WO2008154941A1 - Method for preserving the privacy of nodes in a network - Google Patents

Method for preserving the privacy of nodes in a network Download PDF

Info

Publication number
WO2008154941A1
WO2008154941A1 PCT/EP2007/005423 EP2007005423W WO2008154941A1 WO 2008154941 A1 WO2008154941 A1 WO 2008154941A1 EP 2007005423 W EP2007005423 W EP 2007005423W WO 2008154941 A1 WO2008154941 A1 WO 2008154941A1
Authority
WO
WIPO (PCT)
Prior art keywords
pseudonym
node
nodes
requester
responder
Prior art date
Application number
PCT/EP2007/005423
Other languages
French (fr)
Other versions
WO2008154941A8 (en
Inventor
Andreas Festag
Roberto Baldessari
Emanuel Diogo Fonseca
Original Assignee
Nec Deutschland Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nec Deutschland Gmbh filed Critical Nec Deutschland Gmbh
Priority to PCT/EP2007/005423 priority Critical patent/WO2008154941A1/en
Publication of WO2008154941A1 publication Critical patent/WO2008154941A1/en
Publication of WO2008154941A8 publication Critical patent/WO2008154941A8/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/75Temporary identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Definitions

  • the present invention relates to a method for preserving the privacy of nodes in a network, especially in a vehicular ad hoc network (VANET) 1 wherein the network comprises a plurality of communication nodes, each node using an identifier - pseudonym - for the communication within the network, and wherein the nodes change their pseudonym from time to time.
  • VANET vehicular ad hoc network
  • VANETs vehicular ad hoc networks
  • C2C car to car communication
  • C2I communication between vehicles and roadside infrastructure.
  • the roadside infrastructure includes access points equipped with communication units, so-called roadside units (RSU), which are, in general, connected to a location server by a wired network.
  • RSU roadside units
  • VANETs are likely to become the most relevant form of mobile ad hoc networks in the future, currently, most of the research in this area is focussed on potential applications ranging from road safety (e.g., collision avoidance) over highway capacity increase to on-board infotainment services.
  • road safety e.g., collision avoidance
  • infotainment services e.g., security and privacy issues
  • each communication node uses an identifier which is unique within the network in such a way that each message sent by the sions an attacker, for example an eavesdropper or pursuer, can locate and track a vehicle, thereby invading the privacy of the vehicle's user.
  • the tracking of a vehicle becomes possible as, in principle, the communication protocols of a node in a vehicular ad hoc network publicly disclose data, such as the node's address, position, speed, heading, and time. An attacker can potentially link this information to a user's identity via its identifier.
  • pseudonyms Cryptography and encryption are no appropriate means to protect the transmitted data since the exchange of the information listed above is mandatory for network operation.
  • pseudonyms - In order to preserve the privacy of users, the use of randomly chosen and changing identifiers - referred to as pseudonyms - has been considered. Pseudonymity considerably aggravates the association of personal data publicly transmitted over the communication channel to a user's identity, but it can not prevent that an attacker collects personal data.
  • Existing methods for changing pseudonyms are based either on deterministic data (for example driven mileage or time), pseudo-random numbers (e.g., after some random duration of time), or events (e.g., each time after turning on the car engine).
  • a node is pre-loaded with a set of pseudonyms. For example, this pre-loading may be done during the node's registration at the network.
  • the node chooses one of the pseudonyms and uses it for communication.
  • it proves to be disadvantageous that the disappearance of a pseudonym and the appearance of a new one in the same or a very close position could potentially reveal that a node has changed its pseudonym.
  • the existing methods for changing pseudonyms according to the state of the art are disadvantageous since for an attacker disposing of the appropriate means it is comparatively easy to reveal the algorithm according to which a node changes its pseudonyms. Moreover, it has been found that the situation can be made much more difficult for an attacker to invade the privacy of a node by involving another node into the pseudonym change process. Consequently, in accordance with the invention, the pseudonym changes are performed by mutual exchange of pseudonyms between two nodes.
  • a support by the IEEE 802.11 or an IEEE 802.11 -like technology may be provided. Such a support would allow for a broad variety of applications.
  • each communication node of the network is equipped with a sensor for determining its current position.
  • a sensor for determining its current position.
  • GPS Global Positioning System
  • DGPS Different GPS
  • each node is informed about all other nodes residing in its communication range and/or entering its communication range.
  • the pseudonym exchange may be performed when the two nodes are in a direct communication range of each other. In this case the geographical position of the nodes is rather close to each other and, therefore, a potential attacker would not be able to detect the pseudonym exchange.
  • the mutual exchange process can be initiated by one of the two nodes sending a request message to another node.
  • the sending node will be referred to as requester node.
  • responder node - replies to the received request message may be implemented.
  • the responder node may send an acknowledgement message for the request message first (explicit acknowledgement) or, alternatively, the responder node can directly send its own pseudonym to the requester node (implicit acknowledgement).
  • the requester node after having received the pseudonym from the responder node, may send its own pseudonym to the responder node.
  • the responder node after having received the pseudonym from the requester node, can replace its current pseudonym with the pseudonym received from the requester node.
  • the responder node can confirm the receipt of the requester node's pseudonym by a confirmation message. This message informs the requester node of a successful change on the other side and, consequently, can be used as a trigger for conducting a replacement of the requester node's current pseudonym with the pseudonym received from the responder node.
  • the requester node after having sent a request message to a responder node, switches into a state in which request messages from any other nodes are ignored.
  • the responder node can switch into the same state after having sent its (implicit or explicit) acknowledgement as response to the request message. Since in this state additional triggers for pseudonym swap are ignored and pseudonym swap requests from other nodes are denied, it is ensured that the requester node and the responder node are involved in a single pseudonym exchange process at a time only.
  • a reliable pseudonym exchange between two nodes can be achieved by using timers and retransmissions for the involved messages.
  • a first timer T r ⁇ q may be provided that is started by the requester node after having sent the request message. This timer can be stopped by the receipt of the responder's nodes pseudonym.
  • the mutual pseudonym exchange process may be aborted or, alternatively, the request message may be retransmitted.
  • a threshold may be defined and the retransmission of the message may be aborted when the number of retransmissions exceeds the predefined threshold.
  • the responder node can start a timer T r8s after having sent its pseudonym. This timer can be stopped by the receipt of the pseudonym message from the requester node. Finally, it can be provided that the requester node starts a second timer T req 2 after having sent its pseudonym. This timer can be stopped by the receipt of the confirmation message from the responder node. As described above in the context of the timer T req i 1f an abortion of the mutual pseudonym exchange process or, alternatively, retransmissions of the respective message can be applied in the case of T r ⁇ q 2 and T 1 n res-
  • the messages exchanged between the requester node and the responder node for the pseudonym exchange process are transmitted with a lower transmission power than the messages related to the normal network communication.
  • the lower transmission power results in lower transmission range and, consequently, only nodes whose geographical position is rather close can perform the pseudonym swapping. Due to the close vicinity of the involved nodes, it is almost impossible for an attacker to detect the pseudonym change.
  • the messages exchanged between the requester node and the responder node for the pseudonym exchange process are encrypted.
  • Encryption can either be realised by a symmetric cryptography or by asymmetric cryptography and requires a key exchange prior to the pseudonym swap procedure. Any known key exchange protocol may be employed.
  • each pseudonym is associated to a digital certificate or a digital signature in order to provide non-repudiation of messages.
  • group signatures proves to be especially advantageous.
  • every node within a group shares the same public key.
  • the grouping of the nodes could follow predeterminable rules. According to specific rules, for example, all nodes that are in a city area or all nodes that are within a given section of a specific highway may belong to the same group.
  • Anonymous group signatures combine existing concepts of group digital signatures and anonymous digital signatures.
  • Anonymous digital signatures are sometimes referred to as 'blind digital signatures'.
  • blind digital signatures are also used for signatures for which a signer does not need to know the data contents to generate the signature.
  • the term "anonymous digital signatures” is used.
  • Anonymous group signatures allow an individual vehicle of a large group to digitally sign a message on behalf of the entire group in a cryptographically secure manner. The resulting digital signatures are anonymous and unlinkable and only a pre-specified group manager is able to determine the identity of the signer.
  • the certificate would be linked to a pseudonym.
  • two nodes swap their pseudonyms, they would also need to swap the certificates otherwise the certificate would be invalid.
  • Anonymous group signatures are useful for pseudonym swapping. In fact, a potential attacker cannot link a digital certificate to the node identity, and therefore there is no need for swapping the certificate.
  • Figure 1 is a schematic view showing a conventional method for changing pseudonyms according to the state of the art
  • Figure 2 is a schematic view of an embodiment of a method for changing pseudonyms according to the invention.
  • Figure 3 is a schematic view of an embodiment of a protocol used for a pseudonym exchange method according to the invention.
  • Fig. 1 depicts an example of a conventional method for changing pseudonyms according to the state of the art.
  • Fig. 1 shows a node displayed by a rhombus which is part of a communication network.
  • the rhombus symbolizes a vehicle which is part of a VANET.
  • the vehicle travels along a path whose trajectory is depicted by the dotted line.
  • the vehicle employs a pseudonym A.
  • each message transmitted by the vehicle carries the pseudonym A as a source address.
  • the node changes its pseudonym from A into B. This change is based on some given algorithm depending on deterministic data, pseudo-random numbers, or events. In the embodiment shown in Fig. 1 , it is assumed that pseudonym changes are performed after some random duration of time.
  • a pseudonym here pseudonym A
  • a new one here pseudonym B
  • an attacker will be enabled to link the old and the new pseudonym making the conventional methods for changing pseudonyms vulnerable to collecting personal data by an attacker.
  • Fig. 2 there are two nodes, the first node being symbolized by a rhombus and the second node being symbolized by a triangle. The first node is travelling along a trajectory being symbolized by a dotted line and the second node is travelling along a trajectory being symbolized by a dashed line. The directions of movement of the two nodes along their trajectories are indicated by the corresponding arrows.
  • the first node uses the pseudonym A and the second node uses the pseudonym B.
  • the trajectories of the nodes are very close to each other. In case of a VANET, for example, this point might be an intersection where the distance between the two vehicles is several meters only.
  • the two nodes perform a pseudonym swapping according to the invention, i.e. the two nodes perform a mutual exchange of their pseudonyms.
  • the first node (symbolized by the rhombus) travels along its trajectory using the pseudonym B and the second node (symbolized by the triangle) travels along its trajectory using the pseudonym A.
  • a protocol with a four way message exchange as shown in Fig. 3 may be used.
  • the requester node receives a trigger for a pseudonym swap.
  • the trigger may be, for example, a notification that a neighbouring node has become reachable.
  • the requester node sends a request message for performing a mutual pseudonym exchange.
  • the requester node performs a state transition and switches from the state idle to a state that in the following is called pseudo-swap. In this state, additional triggers for pseudonym swaps are ignored and pseudonym swap requests from other nodes are denied.
  • the requester node starts a timer T req v
  • the responder node In case the responder node receives the pseudonym swap request and accepts it, it replies with an acknowledgement or, as shown in Fig. 3, it replies directly with its pseudonym as an implicit acknowledgement for the request.
  • the responder node also switches from the state idle to the state pseudo-swap and starts a timer T res
  • the requester node When the requester node receives the responder node's pseudonym, it saves the pseudonym and stops the timer T req v Furthermore, the requester node sends its own pseudonym to the responder node and starts a new timer T req 2 .
  • the responder node receives the requester nodes pseudonym, its stops timer T res and replaces its pseudonym with the new one received form the requester node. Furthermore, the responder node sends a confirmation message and performs a state transition to the state idle.
  • the requester node receives the confirmation message, it also sets the responder node's pseudonym as its local one, stops timer T req 2 , and switches back to the state idle.
  • the timers T r ⁇ q ⁇ 1 ( T r ⁇ q 2 and T res are used to trigger retransmissions in case messages are lost over the unreliable wireless channel and to avoid blocking of the nodes for other pseudonym swaps.
  • the message may be retransmitted up to a maximum number of times. For example, when the pseudonym swap request gets lost, it can be re-transmitted up to a maximum number of times. If the responder node does not reply after the number of message retransmissions has exceeded a predefined threshold, the requester node aborts the pseudonym swap process and returns to the state idle.
  • the phase after the responder node sends its confirmation message and sets the pseudonym presents an 'uncertainty period' since a loss of the confirmation message leads to state inconsistency.
  • the requester node retransmits the requester pseudonym message.
  • the requester node aborts the pseudonym swap and keeps its old pseudonym. Since the responder node has already switched to the new pseudonym, both nodes, requester and responder carry the same pseudonym and the pseudonym swap failed.
  • the messages exchanged between the two nodes are encrypted. Encryption can either be realized by symmetric or asymmetric cryptography and require a key exchange prior to the pseudonym swap procedure.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

A method for preserving the privacy of nodes in a network, especially in a vehicular ad hoc network (VANET), wherein the network comprises a plurality of communication nodes, each node using an identifier - pseudonym - for the communication within the network, and wherein the nodes change their pseudonym from time to time and the pseudonym changes are performed by mutual exchange of pseudonyms between two nodes.

Description

METHOD FOR PRESERVING THE PRIVACY OF NODES
IN A NETWORK
The present invention relates to a method for preserving the privacy of nodes in a network, especially in a vehicular ad hoc network (VANET)1 wherein the network comprises a plurality of communication nodes, each node using an identifier - pseudonym - for the communication within the network, and wherein the nodes change their pseudonym from time to time.
In networks, in which communication nodes exchange messages with each other via a (wireless) communication channel, certain security aspects are of special importance. For example, a severe security problem can be caused by an attacker who accomplishes to collect data exchanged between the nodes, thereby breaching the privacy of single nodes.
Especially in wireless ad hoc networks, like for example vehicular ad hoc networks (VANETs), preserving the location privacy of the vehicle's user is a crucial task. In VANETs the vehicles are equipped with an on-board communication unit and there are, in principle, two kinds of communication: so-called C2C (car to car communication), i.e. the vehicles communicate among themselves, and C2I communication, referring to the communication between vehicles and roadside infrastructure. The roadside infrastructure includes access points equipped with communication units, so-called roadside units (RSU), which are, in general, connected to a location server by a wired network.
Although VANETs are likely to become the most relevant form of mobile ad hoc networks in the future, currently, most of the research in this area is focussed on potential applications ranging from road safety (e.g., collision avoidance) over highway capacity increase to on-board infotainment services. However, many challenges including security and privacy issues are not satisfactorily solved yet.
In general, in mobile ad hoc networks each communication node uses an identifier which is unique within the network in such a way that each message sent by the sions an attacker, for example an eavesdropper or pursuer, can locate and track a vehicle, thereby invading the privacy of the vehicle's user. The tracking of a vehicle becomes possible as, in principle, the communication protocols of a node in a vehicular ad hoc network publicly disclose data, such as the node's address, position, speed, heading, and time. An attacker can potentially link this information to a user's identity via its identifier.
Cryptography and encryption are no appropriate means to protect the transmitted data since the exchange of the information listed above is mandatory for network operation. In order to preserve the privacy of users, the use of randomly chosen and changing identifiers - referred to as pseudonyms - has been considered. Pseudonymity considerably aggravates the association of personal data publicly transmitted over the communication channel to a user's identity, but it can not prevent that an attacker collects personal data. Existing methods for changing pseudonyms are based either on deterministic data (for example driven mileage or time), pseudo-random numbers (e.g., after some random duration of time), or events (e.g., each time after turning on the car engine).
With conventional methods for pseudonym change a node is pre-loaded with a set of pseudonyms. For example, this pre-loading may be done during the node's registration at the network. Based on one of the algorithms described above the node chooses one of the pseudonyms and uses it for communication. In this regard it proves to be disadvantageous that the disappearance of a pseudonym and the appearance of a new one in the same or a very close position could potentially reveal that a node has changed its pseudonym. Furthermore, it would allow an attacker to link the old and the new pseudonym. Consequently, even by employing changing pseudonyms tracking of nodes is still possible.
It is therefore an object of the present invention to improve and further develop a method of the initially described type for preserving the identity of nodes in a network in such a way that by employing mechanisms that are readily to implement tracking of nodes is considerably aggravated. In accordance with the invention, the aforementioned object is accomplished by a method comprising the features of claim 1. According to this claim, such a method is characterised in that the pseudonym changes are performed by mutual exchange of pseudonyms between two nodes.
According to the invention it has first been recognised that the existing methods for changing pseudonyms according to the state of the art are disadvantageous since for an attacker disposing of the appropriate means it is comparatively easy to reveal the algorithm according to which a node changes its pseudonyms. Moreover, it has been found that the situation can be made much more difficult for an attacker to invade the privacy of a node by involving another node into the pseudonym change process. Consequently, in accordance with the invention, the pseudonym changes are performed by mutual exchange of pseudonyms between two nodes.
As regards the channel that is used for the communication within the network a support by the IEEE 802.11 or an IEEE 802.11 -like technology may be provided. Such a support would allow for a broad variety of applications.
In an advantageous way each communication node of the network is equipped with a sensor for determining its current position. This could be a navigation system, like a GPS (Global Positioning System) receiver, or any other similar sensor system, like for example Galileo or DGPS (Differential GPS), the latter resulting in a very high resolution even in urban environments with constructions that weaken GPS signals.
In order to enable an efficient initiation of a mutual pseudonym exchange it can be provided that each node is informed about all other nodes residing in its communication range and/or entering its communication range. Thus, in an especially advantageous way, the pseudonym exchange may be performed when the two nodes are in a direct communication range of each other. In this case the geographical position of the nodes is rather close to each other and, therefore, a potential attacker would not be able to detect the pseudonym exchange. As regards the protocol employed for a reliable exchange of pseudonyms between two nodes, the mutual exchange process can be initiated by one of the two nodes sending a request message to another node. The sending node will be referred to as requester node. Two different ways of how the other of the two nodes - referred to as responder node - replies to the received request message may be implemented. For example, the responder node may send an acknowledgement message for the request message first (explicit acknowledgement) or, alternatively, the responder node can directly send its own pseudonym to the requester node (implicit acknowledgement).
As a next step of the protocol the requester node, after having received the pseudonym from the responder node, may send its own pseudonym to the responder node. The responder node, after having received the pseudonym from the requester node, can replace its current pseudonym with the pseudonym received from the requester node. Regarding a high reliability the responder node can confirm the receipt of the requester node's pseudonym by a confirmation message. This message informs the requester node of a successful change on the other side and, consequently, can be used as a trigger for conducting a replacement of the requester node's current pseudonym with the pseudonym received from the responder node.
In a preferred embodiment the requester node, after having sent a request message to a responder node, switches into a state in which request messages from any other nodes are ignored. Correspondingly, the responder node can switch into the same state after having sent its (implicit or explicit) acknowledgement as response to the request message. Since in this state additional triggers for pseudonym swap are ignored and pseudonym swap requests from other nodes are denied, it is ensured that the requester node and the responder node are involved in a single pseudonym exchange process at a time only.
Advantageously, a reliable pseudonym exchange between two nodes can be achieved by using timers and retransmissions for the involved messages. For example, a first timer TrΘq , may be provided that is started by the requester node after having sent the request message. This timer can be stopped by the receipt of the responder's nodes pseudonym. When the timer exceeds a predeterminable maximum value the mutual pseudonym exchange process may be aborted or, alternatively, the request message may be retransmitted. In this context a threshold may be defined and the retransmission of the message may be aborted when the number of retransmissions exceeds the predefined threshold.
In a similar way as described above, the responder node can start a timer Tr8s after having sent its pseudonym. This timer can be stopped by the receipt of the pseudonym message from the requester node. Finally, it can be provided that the requester node starts a second timer Treq 2 after having sent its pseudonym. This timer can be stopped by the receipt of the confirmation message from the responder node. As described above in the context of the timer Treq i 1f an abortion of the mutual pseudonym exchange process or, alternatively, retransmissions of the respective message can be applied in the case of Trθq 2 and T 1 n res-
In a preferred embodiment, the messages exchanged between the requester node and the responder node for the pseudonym exchange process are transmitted with a lower transmission power than the messages related to the normal network communication. The lower transmission power results in lower transmission range and, consequently, only nodes whose geographical position is rather close can perform the pseudonym swapping. Due to the close vicinity of the involved nodes, it is almost impossible for an attacker to detect the pseudonym change.
In another preferred embodiment, the messages exchanged between the requester node and the responder node for the pseudonym exchange process are encrypted. By this means, the privacy of the process is enhanced. Encryption can either be realised by a symmetric cryptography or by asymmetric cryptography and requires a key exchange prior to the pseudonym swap procedure. Any known key exchange protocol may be employed.
In still another preferred embodiment, each pseudonym is associated to a digital certificate or a digital signature in order to provide non-repudiation of messages. In order to avoid that each time two nodes swap pseudonyms, they would also have to exchange certificates, the employment of group signatures proves to be especially advantageous. In the context of an employment of group signatures every node within a group shares the same public key. The grouping of the nodes could follow predeterminable rules. According to specific rules, for example, all nodes that are in a city area or all nodes that are within a given section of a specific highway may belong to the same group.
Anonymous group signatures combine existing concepts of group digital signatures and anonymous digital signatures. Anonymous digital signatures are sometimes referred to as 'blind digital signatures'. However, blind digital signatures are also used for signatures for which a signer does not need to know the data contents to generate the signature. In order to avoid ambiguity, here the term "anonymous digital signatures" is used. Anonymous group signatures allow an individual vehicle of a large group to digitally sign a message on behalf of the entire group in a cryptographically secure manner. The resulting digital signatures are anonymous and unlinkable and only a pre-specified group manager is able to determine the identity of the signer.
With conventional schemes for digital signatures and certificates, the certificate would be linked to a pseudonym. When two nodes swap their pseudonyms, they would also need to swap the certificates otherwise the certificate would be invalid.
Anonymous group signatures are useful for pseudonym swapping. In fact, a potential attacker cannot link a digital certificate to the node identity, and therefore there is no need for swapping the certificate.
There are several ways how to design and further develop the teaching of the present invention in an advantageous way. To this end, it is to be referred to the patent claims subordinate to patent claim 1 on the one hand and to the following explanation of a preferred example of an embodiment of the invention illustrated by the figure on the other hand. In connection with the explanation of the preferred example of an embodiment of the invention by the aid of the figure, generally preferred embodiments and further developments of the teaching will be explained. In the drawings:
Figure 1 is a schematic view showing a conventional method for changing pseudonyms according to the state of the art,
Figure 2 is a schematic view of an embodiment of a method for changing pseudonyms according to the invention, and
Figure 3 is a schematic view of an embodiment of a protocol used for a pseudonym exchange method according to the invention.
Referring now more particularly to the drawings, Fig. 1 depicts an example of a conventional method for changing pseudonyms according to the state of the art. Fig. 1 shows a node displayed by a rhombus which is part of a communication network. Concretely, the rhombus symbolizes a vehicle which is part of a VANET. The vehicle travels along a path whose trajectory is depicted by the dotted line. For communication purposes the vehicle employs a pseudonym A. With other words, each message transmitted by the vehicle carries the pseudonym A as a source address.
At a certain point of the node's trajectory, marked with an X, the node changes its pseudonym from A into B. This change is based on some given algorithm depending on deterministic data, pseudo-random numbers, or events. In the embodiment shown in Fig. 1 , it is assumed that pseudonym changes are performed after some random duration of time.
As can be inferred from Fig. 1 , the disappearance of a pseudonym (here pseudonym A) and the appearance of a new one (here pseudonym B) in the same or very close position could potentially reveal that the node has changed its pseudonym. Hence, an attacker will be enabled to link the old and the new pseudonym making the conventional methods for changing pseudonyms vulnerable to collecting personal data by an attacker. Referring now to Fig. 2, there are two nodes, the first node being symbolized by a rhombus and the second node being symbolized by a triangle. The first node is travelling along a trajectory being symbolized by a dotted line and the second node is travelling along a trajectory being symbolized by a dashed line. The directions of movement of the two nodes along their trajectories are indicated by the corresponding arrows.
In the embodiment shown in Fig. 2, in the beginning the first node uses the pseudonym A and the second node uses the pseudonym B. At a certain point, marked by an X, the trajectories of the nodes are very close to each other. In case of a VANET, for example, this point might be an intersection where the distance between the two vehicles is several meters only. At this point the two nodes perform a pseudonym swapping according to the invention, i.e. the two nodes perform a mutual exchange of their pseudonyms. Consequently, after having past the point X the first node (symbolized by the rhombus) travels along its trajectory using the pseudonym B and the second node (symbolized by the triangle) travels along its trajectory using the pseudonym A.
Considering the performance of a mutual pseudonym exchange as described in connection with Fig. 2, a protocol with a four way message exchange as shown in Fig. 3 may be used. In the beginning the state of both requester node and responder node with regard to a pseudonym swap is idle. At a certain point in time the requester node receives a trigger for a pseudonym swap. The trigger may be, for example, a notification that a neighbouring node has become reachable. The requester node sends a request message for performing a mutual pseudonym exchange. Furthermore, the requester node performs a state transition and switches from the state idle to a state that in the following is called pseudo-swap. In this state, additional triggers for pseudonym swaps are ignored and pseudonym swap requests from other nodes are denied. In addition to the switch of its state the requester node starts a timer Treq v
In case the responder node receives the pseudonym swap request and accepts it, it replies with an acknowledgement or, as shown in Fig. 3, it replies directly with its pseudonym as an implicit acknowledgement for the request. The responder node also switches from the state idle to the state pseudo-swap and starts a timer Tres
When the requester node receives the responder node's pseudonym, it saves the pseudonym and stops the timer Treq v Furthermore, the requester node sends its own pseudonym to the responder node and starts a new timer Treq 2. When the responder node receives the requester nodes pseudonym, its stops timer Tres and replaces its pseudonym with the new one received form the requester node. Furthermore, the responder node sends a confirmation message and performs a state transition to the state idle. When the requester node receives the confirmation message, it also sets the responder node's pseudonym as its local one, stops timer Treq 2 , and switches back to the state idle.
The timers TrΘq ι 1 ( Trβq 2 and Tres are used to trigger retransmissions in case messages are lost over the unreliable wireless channel and to avoid blocking of the nodes for other pseudonym swaps. When a message is lost the message may be retransmitted up to a maximum number of times. For example, when the pseudonym swap request gets lost, it can be re-transmitted up to a maximum number of times. If the responder node does not reply after the number of message retransmissions has exceeded a predefined threshold, the requester node aborts the pseudonym swap process and returns to the state idle.
The phase after the responder node sends its confirmation message and sets the pseudonym presents an 'uncertainty period' since a loss of the confirmation message leads to state inconsistency. When the confirmation message is lost, the requester node retransmits the requester pseudonym message. In the case the requester node and the responder node are already out of transmission range, the requester node aborts the pseudonym swap and keeps its old pseudonym. Since the responder node has already switched to the new pseudonym, both nodes, requester and responder carry the same pseudonym and the pseudonym swap failed. For privacy reasons the messages exchanged between the two nodes are encrypted. Encryption can either be realized by symmetric or asymmetric cryptography and require a key exchange prior to the pseudonym swap procedure.
Many modifications and other embodiments of the invention set forth herein will come to mind the one skilled in the art to which the invention pertains having the benefit of the teachings presented in the foregoing description and the associated drawings. Therefore, it is to be understood that the invention is not to be limited to the specific embodiments disclosed and that modifications and other embodiments are intended to be included within the scope of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims

C l a i m s
1. A method for preserving the privacy of nodes in a network, especially in a vehicular ad hoc network (VANET), wherein the network comprises a plurality of communication nodes, each node using an identifier - pseudonym - for the communication within the network, and wherein the nodes change their pseudonym from time to time, c h a r a c t e r i z e d i n that the pseudonym changes are performed by mutual exchange of pseudonyms between two nodes.
2. The method according to claim 1 , wherein the channel used for the communication is supported by the IEEE 802.11 or an IEEE 802.11 -like technology.
3. The method according to claim 1 or 2, wherein the communication nodes are equipped with a sensor for determining their location, preferably a GPS sensor.
4. The method according to any of claim 1 to 3, wherein each node is informed about all other nodes residing in and/or entering its communication range.
5. The method according to any of claim 1 to 4, wherein the mutual exchange is performed when the two nodes are in direct communication range of each other.
6. The method according to any of claim 1 to 5, wherein the mutual pseudonym exchange process between two nodes is initiated by one of the two nodes - requester node - sending a request message to the other node.
7. The method according to claim 6, wherein the other of the two nodes - responder node - replies to the received request message by sending an acknowledgement for the request message first or by sending directly its pseudonym to the requester node.
8. The method according to claim 7, wherein the requester node stores the pseudonym received from the responder node.
9. The method according to claim 7 or 8, wherein the requester node, after having received the pseudonym from the responder node, sends its own pseudonym to the responder node.
10. The method according to claim 9, wherein the responder node, after having received the pseudonym from the requester node, replaces its current pseudonym with the pseudonym received from the requester node.
11. The method according to claim 9 or 10, wherein the responder node confirms the receipt of the requester node's pseudonym by a confirmation message.
12. The method according to claim 11 , wherein the requester node, after having received the confirmation message from the responder node, replaces its own pseudonym with the pseudonym received from the responder node.
13. The method according to any of claims 6 to 12, wherein the requester node, after having sent a request message to a responder node, is switched into a state in which request messages from other nodes are denied.
14. The method according to any of claims 6 to 13, wherein the responder node, after having received the request message from the requester node, is switched into a state in which request messages from other nodes are denied.
15. The method according to any of claims 6 to 14, wherein the requester node starts a first timer Treq 1 after having sent the request message.
16. The method according to claim 15, wherein the timer Treq λ is stopped by the receipt of the responder node's pseudonym.
17. The method according to any of claims 7 to 16, wherein the responder node starts a timer Tres after having sent its pseudonym.
18. The method according to claim 17, wherein the timer Trβs is stopped by the receipt of the pseudonym message from the requester node.
19. The method according to any of claims 9 to 18, wherein the requester node starts a second timer Treqi 2 after having sent its pseudonym.
20. The method according to claim 19, wherein the timer Treq 2 is stopped by the receipt of the confirmation message from the responder node.
21. The method according to any of claims 15 to 20, wherein the mutual pseudonym exchange process is aborted when at least one of the timers Treq f 1 ) Treq, 2 or T res exceeds a predeterminablβ maximum value.
22. The method according to claim 21 , wherein the respective messages are retransmitted in case of a timeout.
23. The method according to claim 22, wherein the retransmission of a message is aborted when the number of retransmissions exceeds a predefined threshold.
24. The method according to any of claims 1 to 23, wherein the messages exchanged between the requester node and the responder node for the pseudonym exchange process are transmitted with a lower transmission power than the messages related to the normal network communication.
25. The method according to any of claims 1 to 24, wherein the messages exchanged between the requester node and the responder node for the pseudonym exchange process are encrypted.
26. The method according to claim 25, wherein the encryption is realised by symmetric or asymmetric cryptography.
27. The method according to any of claims 1 to 26, wherein each pseudonym is associated to a digital certificate or a digital signature.
28. The method according to any of claims 1 to 27, wherein the communication nodes are grouped according to predeterminable rules and wherein anonymous group signatures are employed within each group.
PCT/EP2007/005423 2007-06-20 2007-06-20 Method for preserving the privacy of nodes in a network WO2008154941A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2007/005423 WO2008154941A1 (en) 2007-06-20 2007-06-20 Method for preserving the privacy of nodes in a network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2007/005423 WO2008154941A1 (en) 2007-06-20 2007-06-20 Method for preserving the privacy of nodes in a network

Publications (2)

Publication Number Publication Date
WO2008154941A1 true WO2008154941A1 (en) 2008-12-24
WO2008154941A8 WO2008154941A8 (en) 2009-05-22

Family

ID=39114331

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2007/005423 WO2008154941A1 (en) 2007-06-20 2007-06-20 Method for preserving the privacy of nodes in a network

Country Status (1)

Country Link
WO (1) WO2008154941A1 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102012008121A1 (en) * 2012-04-25 2013-10-31 GM Global Technology Operations LLC (n. d. Ges. d. Staates Delaware) Operating method for mobile network node of vehicle in wireless network using computer program product, involves estimating difference between movement of one mobile network node and detected movement of another mobile network node
JP2015219635A (en) * 2014-05-15 2015-12-07 日本電信電話株式会社 Device and method for determining id exchange range, and program
CN106911670A (en) * 2017-01-13 2017-06-30 重庆邮电大学 Intimacy protection system and method in a kind of car networking
CN108012232A (en) * 2017-11-30 2018-05-08 东北大学 VANETs location privacy protection querying methods under mist computing architecture
CN108769926A (en) * 2018-05-16 2018-11-06 电子科技大学 Car networking method for secret protection based on quorum-sensing system layer and car networking framework
CN109005148A (en) * 2017-06-07 2018-12-14 罗伯特·博世有限公司 For protecting vehicle network from the method for the data transmission being tampered
CN109561383A (en) * 2018-12-17 2019-04-02 昆明理工大学 A kind of location privacy protection method based on dynamic assumed name exchange area
CN110022542A (en) * 2019-05-23 2019-07-16 桂林电子科技大学 A kind of anonymous authentication method of the modified based on condition secret protection
CN110430567A (en) * 2019-07-31 2019-11-08 福建师范大学 A kind of car networking assumed name replacing options based on game theory analysis
US10713385B2 (en) 2018-07-03 2020-07-14 International Business Machines Corporation Position data pseudonymization
CN112969173A (en) * 2021-02-01 2021-06-15 河南工学院 Location privacy protection method and system in 5G vehicle-mounted network based on virtual vehicle

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107580006B (en) * 2017-11-01 2019-06-25 安徽大学 Vehicular ad hoc network conditionity method for secret protection based on register list
CN110034958B (en) * 2019-04-02 2022-11-11 浙江工商大学 Vehicle networking pseudonym change incentive algorithm and change method based on SGUM theory

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
EMANUEL FONSECA ET AL: "Support of Anonymity in VANETs - Putting Pseudonymity into Practice", WIRELESS COMMUNICATIONS AND NETWORKING CONFERENCE, 2007.WCNC 2007. IEEE, IEEE, PI, March 2007 (2007-03-01), pages 3400 - 3405, XP031089110, ISBN: 1-4244-0658-7 *
KRISHNA SAMPIGETHAYA ET AL: "CARAVAN: Providing Location Privacy for VANET", INTERNET CITATION, 30 September 2005 (2005-09-30), XP002394812, Retrieved from the Internet <URL:http://www.ee.washington.edu/research/nsl/papers/ESCAR-05.pdf> [retrieved on 20060821] *
MINGYAN LI, KRISHNA SAMPIGETHAYA, LEPING HUANG, RADHA POOVENDRAN: "Swing & swap: user-centric approaches towards maximizing location privacy", PROCEEDINGS OF THE 5TH ACM WORKSHOP ON PRIVACY IN ELECTRONIC SOCIETY, 30 October 2006 (2006-10-30), Alexandria, VA, USA, pages 19 - 28, XP002471551, ISBN: 1-59593-556-8, Retrieved from the Internet <URL:http://delivery.acm.org/10.1145/1180000/1179605/p19-li.pdf?key1=1179605&key2=2078074021&coll=GUIDE&dl=&CFID=57873046&CFTOKEN=38070631> [retrieved on 20080305] *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102012008121A1 (en) * 2012-04-25 2013-10-31 GM Global Technology Operations LLC (n. d. Ges. d. Staates Delaware) Operating method for mobile network node of vehicle in wireless network using computer program product, involves estimating difference between movement of one mobile network node and detected movement of another mobile network node
JP2015219635A (en) * 2014-05-15 2015-12-07 日本電信電話株式会社 Device and method for determining id exchange range, and program
CN106911670A (en) * 2017-01-13 2017-06-30 重庆邮电大学 Intimacy protection system and method in a kind of car networking
CN109005148A (en) * 2017-06-07 2018-12-14 罗伯特·博世有限公司 For protecting vehicle network from the method for the data transmission being tampered
CN109005148B (en) * 2017-06-07 2022-08-23 罗伯特·博世有限公司 Method for protecting a vehicle network against tampered data transmission
CN108012232B (en) * 2017-11-30 2020-04-21 东北大学 VANETs position privacy protection query method under fog computing architecture
CN108012232A (en) * 2017-11-30 2018-05-08 东北大学 VANETs location privacy protection querying methods under mist computing architecture
CN108769926A (en) * 2018-05-16 2018-11-06 电子科技大学 Car networking method for secret protection based on quorum-sensing system layer and car networking framework
CN108769926B (en) * 2018-05-16 2020-10-23 电子科技大学 Group perception layer-based car networking privacy protection method and car networking framework
US10915665B2 (en) 2018-07-03 2021-02-09 International Business Machines Corporation Position data pseudonymization
US10713385B2 (en) 2018-07-03 2020-07-14 International Business Machines Corporation Position data pseudonymization
CN109561383A (en) * 2018-12-17 2019-04-02 昆明理工大学 A kind of location privacy protection method based on dynamic assumed name exchange area
CN110022542A (en) * 2019-05-23 2019-07-16 桂林电子科技大学 A kind of anonymous authentication method of the modified based on condition secret protection
CN110022542B (en) * 2019-05-23 2022-02-15 桂林电子科技大学 Improved anonymous authentication method based on conditional privacy protection
CN110430567A (en) * 2019-07-31 2019-11-08 福建师范大学 A kind of car networking assumed name replacing options based on game theory analysis
CN112969173A (en) * 2021-02-01 2021-06-15 河南工学院 Location privacy protection method and system in 5G vehicle-mounted network based on virtual vehicle

Also Published As

Publication number Publication date
WO2008154941A8 (en) 2009-05-22

Similar Documents

Publication Publication Date Title
WO2008154941A1 (en) Method for preserving the privacy of nodes in a network
Sugumar et al. Trust based authentication technique for cluster based vehicular ad hoc networks (VANET)
Fonseca et al. Support of anonymity in vanets-putting pseudonymity into practice
US8090949B2 (en) Certificate assignment strategies for efficient operation of the PKI-based security architecture in a vehicular network
Guo et al. Vehicular ad hoc networks and dedicated short-range communication
JP7074863B2 (en) Encryption method and system using activation code for withdrawal of digital certificate
JP2013513256A (en) Method for public key infrastructure for automotive networks with a limited number of infrastructure servers
Khan et al. Certificate revocation in vehicular ad hoc networks techniques and protocols: a survey
Rezazadeh Baee et al. Authentication strategies in vehicular communications: a taxonomy and framework
Park et al. Long-term reputation system for vehicular networking based on vehicle's daily commute routine
Younes et al. SCOOL: a secure traffic congestion control protocol for VANETs
Mistareehi et al. A secure and distributed architecture for vehicular cloud
Singh et al. A state-of-art approach to misbehaviour detection and revocation in VANET: survey
Gazdar et al. DTCF: A distributed trust computing framework for vehicular ad hoc networks
Scheuer et al. A safety-preserving mix zone for vanets
Gazdar et al. A secure cluster‐based architecture for certificates management in vehicular networks
Hussain et al. Towards privacy aware pseudonymless strategy for avoiding profile generation in vanet
Balu et al. A review on security techniques in vanets
Dok et al. Privacy issues for vehicular ad-hoc network
Anwar et al. Cloud-based Sybil attack detection scheme for connected vehicles
Eckhoff et al. SmartRevoc: An efficient and privacy preserving revocation system using parked vehicles
Scheuer et al. Preventing profile generation in vehicular networks
Tomandl et al. VANET privacy by “defending and attacking”
Liu et al. Probabilistic isolation of malicious vehicles in pseudonym changing VANETs
Ruan et al. Elliptic curve ElGamal threshold-based key management scheme against compromise of distributed RSUs for VANETs

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07764745

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07764745

Country of ref document: EP

Kind code of ref document: A1