The Impact of Security on Cooperative Awareness in VANET Michael Feiri, Jonathan Petit Distributed and Embedded Security University of Twente The Netherlands Email: m.feiri, j.petit@utwente.nl Robert K. Schmidt DENSO AUTOMOTIVE Deutschland GmbH Email: r.schmidt@denso-auto.de Frank Kargl Institute of Distributed Systems University of Ulm Ulm, Germany Email: frank.kargl@uni-ulm.de Abstract—Vehicular networking enables new safety applica- tions that aim at improving roads safety. Because of their direct relation to driver’s safety, this goal can only be achieved if vehicular networking is based on a technology that is robust against malicious attackers. Therefore, security mechanisms such as authentication are proposed. However, security comes at a cost in terms of computational and communication overhead. For example, a signature and certificate are appended to every beacon sent, which generates an extra load on the network. Moreover, most of the safety applications require a perfect awareness of the vehicle’s surroundings to perform adequately. To represent such awareness, the Awareness Quality is used to indicate the current level of awareness of the vehicle. This metric was previously used by the Decentralized Congestion Control community to improve channel usage. In this paper, we use the Awareness Quality to investigate the impact of security on cooperative awareness in VANET. Then, we apply this metric to the mechanism of certificate omission, and provide extensive simulation results. The attributes of Awareness Quality metrics enable us to investigate the behavior of certificate omission schemes with a precision that was not provided by aggregate metrics. This enables us to show that congestion-based certificate omission with a quadratic adaption function is the most effective scheme among existing certificate omission schemes. Keywords—Awareness quality, security, certificate omission, cooperative awareness, VANET. I. I NTRODUCTION For over a decade now, vehicular networking has received great attention by academia, industry, and politics. It brings the promise to make our driving safer, more efficient and environment-friendly, and last but not least, also more comfort- able. These goals can only be achieved if vehicular networking is based on a technology that is robust against malicious attackers, and this need was stressed very early in publications like [1]. A central aspect is authentication and integrity protection for messages. It should be ensured that only valid vehicles can send messages that other vehicles will accept as genuine, and that attackers cannot modify or tamper with sent mes- sages. Both the IEEE 1609.2 standard and its corresponding counterpart for Europe, ETSI TS 103 097, foresee the use of digital signatures using Elliptic Curve DSA (ECDSA) and the NISTp256 curve as cryptographic basis. Furthermore, both standards foresee a public key infrastructure where Certificate Authorities (CAs) issue digital certificates for vehicles that attest the validity of vehicle’s key pairs. The details of the Public Key Infrastructure (PKI) are rather complex, especially due to the fact that both privacy and non- repudiation need to be guaranteed, but for the issue discussed in this paper this is of lesser importance. We can just conclude that vehicles own asymmetric key pairs and certificates, and use those keys to attach signatures and certificates to messages. This attachment has a direct influence on communication reliability. The size of this added security payload is 65 bytes for the signature and 140 bytes for a certificate. As [2], [3] discuss, such an increase of message size will lead to an increase of packet collisions — especially on a congested channel. Both papers suggest that it is not a clever strategy to attach a certificate to every single message. Once a receiver A obtained a certificate of a neighboring vehicle B, further certificates attached to subsequent mes- sages of B are redundant and can be omitted. However, as vehicular networks typically use broadcast communication to an unspecified set of neighboring vehicles, A has generally no means to know whether all receivers already know its certificate. So if A omits a certificate from a message, this creates the risk that a receiver not knowing the certificate cannot validate the public key of A, and then needs to discard the message. This creates a security-induced “cryptographic packet loss” in contrast to network-induced “network packet loss”. Attaching less certificates to subsequent messages of A increases the cryptographic packet loss while reducing network packet loss. Attaching certificates to every single message removes cryptographic packet loss while potentially increasing network packet loss. The question we address in this paper is the search for an optimal strategy that balances this trade-off to achieve a minimum overall packet loss. Previous approaches like [2], [4], [3] have investigated different approaches for certificate omission that will be discussed in the next sections. They have, however, one significant drawback. Their evaluation is based on the number of packets that is lost, and not on the impact that this has on application performance. One notable exception is [5], [6] that looks at one specific application to investigate how many crashes different omission schemes can help to prevent. In this paper we take a more general approach that is using so-called awareness quality as a metric to compare different strategies. Awareness quality, as introduced in [7] looks at the information that a vehicle has about a specific driving situation based on the messages it received. It compares the 2013 IEEE Vehicular Networking Conference 978-1-4799-2687-9/13/$31.00 ©2013 IEEE 127