1. PARROTS Position Altered Random Repetition of Transportation Signature
George Corser
Oakland University
May 23, 2013

2. 1. Introduction: VANET Privacy

3. VANET Privacy: Scope Privacy Mobile Vehicle Wireless Surveillance
Network
Vehicle
Surveillance
Virtue we wish to promote
Scope
Activity we wish to control
System possible to implement

4. VANET: Technical Standards
Two stacks
WSMP (Safety)
TCP/IP (Other)
IEEE
Security Services
J2735
DSRC Message Set
J2945.1
Comm. Performance
(Graphic source: Kenney, 2010)

5. IEEE 1609.2 – Security Services
First non-draft version released April 2013
IEEE – Security Services
Certificates and Certificate Authority Hierarchy
Formats for Public Key, Signature, Certificate, and CRL
Message Formats and Processing for Generating Encrypted Messages
Sending Messages
Request Certificates from the CA
Request and Processing CRL
Jared: Trust George: Privacy
Source: IEEE – Security Services

6. SAE J2735 – DSRC Message Set Basic Safety Message (BSM)
Probe Vehicle Data Message (PVDM)
Traveler Information (TIM)
Image source:

7. Basic Crypto: Vi queries LBS
Crypto validates identities and keeps messages confidential
Basic Crypto: Vi queries LBS
i = identity (pseudo identity, actually)
Vi = vehicle with identity, i
Cert(i) = CA-(i, Vi+, validity, authority, …)
the digital certificate for Vi is the identity, the public key and the key’s valid date/time range
q = query (could have used: m = message)
SigVi(q) = V-[H(q),q]
Query Vi →LBS (q) = LBS+[ SigVi(q) , Cert(i) ]
Reply LBS→Vi (r) = Vi+[r]

8. Properties, Techniques, Problems
VANET Privacy:
Properties, Techniques, Problems
Unlinkability, pseudo IDs, key management
Untrackability, synchronized pseudo ID change, sparsity/density of vehicle traffic
Scalability, no solution, sparsity/density (unpublished: FLARES addresses this issue)
Efficiency, minimize privacy message requests, efficient protocols not usually as effective
Conditionality, distributed PKI, tends to work against unlinkability

9. Properties, Techniques, Problems
VANET Privacy: PARROTS
Properties, Techniques, Problems
User choice, PARROTS, driver-controlled privacy may circumvent conditionality (note: other models could offer a software switch, but none in the literature have so suggested)
Defense against collaboration, PARROTS, requires different BSM, PVM, GSM pseudo IDs

10. PARROTS: Contribution of Paper
Model for defending against collaborative location privacy attacks in VANETs

11. 2. PARROTS

12. Threat Model: Collaborative Attack
Attacker has access
to both LBS and RSU

13. Privacy Technique: Pseudo-ID
Many models use this technique
Privacy Technique: Pseudo-ID
Real identity never broadcast
Ensures unlinkability
Pseudo ID changes every 5 minutes
Key distribution and certificate revocation also open research issues
Certificate Authority

14. Privacy Technique: Group Leader
Many models use this technique
Privacy Technique: Group Leader
Vehicles travel in groups
Ensures untrackability
Groups serve as mix zones
Followers synchronize pseudo ID changes (may also use silent period)
Group leader does not have privacy

15. PARROTS: Before Group Change
Original work
PARROTS: Before Group Change Vi
Vi and Vj drive within communication range,
Vj agrees to PARROT Vj

16. PARROTS: After Group Change
Original work
PARROTS: After Group Change Vi Vj
Vj changes group and
begins parroting Vi Vi

17. PARROTS: Defeats Attack?
Both Vi and Vj send LBS requests signed by Vi, and both locations confirmed by RSUs Vj Vj Vi Vi

18. Problems with PARROTS Model
Vehicles would need separate sets of pseudo IDs for safety applications. The pseudo ID for the BSM cannot be the same as the pseudo ID for the TIM (or whatever message type is used for the LBS) otherwise attacker could check for BSM
Parrotee would need to construct maybe 5 mins worth of messages to send to LBS
Location cannot be part of signed request
Malicious parroter could flood LBS

19. Basic Crypto: Vi queries LBS
Crypto validates identities and keeps messages confidential
Basic Crypto: Vi queries LBS
i = identity (pseudo identity, actually)
Vi = vehicle with identity, i
Cert(i) = CA-(i, Vi+, validity, authority, …)
the digital certificate for Vi is the identity, the public key and the key’s valid date/time range
q = query (could have used: m = message)
SigVi(q) = V-[H(q),q]
Query Vi →LBS (q) = LBS+[ SigVi(q) , Cert(i) ]
Reply LBS→Vi (r) = Vi+[r]

20. Conditionality Problem
PARROTS increases the complexity of conditional privacy. If LBS kept records of all requests from Vi, and RSUs kept records of all pseudo IDs of BSMs in range of RSU, then the CA could correlate pseudo IDs to identify which was the “real” request (assuming no spoofing).

21. 3. Simulation
Image source:

22. Mobility Model: Manhattan
3000 m by 3000 m
Roads every 100 m
All vehicles are on roads
Vehicle communication range 300 m
Cars travel average 30 m/sec

23. Privacy Metrics Anonymity set size: Entropy of anonymity set size:
|ASi|
Entropy of anonymity set size:
H(|ASi|) = Σ p(i,j) log2p(i,j)
Tracking probability:
Prob(|ASi| = 1)

24. Simulation: Python 2.7 Code#
# parrots.py
# George Corser, January 28, 2013
# Simulation of PARROTS, a VANET privacy model, wirtten in Python 2.7
# PARROTS: Position Altered Random Repetition of Transporation Signature #
# See the "Main" section at the bottom of this file to change parameters.
# This simulation assumes a grid of roads 100m apart on a 3000mx3000m area
def PARROTS(t, v, parrotee_percent, parroter_percent, seednum):
# Function arguments
# t is number of time slices. Each time slice is: comfreq = 300 ms
# v is number of vehicles in simulation
# parrotee_percent is the ratio of vehicles that wish to request parroting
# parroter_percent is the ratio of vehicles that volunteer to be parrots
# seednum is seed in random.seed(seednum) for random.randint()
continued…

25. Simulation: Python 2.7 Code
continued
Simulation: Python 2.7 Code
# #
# Step 1.a. Initialize vehicle locations
for ti in range(1): # initialize vehicles at random coordinates on road grid
for vi in range(v):
# Vehicles, Groups and Leaders #
if vi % 2 == 0: # if vi is even, let x be an even 100 and y be random
x.append(100*random.randint(0,xmax/100))
y.append(random.randint(0,ymax))
else:
x.append(random.randint(0,xmax))
y.append(100*random.randint(0,ymax/100))
xprior.append(0)
yprior.append(0)
xdir.append((-1)**random.randint(1,2)) # randomly select -1 or 1
ydir.append((-1)**random.randint(1,2))
continued…

26. Simulation: Output ti vi Sum (as) pep prp (pe) (pr) (pas) Count 600
PARROT-ing almost doubles AS size
Simulation: Output ti vi
Sum
(as)
pep
prp
(pe)
(pr)
(pas)
Count
600
100
132 98 99
103 73
200
398
195
197
364
170

27. Simulation: Graphed Output
Average Parrotee Anonymity Set Sizes Based on Parroter Percentage after 5 mins
Simulation: Graphed Output

28. Problems with simulation
In simulation, all cars are on road. In real life cars would be in parking lots, driveways, alleys, and other places that are not roads.
In simulation, when cars reach edge of grid they turn around and go back into the grid. In real life they would leave the grid area and perhaps new cars would enter.
In simulation, cars are uniformly distributed. In real life they are concentrated in certain spots.

29. 4. Conclusion
VANET Privacy
PARROTS Model
Simulation