IPWAVE Working Group | J. Jeong, Ed. |
Internet-Draft | Sungkyunkwan University |
Intended status: Informational | July 8, 2019 |
Expires: January 9, 2020 |
IP Wireless Access in Vehicular Environments (IPWAVE): Problem Statement and Use Cases
draft-ietf-ipwave-vehicular-networking-10
This document discusses the problem statement and use cases of IP-based vehicular networking for Intelligent Transportation Systems (ITS). The main scenarios of vehicular communications are vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), and vehicle-to-everything (V2X) communications. First, this document explains use cases using V2V, V2I, and V2X networking. Next, it makes a problem statement about key aspects in IP-based vehicular networking, such as IPv6 Neighbor Discovery, Mobility Management, and Security & Privacy. For each key aspect, this document specifies requirements in IP-based vehicular networking, and suggests the direction of solutions satisfying those requirements.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 9, 2020.
Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Vehicular networking studies have mainly focused on improving safety and efficiency, and also enabling entertainment in vehicular networks. The Federal Communications Commission (FCC) in the US allocated wireless channels for Dedicated Short-Range Communications (DSRC) [DSRC] in the Intelligent Transportation Systems (ITS) with the frequency band of 5.850 - 5.925 GHz (i.e., 5.9 GHz band). DSRC-based wireless communications can support vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), and vehicle-to-everything (V2X) networking. Also, the European Union (EU) passed a decision to allocate a radio spectrum for safety-related and non-safety-related applications of ITS with the frequency band of 5.875 - 5.905 GHz, which is called Commission Decision 2008/671/EC [EU-2008-671-EC].
For direct inter-vehicular wireless connectivity, IEEE has amended WiFi standard 802.11 to enable driving safety services based on the DSRC in terms of standards for the Wireless Access in Vehicular Environments (WAVE) system. The Physical Layer (L1) and Data Link Layer (L2) issues are addressed in IEEE 802.11p [IEEE-802.11p] for the PHY and MAC of the DSRC, while IEEE 1609.2 [WAVE-1609.2] covers security aspects, IEEE 1609.3 [WAVE-1609.3] defines related services at network and transport layers, and IEEE 1609.4 [WAVE-1609.4] specifies the multi-channel operation. Note that IEEE 802.11p was a separate standard, but was later enrolled into the base 802.11 standard (IEEE 802.11-2012) as IEEE 802.11 Outside the Context of a Basic Service Set in 2012 [IEEE-802.11-OCB].
Along with these WAVE standards, IPv6 [RFC8200] and Mobile IP protocols (e.g., MIPv4 [RFC5944], MIPv6 [RFC6275], and Proxy MIPv6 (PMIPv6) [RFC5213][RFC5844]) can be applied (or easily modified) to vehicular networks. In Europe, ETSI has standardized a GeoNetworking (GN) protocol [ETSI-GeoNetworking] and a protocol adaptation sub-layer from GeoNetworking to IPv6 [ETSI-GeoNetwork-IP]. Note that a GN protocol is useful to route an event or notification message to vehicles around a geographic position, such as an acciendent area in a roadway. In addition, ISO has approved a standard specifying the IPv6 network protocols and services to be used for Communications Access for Land Mobiles (CALM) [ISO-ITS-IPv6].
This document explains use cases and a problem statement about IP-based vehicular networking for ITS, which is named IP Wireless Access in Vehicular Environments (IPWAVE). First, it introduces the use cases for using V2V, V2I, and V2X networking in the ITS. Next, it makes a problem statement about key aspects in IPWAVE, such as IPv6 Neighbor Discovery, Mobility Management, and Security & Privacy. For each key aspect of the problem statement, this document specifies requirements in IP-based vehicular networking, and proposes the direction of solutions fulfilling those requirements. Therefore, with the problem statement, this document will open a door to develop key protocols for IPWAVE that will be essential to IP-based vehicular networks in near future.
This document uses the following definitions:
This section explains use cases of V2V, V2I, and V2X networking. The use cases of the V2X networking exclude the ones of the V2V and V2I networking, but include Vehicle-to-Pedestrian (V2P) and Vehicle-to-Device (V2D).
The use cases of V2V networking discussed in this section include
These four techniques will be important elements for self-driving vehicles.
Context-Aware Safety Driving (CASD) navigator [CASD] can help drivers to drive safely by letting the drivers recognize dangerous obstacles and situations. That is, CASD navigator displays obstables or neighboring vehicles relevant to possible collisions in real-time through V2V networking. CASD provides vehicles with a class-based automatic safety action plan, which considers three situations, such as the Line-of-Sight unsafe, Non-Line-of-Sight unsafe, and safe situations. This action plan can be performed among vehicles through V2V networking.
Cooperative Adaptive Cruise Control (CACC) [CA-Cruise-Control] helps vehicles to adapt their speed autonomously through V2V communication among vehicles according to the mobility of their predecessor and successor vehicles in an urban roadway or a highway. Thus, CACC can help adjacent vehicles to efficiently adjust their speed in an interactive way through V2V networking in order to avoid collision.
Platooning [Truck-Platooning] allows a series of vehicles (e.g., trucks) to move together with a very short inter-distance. Trucks can use V2V communication in addition to forward sensors in order to maintain constant clearance between two consecutive vehicles at very short gaps (from 3 meters to 10 meters). This platooning can maximize the throughput of vehicular traffic in a highway and reduce the gas consumption because the leading vehicle can help the following vehicles to experience less air resistance.
Cooperative-environment-sensing use cases suggest that vehicles can share environmental information from various vehicle-mounted sensors, such as radars, LiDARs, and cameras with other vehicles and pedestrians. [Automotive-Sensing] introduces a millimeter-wave vehicular communication for massive automotive sensing. Data generated by those sensors can be substantially large, and these data shall be routed to different destinations. In addition, from the perspective of driverless vehicles, it is expected that driverless vehicles can be mixed with driver-operated vehicles. Through the cooperative environment sensing, driver-operated vehicles can use environmental information sensed by driverless vehicles for better interaction with the context.
The use cases of V2I networking discussed in this section include
A navigation service, such as the Self-Adaptive Interactive Navigation Tool (called SAINT) [SAINT], using V2I networking interacts with TCC for the large-scale/long-range road traffic optimization and can guide individual vehicles for appropriate navigation paths in real time. The enhanced version of SAINT [SAINTplus] can give the fast moving paths to emergency vehicles (e.g., ambulance and fire engine) to let them reach an accident spot while providing other vehicles near the accident spot with efficient detour paths.
A TCC can recommend an energy-efficient speed to a vehicle driving in different traffic environments. [Fuel-Efficient] studies fuel-efficient route and speed plans for platooned trucks.
The emergency communication between accident vehicles (or emergency vehicles) and TCC can be performed via either RSU or 4G-LTE networks. The First Responder Network Authority (FirstNet) [FirstNet] is provided by the US government to establish, operate, and maintain an interoperable public safety broadband network for safety and security network services, such as emergency calls. The construction of the nationwide FirstNet network requires each state in the US to have a Radio Access Network (RAN) that will connect to the FirstNet's network core. The current RAN is mainly constructed by 4G-LTE for the communication between a vehicle and an infrastructure node (i.e., V2I) [FirstNet-Report], but it is expected that DSRC-based vehicular networks [DSRC] will be available for V2I and V2V in near future.
The use case of V2X networking discussed in this section is pedestrian protection service.
A pedestrian protection service, such as Safety-Aware Navigation Application (called SANA) [SANA], using V2I2P networking can reduce the collision of a vehicle and a pedestrian carrying a smartphone equipped with a network device for wireless communication (e.g., WiFi) with an RSU. Vehicles and pedestrians can also communicate with each other via an RSU that delivers scheduling information for wireless communication in order to save the smartphones' battery through sleeping mode.
For Vehicle-to-Pedestrian (V2P), a vehicle and a pedestrian's smartphone can directly communicate with each other via V2X without the relaying of an RSU as in the V2V scenario that the pedestrian's smartphone is regarded as a vehicle with a wireless media interface to be able to communicate with another vehicle. In Vehicle-to-Device (V2D), a device can be a mobile node such as bicycle and motorcycle, and can communicate directly with a vehicle for collision avoidance.
Traffic Control Center in Vehicular Cloud *-----------------------------------------* * * * +----------------+ * * | Mobility Anchor| * * +----------------+ * * ^ * * | * *--------------------v--------------------* ^ ^ ^ | | | | | | v v v +--------+ Ethernet +--------+ +--------+ | RSU1 |<-------->| RSU2 |<---------->| RSU3 | +--------+ +--------+ +--------+ ^ ^ ^ : : : +-----------------+ +-----------------+ +-----------------+ | : V2I | | V2I : | | V2I : | | v | | v | | v | +--------+ | +--------+ | | +--------+ | | +--------+ | |Vehicle1|===> |Vehicle2|===>| | |Vehicle3|===>| | |Vehicle4|===>| | |<...>| |<........>| | | | | | | +--------+ V2V +--------+ V2V +--------+ | | +--------+ | | | | | | | +-----------------+ +-----------------+ +-----------------+ Subnet1 Subnet2 Subnet3 <----> Wired Link <....> Wireless Link ===> Moving Direction
Figure 1: A Vehicular Network Architecture for V2I and V2V Networking
This section describes a vehicular network architecture supporting V2V, V2I, and V2X communications in vehicular networks. Also, it describes an internal network within a vehicle or RSU, and the internetworking between the internal networks via DSRC links.
Figure 1 shows an architecture for V2I and V2V networking in a road network. As shown in this figure, RSUs as routers and vehicles with OBU have wireless media interfaces for VANET. Also, it is assumed that such the wireless media interfaces are autoconfigured with a global IPv6 prefix (e.g., 2001:DB8:1:1::/64) to support both V2V and V2I networking. Note that 2001:DB8::/32 is a documentation prefix [RFC3849] for example prefixes in this document, and also that any routable IPv6 address needs to be routable in a VANET and a vehicular network including RSUs.
Especially, for IPv6 packets transporting over IEEE 802.11-OCB, [IPv6-over-802.11-OCB] specifies several details, such as Maximum Transmission Unit (MTU), frame format, link-local address, address mapping for unicast and multicast, stateless autoconfiguration, and subnet structure. Especially, an Ethernet Adaptation (EA) layer is in charge of transforming some parameters between IEEE 802.11 MAC layer and IPv6 network layer, which is located between IEEE 802.11-OCB's logical link control layer and IPv6 network layer. This IPv6 over 802.11-OCB can be used for both V2V and V2I in IP-based vehicular networks.
In Figure 1, three RSUs (RSU1, RSU2, and RSU3) are deployed in the road network and are connected to a Vehicular Cloud through the Internet. A Traffic Control Center (TCC) is connected to the Vehicular Cloud for the management of RSUs and vehicles in the road network. A Mobility Anchor (MA) is located in the TCC as its key component for the mobility management of vehicles. Two vehicles (Vehicle1 and Vehicle2) are wirelessly connected to RSU1, and one vehicle (Vehicle3) is wirelessly connected to RSU2. The wireless networks of RSU1 and RSU2 belong to two different subnets (denoted as Subnet1 and Subnet2), respectively. Also, another vehicle (Vehicle4) is wireless connected to RSU3, belonging to another subnet (denoted as Subnet3).
In wireless subnets in vehicular networks (e.g., Subnet1 and Subnet2 in Figure 1), vehicles can construct a connected VANET (with an arbitrary graph topology) and can communicate with each other via V2V communication. Vehicle1 can communicate with Vehicle2 via V2V communication, and Vehicle2 can communicate with Vehicle3 via V2V communication because they are within the wireless communication range for each other. On the other hand, Vehicle3 can communicate with Vehicle4 via the vehicular infrastructure (i.e., RSU2 and RSU3) by employing V2I (i.e., V2I2V) communication because they are not within the wireless communication range for each other.
In vehicular networks, unidirectional links exist and must be considered for wireless communications. Also, in the vehicular networks, control plane can be separated from data plane for efficient mobility management and data forwarding using Software-Defined Networking (SDN) [SDN-DMM]. The mobility information of a GPS receiver mounted in its vehicle (e.g., trajectory, position, speed, and direction) can be used for the accommodation of mobility-aware proactive protocols. Vehicles can use the TCC as their Home Network having a home agent for mobility management as in MIPv6 [RFC6275] and PMIPv6 [RFC5213], so the TCC maintains the mobility information of vehicles for location management. Also, IP tunneling over the wireless link should be avoided for performance efficiency.
+-----------------+ (*)<........>(*) +----->| Vehicular Cloud | 2001:DB8:1:1::/64 | | | +-----------------+ +------------------------------+ +---------------------------------+ | v | | v v | | +-------+ +------+ +-------+ | | +-------+ +------+ +-------+ | | | Host1 | | DNS1 | |Router1| | | |Router3| | DNS2 | | Host3 | | | +-------+ +------+ +-------+ | | +-------+ +------+ +-------+ | | ^ ^ ^ | | ^ ^ ^ | | | | | | | | | | | | v v v | | v v v | | ---------------------------- | | ------------------------------- | | 2001:DB8:10:1::/64 ^ | | ^ 2001:DB8:20:1::/64 | | | | | | | | v | | v | | +-------+ +-------+ | | +-------+ +-------+ +-------+ | | | Host2 | |Router2| | | |Router4| |Server1|...|ServerN| | | +-------+ +-------+ | | +-------+ +-------+ +-------+ | | ^ ^ | | ^ ^ ^ | | | | | | | | | | | v v | | v v v | | ---------------------------- | | ------------------------------- | | 2001:DB8:10:2::/64 | | 2001:DB8:20:2::/64 | +------------------------------+ +---------------------------------+ Vehicle1 (Moving Network1) RSU1 (Fixed Network1) <----> Wired Link <....> Wireless Link (*) Antenna
Figure 2: Internetworking between Vehicle Network and RSU Network
This section discusses the internetworking between a vehicle's internal network (i.e., moving network) and an RSU's internal network (i.e., fixed network) via V2I communication.
Nowadays, a vehicle's internal network tends to be Ethernet to interconnect electronic control units in a vehicle. It can also support WiFi and Bluetooth to accommodate a driver's and passenger's mobile devices (e.g., smartphone and tablet). In this trend, it is reasonable to consider a vehicle's internal network (i.e., moving network) and also the interaction between the internal network and an external network within another vehicle or RSU.
As shown in Figure 2, the vehicle's moving network and the RSU's fixed network are self-contained networks having multiple subnets and having an edge router for the communication with another vehicle or RSU. Internetworking between two internal networks via V2I communication requires an exchange of network prefix and other parameters through a prefix discovery mechanism, such as ND-based prefix discovery [ID-Vehicular-ND]. For the ND-based prefix discovery, network prefixs and parameters should be registered into a vehicle's router and an RSU router with an external network interface in advance.
The network parameter discovery collects networking information for an IP communication between a vehicle and an RSU or between two neighboring vehicles, such as link layer, MAC layer, and IP layer information. The link layer information includes wireless link layer parameters, such as wireless media (e.g., IEEE 802.11-OCB and LTE-V2X) and a transmission power level. The MAC layer information includes the MAC address of an external network interface for the internetworking with another vehicle or RSU. The IP layer information includes the IP address and prefix of an external network interface for the internetworking with another vehicle or RSU.
Once the network parameter discovery and prefix exchange operations have been performed, packets can be transmitted between the vehicle's moving network and the RSU's fixed network. A DNS service should be supported for the DNS name resolution of in-vehicle devices within a vehicle's internal network as well as for the DNS name resolution of those devices from a remote host in the Internet for on-line diagnosis (e.g., an automotive service center server). It is assumed that the DNS names of in-vehicle devices and their service names are registered into a DNS server in a vehicle or an RSU, as shown in Figure 2.
Figure 2 shows internetworking between the vehicle's moving network and the RSU's fixed network. There exists an internal network (Moving Network1) inside Vehicle1. Vehicle1 has the DNS Server (DNS1), the two hosts (Host1 and Host2), and the two routers (Router1 and Router2). There exists another internal network (Fixed Network1) inside RSU1. RSU1 has the DNS Server (DNS2), one host (Host3), the two routers (Router3 and Router4), and the collection of servers (Server1 to ServerN) for various services in the road networks, such as the emergency notification and navigation. Vehicle1's Router1 (called mobile router) and RSU1's Router3 (called fixed router) use 2001:DB8:1:1::/64 for an external link (e.g., DSRC) for I2V networking. Thus, one host (Host1) in Vehicle1 can communicate with one server (Server1) in RSU1 for a vehicular service through Vehicle1's moving network, a wireless link between Vehicle1 and RSU1, and RSU1's fixed network.
(*)<..........>(*) 2001:DB8:1:1::/64 | | +------------------------------+ +------------------------------+ | v | | v | | +-------+ +------+ +-------+ | | +-------+ +------+ +-------+ | | | Host1 | | DNS1 | |Router1| | | |Router5| | DNS3 | | Host4 | | | +-------+ +------+ +-------+ | | +-------+ +------+ +-------+ | | ^ ^ ^ | | ^ ^ ^ | | | | | | | | | | | | v v v | | v v v | | ---------------------------- | | ---------------------------- | | 2001:DB8:10:1::/64 ^ | | ^ 2001:DB8:30:1::/64 | | | | | | | | v | | v | | +-------+ +-------+ | | +-------+ +-------+ | | | Host2 | |Router2| | | |Router6| | Host5 | | | +-------+ +-------+ | | +-------+ +-------+ | | ^ ^ | | ^ ^ | | | | | | | | | | v v | | v v | | ---------------------------- | | ---------------------------- | | 2001:DB8:10:2::/64 | | 2001:DB8:30:2::/64 | +------------------------------+ +------------------------------+ Vehicle1 (Moving Network1) Vehicle2 (Moving Network2) <----> Wired Link <....> Wireless Link (*) Antenna
Figure 3: Internetworking between Two Vehicle Networks
This section discusses the internetworking between the moving networks of two neighboring vehicles via V2V communication.
Figure 3 shows internetworking between the moving networks of two neighboring vehicles. There exists an internal network (Moving Network1) inside Vehicle1. Vehicle1 has the DNS Server (DNS1), the two hosts (Host1 and Host2), and the two routers (Router1 and Router2). There exists another internal network (Moving Network2) inside Vehicle2. Vehicle2 has the DNS Server (DNS3), the two hosts (Host4 and Host5), and the two routers (Router5 and Router6). Vehicle1's Router1 (called mobile router) and Vehicle2's Router5 (called mobile router) use 2001:DB8:1:1::/64 for an external link (e.g., DSRC) for V2V networking. Thus, one host (Host1) in Vehicle1 can communicate with one host (Host4) in Vehicle1 for a vehicular service through Vehicle1's moving network, a wireless link between Vehicle1 and Vehicle2, and Vehicle2's moving network.
(*)<..................>(*)<..................>(*) | | | +-----------+ +-----------+ +-----------+ | | | | | | | +-------+ | | +-------+ | | +-------+ | | |Router1| | | |Router5| | | |Router7| | | +-------+ | | +-------+ | | +-------+ | | | | | | | | +-------+ | | +-------+ | | +-------+ | | | Host1 | | | | Host4 | | | | Host6 | | | +-------+ | | +-------+ | | +-------+ | | | | | | | +-----------+ +-----------+ +-----------+ Vehicle1 Vehicle2 Vehicle3 <....> Wireless Link (*) Antenna
Figure 4: Multihop Internetworking between Two Vehicle Networks
Figure 4 shows multihop internetworking between the moving networks of two vehicles in the same VANET. For example, Host1 in Vehicle1 can communicate with Host6 in Vehicle3 via Router 5 in Vehicle2 that is an intermediate vehicle being connected to Vehicle1 and Vehicle3 in a linear topology as shown in the figure.
This section makes a problem statement about key topics for IPWAVE WG, such as neighbor discovery, mobility management, and security & privacy.
IPv6 Neighbor Discovery (IPv6 ND) [RFC4861][RFC4862] is a core part of the IPv6 protocol suite. IPv6 ND is designed for point-to-point links and transit links (e.g., Ethernet). It assumes an efficient and reliable support of multicast from the link layer for various network operations such as MAC Address Resolution (AR) and Duplicate Address Detection (DAD).
IPv6 ND needs to be extended to vehicular networking (e.g., V2V, V2I, and V2X) in terms of DAD and ND-related parameters (e.g., Router Lifetime). The vehicles are moving fast within the communication coverage of a vehicular node (e.g., vehicle and RSU). Before the vehicles can exchange application messages with each other, they need to be configured with a link-local IPv6 address or a global IPv6 address, and recognize each other in the aspect of IPv6 ND.
The legacy DAD assumes that a node with an IPv6 address can reach any other node with the scope of its address at the time it claims its address, and can hear any future claim for that address by another party within the scope of its address for the duration of the address ownership. However, the partioning and merging of VANETs makes this assumption frequently invalid in vehicular networks.
The vehicular networks need to support a vehicular-network-wide DAD by defining a scope that is compatible with the legacy DAD, and two vehicles can communicate with each other when there exists a communication path over VANET or a combination of VANETs and RSUs, as shown in Figure 1. By using the vehicular-network-wide DAD, vehicles can assure that their IPv6 addresses are unique in the vehicular network whenever they are connected to the vehicular infrastructure or become disconnected from it in the form of VANET. Even though a unique IPv6 address can be derived from a globally unique MAC address, this derivation yields a privacy issue of a vehicle as an IPv6 node. The vehicular infrastructure having RSUs and an MA can participate in the vehicular-network-wide DAD for the sake of vehicles [RFC6775][RFC8505].
ND time-related parameters such as router lifetime and Neighbor Advertisement (NA) interval should be adjusted for high-speed vehicles and vehicle density. As vehicles move faster, the NA interval should decrease (e.g., from 1 sec to 0.5 sec) for the NA messages to reach the neighboring vehicles promptly. Also, as vehicle density is higher, the NA interval should increase (e.g., from 0.5 sec to 1 sec) for the NA messages to reduce collision probability with other NA messages.
According to a report from the National Highway Traffic Safety Administration (NHTSA) [NHTSA-ACAS-Report], an extra 0.5 second of warning time can prevent about 60% of the collisions of vehicles moving closely in a roadway. A warning message should be exchanged every 0.5 seconds. Thus, if the ND messages (e.g., NS and NA) are used as warning messages, they should be exchanged every 0.5 second.
For IP-based safety applications (e.g., context-aware navigation, adaptive cruise control, and platooning) in vehicular network, this bounded data delivery is critical. The real implementations for such applications are not available yet. Thus, ND needs to appropriately operate to support IP-based safety applications.
IPv6 protocols work under certain assumptions for the link model that do not necessarily hold in a vehicular wireless link [VIP-WAVE] [RFC5889]. For instance, some IPv6 protocols assume symmetry in the connectivity among neighboring interfaces. However, interference and different levels of transmission power may cause unidirectional links to appear in vehicular wireless links. As a result, a new vehicular link model is required for a dynamically changing vehicular wireless link.
There is a relationship between a link and prefix, besides the different scopes that are expected from the link-local and global types of IPv6 addresses. In an IPv6 link, it is assumed that all interfaces which are configured with the same subnet prefix and with on-link bit set can communicate with each other on an IP link.
A VANET can have multiple links between pairs of vehicles within wireless communication range, as shown in Figure 4. When two vehicles belong to the same VANET, but they are out of wireless communication range, they cannot communicate directly with each other. Assume that a global-scope IPv6 prefix is assigned to VANETs in vehicular networks. Even though two vehicles in the same VANET configure their IPv6 addresses with the same IPv6 prefix, they may not communicate with each other not in a one hop in the same VANET because of the multihop network connectivity. Thus, in this case, the concept of a on-link IPv6 prefix does not hold because two vehicles with the same on-link IPv6 prefix cannot communicate directly with each other. Also, when two vehicles are located in two different VANETs with the same IPv6 prefix, they cannot communicate with each other. When these two VANETs are converged into one VANET, the two vehicles can communicate with each other in a multihop fashion. Therefore, a vehicular link model should consider the frequent partitioning and merging of VANETs due to vehicle mobility.
The vehicular link model needs to support the multihop routing in a connected VANET where the vehicles with the same global-scope IPv6 prefix are connected in one hop or multiple hops. It also needs to support the multhop routing in multiple connected VANETs via an RSU that has the wireless connectivity with each VANET. For example, assume that Vehicle1, Vehicle 2, and Vehicle3 are configured with their IPv6 addresses based on the same global-scope IPv6 prefix. Vehicle1 and Vehicle3 can also communicate with each other via either multi-hop V2V or multi-hop V2I2V. When two vehicles (e.g., Vehicle1 and Vehicle3 in Figure 1) are connected in a VANET, it will be more efficient for them to communicate with each other via VANET rather than RSUs. On the other hand, when two vehicles (e.g., Vehicle1 and Vehicle3) are far away from the communication range in separate VANETs and under two different RSUs, they can communicate with each other through the relay of RSUs via V2I2V. Thus, two separate VANETs can merge into one network via RSU(s). Also, newly arriving vehicles can merge two separate VANETs into one VANET if they can play a role of a relay node for those VANETs.
For the protection of drivers' privacy, the pseudonym of a MAC address of a vehicle's network interface should be used, with the help of which the MAC address can be changed periodically. The pseudonym of a MAC address affects an IPv6 address based on the MAC address, and a transport-layer (e.g., TCP) session with an IPv6 address pair. However, the pseudonym handling is not implemented and tested yet for applications on IP-based vehicular networking.
In the ETSI standards, for the sake of security and privacy, an ITS station (e.g., vehicle) can use pseudonyms for its network interface identities (e.g., MAC address) and the corresponding IPv6 addresses [Identity-Management]. Whenever the network interface identifier changes, the IPv6 address based on the network interface identifier should be updated, and the uniqueness of the address should be performed through the DAD procedure. For vehicular networks with high-mobility, this DAD should be performed efficiently with minimum overhead.
For the continuity of an end-to-end (E2E) transport-layer (e.g., TCP, UDP, and SCTP) session, with a mobility management scheme (e.g., MIPv6 and PMIPv6), the new IP address for the transport-layer session can be notified to an appropriate end point, and the packets of the session should be forwarded to their destinations with the changed network interface identifier and IPv6 address. This mobiliy management overhead for pseudonyms should be minimized for efficient operations in vehicular networks having lots of vehicles.
A vehicle and an RSU can have their internal network, as shown in Figure 2 and Figure 3. In this case, nodes in within the internal networks of two vehicular nodes (e.g., vehicle and RSU) want to communicate with each other. For this communication on the wireless link, the network prefix dissemination or exchange is required. It is assumed that a vehicular node has an external network interface and its internal network, as shown in Figure 2 and Figure 3. The vehicular ND (VND) [ID-Vehicular-ND] can support the communication between the internal-network nodes (e.g., an in-vehicle device in a vehicle and a server in an RSU) of vehicular nodes with a vehicular prefix information option. Thus, this ND extension for routing functionality can reduce control traffic for routing in vehicular networks without a vehicular ad hoc routing protocol (e.g., AODV [RFC3561] and OLSRv2 [RFC7181]).
For multihop V2V communications in a VANET (or a multi-link subnet), a vehicular ad hoc routing protocol (e.g., AODV and OLSRv2) may be required to support both unicast and multicast in the links of the subnet with the same IPv6 prefix. However, it will be costly to run both vehicular ND and a vehicular ad hoc routing protocol in terms of control traffic overhead [ID-Multicast-Problems]. As a feasible approach, Vehicular ND can be extended to accommodate routing functionality with a prefix discovery option. In this case, there is no need to run a separate vehicular ad hoc routing protocol in VANETs. The ND extension can allow vehicles to exchange their prefixes in a multihop fashion [ID-Vehicular-ND]. With the exchanged prefixes, they can compute their routing table (or IPv6 ND's neighbor cache) for the multi-link subnet with a distance-vector algorithm [Intro-to-Algorithms].
Also, an efficient, rapid DAD needs to be supported in a vehicular network having multiple VANETs (or a multi-link subnet) to prevent or reduce IPv6 address conflicts in such a subnet. A feasible approach is to use a multi-hop DAD optimization for the efficient vehicular-network-wide DAD [RFC6775][RFC8505].
The seamless connectivity and timely data exchange between two end points requires an efficient mobility management including location management and handover. Most of vehicles are equipped with a GPS receiver as part of a dedicated navigation system or a corresponding smartphone App. The GPS receiver may not provide vehicles with accurate location information in adverse, local environments such as building area and tunnel. The location precision can be improved by the assistance from the RSUs or a cellular system with a GPS receiver for location information.
With a GPS navigator, an efficient mobility management will be possible by vehicles periodically reporting their current position and trajectory (i.e., navigation path) to the vehicular infrastructure (having RSUs and an MA in TCC) [ID-Vehicular-MM]. This vehicular infrastructure can predict the future positions of the vehicles with their mobility information (i.e., the current position, speed, direction, and trajectory) for the efficient mobility management (e.g., proactive handover). For a better proactive handover, link-layer parameters, such as the signal strength of a link-layer frame (e.g., Received Channel Power Indicator (RCPI) [VIP-WAVE]), can be used to determine the moment of a handover between RSUs along with mobility information.
With the prediction of the vehicle mobility, the vehicular infrastructure needs to support RSUs to perform efficient DAD, data packet routing, horizontal handover (i.e., handover in wireless links using a homogeneous radio technology), and vertical handover (i.e., handover in wireless links using heterogeneous radio technologies) in a proactive manner [ID-Vehicular-MM]. For example, when a vehicle is moving into the wireless link under another RSU belonging to a different subnet, the RSU can proactively perform the DAD for the sake of the vehicle, reducing IPv6 control traffic overhead in the wireless link. To prevent a hacker from impersonating RSUs as bogus RSUs, RSUs and MA in the vehicular infrastructure need to have secure channels via IPsec.
Therefore, with a proactive handover and a multihop DAD in vehicular networks, RSUs needs to efficiently forward data packets from the wired network (or the wireless network) to a moving destination vehicle along its trajectory. As a result, a moving vehicle can communicate with its corresponding vehicle in the vehicular network or a host/server in the Internet along its trajectory.
Strong security measures shall protect vehicles roaming in road networks from the attacks of malicious nodes, which are controlled by hackers. For safety applications, the cooperation among vehicles is assumed. Malicious nodes may disseminate wrong driving information (e.g., location, speed, and direction) to make driving be unsafe. Sybil attack, which tries to illude a vehicle with multiple false identities, disturbs a vehicle in taking a safe maneuver. This sybil attack should be prevented through the cooperation between good vehicles and RSUs. Note that good vehicles are ones with valid certificates that are determined by the authentication process with an authentication server in the vehicular network. Applications on IP-based vehicular networking, which are resilient to such a sybil attack, are not developed and tested yet.
Security and privacy are paramount in the V2I, V2V, and V2X networking in vehicular networks. Only authorized vehicles should be allowed to use vehicular networking. Also, in-vehicle devices and mobile devices in a vehicle need to communicate with other in-vehicle devices and mobile devices in another vehicle, and other servers in an RSU in a secure way.
A Vehicle Identification Number (VIN) and a user certificate along with in-vehicle device's identifier generation can be used to efficiently authenticate a vehicle or a user through a road infrastructure node (e.g., RSU) connected to an authentication server in TCC. Also, Transport Layer Security (TLS) certificates can be used for secure E2E vehicle communications.
For secure V2I communication, a secure channel between a mobile router in a vehicle and a fixed router in an RSU should be established, as shown in Figure 2. Also, for secure V2V communication, a secure channel between a mobile router in a vehicle and a mobile router in another vehicle should be established, as shown in Figure 3.
To prevent an adversary from tracking a vehicle with its MAC address or IPv6 address, MAC address pseudonym should be provided to the vehicle; that is, each vehicle should periodically update its MAC address and the corresponding IPv6 address as suggested in [RFC4086][RFC4941]. Such an update of the MAC and IPv6 addresses should not interrupt the E2E communications between two vehicular nodes (e.g., vehicle and RSU) in terms of transport layer for a long-living higher-layer session. However, if this pseudonym is performed without strong E2E confidentiality, there will be no privacy benefit from changing MAC and IP addresses, because an adversary can see the change of the MAC and IP addresses and track the vehicle with those addresses.
For the IPv6 ND, the vehicular-network-wide DAD is required for the uniqueness of the IPv6 address of a vehicle's wireless interface. This DAD can be used as a flooding attack that makes the DAD-related ND packets are disseminated over the VANET and vehicular network including the RSU and the MA. The vehicles and RSUs need to filter out suspicious ND traffic in advance.
For the mobility management, a malicious vehicle constructs multiple virtual bogus vehicles, and register them with the RSU and the MA. This registration makes the RSU and MA waste their resources. The RSU and MA need to determine whether a vehicle is genuine or bogus in the mobility management.
This document discussed security and privacy for IP-based vehicular networking.
The security and privacy for key components in IP-based vehicular networking, such as neighbor discovery and mobility management, need to be analyzed in depth.
The following changes are made from draft-ietf-ipwave-vehicular-networking-09:
This work was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (2017R1D1A1B03035885).
This work was supported in part by the MSIT (Ministry of Science and ICT), Korea, under the ITRC (Information Technology Research Center) support program (IITP-2019-2017-0-01633) supervised by the IITP (Institute for Information & communications Technology Promotion).
This work was supported in part by the French research project DataTweet (ANR-13-INFR-0008) and in part by the HIGHTS project funded by the European Commission I (636537-H2020).
This document is a group work of IPWAVE working group, greatly benefiting from inputs and texts by Rex Buddenberg (Naval Postgraduate School), Thierry Ernst (YoGoKo), Bokor Laszlo (Budapest University of Technology and Economics), Jose Santa Lozanoi (Universidad of Murcia), Richard Roy (MIT), Francois Simon (Pilot), Sri Gundavelli (Cisco), Erik Nordmark, Dirk von Hugo (Deutsche Telekom), and Pascal Thubert (Cisco). The authors sincerely appreciate their contributions.
The following are co-authors of this document:
Nabil Benamar
Department of Computer Sciences
High School of Technology of Meknes
Moulay Ismail University
Morocco
Phone: +212 6 70 83 22 36
EMail: benamar73@gmail.com
Sandra Cespedes
NIC Chile Research Labs
Universidad de Chile
Av. Blanco Encalada 1975
Santiago
Chile
Phone: +56 2 29784093
EMail: scespede@niclabs.cl
Jerome Haerri
Communication Systems Department
EURECOM
Sophia-Antipolis
France
Phone: +33 4 93 00 81 34
EMail: jerome.haerri@eurecom.fr
Dapeng Liu
Alibaba
Beijing, Beijing 100022
China
Phone: +86 13911788933
EMail: max.ldp@alibaba-inc.com
Tae (Tom) Oh
Department of Information Sciences and Technologies
Rochester Institute of Technology
One Lomb Memorial Drive
Rochester, NY 14623-5603
USA
Phone: +1 585 475 7642
EMail: Tom.Oh@rit.edu
Charles E. Perkins
Futurewei Inc.
2330 Central Expressway
Santa Clara, CA 95050
USA
Phone: +1 408 330 4586
EMail: charliep@computer.org
Alexandre Petrescu
CEA, LIST
CEA Saclay
Gif-sur-Yvette, Ile-de-France 91190
France
Phone: +33169089223
EMail: Alexandre.Petrescu@cea.fr
Yiwen Chris Shen
Department of Computer Science & Engineering
Sungkyunkwan University
2066 Seobu-Ro, Jangan-Gu
Suwon, Gyeonggi-Do 16419
Republic of Korea
Phone: +82 31 299 4106
Fax: +82 31 290 7996
EMail: chrisshen@skku.edu
URI: http://iotlab.skku.edu/people-chris-shen.php
Michelle Wetterwald
FBConsulting
21, Route de Luxembourg
Wasserbillig, Luxembourg L-6633
Luxembourg
EMail: Michelle.Wetterwald@gmail.com