VARS: A Vehicle Ad-Hoc Network Reputation System Florian D ¨ otzer BMW Group Research and Technology Hanauerstrasse 46, 80992 Munich, Germany florian.doetzer@bmw.de Lars Fischer, Przemyslaw Magiera Technical University of Darmstadt, Dep. of Computer Science, Research Group IT-Security Hochschulstr. 10, 64289 Darmstadt, Germany {lars@sec|pmagiera@rbg}.informatik.tu-darmstadt.de 1. Introduction Using mobile ad hoc networks in an automotive environ- ment (VANET) opens a new set of applications, such as the distribution of information about local traffic or road condi- tions. This can increase traffic safety and improve mobility. One of the main challenges is to forward event related mes- sages in such a way that the information can be trusted by receiving nodes. Authentication doesn’t solve the problem as it doesn’t target the quality of messages. One promis- ing solution might be given by reputation systems. But conventional centralized trust establishment approaches are not suited well for use within distributed networks such as those envisioned for automotive scenarios. Therefore, we present VARS, a completely distributed approach based on reputation. Our work is based on the following assumptions: • Cars move at a high average speed. • VANETs may become very large, in order of thou- sands or even millions of nodes. (Authenticated iden- tities will not be feasible.) • A solution has to be completely decentralized. • Available bandwidth for communication will remain limited, while processing power and memory will con- tinue to increase. In this paper, we will introduce major architecture con- cepts that enable VARS to operate efficiently in the given environment, present the most relevant algorithms and pro- vide some simulation results. 2. Concept / Algorithms This section gives a short introduction to the most rele- vant algorithms and concepts we used in our work. We will describe two main topics: the generation of opinions and the confidence decision. 2.1. Reputation System Architecture We propose a modular approach that strictly separates (a) direct, (b) indirect reputation handling and (c) opinion generation. Further modules are needed for (d) message handling and (e) situation recognition. 2.2. Basic Concepts We distinguish three areas: the event area within which an event can be recognized. The decision area defines when the trustworthyness of event messages have to be decided upon and the distribution area which specifies how far those messages are distributed. Until now these areas are of cir- cular shape. Further development should map those areas to the layout of the streets. While the message is distributed every forwarding node appends its own opinion about the message’s trustworthy- ness to the message. We call this mechanism Opinion Pig- gybacking (1). x 0 M -→ x 1 M|o(x1) -----→ x 2 M|o(x1)|o(x2) ---------→ x 3 →··· (1) The term direct trust is used for reputation information that is derived from experience. I. e. an announced event can be verified if recognized by a node. Indirect trust is transitive second-hand reputation provided by nodes of which reputation information is already known. Dependend