Security in Vehicular Networks E-Book

Contents

Cover

Title Page

Copyright

Preface

List of Acronyms

Introduction

Chapter 1. Vehicular Networks

1.1. Introduction

1.2. Motivation by numbers

1.3. Evolution

1.4. Architecture

1.5. Characteristics

1.6. Technical challenges and issues

1.7. Wireless technology

1.8. Standards

1.9. Types

1.10. Test beds and real implementations

1.11. Services and applications

1.12. Public opinion

1.13. Conclusion

Chapter 2. Privacy and Security in Vehicular Networks

2.1. Introduction

2.2. Privacy issue in vehicular networks

2.3. State-of-the-art location privacy-preserving solutions

2.4. Authentication issues in vehicular networks

2.5. Identity privacy preservation authentication solutions: state of the art

2.6. Conclusion

Chapter 3. Security and Privacy Evaluation Methodology

3.1. Introduction

3.2. Evaluation methodology

3.3. Conclusion

Chapter 4. The Attacker Model

4.1. Introduction

4.2. Security objectives

4.3. Security challenges

4.4. Security attacker

4.5. Conclusion

Chapter 5. Privacy-preserving Authentication in Cloud-enabled Vehicle Data Named Networks (CVDNN) for Resources Sharing

5.1. Introduction

5.2. Background

5.3. System description

5.4. Forming cloud-enabled vehicle data named networks

5.5. Migrating the local cloud virtual machine to the central cloud

5.6. Privacy and authentication when using/providing CVDNN services

5.7. The privacy in CVDNN

5.8. Discussion and analysis

5.9. Conclusion

Chapter 6. Privacy-preserving Authentication Scheme for On-road On-demand Refilling of Pseudonym in VANET

6.1. Introduction

6.2. Network model and system functionality

6.3. Proposed scheme

6.4. Analysis and discussion

6.5. Conclusion

Chapter 7. Preserving the Location Privacy of Vehicular Ad hoc Network Users

7.1. Introduction

7.2. Adversary model

7.3. Proposed camouflage-based location privacy-preserving scheme

7.4. Proposed hybrid pseudonym change strategy

7.5. Conclusion

Chapter 8. Preserving the Location Privacy of Internet of Vehicles Users

8.1. Introduction

8.2. CE-IoV

8.3. Privacy challenges

8.4. Attacker model

8.5. CLPPS: cooperative-based location privacy-preserving scheme for Internet of vehicles

8.6. CSLPPS: concerted silence-based location privacy-preserving scheme for Internet of vehicles

8.7. Obfuscation-based location privacy-preserving scheme in cloud-enabled Internet of vehicles

8.8. Conclusion

Chapter 9. Blockchain-based Privacy-aware Pseudonym Management Framework for Vehicular Networks

9.1. Introduction

9.2. Background

9.3. Related works

9.4. Key concepts

9.5. Proposed solution

9.6. Analysis

9.7. Comparative study

9.8. Conclusion

Conclusion

References

Index

List of Illustrations

Chapter 1

Figure 1.1.

Autonomous vehicles

Figure 1.2.

IEEE WAVE standards (Sjöberg 2011)

Figure 1.3.

A simplified WAVE standard view (Rawashdeh and Mahmud 2011)

Figure 1.4.

ETSI TC ITS protocol stack (Sjöberg 2011)

Figure 1.5.

Vehicular networks.

Figure 1.6.

Automated driving levels (Litman 2018)

Chapter 2

Figure 2.1.

Vehicle tracked successfully even with a pseudonym change.

Figure 2.2.

Vehicle tracked successfully when no pseudonym update is done.

Figure 2.3.

Privacy preservation methods when using safety applications

Chapter 3

Figure 3.1.

Process of security/privacy issue resolution

Figure 3.2.

Privacy and security proof and analysis methods

Figure 3.3.

Protocol analysis process using the BAN logic.

Figure 3.4.

Example of HLSPL protocol specification (A. Team 2006a).

Figure 3.5.

Attack tree example (AND/OR nodes)

Figure 3.6.

Types of games in game theory

Chapter 4

Figure 4.1.

Cyber-security threats and solutions (Benarous et al. 2017)

Figure 4.2.

Attacker’s receivers’ dispositions to cover the observed area.

Figure 4.3.

Semantic linking attack.

Figure 4.4.

Syntactic linking attack.

Figure 4.5.

Observation mapping linking attack.

Figure 4.6.

Linking mapping attack.

Chapter 5

Figure 5.1.

Vehicular cloud types.

Figure 5.2.

Creating and/or joining the vehicular cloud.

Figure 5.3.

Illustration of cloud-enabled vehicular data named network joining and service usage process.

Chapter 6

Figure 6.1.

Network model (Benarous and Kadri 2018).

Figure 6.2.

Message sequence chart of the pseudonym/certificate refilling request.

Figure 6.3.

Message sequence chart of the anonymous authentication scheme.

Figure 6.4.

Vehicle’s and RA’s HLPSL specification code

Figure 6.5.

Result of the specified protocol using SPAN and AVISPA

Figure 6.6.

Message sequence chart of the specified authentication method.

Figure 6.7.

Message sequence chart of the authentication method in the presence of an intruder.

Chapter 7

Figure 7.1.

Vehicle Ad hoc Network illustration under attacker’s observations.

Figure 7.2.

Investigating the impact of varying ∆t and k-fake on the privacy, number of sent and received messages.

Figure 7.3.

Number of pseudonyms used per vehicle

Figure 7.4.

Ratio of tracked vehicles

Figure 7.5.

Ratio of linked pseudonyms

Figure 7.6.

Ratio of tracked vehicle.

Figure 7.7.

The proposed pseudonym changing scheme.

Figure 7.8.

Pseudonym changing process

Figure 7.9.

Number of pseudonyms used

Figure 7.10.

Ratio of tracked vehicles

Figure 7.11.

Ratio of linked pseudonyms

Figure 7.12.

Ratio of tracked vehicle for both solutions.

Chapter 8

Figure 8.1.

The number of IoT connected devices (based on the statistics of Heinze (2016))

Figure 8.2.

Network model.

Figure 8.3.

General description of the cloud-enabled Internet of vehicles.

Figure 8.4.

Diagram of the proposed identifier changing scheme

Figure 8.5.

Ratio of tracked vehicles

Figure 8.6.

Ratio of tracked vehicles for each attack.

Figure 8.7.

Ratio of tracked vehicles for both solutions.

Figure 8.8.

Syntactic attacker’s ratio of tracked vehicles for both solutions.

Figure 8.9.

Semantic attacker – ratio of linked identifiers.

Figure 8.10.

Observation mapping attack – ratio of the tracked vehicle.

Figure 8.11.

Ratio of tracked vehicles

Figure 8.12.

Ratio of tracked vehicles for each attack.

Figure 8.13.

Ratio of tracked vehicles.

Figure 8.14.

Syntactic attacker’s ratio of tracked vehicles.

Figure 8.15.

Semantic attacker (A. ratio of linked identifiers,

B. ratio of tracked vehicles).

Figure 8.16.

Observation mapping attack – ratio of tracked vehicles.

Figure 8.17.

Pseudonym and VMID change strategy

Figure 8.18.

Attacker’s tracking ratio for each attack.

Figure 8.19.

Average ratio of detected vehicles

Figure 8.20.

Average anonymity set, entropy and normalized entropy.

Figure 8.21.

Average ratio of detected vehicles.

Figure 8.22.

Ratio of tracked vehicles – semantic attack.

Figure 8.23.

Ratio of tracked vehicles – syntactic attack.

Figure 8.24.

Ratio of detected vehicles – observation mapping.

Chapter 9

Figure 9.1.

Blockchain architecture layers

Figure 9.2.

Transaction illustration

Figure 9.3.

Block structure

Figure 9.4.

Chains of blocks (blockchain).

Figure 9.5.

Blockchain-based pseudonym management for vehicular networks.

Figure 9.6.

Certifying transaction structure

Figure 9.7.

Revocation certificate structure

Figure 9.8.

Message authentication.

Figure 9.9.

Attack tree for the vehicular PKI and our proposed framework.

List of Tables

Chapter 2

Table 2.1.

Non-cooperative change strategies

Table 2.2.

Silence-based change strategies

Table 2.3.

Infrastructure-based mix-zone change strategies

Table 2.5.

Hybrid change strategies

Table 2.6.

Pseudonym change strategies – recap

Table 2.7.

Advantages and disadvantages of authentication types

Chapter 3

Table 3.1.

BAN logic notations

Table 3.2.

HLPSL simplified user guide (A. Team 2006a; 2006b)

Table 3.3.

Comparative study of simulation tools

Chapter 6

Table 6.1.

Illustration of brute-force estimated time of execution and number of combinations

Chapter 7

Table 7.1.

Simulation parameters of the attacker

Table 7.2.

Simulation parameters

Chapter 8

Table 8.1.

Simulation parameters for the vehicles

Table 8.2.

Comparative study between our proposed solution and the proposed solution by Kang et al. (2016)

Table 8.3.

Simulation parameters

Chapter 9

Table 9.1.

Standard grade chart

Table 9.2.

Probability of occurrence

Table 9.3.

Comparative study between our proposed framework and the vehicular PKI

Guide

Cover

Table of Contents

Title Page

Copyright

Begin Reading

Index

End User License Agreement

Pages

i

ii

iii

iv

xi

xii

xiii

xiv

xv

xvi

xvii

xviii

xix

xx

xxi

xxii

xxiii

xxiv

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

To my beloved parents,my cherished brothers,my dear sistersLeila Benarous

To Afaf, Nada, Nour, and RamiSalim Bitam

To my beloved young daughter IntissarAbdelhamid Mellouk

New Generation Networks Set

coordinated byAbdelhamid Mellouk

Volume 1

Security in Vehicular Networks

Focus on Location and Identity Privacy

First published 2022 in Great Britain and the United States by ISTE Ltd and John Wiley & Sons, Inc.

Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms and licenses issued by the CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the undermentioned address:

ISTE Ltd

27-37 St George’s Road

London SW19 4EU

UK

www.iste.co.uk

John Wiley & Sons, Inc.

111 River Street

Hoboken, NJ 07030

USA

www.wiley.com

© ISTE Ltd 2022

The rights of Leila Benarous, Salim Bitam and Abdelhamid Mellouk to be identified as the authors of this work have been asserted by them in accordance with the Copyright, Designs and Patents Act 1988.

Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s), contributor(s) or editor(s) and do not necessarily reflect the views of ISTE Group.

Library of Congress Control Number: 2022941634

British Library Cataloguing-in-Publication Data

A CIP record for this book is available from the British Library

ISBN 978-1-78630-848-1

Preface

Vehicular networks are formed by connected vehicles. They were initially developed to ensure the safety of their users and extend Internet services to the road. They offer various types of services and applications to road users to make their trips more enjoyable and more comfortable. However, cyber activity can result in the creation of new types of risks, such as blackmailing, data trading or profiling. Worse still, they may have an impact on the safety of on-board users and may lead to road accidents. The risks arise from tracking and privacy violations through the interception of messages, the exchange of which is necessary for participation in the network. Privacy and security are the major issues that need to be resolved in order for vehicular networks to be implemented in real-world applications.

This book proposes privacy-preserving solutions that protect the user’s identity and on-road location to prevent tracking from occurring. Our solutions have been tested experimentally and analytically to evaluate their performance against a strong attacker model. Initially based on the work conducted by Leila Benarous as part of her PhD thesis, this book has developed into a resource to facilitate the understanding of vehicular networks and the technologies they employ, as well as their various types. It highlights the significance of their associated privacy and security issues and their direct impact on the safety of users. Furthermore, it includes two anonymous authentication methods that preserve identity privacy, as well as five schemes that preserve location privacy in vehicular ad hoc networks (VANETs) and cloud enabled Internet of vehicles (CE-IoV) respectively. The design of a new privacy-aware blockchain-based pseudonym management framework is also included. The framework is secure, distributed and public, ensuring revocation, non-repudiation, authenticity and integrity, which are the fundamental security requirements. The proposal was developed as a potential replacement for the vehicular public key infrastructure (VPKI).

To give a complete historical account of the research that led to the present form of the subject would have been impossible. It is thus inevitable that some topics have been covered in less detail than others. The choices partly reflect personal taste and expertise, and also a preference for the very promising research and recent developments in the field of technology-based security in vehicular networks.

This book is a start, but many questions remain unanswered. We hope that it will inspire a new generation of investigators and investigations. This book would not have been possible without the hard work of the following people: Professor Bouridane Ahmed, Professor Guizani Mohsen, Professor Kadri Benamar, Professor Belabbaci Youcef, Professor Ouinten Youcef, Dr. Saadi Boudjit, Dr. Bensaad Mohammed Lahcen and Dr. Oubbati Omar Sami. We give particular thanks to Mr. Djoudi Mohamed as well as the late Dr. Yamani Ahmed for their endless support. Finally, we thank everyone who has contributed to the success of this work. The authors hope that you will enjoy reading this book and get many helpful ideas and overviews for your own study.

June 2022Leila BENAROUSSalim BITAMAbdelhamid MELLOUK

List of Acronyms

AASS

Average Anonymity Set Size

ASS

Anonymity Set Size

AVISPA

Automated Validation of Internet Security Protocols and Applications

BAN

Burrows, Abadi and Needham

BB

Big Brother

BC

Blockchain

BCN

Beacon

CA

Certifying Authority

CaaS

Cooperation-as-a-Service

CE-IoV

Cloud Enabled Internet of Vehicles

CIoV

Cognitive IoV

CL-atSe

Constraint Logic-based Attack Searcher

CLPPS

Cooperative-based Location Privacy-Preserving Scheme for Internet of Vehicles

CM

Cloud Manager

COO

Cooperation

CPS

Certified Pseudonyms

CPU

Central Processing Unit

CRL

Certificate Revocation List

CS

Content Store

CSLPPS

Concerted Silence-based Location Privacy-Preserving Scheme for Internet of Vehicles

CVD

Change VMID

CVDNN

Cloud-enabled Vehicle Data Named Networks

DataPk

Data Packet

DC

Do the Change

DDoS

Distributed Denial of Service

DoS

Denial of Service

DRL

Data Reliability

DSRC

Dedicated Short-Range Communications

EDGE

Enhanced Data rates for GSM Evolution

ERGS

Electronic Route Guidance System

FCC

Federal Communications Commission

FIB

Forwarding Information Base

GPA

Global Passive Attacker

GPRS

General Packet Radio Service

GPS

Global Positioning System

GSM

Global System for Mobile

HLPSL

High-Level Protocol Specification Language

HMI

Human–Machine Interface

HSDPA

High-Speed Downlink Packet Access

HVC

Hybrid Vehicular Cloud

IC-NoW

Information Centric Network on Wheels

InaaS

Information-as-a-Service

IntPk

Interest Packet

IoT

Internet of Things

IoV

Internet of Vehicles

ITS

Intelligent Transport System

LBS

Location-Based Service

LTCA

Long-Term Certification Authority

MANET

Mobile Ad hoc Network

MITM

Man in the Middle

MSC

Message Sequence Chart

NaaS

Network-as-a-Service

NDN

Named Data Networks

NoW

Network on Wheels

NRV

New Reputation Value

NS

Network Simulator

OBU

On-Board Unit

OFMC

On-the-Fly Model Checker

ORV

Old Reputation Value

PCA

Pseudonym Certification Authority

PIT

Pending Interest Table

PKI

Public Key Infrastructure

PoS

Proof of Stake

PoW

Proof of Work

PRA

Pseudonym Resolution Authority

PROMETHEUS

Program for European Traffic with Highest Efficiency and Unprecedented Safety

PSD

Pseudonym

PUF

Physically Unclonable Functions

QoS

Quality of Service

RA

Regional Authority

RCA

Root Certifying Authority

RCP

Resource Command Processor

RDC

Ready to Do the Change

RFID

Radio Frequency Identification

RS

Registration Server

RSU

Road Side Units

SATMC

Satisfiability-based Model Checker

SC

Service Continuity

SDN

Software-Defined Networks

SDVN

Software-Defined Vehicular Networks

SF

Selfishness

SIG

Signature

SPAN

Security Protocol Animator

StaaS

Storage-as-a-Service

TA

Trusted Authority

TA4SP

Tree Automata for Security Protocols

TMN

Testimony

TPD

Tamper Proof Device

Tx

Transaction

UMTS

Universal Mobile Telecommunication System

V2H

Vehicle-to-Human

V2I

Vehicle-to-Infrastructure

V2N

Vehicle-to-Network

V2S

Vehicle-to-Sensors

V2V

Vehicle-to-Vehicle

V2X

Vehicle-to-Everything

VANET

Vehicular Ad hoc Network

VC

Vehicular Cloud

VCS

Vehicular Cloud Services

VIN

Vehicle Identification Number

VM

Virtual Machine

VMID

Virtual Machine Identifier

VN

Vehicular Networks

VPKI

Vehicular Public Key Infrastructure

VS

Verification Server

VuC

Vehicle using the Cloud

Introduction

I.1. Introduction

Vehicles are continuously evolving, from a simple means of transport to a powerful computer on wheels. The overwhelming concerns about reducing road causalities and protecting the environment are pushing researchers and the industry to develop smart vehicles that are safer and more eco-friendly. Extending the Internet and networking concepts to the road is becoming a necessity rather than a luxury.

Vehicular networks (VNs) are formed by vehicles, road infrastructures, on-road devices and sensors. They were originally created to safeguard on-roads users and reduce the number of accidents and casualties. They are now developed to provide high-quality infotainment services. The broadcast of real-time road information such as construction work, traffic, accidents, weather and road conditions helps road users to easily and safely plan their trips. VNs offer various applications, including autonomous driving. In fact, autonomous driving can be achieved by smart vehicles independently, and can also be realized via VNs, where road data is exchanged over the network to make automatic adaptive driving decisions. The vision of researchers and the industry is not limited to offering on-road safety-related applications, but also aims to extend the Internet infotainment to road-edge. As VNs manage vehicular traffic in a smooth way, they result in reducing fuel consumption and emitted toxins and gases. Therefore, they help in protecting the environment.

However, although VNs are developed to save users’ lives and offer them various on-road services, and despite the benefits they bring in protecting the environment, they result in breaching the privacy of road users. This is due to their nature that requires the broadcast of real-time spatio-temporal identifying data. This identifying data can be used to perform profiling and tracking attacks on users. Therefore, security and privacy are two fundamental issues that must be preserved and ensured to safely deploy these networks.

I.2. Motivation

The damage caused by cyber-system security breaches is significant in terms of moral and financial implications, as well as the impact on human life. The technology news reports devastating security violation launched against top high-tech corporations yearly. VNs extend computers and the cyber world to roads. Therefore, fatalities resulting from security and privacy violation on-road are even more tremendous because they are directly related to the user safety.

A vehicle should not be tracked via its on-road cyber activity. Its user’s identity should not be known nor extracted from the vehicle’s exchanged messages. If a vehicle is successfully tracked from its cyber activity by an attacker, they may learn its driver’s routines, parsed trajectories, hideouts and frequented places. The attacker may track (stalk) the vehicle to trade its user’s data for profit, out of personal interest or to blackmail the vehicle owner using collected secrets. The consequences of leaking trajectory data about the user may give rise to serious risks, such as planning traffic congestion or accidents along frequented routes. Even worse, a malicious attacker may even execute on-road assassination. To avoid these serious consequences and ensure the safe use of VNs, we concentrated our research on developing security and privacy solutions. These solutions reduce the tracking risks for VN users.

I.3. Objectives

Our research aims to preserve the privacy and security of VN users. More precisely, our interest lies in protecting identity and location privacy as they are interconnected. Exposure of one results in the violation of the other, leading to the aforementioned fatalities. The cause of privacy vulnerability in VNs is the broadcast of periodic state messages needed for safety applications, which are sent wirelessly in clear with high frequency. Moreover, they contain accurate, real-time identity and spatio-temporal information. Their easy interception results in vehicle trajectory tracking. Furthermore, VNs also demand the assurance of non-repudiation (accountability), authentication and revocation of mischievous nodes to maintain their reliability. In fact, these requirements go against privacy demands. Therefore, when developing a solution, both privacy and security requirements should be guaranteed in a balanced way. The existing solutions to protect location privacy use temporal identities known as pseudonyms. These pseudonyms are frequently updated through change strategies aiming to reduce their inter-linkability. Unlinkability between updated pseudonyms also protects location (trajectory) privacy. Moreover, the use of pseudonyms ensures anonymity. Therefore, the majority of existing solutions are designed to protect anonymity and limit linkability to prevent tracking.

Identity privacy may be further exposed if repeatedly used to authenticate the vehicle to infrastructures, authorities and service providers. Consequently, we concentrate on developing privacy-preserving authentication schemes, also known as anonymous authentication methods. While designing these solutions, we intended to make them resilient to security attacks that target VNs, such as Sybil attacks, and authentication systems.

Currently, VNs are authority-based, i.e. vehicle registration and the issuance of certificates are done by the authority. This authority ensures the correct functionality of the network through the revocation of misbehaving nodes and the tracing of honest nodes. This means that privacy is conditional in VNs; it is preserved from other vehicles and exposed to the authority when the vehicle misbehaves and disrupts the functionality of the network. Moreover, the authority provides the vehicle with security parameters, keys, certificates and algorithms. The authority-based system is known as the vehicular public key infrastructure (VPKI). The VPKI is preferred over the self-generated key system because it satisfies the main requirements needed in VNs, such as preventing Sybil attacks, guaranteeing conditional privacy, ensuring non-repudiation and revocation, etc. Therefore, most of the existing solutions for safeguarding privacy in VNs are built over the VPKI.

In the following, we explain the aims of this book:

– Our first objective is to understand VN characteristics and types, alongside a review of their security issues and sources. Our focus is on authentication and privacy issues.

– Our second objective is to ensure authentication without any violation of identity privacy. Nevertheless, privacy-preserving authentication methods, also known as anonymous authentication methods, may instigate other security infringements. Being anonymous may enable untraceable network exploitation. It may also disrupt network functioning. Furthermore, it contradicts non-repudiation and revocation requirements. Consequently, when developing anonymous authentication methods, we first thought of how to resolve the issues mentioned above.

– Our third objective relates to the development of infrastructure, crowd and road-map independent location privacy-preserving schemes for vehicular ad hoc networks. The solutions discussed are pseudonym update strategies, which maintain correct network functionality while reducing linkability. The solutions are designed to protect location privacy, even when used on low density roads where tracking is likely to occur.

– Our fourth objective is to design location privacy-preserving schemes for Internet of vehicles (IoV) road users. Our target is to reduce the linkability achieved from matching IoV location-based service queries with periodic beacon safety applications. Reducing linkability in turn reduces tracking. Developed solutions must not negatively interfere with network functionality nor cause service interruption.

– Our final objective is to propose a potential replacement for the central-based VPKI. The VPKI is secure and most of the existing solutions discuss its robustness from the researcher’s perspective. However, certificate issuance is most likely to be a paid service. Furthermore, the fact that it is centralized makes it prone to a single point of failure and the target of attacks. Lastly, VPKI deployment costs to cover and satisfy all the needs of the network vehicles’ pseudonyms are extremely high. We therefore design a distributed, cost-free blockchain-based pseudonym management framework as a potential replacement for VPKI. This framework ensures the security requirements of authenticity, privacy, non-repudiation, integrity and revocation. It relies on the network nodes (vehicles and infrastructures) to self-generate the pseudonyms and add them to the blockchain. The aim is to decrease the cost of the VPKI, provide a secure, distributed pseudonym management framework and prevent the single point of failure problem.

I.4. Book structure

This book is organized into nine chapters. The first four chapters are dedicated to a literature review. The remaining five chapters are based on some of our past contributions. A brief outline of each chapter is given below.

Chapter 1 aims to clarify the basic concepts related to VNs: their evolution, technology, architecture, characteristics and challenges. It also lists their standards, applications and real-world implementations. This chapter also includes public opinions about these networks. Most importantly, it enumerates the various types of VNs and highlights the key differences between them.

Chapter 2 introduces the reader to the privacy and security issues in VNs; particular attention is paid to identity and location privacy, as well as to authentication as a security issue. This chapter explains the privacy issue and sheds light on its importance and the potential consequences of its violation. It also answers the questions about why privacy is threatened, when, by whom and how. Similarly, the authentication issue is explained and its contradiction with privacy requirements is highlighted. This chapter also surveys prominent existing solutions for each issue separately.

Chapter 3 explains the security and privacy evaluation methodology, metrics and tools. We mention the key methods used in the literature and then explain our chosen methodology and our reasons for using it.

Chapter 4 studies security issues against an attacker model that deploys various types of attack, in order to evaluate performance in terms of its resilience to those attacks. In this chapter, we explain the security objectives and properties that should be maintained in VNs. We also mention key security challenges in these networks that are subject to research. Finally, we explain our attacker model for both authentication and privacy issues. We clarify its aims, types, means and attacks.

Chapter 5 defines the model for cloud-enabled vehicle data named networks where vehicles may share their resources with one another on the road. Resource sharing happens upon successful authentication and is done while ensuring privacy. To preserve privacy between the resource requester and the service provider, an anonymous reputation-based authentication is performed. The proposed mutual authentication method is proved to achieve its underlying aims using the BAN logic.

Chapter 6 includes privacy-preserving anonymous authentication that ensures privacy as well as security. The solution is used as the initial phase to request on-road pseudonym/certificate refilling. This process is repetitive and may lead to tracking if the identity is used repeatedly in the request, even if the communication is secure. The proposed authentication method ensures authenticity, integrity, non-repudiation and revocation. Furthermore, it is resilient to man-in-the-middle attacks, replay attacks, impersonation, brute force and Sybil attacks. We use the BAN logic to prove its correctness and SPAN and AVISPA to prove that it is safe, ensures the authentication aims and is resilient to well-known attacks.

Chapter 7 deals with location privacy in VNs, which is a critical issue. Trajectory tracking is risky, and results from accurate linkability between updated pseudonyms. The consequences of tracking may vary from stalking and blackmailing to assassination. Various solutions exist in the literature, aiming to reduce the linkability and tracking ratio. In this chapter, we propose two solutions that are road-, crowd- and infrastructure-independent. Both aim to reduce the linkability ratio, even when the vehicle is within low density roads. The solutions were analyzed by simulation against the attacker model defined in Chapter 4. The first proposal reduced the tracking ratio to an average of 27%. The second proposal was even better, with an average tracking ratio of 10.4%.

Chapter 8 presents the Internet of vehicles, which is the evolution of VANET. It relies on cloud computing to provide a wider range of more stable and global services. Consecutively, the risks to privacy come from linking the location-based services used by the vehicle through the IoV. Also, its safety-related application participation is necessary to maintain the correct functionality of networks. In this chapter, we propose three location privacy-preserving solutions that take the above risks into account. The solutions are tested through simulation against the attacker model defined in Chapter 4. Each solution is the amelioration of its predecessor. These ameliorations aim to reduce the tracking ratio: the lower this ratio, the higher the level of privacy provided by the solution. The ratios obtained are 30%, 16% and 10% on average for the three proposals respectively.

Chapter 9 proposes a potential replacement framework to the vehicular PKI that suffers from a single point of failure and is costly to deploy. The framework is based on the blockchain. It preserves privacy even though it is public. It ensures authentication, revocation, non-repudiation and integrity. It inherits the security strength of blockchains, prevents alterations and ensures availability. The framework is a blockchain of two public blockchains. The first blockchain is permissionless, and contains vehicle-generated pseudonyms. The second blockchain is permissioned, and contains revoked pseudonyms. Our framework provides the same requirements ensured by the VPKI, while ensuring a higher level of security.

It is worth noting here that some of the work presented in these chapters has already been published in several journals and featured at numerous conferences.

1Vehicular Networks

1.1. Introduction

Vehicular networks are at the core of the intelligent transport system (ITS). Interest in these networks is constantly growing due to the need to reduce road fatalities, which result in immense yearly losses in terms of human lives, physical and mental health repercussions, property damage and financial losses. They were initially developed to ensure the safety of road users by providing them with accurate prior knowledge about the traffic, road conditions and shortcuts. They were also intended to provide users with safe, comfortable trips in their autonomous vehicles. Moreover, vehicle networks help to lower fuel consumption by reducing traffic jams and streamlining the driving experience.

In this type of network, the vehicles are the main nodes. They are also referred to as computers on wheels in the literature. The vehicles are equipped with various types of sensors for external and internal roles such as sensing proximity or engine heat. They also contain a global positioning system (GPS) to localize the vehicle, cameras, radar and lidar to sense the surroundings and detect obstacles and road conditions. The on-board unit (OBU) is the brain of the vehicle and computer controlling it; it ensures the vehicle’s correct functioning and processes the sensed data. The OBU gives the vehicle the trait of smartness, which is the same reason they are known as “smart vehicles”. They also have network interfaces that are used to communicate, alongside a storage space to save sensed data, security programs and received messages.

The vehicular networks encompass several types of networks in which the main type of node is a vehicle. It comprises the autonomous vehicles, Vehicular Ad hoc Networks (VANETs), vehicular data named networks, vehicular cloud computing, Internet of vehicles, etc. The appearance of these types is due to the evolution of the on-road users’ service demands and corresponding answering applications. The earliest applications of VNs were safety-related, oriented towards assisting the driver. Then, the infotainment applications became a necessity later on. Lastly, the Internet and cloud computing were extended to road-edge in order to provide road users with their services.

This chapter reviews vehicular networks, their evolution and their applications. It depicts the yearly fatalities caused by vehicle causalities and the assessments of the benefits of using the vehicular networks to ensure safety, alongside the evaluation of their market value. It describes the vehicular networks’ evolution as part of the intelligent transportation systems and road automation projects. It also explains the components of intelligent vehicles and the architectures of vehicular networks. It describes the main distinguishable characteristics of the vehicular networks. It enumerates the issues and technical challenges halting the vehicular networks’ real implementations. Furthermore, it lists the wireless technologies that could potentially be used in vehicular networks. It outlines the vehicular networks regulating standards and explains the vehicular network’s different existing types along with its test beds. Lastly, it reviews the public opinion and acceptance of the technology.

1.2. Motivation by numbers

The following statistics emphasize the importance of vehicular networks (Contreras-Castillo et al. 2018):

– approximately 1.3 million people die every year;

– more than 7 million people are injured;

– nearly 8 million traffic accidents are recorded;

– estimated wasted time because of traffic jams and accidents is over 90 billion hours;

– vehicles produce 220 million tons of carbon;

– the expected global market of the Internet of Everything may reach 14.4 trillion dollars by 2022 (Bonomi 2013) and the value of the Internet of vehicles (IoV) alone was estimated to be 115.26 billion Euros by 2020 (Contreras-Castillo et al. 2018);

– more importantly, autonomous vehicles usage would eliminate 80–90% of vehicles’ accidents and crashes (Maglaras et al. 2016);

– a rough estimation (Bai and Krishnamachari 2010) states that 100% market penetration by vehicular networks would take 14–15 years from its initial deployment date.

With these statistics, it is abundantly clear that vehicular networks are most likely serving the purposes they were developed for in reducing car accidents, injuries, mortalities, pollution, etc. Academics and industry are doing their best to concretize and market this technology. What is left is to convince the public and draw attention to its benefits.

1.3. Evolution

Automated roads and the creation of self-driving vehicles have been the dream of various researchers and industry sectors. General Motors was the leader in exhibiting the basic concepts of road automation, known as “Futurama”, at the 1939 World Fair. In 1970, a follow-up proposition came from the United States, which is the Electronic Route Guidance System (ERGS). It pilots the drivers to their destination by decoding and transmitting routing instructions to and from roadsides at intersections. In Japan, between 1973 and 1979, the Comprehensive Automobile Traffic Control System was launched. The project aimed to reduce air pollution and traffic congestion and prevent accidents. It also aimed to provide the driver with appropriate route directions thanks to the accurate information and warnings received (Gerla et al. 2014). In Europe, the PROMETHEUS (Program for European Traffic with Highest Efficiency and Unprecedented Safety) framework was introduced in 1986 and launched in 1988.

The term vehicular ad hoc networks was first coined by Ken Laberteaux in the first International Workshop on Vehicular Ad hoc Networks (VANET) held in Philadelphia in 2004 (Hartenstein and Laberteaux 2010). VANET is considered to be the first commercialized version of Mobile Ad-hoc Networks and one of its most promising applications, aiming to automate the roads and ensure user comfort and safety. It draws the community nearer to realizing the self-driving vehicles’ vision (Gerla et al. 2014).

Ever since the VANET became a hot topic, various related consortiums and projects were launched yearly. We mention a few of them as an example: FleeNET, CarTalk2000, Car2Car consortium, PReVENT, Network on Wheel (NoW), MobiVip, etc. (Meraihi et al. 2008).

Starting from 2010, a new vehicular networks type appeared, the vehicular cloud (VC) concept, which combines cloud computing with vehicular networks. The VC takes advantage of the vehicles’ sensing, calculation and storage capacities to extend the clouds that offer various kinds of stable services (Gu et al. 2013). As of 2014, researchers focused on the Internet of vehicles (Gerla et al. 2014; Yang et al. 2014), which is the evolution of VANETs and an instantiation of the Internet of Things.

In 2009, Google’s first autonomous vehicle project started. It continued its tests and trials until 2015, when it first hit the public road. In 2016, the project became independent and was named Waymo under Alphabet, a self-driving technology company. Meanwhile, major car companies such as Renault, Mercedes, Tesla and Audi have been competing to launch their own self-driving vehicles (top companies for self-driving vehicles).

1.4. Architecture

Autonomous vehicles, also known as self-driving vehicles, are smart. They have two types, illustrated in Figure 1.1. The first type is the self-dependent (self-contained) vehicle, relying only on its smarts and computational capacities to process sensed data, execute instructions and make decisions. The second type is the interdependent vehicle, where a vehicle either exchanges data and instructions with a control server via Vehicle-to-Infrastructure (V2I), or, it is connected to other network nodes (vehicles) via Vehicle-to-Everything (V2X) to interchange sensed data. The second type is denoted as vehicular networks. Although the types differ, the design and components of the smart vehicles are similar (Glancy 2012).

Figure 1.1.Autonomous vehicles

Vehicular networks in general are built upon the VANETs basic architecture. They are composed of vehicles as mobile nodes known as on-board units (OBU) and road side units (RSU) as static infrastructures. The OBU stores, locates, calculates and sends messages over a network interface (Gerla et al. 2014). It is composed of a read/write memory used to store/fetch information, a Resource Command Processor (RCP), a user interface and a network device using IEEE 802.11p radio technology for short-range wireless communication (Al-Sultan et al. 2014).

The RSUs broadcast advertisement and road information; they also spread data sent by OBUs (Gerla et al. 2014). They are equipped with network interfaces using IEEE 802.11p radio technology for a dedicated short-range communication, and wired interfaces for communication with the other infrastructures in the network (Al-Sultan et al. 2014). The basic components of a smart vehicle were initially summed up into the use of GPS, radar, sensors, an on-board computer (for processing and storage), network interfaces and a human-friendly interface.

However, the technology is constantly developing, with numerous carmakers competing on intelligent vehicles’ implementations and testing. Therefore, the components are more sophisticated, refined and advanced. For illustration purposes, we study the components of a Google smart car as an example of the current design and technology in use.

A Google vehicle uses a distinguishable set of hardware and software technologies, and we mention a few of them (national):

– laser range finder (lidar, 360° camera), which can create 3D images of objects within a 200 m range and calculate the distances;

– front camera for near vision, which can detect front objects, pedestrians, obstacles, traffic lights, road signs, etc.;

– bumper-mounted radar, which are mounted on the front and rear of the vehicle to avoid bumps and crashes with vehicles, pedestrians and obstacles;

– an aerial on the rear of the vehicle that reads precise geo-location; this is done by matching the GPS location received from the satellite with the sensed location and internal map to render the location more accurately;

– ultrasonic sensors on rear wheels, which are used to keep track of the wheel’s movement and detect the obstacle on the rear of the vehicles;

– the altimeters, gyroscopes and tachymeters inside the vehicle give precise information about its position;

– synergistic combining of sensors. The vehicle has a set of sensors for various purposes, all of the sensed data is combined and processed by the on-board unit to help achieve safe self-driving;

– in-built programmed maps, human behavior, data processing and decisional algorithms.

1.5. Characteristics

Vehicular networks have a particular nature and characteristics that differentiate them from other networks:

– their topology is highly dynamic due to the vehicles’ high speed;

– predictable patterned movements defined by the roads and paths the vehicles run through;

– frequently disconnected networks causing a delay and potential loss of messages;

– the use of different types of external and internal sensors for various purposes;

– unlimited battery power and large storage capacity (Kumar et al. 2013);

– variable network density in roads (in rural areas, in the city, during daytime, during nighttime, etc.) (Al-Sultan et al. 2014);

– the various obstacles on road and surrounding it, such as trees and tall buildings;