Supporting Secure and Privacy-Preserving Interactions in Intelligent Transportation Systems

Abstract

Intelligent Transportation Systems (ITS) leverage the advancement in sensors and RF technologies to enable communication between various traffic players, such as vehicles, pedestrians, traffic infrastructure and IoT devices, and support informed decision-making. Indeed, ITS are expected to revolutionize mobility in smart cities and provide increased safety, efficiency, and comfort. Yet, these advantages need to be combined with resilience to cyberattacks. First, with the realization of the Internet of Vehicles (IoV), vehicles become directly connected to the internet which poses a threat to the in-vehicle network. Second, in some ITS applications, messages are transmitted in plaintexts due to the necessity of a very low latency. With the limited resources of the ITS players and the strict performance and latency requirements, computationally expensive techniques, such as asymmetric cryptography, are not well-suited. In addition, the high frequency of message broadcasts makes the ITS susceptible to trajectory tracking attacks and consequently violates the privacy of the vehicle occupants. Meanwhile, preserving privacy while ensuring non-repudiation is another challenge where accountability is needed to support liability and forensics. Most existing approaches rely significantly on a central authority and a pervasive deployment of roadside infrastructure which makes ITS not economically viable. This dissertation addresses the aforementioned challenges. First, a distributed protocol is presented to enable continual mutual authentication and establishment of session keys. Such protocol leverages hardware-based security primitives that can be used as fingerprints for ITS nodes; it employs a novel obfuscation technique that safeguards against disclosure and prediction of the node fingerprint. Second, an authentication protocol is proposed to safeguard against unauthorized remote access to the in-vehicle network. Third, a distributed scheme is devised for cost-efficient and privacy-aware authentication in vehicular communication networks using mobile devices; the proposed scheme promotes a novel delegated message verification methodology that minimizes the overhead and scales for large setups. Fourth, the dissertation addresses the ultra-low latency requirements in dynamic contactless charging of Electric Vehicles (EVs) and proposes a Blockchain-based energy trading scheme that ensures fast authentication between EVs and charging pads and sustains payment integrity by countering cloning and double-spending of charging tickets. Last, this dissertation investigates the challenge in changing pseudonyms to support privacy as pseudonyms are used to sustain the anonymity of ITS nodes. Then, a novel scheme is developed in which each node autonomously generates a single-use pseudonym for each message broadcast to counter trajectory tracking attacks in ITS. The security of the proposed techniques is verified using prominent tools. The simulation-based experiments demonstrate that the proposed techniques outperform competing approaches in the literature.