High-frequency awareness messages, such as basic safety messages, in a network of connected vehicles render a continuous stream of location data susceptible to tracking attacks. As a countermeasure, each vehicle transmits the messages under a regularly changing pseudonym. The pseudonym-change approach is most effective when multiple vehicles change their respective pseudonyms during a collective period of radio silence; this helps obfuscate locations. However, it may compromise safety owing to the missing messages, when silent, defeating the primary goal of connected vehicles enhancing road safety. It is essential to fully understand the safety impact of silence-based privacy schemes to achieve a reasonable balance between safety and privacy. To that end, a microscopic traffic simulation framework was developed, built on an industry-standard microscopic simulator of roadway traffic. Importantly, a unique field-tested collision-inclusive driver behavioral model was incorporated into the simulator for generating rigorous network-wide crash measures. A new Adaptive Silent Period Strategy was formulated synthesizing several silence-based location privacy schemes. This strategy permits entry and exit of the silent period adaptively based on the driving context or preconfigured rules. A network-wide privacy measure was designed around traffic flow conditions and roadway topologies. Two test sites were selected: a central business district arterial in Manhattan, New York City, and an urban grid network in Arcadia, California. The results present the network-wide safety impacts and privacy protection effectiveness of the Adaptive Silent Period Strategy, while demonstrating the value of the simulation framework in the design, optimization, and evaluation of silence-based location privacy schemes.
SSID Oracle Attack on Undisclosed Wi-Fi Preferred Network Lists
