Privacy endangerment from protocol data sets in VANETs and countermeasures

Wireless vehicular networks are about to be deployed within the next years. Important progress towards practical usage of such networks is being made by standardization in Europe and the USA. Thereby, one of the core concerns is privacy of vehicles and their drivers, especially in Europe. Prior work has regarded only a small sub-set of the information exposed by current standards to an attacker for vehicle tracking. Thus, we take a close look on the data contained on different protocol layers of an ETSI ITS system. We find that much data is very distinctive and can be used to identify static vehicle properties such as manufacturer or even model. We call these data sets volatile constant data. Its presence is shown to greatly reduce usability of formerly proposed cooperative pseudonym switching strategies. Thereby, a privacy metric called vehicular uniqueness is introduced. The provided analysis shows that more constraints have to be applied for selecting appropriate cooperation partners for pseudonym switching, which significantly reduces their availability. Therefore, current techniques cannot provide the level of privacy defined in VANET standards. Suggestions for improving the data sets used by security entity and facility layer of ETSI ITS are given to limit the impact of the found issues. Effectiveness of the proposed mechanisms is shown in the provided evaluation.