Promotor: prof.dr. F.E. Kargl (UT and University of Ulm, DE)
Copromotor: dr. G.J. Heijenk (UT)
Date: 24 April 2015
Applications for vehicular ad hoc networks (VANETs) are an active field of research with the potential to significantly contribute to driver safety, traffic efficiency, and comfort. Messages are typically exchanged and forwarded between vehicles using wireless communication, thereby creating a wireless ad hoc network. Especially traffic efficiency applications require the dissemination of information over long distances. For instance, vehicles need to be informed about traffic jams early enough to consider alternative navigation decisions. Each vehicle acts as creator and as forwarder of information to implement the required multi-hop information dissemination. Two of the most prevalent challenges in designing suitable ad hoc communication protocols are dealing with the limited wireless channel capacity, as well as ensuring the resilience of communication protocols against potential attackers.
The focus of this thesis is on the resilience of in-network information aggregation mechanisms for VANETs. In aggregation mechanisms, vehicles collaboratively exchange information and summarize this information as it is disseminated within the network. In contrast to traditional protocols, which often aggregate information at a centralized entity, the aggregation close to the information sources saves bandwidth and provides scalability. Yet, malicious users may be able to inject false information or even alter information summaries to disturb normal system operation. Both types of attacks are hard to detect, because original observations are usually discarded after aggregation and are not available to verify the correctness of claimed aggregated information. By addressing resilient in-network aggregation, this thesis provides solutions that contribute to both channel capacity conservation and protocol resilience.
The main contributions of this thesis are (a) a model of the in-network aggregation dissemination process; (b) a detailed security analysis of in-network aggregation mechanisms including the introduction of a taxonomy for security paradigms; (c) the design of four novel security mechanisms for in-network aggregation and (d) their detailed analysis and evaluation using network simulations; and (e) a framework that combines and adapts secure aggregation mechanisms based on situational context, as well as on attack likelihood derived from information exchange.
The model for in-network aggregation is comprised of an architecture model and an information flow model. It provides the foundation for understanding which components are essential in the design of aggregation mechanisms and for understanding how information spreads and evolves within the network.
The taxonomy of security paradigms, which is based on the modeling results, identifies use of cryptographic tools, interaction between vehicles to facilitate collaborative agreement, and data-consistency checks as most suitable security paradigms to provide resilience for in-network aggregation mechanisms.
Two security mechanisms that are based on cryptographic tools are proposed that are applicable to flexible, dynamic aggregation mechanisms. In contrast to related work, the proposed mechanisms do not rely on fixed road segments for aggregation, neither are they limited to the aggregation of binary events, such as presence of a traffic jam. Rather, they allow for flexible division of roads according to the current traffic situation and are able to protect the integrity of more complex information, such as sets of average velocities that describe the current traffic situation.
The third mechanism, a cluster-based resilience mechanism, complements the first two mechanism proposals. By treating clusters as trustworthy units and implementing an efficient inter-cluster proof protocol, the clustering approach is especially applicable in dense traffic situations where the first two mechanisms may consume too much bandwidth.
The fourth mechanism, which focuses on data-consistency checks, provides protection that is orthogonal to the first three mechanism proposals. The mechanism leverages communication redundancy, which allows to detect inconsistencies between multiple redundant reports about the same event with less overhead than cryptography-based mechanisms.
Evaluation results of each mechanism indicate an inherent trade-off between bandwidth conservation and resilience against attackers. Therefore, a generic mechanism combination and adaptation framework is proposed that enables or disables mechanisms based on current traffic situation and to adapt mechanisms based on current attack likelihood. All necessary metrics, that is, traffic situation characterization and attack likelihood, are derived from the resilient aggregation mechanisms’ exchanged information without requiring additional communication.
The traffic-dependent combination of mechanisms uses each mechanism in the situations for which it is most suitable while avoiding drawbacks of individual mechanisms in other traffic situations. Adaptation based on attack likelihood allows dynamic bandwidth-conserving configuration of mechanism parameters. When mechanisms find indications for attacks, they can be configured to use more bandwidth in order to increase resilience and detection accuracy. Likewise, the adaptation mechanism reduces bandwidth use when attacks are less likely.
The mechanism combination and adaptation framework demonstrates that bandwidth-efficient and scalable information dissemination using in-network aggregation is feasible while maintaining resilience against a broad range of possible attacks.