Page 20
Thanks for Listening.
Questions?