Vehicle Safety Communications: Protocols, Security, and Privacy

Provides an up–to–date, in–depth look at the currentresearch, design, and implementation of cooperative vehicle safetycommunication protocols and technology

Improving traffic safety has been a top concern fortransportation agencies around the world and the focus of heavyresearch and development efforts sponsored by both governments andprivate industries. Cooperative vehicle systems which usesensors and wireless technologies to reduce trafficaccidents can play a major role in making the world′s roadssafer.

Vehicle Safety Communications: Protocols, Security, andPrivacy describes fundamental issues in cooperative vehiclesafety and recent advances in technologies for enabling cooperativevehicle safety. It gives an overview of traditional vehicle safetyissues, the evolution of vehicle safety technologies, and the needfor cooperative systems where vehicles work together to reduce thenumber of crashes or mitigate damage when crashes becomeunavoidable.

Authored by two top industry professionals, the book:

Summarizes the history and current status of 5.9 GHz DedicatedShort Range Communications (DSRC) technology and standardization,discussing key issues in applying DSRC to support cooperativevehicle safety Features an in–depth overview of on–board equipment (OBE) androadside equipment (RSE) by describing sample designs to illustratethe key issues and potential solutions Takes on security and privacy protection requirements andchallenges, including how to design privacy–preserving digitalcertificate management systems and how to evict misbehavingvehicles Includes coverage of vehicle–to–infrastructure (V2I)communications like intersection collision avoidance applicationsand vehicle–to–vehicle (V2V) communications like extendedelectronic brake lights and intersection movement assist

Vehicle Safety Communications is ideal for anyone workingin the areas of or studying cooperative vehicle safetyand vehicle communications.

Foreword xv
Ralf G. Herrtwich

Foreword xvii
Flavio Bonomi

Foreword xix
Adam Drobot

Preface xxi

Acknowledgments xxv

1 Traffic Safety 1

1.1 Traffic Safety Facts 1

1.1.1 Fatalities 2

1.1.2 Leading Causes of Crashes 3

1.1.3 Current Trends 5

1.2 European Union 5

1.3 Japan 7

1.4 Developing Countries 7

References 8

2 Automotive Safety Evolution 10

2.1 Passive Safety 10

2.1.1 Safety Cage and the Birth of Passive Safety 10

2.1.2 Seat Belts 11

2.1.3 Air Bags 11

2.2 Active Safety 12

2.2.1 Antilock Braking System 12

2.2.2 Electronic Stability Control 13

2.2.3 Brake Assist 13

2.3 Advanced Driver Assistance Systems 14

2.3.1 Adaptive Cruise Control 15

2.3.2 Blind Spot Assist 16

2.3.3 Attention Assist 16

2.3.4 Precrash Systems 16

2.4 Cooperative Safety 17

References 18

3 Vehicle Architectures 20

3.1 Electronic Control Units 20

3.2 Vehicle Sensors 21

3.2.1 Radars 21

3.2.2 Cameras 21

3.3 Onboard Communication Networks 22

3.3.1 Controller Area Network 23

3.3.2 Local Interconnect Network 23

3.3.3 FlexRay 24

3.3.4 Media Oriented Systems Transport 24

3.3.5 Onboard Diagnostics 24

3.4 Vehicle Data 25

3.5 Vehicle Data Security 26

3.6 Vehicle Positioning 27

3.6.1 Global Positioning System 27

3.6.2 Galileo 29

3.6.3 Global Navigation Satellite System 29

3.6.4 Positioning Accuracy 30

References 30

4 Connected Vehicles 32

4.1 Connected Vehicle Applications 32

4.1.1 Hard Safety Applications 32

4.1.2 Soft Safety Applications 33

4.1.3 Mobility and Convenience Applications 33

4.2 Uniqueness in Consumer Vehicle Networks 34

4.3 Vehicle Communication Modes 36

4.3.1 Vehicle–to–Vehicle Local Broadcast 36

4.3.2 V2V Multihop Message Dissemination 37

4.3.3 Infrastructure–to–Vehicle Local Broadcast 38

4.3.4 Vehicle–to–Infrastructure BidirectionalCommunications 39

4.4 Wireless Communications Technology for Vehicles 39

References 42

5 Dedicated Short–Range Communications 44

5.1 The 5.9 GHz Spectrum 44

5.1.1 DSRC Frequency Band Usage 45

5.1.2 DSRC Channels 45

5.1.3 DSRC Operations 46

5.2 DSRC in the European Union 46

5.3 DSRC in Japan 47

5.4 DSRC Standards 48

5.4.1 Wireless Access in Vehicular Environments 48

5.4.2 Wireless Access in Vehicular Environments ProtocolStack 48

5.4.3 International Harmonization 50

References 50

6 WAVE Physical Layer 52

6.1 Physical Layer Operations 52

6.1.1 Orthogonal Frequency Division Multiplexing 52

6.1.2 Modulation and Coding Rates 53

6.1.3 Frame Reception 54

6.2 PHY Amendments 55

6.2.1 Channel Width 56

6.2.2 Spectrum Masks 56

6.2.3 Improved Receiver Performance 57

6.3 PHY Layer Modeling 57

6.3.1 Network Simulator Architecture 58

6.3.2 RF Model 59

6.3.3 Wireless PHY 61

References 62

7 WAVE Media Access Control Layer 64

7.1 Media Access Control Layer Operations 64

7.1.1 Carrier Sensing Multiple Access with Collision Avoidance64

7.1.2 Hidden Terminal Effects 65

7.1.3 Basic Service Set 66

7.2 MAC Layer Amendments 66

7.3 MAC Layer Modeling 67

7.3.1 Transmission 68

7.3.2 Reception 68

7.3.3 Channel State Manager 68

7.3.4 Back–Off Manager 69

7.3.5 Transmission Coordination 70

7.3.6 Reception Coordination 71

7.4 Overhauled ns–2 Implementation 72

References 74

8 DSRC Data Rates 75

8.1 Introduction 75

8.2 Communication Density 76

8.2.1 Simulation Study 77

8.2.2 Broadcast Reception Rates 78

8.2.3 Channel Access Delay 81

8.2.4 Frames Reception Failures 83

8.3 Optimal Data Rate 85

8.3.1 Modulation and Coding Rates 85

8.3.2 Simulation Study 86

8.3.3 Simulation Matrix 87

8.3.4 Simulation Results 88

References 91

9 WAVE Upper Layers 93

9.1 Introduction 93

9.2 DSRC Multichannel Operations 94

9.2.1 Time Synchronization 94

9.2.2 Synchronization Intervals 95

9.2.3 Guard Intervals 96

9.2.4 Channel Switching 96

9.2.5 Channel Switching State Machine 96

9.3 Protocol Evaluation 97

9.3.1 Simulation Study 98

9.3.2 Simulation Scenarios 99

9.3.3 Simulation Results 99

9.3.4 Protocol Enhancements 102

9.4 WAVE Short Message Protocol 103

References 104

10 Vehicle–to–Infrastructure Safety Applications 106

10.1 Intersection Crashes 106

10.2 Cooperative Intersection Collision Avoidance System forViolations 107

10.2.1 CICAS–V Design 107

10.2.2 CICAS–V Development 110

10.2.3 CICAS–V Testing 116

10.3 Integrated Safety Demonstration 118

10.3.1 Demonstration Concept 118

10.3.2 Hardware Components 120

10.3.3 Demo Design 121

References 124

11 Vehicle–to–Vehicle Safety Applications 126

11.1 Cooperation among Vehicles 126

11.2 V2V Safety Applications 127

11.3 V2V Safety Applications Design 128

11.3.1 Basic Safety Messages 129

11.3.2 Minimum Performance Requirements 129

11.3.3 Target Classifi cation 131

11.3.4 Vehicle Representation 132

11.3.5 Sample Applications 133

11.4 System Implementation 135

11.4.1 Onboard Unit Hardware Components 135

11.4.2 OBU Software Architecture 135

11.4.3 Driver Vehicle Interface 137

11.5 System Testing 138

11.5.1 Communications Coverage and AntennaConsiderations 138

11.5.2 Positioning 139

References 140

12 DSRC Scalability 141

12.1 Introduction 141

12.2 DSRC Data Traffic 142

12.2.1 DSRC Safety Messages 142

12.2.2 Transmission Parameters 143

12.2.3 Channel Load Assessment 144

12.3 Congestion Control Algorithms 145

12.3.1 Desired Properties 145

12.3.2 Transmission Power Adjustment 146

12.3.3 Message Rate Adjustment 147

12.3.4 Simulation Study 148

12.4 Conclusions 148

References 149

13 Security and Privacy Threats and Requirements 151

13.1 Introduction 151

13.2 Adversaries 151

13.3 Security Threats 152

13.3.1 Send False Safety Messages Using Valid SecurityCredentials 152

13.3.2 Falsely Accuse Innocent Vehicles 153

13.3.3 Impersonate Vehicles or Other Network Entities 153

13.3.4 Denial–of–Service Attacks Specific to Consumer VehicleNetworks 154

13.3.5 Compromise OBU Software or Firmware 155

13.4 Privacy Threats 155

13.4.1 Privacy in a Vehicle Network 155

13.4.2 Privacy Threats in Consumer Vehicle Networks 156

13.4.3 How Driver Privacy can be Breached Today 158

13.5 Basic Security Capabilities 159

13.5.1 Authentication 159

13.5.2 Misbehavior Detection and Revocation 160

13.5.3 Data Integrity 160

13.5.4 Data Confidentiality 160

13.6 Privacy Protections Capabilities 161

13.7 Design and Performance Considerations 161

13.7.1 Scalability 162

13.7.2 Balancing Competing Requirements 162

13.7.3 Minimal Side Effects 163

13.7.4 Quantifi able Levels of Security and Privacy 163

13.7.5 Adaptability 163

13.7.6 Security and Privacy Protection for V2V Broadcast 163

13.7.7 Security and Privacy Protection for Communications withSecurity Servers 164

References 165

14 Cryptographic Mechanisms 167

14.1 Introduction 167

14.2 Categories of Cryptographic Mechanisms 167

14.2.1 Cryptographic Hash Functions 168

14.2.2 Symmetric Key Algorithms 169

14.2.3 Public Key (Asymmetric Key) Algorithms 170

14.3 Digital Signature Algorithms 172

14.3.1 The RSA Algorithm 172

14.3.2 The DSA Algorithm 178

14.3.3 The ECDSA Algorithm 184

14.3.4 ECDSA for Vehicle Safety Communications 194

14.4 Message Authentication and Message Integrity Verifi cation196

14.4.1 Authentication and Integrity Verifi cation Using HashFunctions 197

14.4.2 Authentication and Integrity Verifi cation Using DigitalSignatures 198

14.5 Diffi e Hellman Key Establishment Protocol 200

14.5.1 The Original Diffie Hellman Key EstablishmentProtocol 200

14.5.2 Elliptic Curve Diffie Hellman Key EstablishmentProtocol 201

14.6 Elliptic Curve Integrated Encryption Scheme (ECIES) 202

14.6.1 The Basic Idea 202

14.6.2 Scheme Setup 202

14.6.3 Encrypt a Message 202

14.6.4 Decrypt a Message 204

14.6.5 Performance 204

References 206

15 Public Key Infrastructure for Vehicle Networks 209

15.1 Introduction 209

15.2 Public Key Certificates 210

15.3 Message Authentication with Certificates 211

15.4 Certifi cate Revocation List 212

15.5 A Baseline Reference Vehicular PKI Model 213

15.6 Confi gure Initial Security Parameters and Assign InitialCertificates 215

15.6.1 Vehicles Create Their Private and PublicKeys 216

15.6.2 Certificate Authority Creates Private and Public Keys forVehicles 217

15.7 Acquire New Keys and Certifi cates 217

15.8 Distribute Certifi cates to Vehicles for SignatureVerifications 220

15.9 Detect Misused Certifi cates and MisbehavingVehicles 222

15.9.1 Local Misbehavior Detection 223

15.9.2 Global Misbehavior Detection 224

15.9.3 Misbehavior Reporting 224

15.10 Ways for Vehicles to Acquire CRLs 226

15.11 How Often CRLs should be Distributed to Vehicles? 228

15.12 PKI Hierarchy 230

15.12.1 Certifi cate Chaining to Enable Hierarchical CAs 231

15.12.2 Hierarchical CA Architecture Example 231

15.13 Privacy–Preserving Vehicular PKI 233

15.13.1 Quantitative Measurements of VehicleAnonymity 234

15.13.2 Quantitative Measurement of Message Unlinkability234

References 235

16 Privacy Protection with Shared Certificates 237

16.1 Shared Certificates 237

16.2 The Combinatorial Certificate Scheme 237

16.3 Certificate Revocation Collateral Damage  239

16.4 Certified Intervals 242

16.4.1 The Concept of Certified Interval 242

16.4.2 Certified Interval Produced by the Original CombinatorialCertificate Scheme 242

16.5 Reduce Collateral Damage and Improve Certified Interval244

16.5.1 Reduce Collateral Damage Caused by a Single MisusedCertificate 245

16.5.2 Vehicles Become Statistically Distinguishable WhenMisusing Multiple Certificates 248

16.5.3 The Dynamic Reward Algorithm 250

16.6 Privacy in Low Vehicle Density Areas 253

16.6.1 The Problem 253

16.6.2 The Blend–In Algorithm to Improve Privacy 256

References 259

17 Privacy Protection with Short–Lived Unique Certificates260

17.1 Short–Lived Unique Certificates 260

17.2 The Basic Short–Lived Certificate Scheme 261

17.3 The Problem of Large CRL 263

17.4 Anonymously Linked Certificates to Reduce CRLSize 264

17.4.1 Certificate Tags 264

17.4.2 CRL Processing by Vehicles 265

17.4.3 Backward Unlinkability 267

17.5 Reduce CRL Search Time 268

17.6 Unlinked Short–Lived Certificates 269

17.7 Reduce the Volume of Certificate Request and ResponseMessages 270

17.8 Determine the Number of Certificates for EachVehicle 270

References 273

18 Privacy Protection with Group Signatures 274

18.1 Group Signatures 274

18.2 Zero–Knowledge Proof of Knowledge 275

18.3 The ACJT Group Signature Scheme and its Extensions 277

18.3.1 The ACJT Group Signature Scheme 277

18.3.2 The Challenge of Group Membership Revocation 282

18.3.3 ACJT Extensions to Support MembershipRevocation 283

18.4 The CG Group Signature Scheme with Revocation 286

18.5 The Short Group Signatures Scheme 288

18.5.1 The Short Group Signatures Scheme 288

18.5.2 Membership Revocation 291

18.6 Group Signature Schemes with Verifier–Local Revocation292

References 293

19 Privacy Protection against Certificate Authorities295

19.1 Introduction 295

19.2 Basic Idea 295

19.3 Baseline Split CA Architecture, Protocol, and MessageProcessing 297

19.4 Split CA Architecture for Shared Certifi cates 301

19.5 Split CA Architecture for Unlinked Short–Lived Certificates302

19.5.1 Acquire One Unlinked Certifi cate at a Time 302

19.5.2 Assign Batches of Unlinked Short–Lived Certificates 304

19.5.3 Revoke Batches of Unlinked Certifi cates 306

19.5.4 Request for Decryption Keys for CertificateBatches 307

19.6 Split CA Architecture for Anonymously Linked Short–LivedCertificates 308

19.6.1 Assign One Anonymously Linked Short–Lived Certificate ata Time 308

19.6.2 Assign Batches of Anonymously Linked Short–LivedCertificates 311

19.6.3 Revoke Batches of Anonymously Linked Short–LivedCertificates  312

19.6.4 Request for Decryption Keys for Certificate Batches 313

References 314

20 Comparison of Privacy–Preserving Certificate ManagementSchemes 315

20.1 Introduction 315

20.2 Comparison of Main Characteristics 316

20.3 Misbehavior Detection 320

20.4 Abilities to Prevent Privacy Abuse by CA and MDS Operators321

20.5 Summary 322

21 IEEE 1609.2 Security Services 323

21.1 Introduction 323

21.2 The IEEE 1609.2 Standard 323

21.3 Certificates and Certificate AuthorityHierarchy 325

21.4 Formats for Public Key, Signature, Certificate, andCRL 327

21.4.1 Public Key Formats 327

21.4.2 Signature Formats 328

21.4.3 Certificate Format 329

21.4.4 CRL Format 332

21.5 Message Formats and Processing for Generating EncryptedMessages 333

21.6 Sending Messages  335

21.7 Request Certifi cates from the CA 336

21.8 Request and Processing CRL 343

21.9 What the Current IEEE 1609.2 Standard Does NotCover 344

21.9.1 No Support for Anonymous Message Authentication 344

21.9.2 Separate Vehicle–CA Communication Protocols AreRequired 344

21.9.3 Interactions and Interfaces between CA Entities NotAddressed / 346

References 346

22 4G for Vehicle Safety Communications 347

22.1 Introduction 347

22.2 Long–Term Revolution (LTE) 347

22.3 LTE for Vehicle Safety Communications/ 353

22.3.1 Issues to Be Addressed 353

22.3.2 LTE for V2I Safety Communications 353

22.3.3 LTE for V2V Safety Communications 356

22.3.4 LTE Broadcast and Multicast Services 357

References 358

Glossary 360

Index 367

LUCA DELGROSSI, PhD, is Director of Driver Assistance andChassis Systems U.S. at Mercedes–Benz Research & DevelopmentNorth America, Inc., Chairman of the Board of Directors at the VIIConsortium, and coeditor of the IEEE Communications MagazineAutomotive Networking Series.

TAO ZHANG, PhD, is Chief Scientist for Smart ConnectedVehicles at Cisco Systems. He is a Fellow of the IEEE and thecoauthor of IP–Based Next–Generation Wireless Networks.