February 1st, 2006
Networks on wheels
More and more cars and trucks are equipped with some kinds of wireless networking devices, helping to create applications based on vehicle to vehicle communications. But these types of networks present some new security challenges because of the short contact times between different mobile nodes and of the large size of these networks. This is why Germany’s funded Network on Wheels (NoW) project has decided to apply security considerations right at the beginning of the network development.
Let’s start with an example picked from "Trusted Network on Wheels," an article published by ERCIM News No. 63 in October 2005. "As soon as two or more vehicles are in radio communication range, they connect automatically and establish an ad hoc network, and create a new security threat" (Credit: BMW Group Research and Technology).
So what are the basic security requirements for such networks? It’s easy. Users must trust the system, meaning they believe they are always available and that these networks respect their privacy while providing correct information. Let’s see these requirements in detail.
Availability of the system implies that the system is robust even in the presence of malicious or faulty nodes, which due to the network size might be the general case. Note that this is not solely a security requirement but a common system requirement.
The privacy of users is an important asset in public networks. Basically, privacy requires untraceability of actions to a user and unlinkability of the actions of a node. These must be provided by the applications as far as possible, and be inherent to the internal functionalities of the communication system. The communication system should give away as little information as possible that could be used to violate the privacy of the users.
Finally, correctness in the security domain relates to secure communication. This boils down to the well-known security objectives of authenticity, freshness (which is, in fact authenticity in the time domain), integrity and non-repudiation.
But identifying these security requirements is not enough. The designers of such networks also need to know in advance if they can be attacked.
Current work consists of detecting attacks on the different parts of the system and estimating both their impact and probability. Starting from general attacks such as the insertion of false messages, system denial of service and privacy violations, attacks can be refined using attack trees.
The NoW project has produced many documents, but if you’re interested in this last part, here is a paper I recommend: Attacks on Inter Vehicle Communication Systems - an Analysis (PDF format, 11 pages, 741 KB).
Sources: ERCIM News No. 63, October 2005; and various web sites
You’ll find related stories by following the links below.
