IPv6 Wireless Access in Vehicular Environments (IPWAVE): Problem Statement and Use CasesDepartment of Computer Science and EngineeringSungkyunkwan University2066 Seobu-Ro, Jangan-GuSuwonGyeonggi-Do16419Republic of Korea+82 31 299 4957pauljeong@skku.eduhttp://iotlab.skku.edu/people-jaehoon-jeong.php
int
ipwaveIPv6, V2V, V2I, V2X, Neighbor Discovery, Mobility Management, Security, Privacy
This document discusses the problem statement and use cases of
IPv6-based vehicular networking for Intelligent Transportation Systems (ITS).
The main scenarios of vehicular communications are vehicle-to-vehicle (V2V),
vehicle-to-infrastructure (V2I), and vehicle-to-everything (V2X) communications.
First, this document explains use cases using V2V, V2I, and V2X networking.
Next, for IPv6-based vehicular networks, it makes a gap analysis of current
IPv6 protocols (e.g., IPv6 Neighbor Discovery, mobility management, as well as
security and privacy).
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are candidates for any level of Internet
Standard; see Section 2 of RFC 7841.
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
.
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
() in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Revised BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Revised BSD License.
Table of Contents
. Introduction
. Terminology
. Use Cases
. V2V
. V2I
. V2X
. Vehicular Networks
. Vehicular Network Architecture
. V2I-Based Internetworking
. V2V-Based Internetworking
. Problem Statement
. Neighbor Discovery
. Link Model
. MAC Address Pseudonym
. Routing
. Mobility Management
. Security Considerations
. Security Threats in Neighbor Discovery
. Security Threats in Mobility Management
. Other Threats
. IANA Considerations
. References
. Normative References
. Informative References
. Support of Multiple Radio Technologies for V2V
. Support of Multihop V2X Networking
. Support of Mobility Management for V2I
. Support of MTU Diversity for IP-Based Vehicular Networks
Acknowledgments
Contributors
Author's Address
Introduction
Vehicular networking studies have mainly focused on improving road
safety and efficiency and also enabling entertainment in vehicular
networks. To proliferate the use cases of vehicular networks,
several governments and private organizations have committed to
allocating dedicated spectrum for vehicular communications.
The Federal Communications Commission (FCC) in the US allocated wireless
channels for Dedicated Short-Range Communications (DSRC)
in the Intelligent Transportation Systems (ITS) with the frequency band of
5.850 - 5.925 GHz (i.e., 5.9 GHz band). In November 2020, the FCC adjusted
the lower 45 MHz (i.e., 5.850 - 5.895 GHz) of the 5.9 GHz band for
unlicensed use instead of DSRC-dedicated use
. DSRC-based wireless communications
can support vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I),
and vehicle-to-everything (V2X) networking.
The European Union (EU) allocated radio spectrum for safety-related and
non-safety-related applications of ITS with the frequency band of
5.875 - 5.905 GHz, as part of the Commission Decision 2008/671/EC
. Most other countries and regions in
the world have adopted the 5.9 GHz band for vehicular networks, though
different countries use different ways to divide the band into channels.
For direct inter-vehicular wireless connectivity, IEEE has amended
standard 802.11 (commonly known as Wi-Fi) to enable safe driving services based on DSRC
for the Wireless Access in Vehicular Environments (WAVE)
system. The Physical Layer (L1) and Data Link Layer (L2) issues are addressed
in IEEE 802.11p
for the PHY and MAC layers of the DSRC, while IEEE Std 1609.2
covers security aspects, IEEE Std 1609.3
defines related services at network and transport layers, and IEEE Std 1609.4
specifies the multichannel operation.
IEEE 802.11p was first a separate amendment but was later rolled into
the base 802.11 standard (IEEE Std 802.11-2012) as IEEE 802.11 Outside the Context
of a Basic Service Set (OCB) in 2012 .
3GPP has standardized Cellular Vehicle-to-Everything (C-V2X) communications
to support V2X in LTE mobile networks (called LTE V2X)
and V2X in 5G mobile networks (called 5G V2X) .
With C-V2X, vehicles can directly communicate with each other without
relay nodes (e.g., eNodeB in LTE and gNodeB in 5G).
Along with these WAVE standards and C-V2X standards, regardless of a
wireless access technology under the IP stack of a vehicle, vehicular
networks can operate IP mobility with IPv6 , that is, Mobile IPv6 protocols, e.g., Mobile IPv6
(MIPv6) , Proxy Mobile IPv6
(PMIPv6) , Distributed
Mobility Management (DMM) ,
Network Mobility (NEMO) , and
the Locator/ID Separation Protocol (LISP) . In addition, ISO has approved a standard
specifying the IPv6 network protocols and services to be used for
Communications Access for Land Mobiles (CALM) .
This document describes use cases and a problem statement about
IPv6-based vehicular networking for ITS, which is named IPv6 Wireless Access in
Vehicular Environments (IPWAVE).
First, it introduces the use cases for using V2V, V2I, and V2X networking
in ITS.
Next, for IPv6-based vehicular networks, it makes a gap analysis of
current IPv6 protocols (e.g., IPv6 Neighbor Discovery, mobility
management, as well as security and privacy) so that those protocols
can be tailored to IPv6-based vehicular networking.
Thus, this document is intended to motivate development of
key protocols for IPWAVE.
Terminology
This document uses the terminology described in .
In addition, the following terms are defined below:
Context-Awareness:
A vehicle can be aware of spatial-temporal mobility information
(e.g., position, speed, direction, and acceleration/deceleration) of
surrounding vehicles for both safety and non-safety uses through
sensing or communication .
Distributed Mobility Management (DMM):
See .
Edge Computing Device (ECD):
This is a computing device (or server) at the edge of the network for vehicles and
vulnerable road users. It co-locates with or connects to an IP Roadside Unit (IP-RSU),
which has a powerful computing capability for different kinds of
computing tasks, such as image processing and classification.
Edge Network (EN):
This is an access network that has an IP-RSU for wireless
communication with other vehicles having an IP On-Board Unit (IP-OBU) and wired
communication with other network devices (e.g., routers, IP-RSUs,
ECDs, servers, and Mobility Anchors (MAs)). It may use a Global Navigation Satellite
System (GNSS) such as Global Positioning System (GPS) with a GNSS receiver for
its position recognition and the localization service for the sake of vehicles.
Evolved Node B (eNodeB):
This is a base station entity that
supports the Long Term Evolution (LTE) air interface.
Internet Protocol On-Board Unit (IP-OBU):
An IP-OBU denotes a computer situated in a vehicle (e.g., car,
bicycle, electric bike, motorcycle, or similar), which has a basic
processing ability and can be driven by a low-power CPU (e.g., ARM).
It has at least one IP interface that runs in IEEE 802.11-OCB and has
an "OBU" transceiver. Also, it may have an IP interface that runs in
Cellular V2X (C-V2X) . It can play the
role of a router connecting multiple computers (or in-vehicle devices)
inside a vehicle. See the definition of the term "IP-OBU" in
.
IP Roadside Unit (IP-RSU):
An IP-RSU is situated along the road. It has at least two
distinct IP-enabled interfaces. The wireless PHY/MAC layer of at
least one of its IP-enabled interfaces is configured to operate in
802.11-OCB mode .
An IP-RSU communicates with the IP-OBU over an 802.11 wireless link
operating in OCB mode.
One of its IP-enabled interfaces is connected to the wired network
for wired communication with other network devices (e.g., routers,
IP-RSUs, ECDs, servers, and MAs).
Also, it may have another IP-enabled wireless interface running in
3GPP C-V2X in addition to the IP-RSU defined in
. An IP-RSU is similar to
an Access Network Router (ANR), defined in
, and a Wireless Termination Point
(WTP), defined in . See the
definition of the term "IP-RSU" in .
Light Detection and Ranging (LiDAR):
This is a method for measuring a distance to an object by
emitting pulsed laser light and measuring the reflected pulsed
light.
Mobility Anchor (MA):
This is a node that maintains IPv6 addresses and mobility
information of vehicles in a road network to support their IPv6
address autoconfiguration and mobility management with a binding
table. An MA has end-to-end (E2E) connections (e.g., tunnels) with
IP-RSUs under its control for the IPv6 address autoconfiguration and
mobility management of the vehicles. This MA is similar to a Local
Mobility Anchor (LMA) in PMIPv6 for network-based mobility management.
Next Generation Node B (gNodeB):
This is a base station entity that supports the 5G New Radio (NR) air interface.
Outside the Context of a BSS (OCB):
This is a mode of operation in which a station (STA) is not a
member of a Basic Service Set (BSS) and does not utilize IEEE Std
802.11 authentication, association, or data confidentiality .
802.11-OCB:
This refers to the mode specified in IEEE Std 802.11-2016
when the MIB
attribute dot11OCBActivated is 'true'.
Platooning:
Moving vehicles can be grouped together to reduce air resistance
for energy efficiency and reduce the number of drivers such that only
the lead vehicle has a driver, and the other vehicles are
autonomous vehicles without a driver and closely follow the lead
vehicle .
Traffic Control Center (TCC):
This is a system that manages road infrastructure nodes (e.g.,
IP-RSUs, MAs, traffic signals, and loop detectors) and also maintains
vehicular traffic statistics (e.g., average vehicle speed and vehicle
inter-arrival time per road segment) and vehicle information (e.g., a
vehicle's identifier, position, direction, speed, and trajectory as a
navigation path). TCC is part of a Vehicular Cloud for vehicular
networks.
Urban Air Mobility (UAM):
This refers to using lower-altitude aircraft to transport passengers
or cargo in urban and suburban areas. The carriers used for UAM can be
manned or unmanned vehicles, which can include helicopters, electric vertical take-off and landing (eVTOL) aircraft,
and unmanned aerial vehicles (UAVs).
Vehicle:
This is a node that has an IP-OBU for
wireless communication with other vehicles and IP-RSUs. It has a GNSS
radio navigation receiver for efficient navigation. Any device having
an IP-OBU and a GNSS receiver (e.g., smartphone and tablet PC) can be
regarded as a vehicle in this document.
Vehicular Ad Hoc Network (VANET):
This is a network that consists of vehicles interconnected by
wireless communication. Two vehicles in a VANET can communicate with
each other using other vehicles as relays even where they are out of
one-hop wireless communication range.
Vehicular Cloud:
This is a cloud infrastructure for vehicular
networks, having compute nodes, storage nodes, and network forwarding
elements (e.g., switch and router).
Vehicle to Device (V2D):
This is the wireless communication between a vehicle and a device
(e.g., smartphone and IoT (Internet of Things) device).
Vehicle to Pedestrian (V2P):
This is the wireless communication between a vehicle and a
pedestrian's device (e.g., smartphone and IoT device).
Vehicle to Infrastructure to Vehicle (V2I2V):
This is the wireless communication between a vehicle and another
vehicle via an infrastructure node (e.g., IP-RSU).
Vehicle to Infrastructure to Everything (V2I2X):
This is the wireless communication between a vehicle and another
entity (e.g., vehicle, smartphone, and IoT device) via an
infrastructure node (e.g., IP-RSU).
Vehicle to Everything (V2X):
This is the wireless communication between a vehicle and any entity
(e.g., vehicle, infrastructure node, smartphone, and IoT device),
including V2V, V2I, V2D, and V2P.
Vehicular Mobility Management (VMM):
This is IPv6-based mobility management for vehicular
networks.
Vehicular Neighbor Discovery (VND):
This is an IPv6 ND (Neighbor Discovery) extension for vehicular
networks.
Vehicular Security and Privacy (VSP):
This is IPv6-based security and privacy for vehicular
networks.
Wireless Access in Vehicular Environments (WAVE):
See .
Use Cases
This section explains use cases of V2V, V2I, and V2X networking.
The use cases of the V2X networking exclude the ones of the V2V
and V2I networking but include Vehicle-to-Pedestrian (V2P) and
Vehicle-to-Device (V2D).
IP is widely used among popular end-user devices (e.g.,
smartphone and tablet) in the Internet. Applications
(e.g., navigator application) for those devices can be extended
such that the V2V use cases in this section can work with IPv6
as a network layer protocol and IEEE 802.11-OCB as a link-layer
protocol. In addition, IPv6 security needs to be extended to
support those V2V use cases in a safe, secure, privacy-preserving
way.
The use cases presented in this section serve as the description and
motivation for the need to augment IPv6 and its protocols to facilitate
"Vehicular IPv6".
summarizes the overall problem statement and IPv6 requirements.
Note that the adjective "Vehicular" in this document is used to
represent extensions of existing protocols, such as IPv6 Neighbor
Discovery, IPv6 Mobility Management (e.g., PMIPv6
and DMM ), and
IPv6 Security and Privacy Mechanisms rather than new
"vehicular-specific" functions.
V2V
The use cases of V2V networking discussed in this section include:
Context-aware navigation for driving safely and avoiding collisions
Collision avoidance service of end systems of Urban Air Mobility
(UAM)
Cooperative adaptive cruise control on a roadway
Platooning on a highway
Cooperative environment sensing
The above use cases are examples for using V2V networking, which can
be extended to other terrestrial vehicles, river/sea ships,
railed vehicles, or UAM end systems.
A Context-Aware Safety Driving (CASD) navigator
can help drivers to drive safely as a context-aware navigation service
by alerting them to
dangerous obstacles and situations. That is, a CASD navigator displays
obstacles or neighboring vehicles relevant to possible collisions in
real time through V2V networking. CASD provides vehicles with a
class-based automatic safety action plan that considers three
situations, namely, the Line-of-Sight unsafe, Non-Line-of-Sight
unsafe, and safe situations. This action plan can be put into action
among multiple vehicles using V2V networking.
A service for collision avoidance of in-air UAM end systems is one
possible use case in air vehicular environments . This use case
is similar to that of a context-aware navigator for
terrestrial vehicles. Through V2V coordination, those UAM end systems
(e.g., drones) can avoid a dangerous situation (e.g., collision) in
three-dimensional space rather than two-dimensional space for
terrestrial vehicles. Also, a UAM end system (e.g., flying car), when
only a few hundred meters off the ground, can communicate with terrestrial
vehicles with wireless communication technologies (e.g., DSRC, LTE,
and C-V2X). Thus, V2V means any vehicle to any vehicle, whether the
vehicles are ground level or not.
Cooperative Adaptive Cruise Control (CACC)
helps individual vehicles to adapt their
speed autonomously through V2V communication among vehicles according
to the mobility of their predecessor and successor vehicles on an
urban roadway or a highway. Thus, CACC can help adjacent vehicles to
efficiently adjust their speed in an interactive way through V2V
networking in order to avoid a collision.
Platooning allows a series (or group) of
vehicles (e.g., trucks) to follow each other very closely.
Vehicles can use V2V communication in addition to
forward sensors in order to maintain constant clearance between two
consecutive vehicles at very short gaps (from 3 to 10 meters).
Platooning can maximize the throughput of vehicular traffic on
a highway and reduce the gas consumption because the lead vehicle
can help the following vehicles experience less air resistance.
Cooperative-environment-sensing use cases suggest that vehicles can
share environmental information (e.g., air pollution, hazards, obstacles,
slippery areas by snow or rain, road accidents, traffic congestion,
and driving behaviors of neighboring vehicles) from various
vehicle-mounted sensors, such as radars, LiDAR systems, and cameras, with other
vehicles and pedestrians.
introduces millimeter-wave
vehicular communication for massive automotive sensing.
A lot of data can be generated by those sensors, and
these data typically need to be routed to different destinations.
In addition, from the perspective of driverless vehicles, it is
expected that driverless vehicles can be mixed with driver-operated
vehicles. Through cooperative environment sensing, driver-operated
vehicles can use environmental information sensed by driverless vehicles
for better interaction with the other vehicles and environment.
Vehicles can also share their intended maneuvering information (e.g.,
lane change, speed change, ramp in-and-out, cut-in, and abrupt braking)
with neighboring vehicles.
Thus, this information sharing can help the vehicles behave as more
efficient traffic flows and minimize unnecessary acceleration and
deceleration to achieve the best ride comfort.
To support applications of these V2V use cases, the required functions of
IPv6 include (a) IPv6-based packet exchange in both control and data planes
and (b) secure, safe communication between two vehicles. For the support of
V2V under multiple radio technologies (e.g., DSRC and 5G V2X), refer to
.
V2I
The use cases of V2I networking discussed in this section include:
Navigation service
Energy-efficient speed recommendation service
Accident notification service
Electric Vehicle (EV) charging service
UAM navigation service with efficient battery charging
A navigation service (for example, the Self-Adaptive Interactive
Navigation Tool ) that uses
V2I networking interacts with a TCC for the large-scale/long-range road
traffic optimization and can guide individual vehicles along appropriate
navigation paths in real time. The enhanced version of SAINT can give fast-moving paths to
emergency vehicles (e.g., ambulance and fire engine) to let them reach an
accident spot while redirecting other vehicles near the accident spot into
efficient detour paths.
Either a TCC or an ECD can recommend an energy-efficient speed to a vehicle
that depends on its traffic environment and traffic signal scheduling
. For example, when a vehicle approaches
an intersection area and a red traffic light for the vehicle becomes
turned on, it needs to reduce its speed to save fuel consumption. In
this case, either a TCC or an ECD, which has the up-to-date
trajectory of the vehicle and the traffic light schedule, can notify
the vehicle of an appropriate speed for fuel efficiency.
covers fuel-efficient route
and speed plans for platooned trucks.
The emergency communication between vehicles in an accident (or emergency-response
vehicles) and a TCC can be performed via either IP-RSUs or 4G-LTE or
5G networks.
The First Responder Network Authority
is provided by the US government to
establish, operate, and maintain an interoperable public safety
broadband network for safety and security network services, e.g.,
emergency calls. The construction of the nationwide FirstNet network
requires each state in the US to have a Radio Access Network (RAN)
that will connect to the FirstNet's network core.
The current RAN is mainly constructed using 4G-LTE for communication
between a vehicle and an infrastructure node (i.e., V2I)
, but it is expected that DSRC-based vehicular
networks will be available for V2I and V2V in the near future.
An equivalent project in Europe is called Public Safety Communications
Europe , which is developing a network for
emergency communications.
An EV charging service with V2I can facilitate the efficient battery
charging of EVs. In the case where an EV charging station is connected to
an IP-RSU, an EV can be guided toward the deck of the EV charging station
or be notified that the charging station is out of service
through a battery charging server connected to the IP-RSU. In addition to
this EV charging service, other value-added services (e.g.,
firmware/software update over-the-air and media streaming)
can be provided to an EV
while it is charging its battery at the EV charging station.
For a UAM navigation service, an efficient battery charging plan can
improve the battery charging schedule of UAM end systems (e.g., drones)
for long-distance flying .
For this battery charging schedule, a UAM end system can communicate with
a cloud server via an infrastructure node (e.g., IP-RSU).
This cloud server can coordinate the battery charging
schedules of multiple UAM end systems for their efficient navigation path,
considering flight time from their current position to a battery charging
station, waiting time in a waiting queue at the station, and battery
charging time at the station.
In some scenarios, such as vehicles moving on highways or staying in parking
lots, a V2V2I network is necessary for vehicles to access the Internet
since some vehicles may not be covered by an IP-RSU. For those vehicles,
a few relay vehicles can help to build the Internet access. For the
nested NEMO described in
, hosts inside a vehicle shown in
for the case of V2V2I may have the same issue in the nested NEMO scenario.
To better support these use cases, the existing IPv6 protocol must be
augmented either through protocol changes or by including a new adaptation
layer in the architecture that efficiently maps IPv6 to a diversity of
link-layer technologies.
Augmentation is necessary to support wireless multihop V2I communications
on a highway where RSUs are sparsely deployed so that a vehicle can reach the
wireless coverage of an IP-RSU through the multihop data forwarding of
intermediate vehicles as packet forwarders. Thus, IPv6 needs to be extended for multihop V2I
communications.
To support applications of these V2I use cases, the required functions
of IPv6 include IPv6 communication enablement with neighborhood discovery
and IPv6 address management; reachability with adapted network models and
routing methods; transport-layer session continuity; and secure, safe
communication between a vehicle and an infrastructure node (e.g., IP-RSU)
in the vehicular network.
V2X
The use case of V2X networking discussed in this section is
for a protection service for a vulnerable road user (VRU), e.g.,
a pedestrian or cyclist.
Note that the application area of this use case is currently limited
to a specific environment, such as construction sites, plants, and
factories, since not every VRU in a public area
is equipped with a smart device (e.g., not every child on a road
has a smartphone, smart watch, or tablet).
A VRU protection service, such as the Safety-Aware Navigation Application
, using V2I2P networking can
reduce the collision of a vehicle and a pedestrian carrying a smartphone
equipped with a network device for wireless communication (e.g., Wi-Fi,
DSRC, 4G/5G V2X, and Bluetooth Low Energy (BLE)) with an IP-RSU.
Vehicles and pedestrians can also communicate with each other via an IP-RSU.
An ECD behind the IP-RSU can collect the mobility information from vehicles and
pedestrians, and then compute wireless communication scheduling for the sake of
them. This scheduling can save the battery of each pedestrian's smartphone
by allowing it to work in sleeping mode before communication with
vehicles, considering their mobility. The location information of a VRU
from a smart device (e.g., smartphone) is multicasted only to the nearby
vehicles. The true identifiers of a VRU's smart device shall be
protected, and only the type of the VRU, such as pedestrian, cyclist, or
scooter, is disclosed to the nearby vehicles.
For Vehicle-to-Pedestrian (V2P), a vehicle can directly communicate
with a pedestrian's smartphone by V2X without IP-RSU relaying.
Light-weight mobile nodes, such as bicycles, may also communicate
directly with a vehicle for collision avoidance using V2V. Note that
it is true that either a pedestrian or a cyclist may have a higher risk of
being hit by a vehicle if they are not with a smartphone in the current
setting. For this
case, other human-sensing technologies (e.g., moving-object detection
in images and wireless signal-based human movement detection
) can be
used to provide motion information to vehicles. A vehicle
by V2V2I networking can obtain a VRU's motion information
via an IP-RSU that either employs or connects to a human-sensing technology.
The existing IPv6 protocol must be augmented through protocol changes
in order to support wireless multihop V2X or V2I2X communications in an
urban road network where RSUs are deployed at intersections so that a vehicle
(or a pedestrian's smartphone) can reach the wireless coverage of an IP-RSU
through the multihop data forwarding of intermediate vehicles (or
pedestrians' smartphones) as packet forwarders. Thus, IPv6 needs to be
extended for multihop V2X or V2I2X communications.
To support applications of these V2X use cases, the required functions
of IPv6 include IPv6-based packet exchange; transport-layer session
continuity; secure, safe communication between a vehicle and a
pedestrian either directly or indirectly via an IP-RSU; and the
protection of identifiers of either a vehicle or smart device (such as the
Media Access Control (MAC) address and IPv6 address), which is discussed in detail in
.
Vehicular Networks
This section describes the context for vehicular networks
supporting V2V, V2I, and V2X communications and
describes an internal network within a vehicle or an Edge Network
(EN). Additionally, this section explains not only the internetworking between the
internal networks of a vehicle and an EN via wireless links but also
the internetworking between the internal networks of two vehicles
via wireless links.
An Example Vehicular Network Architecture for V2I and V2V
Traffic Control Center in Vehicular Cloud
*******************************************
+-------------+ * *
|Correspondent| * +-----------------+ *
| Node |<->* | Mobility Anchor | *
+-------------+ * +-----------------+ *
* ^ *
* | *
* v *
*******************************************
^ ^ ^
| | |
| | |
v v v
+---------+ +---------+ +---------+
| IP-RSU1 |<--------->| IP-RSU2 |<--------->| IP-RSU3 |
+---------+ +---------+ +---------+
^ ^ ^
: : :
+-----------------+ +-----------------+ +-----------------+
| : V2I | | : V2I | | : V2I |
| v | | v | | v |
+--------+ | +--------+ | | +--------+ | | +--------+ |
|Vehicle1|===> |Vehicle2|===>| | |Vehicle3|===>| | |Vehicle4|===>|
+--------+<...>+--------+<........>+--------+ | | +--------+ |
V2V ^ V2V ^ | | ^ |
| : V2V | | : V2V | | : V2V |
| v | | v | | v |
| +--------+ | | +--------+ | | +--------+ |
| |Vehicle5|===> | | |Vehicle6|===>| | |Vehicle7|==>|
| +--------+ | | +--------+ | | +--------+ |
+-----------------+ +-----------------+ +-----------------+
Subnet1 Subnet2 Subnet3
(Prefix1) (Prefix2) (Prefix3)
<----> Wired Link <....> Wireless Link ===> Moving Direction
Vehicular Network Architecture shows an
example vehicular network architecture for V2I and V2V in
a road network.
The vehicular network architecture contains vehicles
(including IP-OBU), IP-RSUs, Mobility Anchor, Traffic Control
Center, and Vehicular Cloud as components.
These components are not mandatory, and they can be deployed
into vehicular networks in various ways. Some of them (e.g.,
Mobility Anchor, Traffic Control Center, and Vehicular Cloud) may
not be needed for the vehicular networks according to target use
cases in .
Existing network architectures, such as the network architectures of
PMIPv6 , RPL (IPv6 Routing
Protocol for Low-Power and Lossy Networks) , Automatic Extended Route Optimization , and Overlay
Multilink Network Interface , can be extended to a vehicular network architecture
for multihop V2V, V2I, and V2X, as shown in . Refer to
for the
detailed discussion on multihop V2X networking by RPL and OMNI. Also,
refer to for the description of how OMNI is designed to support
the use of multiple radio technologies in V2X. Note that though AERO/OMNI
is not actually deployed in the industry, this AERO/OMNI is mentioned as a
possible approach for vehicular networks in this document.
As shown in , IP-RSUs as
routers and vehicles with IP-OBU
have wireless media interfaces for VANET.
The three IP-RSUs (IP-RSU1, IP-RSU2, and IP-RSU3) are deployed in the road
network and are connected with each other through the wired networks
(e.g., Ethernet).
A Traffic Control Center (TCC) is connected to the Vehicular Cloud for
the management of IP-RSUs and vehicles in the road network.
A Mobility Anchor (MA) may be located in the TCC as a mobility management
controller.
Vehicle2, Vehicle3, and Vehicle4 are wirelessly connected to IP-RSU1,
IP-RSU2, and IP-RSU3, respectively.
The three wireless networks of IP-RSU1, IP-RSU2, and IP-RSU3 can belong to three
different subnets (i.e., Subnet1, Subnet2, and Subnet3), respectively.
Those three subnets use three different prefixes (i.e., Prefix1, Prefix2,
and Prefix3).
Multiple vehicles under the coverage of an IP-RSU share a prefix just as
mobile nodes share a prefix of a Wi-Fi access point in a wireless
LAN. This is a natural characteristic in infrastructure-based wireless
networks.
For example, in ,
two vehicles (i.e., Vehicle2 and Vehicle5) can use Prefix1 to configure
their IPv6 global addresses for V2I communication.
Alternatively, two vehicles can employ a "Bring Your Own Addresses (BYOA)"
(or "Bring Your Own Prefix (BYOP)") technique using their own IPv6 Unique Local Addresses (ULAs)
over the wireless network.
In wireless subnets in vehicular networks (e.g., Subnet1 and Subnet2
in ), vehicles can
construct a connected VANET (with an arbitrary graph topology) and can
communicate with each other via V2V communication.
Vehicle1 can communicate with Vehicle2 via V2V communication, and
Vehicle2 can communicate with Vehicle3 via V2V communication because
they are within the wireless communication range of each other.
On the other hand, Vehicle3 can communicate with
Vehicle4 via the vehicular infrastructure (i.e., IP-RSU2 and IP-RSU3)
by employing V2I (i.e., V2I2V) communication because they are not
within the wireless communication range of each other.
As a basic definition for IPv6 packets transported over IEEE 802.11-OCB,
specifies several details, including
Maximum Transmission Unit (MTU), frame format, link-local address,
address mapping for unicast and multicast, stateless autoconfiguration, and
subnet structure.
An IPv6 mobility solution is needed for the guarantee of communication
continuity in vehicular networks so that a vehicle's TCP session can be
continued or that UDP packets can be delivered to a vehicle as a
destination without loss while it moves from an IP-RSU's wireless coverage
to another IP-RSU's wireless coverage. In , assuming
that Vehicle2 has a TCP session (or a UDP session) with a correspondent
node in the Vehicular Cloud, Vehicle2 can move from IP-RSU1's wireless
coverage to IP-RSU2's wireless coverage. In this case, a handover for
Vehicle2 needs to be performed by either a host-based mobility management
scheme (e.g., MIPv6 ) or a
network-based mobility management scheme (e.g., PMIPv6 , NEMO , and AERO ). This document
describes issues in mobility management for vehicular networks in . For improving
TCP session continuity or successful UDP packet delivery, the Multipath
TCP (MPTCP) or QUIC protocol
can also be used. IP-OBUs,
however, may still experience more session time-out and re-establishment
procedures due to lossy connections among vehicles caused by the high
mobility dynamics of them.
V2I-Based Internetworking
This section discusses the internetworking between a vehicle's
internal network (i.e., mobile network) and an EN's internal
network (i.e., fixed network) via V2I communication.
The internal network of a vehicle is nowadays constructed with
Ethernet by many automotive vendors .
Note that an EN can accommodate multiple routers (or switches)
and servers (e.g., ECDs, navigation server, and DNS server)
in its internal network.
A vehicle's internal network often uses Ethernet to interconnect
Electronic Control Units (ECUs) in the vehicle. The internal network can
support Wi-Fi and Bluetooth to accommodate a driver's and passenger's
mobile devices (e.g., smartphone or tablet). The network topology and
subnetting depend on each vendor's network configuration for a vehicle and
an EN. It is reasonable to consider interactions between the internal
network of a vehicle and that of another vehicle or an EN. Note that it
is dangerous if the internal network of a vehicle is controlled by a
malicious party. These dangers can include unauthorized driving control
input and unauthorized driving information disclosure to an unauthorized
third party. A malicious party can be a group of hackers, a criminal
group, and a competitor for industrial espionage or sabotage. To minimize
this kind of risk, an augmented identification and verification protocol,
which has an extra means, shall be implemented based on a basic identity
verification process.
These extra means could include approaches based on certificates,
biometrics, credit, or One-Time Passwords (OTPs)
in addition to Host Identity Protocol certificates .
The parties of the verification protocol can be from a built-in
verification protocol in the current vehicle, which is pre-installed by a
vehicle vendor. The parties can also be from any verification authorities
that have the database of authenticated users. The security properties
provided by a verification protocol can be identity-related information,
such as the genuineness of an identity, the authenticity of an identity,
and the ownership of an identity .
The augmented identification and verification protocol with extra means can
support security properties such as the identification and verification of
a vehicle, driver, and passenger.
First, a credit-based method is when a vehicle classifies the messages it received
from another host into various levels based on their potential
effects on driving safety in order to calculate the credit of that sender.
Based on accumulated credit, a correspondent node can verify
the other party to see whether it is genuine or not. Second, a
certificate-based method includes a user certificate (e.g., X.509
certificate ) to authenticate a vehicle or its
driver. Third, a biometric method includes a fingerprint, face, or voice to
authenticate a driver or passenger. Lastly, an OTP-based method lets another already-authenticated device (e.g., smartphone and
tablet) of a driver or passenger be used to authenticate a driver or
passenger.
Internetworking between Vehicle and Edge Network
+-----------------+
(*)<........>(*) +----->| Vehicular Cloud |
(2001:db8:1:1::/64) | | | +-----------------+
+------------------------------+ +---------------------------------+
| v | | v v |
| +-------+ +-------+ | | +-------+ +-------+ |
| | Host1 | |IP-OBU1| | | |IP-RSU1| | Host3 | |
| +-------+ +-------+ | | +-------+ +-------+ |
| ^ ^ | | ^ ^ |
| | | | | | | |
| v v | | v v |
| ---------------------------- | | ------------------------------- |
| 2001:db8:10:1::/64 ^ | | ^ 2001:db8:20:1::/64 |
| | | | | |
| v | | v |
| +-------+ +-------+ | | +-------+ +-------+ +-------+ |
| | Host2 | |Router1| | | |Router2| |Server1|...|ServerN| |
| +-------+ +-------+ | | +-------+ +-------+ +-------+ |
| ^ ^ | | ^ ^ ^ |
| | | | | | | | |
| v v | | v v v |
| ---------------------------- | | ------------------------------- |
| 2001:db8:10:2::/64 | | 2001:db8:20:2::/64 |
+------------------------------+ +---------------------------------+
Vehicle1 (Mobile Network1) EN1 (Fixed Network1)
<----> Wired Link <....> Wireless Link (*) Antenna
As shown in , as internal
networks, a vehicle's mobile network and an EN's fixed network
are self-contained networks having multiple subnets and having
an edge router (e.g., IP-OBU and IP-RSU) for communication with
another vehicle or another EN.
The internetworking between two internal networks via V2I communication
requires the exchange of the network parameters and the network
prefixes of the internal networks. For the efficiency, the network
prefixes of the internal networks (as a mobile network) in a
vehicle need to be delegated and configured automatically. Note
that a mobile network's network prefix can be called a Mobile
Network Prefix (MNP) .
also shows the internetworking
between the vehicle's mobile network and the EN's fixed network.
There exists an internal network (Mobile Network1) inside Vehicle1.
Vehicle1 has two hosts (Host1 and Host2) and two routers (IP-OBU1
and Router1). There exists another internal network (Fixed Network1)
inside EN1. EN1 has one host (Host3), two routers (IP-RSU1 and
Router2), and the collection of servers (Server1 to ServerN) for
various services in the road networks, such as the emergency
notification and navigation. Vehicle1's IP-OBU1 (as a mobile router)
and EN1's IP-RSU1 (as a fixed router) use 2001:db8:1:1::/64 for an
external link (e.g., DSRC) for V2I networking.
Thus, a host (Host1) in Vehicle1 can communicate with a server
(Server1) in EN1 for a vehicular service through Vehicle1's mobile
network, a wireless link between IP-OBU1 and IP-RSU1, and EN1's fixed
network.
For the IPv6 communication between an IP-OBU and an IP-RSU or between
two neighboring IP-OBUs, they need to know the network parameters,
which include MAC layer and IPv6 layer information.
The MAC layer information includes wireless link-layer parameters,
transmission power level, and the MAC address of an external network
interface for the internetworking with another IP-OBU or IP-RSU.
The IPv6 layer information includes the IPv6 address and network
prefix of an external network interface for the internetworking with
another IP-OBU or IP-RSU.
Through the mutual knowledge of the network parameters of
internal networks, packets can be transmitted between the vehicle's mobile
network and the EN's fixed network. Thus, V2I requires an efficient
protocol for the mutual knowledge of network parameters. Note that
from a security point of view, perimeter-based policy enforcement
can be applied to protect parts of the internal network of a vehicle.
As shown in , the addresses
used for IPv6 transmissions over the wireless link interfaces for
IP-OBU and IP-RSU can be IPv6 link-local addresses, ULAs, or IPv6 global
addresses. When IPv6 addresses are used, wireless interface
configuration and control overhead for Duplicate Address Detection (DAD) and
Multicast Listener Discovery (MLD)
should be minimized to support V2I and V2X communications for vehicles
moving fast along roadways.
Let us consider the upload/download time of a ground vehicle when it passes
through the wireless communication coverage of an IP-RSU.
For a given typical setting where 1 km is the maximum DSRC communication
range and 100 km/h is the speed limit on highways for
ground vehicles, the dwelling time can be calculated to be 72 seconds
by dividing the diameter
of the 2 km (i.e., two times the DSRC communication range where an IP-RSU
is located in the center of the circle of wireless communication) by
the speed limit of 100 km/h (i.e., about 28 m/s). For the 72 seconds, a
vehicle passing through the coverage of an IP-RSU can upload and download
data packets to/from the IP-RSU.
For special cases, such as emergency vehicles moving above the speed limit,
the dwelling time is relatively shorter than that of other vehicles.
For cases of airborne vehicles (i.e., aircraft), considering a higher
flying speed and a higher altitude, the dwelling time can be much shorter.
V2V-Based Internetworking
This section discusses the internetworking between the mobile
networks of two neighboring vehicles via V2V communication.
Internetworking between Two Vehicles
(*)<..........>(*)
(2001:db8:1:1::/64) | |
+------------------------------+ +------------------------------+
| v | | v |
| +-------+ +-------+ | | +-------+ +-------+ |
| | Host1 | |IP-OBU1| | | |IP-OBU2| | Host3 | |
| +-------+ +-------+ | | +-------+ +-------+ |
| ^ ^ | | ^ ^ |
| | | | | | | |
| v v | | v v |
| ---------------------------- | | ---------------------------- |
| 2001:db8:10:1::/64 ^ | | ^ 2001:db8:30:1::/64 |
| | | | | |
| v | | v |
| +-------+ +-------+ | | +-------+ +-------+ |
| | Host2 | |Router1| | | |Router2| | Host4 | |
| +-------+ +-------+ | | +-------+ +-------+ |
| ^ ^ | | ^ ^ |
| | | | | | | |
| v v | | v v |
| ---------------------------- | | ---------------------------- |
| 2001:db8:10:2::/64 | | 2001:db8:30:2::/64 |
+------------------------------+ +------------------------------+
Vehicle1 (Mobile Network1) Vehicle2 (Mobile Network2)
<----> Wired Link <....> Wireless Link (*) Antenna
shows the internetworking
between the mobile networks of two neighboring vehicles. There
exists an internal network (Mobile Network1) inside Vehicle1.
Vehicle1 has two hosts (Host1 and Host2) and two routers
(IP-OBU1 and Router1). There exists another internal network
(Mobile Network2) inside Vehicle2. Vehicle2 has two hosts
(Host3 and Host4) and two routers (IP-OBU2 and Router2).
Vehicle1's IP-OBU1 (as a mobile router) and Vehicle2's IP-OBU2
(as a mobile router) use 2001:db8:1:1::/64 for an external link
(e.g., DSRC) for V2V networking. Thus, a host (Host1) in Vehicle1
can communicate with another host (Host3) in Vehicle2 for a vehicular
service through Vehicle1's mobile network, a wireless link between
IP-OBU1 and IP-OBU2, and Vehicle2's mobile network.
As a V2V use case in ,
shows a
linear network topology of platooning vehicles for V2V communications
where Vehicle3 is the lead vehicle with a driver, and Vehicle2 and
Vehicle1 are the following vehicles without drivers.
From a security point of view, before vehicles can be platooned,
they shall be mutually authenticated to reduce possible security risks.
Multihop Internetworking between Two Vehicle Networks
(*)<..................>(*)<..................>(*)
| | |
+-----------+ +-----------+ +-----------+
| | | | | |
| +-------+ | | +-------+ | | +-------+ |
| |IP-OBU1| | | |IP-OBU2| | | |IP-OBU3| |
| +-------+ | | +-------+ | | +-------+ |
| ^ | | ^ | | ^ |
| | |=====> | | |=====> | | |=====>
| v | | v | | v |
| +-------+ | | +-------+ | | +-------+ |
| | Host1 | | | | Host2 | | | | Host3 | |
| +-------+ | | +-------+ | | +-------+ |
| | | | | |
+-----------+ +-----------+ +-----------+
Vehicle1 Vehicle2 Vehicle3
<----> Wired Link <....> Wireless Link ===> Moving Direction
(*) Antenna
As shown in ,
multihop internetworking is feasible among the mobile networks of
three vehicles in the same VANET. For example, Host1 in Vehicle1 can
communicate with Host3 in Vehicle3 via IP-OBU1 in Vehicle1, IP-OBU2 in
Vehicle2, and IP-OBU3 in Vehicle3 in the VANET, as shown in
the figure.
In this section, the link between two vehicles is assumed to be stable
for single-hop wireless communication regardless of the sight relationship,
such as Line-of-Sight and Non-Line-of-Sight, as shown in
.
Even in , the three
vehicles are connected to each other with a linear topology, however,
multihop V2V communication can accommodate any network topology (i.e.,
an arbitrary graph) over VANET routing protocols.
Multihop Internetworking between Two Vehicle Networks via IP-RSU (V2I2V)
(*)<..................>(*)<..................>(*)
| | |
+-----------+ +-----------+ +-----------+
| | | | | |
| +-------+ | | +-------+ | | +-------+ |
| |IP-OBU1| | | |IP-RSU1| | | |IP-OBU3| |
| +-------+ | | +-------+ | | +-------+ |
| ^ | | ^ | | ^ |
| | |=====> | | | | | |=====>
| v | | v | | v |
| +-------+ | | +-------+ | | +-------+ |
| | Host1 | | | | Host2 | | | | Host3 | |
| +-------+ | | +-------+ | | +-------+ |
| | | | | |
+-----------+ +-----------+ +-----------+
Vehicle1 EN1 Vehicle3
<----> Wired Link <....> Wireless Link ===> Moving Direction
(*) Antenna
As shown in ,
multihop internetworking between two vehicles is feasible via
an infrastructure node (e.g., IP-RSU) with wireless connectivity
among the mobile networks of two vehicles and the fixed network of
an edge network (denoted as EN1) in the same VANET. For example,
Host1 in Vehicle1 can communicate with Host3 in Vehicle3 via
IP-OBU1 in Vehicle1, IP-RSU1 in EN1, and IP-OBU3 in Vehicle3 in
the VANET, as shown in the figure.
For the reliability required in V2V networking, the ND optimization
defined in the Mobile Ad Hoc Network (MANET) improves the classical IPv6 ND in terms
of tracking neighbor information with up to two hops and introducing
several extensible Information Bases. This improvement serves the MANET routing
protocols, such as the different versions of Optimized Link State
Routing Protocol (OLSR) , Open Shortest Path First (OSPF) derivatives
(e.g., ), and Dynamic Link Exchange Protocol (DLEP)
with its extensions .
In short, the MANET ND mainly deals with
maintaining extended network neighbors to enhance the link reliability.
However, an ND protocol in
vehicular networks shall consider more about the geographical mobility
information of vehicles as an important resource for serving various
purposes to improve the reliability, e.g., vehicle driving safety,
intelligent transportation implementations, and advanced mobility
services. For a more reliable V2V networking, some redundancy
mechanisms should be provided in L3 in cases of the failure of L2.
For different use cases, the optimal solution to improve V2V networking
reliability may vary. For example, a group of platooning vehicles may
have stabler neighbors than freely moving vehicles, as described in
.
Problem Statement
In order to specify protocols using the architecture mentioned in
,
IPv6 core protocols have to be adapted to overcome certain
challenging aspects of vehicular networking. Since the vehicles are
likely to be moving at great speed, protocol exchanges need to be
completed in a relatively short time compared to the lifetime of a
link between a vehicle and an IP-RSU or between two vehicles.
In these cases, vehicles may not have enough time either to build
link-layer connections with each other and may rely more on
connections with infrastructure.
In other cases, the relative speed between vehicles
may be low when vehicles move toward the same direction or
are platooned.
For those cases, vehicles can have more time to build and maintain
connections with each other.
For safe driving, vehicles need to exchange application messages
every 0.5 seconds to let drivers
take an action to avoid a dangerous situation (e.g., vehicle collision),
so the IPv6 control plane (e.g., ND procedure and DAD) needs
to support this order of magnitude for application message exchanges.
Also, considering the communication range of DSRC (up to 1 km) and
100 km/h as the speed limit on highways (some countries can have much
higher speed limits or even no limit, e.g., Germany),
the lifetime of a link between
a vehicle and an IP-RSU is in the order of a minute (e.g., about
72 seconds), and the lifetime of a link
between two vehicles is about a half minute.
Note that if two vehicles are moving in the opposite directions in
a roadway, the relative speed of this case is two times the relative
speed of a vehicle passing through an IP-RSU.
This relative speed causes the lifetime of the wireless link between the vehicle and the IP-RSU to be halved.
In reality, the DSRC communication range is around 500 m, so the link
lifetime will be half of the maximum time.
The time constraint of a wireless link between two nodes (e.g., vehicle
and IP-RSU) needs to be considered because it may affect the lifetime
of a session involving the link.
The lifetime of a session varies depending on the session's type,
such as web surfing, a voice call over IP, a DNS query, or
context-aware navigation (in ).
Regardless of a session's type, to guide all the IPv6 packets to
their destination host(s), IP mobility should be supported for the
session. In a V2V scenario (e.g., context-aware navigation
), the IPv6
packets of a vehicle should be delivered to relevant vehicles efficiently
(e.g., multicasting).
With this observation, IPv6 protocol exchanges need to be performed as
quickly as possible to support the message exchanges of various
applications in vehicular networks.
Therefore, the time constraint of a wireless link has a major impact on
IPv6 Neighbor Discovery (ND). Mobility Management (MM) is also
vulnerable to disconnections that occur before the completion of
identity verification and tunnel management. This is especially
true given the unreliable nature of wireless communication.
Meanwhile, the bandwidth of the wireless link determined by the
lower layers (i.e., PHY and link layers) can affect the transmission
time of control messages of the upper layers (e.g., IPv6) and the
continuity of sessions in the higher layers (e.g., IPv6, TCP, and UDP).
Hence, the bandwidth selection according to the Modulation and Coding Scheme
(MCS) also affects the vehicular network connectivity. Note that usually
the higher bandwidth gives the shorter communication range and the
higher packet error rate at the receiving side, which may reduce the
reliability of control message exchanges of the higher layers (e.g.,
IPv6). This section presents key topics, such as neighbor discovery and
mobility management for links and sessions in IPv6-based vehicular
networks.
Note that the detailed discussion on the transport-layer session
mobility and usage of available bandwidth to fulfill the use cases
is left as potential future work.
Neighbor Discovery
IPv6 ND
is a core part of the IPv6 protocol suite. IPv6 ND is designed
for link types including point-to-point, multicast-capable (e.g.,
Ethernet), and Non-Broadcast Multiple Access (NBMA).
It assumes the efficient and reliable support of multicast and
unicast from the link layer for various network operations,
such as MAC Address Resolution (AR), DAD, MLD, and Neighbor
Unreachability Detection (NUD)
.
Vehicles move quickly within the communication coverage of any
particular vehicle or IP-RSU. Before the vehicles can exchange
application messages with each other, they need IPv6 addresses
to run IPv6 ND.
The requirements for IPv6 ND for vehicular networks are efficient
DAD and NUD operations. An efficient DAD is required to reduce
the overhead of DAD packets during a vehicle's travel in a
road network, which can guarantee the uniqueness of a vehicle's
global IPv6 address. An efficient NUD is required to reduce the
overhead of the NUD packets during a vehicle's travel in a road
network, which can guarantee the accurate neighborhood information
of a vehicle in terms of adjacent vehicles and IP-RSUs.
The legacy DAD assumes that a node with an IPv6 address can reach any
other node with the scope of its address at the time it claims its address,
and can hear any future claim for that address by another party within
the scope of its address for the duration of the address ownership.
However, the partitioning and merging of VANETs makes this assumption
not valid frequently in vehicular networks.
The partitioning and merging of VANETs frequently occurs in vehicular
networks.
This partitioning and merging should be considered for
IPv6 ND, such as IPv6 Stateless Address Autoconfiguration (SLAAC)
.
SLAAC is not compatible with the partitioning and merging, and additional
work is needed for ND to operate properly under those circumstances.
Due to the merging of VANETs, two IPv6 addresses may conflict with
each other though they were unique before the merging. An address
lookup operation may be conducted by an MA or IP-RSU (as Registrar in
RPL) to check the uniqueness of an IPv6 address that will be
configured by a vehicle as DAD.
Also, the partitioning of a VANET may make vehicles with the same
prefix be physically unreachable. An address lookup operation may be
conducted by an MA or IP-RSU (as Registrar in RPL) to check the
existence of a vehicle under the network coverage of the MA or IP-RSU
as NUD.
Thus, SLAAC needs to prevent IPv6 address duplication due to the
merging of VANETs, and IPv6 ND needs to detect unreachable neighboring
vehicles due to the partitioning of a VANET.
According to the partitioning and merging, a destination vehicle
(as an IPv6 host) needs to be distinguished as a host that is either
on-link or not on-link even though the source vehicle can use the
same prefix as the destination vehicle .
To efficiently prevent IPv6 address duplication (due to the VANET
partitioning and merging) from happening in vehicular networks, the
vehicular networks need to support a vehicular-network-wide DAD by
defining a scope that is compatible with the legacy DAD. In this case,
two vehicles can communicate with each other when there exists a
communication path over VANET or a combination of VANETs and IP-RSUs,
as shown in .
By using the vehicular-network-wide DAD, vehicles can assure that
their IPv6 addresses are unique in the vehicular network whenever
they are connected to the vehicular infrastructure or become
disconnected from it in the form of VANET.
For vehicular networks with high mobility and density, DAD
needs to be performed efficiently with minimum overhead so that
the vehicles can exchange driving safety messages (e.g.,
collision avoidance and accident notification) with each other
with a short interval as suggested by
the National Highway Traffic Safety Administration (NHTSA) of the U.S.
.
Since the partitioning and merging of vehicular networks may
require re-performing the DAD process repeatedly, the link scope
of vehicles may be limited to a small area, which may delay
the exchange of driving safety messages. Driving safety
messages can include a vehicle's mobility information (e.g.,
position, speed, direction, and acceleration/deceleration)
that is critical to other vehicles. The exchange interval of
this message is recommended to be less than 0.5 seconds, which is required
for a driver to avoid an emergency situation, such as a rear-end crash.
ND time-related parameters, such as router lifetime and Neighbor
Advertisement (NA) interval, need to be adjusted for vehicle speed
and vehicle density.
For example, the NA interval needs to be dynamically adjusted
according to a vehicle's speed so that the vehicle can maintain
its position relative to its neighboring vehicles in a stable way,
considering the collision probability with the NA messages sent
by other vehicles. The ND time-related parameters can be an operational
setting or an optimization point particularly for vehicular networks.
Note that the link-scope multicast messages in the ND protocol may cause
a performance issue in vehicular networks.
suggests several optimization approaches for the issue.
For IPv6-based safety applications (e.g., context-aware navigation,
adaptive cruise control, and platooning) in vehicular networks,
the delay-bounded data delivery is critical. IPv6 ND needs to
work to support those IPv6-based safety applications efficiently.
introduces
a Vehicular Neighbor Discovery (VND) process as an extension of IPv6 ND
for IP-based vehicular networks.
From the interoperability point of view, in IPv6-based vehicular
networking, IPv6 ND should have minimum changes from the legacy
IPv6 ND used in the Internet, including DAD and NUD operations,
so that IPv6-based vehicular networks can be seamlessly connected
to other intelligent transportation elements (e.g., traffic signals,
pedestrian wearable devices, electric scooters, and bus stops) that
use the standard IPv6 network settings.
Link Model
A subnet model for a vehicular network needs to facilitate
communication between two vehicles with the same prefix regardless
of the vehicular network topology as long as there exist
bidirectional E2E paths between them in the vehicular
network including VANETs and IP-RSUs.
This subnet model allows vehicles with the same prefix to
communicate with each other via a combination of multihop V2V and
multihop V2I with VANETs and IP-RSUs.
introduces other issues in an IPv6
subnet model.
IPv6 protocols work under certain assumptions that do not necessarily
hold for vehicular wireless access link types
.
For instance, some IPv6 protocols, such as NUD and MIPv6 ,
assume symmetry in the connectivity among neighboring interfaces.
However, radio interference and different levels of transmission power
may cause asymmetric links to appear in vehicular wireless links
.
As a result, a new vehicular link model needs to consider the asymmetry
of dynamically changing vehicular wireless links.
There is a relationship between a link and a prefix, besides the
different scopes that are expected from the link-local, unique-local,
and global types
of IPv6 addresses. In an IPv6 link, it is defined that all interfaces
that are configured with the same subnet prefix and with the on-link bit
set can communicate with each other on an IPv6 link. However, the
vehicular link model needs to define the relationship between a link
and a prefix, considering the dynamics of wireless links and the
characteristics of VANET.
A VANET can have a single link between each vehicle pair within
the wireless communication range, as shown in
. When two vehicles
belong to the same VANET, but they are out of wireless communication
range, they cannot communicate directly with each other. Suppose that
a global-scope IPv6 prefix (or an IPv6 ULA prefix) is assigned to
VANETs in vehicular networks.
Considering that two vehicles in the same VANET configure their IPv6
addresses with the same IPv6 prefix, if they are not connected in one hop (that is, they have
multihop network connectivity between them), then they may
not be able to communicate with each other.
Thus, in this case, the concept of
an on-link IPv6 prefix does not hold because two vehicles with the
same on-link IPv6 prefix cannot communicate directly with each other.
Also, when two vehicles are located in two different VANETs with the
same IPv6 prefix, they cannot communicate with each other.
On the other hand, when these two VANETs converge to one VANET,
the two vehicles can communicate with each other in a multihop fashion,
for example, when they are Vehicle1 and Vehicle3, as shown in
.
From the previous observation, a vehicular link model should consider
the frequent partitioning and merging of VANETs due to vehicle mobility.
Therefore, the vehicular link model needs to use a prefix that is on-link and
a prefix that is not on-link according to the network topology of vehicles, such as
a one-hop reachable network and a multihop reachable network (or
partitioned networks). If the vehicles with the same prefix are
reachable from each other in one hop, the prefix should be on-link.
On the other hand, if some of the vehicles with the same prefix are not
reachable from each other in one hop due to either the multihop
topology in the VANET or multiple partitions, the prefix should not be
on-link. In most cases in vehicular networks, due to the partitioning
and merging of VANETs and the multihop network topology of VANETs,
prefixes that are not on-link will be used for vehicles as default.
The vehicular link model needs to support multihop routing in a
connected VANET where the vehicles with the same global-scope IPv6
prefix (or the same IPv6 ULA prefix) are connected in one hop or
multiple hops. It also needs to support the multihop routing in
multiple connected VANETs through infrastructure nodes (e.g., IP-RSU)
where they are connected to the infrastructure. For example, in
, suppose that
Vehicle1, Vehicle2, and Vehicle3 are configured with their IPv6
addresses based on the same global-scope IPv6 prefix. Vehicle1 and
Vehicle3 can also communicate with each other via either multihop
V2V or multihop V2I2V. When Vehicle1 and Vehicle3 are connected in
a VANET, it will be more efficient for them to communicate with each
other directly via VANET rather than indirectly via IP-RSUs. On the
other hand, when Vehicle1 and Vehicle3 are farther apart than the direct
communication range in two separate VANETs and under two different
IP-RSUs, they can communicate with each other through the relay of
IP-RSUs via V2I2V.
Thus, the two separate VANETs can merge into one network via IP-RSU(s).
Also, newly arriving vehicles can merge the two separate VANETs into
one VANET if they can play the role of a relay node for those VANETs.
Thus, in IPv6-based vehicular networking, the vehicular link model
should have minimum changes for interoperability with standard IPv6
links efficiently to support IPv6 DAD, MLD, and NUD
operations.
MAC Address Pseudonym
For the protection of drivers' privacy, a pseudonym of a MAC
address of a vehicle's network interface should be used so that
the MAC address can be changed periodically. However, although
such a pseudonym of a MAC address can protect to some extent the
privacy of a vehicle, it may not be able to resist attacks on
vehicle identification by other fingerprint information, for example,
the scrambler seed embedded in IEEE 802.11-OCB frames
.
Note that
discusses more about MAC address randomization, and
describes several use cases
for MAC address randomization.
In the ETSI standards, for the sake of security and privacy, an
ITS station (e.g., vehicle) can use pseudonyms for its network
interface identities (e.g., MAC address) and the corresponding
IPv6 addresses . Whenever
the network interface identifier changes, the IPv6 address based
on the network interface identifier needs to be updated, and the
uniqueness of the address needs to be checked through a DAD
procedure.
Routing
For multihop V2V communications in either a VANET or VANETs via
IP-RSUs, a vehicular Mobile Ad Hoc Networks (MANET)
routing protocol may be required to support both unicast and
multicast in the links of the subnet with the same IPv6
prefix. However, it will be costly to run both vehicular ND
and a vehicular ad hoc routing protocol in terms of control
traffic overhead .
A routing protocol for a VANET may cause redundant wireless
frames in the air to check the neighborhood of each vehicle
and compute the routing information in a VANET with a dynamic
network topology because IPv6 ND is used to check the
neighborhood of each vehicle. Thus, the vehicular routing
needs to take advantage of IPv6 ND to minimize its control
overhead.
RPL defines a routing
LLN protocol, which constructs and maintains Destination-Oriented
Directed Acyclic Graphs (DODAGs) optimized by an Objective Function (OF).
A defined OF provides route selection and optimization within an RPL
topology.
The RPL nodes use an anisotropic Distance Vector (DV) approach to
form a DODAG by discovering and aggressively maintaining the upward
default route toward the root of the DODAG. Downward routes follow
the same DODAG, with lazy maintenance and stretched peer-to-peer
(P2P) routing in the so-called storing mode.
It is well-designed to reduce the topological knowledge and routing
state that needs to be exchanged.
As a result, the routing protocol overhead is minimized, which allows
either highly constrained stable networks or less constrained, highly
dynamic networks. Refer to
for the detailed description of RPL for multihop V2X networking.
An address registration extension for 6LoWPAN (IPv6 over Low-Power
Wireless Personal Area Network) in can support light-weight mobility for nodes moving
through different parents.
The extension described in is stateful
and proactively installs the ND cache entries; this saves broadcasts
and provides deterministic presence information for IPv6 addresses.
Mainly, it updates the Address Registration Option (ARO) of ND
defined in to include a status field (which can indicate
the movement of a node) and optionally a Transaction ID (TID) field
(which is a sequence number that can be used to determine the most
recent location of a node).
Thus, RPL can use the information provided by
the Extended ARO (EARO) defined in to deal with a certain level of node mobility. When a
leaf node moves to the coverage of another parent node, it should
de-register its addresses with the previous parent node and register itself
with a new parent node along with an incremented TID.
RPL can be used in IPv6-based vehicular networks, but it is primarily
designed for low-power networks, which puts energy efficiency first.
For using it in IPv6-based vehicular networks, there have not been
actual experiences and practical implementations, though it was tested in
IoT Low-Power and Lossy Network (LLN) scenarios.
Another concern is that RPL may generate excessive topology discovery
messages in a highly moving environment, such as vehicular networks.
This issue can be an operational or optimization point for a practitioner.
Moreover, due to bandwidth and energy constraints, RPL does not suggest
using a proactive mechanism (e.g., keepalive) to maintain accurate routing
adjacencies, such as Bidirectional Forwarding Detection
and MANET Neighborhood Discovery Protocol .
As a result, due to the mobility of vehicles, network fragmentation may
not be detected quickly, and the routing of packets between vehicles
or between a vehicle and an infrastructure node may fail.
Mobility Management
The seamless connectivity and timely data exchange between
two endpoints requires efficient mobility management
including location management and handover.
Most vehicles are equipped with a GNSS receiver as part of
a dedicated navigation system or a corresponding smartphone
app. Note that the GNSS receiver may not provide vehicles with
accurate location information in adverse environments, such as
a building area or a tunnel. The location precision can be
improved with assistance of the IP-RSUs or a cellular system
with a GNSS receiver for location information.
With a GNSS navigator, efficient mobility management can
be performed with the help of vehicles periodically reporting
their current position and trajectory (i.e., navigation path) to
the vehicular infrastructure (having IP-RSUs and an MA in TCC).
This vehicular infrastructure can predict the future positions
of the vehicles from their mobility information (e.g., the current
position, speed, direction, and trajectory) for efficient mobility
management (e.g., proactive handover). For a better proactive
handover, link-layer parameters, such as the signal strength of a
link-layer frame (e.g., Received Channel Power Indicator (RCPI)
), can be used to determine the
moment of a handover between IP-RSUs along with mobility
information.
By predicting a vehicle's mobility, the vehicular infrastructure
needs to better support IP-RSUs to perform efficient SLAAC, data
forwarding, horizontal handover (i.e., handover in wireless links
using a homogeneous radio technology), and vertical handover
(i.e., handover in wireless links using heterogeneous radio
technologies) in advance along with the movement of the vehicle.
For example, as shown in ,
when a vehicle (e.g., Vehicle2) is moving from the coverage of an
IP-RSU (e.g., IP-RSU1) into the coverage of another IP-RSU (e.g.,
IP-RSU2) belonging to a different subnet, the IP-RSUs can
proactively support the IPv6 mobility of the vehicle while
performing the SLAAC, data forwarding, and handover for the sake
of the vehicle.
For a mobility management scheme in a domain, where the
wireless subnets of multiple IP-RSUs share the same prefix,
an efficient vehicular-network-wide DAD is required.
On the other hand, for a mobility
management scheme with a unique prefix per mobile node (e.g., PMIPv6
),
DAD is not required because the IPv6 address of a vehicle's external
wireless interface is guaranteed to be unique. There is a trade-off
between the prefix usage efficiency and DAD overhead. Thus, the IPv6
address autoconfiguration for vehicular networks needs to consider
this trade-off to support efficient mobility management.
Even though SLAAC with classic ND costs DAD overhead during
mobility management, SLAAC with the registration extension
specified in and/or with AERO/OMNI does not cost DAD overhead.
SLAAC for vehicular networks needs to consider the
minimization of the cost of DAD with the help of an infrastructure
node (e.g., IP-RSU and MA). Using an infrastructure prefix over VANET
allows direct routability to the Internet through the multihop V2I toward
an IP-RSU. On the other hand, a BYOA does not allow such direct
routability to the Internet since the BYOA is not topologically
correct, that is, not routable in the Internet. In addition, a
vehicle configured with a BYOA needs a tunnel home (e.g., IP-RSU)
connected to the Internet, and the vehicle needs to know which
neighboring vehicle is reachable inside the VANET toward the tunnel
home. There is non-negligible control overhead to set up and
maintain routes to such a tunnel home over the VANET.
For the case of a multihomed network, a vehicle can follow the
first-hop router selection rule described in .
For example, an IP-OBU inside a vehicle may connect to an IP-RSU that
has multiple routers behind. In this scenario, because the IP-OBU
can have multiple prefixes from those routers, the default router
selection, source address selection, and packet redirect process
should follow the guidelines in .
That is, the vehicle should select its default router for each prefix
by preferring the router that advertised the prefix.
Vehicles can use the TCC as their Home Network having a home agent
for mobility management as in MIPv6 ,
PMIPv6 , and NEMO , so the TCC (or an MA inside the
TCC) maintains the mobility information of vehicles for location
management. Also, in vehicular networks,
asymmetric links sometimes exist and must be considered for
wireless communications, such as V2V and V2I.
discusses
a Vehicular Mobility Management (VMM) scheme to proactively do handover
for vehicles.
Therefore, for the proactive and seamless IPv6 mobility of vehicles,
the vehicular infrastructure (including IP-RSUs and MA) needs to
efficiently perform the mobility management of the vehicles with
their mobility information and link-layer information.
Also, in IPv6-based vehicular networking, IPv6 mobility management
should have minimum changes for the interoperability with the
legacy IPv6 mobility management schemes, such as PMIPv6, DMM, LISP,
and AERO.
Security Considerations
This section discusses security and privacy for IPv6-based vehicular
networking. Security and privacy are paramount in V2I, V2V, and V2X
networking along with neighbor discovery and mobility
management.
Vehicles and infrastructure must be authenticated to each other by
a password, a key, and/or a fingerprint
in order to participate in vehicular networking.
For the authentication in vehicular networks, the Vehicular Cloud
needs to support a Public Key Infrastructure (PKI) efficiently, as either
a dedicated or a co-located component inside a TCC.
To provide safe interaction between vehicles
or between a vehicle and infrastructure, only authenticated
nodes (i.e., vehicle and infrastructure nodes) can participate
in vehicular networks.
Also, in-vehicle devices (e.g., ECUs) and a driver/passenger's mobile
devices (e.g., smartphones and tablet PCs) in a vehicle need to
securely communicate with other in-vehicle devices, another
driver/passenger's mobile devices in another vehicle, or other
servers behind an IP-RSU.
Even though a vehicle is perfectly authenticated by another entity
and legitimate to use the data generated by another vehicle,
it may be hacked by malicious applications that track and
collect its and other vehicles' information. In this case, an
attack mitigation process may be required to reduce the aftermath of
malicious behaviors.
Note that when a driver/passenger's mobile devices are connected to a
vehicle's internal network, the vehicle may be more vulnerable to possible
attacks from external networks due to the exposure of its
in-flight traffic packets.
discusses several types of threats for Vehicular Security and Privacy (VSP).
For secure V2I communication, a secure channel (e.g., IPsec) between
a mobile router (i.e., IP-OBU) in a vehicle and a fixed router
(i.e., IP-RSU) in an EN needs to be established, as shown in
.
Also, for secure V2V communication, a secure channel (e.g., IPsec)
between a mobile router (i.e., IP-OBU) in a vehicle and a mobile
router (i.e., IP-OBU) in another vehicle needs to be established, as
shown in .
For secure V2I/V2V communication, an element in a vehicle (e.g., an
in-vehicle device and a driver/passenger's mobile device) needs to
establish a secure connection (e.g., TLS) with another element in
another vehicle or another element in a Vehicular Cloud (e.g., a
server).
Note that any key management approach can be used for the secure
communication, and particularly for IPv6-based vehicular networks,
a new or enhanced key management approach resilient to wireless
networks is required.
IEEE Std 1609.2 specifies
security services for applications and management messages, but this
WAVE specification is optional.
Thus, if the link layer does not support the security of a WAVE frame,
either the network layer or the
transport layer needs to support security services for the WAVE
frame.
Security Threats in Neighbor Discovery
For the classical IPv6 ND (i.e., the legacy ND), DAD is required
to ensure the uniqueness of the
IPv6 address of a vehicle's wireless interface. This DAD can be
used as a flooding attack that uses the DAD-related ND packets
disseminated over the VANET or vehicular networks.
introduces threats enabled by IP source address spoofing.
This possibility indicates that vehicles and IP-RSUs need to filter
out suspicious ND traffic in advance.
introduces a mechanism that protects
the ownership of an address for 6LoWPAN ND from address theft
and impersonation attacks.
Based on the SEND mechanism , the
authentication for routers (i.e., IP-RSUs) can be conducted
by only selecting an IP-RSU that has a certification path toward
trusted parties. For authenticating other vehicles,
Cryptographically Generated Addresses (CGAs) can be used to
verify the true owner of a received ND message, which requires
using the CGA ND option in the ND protocol.
This CGA can protect vehicles against DAD flooding
by DAD filtering based on the verification for the true owner
of the received DAD message.
For a general protection of the ND mechanism, the RSA Signature
ND option can also be used to protect the integrity of the
messages by public key signatures. For a more advanced
authentication mechanism, a distributed blockchain-based
approach can be used.
However, for a scenario where a trustable router or an
authentication path cannot be obtained, it is desirable to find
a solution in which vehicles and infrastructure nodes can
authenticate each other without any support from a third party.
When applying the classical IPv6 ND process to VANET, one of
the security issues is that an IP-RSU (or IP-OBU) as
a router may receive deliberate or accidental DoS attacks from network
scans that probe devices on a VANET. In this scenario, the IP-RSU
(or IP-OBU) can be overwhelmed by processing the network scan requests
so that the capacity and resources of the IP-RSU (or IP-OBU) are
exhausted, causing the failure of receiving normal ND messages from
other hosts for network address resolution.
describes more about the operational problems
in the classical IPv6 ND mechanism that can be vulnerable to deliberate
or accidental DoS attacks and suggests several implementation guidelines
and operational mitigation techniques for those problems.
Nevertheless, for running IPv6 ND in VANET, those issues can be
acuter since the movements of vehicles can be so diverse that
there is a wider opportunity for rogue behaviors, and the failure of
networking among vehicles may lead to grave consequences.
Strong security measures shall protect vehicles roaming in road
networks from the attacks of malicious nodes that are controlled
by hackers. For safe driving applications (e.g., context-aware
navigation, cooperative adaptive cruise control, and platooning),
as explained in , the
cooperative action among vehicles is assumed. Malicious nodes may
disseminate wrong driving information (e.g., location, speed, and
direction) for disturbing safe driving. For example, a Sybil attack,
which tries to confuse a vehicle with multiple false identities,
may disturb a vehicle from taking a safe maneuver.
Since cybersecurity issues in vehicular networks may cause physical
vehicle safety issues, it may be necessary to consider those physical
safety concerns when designing protocols in IPWAVE.
To identify malicious vehicles among vehicles, an authentication
method may be required. A Vehicle Identification Number (VIN) (or a
vehicle manufacturer certificate) and a user certificate (e.g., X.509
certificate ) along with an
in-vehicle device's identifier generation can be used to efficiently
authenticate a vehicle or its driver (having a user certificate)
through a road infrastructure node (e.g., IP-RSU) connected to an
authentication server in the Vehicular Cloud. This authentication can
be used to identify the vehicle that will communicate with an
infrastructure node or another vehicle. In the case where a vehicle
has an internal network (called a mobile network) and elements in the
network (e.g., in-vehicle devices and a user's mobile devices), as
shown in ,
the elements in the network need to be authenticated individually for
safe authentication. Also, Transport Layer Security (TLS)
certificates can be used for an element's
authentication to allow secure E2E vehicular communications between an
element in a vehicle and another element in a server in a Vehicular
Cloud or between an element in a vehicle and another element in
another vehicle.
Security Threats in Mobility Management
For mobility management, a malicious vehicle can construct
multiple virtual bogus vehicles and register them with IP-RSUs
and MAs. This registration makes the IP-RSUs and MAs waste their
resources. The IP-RSUs and MAs need to determine whether
a vehicle is genuine or bogus in mobility management.
Also, for the confidentiality of control packets and data packets
between IP-RSUs and MAs, the E2E paths (e.g., tunnels) need to be
protected by secure communication channels.
In addition, to prevent bogus IP-RSUs and MAs from interfering with
the IPv6 mobility of vehicles, mutual authentication among
the IP-RSUs, MAs, and vehicles
needs to be performed by certificates (e.g., TLS certificate).
Other Threats
For the setup of a secure channel over IPsec or TLS, the multihop V2I
communications over DSRC or 5G V2X (or LTE V2X) is required on
a highway. In this case, multiple intermediate vehicles as relay
nodes can help to forward association and authentication messages
toward an IP-RSU (or gNodeB/eNodeB) connected to an authentication
server in the Vehicular Cloud. In this kind of process, the
authentication messages forwarded by each vehicle can be delayed or
lost, which may increase the construction time of a connection or cause some
vehicles to not be able to be authenticated.
Even though vehicles can be authenticated with valid certificates by
an authentication server in the Vehicular Cloud, the authenticated
vehicles may harm other vehicles. To deal with this kind of security
issue, for monitoring suspicious behaviors, vehicles' communication
activities can be recorded in either a centralized approach through a
logging server (e.g., TCC) in the Vehicular Cloud or a decentralized
approach (e.g., an ECD and blockchain )
by the help of other vehicles and infrastructure.
There are trade-offs between centralized and decentralized approaches
in logging of vehicles' behaviors (e.g., location, speed, direction,
acceleration/deceleration, and lane change) and communication
activities (e.g., transmission time, reception time, and packet types,
such as TCP, UDP, SCTP, QUIC, HTTP, and HTTPS).
A centralized approach is more efficient than a decentralized
approach in terms of log data collection and processing in a
central server in the Vehicular Cloud.
However, the centralized approach may cause a higher delay than a
decentralized approach in terms of the analysis of the log data
and counteraction in a local ECD or a distributed database like a
blockchain.
The centralized approach stores log data collected from VANET into
a remote logging server in a Vehicular Cloud as a central cloud, so it
takes time to deliver the log data to a remote logging server.
On the other hand, the decentralized approach stores the log data
into a nearby edge computing device as a local logging server or a
nearby blockchain node, which participates in a blockchain network.
On the stored log data, an analyzer needs to perform a machine
learning technique (e.g., deep learning) and seek suspicious behaviors
of the vehicles. If such an analyzer is located either within or near
the edge computing device, it can access the log data with a short
delay, analyze it quickly, and generate feedback to allow for a quick
counteraction against such malicious behaviors. On the other hand,
if the Vehicular Cloud with the log data is far away from a
problematic VANET with malicious behaviors, the centralized approach
takes a longer time with the analysis of the log data and the
decision-making on malicious behaviors than the decentralized approach.
If the log data is encrypted by a secret key, it can be protected
from the observation of a hacker. The secret key sharing among legal
vehicles, ECDs, and Vehicular Clouds should be supported efficiently.
Log data can release privacy breakage of a vehicle.
The log data can contain the MAC address and IPv6
address for a vehicle's wireless network interface. If the unique
MAC address of the wireless network interface is used, a hacker
can track the vehicle with that MAC address and can track the
privacy information of the vehicle's driver (e.g., location
information). To prevent this privacy breakage, a MAC address
pseudonym can be used for the MAC address of the wireless network
interface, and the corresponding IPv6 address should be based on
such a MAC address pseudonym.
By solving a privacy issue of a vehicle's identity in logging,
vehicles may observe each other's activities to identify any
misbehaviors without privacy breakage. Once identifying a
misbehavior, a vehicle shall have a way to either isolate itself
from others or isolate a suspicious vehicle by informing
other vehicles.
For completely secure vehicular networks, we shall embrace the concept
of "zero-trust" for vehicles where no vehicle is trustable and
verifying every message (such as IPv6 control messages including ND,
DAD, NUD, and application-layer messages) is necessary. In this way,
vehicular networks can defend against many possible cyberattacks. Thus, we
need to have an efficient zero-trust framework or mechanism for
vehicular networks.
For the non-repudiation of the harmful activities from malicious
vehicles, as it is difficult for other normal vehicles to identify them,
an additional and advanced approach is needed. One possible
approach is to use a blockchain-based approach
as an IPv6 security checking framework.
Each IPv6 packet from a vehicle can be treated as a transaction, and the
neighboring vehicles can play the role of peers in a consensus
method of a blockchain . For a blockchain's efficient
consensus in vehicular networks having fast-moving vehicles, either
a new consensus algorithm needs to be developed, or an existing
consensus algorithm needs to be enhanced.
In addition, a consensus-based mechanism for the security of
vehicular networks in the IPv6 layer can also be considered.
A group of servers as blockchain infrastructure can be part of
the security checking process in the IP layer.
To prevent an adversary from tracking a vehicle with its MAC
address or IPv6 address, especially for a long-living transport-layer
session (e.g., voice call over IP and video streaming service),
a MAC address pseudonym needs to be provided to each vehicle;
that is, each vehicle periodically updates its MAC address, and
the vehicle's IPv6 address needs to be updated accordingly by the MAC
address change .
Such an update of the MAC and IPv6 addresses should not
interrupt the E2E communications between two vehicles (or
between a vehicle and an IP-RSU) for a long-living transport-layer
session. However, if this pseudonym is performed without strong
E2E confidentiality (using either IPsec or TLS), there will be no
privacy benefit from changing MAC and IPv6 addresses because an
adversary can observe the change of the MAC and IPv6 addresses and
track the vehicle with those addresses. Thus, the MAC address
pseudonym and the IPv6 address update should be performed with strong
E2E confidentiality.
The privacy exposure to the TCC via V2I is mostly about the
location information of vehicles and may also include other in-vehicle
activities, such as transactions of credit cards. The assumed,
trusted actors are the owner of a vehicle, an authorized vehicle
service provider (e.g., navigation service provider), and an
authorized vehicle manufacturer for providing after-sales services.
In addition, privacy concerns for excessively collecting vehicle
activities from roadway operators, such as public transportation
administrators and private contractors, may also pose threats on
violating privacy rights of vehicles. It might be interesting to find
a solution from a technological point of view along with public policy
development for the issue.
The "multicasting" of the location information of a VRU's smartphone
means IPv6 multicasting. There is a possible security attack related
to this multicasting. Attackers can use "fake identifiers" as source
IPv6 addresses of their devices to generate IPv6 packets and multicast
them to nearby vehicles in order to cause confusion that those
vehicles are surrounded by other vehicles or pedestrians. As a result,
navigation services (e.g., Google Maps and Waze )
can be confused with fake road traffic by those vehicles or smartphones
with "fake identifiers" .
This attack with "fake identifiers" should be detected and handled by
vehicular networks. To cope with this attack, both legal vehicles and
legal VRUs' smartphones can be registered with a TCC and their locations
can be tracked by the TCC. With this tracking, the TCC can tell the
road traffic conditions caused by those vehicles and smartphones.
In addition, to prevent hackers from tracking the locations of those
vehicles and smartphones, either a MAC address pseudonym
or secure IPv6 address generation
can be used to protect the privacy of those vehicles and smartphones.
IANA Considerations
This document has no IANA actions.
ReferencesNormative ReferencesNeighbor Discovery for IP version 6 (IPv6)This document specifies the Neighbor Discovery protocol for IP Version 6. IPv6 nodes on the same link use Neighbor Discovery to discover each other's presence, to determine each other's link-layer addresses, to find routers, and to maintain reachability information about the paths to active neighbors. [STANDARDS-TRACK]IPv6 Stateless Address AutoconfigurationThis document specifies the steps a host takes in deciding how to autoconfigure its interfaces in IP version 6. The autoconfiguration process includes generating a link-local address, generating global addresses via stateless address autoconfiguration, and the Duplicate Address Detection procedure to verify the uniqueness of the addresses on a link. [STANDARDS-TRACK]Mobility Support in IPv6This document specifies Mobile IPv6, a protocol that allows nodes to remain reachable while moving around in the IPv6 Internet. Each mobile node is always identified by its home address, regardless of its current point of attachment to the Internet. While situated away from its home, a mobile node is also associated with a care-of address, which provides information about the mobile node's current location. IPv6 packets addressed to a mobile node's home address are transparently routed to its care-of address. The protocol enables IPv6 nodes to cache the binding of a mobile node's home address with its care-of address, and to then send any packets destined for the mobile node directly to it at this care-of address. To support this operation, Mobile IPv6 defines a new IPv6 protocol and a new destination option. All IPv6 nodes, whether mobile or stationary, can communicate with mobile nodes. This document obsoletes RFC 3775. [STANDARDS-TRACK]Basic Support for IPv6 Networks Operating Outside the Context of a Basic Service Set over IEEE Std 802.11This document provides methods and settings for using IPv6 to communicate among nodes within range of one another over a single IEEE 802.11-OCB link. Support for these methods and settings require minimal changes to existing stacks. This document also describes limitations associated with using these methods. Optimizations and usage of IPv6 over more complex scenarios are not covered in this specification and are a subject for future work.Informative ReferencesAutomatic Extended Route Optimization (AERO)Boeing Research & TechnologyWork in ProgressMillimeter-Wave Vehicular Communication to Support Massive Automotive SensingIEEE Communications Magazine, Volume 54, Issue 12, pp. 160-167Bitcoin: A Peer-to-Peer Electronic Cash SystemCooperative Adaptive Cruise ControlCalifornia Partners for Advanced Transportation Technology (PATH)CASD: A Framework of Context-Awareness Safety Driving in Vehicular Networks30th International Conference on Advanced Information
Networking and Applications Workshops (WAINA)CBDN: Cloud-Based Drone Navigation for Efficient Battery Charging in Drone NetworksIEEE Transactions on Intelligent Transportation Systems, Volume 20, Issue 11, pp. 4174-4191Context-Aware Navigation Protocol for Safe Driving in Vehicular Cyber-Physical SystemsIEEE Transactions on Intelligent Transportation Systems, Volume 24, Issue 1, pp. 128-138DFC: Device-free human counting through WiFi fine-grained subcarrier informationIET Communications, Volume 15, Issue 3, pp. 337-350Standard Specification for Telecommunications and Information Exchange Between Roadside and Vehicle Systems - 5 GHz Band Dedicated Short Range Communications (DSRC) Medium Access Control (MAC) and Physical Layer (PHY) SpecificationsASTM InternationalCOMMISSION DECISION of 5 August 2008 on the harmonised use of radio spectrum in the 5 875-5 905 MHz frequency band for safety-related applications of Intelligent Transport Systems (ITS)European UnionBerlin artist uses handcart full of smartphones to trick Google Maps' traffic algorithm into thinking there is traffic jamABC NewsFCC Modernizes 5.9 GHz Band to Improve Wi-Fi and Automotive SafetyFederal Communications CommissionFirst Responder Network Authority | FirstNetFirstNet AuthorityFY 2017: ANNUAL REPORT TO CONGRESS, Advancing Public Safety Broadband CommunicationsFirstNetProtocol for Forwarding Policy Configuration (FPC) in DMMSoftBankSprintNECCiscoIntel CorporationFuturewei This document describes a way, called Forwarding Policy Configuration
(FPC) to manage the separation of data-plane and control-plane. FPC
defines a flexible mobility management system using FPC agent and FPC
client functions. A FPC agent provides an abstract interface to the
data-plane. The FPC client configures data-plane nodes by using the
functions and abstractions provided by the FPC agent for the data-
plane nodes. The data-plane abstractions presented in this document
are extensible in order to support many different types of mobility
management systems and data-plane functions.
Work in ProgressFuel-Efficient En Route Formation of Truck PlatoonsIEEE Transactions on Intelligent Transportation Systems, Volume 19, Issue 1, pp. 102-112Google MapsGoogleCross-layer identities management in ITS stations10th IEEE International Conference on ITS TelecommunicationsIEEE Standard for Information technology - Telecommunications and information exchange between systems Local and metropolitan area networks-Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) SpecificationsIEEEIEEE Standard for Information technology-- Local and metropolitan area networks-- Specific requirements-- Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 6: Wireless Access in Vehicular EnvironmentsIEEEChallenges in a future IP/Ethernet-based in-car network for real-time applicationsProceedings of the 48th Design Automation Conference, pp. 7-12IP over Intentionally Partially Partitioned Links IP makes certain assumptions about the L2 forwarding behavior of a
multi-access IP link. However, there are several forms of
intentional partitioning of links ranging from split-horizon to
Private VLANs that violate some of those assumptions. This document
specifies that link behavior and how IP handles links with those
properties.
Work in ProgressIntelligent transport systems - Communications access for land mobiles (CALM) - IPv6 NetworkingISO/TC 204Intelligent transport systems - Communications access for land mobiles (CALM) - IPv6 Networking - Amendment 1ISO/TC 204Low Human-Effort, Device-Free Localization with Fine-Grained Subcarrier InformationIEEE Transactions on Mobile Computing, Volume 17, Issue 11, pp. 2550-2563Randomized and Changing MAC AddressCISCOUniversidad Carlos III de MadridSky UK Group, Sky LabsWork in ProgressAutomotive Collision Avoidance Systems (ACAS) Program Final ReportNational Highway Traffic Safety Administration (NHTSA)Transmission of IP Packets over Overlay Multilink Network (OMNI) InterfacesThe Boeing CompanyWork in ProgressIP Parcels and Advanced JumbosBoeing Research & TechnologyWork in ProgressPSCEurope Public Safety Communications EuropeEuropean CommissionRandomized and Changing MAC Address Use Cases and RequirementsCisco SystemsComcast To limit the privacy and security issues created by the association
between a device, its traffic, its location and its user, client
vendors have started implementing MAC address rotation. When such
rotation happens, some in-network states may break, which may affect
network efficiency and the user experience. At the same time,
devices may continue sending other stable identifiers, defeating the
MAC rotation purposes. This document lists various network
environments and a set of functional network services that may be
affected by such rotation. This document then examines settings
where the user experience may be affected by in-network state
disruption, and settings where other machine identifiers may help re-
identify the user or recover the identity of the user, and locate the
device and its associated user. Last, this document examines
solutions to maintain user privacy while preserving user quality of
experience and network operation efficiency.
Work in ProgressMulticast Listener Discovery (MLD) for IPv6This document specifies the protocol used by an IPv6 router to discover the presence of multicast listeners (that is, nodes wishing to receive multicast packets) on its directly attached links, and to discover specifically which multicast addresses are of interest to those neighboring nodes. [STANDARDS-TRACK]Optimized Link State Routing Protocol (OLSR)This document describes the Optimized Link State Routing (OLSR) protocol for mobile ad hoc networks. The protocol is an optimization of the classical link state algorithm tailored to the requirements of a mobile wireless LAN. The key concept used in the protocol is that of multipoint relays (MPRs). MPRs are selected nodes which forward broadcast messages during the flooding process. This technique substantially reduces the message overhead as compared to a classical flooding mechanism, where every node retransmits each message when it receives the first copy of the message. In OLSR, link state information is generated only by nodes elected as MPRs. Thus, a second optimization is achieved by minimizing the number of control messages flooded in the network. As a third optimization, an MPR node may chose to report only links between itself and its MPR selectors. Hence, as contrary to the classic link state algorithm, partial link state information is distributed in the network. This information is then used for route calculation. OLSR provides optimal routes (in terms of number of hops). The protocol is particularly suitable for large and dense networks as the technique of MPRs works well in this context.Mobility Related TerminologyThere is a need for common definitions of terminology in the work to be done around IP mobility. This document defines terms for mobility related terminology. The document originated out of work done in the Seamoby Working Group but has broader applicability for terminology used in IETF-wide discourse on technology for mobility and IP networks. Other working groups dealing with mobility may want to take advantage of this terminology. This memo provides information for the Internet community.Multicast Listener Discovery Version 2 (MLDv2) for IPv6This document updates RFC 2710, and it specifies Version 2 of the ulticast Listener Discovery Protocol (MLDv2). MLD is used by an IPv6 router to discover the presence of multicast listeners on directly attached links, and to discover which multicast addresses are of interest to those neighboring nodes. MLDv2 is designed to be interoperable with MLDv1. MLDv2 adds the ability for a node to report interest in listening to packets with a particular multicast address only from specific source addresses or from all sources except for specific source addresses. [STANDARDS-TRACK]Network Mobility (NEMO) Basic Support ProtocolThis document describes the Network Mobility (NEMO) Basic Support protocol that enables Mobile Networks to attach to different points in the Internet. The protocol is an extension of Mobile IPv6 and allows session continuity for every node in the Mobile Network as the network moves. It also allows every node in the Mobile Network to be reachable while moving around. The Mobile Router, which connects the network to the Internet, runs the NEMO Basic Support protocol with its Home Agent. The protocol is designed so that network mobility is transparent to the nodes inside the Mobile Network. [STANDARDS-TRACK]SEcure Neighbor Discovery (SEND)IPv6 nodes use the Neighbor Discovery Protocol (NDP) to discover other nodes on the link, to determine their link-layer addresses to find routers, and to maintain reachability information about the paths to active neighbors. If not secured, NDP is vulnerable to various attacks. This document specifies security mechanisms for NDP. Unlike those in the original NDP specifications, these mechanisms do not use IPsec. [STANDARDS-TRACK]Randomness Requirements for SecuritySecurity systems are built on strong cryptographic algorithms that foil pattern analysis attempts. However, the security of these systems is dependent on generating secret quantities for passwords, cryptographic keys, and similar quantities. The use of pseudo-random processes to generate secret quantities can result in pseudo-security. A sophisticated attacker may find it easier to reproduce the environment that produced the secret quantities and to search the resulting small set of possibilities than to locate the quantities in the whole of the potential number space.Choosing random quantities to foil a resourceful and motivated adversary is surprisingly difficult. This document points out many pitfalls in using poor entropy sources or traditional pseudo-random number generation techniques for generating such quantities. It recommends the use of truly random hardware techniques and shows that the existing hardware on many systems can be used for this purpose. It provides suggestions to ameliorate the problem when a hardware solution is not available, and it gives examples of how large such quantities need to be for some applications. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.Unique Local IPv6 Unicast AddressesThis document defines an IPv6 unicast address format that is globally unique and is intended for local communications, usually inside of a site. These addresses are not expected to be routable on the global Internet. [STANDARDS-TRACK]Security Architecture for the Internet ProtocolThis document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer. This document obsoletes RFC 2401 (November 1998). [STANDARDS-TRACK]IP Authentication HeaderThis document describes an updated version of the IP Authentication Header (AH), which is designed to provide authentication services in IPv4 and IPv6. This document obsoletes RFC 2402 (November 1998). [STANDARDS-TRACK]IP Encapsulating Security Payload (ESP)This document describes an updated version of the Encapsulating Security Payload (ESP) protocol, which is designed to provide a mix of security services in IPv4 and IPv6. ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. This document obsoletes RFC 2406 (November 1998). [STANDARDS-TRACK]Cryptographic Suites for IPsecThe IPsec, Internet Key Exchange (IKE), and IKEv2 protocols rely on security algorithms to provide privacy and authentication between the initiator and responder. There are many such algorithms available, and two IPsec systems cannot interoperate unless they are using the same algorithms. This document specifies optional suites of algorithms and attributes that can be used to simplify the administration of IPsec when used in manual keying mode, with IKEv1 or with IKEv2. [STANDARDS-TRACK]Packetization Layer Path MTU DiscoveryThis document describes a robust method for Path MTU Discovery (PMTUD) that relies on TCP or some other Packetization Layer to probe an Internet path with progressively larger packets. This method is described as an extension to RFC 1191 and RFC 1981, which specify ICMP-based Path MTU Discovery for IP versions 4 and 6, respectively. [STANDARDS-TRACK]Network Mobility Support TerminologyNetwork Mobility Route Optimization Problem StatementWith current Network Mobility (NEMO) Basic Support, all communications to and from Mobile Network Nodes must go through the bi-directional tunnel established between the Mobile Router and Home Agent when the mobile network is away. This sub-optimal routing results in various inefficiencies associated with packet delivery, such as increased delay and bottleneck links leading to traffic congestion, which can ultimately disrupt all communications to and from the Mobile Network Nodes. Additionally, with nesting of Mobile Networks, these inefficiencies get compounded, and stalemate conditions may occur in specific dispositions. This document investigates such problems and provides the motivation behind Route Optimization (RO) for NEMO. This memo provides information for the Internet community.Proxy Mobile IPv6Network-based mobility management enables IP mobility for a host without requiring its participation in any mobility-related signaling. The network is responsible for managing IP mobility on behalf of the host. The mobility entities in the network are responsible for tracking the movements of the host and initiating the required mobility signaling on its behalf. This specification describes a network-based mobility management protocol and is referred to as Proxy Mobile IPv6. [STANDARDS-TRACK]Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) ProfileThis memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK]Control And Provisioning of Wireless Access Points (CAPWAP) Protocol SpecificationThis specification defines the Control And Provisioning of Wireless Access Points (CAPWAP) Protocol, meeting the objectives defined by the CAPWAP Working Group in RFC 4564. The CAPWAP protocol is designed to be flexible, allowing it to be used for a variety of wireless technologies. This document describes the base CAPWAP protocol, while separate binding extensions will enable its use with additional wireless technologies. [STANDARDS-TRACK]Mobile Ad Hoc Network (MANET) Extension of OSPF Using Connected Dominating Set (CDS) FloodingThis document specifies an extension of OSPFv3 to support mobile ad hoc networks (MANETs). The extension, called OSPF-MDR, is designed as a new OSPF interface type for MANETs. OSPF-MDR is based on the selection of a subset of MANET routers, consisting of MANET Designated Routers (MDRs) and Backup MDRs. The MDRs form a connected dominating set (CDS), and the MDRs and Backup MDRs together form a biconnected CDS for robustness. This CDS is exploited in two ways. First, to reduce flooding overhead, an optimized flooding procedure is used in which only (Backup) MDRs flood new link state advertisements (LSAs) back out the receiving interface; reliable flooding is ensured by retransmitting LSAs along adjacencies. Second, adjacencies are formed only between (Backup) MDRs and a subset of their neighbors, allowing for much better scaling in dense networks. The CDS is constructed using 2-hop neighbor information provided in a Hello protocol extension. The Hello protocol is further optimized by allowing differential Hellos that report only changes in neighbor states. Options are specified for originating router-LSAs that provide full or partial topology information, allowing overhead to be reduced by advertising less topology information. This memo defines an Experimental Protocol for the Internet community.Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)This document describes the use of the Bidirectional Forwarding Detection (BFD) protocol over IPv4 and IPv6 for single IP hops. [STANDARDS-TRACK]IP Addressing Model in Ad Hoc NetworksThis document describes a model for configuring IP addresses and subnet prefixes on the interfaces of routers which connect to links with undetermined connectivity properties. This document is not an Internet Standards Track specification; it is published for informational purposes.Mobile Ad Hoc Network (MANET) Neighborhood Discovery Protocol (NHDP)This document describes a 1-hop and symmetric 2-hop neighborhood discovery protocol (NHDP) for mobile ad hoc networks (MANETs). [STANDARDS-TRACK]Evolution of the IP ModelThis RFC attempts to document various aspects of the IP service model and how it has evolved over time. In particular, it attempts to document the properties of the IP layer as they are seen by upper- layer protocols and applications, especially properties that were (and, at times, still are) incorrectly perceived to exist as well as properties that would cause problems if changed. The discussion of these properties is organized around evaluating a set of claims, or misconceptions. Finally, this document provides some guidance to protocol designers and implementers. This document is not an Internet Standards Track specification; it is published for informational purposes.RPL: IPv6 Routing Protocol for Low-Power and Lossy NetworksLow-Power and Lossy Networks (LLNs) are a class of network in which both the routers and their interconnect are constrained. LLN routers typically operate with constraints on processing power, memory, and energy (battery power). Their interconnects are characterized by high loss rates, low data rates, and instability. LLNs are comprised of anything from a few dozen to thousands of routers. Supported traffic flows include point-to-point (between devices inside the LLN), point-to-multipoint (from a central control point to a subset of devices inside the LLN), and multipoint-to-point (from devices inside the LLN towards a central control point). This document specifies the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL), which provides a mechanism whereby multipoint-to-point traffic from devices inside the LLN towards a central control point as well as point-to-multipoint traffic from the central control point to the devices inside the LLN are supported. Support for point-to-point traffic is also available. [STANDARDS-TRACK]Operational Neighbor Discovery ProblemsIn IPv4, subnets are generally small, made just large enough to cover the actual number of machines on the subnet. In contrast, the default IPv6 subnet size is a /64, a number so large it covers trillions of addresses, the overwhelming number of which will be unassigned. Consequently, simplistic implementations of Neighbor Discovery (ND) can be vulnerable to deliberate or accidental denial of service (DoS), whereby they attempt to perform address resolution for large numbers of unassigned addresses. Such denial-of-service attacks can be launched intentionally (by an attacker) or result from legitimate operational tools or accident conditions. As a result of these vulnerabilities, new devices may not be able to "join" a network, it may be impossible to establish new IPv6 flows, and existing IPv6 transported flows may be interrupted.This document describes the potential for DoS in detail and suggests possible implementation improvements as well as operational mitigation techniques that can, in some cases, be used to protect against or at least alleviate the impact of such attacks. [STANDARDS-TRACK]Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)The IETF work in IPv6 over Low-power Wireless Personal Area Network (6LoWPAN) defines 6LoWPANs such as IEEE 802.15.4. This and other similar link technologies have limited or no usage of multicast signaling due to energy conservation. In addition, the wireless network may not strictly follow the traditional concept of IP subnets and IP links. IPv6 Neighbor Discovery was not designed for non- transitive wireless links, as its reliance on the traditional IPv6 link concept and its heavy use of multicast make it inefficient and sometimes impractical in a low-power and lossy network. This document describes simple optimizations to IPv6 Neighbor Discovery, its addressing mechanisms, and duplicate address detection for Low- power Wireless Personal Area Networks and similar networks. The document thus updates RFC 4944 to specify the use of the optimizations defined here. [STANDARDS-TRACK]Source Address Validation Improvement (SAVI) Threat ScopeThe Source Address Validation Improvement (SAVI) effort aims to complement ingress filtering with finer-grained, standardized IP source address validation. This document describes threats enabled by IP source address spoofing both in the global and finer-grained context, describes currently available solutions and challenges, and provides a starting point analysis for finer-grained (host granularity) anti-spoofing work.Software-Defined Networking: A Perspective from within a Service Provider EnvironmentSoftware-Defined Networking (SDN) has been one of the major buzz words of the networking industry for the past couple of years. And yet, no clear definition of what SDN actually covers has been broadly admitted so far. This document aims to clarify the SDN landscape by providing a perspective on requirements, issues, and other considerations about SDN, as seen from within a service provider environment.It is not meant to endlessly discuss what SDN truly means but rather to suggest a functional taxonomy of the techniques that can be used under an SDN umbrella and to elaborate on the various pending issues the combined activation of such techniques inevitably raises. As such, a definition of SDN is only mentioned for the sake of clarification.The Optimized Link State Routing Protocol Version 2This specification describes version 2 of the Optimized Link State Routing Protocol (OLSRv2) for Mobile Ad Hoc Networks (MANETs).Internet Key Exchange Protocol Version 2 (IKEv2)This document describes version 2 of the Internet Key Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining Security Associations (SAs). This document obsoletes RFC 5996, and includes all of the errata for it. It advances IKEv2 to be an Internet Standard.Requirements for Distributed Mobility ManagementThis document defines the requirements for Distributed Mobility Management (DMM) at the network layer. The hierarchical structure in traditional wireless networks has led primarily to centrally deployed mobility anchors. As some wireless networks are evolving away from the hierarchical structure, it can be useful to have a distributed model for mobility management in which traffic does not need to traverse centrally deployed mobility anchors far from the optimal route. The motivation and the problems addressed by each requirement are also described.Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)The Internet Key Exchange Version 2 (IKEv2) protocol has limited support for the Elliptic Curve Digital Signature Algorithm (ECDSA). The current version only includes support for three Elliptic Curve groups, and there is a fixed hash algorithm tied to each group. This document generalizes IKEv2 signature support to allow any signature method supported by PKIX and also adds signature hash algorithm negotiation. This is a generic mechanism and is not limited to ECDSA; it can also be used with other signature algorithms.Distributed Mobility Management: Current Practices and Gap AnalysisThis document analyzes deployment practices of existing IP mobility protocols in a distributed mobility management environment. It then identifies existing limitations when compared to the requirements defined for a distributed mobility management solution.An Optimization for the Mobile Ad Hoc Network (MANET) Neighborhood Discovery Protocol (NHDP)The link quality mechanism of the Mobile Ad Hoc Network (MANET) Neighborhood Discovery Protocol (NHDP) enables "ignoring" some 1-hop neighbors if the measured link quality from that 1-hop neighbor is below an acceptable threshold while still retaining the corresponding link information as acquired from the HELLO message exchange. This allows immediate reinstatement of the 1-hop neighbor if the link quality later improves sufficiently.NHDP also collects information about symmetric 2-hop neighbors. However, it specifies that if a link from a symmetric 1-hop neighbor ceases being symmetric, including while "ignored" (as described above), then corresponding symmetric 2-hop neighbors are removed. This may lead to symmetric 2-hop neighborhood information being permanently removed (until further HELLO messages are received) if the link quality of a symmetric 1-hop neighbor drops below the acceptable threshold, even if only for a moment.This specification updates RFC 6130 "Mobile Ad Hoc Network (MANET) Neighborhood Discovery Protocol (NHDP)" and RFC 7181 "The Optimized Link State Routing Protocol Version 2 (OLSRv2)" to permit, as an option, retaining, but ignoring, symmetric 2-hop information when the link quality from the corresponding 1-hop neighbor drops below the acceptable threshold. This allows immediate reinstatement of the symmetric 2-hop neighbor if the link quality later improves sufficiently, thus making the symmetric 2-hop neighborhood more "robust".Security and Privacy Considerations for IPv6 Address Generation MechanismsThis document discusses privacy and security considerations for several IPv6 address generation mechanisms, both standardized and non-standardized. It evaluates how different mechanisms mitigate different threats and the trade-offs that implementors, developers, and users face in choosing different addresses or address generation mechanisms.Host Identity Protocol CertificatesThe Certificate (CERT) parameter is a container for digital certificates. It is used for carrying these certificates in Host Identity Protocol (HIP) control packets. This document specifies the certificate parameter and the error signaling in case of a failed verification. Additionally, this document specifies the representations of Host Identity Tags (HITs) in X.509 version 3 (v3).The concrete use cases of certificates, including how certificates are obtained and requested and which actions are taken upon successful or failed verification, are specific to the scenario in which the certificates are used. Hence, the definition of these scenario-specific aspects is left to the documents that use the CERT parameter.This document updates RFC 7401 and obsoletes RFC 6253.First-Hop Router Selection by Hosts in a Multi-Prefix NetworkThis document describes expected IPv6 host behavior in a scenario that has more than one prefix, each allocated by an upstream network that is assumed to implement BCP 38 ingress filtering, when the host has multiple routers to choose from. It also applies to other scenarios such as the usage of stateful firewalls that effectively act as address-based filters. Host behavior in choosing a first-hop router may interact with source address selection in a given implementation. However, the selection of the source address for a packet is done before the first-hop router for that packet is chosen. Given that the network or host is, or appears to be, multihomed with multiple provider-allocated addresses, that the host has elected to use a source address in a given prefix, and that some but not all neighboring routers are advertising that prefix in their Router Advertisement Prefix Information Options, this document specifies to which router a host should present its transmission. It updates RFC 4861.Dynamic Link Exchange Protocol (DLEP)When routing devices rely on modems to effect communications over wireless links, they need timely and accurate knowledge of the characteristics of the link (speed, state, etc.) in order to make routing decisions. In mobile or other environments where these characteristics change frequently, manual configurations or the inference of state through routing or transport protocols does not allow the router to make the best decisions. This document introduces a new protocol called the Dynamic Link Exchange Protocol (DLEP), which provides a bidirectional, event-driven communication channel between the router and the modem to facilitate communication of changing link characteristics.Internet Protocol, Version 6 (IPv6) SpecificationThis document specifies version 6 of the Internet Protocol (IPv6). It obsoletes RFC 2460.The Transport Layer Security (TLS) Protocol Version 1.3This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.Registration Extensions for IPv6 over Low-Power Wireless Personal Area Network (6LoWPAN) Neighbor DiscoveryThis specification updates RFC 6775 -- the Low-Power Wireless Personal Area Network (6LoWPAN) Neighbor Discovery specification -- to clarify the role of the protocol as a registration technique and simplify the registration operation in 6LoWPAN routers, as well as to provide enhancements to the registration capabilities and mobility detection for different network topologies, including the Routing Registrars performing routing for host routes and/or proxy Neighbor Discovery in a low-power network.Dynamic Link Exchange Protocol (DLEP) Multi-Hop Forwarding ExtensionThis document defines an extension to the Dynamic Link Exchange Protocol (DLEP) that enables the reporting and control of multi-hop forwarding by DLEP-capable modems.TCP Extensions for Multipath Operation with Multiple AddressesTCP/IP communication is currently restricted to a single path per connection, yet multiple paths often exist between peers. The simultaneous use of these multiple paths for a TCP/IP session would improve resource usage within the network and thus improve user experience through higher throughput and improved resilience to network failure.Multipath TCP provides the ability to simultaneously use multiple paths between peers. This document presents a set of extensions to traditional TCP to support multipath operation. The protocol offers the same type of service to applications as TCP (i.e., a reliable bytestream), and it provides the components necessary to establish and use multiple TCP flows across potentially disjoint paths.This document specifies v1 of Multipath TCP, obsoleting v0 as specified in RFC 6824, through clarifications and modifications primarily driven by deployment experience.Dynamic Link Exchange Protocol (DLEP) Latency Range ExtensionThis document defines an extension to the Dynamic Link Exchange Protocol (DLEP) to provide the range of latency that can be experienced on a link.Packetization Layer Path MTU Discovery for Datagram TransportsThis document specifies Datagram Packetization Layer Path MTU Discovery (DPLPMTUD). This is a robust method for Path MTU Discovery (PMTUD) for datagram Packetization Layers (PLs). It allows a PL, or a datagram application that uses a PL, to discover whether a network path can support the current size of datagram. This can be used to detect and reduce the message size when a sender encounters a packet black hole. It can also probe a network path to discover whether the maximum packet size can be increased. This provides functionality for datagram transports that is equivalent to the PLPMTUD specification for TCP, specified in RFC 4821, which it updates. It also updates the UDP Usage Guidelines to refer to this method for use with UDP datagrams and updates SCTP.The document provides implementation notes for incorporating Datagram PMTUD into IETF datagram transports or applications that use datagram transports.This specification updates RFC 4960, RFC 4821, RFC 6951, RFC 8085, and RFC 8261.Address-Protected Neighbor Discovery for Low-Power and Lossy NetworksThis document updates the IPv6 over Low-Power Wireless Personal Area Network (6LoWPAN) Neighbor Discovery (ND) protocol defined in RFCs 6775 and 8505. The new extension is called Address-Protected Neighbor Discovery (AP-ND), and it protects the owner of an address against address theft and impersonation attacks in a Low-Power and Lossy Network (LLN). Nodes supporting this extension compute a cryptographic identifier (Crypto-ID), and use it with one or more of their Registered Addresses. The Crypto-ID identifies the owner of the Registered Address and can be used to provide proof of ownership of the Registered Addresses. Once an address is registered with the Crypto-ID and a proof of ownership is provided, only the owner of that address can modify the registration information, thereby enforcing Source Address Validation.Temporary Address Extensions for Stateless Address Autoconfiguration in IPv6This document describes an extension to IPv6 Stateless Address Autoconfiguration that causes hosts to generate temporary addresses with randomized interface identifiers for each prefix advertised with autoconfiguration enabled. Changing addresses over time limits the window of time during which eavesdroppers and other information collectors may trivially perform address-based network-activity correlation when the same address is employed for multiple transactions by the same host. Additionally, it reduces the window of exposure of a host as being accessible via an address that becomes revealed as a result of active communication. This document obsoletes RFC 4941.QUIC: A UDP-Based Multiplexed and Secure TransportThis document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm.Operational Security Considerations for IPv6 NetworksKnowledge and experience on how to operate IPv4 networks securely is available, whether the operator is an Internet Service Provider (ISP) or an enterprise internal network. However, IPv6 presents some new security challenges. RFC 4942 describes security issues in the protocol, but network managers also need a more practical, operations-minded document to enumerate advantages and/or disadvantages of certain choices.This document analyzes the operational security issues associated with several types of networks and proposes technical and procedural mitigation techniques. This document is only applicable to managed networks, such as enterprise networks, service provider networks, or managed residential networks.Multicast Considerations over IEEE 802 Wireless MediaWell-known issues with multicast have prevented the deployment of multicast in 802.11 (Wi-Fi) and other local-area wireless environments. This document describes the known limitations of wireless (primarily 802.11) Layer 2 multicast. Also described are certain multicast enhancement features that have been specified by the IETF and by IEEE 802 for wireless media, as well as some operational choices that can be made to improve the performance of the network. Finally, some recommendations are provided about the usage and combination of these features and operational choices.The Locator/ID Separation Protocol (LISP)This document describes the data plane protocol for the Locator/ID Separation Protocol (LISP). LISP defines two namespaces: Endpoint Identifiers (EIDs), which identify end hosts; and Routing Locators (RLOCs), which identify network attachment points. With this, LISP effectively separates control from data and allows routers to create overlay networks. LISP-capable routers exchange encapsulated packets according to EID-to-RLOC mappings stored in a local Map-Cache.LISP requires no change to either host protocol stacks or underlay routers and offers Traffic Engineering (TE), multihoming, and mobility, among other features.This document obsoletes RFC 6830.SAINT: Self-Adaptive Interactive Navigation Tool for Cloud-Based Vehicular Traffic OptimizationIEEE Transactions on Vehicular Technology, Volume 65, Issue 6, pp. 4053-4067SAINT+: Self-Adaptive Interactive Navigation Tool+ for Emergency Service Delivery OptimizationIEEE Transactions on Intelligent Transportation Systems, Volume 19, Issue 4, pp. 1038-1053SANA: Safety-Aware Navigation Application for Pedestrian Protection in Vehicular NetworksLecture Notes in Computer Science book series (LNISA, Volume 9502)The scrambler attack: A robust physical layer attack on location privacy in vehicular networks2015 International Conference on Computing, Networking and Communications (ICNC)Basic Support for Security and Privacy in IP-Based Vehicular NetworksDepartment of Computer Science and EngineeringDepartment of Computer Science and EngineeringDepartment of Computer Science and EngineeringElectronics and Telecommunications Research InstituteGolisano College of Computing and Information SciencesWork in ProgressSignalGuru: leveraging mobile phones for collaborative traffic signal schedule advisoryMobiSys '11: Proceedings of the 9th international conference on Mobile systems, applications, and services, pp. 127-140Study on enhancement of 3GPP support for 5G V2X services3GPPTruck PlatooningCalifornia Partners for Advanced Transportation Technology (PATH)Architecture enhancements for V2X services3GPPArchitecture enhancements for 5G System (5GS) to support Vehicle-to-Everything (V2X) services3GPPUrban Air Mobility Implications for Intelligent Transportation SystemsBoeing Research & TechnologyWork in ProgressBlockChain: A Distributed Solution to Automotive Security and PrivacyIEEE Communications Magazine, Volume 55, Issue 12, pp. 119-125Vehicular Mobility Management for IP-Based Vehicular NetworksDepartment of Computer Science and EngineeringDepartment of Electrical and Computer EngineeringDepartment of Electrical and Computer EngineeringDepartment of Computer Science and EngineeringWork in ProgressVehicular Neighbor Discovery for IP-Based Vehicular NetworksDepartment of Computer Science and EngineeringDepartment of Computer Science and EngineeringDepartment of Computer Science and EngineeringNIC Chile Research LabsWork in ProgressVIP-WAVE: On the Feasibility of IP Communications in 802.11p Vehicular NetworksIEEE Transactions on Intelligent Transportation Systems, Volume 14, Issue 1, pp. 82-97IEEE Guide for Wireless Access in Vehicular Environments (WAVE) - ArchitectureIEEEIEEE Standard for Wireless Access in Vehicular Environments - Security Services for Applications and Management MessagesIEEEIEEE Standard for Wireless Access in Vehicular Environments (WAVE) - Networking ServicesIEEEIEEE Standard for Wireless Access in Vehicular Environments (WAVE) - Multi-Channel OperationIEEEWazeGoogleArchitecture and Framework for IPv6 over Non-Broadcast AccessWork in ProgressSupport of Multiple Radio Technologies for V2V
Vehicular networks may consist of multiple radio technologies, such as
DSRC and 5G V2X (or LTE V2X). Although a Layer 2 solution can provide support for
multihop communications in vehicular networks, the scalability issue
related to multihop forwarding still remains when vehicles need to
disseminate or forward packets toward destinations that are multiple hops away. In
addition, the IPv6-based approach for V2V as a network-layer protocol can
accommodate multiple radio technologies as MAC protocols, such as DSRC and
5G V2X (or LTE V2X). Therefore, the existing IPv6 protocol can be augmented through the
addition of a virtual interface (e.g., OMNI
and DLEP ) and/or
protocol changes in order to support both wireless single-hop/multihop V2V
communications and multiple radio technologies in vehicular networks.
In such a way, vehicles can communicate with each other by V2V
communications to share either an emergency situation or road hazard
information on a highway having multiple radio technologies.
Support of Multihop V2X Networking
The multihop V2X networking can be supported by
RPL (IPv6 Routing Protocol for Low-Power and Lossy Networks)
and Overlay Multilink Network
Interface with
AERO .
RPL defines an IPv6 routing protocol for Low-Power and Lossy
Networks (LLNs) as being mostly designed for home automation routing,
building automation routing, industrial routing, and urban
LLN routing. It uses a Destination-Oriented Directed Acyclic
Graph (DODAG) to construct routing paths for hosts
(e.g., IoT devices) in a network. The DODAG uses an Objective
Function (OF) for route selection and optimization within the
network. A user can use different routing metrics to define an OF
for a specific scenario. RPL supports multipoint-to-point,
point-to-multipoint, and point-to-point traffic; and the major
traffic flow is the multipoint-to-point traffic. For example, in
a highway scenario, a vehicle may not access an IP-RSU directly
because of the distance of the DSRC coverage (up to 1 km). In
this case, the RPL can be extended to support a multihop V2I
since a vehicle can take advantage of other vehicles as relay
nodes to reach the IP-RSU. Also, RPL can be extended to support both
multihop V2V and V2X in the similar way.
RPL is primarily designed to minimize the control plane activity,
which is the relative amount of routing protocol exchanges versus data
traffic; this approach is beneficial for situations where the power
and bandwidth are scarce (e.g., an IoT LLN where RPL is typically
used today), but also in situations of high relative mobility between
the nodes in the network (also known as swarming, e.g., within a variable set of
vehicles with a similar global motion, or a variable set of drones flying
toward the same direction).
To reduce the routing exchanges, RPL leverages a Distance Vector (DV)
approach, which does not need a global knowledge of the topology,
and only optimizes the routes to and from the root, allowing
peer-to-peer (P2P) paths to be stretched. Although RPL installs its
routes proactively, it only maintains them lazily, that is, in
reaction to actual traffic or as a slow background activity.
Additionally, RPL leverages the concept of an OF,
which allows adapting the activity of the routing
protocol to use cases, e.g., type, speed, and quality of the
radios. RPL does not need to converge and provides connectivity to
most nodes most of the time. The default route toward the root is
maintained aggressively and may change while a packet progresses
without causing loops, so the packet will still reach the root.
There are two modes for routing in RPL: non-storing mode
and storing mode. In non-storing mode, a node inside the
mesh or swarm that changes its point(s) of attachment to the graph
informs the root with a single unicast packet flowing along the
default route, and the connectivity is restored immediately; this
mode is preferable for use cases where Internet connectivity is
dominant. On the other hand, in storing mode, the routing stretch
is reduced for better P2P connectivity, and the Internet
connectivity is restored more slowly during the time for the DV
operation to operate hop-by-hop. While an RPL topology can
quickly scale up and down and fit the needs of mobility of
vehicles, the total performance of the system will also depend on
how quickly a node can form an address, join the mesh (including
Authentication, Authorization, and Accounting (AAA)), and manage
its global mobility to become reachable from another node outside
the mesh.
OMNI defines a protocol for the transmission of IPv6 packets over
Overlay Multilink Network Interfaces that are virtual interfaces
governing multiple physical network interfaces.
OMNI supports multihop V2V communication between vehicles
in multiple forwarding hops via intermediate vehicles with OMNI links.
It also supports multihop V2I communication between a vehicle and an
infrastructure access point by multihop V2V communication.
The OMNI interface supports an NBMA link model where multihop V2V and
V2I communications use each mobile node's ULAs without need for any DAD
or MLD messaging.
In the OMNI protocol, an OMNI virtual interface can have a ULA
indeed, but wireless physical
interfaces associated with the OMNI virtual interface can use any prefixes.
The ULA supports both V2V and V2I multihop forwarding within the
vehicular network (e.g., via a VANET routing protocol) while each
vehicle can communicate with Internet correspondents using
IPv6 global addresses via OMNI interface encapsulation over the wireless
interface.
For the control traffic overhead for running both vehicular ND and a VANET
routing protocol, the AERO/OMNI approach may avoid this issue by using
MANET routing protocols only (i.e., no multicast of IPv6 ND messaging) in
the wireless underlay network while applying efficient unicast IPv6 ND
messaging in the OMNI overlay on an as-needed basis for router discovery
and NUD. This greatly reduces the overhead for VANET-wide multicasting
while providing agile accommodation for dynamic topology changes.
Support of Mobility Management for V2I
The seamless application communication between two vehicles or
between a vehicle
and an infrastructure node requires mobility management
in vehicular networks.
The mobility management schemes include a host-based mobility scheme,
network-based mobility scheme, and software-defined networking scheme.
In the host-based mobility scheme (e.g., MIPv6), an IP-RSU plays the role
of a home agent. On the other hand, in the network-based mobility scheme
(e.g., PMIPv6), an MA plays the role of a mobility management controller,
such as a Local Mobility Anchor (LMA) in PMIPv6, which also serves
vehicles as a home agent, and an IP-RSU plays the role of an access router,
such as a Mobile Access Gateway (MAG) in PMIPv6 .
The host-based mobility scheme needs client functionality in the
IPv6 stack of a vehicle as a mobile node for mobility signaling
message exchange between the vehicle and home agent.
On the other hand, the network-based mobility scheme does not
need such client functionality of a vehicle because the network
infrastructure node (e.g., MAG in PMIPv6) as a proxy mobility agent
handles the mobility signaling message exchange with the home agent
(e.g., LMA in PMIPv6) for the sake of the vehicle.
There are a scalability issue and a route optimization issue in the
network-based mobility scheme (e.g., PMIPv6) when an MA covers a
large vehicular network governing many IP-RSUs. In this case, a
distributed mobility scheme (e.g., DMM )
can mitigate the scalability issue by distributing multiple MAs in
the vehicular network such that they are positioned closer to
vehicles for route optimization and bottleneck mitigation in a
central MA in the network-based mobility scheme.
All these mobility approaches (i.e., a host-based mobility scheme,
network-based mobility scheme, and distributed mobility scheme) and
a hybrid approach of a combination of them need to provide an
efficient mobility service to vehicles moving fast and moving along
with relatively predictable trajectories along the roadways.
In vehicular networks, the control plane can be separated from
the data plane for efficient mobility management and data forwarding
by using the concept of Software-Defined Networking (SDN)
.
Note that Forwarding Policy Configuration (FPC) in ,
which is a flexible mobility management system, can manage the
separation of data plane and control plane in DMM.
In SDN, the control plane and data plane are separated for the
efficient management of forwarding elements (e.g., switches and
routers) where an SDN controller configures the forwarding elements
in a centralized way, and they perform packet forwarding according to
their forwarding tables that are configured by the SDN controller.
An MA as an SDN controller needs to efficiently configure and
monitor its IP-RSUs and vehicles for mobility management and security services.
Support of MTU Diversity for IP-Based Vehicular Networks
The wireless and/or wired-line links in paths between both mobile
nodes and fixed network correspondents may configure a variety of
Maximum Transmission Units (MTUs), where all IPv6 links are required
to support a minimum MTU of 1280 octets and may support larger MTUs.
Unfortunately, determining the path MTU (i.e., the minimum link MTU
in the path) has proven to be inefficient and unreliable due to the
uncertain nature of the loss-oriented ICMPv6 messaging service used
for path MTU discovery. Recent developments have produced a more
reliable path MTU determination service for TCP
and UDP ; however, the MTUs discovered are
always limited by the most
restrictive link MTU in the path (often 1500 octets or smaller).
The AERO/OMNI service addresses the MTU issue by introducing a new
layer in the Internet architecture known as the "OMNI Adaptation Layer
(OAL)". The OAL allows end systems that configure an OMNI interface
to utilize a full 65535-octet MTU by leveraging the IPv6 fragmentation
and reassembly service during encapsulation to produce fragment sizes
that are assured of traversing the path without loss due to a
size restriction. Thus, this allows end systems to send packets that are
often much larger than the actual path MTU.
Performance studies over the course of many decades have proven that
applications will see greater performance by sending smaller numbers
of large packets (as opposed to larger numbers of small packets) even
if fragmentation is needed. The OAL further supports even larger packet
sizes through the IP Parcels construct
,
which provides "packets-in-packet" encapsulation for a total size up
to 4 MB. Together, the OAL and IP Parcels will provide a revolutionary
new capability for greater efficiency in both mobile and fixed networks.
On the other hand, due to the highly dynamic nature of vehicular networks,
a high packet loss may not be able to be avoided. The high packet
loss on IP Parcels can simultaneously cause multiple TCP sessions
to experience packet retransmissions, session time-out, or
re-establishment of the sessions. Other protocols, such as MPTCP and
QUIC, may also experience similar issues. A mechanism for
mitigating this issue in OAL and IP Parcels should be considered.
Acknowledgments
This work was supported by a grant from the Institute of Information &
Communications Technology Planning & Evaluation (IITP) funded by
the Korea MSIT (Ministry of Science and ICT) (R-20160222-002755, Cloud-based
Security Intelligence Technology Development for the Customized
Security Service Provisioning).
This work was supported in part by the MSIT, Korea, under the ITRC
(Information Technology Research Center) support program
(IITP-2022-2017-0-01633) supervised by the IITP.
This work was supported in part by the IITP (2020-0-00395-003, Standard
Development of Blockchain-based Network Management Automation Technology).
This work was supported in part by the French research project DataTweet
(ANR-13-INFR-0008) and in part by the HIGHTS project funded by the
European Commission I (636537-H2020).
This work was supported in part by the Cisco University Research Program Fund,
Grant # 2019-199458 (3696), and by ANID Chile Basal Project FB0008.
Contributors
This document is a group work of the IPWAVE working group, greatly benefiting
from inputs and texts by (Naval
Postgraduate School), (YoGoKo),
(Budapest University of Technology and
Economics), (Universidad of
Murcia), (MIT), (Pilot),
(Cisco), (Zededa), (Deutsche Telekom), (Cisco),
(UC3M), (Vigil Security),
(Cisco), (Cisco), (The Boeing Company), (ETRI),
(Hyundai Motors), (Soongsil
University), (CNNIC), (LSware),
(Akayla), and (Aalyria). The authors sincerely
appreciate their contributions.
The following are coauthors of this document:
Department of Computer Sciences,High School of Technology of MeknesMoulay Ismail UniversityMorocco+212 6 70 83 22 36benamar73@gmail.comNIC Chile Research LabsUniversidad de ChileAv. Blanco Encalada 1975SantiagoChile+56 2 29784093scespede@niclabs.clCommunication Systems DepartmentEURECOMSophia-AntipolisFrance+33 4 93 00 81 34jerome.haerri@eurecom.frAlibabaBeijing100022China+86 13911788933max.ldp@alibaba-inc.comDepartment of Information Sciences and TechnologiesRochester Institute of TechnologyOne Lomb Memorial DriveRochesterNY14623-5603United States of America+1 585 475 7642Tom.Oh@rit.eduFuturewei Inc.2330 Central Expressway,Santa ClaraCA95050United States of America+1 408 330 4586,charliep@computer.orgCEA, LIST, CEA SaclayGif-sur-Yvette91190France+33169089223Alexandre.Petrescu@cea.frDepartment of Computer Science & EngineeringSungkyunkwan University2066 Seobu-Ro, Jangan-GuSuwonGyeonggi-Do16419Republic of Korea+82 31 299 4106chrisshen@skku.eduhttps://chrisshen.github.ioFBConsulting21, Route de Luxembourg,Wasserbillig,L-6633,LuxembourgMichelle.Wetterwald@gmail.comAuthor's AddressDepartment of Computer Science and EngineeringSungkyunkwan University2066 Seobu-Ro, Jangan-GuSuwonGyeonggi-Do16419Republic of Korea+82 31 299 4957pauljeong@skku.eduhttp://iotlab.skku.edu/people-jaehoon-jeong.php