Routing and data diffusion in VANETs -- Security standards
Editor's Note: Wireless sensor networks lie at the heart of emerging applications in nearly every industry segment. In building these networks, designers contend with issues that encompass real-time communications, efficient high-bandwidth data exchange, multiple network topologies, selection of optimal routing strategies, and more. The book, Building Wireless Sensor Networks, offers detailed treatments on critical requirements and promising solutions in each of these areas and more.
This excerpt focuses on design challenges and methods associated with creating a vehicular ad hoc network (VANET). To share data as vehicles pass on roads or rest in parking areas, a VANET must contend with issues as varied as the physics of signal propagation, the fluid nature of data routing, and the security vulnerabilities associated with participation in an ad hoc network. Because of the changing nature of a VANET, designers need a broad understanding of these issues.
In this excerpt from the book, the authors offer an in-depth discussion that defines the nature of VANET challenges and discusses alternatives for their solution. Continuing the description of VANETs in part 1, part 2, part 3, part 4, and part 5, this installment of this series provides an in-depth discussion of the IEEE 1609.2-2016 standard for access and security in vehicular networks.
Elsevier is offering this and other engineering books at a 30% discount. To use this discount, click here and use code ENGIN318 during checkout.
Adapted from Building Wireless Sensor Networks, by Smain Femmam, Editor.
Chapter 3. Routing and data diffusion in vehicular ad hoc networks (Cont.)
By Frédéric Drouhin and Sébastien Bindel
3.4.3. VANET security mechanisms: IEEE 1609.2-2016 standard
The previous section discussed the different possible attacks. Some research on solutions against the different attacks listed, [MEJ 14] and [SUN 10], provide an interesting survey. In this section, IEEE 1609.2-2016 standard is discussed.
IEEE 1609.2-2016 (IEEE Standard for Wireless Access in Vehicular Environments and Security Services for Applications and Management Messages) proposes a standard with the following definition: “this standard defines secure message formats and processing for use by Wireless Access in Vehicular Environments (WAVE) devices, including methods to secure WAVE management messages and methods to secure application messages. It also describes administrative functions necessary to support the core security functions”. This standard is used in IEEE 1609.3-2016 for WAVE Service Announcement security and in SAE J2945/1-201603, On-Board System Requirements for V2V Safety Communications, for Basic Safety Message security. This standard provides the following requirements:
– Secure protocol data unit (PDU) format for signed data and encrypted data: it provides payload, hash of external payload, provider service ID to indicate permissions with optional fields (generation time, expiry time, generation location, security management), reference to signing certificate and signature.
– Certificate format for signing PDUs applications with pseudonymous (no identification of sender) and identifier: certificate contains permissions (service-specific permissions) and a provider service ID together with a signed secured PDU.
– Certificate authorities (CA): all messages are signed by a certificate which is provided by a certificate authority in cascade with at least one certificate in the list known and trusted by a receiver.
– Certificate revocation list (CRL) format that allows revoking or invalidating for different reasons (e.g. private key compromised, change in certificate).
– Peer-to-peer certificate distribution to allow new certificates: this requirement is mandatory and added to the list of certificates with always the feature that one certificate is known in the list. Receiver should be able to build a cascade of certificates to a trusted and identified certificate.
To be a valid message, the receiver has to check that the signed secure PDU has verified that none of the certificates have been revoked, one certificate in the list is trusted, the signature is verified, the payload is consistent with the provider service ID and permissions and the message is relevant (recent, not expired, not a replay). The data are encrypted with symmetric key with a persistent public key. Concerning the exchange of certificate, it is based on asymmetric cryptography (public and private keys) that requires the establishment of a public key infrastructure (PKI). PKI provides several security services with a trusted CA with confidentially, authenticity, integrity and non-repudiation.
This standard is still in development and different research projects (e.g. Crash Avoidance Metrics Partnership) are providing input for its development.
Similar to propagation models, security protocols impact network performance and computing capabilities. There exist several cryptographic approaches to be applied in VANET, including public key programs to distribute session keys for message encryption, authentication schemes and random traffic patterns against traffic analysis. Constraints such as privacy (e.g. position detection) must be consistent with the traceability of messages required by law enforcement authorities. In addition, the constraint in message delivery time should not be impacted by cryptography. IEEE 1609.2-2016 provides requirements for security on several attacks. These different solutions must also be coupled with stand-alone vehicle systems such as Lidar, cameras and other sensors to ensure better security and reliability, particularly in a safety context.
The aim of this chapter was to describe routing and security solutions for vehicular ad hoc networks. The background details communication standards and signal disturbances. This information must be taken into account in the design of routing security protocols. Standards define protocol format messages and how a solution can be implemented in the network stack. Furthermore, signal disturbance investigation gives an overview on challenges met by routing protocols which have to ensure efficient data delivery services. A detailed investigation has been conducted into routing solutions dedicated to vehicular networks. It first details a theoretical overview of routing algorithms, then it describes the current metrics used for the node selection process and, finally, practical routing protocols are detailed and compared. Finally, a survey on security aspects has been proposed and it shows urgent challenges in such networks.
There is no silver bullet, and current routing protocols are not efficient in all situations. The dynamic topology in VANET is currently being studied through dynamic graphs, but no algorithm can guarantee no packet loss and a time delay boundary. As a result, the discussion is still open. Concerning security, this aspect cannot be ignored in the design of solutions dedicated to vehicular networks. A consortium regrouping the vehicle industry (Mercedes-Benz, BMW, Audi, Opel, Ford, Boss Continental, etc.) and public institutions are working on safety solutions such as the Safe Intelligent Mobility project.
This conclusion finishes by mentioning 5G developed by [GEN 17] and specifically the release of 14 (in development) that proposes an alternative for 802.11p (V2I and V2V) with point-to-point communication (device to device) and includes a wide range of road users (e.g. pedestrians, bicyclist, etc.) especially in a safety schema.