PhD Defense David Eckhoff

Equipping vehicles with communication technology is a promising approach
to increase both safety and the efficiency of tomorrow’s road traffic.
However, without proper privacy protection, such a communication system
can be exploited to compromise drivers’ location privacy or to install
fully automated overbearing traffic surveillance. In order to deploy
effective Privacy-Enhancing Technologies (PETs), it
is not only important to understand the concrete privacy risks that go
along with vehicular networks, but also to be able to measure the level
of privacy provided by the system.

This thesis contributes to privacy research by providing a risk
analysis, a taxonomy for privacy in vehicular networks, and a review of
the state of the art in privacy research. We further address
shortcomings and potentials of simulation techniques and make
recommendations to improve the quality and meaningfulness of privacy
simulation. Based on our findings, we develop an open-source privacy
simulation framework that allows evaluation of the level of location
privacy enjoyed by drivers. Combined with detailed models for American
and European communication standards, we provide a powerful tool not
only for the analysis of packet-based privacy protection mechanisms, but
also to identify performance issues of the envisioned communication

Using our simulator, we develop and evaluate different PETs that address
open research topics: We introduce SlotSwap, a time-slotted pseudonym
exchange scheme which protects against privacy violations by the system
provider. Time-slotted pseudonyms also protect from Sybil attacks and
complicate tracking by simultaneously changing identifiers. Our
certificate revocation system SmartRevoc also makes use of this
technology and offers an efficient and backward privacy-preserving
revocation method. We show that parked vehicles can support the timely
distribution of revocation lists and also considerably improve traffic
safety. Lastly, we present a robust fingerprinting attack exploiting
IEEE 802.11 scramblers that illustrates that one non-privacy-aware
component can compromise the privacy throughout the entire system. Based
on our results we draw conclusions for the design of PETs in
future transportation systems.