Increasing numbers of mobile computing devices, user-portable, or embedded in vehicles, cargo containers, or the physical space, need to be aware of their location in order to provide a wide range of commercial services. Most often, mobile devices ob
tain their own location with the help of Global Navigation Satellite Systems (GNSS), integrating, for example, a Global Positioning System (GPS) receiver. Nonetheless, an adversary can compromise location-aware applications by attacking the GNSS-based positioning: It can forge navigation messages and mislead the receiver into calculating a fake location. In this paper, we analyze this vulnerability and propose and evaluate the effectiveness of countermeasures. First, we consider replay attacks, which can be effective even in the presence of future cryptographic GNSS protection mechanisms. Then, we propose and analyze methods that allow GNSS receivers to detect the reception of signals generated by an adversary, and then reject fake locations calculated because of the attack. We consider three diverse defense mechanisms, all based on knowledge, in particular, own location, time, and Doppler shift, receivers can obtain prior to the onset of an attack. We find that inertial mechanisms that estimate location can be defeated relatively easy. This is equally true for the mechanism that relies on clock readings from off-the-shelf devices; as a result, highly stable clocks could be needed. On the other hand, our Doppler Shift Test can be effective without any specialized hardware, and it can be applied to existing devices.
Vehicular Ad Hoc Networks (VANETs) are a peculiar subclass of mobile ad hoc networks that raise a number of technical challenges, notably from the point of view of their mobility models. In this paper, we provide a thorough analysis of the connectivi
ty of such networks by leveraging on well-known results of percolation theory. By means of simulations, we study the influence of a number of parameters, including vehicle density, proportion of equipped vehicles, and radio communication range. We also study the influence of traffic lights and roadside units. Our results provide insights on the behavior of connectivity. We believe this paper to be a valuable framework to assess the feasibility and performance of future applications relying on vehicular connectivity in urban scenarios.
Wireless sensor networks (WSNs) can be a valuable decision-support tool for farmers. This motivated our deployment of a WSN system to support rain-fed agriculture in India. We defined promising use cases and resolved technical challenges throughout a
two-year deployment of our COMMON-Sense Net system, which provided farmers with environment data. However, the direct use of this technology in the field did not foster the expected participation of the population. This made it difficult to develop the intended decision-support system. Based on this experience, we take the following position in this paper: currently, the deployment of WSN technology in developing regions is more likely to be effective if it targets scientists and technical personnel as users, rather than the farmers themselves. We base this claim on the lessons learned from the COMMON-Sense system deployment and the results of an extensive user experiment with agriculture scientists, which we describe in this paper.
Secure routing protocols for mobile ad hoc networks have been developed recently, yet, it has been unclear what are the properties they achieve, as a formal analysis of these protocols is mostly lacking. In this paper, we are concerned with this prob
lem, how to specify and how to prove the correctness of a secure routing protocol. We provide a definition of what a protocol is expected to achieve independently of its functionality, as well as communication and adversary models. This way, we enable formal reasoning on the correctness of secure routing protocols. We demonstrate this by analyzing two protocols from the literature.
Vehicular communication (VC) systems have recently drawn the attention of industry, authorities, and academia. A consensus on the need to secure VC systems and protect the privacy of their users led to concerted efforts to design security architectur
es. Interestingly, the results different project contributed thus far bear extensive similarities in terms of objectives and mechanisms. As a result, this appears to be an auspicious time for setting the corner-stone of trustworthy VC systems. Nonetheless, there is a considerable distance to cover till their deployment. This paper ponders on the road ahead. First, it presents a distillation of the state of the art, covering the perceived threat model, security requirements, and basic secure VC system components. Then, it dissects predominant assumptions and design choices and considers alternatives. Under the prism of what is necessary to render secure VC systems practical, and given possible non-technical influences, the paper attempts to chart the landscape towards the deployment of secure VC systems.
Vehicular Communication (VC) systems are on the verge of practical deployment. Nonetheless, their security and privacy protection is one of the problems that have been addressed only recently. In order to show the feasibility of secure VC, certain im
plementations are required. In [1] we discuss the design of a VC security system that has emerged as a result of the European SeVeCom project. In this second paper, we discuss various issues related to the implementation and deployment aspects of secure VC systems. Moreover, we provide an outlook on open security research issues that will arise as VC systems develop from todays simple prototypes to full-fledged systems.
Significant developments have taken place over the past few years in the area of vehicular communication (VC) systems. Now, it is well understood in the community that security and protection of private user information are a prerequisite for the dep
loyment of the technology. This is so, precisely because the benefits of VC systems, with the mission to enhance transportation safety and efficiency, are at stake. Without the integration of strong and practical security and privacy enhancing mechanisms, VC systems could be disrupted or disabled, even by relatively unsophisticated attackers. We address this problem within the SeVeCom project, having developed a security architecture that provides a comprehensive and practical solution. We present our results in a set of two papers in this issue. In this first one, we analyze threats and types of adversaries, we identify security and privacy requirements, and we present a spectrum of mechanisms to secure VC systems. We provide a solution that can be quickly adopted and deployed. In the second paper, we present our progress towards the implementation of our architecture and results on the performance of the secure VC system, along with a discussion of upcoming research challenges and our related current results.
Wireless Sensor Networks (WSNs) rely on in-network aggregation for efficiency, however, this comes at a price: A single adversary can severely influence the outcome by contributing an arbitrary partial aggregate value. Secure in-network aggregation c
an detect such manipulation. But as long as such faults persist, no aggregation result can be obtained. In contrast, the collection of individual sensor node values is robust and solves the problem of availability, yet in an inefficient way. Our work seeks to bridge this gap in secure data collection: We propose a system that enhances availability with an efficiency close to that of in-network aggregation. To achieve this, our scheme relies on costly operations to localize and exclude nodes that manipulate the aggregation, but emph{only} when a failure is detected. The detection of aggregation disruptions and the removal of faulty nodes provides robustness. At the same time, after removing faulty nodes, the WSN can enjoy low cost (secure) aggregation. Thus, the high exclusion cost is amortized, and efficiency increases.
Wireless communication enables a broad spectrum of applications, ranging from commodity to tactical systems. Neighbor discovery (ND), that is, determining which devices are within direct radio communication, is a building block of network protocols a
nd applications, and its vulnerability can severely compromise their functionalities. A number of proposals to secure ND have been published, but none have analyzed the problem formally. In this paper, we contribute such an analysis: We build a formal model capturing salient characteristics of wireless systems, most notably obstacles and interference, and we provide a specification of a basic variant of the ND problem. Then, we derive an impossibility result for a general class of protocols we term time-based protocols, to which many of the schemes in the literature belong. We also identify the conditions under which the impossibility result is lifted. Moreover, we explore a second class of protocols we term time- and location-based protocols, and prove they can secure ND.
Transportation safety, one of the main driving forces of the development of vehicular communication (VC) systems, relies on high-rate safety messaging (beaconing). At the same time, there is consensus among authorities, industry, and academia on the
need to secure VC systems. With specific proposals in the literature, a critical question must be answered: can secure VC systems be practical and satisfy the requirements of safety applications, in spite of the significant communication and processing overhead and other restrictions security and privacy-enhancing mechanisms impose? To answer this question, we investigate in this paper the following three dimensions for secure and privacy-enhancing VC schemes: the reliability of communication, the processing overhead at each node, and the impact on a safety application. The results indicate that with the appropriate system design, including sufficiently high processing power, applications enabled by secure VC can be in practice as effective as those enabled by unsecured VC.
