Mahdi Akil (Karlstad University), Leonardo Martucci (Karlstad University), Jaap-Henk Hoepman (Radboud University)
In vehicular ad hoc networks (VANETs), vehicles exchange messages to improve traffic and passengers’ safety. In VANETs, (passive) adversaries can track vehicles (and their drivers) by analyzing the data exchanged in the network. The use of privacy-enhancing technologies can prevent vehicle tracking but solutions so far proposed either require an intermittent connection to a fixed infrastructure or allow vehicles to generate concurrent pseudonyms which could lead to identity-based (Sybil) attacks. In this paper, we propose an anonymous authentication scheme that does not require a connection to a fixed infrastructure during operation and is not vulnerable to Sybil attacks. Our scheme is built on attribute-based credentials and short lived pseudonyms. In it, vehicles interact with a central authority only once, for registering themselves, and then generate their own pseudonyms without interacting with other devices, or relying on a central authority or a trusted third party. The pseudonyms are periodically refreshed, following system wide epochs.