Thesis

More documents

Recommendations

Info

1. INTRODUCTION privacy at the same time in an efficient way, as the applications are delay sensitive. To make things even worse, the network is very heterogenous, different vehicles can have different equipment and abilities, so no unique solution can solve every problem. When defining the key vulnerabilities and challenges of vehicular ad hoc networks, it is crucial to first define and characterize the possible attackers. In many papers [Raya and Hubaux, 2007; Hu et al., 2005] the attacker can be characterized as follows: Insider vs. Outsider: The key difference between an insider and an outsider attacker is that an insider poses legitimate and valid cryptographic credentials, while an outsider does not have any valid credentials. It is obvious that an insider attacker can mount stronger attacks, then an outsider. Malicious vs. Rational: The main goal of a malicious attacker is to disrupt the normal operation of the network without any further goal, while a rational attacker wants to make some profit with his attack. In general, it is easier to handle a rational attacker, because his steps can be foreseen easier. Active vs. Passive: A passive attacker only eavesdrops the messages of the vehicles, while an active attacker can send, modify, or delete messages. Local vs. Global: A local attacker mounts his attack on a small area (or on some non continuous small areas), while a global attacker has influence on broader areas. In the following, some basic and sophisticated attacks are presented to give the reader an idea about the threats in vehicular ad hoc networks. An insider attacker can diffuse bogus information to affect the behavior of other drivers. The source of the information can be a cheated sensor reading or a modified location data. In wireless networking, the wormhole attack [Hu et al., 2006] consists in tunneling packets between two remote nodes. Similarly, in VANETs, an attacker that controls at least two entities remote from each other and a high speed communication link between them can tunnel packets broadcasted in one location to another, thus disseminating erroneous (but correctly signed) messages in the destination area. According to [Kroh et al., 2006] the following security concepts must be used in a vehicular ad hoc network to handle most of the possible attacks: identification and authentication concepts, privacy concepts, integrity concepts, access control and authorization concepts. The concepts are introduced in Section 3.8 with a special attention on providing privacy to the users of the system. In Chapter 3, the privacy of VANETs is analyzed, especially the privacy provided by pseudonyms considering outsider rational passive local attackers. A pseudonym change algorithm is provided as well considering an outsider rational passive global attacker. 1.3 Introduction to Wireless Sensor Networks The following description of Wireless Sensor Networks (WSNs) and the related security problems is based on [Akyildiz et al., 2002; Chan and Perrig, 2003; Li et al., 2009; Lopez, 2008; Perrig et al., 2004; Sharma et al., 2012; Yick et al., 2008]. The interested reader can get a broader view and deeper understanding on WSNs by reading the cited papers instead of only relying on this short introduction. A sensor network is composed of a large number of sensor nodes, which are typically densely deployed. One sensor node consists of some sensor circuits which can measure some environmental variable, central processing unit which is typically a microcontroller, and radio circuit which enables the communication with other nearby nodes. The goal of a wireless sensor network can be one of many applications: military applications (e.g. battlefield surveillance), environmental applications (e.g. forest fire detection), critical infrastructure protection (e.g. surveillance of water pipes), health applications (e.g. drug administration in hospitals), home applications (e.g. smart environment). 4
1.3. Introduction to Wireless Sensor Networks Some important security challenges in WSNs are: secure routing, secure key management, efficient (broadcast) authentication, secure localization, secure data aggregation. A good introduction to these problems and some countermeasures can be found in [Lopez, 2008]. The privacy related challenges can be categorized into two main groups [Li et al., 2009]: dataoriented and context oriented challenges. In data-oriented protection, the confidentiality of the measured data must be preserved. Context oriented protection covers the location privacy of the source and some significant nodes such as the base station or aggregator nodes: Data-oriented privacy protection: Data-oriented privacy protection focuses on protecting the privacy of data content. Here ”data” refer to not only sensed data collected within a WSN but also queries posed to a WSN by users. – Privacy protection during data aggregation: Data aggregation is designed to substantially reduce the volume of traffic being transmitted in a WSN by fusing or compressing data in the intermediate sensor nodes (called aggregators). It is an important technique for preserving resources (e.g., energy consumption) in a WSN. Interestingly, it is also a common and effective method to preserve private data against an external adversary, because the process compresses large inputs to small outputs at the intermediate sensor nodes. On the other hand, a malicious aggregator can modify the measurements of many nodes with one step, or can learn the individual measurements of individual nodes. Some countermeasure are proposed in [He et al., 2007; Zhang et al., 2008]. Cluster-based privacy data aggregation (CPDA): The basic idea of CPDA [He et al., 2007] is to introduce noise to the raw data sensed from a WSN, such that although an aggregator can obtain accurate aggregated information but not individual data points. Slice-mixed aggregation (SMART): The main idea of SMART [He et al., 2007] is to slice original data into pieces and recombine them randomly. This is done in three phases: slicing, mixing, and aggregation. Generic privacy-preservation solutions for approximate aggregation (GP 2 S): The basic idea of GP 2 S [Zhang et al., 2008] is to generalize the values of data transmitted in a WSN, such that although individual data content cannot be decrypted, the aggregator can still obtain an accurate estimate of the histogram of data distribution, and thereby approximate the aggregates. – Private date query: The query issued to a WSN (to retrieve the collected data) is often also of critical privacy concerns. To address this challenge, a target-region transformation technique was proposed in [Carbunar et al., 2007] to fuzzy the target region of the query according to predefined transformation functions. Context-oriented privacy protection: Context-oriented privacy protection focuses on protecting contextual information, such as the location and timing information of traffic transmitted in a WSN. Location privacy concerns may arise for such special sensor nodes as the data source and the base station. Timing privacy, on the other hand, concerns the time when sensitive data is created at a data source, collected by a sensor node and transmitted to the base station. – Location privacy: A major challenge for context-oriented privacy protection is that an adversary may be able to compromise private information even without the ability of decrypting the transmitted data. In particular, since hop-by-hop transmission is required to address the limited transmission range of sensor nodes, an adversary may derive the locations of important nodes and data sources by observing and analyzing the traffic patterns between different hops. Location privacy of data source: In event driven networks, an event is generated if something interesting happens in the vicinity of the node. In some networks, the 5
Page 1: Budapest University of Technology a
Page 5 and 6: Abstract Wireless networks are used
Page 7 and 8: Kivonat Vezeték nélküli hálóza
Page 9: Acknowledgement First of all, I wou
Page 12 and 13: CONTENTS 4 Anonymous Aggregator Ele
Page 15: List of Tables 2.1 Illustration of
Page 19 and 20: Chapter 1 Introduction In this diss
Page 21: 1.2. Introduction to Vehicular Ad H
Page 25: 1.3. Introduction to Wireless Senso
Page 28 and 29: 2. PRIVATE AUTHENTICATION Some year
Page 30 and 31: 2. PRIVATE AUTHENTICATION anonymity
Page 32 and 33: 2. PRIVATE AUTHENTICATION Obviously
Page 34 and 35: 2. PRIVATE AUTHENTICATION In order
Page 36 and 37: 2. PRIVATE AUTHENTICATION Proof. By
Page 38 and 39: 2. PRIVATE AUTHENTICATION 2.4 Analy
Page 40 and 41: 2. PRIVATE AUTHENTICATION For each
Page 42 and 43: 2. PRIVATE AUTHENTICATION Reader R
Page 44 and 45: 2. PRIVATE AUTHENTICATION P ( ( N
Page 46 and 47: 2. PRIVATE AUTHENTICATION Avoine et
Page 48 and 49: 3. LOCATION PRIVACY IN VANETS pseud
Page 50 and 51: 3. LOCATION PRIVACY IN VANETS Since
Page 52 and 53: 3. LOCATION PRIVACY IN VANETS This
Page 54 and 55: 3. LOCATION PRIVACY IN VANETS reach
Page 56 and 57: 3. LOCATION PRIVACY IN VANETS N5.1
Page 58 and 59: 3. LOCATION PRIVACY IN VANETS Succe
Page 60 and 61: 3. LOCATION PRIVACY IN VANETS Figur
Page 62 and 63: 3. LOCATION PRIVACY IN VANETS 3.7.2
Page 64 and 65: 3. LOCATION PRIVACY IN VANETS map,
Page 67 and 68: Chapter 4 Anonymous Aggregator Elec
Page 69 and 70: 4.2. System and attacker models res
Page 71 and 72: 4.3. Basic protocol The main differ
Page 73 and 74:
Table 4.1: Estimated time of the bu
Page 75 and 76:
Probability of being cluster aggreg
Page 77 and 78:
− n∑ i=1 H = − n+1 ∑ 4.3. B
Page 79 and 80:
4.4. Advanced protocol Table 4.3: S
Page 81 and 82:
100 90 80 70 60 50 40 30 20 10 0 0
Page 83 and 84:
4.4. Advanced protocol If we consid
Page 85 and 86:
4.4.4 Query 4.4. Advanced protocol
Page 87 and 88:
L N D B NM < L N (4.5) A (4.7) (4.6
Page 89 and 90:
R ′ = R− N i=1 h(Q|ki) ÆÓ Å
Page 91:
4.7. Related publications systems w
Page 94 and 95:
5. APPLICATION OF NEW RESULTS an ap
Page 96 and 97:
6. CONCLUSION on this knowledge, sh
Page 99:
List of Acronyms CA Cluster Aggrega
Page 102 and 103:
LIST OF PUBLICATIONS [Holczer and B
Page 104 and 105:
BIBLIOGRAPHY [Beye and Veugen, 2011
Page 106 and 107:
BIBLIOGRAPHY [El Zarki et al., 2002
Page 108 and 109:
BIBLIOGRAPHY [Juels, 2005b] A. Juel
Page 110 and 111:
BIBLIOGRAPHY [Oliveira et al., 2008
Page 112:
BIBLIOGRAPHY [Wiedersheim et al., 2
show all

Thesis

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?