The scrambler attack: A robust physical layer attack on location privacy in vehicular networks

Vehicular networks provide the basis for a wide range of both safety and non-safety applications. One of the key challenges for wide acceptance is to which degree the drivers' privacy can be protected. The main technical privacy protection mechanism is the use of changing identifiers (from MAC to application layer), so called pseudonyms. The effectiveness of this approach, however, is clearly reduced if specific characteristics of the physical layer (e.g., in the transmitted signal) reveal the link between two messages with different pseudonyms. In this paper, we present such a fingerprinting technique: the scrambler attack. In contrast to other physical layer fingerprinting methods, it does not rely on potentially fragile features of the channel or the hardware, but exploits the transmitted scrambler state that each receiver has to derive in order to decode a packet, making this attack extremely robust. We show how the scrambler attack bypasses the privacy protection mechanism of state-of-the-art approaches and quantify the degradation of drivers' location privacy with an extensive simulation study. Based on our results, we identify additional technological requirements in order to enable privacy protection mechanisms on a large scale.

[1]  Hannes Hartenstein,et al.  Inter-vehicle communication: Quo vadis , 2014, IEEE Communications Magazine.

[2]  Nj Piscataway,et al.  Wireless LAN medium access control (MAC) and physical layer (PHY) specifications , 1996 .

[3]  Zhendong Ma,et al.  Privacy in inter-vehicular networks: Why simple pseudonym change is not enough , 2010, 2010 Seventh International Conference on Wireless On-demand Network Systems and Services (WONS).

[4]  Jack Edmonds,et al.  Maximum matching and a polyhedron with 0,1-vertices , 1965 .

[5]  Sneha Kumar Kasera,et al.  Robust location distinction using temporal link signatures , 2007, MobiCom '07.

[6]  Raja Sengupta,et al.  Reducing the Communication Required By DSRC-Based Vehicle Safety Systems , 2007, 2007 IEEE Intelligent Transportation Systems Conference.

[7]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[8]  Anna Freud,et al.  Design And Analysis Of Modern Tracking Systems , 2016 .

[9]  Marco Gruteser,et al.  On the Anonymity of Periodic Location Samples , 2005, SPC.

[10]  Damon McCoy,et al.  Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting , 2006, USENIX Security Symposium.

[11]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[12]  Seok-Joong Heo,et al.  An overview of peak-to-average power ratio reduction schemes for OFDM signals , 2009, Journal of Communications and Networks.

[13]  Alexey V. Vinel,et al.  3GPP LTE Versus IEEE 802.11p/WAVE: Which Technology is Able to Support Cooperative Vehicular Safety Applications? , 2012, IEEE Wireless Communications Letters.

[14]  Reinhard German,et al.  Bidirectionally Coupled Network and Road Traffic Simulation for Improved IVC Analysis , 2011, IEEE Transactions on Mobile Computing.

[15]  Falko Dressler,et al.  Towards an Open Source IEEE 802.11p stack: A full SDR-based transceiver in GNU Radio , 2013, 2013 IEEE Vehicular Networking Conference.

[16]  Voon Chin Phua,et al.  Wireless lan medium access control (mac) and physical layer (phy) specifications , 1999 .

[17]  Michael A. Temple,et al.  Application of wavelet-based RF fingerprinting to enhance wireless network security , 2009, Journal of Communications and Networks.

[18]  Nsw Roads and Maritime Services Intelligent Transport Systems (ITS) , 2016 .

[19]  Marco Fiore,et al.  Content downloading in vehicular networks: What really matters , 2011, 2011 Proceedings IEEE INFOCOM.

[20]  B. Yener,et al.  Active Attacks Against Modulation-based Radiometric Identification , 2009 .

[21]  Samuel S. Blackman,et al.  Design and Analysis of Modern Tracking Systems , 1999 .

[22]  Falko Dressler,et al.  An IEEE 802.11a/g/p OFDM receiver for GNU radio , 2013, SRIF '13.

[23]  Srdjan Capkun,et al.  Physical-Layer Identification of Wireless Devices , 2011 .

[24]  Bob O'Hara,et al.  Medium access control (MAC) , 2005 .

[25]  Kaoru Sezaki,et al.  Enhancing wireless location privacy using silent period , 2005, IEEE Wireless Communications and Networking Conference, 2005.

[26]  Christoph Sommer,et al.  Driving for Big Data? Privacy Concerns in Vehicular Networking , 2014, IEEE Security & Privacy.

[27]  Oktay Ureten,et al.  Wireless security through RF fingerprinting , 2007, Canadian Journal of Electrical and Computer Engineering.