Vehicular Ad Hoc Networks is a kind of special wireless ad hoc network, which has the characteristics of high node mobility and fast topology changes. The Vehicular Networks can provide wide variety of services, ranges from safety and crash avoidance to internet access and multimedia applications. Attacking and misusing such network could cause destructive consequences. It is therefore necessary to integrate security requirements into the design of VANETs and defend VANET systems against misbehaviour, in order to ensure correct and smooth operations of the network. In this paper, I propose a security system for VANETs to achieve privacy desired by vehicles and traceability required by law enforcement authorities, in addition to satisfying fundamental security requirements including authentication, nonrepudiation, message integrity, and confidentiality. Moreover, we propose a privacy-preserving defense technique for network authorities to handle misbehaviour in VANET access, considering the challenge that privacy provides avenue for misbehaviour. The proposed system employs an identitybased cryptosystem where certificates are not needed for authentication. I show the fulfilment and feasibility of our system with respect to the security goals and efficiency.
1 INTRODUCTION VEHICULAR
ad hoc networks (VANETs) are receiving increasing attentions from academic and deployment efforts from industry, due to the various applications and potential tremendous benefits they offer for future VANET users. Safety information exchange enables life-critical applications, such as the alerting functionality during intersection traversing and lane merging, and thus, plays a key role in VANET applications. Valueadded services can enhance drivers traveling experience by providing convenient Internet access, navigation, toll payment services, etc.
Other applications are also possible including different warning messages for congestion avoidance, detour notification, road conditions (e.g., slippery), etc., and alarm signals disseminated by emergency vehicles (e.g., ambulance) for road clearance. The attractive features of VANETs inevitably incur higher risks if such networks do not take security into account prior to deployment. For instance, if the safety messages are modified, discarded, or delayed either intentionally or due to hardware malfunctioning, serious consequences such as injuries and even deaths may occur. This necessitates and urges the development of a functional, reliable, and efficient security architecture before all other implementation aspects of VANETs.Fundamentally,VANET security design should guarantee authentication, nonrepudiation, integrity, and in some specific application scenarios, confidentiality, to protect the network against attackers.
Besides the fundamental security requirements, sensitive information such as identity and location privacy should be reserved from the vehicle owners perspective, against unlawful tracing and user profiling, since otherwise it is difficult to attract vehicles to join the network. On the contrary, traceability is required where the identity information need be revealed by law enforcement authorities for liability issues, once accidents or crimes occur. In addition, privilege revocation is required by network authorities (e.g., network administrator) once misbehaviour is detected during network access. It is less difficult to prevent misbehavior of unauthorized users (i.e., outsiders)since legitimate users and roadside units (RSUs) can simply disregard communication requests from outsiders by means of authentication.
Nevertheless, misbehaviour of legitimate users of VANETs (i.e., insiders) is more difficult and complex to prevent, the reason being that insiders possess credentials issued by the authority to perform authentication with peer vehicles or RSUs who canbe easily tricked into trusting the insiders. Consequently, the insiders misbehaviour will have much larger impact on the network and will be the focus of this paper. I proposed system in this paper and many recent proposals on VANET security provide the option of using anonymous credentials in authentication, rendering it even more complex to handle misbehaviour in VANETs, since the user identity is hidden and cannot be linked arbitrarily which curbs the punishment of misbehaving users. Contributions. Given the conflicting goals of privacy and traceability, and the challenges in designing a privacy-preserving defense scheme for VANETs, i motivated to propose a security system that can effectively and efficiently solve the conflicts and challenges.
Specifically, my main contributions in this paper include: 1. I propose a pseudonym-based scheme to assure vehicle user privacy and traceability. 2. I design a threshold signature-based scheme to achieve nonframeability in tracing law violators. In this scheme, an innocent vehicle cannot be framed by a corrupted law enforcement authority due to rolesplitting mechanism.
3. A novel privacy-preserving defense scheme is proposed leveraging threshold authentication. It guarantees that any additional authentication beyond the threshold will result in the revocation of the misbehaving users. This defense scheme differs from others mainly in that it yields flexibility in the revocation (i.e., not all types of misbehaviour should be punished). Moreover, the dynamic accumulators in the threshold authentication technique facilitates each user to place further restrictions (besides the threshold) on other communicating users, which is an attractive feature to service providers. 4. My design incorporates mechanisms that guarantee authentication, nonrepudiation, message integrity, and confidentiality.
2 RELATED WORK There is a large body of research work related to the security and privacy in VANETs. The most related works are on the design of privacypreserving schemes. Raya and Hubaux investigated the privacy issue by proposing a pseudonym-based approach using anonymous public keys and the public key infrastructure (PKI), where the public key certificate is needed, giving rise to extra communication and storage overhead. The authors also proposed three credential revocation protocols tailored for VANETs, namely RTPD,RC2RL, and DRP , considering that the certificate revocation list (CRL) needs to be distributed across the entire network in a timely manner. All the three protocols seem to work well under conventional public key infrastructure (PKI). However, the authors also proposed to use frequently updated anonymous public keys to fulfillusers requirement on identity and location privacy. If this privacy preserving technique is used in conjunction with RC2RL and DRP, the CRL produced by the trusted authority will become huge in size, rendering the revocation protocols highly inefficient.
A lightweight symmetric-key-based security scheme for balancing auditability and privacy in VANETs is proposed in . It bears the drawback that peer vehicles authenticate each other via a base station, which is unsuitable for inter vehicle communications. Gamage et al.  adopted an identity-based (IDbased) ring signature scheme to achieve signer ambiguity and hence fulfill the privacy requirement in VANET applications. The disadvantage of the ring signature scheme in the context of VANET applications, is the unconditional privacy, resulting in the traceability requirement unattainable. Group signature-based schemes are proposed in  where signer privacy is conditional on the group manager. As a result, all these schemes have the problem of identity escrow, as a group manager who possesses the group master key can arbitrarily reveal the identity of any group member. In addition, due to the limitation of group formation in VANETs (e.g., too few cars in the vicinity to establish the group), the group-based schemes may not be applied appropriately.
The election of group leader will sometimes encounter difficulties since a trusted entity cannot be found amongst peer vehicles. There are also a number of defense techniques against misbehaviour in VANET literature besides those in . An indirect approach via the aid of infrastructure is used in .The TA distributes the CRL to the infrastructure points which then take over the TAs responsibility to execute the revocation protocol. The advantage of this approach is that vehicles never need to download the entire RL. Unfortunately, the conditional anonymity claimed in . only applies to amongst peer vehicles, under the assumption that the infrastructure points are trusted.
The infrastructure points can reveal the identity of any vehicle at any time even if the vehicle is honest. Recently, Tsang et al. proposed a blacklistable anonymous credential system for blocking misbehavior without the trusted third party (TTP).The blacklisting technique can be applied to VANETs as: if the vehicle fails to prove that it is not on the blacklist of the current authenticator, the authenticator will ignore the messages or requests sent by this vehicle. Although not proposed specifically for VANETs, the proposal in  has a similar claim as the capability of a TTP (network authority in this paper) to recover a users identity in any case is too strong a punishment and highly undesirable in some scenarios.
The downside of this technique is the lack of options to trace misbehaving users, since any user in the system(misbehaving or not)will by no means be identified by any entity including the authorities. I proposed a privacy-preserving defense scheme against misbehavior in  leveraging threshold authentication technique. This scheme and the scheme in  both preserve user privacy, and simultaneously provide trace ability (i.e., tracing law violators by enforcement authorities in  and tracing misbehaving users by network authorities in ). The major differences between these schemes are the different technical realizations of the privacy and traceability schemes, due to the different application 3 SYSTEM MODEL We describe the functionalities of our security system and define security requirements in this section. 3.1 Overview Major entities in a VANET environment are depicted in A VANET system diagram.
As mentioned before, traceability is needed by law enforcement authorities (LEAs) who require the identity of a violating vehicle to be disclosed for investigating the cause of accidents or crimes. Due to the seriousness of liability issues, if a single authority (e.g., the police) is fully capable of revealing the vehicle identity, this privilege may be abused. It is desirable if two or more authorities (e.g., the police, judge, special agents, and other possible law enforcement authorities) are granted distributed control over the identity retrieval process. One benefit in doing so is that corrupted authorities (the number being less than the threshold) cannot arbitrarily trace vehicle users to compromise their privacy. Another benefit is that malicious authorities cannot falsely accuse (or frame) honest users. Such role-splitting is not required for network authorities since the threshold authentication technique in our defense scheme prevents a network authority from falsely accusing honest users.
The proposed security system primarily consists of techniques addressing the privacy, traceability, nonframeability, and revocation (only by network authorities) issues. The logic diagram of the entities interactions is depicted in logic diagram, where the arrowed lines indicate the direction of packet flow or physical communications, the bracketed numbers near each line index the major events or procedures between the connected entities. The vehicle users are split into access group owners and members, whereas the RSUs can only be access group owners. The entities and events/procedures are described in what follows.
3.2 Entities and Procedures The entities in this system are the regional transportation authorities (RTAs), law enforcement authorities (LEAs),network authorities, roadside infrastructure including border RSUs for pseudonym management and regular RSUs (simply RSUs) for Internet access, and vehicle users. Considering practical scenarios, the RSUs in this system are mainly responsible for providing infrastructure access and network services. The RSUs are assumed to be operated by third-party service providers (SPs) who have business contracts with the RTA to build access infrastructure in the RTAs region. The RSUs are thus not owned by the RTA and have no preestablished trust relationship with the RTA. On the other hand, borders RSUs are owned and operated by the RTA, and can be considered as the agents who are delegated with the RTAs authority.
These entities are involved in the following procedure: may be caused by malfunctioning hardware and thus is incidental. These types of misbehavior share a common feature, i.e., their occurrence or frequency is low, specifically, lower than a predetermined threshold. Threshold authentication-based defense further consists of six sub-procedures: Membership registration: RSUs and vehicle users register with the RTA to use VANETs. Upon successful registration, a member public/private key pair (mpk;msk) is issued to each RSU and vehicles. The RTA associates the members credential with the issued public key and includes this pair of information into a credential list IDlist. Access group setup: RSUs and vehicles setup their own access groups, the member of which is granted privilege to communicate with the access group owner. The group owner adds members to the group and updates related public information.
Each added member obtains an access key mak for the group. Access group revoking: The access group owner revokes the granted privilege when deciding to stop communications with a member, due to some decision criteria for misbehaviour. The access group owner removes the member from the access group and updates related public information. Threshold authentication: This procedure is executed between an RSU and a vehicle, or between peer vehicles. We call the authenticator in this procedure Alice who announces the threshold k possibly different for each user being authenticated. The authentication succeeds if and only if the following conditions are met simultaneously: the user Bob authenticating with Alice is a registered member of the VANET system, Bob is a legitimate member of Alices access group (if Alice is an access group owner) whose member privilege has not been revoked, and the authentication threshold has not been exceeded.
Alice records the authentication transcripts in AUTHlog: Tracing: This procedure is used by Alice to trace a misbehaving member Mn who attempts to authenticate more than k times. Alice relies on the AUTHlog and public information, and obtains Mns credential n as the procedure output which is reported to the RTA.Revocation/recovery: Upon receiving the complaints from other entities in the system as the output of Tracing, the RTA decides if the misbehaving members credential needs to be revoked. The RTA then performs the identity recovery by looking up the same pseudonym lookup table PLT (cf.System setup above) which also records the correspondence between the credential n and identity IDn. Note that for the ease of presentation, we assume the RTAs to act as network authorities for the defense scheme in this paper. In reality, when the roles of RTA and network authority
System setup: This procedure is executed by the RTA for initial VANET system setup including domain parameter publication, public/private key assignment for entities in the system to perform desired tasks, and database creation for storing necessary records (i.e., the pseudonym lookup table PLT). Pseudonym generation and authentication for privacy: RTA and border RSUs execute this procedure to assign pseudonym/private key pairs to both vehicles traveling in their home domain and vehicles from other RTAs domains, so that these vehicles are able to authenticate with RSUs and other vehicles to obtain services and useful messages.
Threshold signature for nonframeability: This procedure is invoked by LEAs to share the secret information for recovering a guilty vehicles identity. Meanwhile, it prevents corrupted authorities from gathering full power to accuse an innocent vehicle. The functional component of this procedure is the threshold signature. Threshold-authentication-based defense: Designed for the network authorities, this procedure is used to revoke a misbehaving vehicles credential, refraining the vehicle from further disrupting system operations. As the core of this procedure, the threshold authentication technique provides a mechanism to allow certain types of misbehavior that should not result in revocation. For instance, the misbehavior are separate, the network authority can simply take charge as the RTA in the above sub procedures. Nonetheless, in the execution of Revocation/recovery, the network authority needs to establish trust with or be delegated by the RTA in order to access the PLT.
When we mention network authorities in what follows, we implicitly refer to RTAs in the network authority role. 3.3 Security Requirements I define the security requirements for a VANET security system, and will show the fulfillment of these requirements after presenting the design details. 1. Privacy: The privacy requirement states that private information such as vehicle owners identity and location privacy is preserved against unlawful tracing and user profiling. 2. Traceability: It is required where the identity information of violators need be revealed by law enforcement authorities for liability purposes. The traceability requirement also indicates that a misbehaving user will be identified and the corresponding credential revoked, if necessary, by network authorities, to prevent this user from further disrupting system operations. Certain criteria have to be met for the traceability of a misbehaving user as explained in the next section.
3. Nonframeability: Nonframeability requires that no entity in the system can accuse an honest user for having violated the law or misbehaved. 4. Other requirements: A secure VANET system should satisfy several fundamental requirements, namely, authentication, nonrepudiation, message integrity, and confidentiality where sensitive information is being exchanged, to protect the system against unauthorized-message injection, denial of message disseminations, message alteration, and eavesdropping, respectively. Nonrepudiation also requires that violators or misbehaving users cannot deny the fact that they have violated the law or misbehaved. 4 CONCLUSIONS AND FUTURE WORK I have presented the VANET security system mainly achieving privacy, traceability, nonframeability, and privacy-preserving defense against misbehaviour and reducing traffic in the network. These functionalities are realized by the pseudonym-based technique, the threshold signature, and the threshold authentication based defense scheme. The ID-based cryptosystem facilitates us to design communication and storage efficient schemes. Our future work consists of simulating the proposed security system and experimenting it in real VANET settings.
 M. Raya and J-P. Hubaux, Securing Vehicular Ad Hoc Networks, J. Computer Security, special issue on security of ad hoc and sensor networks, vol. 15, no. 1, pp. 39-68, 2007.  J.Y. Choi, M. Jakobsson, and S. Wetzel, Balancing Auditability and Privacy in Vehicular Networks, Proc. First ACM Intl WorkshopQoS and Security for Wireless and Mobile Networks (Q2SWinet 05), pp. 79-87, Oct. 2005.  J. Sun, C. Zhang, and Y. Fang, An Id-Based Framework Achieving Privacy and Non-Repudiation in Vehicular Ad Hoc Networks, Proc. IEEE Military Comm. Conf., pp. 1-7, Oct. 2007.  X. Lin, X. Sun, P.-H. Ho, and X. Shen, GSIS: A Secure and Privacy-Preserving Protocol for Vehicular Communications,IEEE Trans. Vehicular Technology, vol. 56, no. 6, pp. 3442-3456, Nov. 2007.  M. Raya, P. apadimitratos, I. Aad, D. Jungels, and J.-P. Hubaux,Eviction of Misbehaving and Faulty Nodes in Vehicular Networks, IEEE J. Selected Areas Comm., vol. 25, no. 8, pp. 15571568,Oct. 2007.  C. Gamage, B. Gras, B. Crispo, and A.S. Tanenbaum, An Identity Based Ring Signature Scheme with Enhanced Privacy, Proc.Second Intl Conf. Security and Privacy in Comm. Networks (SecureComm 06), Aug. 2006.  P. Tsang, M.H. Au, A. Kapadia, and S.W. Smith, Blacklistable Anonymous Credentials: Blocking Misbehaving Users without TTPs, Proc. ACM Conf. Computer and Comm. Security (CCS),pp. 72-81, 2007.  J. Sun and Y. Fang, A Defense Technique against Misbehavior in VANETs Based on Threshold Authentication, Proc. IEEE Military Comm. Conf., Nov. 2008.