F PRIVACY AND SECURITY ISSUES IN Aziz Memon BASED APPLICATIONS" Authors 1. Zunera VANETS (xunera.aziz@gmail.

com)
(zeeshan_junejo@hotmail.com)

on ui Engineering Sciences and Technology) Mehran University of Engineering & Technology Jamshor (Samar_farooqui19@yahoo.com) entertainment broadcasting for drivers and passengers. By being equipped with communication devices, vehicles may communicate with each other as well as with the roadside units (RSUs) placed at critical positions of the road, such as intersections or construction sites. In VANETs, onboard units (OBUs) frequently broadcast routine traffic-related messages

Figure .1: Generalized Structure of Vehicular Adhoc Networks [7]

ABSTRACT: This research study focused on various security issues associated with implementations of major applications using Vehicular Adhoc Networks (VANETs). The first half of this paper presents an overview of VANET followed by its major applications. The second half deals with major security issues and authentication procedure. In this paper, two major categories of issues/challenges are presented that must be considered: security and privacy. However only privacy feature is analyzed and discussed, the paper mainly focused more on the security features that are taken into account in order for end users to develop their trust on using such VANET based applications. Generalized authentication procedure and necessity of implementing digital signature is also discussed.

KEYWORDS:

Vehicular Adhoc Networks (VANETs), Roadside Unit (RSU), Onboard Unit (OBU), Inter-Vehicle Communication (IVC), Vehicle-to-RSU Communication (VRC), Dedicated Short Range Communications (DSRC), Public Key Cryptography (PKC), Digital Signature, Electronic License Plates (ELP).

with information about current time, position, direction, speed, acceleration/deceleration, traffic events, etc. By periodically broadcasting and receiving traffic-related messages, drivers can get an enhanced knowledge of their driving environment. They may take early action to respond to an abnormal/dangerous situation to avoid any possible damage or to follow a less congested route. In addition, with a VANET connected with the backbone Internet, passengers sitting in vehicles can go online to enjoy various entertainment-related Internet services with their laptops or they may do their official tasks including exchange of emails. More services include downloading/uploading data information from the Internet, local information acquisition (e.g., road maps and hotel information), and electronic advertisements [2]. A variety of modern communication technologies including various versions of the IEEE 802.11 standards, the 802.20 Mobile broadband for Wireless Access standard, and the 802.16e Mobile WiMAX standard have been proposed to enable this new generation of responsive vehicles [3]. Generalized structure of VANET is presented in Figure 1.1 which is given below:

1. INTRODUCTION TO VANET
A Vehicular ad-hoc network (VANET) is an emerging network scenario developed to facilitate road safety, traffic management, information and

2. VANET Applications
The application area for vehicle-to-vehicle (V-to-V) 1

and vehicle-to-roadside (V-to-RSU) communications is huge and creates marvelous business openings and research challenges with security as the most significant issue. Therefore, VANETs are visualized to look after the growth of broad and new attractive applications that can be divided into following major categories [4,5]:

(1)Safety-related applications: Applications belong to this class share a common attribute: the significance to life-critical conditions where the availability or lack of a service may affect life threatening accidents. Therefore, the safety measures for this class are compulsory. Major applications in this class include: collision avoidance, A safety related example of VANET based applicationa accommodating driving, traffic optimization, assistance for lane changing, warning for traffic signs violations and warnings about road conditions in case of any construction or damaged road condition. (1) Applications in this class generally require direct vehicle-to-vehicle (V-to-V) communication due to strict delay requirements.
Internet Access and Traffic Management using VANETs

The academic world and the industry have focused their research efforts more in the safety-related applications because this is an important region of the automotive field. However, as the comfort applications present huge business openings, it is predictable that research in this region will continue to draw concentration of designers and researchers to build on a broad range of non-safety applications.

3. Goal Of Vanets
The prime objective of VANETs is to augment the vehicle driving experience by contributing various procedures of road safety while driving. On the other hand, some issues must be considered to achieve this objective. A number of critical vehicle related sensitive parameters such as varying mobility speed, acceleration information between vehicles or between multiple vehicles and Road Side Units (RSU) assists in implementing dynamic safety. These services improve the information available to the driver during life threatening hazard situations such as heavy rain, fog or snowstorm.

(2)Traffic Management: One more application for VANETs is to deal with road congestions and suggest the optimized route to vehicles with updated information about the road conditions. This may utilize road side equipment e.g., intelligent traffic signals and electronic sign boards etc. Information about any blocked road ahead can positively assist in reducing the jamming condition and improving the capacity of roads. Few more applications may also be visualized like automated call to emergency services, on the way and before trip traffic assistance etc. (3) Comfort applications: This form of application improves comfort of passengers and efficiency of traffic. Major applications in this class include: payment services (e.g., electronic toll collection, electronic payment for parking lot), location finding services (e.g., finding the closest hospital or fuel station) and information and entertainment (e.g., music download and Internet Access). Few applications may be free and some may require a subscription fee or a one time payment [6]. Moreover, security is also necessary in this application class, especially in the case of payment related scenarios.

4. Security Challenges
If VANETs do not consider security prior to deployment, then higher risks will be associated with the functionality of critical applications. For instance, if the safety messages are tailored, discarded, or delayed either intentionally or due to hardware malfunctioning, severe consequences such as injuries and even deaths may occur. The main issue of securing VANETs is communication security. The goal is to secure communication between vehicles, which is termed to as Inter-Vehicle Communication (IVC), between vehicles and Road Side Units (RSU) and Vehicle-toRSU Communication (VRC). The security structure must guarantee that basic security services are implemented in VANETs. These services include: information confidentiality which aims to prevent unauthorized access to information. For example, vehicles cannot access events recorders 2

or other vehicles. Also, authenticity and integrity of exchanged messages must be implemented to detect malicious plan such as information amendment and protect vehicles from distributing false traffic conditions. In addition, vehicle validation is important to ensure that all nodes within the network are who they claim to be. Therefore protecting replication attacks where a vehicle pretends to be an authority or se transmission of message to create an accident scenario another vehicle. One more prominent issue associated with the security of VANETs is the method of key management. The key in the security domain is the number sequence used to encrypt and decrypt information.

respectively. The security aspects related to VANETs are: i.Position verification techniques to prevent position spoofing attacks. ii.Traceability by the network authorities (e.g., network administrator) for license cancellation once misconduct is detected. iii.Privacy related to location and identity protection to restrict unauthorized tracing and user profiling. iv.Non-frame-ability of an honest user who cannot be falsely accused of having misbehaved. v.Detecting and correcting malicious data to ensure data consistency. vi. The system must have light overheads in terms of computational costs and high efficiency.

In [8], Ray and other authors introduced three kinds of security threats in VANETs, including: a) Attacks on safety-related applications b) Attacks on payment-based applications c) Attacks on privacy. The following necessities must be the part of security design for VANETs: a. Authentication of Message, which means that the message must be sheltered from any modification. b. Information reliability does not necessarily imply identification of the transmitter. c. Entity Authentication, so that the receiver is not only ensured that sender generated a message, additionally has evidence of the live ness of the sender. d. Limited Privacy based on some conditions should be implemented so that identification of user including the name of driver, the vehicle ID number plus traveling routes, location and speed can be accessed by authorized supervisors. e. In some specific application scenarios, Privacy, to prevent the network against unauthorized message injection, message modification, and eavesdropping,

5. Privacy Challenges
Privacy is primarily associated with preventing the actual identity and location information of the drivers. Any external intruder/eavesdropper must be kept away from recognizing the real identity of the driver and tracking a specific vehicle [5, 9]. According to the Dedicated Short Range Communications (DSRC) specifications [10], each vehicle broadcasts a message every 300 milli-second. These messages are not planned to a particular vehicle, but multicasted to adjoining vehicles on the road. Unluckily, the multicasted messages contain significant information such as location, speed, and direction of the broadcasting vehicle. An opponent can influence this information to track a vehicle even if nameless certificates are applied.

The handling of privacy issue may look easy at first glance, though the network protocol has to be premeditated in such a way that conceal this information from other nodes; but permits it to be
3

taken out by authorities in events of accidents or malicious intent as a mean of examining for authority usage. Therefore, implementing conditional privacy is desirable for VANETs than achieving unconditional privacy [11] and that could be a key issue.

6. Authentication System in VANET

The authentication system includes communicating articles of the service providers (SP), the cars, and the access points (AP) operated on behalf of service providers. The SPs and the APs can communicate with each other by some applicationlayer proprietary protocols via Internet. The APs are installed along the roadside with good enough wireless coverage to facilitate communication. A car normally belongs to one wireless network service provider having certain coverage area, and communicates with the APs for accessing the internet along the road it travels through. When it travels, it .1: Generalized Authentication procedure in VANETs may also roam into wireless coverage that provide by other authorities. The centralized authentication server is not desirable in order to get maximum efficiency. Therefore the authentication protocols are developed so that after the car starts communication requests and it continues with it until the communication session is established, the protocol must involve minimum possible parties besides the car and the AP, and minimum on-demand communication over Internet besides the wireless link between the communicating two parties. Additionally, the quantity of messages exchanged in order for authentication must be controlled. In a practical scenario of authentication, the user authentication will be performed at the APs, i.e., the user will prove to the AP that it is a legal one. A more strict security will require the AP to prove it is a legal one as well, so to have reciprocal authentication. In the process of authentication, a secret session key will be negotiated by the two parties for future communication. The session keys may be developed in such a manner that synchronizes the update at both the car and the AP to permit location privacy countermeasures as discussed in the section related with Location Privacy. The generalized authentication procedure is shown in Figure 6.1

By implementing Identity authentication, the receiver is capable of verifying a distinctive Identity of the sender. The Identity may be the chassis number or the license/registration plate of the vehicle. In further cases receivers are not concerned with the definite identity of nodes. They are satisfied if they are able to verify that the sender has a certain property. Property authentication is a security necessity that permits verifying properties of the sender, e.g. that the sender is a car/cab, a traffic sign etc. For applications using location information, location authentication permits verifying the validity of claimed position of the sender, or that the message location claim is valid. Authorities are trusted entities responsible for the issuance and management of identities and credentials for nodes in VANETs. Raya and oters proposes a system [12] in which the authority is a governmental transportation authority (GTA) or vehicle manufacturer (VM) with which vehicles are registered. GTA or VM acts as the certification authority (CA) certifying the credentials of vehicles, and also revokes certificates in case of vehicle misbehavior. This implies the need for a Public Key Infrastructure (PKI) where Certificate Authorities (CAs) will issue certified public/private key pairs to vehicles. The presence of on-line authorities is not required, as connectivity and communication, especially over the wireless medium, with an authority may be intermittent.

7. Public Key Approaches

Hubaux and others [13] have proposed the use of public key cryptography (PKC) in vehicular communication in order to allow authorities and vehicles to certify identities of other vehicles; using Electronic License Plates (ELP). They also suggest desirable privacy protocols that preserve drivers personal information and mention some applications that could use the ELP. To ensure privacy preservation, they point out that privacy protocols must be based on anonymity schemes that hide the relationship between drivers information and some random identifier.

8. Digital Signature
An essential characteristic of VANET security is the Digital Signature as an 4

elementary block [12]. Whether in inter-vehicle communications or communications through infrastructure, authentication (using signatures) is a primary security requirement since only messages from legal senders will be considered. Signatures can also be used to assure data integrity (i.e., the message being sent is not modified). Where as essential to secure communications in many other networks, message confidentiality remains an option in VANETs depending on the specific. For example, safety-related messages do not contain sensitive information so encryption is not required.

9. Other security issues

This section presents different scenarios of basic attacks on messages and attacks on vehicles. [14] Hidden Vehicle: A hidden vehicle attack consists in deceiving a targeted vehicle (A) into believing that the attacker is better placed for forwarding the warning message, thus leading to silencing the targeted vehicle (A) and making it concealed (has stopped broadcasting). Tunnel: Since GPS signals fade away in tunnels, an attacker may take advantage of this short-term loss of positioning information to insert false data once the vehicle leaves the tunnel and before it receives an authentic position update. Sinkhole attack: In sinkhole attack, an intruder attracts neighboring nodes with false routing information, and then performs selective forwarding or alters the data passing through it. Concluding Remarks In the light of above discussion, it is concluded that implementation of security and privacy in VANETs is an emerging research area. There is a need to implement cryptographic approach to secure sensitive message transmitted by various users. This can be done by addressing each security issue presented in section 4 of this paper.

References