Privacy Issues in Vehicular Ad Hoc Networks.

1. Privacy Issues in Vehicular Ad Hoc Networks. Florian Dötzer BMW Group Research and Technology

2. Agenda. Introduction Privacy in VANETs Exemplary Approach Future Work / Conclusion

3. Agenda. Introduction Privacy in VANETs Exemplary Approach Future Work / Conclusion

4. Cellular MANET Cellular Network Mobile Ad-hoc NETwork Vehicular Ad-hoc NETwork VANET Ad-hoc Networks.From Cellular to VANET.

5. MANETs Additionally: High Node Mobility Very Large Number of Nodes Complex Administrative Structure VANETs MANETs and VANETs.Properties. Decentralized Self - Organizing

6. VSC – Vehicle Safety Communications VANET.Application Local Danger Warning.

7. VANETs.Security Requirements. • Authentic Information • Trust Establishment vs. Information Matching • Availability • Node Cooperation, DoS, Secure Routing • Privacy • Location Privacy, Identities, Profiling

8. Agenda. Introduction Privacy in VANETs Exemplary Approach Future Work / Conclusion

9. Attacks on Privacy become relevant + Privacy is essential for VANETs BUT: Privacy cannot be “added” afterwards! Privacy.Importance for VANETs. • Cars = Personal Devices • Position is known • Cars get connected

10. VANET Privacy.Example Threats and Attacks. • “Automated” Law Enforcement • Identity Tracking • Configuration Fingerprinting • RF-Fingerprinting • Location Recording • Movement Profiles • Communication Relations

11. VANET Privacy.Requirements. • Use of pseudonyms (no real-world identities) • Multiple pseudonyms may be used • Pseudonym change  application requirements • Pseudonyms  real-world ID mapping • Properties / privileges cryptographically bound

12. Agenda. Introduction Privacy in VANETs Exemplary Approach Future Work / Conclusion

13. Organisation O Authority A Pseudonym ID Credentials Pseudonyms Pseudonym Pseudonym 3 Pseudonym 4 2 Pseudonym „Signature“ ID 1 ID Pseudonyms Credentials Credential Credential Credential Trusted Authority Approach.A Car’s Setup Phase. Phase I: Separation of ID and service usage Privacy

14. Receiver ID ID Pseudonyms Pseudonyms Credentials Credentials Trusted Authority Approach.Normal Usage. Sender Phase II: Receiver can verify message

15. 1 2 Receiver ID Organisation O Authority A 4 ID Pseudonyms Pseudonym ID 3 Credentials Credentials Pseudonyms Trusted Authority Approach.“Revocation” Phase. Signature OK! BUT Information is not correct OR sender malfunctioning Sender Phase III: Disclosure of sender ID

16. Trusted Authority Approach.Evaluation. • Pro’s • + Fulfills given requirements • + Provides strong privacy • Con’s • - Requires independent, trusted authority • - Problem of detecting wrong messages

17. Agenda. Introduction Privacy in VANETs Exemplary Approach Future Work / Conclusion

18. Future Work.And Open Questions… • How to change pseudonyms? • Feasibility of Organizational Solution • Feasibility of Smart Card Approach • Location Related Pseudonyms • System without IDs?

19. Conclusion. • Privacy is essential for VANETs • Privacy must be considered at system design • Trusted authority approach is far from perfect • Additional research is necessary

20. Thanks for Listening.Questions?