From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc9365.txt | 2687 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 2687 insertions(+) create mode 100644 doc/rfc/rfc9365.txt (limited to 'doc/rfc/rfc9365.txt') diff --git a/doc/rfc/rfc9365.txt b/doc/rfc/rfc9365.txt new file mode 100644 index 0000000..4173226 --- /dev/null +++ b/doc/rfc/rfc9365.txt @@ -0,0 +1,2687 @@ + + + + +Internet Engineering Task Force (IETF) J. Jeong, Ed. +Request for Comments: 9365 Sungkyunkwan University +Category: Informational March 2023 +ISSN: 2070-1721 + + + IPv6 Wireless Access in Vehicular Environments (IPWAVE): Problem + Statement and Use Cases + +Abstract + + This document discusses the problem statement and use cases of + IPv6-based vehicular networking for Intelligent Transportation + Systems (ITS). The main scenarios of vehicular communications are + vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), and + vehicle-to-everything (V2X) communications. First, this document + explains use cases using V2V, V2I, and V2X networking. Next, for + IPv6-based vehicular networks, it makes a gap analysis of current + IPv6 protocols (e.g., IPv6 Neighbor Discovery, mobility management, + as well as security and privacy). + +Status of This Memo + + This document is not an Internet Standards Track specification; it is + published for informational purposes. + + This document is a product of the Internet Engineering Task Force + (IETF). It represents the consensus of the IETF community. It has + received public review and has been approved for publication by the + Internet Engineering Steering Group (IESG). Not all documents + approved by the IESG are candidates for any level of Internet + Standard; see Section 2 of RFC 7841. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + https://www.rfc-editor.org/info/rfc9365. + +Copyright Notice + + Copyright (c) 2023 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Revised BSD License text as described in Section 4.e of the + Trust Legal Provisions and are provided without warranty as described + in the Revised BSD License. + +Table of Contents + + 1. Introduction + 2. Terminology + 3. Use Cases + 3.1. V2V + 3.2. V2I + 3.3. V2X + 4. Vehicular Networks + 4.1. Vehicular Network Architecture + 4.2. V2I-Based Internetworking + 4.3. V2V-Based Internetworking + 5. Problem Statement + 5.1. Neighbor Discovery + 5.1.1. Link Model + 5.1.2. MAC Address Pseudonym + 5.1.3. Routing + 5.2. Mobility Management + 6. Security Considerations + 6.1. Security Threats in Neighbor Discovery + 6.2. Security Threats in Mobility Management + 6.3. Other Threats + 7. IANA Considerations + 8. References + 8.1. Normative References + 8.2. Informative References + Appendix A. Support of Multiple Radio Technologies for V2V + Appendix B. Support of Multihop V2X Networking + Appendix C. Support of Mobility Management for V2I + Appendix D. Support of MTU Diversity for IP-Based Vehicular + Networks + Acknowledgments + Contributors + Author's Address + +1. Introduction + + Vehicular networking studies have mainly focused on improving road + safety and efficiency and also enabling entertainment in vehicular + networks. To proliferate the use cases of vehicular networks, + several governments and private organizations have committed to + allocating dedicated spectrum for vehicular communications. The + Federal Communications Commission (FCC) in the US allocated wireless + channels for Dedicated Short-Range Communications (DSRC) [DSRC] in + the Intelligent Transportation Systems (ITS) with the frequency band + of 5.850 - 5.925 GHz (i.e., 5.9 GHz band). In November 2020, the FCC + adjusted the lower 45 MHz (i.e., 5.850 - 5.895 GHz) of the 5.9 GHz + band for unlicensed use instead of DSRC-dedicated use + [FCC-ITS-Modification]. DSRC-based wireless communications can + support vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), + and vehicle-to-everything (V2X) networking. The European Union (EU) + allocated radio spectrum for safety-related and non-safety-related + applications of ITS with the frequency band of 5.875 - 5.905 GHz, as + part of the Commission Decision 2008/671/EC [EU-2008-671-EC]. Most + other countries and regions in the world have adopted the 5.9 GHz + band for vehicular networks, though different countries use different + ways to divide the band into channels. + + For direct inter-vehicular wireless connectivity, IEEE has amended + standard 802.11 (commonly known as Wi-Fi) to enable safe driving + services based on DSRC for the Wireless Access in Vehicular + Environments (WAVE) system. The Physical Layer (L1) and Data Link + Layer (L2) issues are addressed in IEEE 802.11p [IEEE-802.11p] for + the PHY and MAC layers of the DSRC, while IEEE Std 1609.2 + [WAVE-1609.2] covers security aspects, IEEE Std 1609.3 [WAVE-1609.3] + defines related services at network and transport layers, and IEEE + Std 1609.4 [WAVE-1609.4] specifies the multichannel operation. IEEE + 802.11p was first a separate amendment but was later rolled into the + base 802.11 standard (IEEE Std 802.11-2012) as IEEE 802.11 Outside + the Context of a Basic Service Set (OCB) in 2012 [IEEE-802.11-OCB]. + + 3GPP has standardized Cellular Vehicle-to-Everything (C-V2X) + communications to support V2X in LTE mobile networks (called LTE V2X) + and V2X in 5G mobile networks (called 5G V2X) [TS-23.285-3GPP] + [TR-22.886-3GPP] [TS-23.287-3GPP]. With C-V2X, vehicles can directly + communicate with each other without relay nodes (e.g., eNodeB in LTE + and gNodeB in 5G). + + Along with these WAVE standards and C-V2X standards, regardless of a + wireless access technology under the IP stack of a vehicle, vehicular + networks can operate IP mobility with IPv6 [RFC8200], that is, Mobile + IPv6 protocols, e.g., Mobile IPv6 (MIPv6) [RFC6275], Proxy Mobile + IPv6 (PMIPv6) [RFC5213], Distributed Mobility Management (DMM) + [RFC7333], Network Mobility (NEMO) [RFC3963], and the Locator/ID + Separation Protocol (LISP) [RFC9300]. In addition, ISO has approved + a standard specifying the IPv6 network protocols and services to be + used for Communications Access for Land Mobiles (CALM) [ISO-ITS-IPv6] + [ISO-ITS-IPv6-AMD1]. + + This document describes use cases and a problem statement about + IPv6-based vehicular networking for ITS, which is named IPv6 Wireless + Access in Vehicular Environments (IPWAVE). First, it introduces the + use cases for using V2V, V2I, and V2X networking in ITS. Next, for + IPv6-based vehicular networks, it makes a gap analysis of current + IPv6 protocols (e.g., IPv6 Neighbor Discovery, mobility management, + as well as security and privacy) so that those protocols can be + tailored to IPv6-based vehicular networking. Thus, this document is + intended to motivate development of key protocols for IPWAVE. + +2. Terminology + + This document uses the terminology described in [RFC8691]. In + addition, the following terms are defined below: + + Context-Awareness: A vehicle can be aware of spatial-temporal + mobility information (e.g., position, speed, direction, and + acceleration/deceleration) of surrounding vehicles for both safety + and non-safety uses through sensing or communication [CASD]. + + Distributed Mobility Management (DMM): See [RFC7333] [RFC7429]. + + Edge Computing Device (ECD): This is a computing device (or server) + at the edge of the network for vehicles and vulnerable road users. + It co-locates with or connects to an IP Roadside Unit (IP-RSU), + which has a powerful computing capability for different kinds of + computing tasks, such as image processing and classification. + + Edge Network (EN): This is an access network that has an IP-RSU for + wireless communication with other vehicles having an IP On-Board + Unit (IP-OBU) and wired communication with other network devices + (e.g., routers, IP-RSUs, ECDs, servers, and Mobility Anchors + (MAs)). It may use a Global Navigation Satellite System (GNSS) + such as Global Positioning System (GPS) with a GNSS receiver for + its position recognition and the localization service for the sake + of vehicles. + + Evolved Node B (eNodeB): This is a base station entity that supports + the Long Term Evolution (LTE) air interface. + + Internet Protocol On-Board Unit (IP-OBU): An IP-OBU denotes a + computer situated in a vehicle (e.g., car, bicycle, electric bike, + motorcycle, or similar), which has a basic processing ability and + can be driven by a low-power CPU (e.g., ARM). It has at least one + IP interface that runs in IEEE 802.11-OCB and has an "OBU" + transceiver. Also, it may have an IP interface that runs in + Cellular V2X (C-V2X) [TS-23.285-3GPP] [TR-22.886-3GPP] + [TS-23.287-3GPP]. It can play the role of a router connecting + multiple computers (or in-vehicle devices) inside a vehicle. See + the definition of the term "IP-OBU" in [RFC8691]. + + IP Roadside Unit (IP-RSU): An IP-RSU is situated along the road. It + has at least two distinct IP-enabled interfaces. The wireless + PHY/MAC layer of at least one of its IP-enabled interfaces is + configured to operate in 802.11-OCB mode [IEEE-802.11-OCB]. An + IP-RSU communicates with the IP-OBU over an 802.11 wireless link + operating in OCB mode. One of its IP-enabled interfaces is + connected to the wired network for wired communication with other + network devices (e.g., routers, IP-RSUs, ECDs, servers, and MAs). + Also, it may have another IP-enabled wireless interface running in + 3GPP C-V2X in addition to the IP-RSU defined in [RFC8691]. An IP- + RSU is similar to an Access Network Router (ANR), defined in + [RFC3753], and a Wireless Termination Point (WTP), defined in + [RFC5415]. See the definition of the term "IP-RSU" in [RFC8691]. + + Light Detection and Ranging (LiDAR): This is a method for measuring + a distance to an object by emitting pulsed laser light and + measuring the reflected pulsed light. + + Mobility Anchor (MA): This is a node that maintains IPv6 addresses + and mobility information of vehicles in a road network to support + their IPv6 address autoconfiguration and mobility management with + a binding table. An MA has end-to-end (E2E) connections (e.g., + tunnels) with IP-RSUs under its control for the IPv6 address + autoconfiguration and mobility management of the vehicles. This + MA is similar to a Local Mobility Anchor (LMA) in PMIPv6 [RFC5213] + for network-based mobility management. + + Next Generation Node B (gNodeB): This is a base station entity that + supports the 5G New Radio (NR) air interface. + + Outside the Context of a BSS (OCB): This is a mode of operation in + which a station (STA) is not a member of a Basic Service Set (BSS) + and does not utilize IEEE Std 802.11 authentication, association, + or data confidentiality [IEEE-802.11-OCB]. + + 802.11-OCB: This refers to the mode specified in IEEE Std + 802.11-2016 [IEEE-802.11-OCB] when the MIB attribute + dot11OCBActivated is 'true'. + + Platooning: Moving vehicles can be grouped together to reduce air + resistance for energy efficiency and reduce the number of drivers + such that only the lead vehicle has a driver, and the other + vehicles are autonomous vehicles without a driver and closely + follow the lead vehicle [Truck-Platooning]. + + Traffic Control Center (TCC): This is a system that manages road + infrastructure nodes (e.g., IP-RSUs, MAs, traffic signals, and + loop detectors) and also maintains vehicular traffic statistics + (e.g., average vehicle speed and vehicle inter-arrival time per + road segment) and vehicle information (e.g., a vehicle's + identifier, position, direction, speed, and trajectory as a + navigation path). TCC is part of a Vehicular Cloud for vehicular + networks. + + Urban Air Mobility (UAM): This refers to using lower-altitude + aircraft to transport passengers or cargo in urban and suburban + areas. The carriers used for UAM can be manned or unmanned + vehicles, which can include helicopters, electric vertical take- + off and landing (eVTOL) aircraft, and unmanned aerial vehicles + (UAVs). + + Vehicle: This is a node that has an IP-OBU for wireless + communication with other vehicles and IP-RSUs. It has a GNSS + radio navigation receiver for efficient navigation. Any device + having an IP-OBU and a GNSS receiver (e.g., smartphone and tablet + PC) can be regarded as a vehicle in this document. + + Vehicular Ad Hoc Network (VANET): This is a network that consists of + vehicles interconnected by wireless communication. Two vehicles + in a VANET can communicate with each other using other vehicles as + relays even where they are out of one-hop wireless communication + range. + + Vehicular Cloud: This is a cloud infrastructure for vehicular + networks, having compute nodes, storage nodes, and network + forwarding elements (e.g., switch and router). + + Vehicle to Device (V2D): This is the wireless communication between + a vehicle and a device (e.g., smartphone and IoT (Internet of + Things) device). + + Vehicle to Pedestrian (V2P): This is the wireless communication + between a vehicle and a pedestrian's device (e.g., smartphone and + IoT device). + + Vehicle to Infrastructure to Vehicle (V2I2V): This is the wireless + communication between a vehicle and another vehicle via an + infrastructure node (e.g., IP-RSU). + + Vehicle to Infrastructure to Everything (V2I2X): This is the + wireless communication between a vehicle and another entity (e.g., + vehicle, smartphone, and IoT device) via an infrastructure node + (e.g., IP-RSU). + + Vehicle to Everything (V2X): This is the wireless communication + between a vehicle and any entity (e.g., vehicle, infrastructure + node, smartphone, and IoT device), including V2V, V2I, V2D, and + V2P. + + Vehicular Mobility Management (VMM): This is IPv6-based mobility + management for vehicular networks. + + Vehicular Neighbor Discovery (VND): This is an IPv6 ND (Neighbor + Discovery) extension for vehicular networks. + + Vehicular Security and Privacy (VSP): This is IPv6-based security + and privacy for vehicular networks. + + Wireless Access in Vehicular Environments (WAVE): See [WAVE-1609.0]. + +3. Use Cases + + This section explains use cases of V2V, V2I, and V2X networking. The + use cases of the V2X networking exclude the ones of the V2V and V2I + networking but include Vehicle-to-Pedestrian (V2P) and Vehicle-to- + Device (V2D). + + IP is widely used among popular end-user devices (e.g., smartphone + and tablet) in the Internet. Applications (e.g., navigator + application) for those devices can be extended such that the V2V use + cases in this section can work with IPv6 as a network layer protocol + and IEEE 802.11-OCB as a link-layer protocol. In addition, IPv6 + security needs to be extended to support those V2V use cases in a + safe, secure, privacy-preserving way. + + The use cases presented in this section serve as the description and + motivation for the need to augment IPv6 and its protocols to + facilitate "Vehicular IPv6". Section 5 summarizes the overall + problem statement and IPv6 requirements. Note that the adjective + "Vehicular" in this document is used to represent extensions of + existing protocols, such as IPv6 Neighbor Discovery, IPv6 Mobility + Management (e.g., PMIPv6 [RFC5213] and DMM [RFC7429]), and IPv6 + Security and Privacy Mechanisms rather than new "vehicular-specific" + functions. + +3.1. V2V + + The use cases of V2V networking discussed in this section include: + + * Context-aware navigation for driving safely and avoiding + collisions + + * Collision avoidance service of end systems of Urban Air Mobility + (UAM) + + * Cooperative adaptive cruise control on a roadway + + * Platooning on a highway + + * Cooperative environment sensing + + The above use cases are examples for using V2V networking, which can + be extended to other terrestrial vehicles, river/sea ships, railed + vehicles, or UAM end systems. + + A Context-Aware Safety Driving (CASD) navigator [CASD] can help + drivers to drive safely as a context-aware navigation service [CNP] + by alerting them to dangerous obstacles and situations. That is, a + CASD navigator displays obstacles or neighboring vehicles relevant to + possible collisions in real time through V2V networking. CASD + provides vehicles with a class-based automatic safety action plan + that considers three situations, namely, the Line-of-Sight unsafe, + Non-Line-of-Sight unsafe, and safe situations. This action plan can + be put into action among multiple vehicles using V2V networking. + + A service for collision avoidance of in-air UAM end systems is one + possible use case in air vehicular environments [UAM-ITS]. This use + case is similar to that of a context-aware navigator for terrestrial + vehicles. Through V2V coordination, those UAM end systems (e.g., + drones) can avoid a dangerous situation (e.g., collision) in three- + dimensional space rather than two-dimensional space for terrestrial + vehicles. Also, a UAM end system (e.g., flying car), when only a few + hundred meters off the ground, can communicate with terrestrial + vehicles with wireless communication technologies (e.g., DSRC, LTE, + and C-V2X). Thus, V2V means any vehicle to any vehicle, whether the + vehicles are ground level or not. + + Cooperative Adaptive Cruise Control (CACC) [CA-Cruise-Control] helps + individual vehicles to adapt their speed autonomously through V2V + communication among vehicles according to the mobility of their + predecessor and successor vehicles on an urban roadway or a highway. + Thus, CACC can help adjacent vehicles to efficiently adjust their + speed in an interactive way through V2V networking in order to avoid + a collision. + + Platooning [Truck-Platooning] allows a series (or group) of vehicles + (e.g., trucks) to follow each other very closely. Vehicles can use + V2V communication in addition to forward sensors in order to maintain + constant clearance between two consecutive vehicles at very short + gaps (from 3 to 10 meters). Platooning can maximize the throughput + of vehicular traffic on a highway and reduce the gas consumption + because the lead vehicle can help the following vehicles experience + less air resistance. + + Cooperative-environment-sensing use cases suggest that vehicles can + share environmental information (e.g., air pollution, hazards, + obstacles, slippery areas by snow or rain, road accidents, traffic + congestion, and driving behaviors of neighboring vehicles) from + various vehicle-mounted sensors, such as radars, LiDAR systems, and + cameras, with other vehicles and pedestrians. [Automotive-Sensing] + introduces millimeter-wave vehicular communication for massive + automotive sensing. A lot of data can be generated by those sensors, + and these data typically need to be routed to different destinations. + In addition, from the perspective of driverless vehicles, it is + expected that driverless vehicles can be mixed with driver-operated + vehicles. Through cooperative environment sensing, driver-operated + vehicles can use environmental information sensed by driverless + vehicles for better interaction with the other vehicles and + environment. Vehicles can also share their intended maneuvering + information (e.g., lane change, speed change, ramp in-and-out, cut- + in, and abrupt braking) with neighboring vehicles. Thus, this + information sharing can help the vehicles behave as more efficient + traffic flows and minimize unnecessary acceleration and deceleration + to achieve the best ride comfort. + + To support applications of these V2V use cases, the required + functions of IPv6 include (a) IPv6-based packet exchange in both + control and data planes and (b) secure, safe communication between + two vehicles. For the support of V2V under multiple radio + technologies (e.g., DSRC and 5G V2X), refer to Appendix A. + +3.2. V2I + + The use cases of V2I networking discussed in this section include: + + * Navigation service + + * Energy-efficient speed recommendation service + + * Accident notification service + + * Electric Vehicle (EV) charging service + + * UAM navigation service with efficient battery charging + + A navigation service (for example, the Self-Adaptive Interactive + Navigation Tool [SAINT]) that uses V2I networking interacts with a + TCC for the large-scale/long-range road traffic optimization and can + guide individual vehicles along appropriate navigation paths in real + time. The enhanced version of SAINT [SAINTplus] can give fast-moving + paths to emergency vehicles (e.g., ambulance and fire engine) to let + them reach an accident spot while redirecting other vehicles near the + accident spot into efficient detour paths. + + Either a TCC or an ECD can recommend an energy-efficient speed to a + vehicle that depends on its traffic environment and traffic signal + scheduling [SignalGuru]. For example, when a vehicle approaches an + intersection area and a red traffic light for the vehicle becomes + turned on, it needs to reduce its speed to save fuel consumption. In + this case, either a TCC or an ECD, which has the up-to-date + trajectory of the vehicle and the traffic light schedule, can notify + the vehicle of an appropriate speed for fuel efficiency. + [Fuel-Efficient] covers fuel-efficient route and speed plans for + platooned trucks. + + The emergency communication between vehicles in an accident (or + emergency-response vehicles) and a TCC can be performed via either + IP-RSUs or 4G-LTE or 5G networks. The First Responder Network + Authority [FirstNet] is provided by the US government to establish, + operate, and maintain an interoperable public safety broadband + network for safety and security network services, e.g., emergency + calls. The construction of the nationwide FirstNet network requires + each state in the US to have a Radio Access Network (RAN) that will + connect to the FirstNet's network core. The current RAN is mainly + constructed using 4G-LTE for communication between a vehicle and an + infrastructure node (i.e., V2I) [FirstNet-Report], but it is expected + that DSRC-based vehicular networks [DSRC] will be available for V2I + and V2V in the near future. An equivalent project in Europe is + called Public Safety Communications Europe [PSCE], which is + developing a network for emergency communications. + + An EV charging service with V2I can facilitate the efficient battery + charging of EVs. In the case where an EV charging station is + connected to an IP-RSU, an EV can be guided toward the deck of the EV + charging station or be notified that the charging station is out of + service through a battery charging server connected to the IP-RSU. + In addition to this EV charging service, other value-added services + (e.g., firmware/software update over-the-air and media streaming) can + be provided to an EV while it is charging its battery at the EV + charging station. For a UAM navigation service, an efficient battery + charging plan can improve the battery charging schedule of UAM end + systems (e.g., drones) for long-distance flying [CBDN]. For this + battery charging schedule, a UAM end system can communicate with a + cloud server via an infrastructure node (e.g., IP-RSU). This cloud + server can coordinate the battery charging schedules of multiple UAM + end systems for their efficient navigation path, considering flight + time from their current position to a battery charging station, + waiting time in a waiting queue at the station, and battery charging + time at the station. + + In some scenarios, such as vehicles moving on highways or staying in + parking lots, a V2V2I network is necessary for vehicles to access the + Internet since some vehicles may not be covered by an IP-RSU. For + those vehicles, a few relay vehicles can help to build the Internet + access. For the nested NEMO described in [RFC4888], hosts inside a + vehicle shown in Figure 3 for the case of V2V2I may have the same + issue in the nested NEMO scenario. + + To better support these use cases, the existing IPv6 protocol must be + augmented either through protocol changes or by including a new + adaptation layer in the architecture that efficiently maps IPv6 to a + diversity of link-layer technologies. Augmentation is necessary to + support wireless multihop V2I communications on a highway where RSUs + are sparsely deployed so that a vehicle can reach the wireless + coverage of an IP-RSU through the multihop data forwarding of + intermediate vehicles as packet forwarders. Thus, IPv6 needs to be + extended for multihop V2I communications. + + To support applications of these V2I use cases, the required + functions of IPv6 include IPv6 communication enablement with + neighborhood discovery and IPv6 address management; reachability with + adapted network models and routing methods; transport-layer session + continuity; and secure, safe communication between a vehicle and an + infrastructure node (e.g., IP-RSU) in the vehicular network. + +3.3. V2X + + The use case of V2X networking discussed in this section is for a + protection service for a vulnerable road user (VRU), e.g., a + pedestrian or cyclist. Note that the application area of this use + case is currently limited to a specific environment, such as + construction sites, plants, and factories, since not every VRU in a + public area is equipped with a smart device (e.g., not every child on + a road has a smartphone, smart watch, or tablet). + + A VRU protection service, such as the Safety-Aware Navigation + Application [SANA], using V2I2P networking can reduce the collision + of a vehicle and a pedestrian carrying a smartphone equipped with a + network device for wireless communication (e.g., Wi-Fi, DSRC, 4G/5G + V2X, and Bluetooth Low Energy (BLE)) with an IP-RSU. Vehicles and + pedestrians can also communicate with each other via an IP-RSU. An + ECD behind the IP-RSU can collect the mobility information from + vehicles and pedestrians, and then compute wireless communication + scheduling for the sake of them. This scheduling can save the + battery of each pedestrian's smartphone by allowing it to work in + sleeping mode before communication with vehicles, considering their + mobility. The location information of a VRU from a smart device + (e.g., smartphone) is multicasted only to the nearby vehicles. The + true identifiers of a VRU's smart device shall be protected, and only + the type of the VRU, such as pedestrian, cyclist, or scooter, is + disclosed to the nearby vehicles. + + For Vehicle-to-Pedestrian (V2P), a vehicle can directly communicate + with a pedestrian's smartphone by V2X without IP-RSU relaying. + Light-weight mobile nodes, such as bicycles, may also communicate + directly with a vehicle for collision avoidance using V2V. Note that + it is true that either a pedestrian or a cyclist may have a higher + risk of being hit by a vehicle if they are not with a smartphone in + the current setting. For this case, other human-sensing technologies + (e.g., moving-object detection in images and wireless signal-based + human movement detection [LIFS] [DFC]) can be used to provide motion + information to vehicles. A vehicle by V2V2I networking can obtain a + VRU's motion information via an IP-RSU that either employs or + connects to a human-sensing technology. + + The existing IPv6 protocol must be augmented through protocol changes + in order to support wireless multihop V2X or V2I2X communications in + an urban road network where RSUs are deployed at intersections so + that a vehicle (or a pedestrian's smartphone) can reach the wireless + coverage of an IP-RSU through the multihop data forwarding of + intermediate vehicles (or pedestrians' smartphones) as packet + forwarders. Thus, IPv6 needs to be extended for multihop V2X or + V2I2X communications. + + To support applications of these V2X use cases, the required + functions of IPv6 include IPv6-based packet exchange; transport-layer + session continuity; secure, safe communication between a vehicle and + a pedestrian either directly or indirectly via an IP-RSU; and the + protection of identifiers of either a vehicle or smart device (such + as the Media Access Control (MAC) address and IPv6 address), which is + discussed in detail in Section 6.3. + +4. Vehicular Networks + + This section describes the context for vehicular networks supporting + V2V, V2I, and V2X communications and describes an internal network + within a vehicle or an Edge Network (EN). Additionally, this section + explains not only the internetworking between the internal networks + of a vehicle and an EN via wireless links but also the + internetworking between the internal networks of two vehicles via + wireless links. + + Traffic Control Center in Vehicular Cloud + ******************************************* ++-------------+ * * +|Correspondent| * +-----------------+ * +| Node |<->* | Mobility Anchor | * ++-------------+ * +-----------------+ * + * ^ * + * | * + * v * + ******************************************* + ^ ^ ^ + | | | + | | | + v v v + +---------+ +---------+ +---------+ + | IP-RSU1 |<--------->| IP-RSU2 |<--------->| IP-RSU3 | + +---------+ +---------+ +---------+ + ^ ^ ^ + : : : + +-----------------+ +-----------------+ +-----------------+ + | : V2I | | : V2I | | : V2I | + | v | | v | | v | ++--------+ | +--------+ | | +--------+ | | +--------+ | +|Vehicle1|===> |Vehicle2|===>| | |Vehicle3|===>| | |Vehicle4|===>| ++--------+<...>+--------+<........>+--------+ | | +--------+ | + V2V ^ V2V ^ | | ^ | + | : V2V | | : V2V | | : V2V | + | v | | v | | v | + | +--------+ | | +--------+ | | +--------+ | + | |Vehicle5|===> | | |Vehicle6|===>| | |Vehicle7|==>| + | +--------+ | | +--------+ | | +--------+ | + +-----------------+ +-----------------+ +-----------------+ + Subnet1 Subnet2 Subnet3 + (Prefix1) (Prefix2) (Prefix3) + + <----> Wired Link <....> Wireless Link ===> Moving Direction + + Figure 1: An Example Vehicular Network Architecture for V2I and V2V + +4.1. Vehicular Network Architecture + + Figure 1 shows an example vehicular network architecture for V2I and + V2V in a road network. The vehicular network architecture contains + vehicles (including IP-OBU), IP-RSUs, Mobility Anchor, Traffic + Control Center, and Vehicular Cloud as components. These components + are not mandatory, and they can be deployed into vehicular networks + in various ways. Some of them (e.g., Mobility Anchor, Traffic + Control Center, and Vehicular Cloud) may not be needed for the + vehicular networks according to target use cases in Section 3. + + Existing network architectures, such as the network architectures of + PMIPv6 [RFC5213], RPL (IPv6 Routing Protocol for Low-Power and Lossy + Networks) [RFC6550], Automatic Extended Route Optimization [AERO], + and Overlay Multilink Network Interface [OMNI], can be extended to a + vehicular network architecture for multihop V2V, V2I, and V2X, as + shown in Figure 1. Refer to Appendix B for the detailed discussion + on multihop V2X networking by RPL and OMNI. Also, refer to + Appendix A for the description of how OMNI is designed to support the + use of multiple radio technologies in V2X. Note that though AERO/ + OMNI is not actually deployed in the industry, this AERO/OMNI is + mentioned as a possible approach for vehicular networks in this + document. + + As shown in Figure 1, IP-RSUs as routers and vehicles with IP-OBU + have wireless media interfaces for VANET. The three IP-RSUs (IP- + RSU1, IP-RSU2, and IP-RSU3) are deployed in the road network and are + connected with each other through the wired networks (e.g., + Ethernet). A Traffic Control Center (TCC) is connected to the + Vehicular Cloud for the management of IP-RSUs and vehicles in the + road network. A Mobility Anchor (MA) may be located in the TCC as a + mobility management controller. Vehicle2, Vehicle3, and Vehicle4 are + wirelessly connected to IP-RSU1, IP-RSU2, and IP-RSU3, respectively. + The three wireless networks of IP-RSU1, IP-RSU2, and IP-RSU3 can + belong to three different subnets (i.e., Subnet1, Subnet2, and + Subnet3), respectively. Those three subnets use three different + prefixes (i.e., Prefix1, Prefix2, and Prefix3). + + Multiple vehicles under the coverage of an IP-RSU share a prefix just + as mobile nodes share a prefix of a Wi-Fi access point in a wireless + LAN. This is a natural characteristic in infrastructure-based + wireless networks. For example, in Figure 1, two vehicles (i.e., + Vehicle2 and Vehicle5) can use Prefix1 to configure their IPv6 global + addresses for V2I communication. Alternatively, two vehicles can + employ a "Bring Your Own Addresses (BYOA)" (or "Bring Your Own Prefix + (BYOP)") technique using their own IPv6 Unique Local Addresses (ULAs) + [RFC4193] over the wireless network. + + In wireless subnets in vehicular networks (e.g., Subnet1 and Subnet2 + in Figure 1), vehicles can construct a connected VANET (with an + arbitrary graph topology) and can communicate with each other via V2V + communication. Vehicle1 can communicate with Vehicle2 via V2V + communication, and Vehicle2 can communicate with Vehicle3 via V2V + communication because they are within the wireless communication + range of each other. On the other hand, Vehicle3 can communicate + with Vehicle4 via the vehicular infrastructure (i.e., IP-RSU2 and IP- + RSU3) by employing V2I (i.e., V2I2V) communication because they are + not within the wireless communication range of each other. + + As a basic definition for IPv6 packets transported over IEEE + 802.11-OCB, [RFC8691] specifies several details, including Maximum + Transmission Unit (MTU), frame format, link-local address, address + mapping for unicast and multicast, stateless autoconfiguration, and + subnet structure. + + An IPv6 mobility solution is needed for the guarantee of + communication continuity in vehicular networks so that a vehicle's + TCP session can be continued or that UDP packets can be delivered to + a vehicle as a destination without loss while it moves from an IP- + RSU's wireless coverage to another IP-RSU's wireless coverage. In + Figure 1, assuming that Vehicle2 has a TCP session (or a UDP session) + with a correspondent node in the Vehicular Cloud, Vehicle2 can move + from IP-RSU1's wireless coverage to IP-RSU2's wireless coverage. In + this case, a handover for Vehicle2 needs to be performed by either a + host-based mobility management scheme (e.g., MIPv6 [RFC6275]) or a + network-based mobility management scheme (e.g., PMIPv6 [RFC5213], + NEMO [RFC3963] [RFC4885] [RFC4888], and AERO [AERO]). This document + describes issues in mobility management for vehicular networks in + Section 5.2. For improving TCP session continuity or successful UDP + packet delivery, the Multipath TCP (MPTCP) [RFC8684] or QUIC protocol + [RFC9000] can also be used. IP-OBUs, however, may still experience + more session time-out and re-establishment procedures due to lossy + connections among vehicles caused by the high mobility dynamics of + them. + +4.2. V2I-Based Internetworking + + This section discusses the internetworking between a vehicle's + internal network (i.e., mobile network) and an EN's internal network + (i.e., fixed network) via V2I communication. The internal network of + a vehicle is nowadays constructed with Ethernet by many automotive + vendors [In-Car-Network]. Note that an EN can accommodate multiple + routers (or switches) and servers (e.g., ECDs, navigation server, and + DNS server) in its internal network. + + A vehicle's internal network often uses Ethernet to interconnect + Electronic Control Units (ECUs) in the vehicle. The internal network + can support Wi-Fi and Bluetooth to accommodate a driver's and + passenger's mobile devices (e.g., smartphone or tablet). The network + topology and subnetting depend on each vendor's network configuration + for a vehicle and an EN. It is reasonable to consider interactions + between the internal network of a vehicle and that of another vehicle + or an EN. Note that it is dangerous if the internal network of a + vehicle is controlled by a malicious party. These dangers can + include unauthorized driving control input and unauthorized driving + information disclosure to an unauthorized third party. A malicious + party can be a group of hackers, a criminal group, and a competitor + for industrial espionage or sabotage. To minimize this kind of risk, + an augmented identification and verification protocol, which has an + extra means, shall be implemented based on a basic identity + verification process. These extra means could include approaches + based on certificates, biometrics, credit, or One-Time Passwords + (OTPs) in addition to Host Identity Protocol certificates [RFC8002]. + The parties of the verification protocol can be from a built-in + verification protocol in the current vehicle, which is pre-installed + by a vehicle vendor. The parties can also be from any verification + authorities that have the database of authenticated users. The + security properties provided by a verification protocol can be + identity-related information, such as the genuineness of an identity, + the authenticity of an identity, and the ownership of an identity + [RFC7427]. + + The augmented identification and verification protocol with extra + means can support security properties such as the identification and + verification of a vehicle, driver, and passenger. First, a credit- + based method is when a vehicle classifies the messages it received + from another host into various levels based on their potential + effects on driving safety in order to calculate the credit of that + sender. Based on accumulated credit, a correspondent node can verify + the other party to see whether it is genuine or not. Second, a + certificate-based method includes a user certificate (e.g., X.509 + certificate [RFC5280]) to authenticate a vehicle or its driver. + Third, a biometric method includes a fingerprint, face, or voice to + authenticate a driver or passenger. Lastly, an OTP-based method lets + another already-authenticated device (e.g., smartphone and tablet) of + a driver or passenger be used to authenticate a driver or passenger. + + +-----------------+ + (*)<........>(*) +----->| Vehicular Cloud | + (2001:db8:1:1::/64) | | | +-----------------+ + +------------------------------+ +---------------------------------+ + | v | | v v | + | +-------+ +-------+ | | +-------+ +-------+ | + | | Host1 | |IP-OBU1| | | |IP-RSU1| | Host3 | | + | +-------+ +-------+ | | +-------+ +-------+ | + | ^ ^ | | ^ ^ | + | | | | | | | | + | v v | | v v | + | ---------------------------- | | ------------------------------- | + | 2001:db8:10:1::/64 ^ | | ^ 2001:db8:20:1::/64 | + | | | | | | + | v | | v | + | +-------+ +-------+ | | +-------+ +-------+ +-------+ | + | | Host2 | |Router1| | | |Router2| |Server1|...|ServerN| | + | +-------+ +-------+ | | +-------+ +-------+ +-------+ | + | ^ ^ | | ^ ^ ^ | + | | | | | | | | | + | v v | | v v v | + | ---------------------------- | | ------------------------------- | + | 2001:db8:10:2::/64 | | 2001:db8:20:2::/64 | + +------------------------------+ +---------------------------------+ + Vehicle1 (Mobile Network1) EN1 (Fixed Network1) + + <----> Wired Link <....> Wireless Link (*) Antenna + + Figure 2: Internetworking between Vehicle and Edge Network + + As shown in Figure 2, as internal networks, a vehicle's mobile + network and an EN's fixed network are self-contained networks having + multiple subnets and having an edge router (e.g., IP-OBU and IP-RSU) + for communication with another vehicle or another EN. The + internetworking between two internal networks via V2I communication + requires the exchange of the network parameters and the network + prefixes of the internal networks. For the efficiency, the network + prefixes of the internal networks (as a mobile network) in a vehicle + need to be delegated and configured automatically. Note that a + mobile network's network prefix can be called a Mobile Network Prefix + (MNP) [RFC3963]. + + Figure 2 also shows the internetworking between the vehicle's mobile + network and the EN's fixed network. There exists an internal network + (Mobile Network1) inside Vehicle1. Vehicle1 has two hosts (Host1 and + Host2) and two routers (IP-OBU1 and Router1). There exists another + internal network (Fixed Network1) inside EN1. EN1 has one host + (Host3), two routers (IP-RSU1 and Router2), and the collection of + servers (Server1 to ServerN) for various services in the road + networks, such as the emergency notification and navigation. + Vehicle1's IP-OBU1 (as a mobile router) and EN1's IP-RSU1 (as a fixed + router) use 2001:db8:1:1::/64 for an external link (e.g., DSRC) for + V2I networking. Thus, a host (Host1) in Vehicle1 can communicate + with a server (Server1) in EN1 for a vehicular service through + Vehicle1's mobile network, a wireless link between IP-OBU1 and IP- + RSU1, and EN1's fixed network. + + For the IPv6 communication between an IP-OBU and an IP-RSU or between + two neighboring IP-OBUs, they need to know the network parameters, + which include MAC layer and IPv6 layer information. The MAC layer + information includes wireless link-layer parameters, transmission + power level, and the MAC address of an external network interface for + the internetworking with another IP-OBU or IP-RSU. The IPv6 layer + information includes the IPv6 address and network prefix of an + external network interface for the internetworking with another IP- + OBU or IP-RSU. + + Through the mutual knowledge of the network parameters of internal + networks, packets can be transmitted between the vehicle's mobile + network and the EN's fixed network. Thus, V2I requires an efficient + protocol for the mutual knowledge of network parameters. Note that + from a security point of view, perimeter-based policy enforcement + [RFC9099] can be applied to protect parts of the internal network of + a vehicle. + + As shown in Figure 2, the addresses used for IPv6 transmissions over + the wireless link interfaces for IP-OBU and IP-RSU can be IPv6 link- + local addresses, ULAs, or IPv6 global addresses. When IPv6 addresses + are used, wireless interface configuration and control overhead for + Duplicate Address Detection (DAD) [RFC4862] and Multicast Listener + Discovery (MLD) [RFC2710] [RFC3810] should be minimized to support + V2I and V2X communications for vehicles moving fast along roadways. + + Let us consider the upload/download time of a ground vehicle when it + passes through the wireless communication coverage of an IP-RSU. For + a given typical setting where 1 km is the maximum DSRC communication + range [DSRC] and 100 km/h is the speed limit on highways for ground + vehicles, the dwelling time can be calculated to be 72 seconds by + dividing the diameter of the 2 km (i.e., two times the DSRC + communication range where an IP-RSU is located in the center of the + circle of wireless communication) by the speed limit of 100 km/h + (i.e., about 28 m/s). For the 72 seconds, a vehicle passing through + the coverage of an IP-RSU can upload and download data packets to/ + from the IP-RSU. For special cases, such as emergency vehicles + moving above the speed limit, the dwelling time is relatively shorter + than that of other vehicles. For cases of airborne vehicles (i.e., + aircraft), considering a higher flying speed and a higher altitude, + the dwelling time can be much shorter. + +4.3. V2V-Based Internetworking + + This section discusses the internetworking between the mobile + networks of two neighboring vehicles via V2V communication. + + (*)<..........>(*) + (2001:db8:1:1::/64) | | + +------------------------------+ +------------------------------+ + | v | | v | + | +-------+ +-------+ | | +-------+ +-------+ | + | | Host1 | |IP-OBU1| | | |IP-OBU2| | Host3 | | + | +-------+ +-------+ | | +-------+ +-------+ | + | ^ ^ | | ^ ^ | + | | | | | | | | + | v v | | v v | + | ---------------------------- | | ---------------------------- | + | 2001:db8:10:1::/64 ^ | | ^ 2001:db8:30:1::/64 | + | | | | | | + | v | | v | + | +-------+ +-------+ | | +-------+ +-------+ | + | | Host2 | |Router1| | | |Router2| | Host4 | | + | +-------+ +-------+ | | +-------+ +-------+ | + | ^ ^ | | ^ ^ | + | | | | | | | | + | v v | | v v | + | ---------------------------- | | ---------------------------- | + | 2001:db8:10:2::/64 | | 2001:db8:30:2::/64 | + +------------------------------+ +------------------------------+ + Vehicle1 (Mobile Network1) Vehicle2 (Mobile Network2) + + <----> Wired Link <....> Wireless Link (*) Antenna + + Figure 3: Internetworking between Two Vehicles + + Figure 3 shows the internetworking between the mobile networks of two + neighboring vehicles. There exists an internal network (Mobile + Network1) inside Vehicle1. Vehicle1 has two hosts (Host1 and Host2) + and two routers (IP-OBU1 and Router1). There exists another internal + network (Mobile Network2) inside Vehicle2. Vehicle2 has two hosts + (Host3 and Host4) and two routers (IP-OBU2 and Router2). Vehicle1's + IP-OBU1 (as a mobile router) and Vehicle2's IP-OBU2 (as a mobile + router) use 2001:db8:1:1::/64 for an external link (e.g., DSRC) for + V2V networking. Thus, a host (Host1) in Vehicle1 can communicate + with another host (Host3) in Vehicle2 for a vehicular service through + Vehicle1's mobile network, a wireless link between IP-OBU1 and IP- + OBU2, and Vehicle2's mobile network. + + As a V2V use case in Section 3.1, Figure 4 shows a linear network + topology of platooning vehicles for V2V communications where Vehicle3 + is the lead vehicle with a driver, and Vehicle2 and Vehicle1 are the + following vehicles without drivers. From a security point of view, + before vehicles can be platooned, they shall be mutually + authenticated to reduce possible security risks. + + (*)<..................>(*)<..................>(*) + | | | + +-----------+ +-----------+ +-----------+ + | | | | | | + | +-------+ | | +-------+ | | +-------+ | + | |IP-OBU1| | | |IP-OBU2| | | |IP-OBU3| | + | +-------+ | | +-------+ | | +-------+ | + | ^ | | ^ | | ^ | + | | |=====> | | |=====> | | |=====> + | v | | v | | v | + | +-------+ | | +-------+ | | +-------+ | + | | Host1 | | | | Host2 | | | | Host3 | | + | +-------+ | | +-------+ | | +-------+ | + | | | | | | + +-----------+ +-----------+ +-----------+ + Vehicle1 Vehicle2 Vehicle3 + + <----> Wired Link <....> Wireless Link ===> Moving Direction + (*) Antenna + + Figure 4: Multihop Internetworking between Two Vehicle Networks + + As shown in Figure 4, multihop internetworking is feasible among the + mobile networks of three vehicles in the same VANET. For example, + Host1 in Vehicle1 can communicate with Host3 in Vehicle3 via IP-OBU1 + in Vehicle1, IP-OBU2 in Vehicle2, and IP-OBU3 in Vehicle3 in the + VANET, as shown in the figure. + + In this section, the link between two vehicles is assumed to be + stable for single-hop wireless communication regardless of the sight + relationship, such as Line-of-Sight and Non-Line-of-Sight, as shown + in Figure 3. Even in Figure 4, the three vehicles are connected to + each other with a linear topology, however, multihop V2V + communication can accommodate any network topology (i.e., an + arbitrary graph) over VANET routing protocols. + + (*)<..................>(*)<..................>(*) + | | | + +-----------+ +-----------+ +-----------+ + | | | | | | + | +-------+ | | +-------+ | | +-------+ | + | |IP-OBU1| | | |IP-RSU1| | | |IP-OBU3| | + | +-------+ | | +-------+ | | +-------+ | + | ^ | | ^ | | ^ | + | | |=====> | | | | | |=====> + | v | | v | | v | + | +-------+ | | +-------+ | | +-------+ | + | | Host1 | | | | Host2 | | | | Host3 | | + | +-------+ | | +-------+ | | +-------+ | + | | | | | | + +-----------+ +-----------+ +-----------+ + Vehicle1 EN1 Vehicle3 + + <----> Wired Link <....> Wireless Link ===> Moving Direction + (*) Antenna + + Figure 5: Multihop Internetworking between Two Vehicle Networks + via IP-RSU (V2I2V) + + As shown in Figure 5, multihop internetworking between two vehicles + is feasible via an infrastructure node (e.g., IP-RSU) with wireless + connectivity among the mobile networks of two vehicles and the fixed + network of an edge network (denoted as EN1) in the same VANET. For + example, Host1 in Vehicle1 can communicate with Host3 in Vehicle3 via + IP-OBU1 in Vehicle1, IP-RSU1 in EN1, and IP-OBU3 in Vehicle3 in the + VANET, as shown in the figure. + + For the reliability required in V2V networking, the ND optimization + defined in the Mobile Ad Hoc Network (MANET) [RFC6130] [RFC7466] + improves the classical IPv6 ND in terms of tracking neighbor + information with up to two hops and introducing several extensible + Information Bases. This improvement serves the MANET routing + protocols, such as the different versions of Optimized Link State + Routing Protocol (OLSR) [RFC3626] [RFC7181], Open Shortest Path First + (OSPF) derivatives (e.g., [RFC5614]), and Dynamic Link Exchange + Protocol (DLEP) [RFC8175] with its extensions [RFC8629] [RFC8757]. + In short, the MANET ND mainly deals with maintaining extended network + neighbors to enhance the link reliability. However, an ND protocol + in vehicular networks shall consider more about the geographical + mobility information of vehicles as an important resource for serving + various purposes to improve the reliability, e.g., vehicle driving + safety, intelligent transportation implementations, and advanced + mobility services. For a more reliable V2V networking, some + redundancy mechanisms should be provided in L3 in cases of the + failure of L2. For different use cases, the optimal solution to + improve V2V networking reliability may vary. For example, a group of + platooning vehicles may have stabler neighbors than freely moving + vehicles, as described in Section 3.1. + +5. Problem Statement + + In order to specify protocols using the architecture mentioned in + Section 4.1, IPv6 core protocols have to be adapted to overcome + certain challenging aspects of vehicular networking. Since the + vehicles are likely to be moving at great speed, protocol exchanges + need to be completed in a relatively short time compared to the + lifetime of a link between a vehicle and an IP-RSU or between two + vehicles. In these cases, vehicles may not have enough time either + to build link-layer connections with each other and may rely more on + connections with infrastructure. In other cases, the relative speed + between vehicles may be low when vehicles move toward the same + direction or are platooned. For those cases, vehicles can have more + time to build and maintain connections with each other. + + For safe driving, vehicles need to exchange application messages + every 0.5 seconds [NHTSA-ACAS-Report] to let drivers take an action + to avoid a dangerous situation (e.g., vehicle collision), so the IPv6 + control plane (e.g., ND procedure and DAD) needs to support this + order of magnitude for application message exchanges. Also, + considering the communication range of DSRC (up to 1 km) and 100 km/h + as the speed limit on highways (some countries can have much higher + speed limits or even no limit, e.g., Germany), the lifetime of a link + between a vehicle and an IP-RSU is in the order of a minute (e.g., + about 72 seconds), and the lifetime of a link between two vehicles is + about a half minute. Note that if two vehicles are moving in the + opposite directions in a roadway, the relative speed of this case is + two times the relative speed of a vehicle passing through an IP-RSU. + This relative speed causes the lifetime of the wireless link between + the vehicle and the IP-RSU to be halved. In reality, the DSRC + communication range is around 500 m, so the link lifetime will be + half of the maximum time. The time constraint of a wireless link + between two nodes (e.g., vehicle and IP-RSU) needs to be considered + because it may affect the lifetime of a session involving the link. + The lifetime of a session varies depending on the session's type, + such as web surfing, a voice call over IP, a DNS query, or context- + aware navigation (in Section 3.1). Regardless of a session's type, + to guide all the IPv6 packets to their destination host(s), IP + mobility should be supported for the session. In a V2V scenario + (e.g., context-aware navigation [CNP]), the IPv6 packets of a vehicle + should be delivered to relevant vehicles efficiently (e.g., + multicasting). With this observation, IPv6 protocol exchanges need + to be performed as quickly as possible to support the message + exchanges of various applications in vehicular networks. + + Therefore, the time constraint of a wireless link has a major impact + on IPv6 Neighbor Discovery (ND). Mobility Management (MM) is also + vulnerable to disconnections that occur before the completion of + identity verification and tunnel management. This is especially true + given the unreliable nature of wireless communication. Meanwhile, + the bandwidth of the wireless link determined by the lower layers + (i.e., PHY and link layers) can affect the transmission time of + control messages of the upper layers (e.g., IPv6) and the continuity + of sessions in the higher layers (e.g., IPv6, TCP, and UDP). Hence, + the bandwidth selection according to the Modulation and Coding Scheme + (MCS) also affects the vehicular network connectivity. Note that + usually the higher bandwidth gives the shorter communication range + and the higher packet error rate at the receiving side, which may + reduce the reliability of control message exchanges of the higher + layers (e.g., IPv6). This section presents key topics, such as + neighbor discovery and mobility management for links and sessions in + IPv6-based vehicular networks. Note that the detailed discussion on + the transport-layer session mobility and usage of available bandwidth + to fulfill the use cases is left as potential future work. + +5.1. Neighbor Discovery + + IPv6 ND [RFC4861] [RFC4862] is a core part of the IPv6 protocol + suite. IPv6 ND is designed for link types including point-to-point, + multicast-capable (e.g., Ethernet), and Non-Broadcast Multiple Access + (NBMA). It assumes the efficient and reliable support of multicast + and unicast from the link layer for various network operations, such + as MAC Address Resolution (AR), DAD, MLD, and Neighbor Unreachability + Detection (NUD) [RFC4861] [RFC4862] [RFC2710] [RFC3810]. + + Vehicles move quickly within the communication coverage of any + particular vehicle or IP-RSU. Before the vehicles can exchange + application messages with each other, they need IPv6 addresses to run + IPv6 ND. + + The requirements for IPv6 ND for vehicular networks are efficient DAD + and NUD operations. An efficient DAD is required to reduce the + overhead of DAD packets during a vehicle's travel in a road network, + which can guarantee the uniqueness of a vehicle's global IPv6 + address. An efficient NUD is required to reduce the overhead of the + NUD packets during a vehicle's travel in a road network, which can + guarantee the accurate neighborhood information of a vehicle in terms + of adjacent vehicles and IP-RSUs. + + The legacy DAD assumes that a node with an IPv6 address can reach any + other node with the scope of its address at the time it claims its + address, and can hear any future claim for that address by another + party within the scope of its address for the duration of the address + ownership. However, the partitioning and merging of VANETs makes + this assumption not valid frequently in vehicular networks. The + partitioning and merging of VANETs frequently occurs in vehicular + networks. This partitioning and merging should be considered for + IPv6 ND, such as IPv6 Stateless Address Autoconfiguration (SLAAC) + [RFC4862]. SLAAC is not compatible with the partitioning and + merging, and additional work is needed for ND to operate properly + under those circumstances. Due to the merging of VANETs, two IPv6 + addresses may conflict with each other though they were unique before + the merging. An address lookup operation may be conducted by an MA + or IP-RSU (as Registrar in RPL) to check the uniqueness of an IPv6 + address that will be configured by a vehicle as DAD. Also, the + partitioning of a VANET may make vehicles with the same prefix be + physically unreachable. An address lookup operation may be conducted + by an MA or IP-RSU (as Registrar in RPL) to check the existence of a + vehicle under the network coverage of the MA or IP-RSU as NUD. Thus, + SLAAC needs to prevent IPv6 address duplication due to the merging of + VANETs, and IPv6 ND needs to detect unreachable neighboring vehicles + due to the partitioning of a VANET. According to the partitioning + and merging, a destination vehicle (as an IPv6 host) needs to be + distinguished as a host that is either on-link or not on-link even + though the source vehicle can use the same prefix as the destination + vehicle [IPPL]. + + To efficiently prevent IPv6 address duplication (due to the VANET + partitioning and merging) from happening in vehicular networks, the + vehicular networks need to support a vehicular-network-wide DAD by + defining a scope that is compatible with the legacy DAD. In this + case, two vehicles can communicate with each other when there exists + a communication path over VANET or a combination of VANETs and IP- + RSUs, as shown in Figure 1. By using the vehicular-network-wide DAD, + vehicles can assure that their IPv6 addresses are unique in the + vehicular network whenever they are connected to the vehicular + infrastructure or become disconnected from it in the form of VANET. + + For vehicular networks with high mobility and density, DAD needs to + be performed efficiently with minimum overhead so that the vehicles + can exchange driving safety messages (e.g., collision avoidance and + accident notification) with each other with a short interval as + suggested by the National Highway Traffic Safety Administration + (NHTSA) of the U.S. [NHTSA-ACAS-Report]. Since the partitioning and + merging of vehicular networks may require re-performing the DAD + process repeatedly, the link scope of vehicles may be limited to a + small area, which may delay the exchange of driving safety messages. + Driving safety messages can include a vehicle's mobility information + (e.g., position, speed, direction, and acceleration/deceleration) + that is critical to other vehicles. The exchange interval of this + message is recommended to be less than 0.5 seconds, which is required + for a driver to avoid an emergency situation, such as a rear-end + crash. + + ND time-related parameters, such as router lifetime and Neighbor + Advertisement (NA) interval, need to be adjusted for vehicle speed + and vehicle density. For example, the NA interval needs to be + dynamically adjusted according to a vehicle's speed so that the + vehicle can maintain its position relative to its neighboring + vehicles in a stable way, considering the collision probability with + the NA messages sent by other vehicles. The ND time-related + parameters can be an operational setting or an optimization point + particularly for vehicular networks. Note that the link-scope + multicast messages in the ND protocol may cause a performance issue + in vehicular networks. [RFC9119] suggests several optimization + approaches for the issue. + + For IPv6-based safety applications (e.g., context-aware navigation, + adaptive cruise control, and platooning) in vehicular networks, the + delay-bounded data delivery is critical. IPv6 ND needs to work to + support those IPv6-based safety applications efficiently. + [VEHICULAR-ND] introduces a Vehicular Neighbor Discovery (VND) + process as an extension of IPv6 ND for IP-based vehicular networks. + + From the interoperability point of view, in IPv6-based vehicular + networking, IPv6 ND should have minimum changes from the legacy IPv6 + ND used in the Internet, including DAD and NUD operations, so that + IPv6-based vehicular networks can be seamlessly connected to other + intelligent transportation elements (e.g., traffic signals, + pedestrian wearable devices, electric scooters, and bus stops) that + use the standard IPv6 network settings. + +5.1.1. Link Model + + A subnet model for a vehicular network needs to facilitate + communication between two vehicles with the same prefix regardless of + the vehicular network topology as long as there exist bidirectional + E2E paths between them in the vehicular network including VANETs and + IP-RSUs. This subnet model allows vehicles with the same prefix to + communicate with each other via a combination of multihop V2V and + multihop V2I with VANETs and IP-RSUs. [WIRELESS-ND] introduces other + issues in an IPv6 subnet model. + + IPv6 protocols work under certain assumptions that do not necessarily + hold for vehicular wireless access link types [VIP-WAVE] [RFC5889]. + For instance, some IPv6 protocols, such as NUD [RFC4861] and MIPv6 + [RFC6275], assume symmetry in the connectivity among neighboring + interfaces. However, radio interference and different levels of + transmission power may cause asymmetric links to appear in vehicular + wireless links [RFC6250]. As a result, a new vehicular link model + needs to consider the asymmetry of dynamically changing vehicular + wireless links. + + There is a relationship between a link and a prefix, besides the + different scopes that are expected from the link-local, unique-local, + and global types of IPv6 addresses. In an IPv6 link, it is defined + that all interfaces that are configured with the same subnet prefix + and with the on-link bit set can communicate with each other on an + IPv6 link. However, the vehicular link model needs to define the + relationship between a link and a prefix, considering the dynamics of + wireless links and the characteristics of VANET. + + A VANET can have a single link between each vehicle pair within the + wireless communication range, as shown in Figure 4. When two + vehicles belong to the same VANET, but they are out of wireless + communication range, they cannot communicate directly with each + other. Suppose that a global-scope IPv6 prefix (or an IPv6 ULA + prefix) is assigned to VANETs in vehicular networks. Considering + that two vehicles in the same VANET configure their IPv6 addresses + with the same IPv6 prefix, if they are not connected in one hop (that + is, they have multihop network connectivity between them), then they + may not be able to communicate with each other. Thus, in this case, + the concept of an on-link IPv6 prefix does not hold because two + vehicles with the same on-link IPv6 prefix cannot communicate + directly with each other. Also, when two vehicles are located in two + different VANETs with the same IPv6 prefix, they cannot communicate + with each other. On the other hand, when these two VANETs converge + to one VANET, the two vehicles can communicate with each other in a + multihop fashion, for example, when they are Vehicle1 and Vehicle3, + as shown in Figure 4. + + From the previous observation, a vehicular link model should consider + the frequent partitioning and merging of VANETs due to vehicle + mobility. Therefore, the vehicular link model needs to use a prefix + that is on-link and a prefix that is not on-link according to the + network topology of vehicles, such as a one-hop reachable network and + a multihop reachable network (or partitioned networks). If the + vehicles with the same prefix are reachable from each other in one + hop, the prefix should be on-link. On the other hand, if some of the + vehicles with the same prefix are not reachable from each other in + one hop due to either the multihop topology in the VANET or multiple + partitions, the prefix should not be on-link. In most cases in + vehicular networks, due to the partitioning and merging of VANETs and + the multihop network topology of VANETs, prefixes that are not on- + link will be used for vehicles as default. + + The vehicular link model needs to support multihop routing in a + connected VANET where the vehicles with the same global-scope IPv6 + prefix (or the same IPv6 ULA prefix) are connected in one hop or + multiple hops. It also needs to support the multihop routing in + multiple connected VANETs through infrastructure nodes (e.g., IP-RSU) + where they are connected to the infrastructure. For example, in + Figure 1, suppose that Vehicle1, Vehicle2, and Vehicle3 are + configured with their IPv6 addresses based on the same global-scope + IPv6 prefix. Vehicle1 and Vehicle3 can also communicate with each + other via either multihop V2V or multihop V2I2V. When Vehicle1 and + Vehicle3 are connected in a VANET, it will be more efficient for them + to communicate with each other directly via VANET rather than + indirectly via IP-RSUs. On the other hand, when Vehicle1 and + Vehicle3 are farther apart than the direct communication range in two + separate VANETs and under two different IP-RSUs, they can communicate + with each other through the relay of IP-RSUs via V2I2V. Thus, the + two separate VANETs can merge into one network via IP-RSU(s). Also, + newly arriving vehicles can merge the two separate VANETs into one + VANET if they can play the role of a relay node for those VANETs. + + Thus, in IPv6-based vehicular networking, the vehicular link model + should have minimum changes for interoperability with standard IPv6 + links efficiently to support IPv6 DAD, MLD, and NUD operations. + +5.1.2. MAC Address Pseudonym + + For the protection of drivers' privacy, a pseudonym of a MAC address + of a vehicle's network interface should be used so that the MAC + address can be changed periodically. However, although such a + pseudonym of a MAC address can protect to some extent the privacy of + a vehicle, it may not be able to resist attacks on vehicle + identification by other fingerprint information, for example, the + scrambler seed embedded in IEEE 802.11-OCB frames [Scrambler-Attack]. + Note that [MAC-ADD-RAN] discusses more about MAC address + randomization, and [RCM-USE-CASES] describes several use cases for + MAC address randomization. + + In the ETSI standards, for the sake of security and privacy, an ITS + station (e.g., vehicle) can use pseudonyms for its network interface + identities (e.g., MAC address) and the corresponding IPv6 addresses + [Identity-Management]. Whenever the network interface identifier + changes, the IPv6 address based on the network interface identifier + needs to be updated, and the uniqueness of the address needs to be + checked through a DAD procedure. + +5.1.3. Routing + + For multihop V2V communications in either a VANET or VANETs via IP- + RSUs, a vehicular Mobile Ad Hoc Networks (MANET) routing protocol may + be required to support both unicast and multicast in the links of the + subnet with the same IPv6 prefix. However, it will be costly to run + both vehicular ND and a vehicular ad hoc routing protocol in terms of + control traffic overhead [RFC9119]. + + A routing protocol for a VANET may cause redundant wireless frames in + the air to check the neighborhood of each vehicle and compute the + routing information in a VANET with a dynamic network topology + because IPv6 ND is used to check the neighborhood of each vehicle. + Thus, the vehicular routing needs to take advantage of IPv6 ND to + minimize its control overhead. + + RPL [RFC6550] defines a routing LLN protocol, which constructs and + maintains Destination-Oriented Directed Acyclic Graphs (DODAGs) + optimized by an Objective Function (OF). A defined OF provides route + selection and optimization within an RPL topology. The RPL nodes use + an anisotropic Distance Vector (DV) approach to form a DODAG by + discovering and aggressively maintaining the upward default route + toward the root of the DODAG. Downward routes follow the same DODAG, + with lazy maintenance and stretched peer-to-peer (P2P) routing in the + so-called storing mode. It is well-designed to reduce the + topological knowledge and routing state that needs to be exchanged. + As a result, the routing protocol overhead is minimized, which allows + either highly constrained stable networks or less constrained, highly + dynamic networks. Refer to Appendix B for the detailed description + of RPL for multihop V2X networking. + + An address registration extension for 6LoWPAN (IPv6 over Low-Power + Wireless Personal Area Network) in [RFC8505] can support light-weight + mobility for nodes moving through different parents. The extension + described in [RFC8505] is stateful and proactively installs the ND + cache entries; this saves broadcasts and provides deterministic + presence information for IPv6 addresses. Mainly, it updates the + Address Registration Option (ARO) of ND defined in [RFC6775] to + include a status field (which can indicate the movement of a node) + and optionally a Transaction ID (TID) field (which is a sequence + number that can be used to determine the most recent location of a + node). Thus, RPL can use the information provided by the Extended + ARO (EARO) defined in [RFC8505] to deal with a certain level of node + mobility. When a leaf node moves to the coverage of another parent + node, it should de-register its addresses with the previous parent + node and register itself with a new parent node along with an + incremented TID. + + RPL can be used in IPv6-based vehicular networks, but it is primarily + designed for low-power networks, which puts energy efficiency first. + For using it in IPv6-based vehicular networks, there have not been + actual experiences and practical implementations, though it was + tested in IoT Low-Power and Lossy Network (LLN) scenarios. Another + concern is that RPL may generate excessive topology discovery + messages in a highly moving environment, such as vehicular networks. + This issue can be an operational or optimization point for a + practitioner. + + Moreover, due to bandwidth and energy constraints, RPL does not + suggest using a proactive mechanism (e.g., keepalive) to maintain + accurate routing adjacencies, such as Bidirectional Forwarding + Detection [RFC5881] and MANET Neighborhood Discovery Protocol + [RFC6130]. As a result, due to the mobility of vehicles, network + fragmentation may not be detected quickly, and the routing of packets + between vehicles or between a vehicle and an infrastructure node may + fail. + +5.2. Mobility Management + + The seamless connectivity and timely data exchange between two + endpoints requires efficient mobility management including location + management and handover. Most vehicles are equipped with a GNSS + receiver as part of a dedicated navigation system or a corresponding + smartphone app. Note that the GNSS receiver may not provide vehicles + with accurate location information in adverse environments, such as a + building area or a tunnel. The location precision can be improved + with assistance of the IP-RSUs or a cellular system with a GNSS + receiver for location information. + + With a GNSS navigator, efficient mobility management can be performed + with the help of vehicles periodically reporting their current + position and trajectory (i.e., navigation path) to the vehicular + infrastructure (having IP-RSUs and an MA in TCC). This vehicular + infrastructure can predict the future positions of the vehicles from + their mobility information (e.g., the current position, speed, + direction, and trajectory) for efficient mobility management (e.g., + proactive handover). For a better proactive handover, link-layer + parameters, such as the signal strength of a link-layer frame (e.g., + Received Channel Power Indicator (RCPI) [VIP-WAVE]), can be used to + determine the moment of a handover between IP-RSUs along with + mobility information. + + By predicting a vehicle's mobility, the vehicular infrastructure + needs to better support IP-RSUs to perform efficient SLAAC, data + forwarding, horizontal handover (i.e., handover in wireless links + using a homogeneous radio technology), and vertical handover (i.e., + handover in wireless links using heterogeneous radio technologies) in + advance along with the movement of the vehicle. + + For example, as shown in Figure 1, when a vehicle (e.g., Vehicle2) is + moving from the coverage of an IP-RSU (e.g., IP-RSU1) into the + coverage of another IP-RSU (e.g., IP-RSU2) belonging to a different + subnet, the IP-RSUs can proactively support the IPv6 mobility of the + vehicle while performing the SLAAC, data forwarding, and handover for + the sake of the vehicle. + + For a mobility management scheme in a domain, where the wireless + subnets of multiple IP-RSUs share the same prefix, an efficient + vehicular-network-wide DAD is required. On the other hand, for a + mobility management scheme with a unique prefix per mobile node + (e.g., PMIPv6 [RFC5213]), DAD is not required because the IPv6 + address of a vehicle's external wireless interface is guaranteed to + be unique. There is a trade-off between the prefix usage efficiency + and DAD overhead. Thus, the IPv6 address autoconfiguration for + vehicular networks needs to consider this trade-off to support + efficient mobility management. + + Even though SLAAC with classic ND costs DAD overhead during mobility + management, SLAAC with the registration extension specified in + [RFC8505] and/or with AERO/OMNI does not cost DAD overhead. SLAAC + for vehicular networks needs to consider the minimization of the cost + of DAD with the help of an infrastructure node (e.g., IP-RSU and MA). + Using an infrastructure prefix over VANET allows direct routability + to the Internet through the multihop V2I toward an IP-RSU. On the + other hand, a BYOA does not allow such direct routability to the + Internet since the BYOA is not topologically correct, that is, not + routable in the Internet. In addition, a vehicle configured with a + BYOA needs a tunnel home (e.g., IP-RSU) connected to the Internet, + and the vehicle needs to know which neighboring vehicle is reachable + inside the VANET toward the tunnel home. There is non-negligible + control overhead to set up and maintain routes to such a tunnel home + [RFC4888] over the VANET. + + For the case of a multihomed network, a vehicle can follow the first- + hop router selection rule described in [RFC8028]. For example, an + IP-OBU inside a vehicle may connect to an IP-RSU that has multiple + routers behind. In this scenario, because the IP-OBU can have + multiple prefixes from those routers, the default router selection, + source address selection, and packet redirect process should follow + the guidelines in [RFC8028]. That is, the vehicle should select its + default router for each prefix by preferring the router that + advertised the prefix. + + Vehicles can use the TCC as their Home Network having a home agent + for mobility management as in MIPv6 [RFC6275], PMIPv6 [RFC5213], and + NEMO [RFC3963], so the TCC (or an MA inside the TCC) maintains the + mobility information of vehicles for location management. Also, in + vehicular networks, asymmetric links sometimes exist and must be + considered for wireless communications, such as V2V and V2I. + [VEHICULAR-MM] discusses a Vehicular Mobility Management (VMM) scheme + to proactively do handover for vehicles. + + Therefore, for the proactive and seamless IPv6 mobility of vehicles, + the vehicular infrastructure (including IP-RSUs and MA) needs to + efficiently perform the mobility management of the vehicles with + their mobility information and link-layer information. Also, in + IPv6-based vehicular networking, IPv6 mobility management should have + minimum changes for the interoperability with the legacy IPv6 + mobility management schemes, such as PMIPv6, DMM, LISP, and AERO. + +6. Security Considerations + + This section discusses security and privacy for IPv6-based vehicular + networking. Security and privacy are paramount in V2I, V2V, and V2X + networking along with neighbor discovery and mobility management. + + Vehicles and infrastructure must be authenticated to each other by a + password, a key, and/or a fingerprint in order to participate in + vehicular networking. For the authentication in vehicular networks, + the Vehicular Cloud needs to support a Public Key Infrastructure + (PKI) efficiently, as either a dedicated or a co-located component + inside a TCC. To provide safe interaction between vehicles or + between a vehicle and infrastructure, only authenticated nodes (i.e., + vehicle and infrastructure nodes) can participate in vehicular + networks. Also, in-vehicle devices (e.g., ECUs) and a driver/ + passenger's mobile devices (e.g., smartphones and tablet PCs) in a + vehicle need to securely communicate with other in-vehicle devices, + another driver/passenger's mobile devices in another vehicle, or + other servers behind an IP-RSU. Even though a vehicle is perfectly + authenticated by another entity and legitimate to use the data + generated by another vehicle, it may be hacked by malicious + applications that track and collect its and other vehicles' + information. In this case, an attack mitigation process may be + required to reduce the aftermath of malicious behaviors. Note that + when a driver/passenger's mobile devices are connected to a vehicle's + internal network, the vehicle may be more vulnerable to possible + attacks from external networks due to the exposure of its in-flight + traffic packets. [SEC-PRIV] discusses several types of threats for + Vehicular Security and Privacy (VSP). + + For secure V2I communication, a secure channel (e.g., IPsec) between + a mobile router (i.e., IP-OBU) in a vehicle and a fixed router (i.e., + IP-RSU) in an EN needs to be established, as shown in Figure 2 + [RFC4301] [RFC4302] [RFC4303] [RFC4308] [RFC7296]. Also, for secure + V2V communication, a secure channel (e.g., IPsec) between a mobile + router (i.e., IP-OBU) in a vehicle and a mobile router (i.e., IP-OBU) + in another vehicle needs to be established, as shown in Figure 3. + + For secure V2I/V2V communication, an element in a vehicle (e.g., an + in-vehicle device and a driver/passenger's mobile device) needs to + establish a secure connection (e.g., TLS) with another element in + another vehicle or another element in a Vehicular Cloud (e.g., a + server). Note that any key management approach can be used for the + secure communication, and particularly for IPv6-based vehicular + networks, a new or enhanced key management approach resilient to + wireless networks is required. + + IEEE Std 1609.2 [WAVE-1609.2] specifies security services for + applications and management messages, but this WAVE specification is + optional. Thus, if the link layer does not support the security of a + WAVE frame, either the network layer or the transport layer needs to + support security services for the WAVE frame. + +6.1. Security Threats in Neighbor Discovery + + For the classical IPv6 ND (i.e., the legacy ND), DAD is required to + ensure the uniqueness of the IPv6 address of a vehicle's wireless + interface. This DAD can be used as a flooding attack that uses the + DAD-related ND packets disseminated over the VANET or vehicular + networks. [RFC6959] introduces threats enabled by IP source address + spoofing. This possibility indicates that vehicles and IP-RSUs need + to filter out suspicious ND traffic in advance. [RFC8928] introduces + a mechanism that protects the ownership of an address for 6LoWPAN ND + from address theft and impersonation attacks. Based on the SEND + mechanism [RFC3971], the authentication for routers (i.e., IP-RSUs) + can be conducted by only selecting an IP-RSU that has a certification + path toward trusted parties. For authenticating other vehicles, + Cryptographically Generated Addresses (CGAs) can be used to verify + the true owner of a received ND message, which requires using the CGA + ND option in the ND protocol. This CGA can protect vehicles against + DAD flooding by DAD filtering based on the verification for the true + owner of the received DAD message. For a general protection of the + ND mechanism, the RSA Signature ND option can also be used to protect + the integrity of the messages by public key signatures. For a more + advanced authentication mechanism, a distributed blockchain-based + approach [Vehicular-BlockChain] can be used. However, for a scenario + where a trustable router or an authentication path cannot be + obtained, it is desirable to find a solution in which vehicles and + infrastructure nodes can authenticate each other without any support + from a third party. + + When applying the classical IPv6 ND process to VANET, one of the + security issues is that an IP-RSU (or IP-OBU) as a router may receive + deliberate or accidental DoS attacks from network scans that probe + devices on a VANET. In this scenario, the IP-RSU (or IP-OBU) can be + overwhelmed by processing the network scan requests so that the + capacity and resources of the IP-RSU (or IP-OBU) are exhausted, + causing the failure of receiving normal ND messages from other hosts + for network address resolution. [RFC6583] describes more about the + operational problems in the classical IPv6 ND mechanism that can be + vulnerable to deliberate or accidental DoS attacks and suggests + several implementation guidelines and operational mitigation + techniques for those problems. Nevertheless, for running IPv6 ND in + VANET, those issues can be acuter since the movements of vehicles can + be so diverse that there is a wider opportunity for rogue behaviors, + and the failure of networking among vehicles may lead to grave + consequences. + + Strong security measures shall protect vehicles roaming in road + networks from the attacks of malicious nodes that are controlled by + hackers. For safe driving applications (e.g., context-aware + navigation, cooperative adaptive cruise control, and platooning), as + explained in Section 3.1, the cooperative action among vehicles is + assumed. Malicious nodes may disseminate wrong driving information + (e.g., location, speed, and direction) for disturbing safe driving. + For example, a Sybil attack, which tries to confuse a vehicle with + multiple false identities, may disturb a vehicle from taking a safe + maneuver. Since cybersecurity issues in vehicular networks may cause + physical vehicle safety issues, it may be necessary to consider those + physical safety concerns when designing protocols in IPWAVE. + + To identify malicious vehicles among vehicles, an authentication + method may be required. A Vehicle Identification Number (VIN) (or a + vehicle manufacturer certificate) and a user certificate (e.g., X.509 + certificate [RFC5280]) along with an in-vehicle device's identifier + generation can be used to efficiently authenticate a vehicle or its + driver (having a user certificate) through a road infrastructure node + (e.g., IP-RSU) connected to an authentication server in the Vehicular + Cloud. This authentication can be used to identify the vehicle that + will communicate with an infrastructure node or another vehicle. In + the case where a vehicle has an internal network (called a mobile + network) and elements in the network (e.g., in-vehicle devices and a + user's mobile devices), as shown in Figure 2, the elements in the + network need to be authenticated individually for safe + authentication. Also, Transport Layer Security (TLS) certificates + [RFC8446] [RFC5280] can be used for an element's authentication to + allow secure E2E vehicular communications between an element in a + vehicle and another element in a server in a Vehicular Cloud or + between an element in a vehicle and another element in another + vehicle. + +6.2. Security Threats in Mobility Management + + For mobility management, a malicious vehicle can construct multiple + virtual bogus vehicles and register them with IP-RSUs and MAs. This + registration makes the IP-RSUs and MAs waste their resources. The + IP-RSUs and MAs need to determine whether a vehicle is genuine or + bogus in mobility management. Also, for the confidentiality of + control packets and data packets between IP-RSUs and MAs, the E2E + paths (e.g., tunnels) need to be protected by secure communication + channels. In addition, to prevent bogus IP-RSUs and MAs from + interfering with the IPv6 mobility of vehicles, mutual authentication + among the IP-RSUs, MAs, and vehicles needs to be performed by + certificates (e.g., TLS certificate). + +6.3. Other Threats + + For the setup of a secure channel over IPsec or TLS, the multihop V2I + communications over DSRC or 5G V2X (or LTE V2X) is required on a + highway. In this case, multiple intermediate vehicles as relay nodes + can help to forward association and authentication messages toward an + IP-RSU (or gNodeB/eNodeB) connected to an authentication server in + the Vehicular Cloud. In this kind of process, the authentication + messages forwarded by each vehicle can be delayed or lost, which may + increase the construction time of a connection or cause some vehicles + to not be able to be authenticated. + + Even though vehicles can be authenticated with valid certificates by + an authentication server in the Vehicular Cloud, the authenticated + vehicles may harm other vehicles. To deal with this kind of security + issue, for monitoring suspicious behaviors, vehicles' communication + activities can be recorded in either a centralized approach through a + logging server (e.g., TCC) in the Vehicular Cloud or a decentralized + approach (e.g., an ECD and blockchain [Bitcoin]) by the help of other + vehicles and infrastructure. + + There are trade-offs between centralized and decentralized approaches + in logging of vehicles' behaviors (e.g., location, speed, direction, + acceleration/deceleration, and lane change) and communication + activities (e.g., transmission time, reception time, and packet + types, such as TCP, UDP, SCTP, QUIC, HTTP, and HTTPS). A centralized + approach is more efficient than a decentralized approach in terms of + log data collection and processing in a central server in the + Vehicular Cloud. However, the centralized approach may cause a + higher delay than a decentralized approach in terms of the analysis + of the log data and counteraction in a local ECD or a distributed + database like a blockchain. The centralized approach stores log data + collected from VANET into a remote logging server in a Vehicular + Cloud as a central cloud, so it takes time to deliver the log data to + a remote logging server. On the other hand, the decentralized + approach stores the log data into a nearby edge computing device as a + local logging server or a nearby blockchain node, which participates + in a blockchain network. On the stored log data, an analyzer needs + to perform a machine learning technique (e.g., deep learning) and + seek suspicious behaviors of the vehicles. If such an analyzer is + located either within or near the edge computing device, it can + access the log data with a short delay, analyze it quickly, and + generate feedback to allow for a quick counteraction against such + malicious behaviors. On the other hand, if the Vehicular Cloud with + the log data is far away from a problematic VANET with malicious + behaviors, the centralized approach takes a longer time with the + analysis of the log data and the decision-making on malicious + behaviors than the decentralized approach. If the log data is + encrypted by a secret key, it can be protected from the observation + of a hacker. The secret key sharing among legal vehicles, ECDs, and + Vehicular Clouds should be supported efficiently. + + Log data can release privacy breakage of a vehicle. The log data can + contain the MAC address and IPv6 address for a vehicle's wireless + network interface. If the unique MAC address of the wireless network + interface is used, a hacker can track the vehicle with that MAC + address and can track the privacy information of the vehicle's driver + (e.g., location information). To prevent this privacy breakage, a + MAC address pseudonym can be used for the MAC address of the wireless + network interface, and the corresponding IPv6 address should be based + on such a MAC address pseudonym. By solving a privacy issue of a + vehicle's identity in logging, vehicles may observe each other's + activities to identify any misbehaviors without privacy breakage. + Once identifying a misbehavior, a vehicle shall have a way to either + isolate itself from others or isolate a suspicious vehicle by + informing other vehicles. + + For completely secure vehicular networks, we shall embrace the + concept of "zero-trust" for vehicles where no vehicle is trustable + and verifying every message (such as IPv6 control messages including + ND, DAD, NUD, and application-layer messages) is necessary. In this + way, vehicular networks can defend against many possible + cyberattacks. Thus, we need to have an efficient zero-trust + framework or mechanism for vehicular networks. + + For the non-repudiation of the harmful activities from malicious + vehicles, as it is difficult for other normal vehicles to identify + them, an additional and advanced approach is needed. One possible + approach is to use a blockchain-based approach [Bitcoin] as an IPv6 + security checking framework. Each IPv6 packet from a vehicle can be + treated as a transaction, and the neighboring vehicles can play the + role of peers in a consensus method of a blockchain [Bitcoin] + [Vehicular-BlockChain]. For a blockchain's efficient consensus in + vehicular networks having fast-moving vehicles, either a new + consensus algorithm needs to be developed, or an existing consensus + algorithm needs to be enhanced. In addition, a consensus-based + mechanism for the security of vehicular networks in the IPv6 layer + can also be considered. A group of servers as blockchain + infrastructure can be part of the security checking process in the IP + layer. + + To prevent an adversary from tracking a vehicle with its MAC address + or IPv6 address, especially for a long-living transport-layer session + (e.g., voice call over IP and video streaming service), a MAC address + pseudonym needs to be provided to each vehicle; that is, each vehicle + periodically updates its MAC address, and the vehicle's IPv6 address + needs to be updated accordingly by the MAC address change [RFC4086] + [RFC8981]. Such an update of the MAC and IPv6 addresses should not + interrupt the E2E communications between two vehicles (or between a + vehicle and an IP-RSU) for a long-living transport-layer session. + However, if this pseudonym is performed without strong E2E + confidentiality (using either IPsec or TLS), there will be no privacy + benefit from changing MAC and IPv6 addresses because an adversary can + observe the change of the MAC and IPv6 addresses and track the + vehicle with those addresses. Thus, the MAC address pseudonym and + the IPv6 address update should be performed with strong E2E + confidentiality. + + The privacy exposure to the TCC via V2I is mostly about the location + information of vehicles and may also include other in-vehicle + activities, such as transactions of credit cards. The assumed, + trusted actors are the owner of a vehicle, an authorized vehicle + service provider (e.g., navigation service provider), and an + authorized vehicle manufacturer for providing after-sales services. + In addition, privacy concerns for excessively collecting vehicle + activities from roadway operators, such as public transportation + administrators and private contractors, may also pose threats on + violating privacy rights of vehicles. It might be interesting to + find a solution from a technological point of view along with public + policy development for the issue. + + The "multicasting" of the location information of a VRU's smartphone + means IPv6 multicasting. There is a possible security attack related + to this multicasting. Attackers can use "fake identifiers" as source + IPv6 addresses of their devices to generate IPv6 packets and + multicast them to nearby vehicles in order to cause confusion that + those vehicles are surrounded by other vehicles or pedestrians. As a + result, navigation services (e.g., Google Maps [Google-Maps] and Waze + [Waze]) can be confused with fake road traffic by those vehicles or + smartphones with "fake identifiers" [Fake-Identifier-Attack]. This + attack with "fake identifiers" should be detected and handled by + vehicular networks. To cope with this attack, both legal vehicles + and legal VRUs' smartphones can be registered with a TCC and their + locations can be tracked by the TCC. With this tracking, the TCC can + tell the road traffic conditions caused by those vehicles and + smartphones. In addition, to prevent hackers from tracking the + locations of those vehicles and smartphones, either a MAC address + pseudonym [MAC-ADD-RAN] or secure IPv6 address generation [RFC7721] + can be used to protect the privacy of those vehicles and smartphones. + +7. IANA Considerations + + This document has no IANA actions. + +8. References + +8.1. Normative References + + [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, + "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, + DOI 10.17487/RFC4861, September 2007, + . + + [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless + Address Autoconfiguration", RFC 4862, + DOI 10.17487/RFC4862, September 2007, + . + + [RFC6275] Perkins, C., Ed., Johnson, D., and J. Arkko, "Mobility + Support in IPv6", RFC 6275, DOI 10.17487/RFC6275, July + 2011, . + + [RFC8691] Benamar, N., Härri, J., Lee, J., and T. Ernst, "Basic + Support for IPv6 Networks Operating Outside the Context of + a Basic Service Set over IEEE Std 802.11", RFC 8691, + DOI 10.17487/RFC8691, December 2019, + . + +8.2. Informative References + + [AERO] Templin, F. L., Ed., "Automatic Extended Route + Optimization (AERO)", Work in Progress, Internet-Draft, + draft-templin-intarea-aero-27, 23 February 2023, + . + + [Automotive-Sensing] + Choi, J., Va, V., Gonzalez-Prelcic, N., Daniels, R., Bhat, + C., and R. Heath, "Millimeter-Wave Vehicular Communication + to Support Massive Automotive Sensing", IEEE + Communications Magazine, Volume 54, Issue 12, pp. 160-167, + DOI 10.1109/MCOM.2016.1600071CM, December 2016, + . + + [Bitcoin] Nakamoto, S., "Bitcoin: A Peer-to-Peer Electronic Cash + System", . + + [CA-Cruise-Control] + California Partners for Advanced Transportation Technology + (PATH), "Cooperative Adaptive Cruise Control", + . + + [CASD] Shen, Y., Jeong, J., Oh, T., and S. H. Son, "CASD: A + Framework of Context-Awareness Safety Driving in Vehicular + Networks", 30th International Conference on Advanced + Information Networking and Applications Workshops (WAINA), + DOI 10.1109/WAINA.2016.74, March 2016, + . + + [CBDN] Kim, J., Kim, S., Jeong, J., Kim, H., Park, J., and T. + Kim, "CBDN: Cloud-Based Drone Navigation for Efficient + Battery Charging in Drone Networks", IEEE Transactions on + Intelligent Transportation Systems, Volume 20, Issue 11, + pp. 4174-4191, DOI 10.1109/TITS.2018.2883058, November + 2019, . + + [CNP] Mugabarigira, B., Shen, Y., Jeong, J., Oh, T., and H. + Jeong, "Context-Aware Navigation Protocol for Safe Driving + in Vehicular Cyber-Physical Systems", IEEE Transactions on + Intelligent Transportation Systems, Volume 24, Issue 1, + pp. 128-138, DOI 10.1109/TITS.2022.3210753, January 2023, + . + + [DFC] Jeong, J., Shen, Y., Kim, S., Choe, D., Lee, K., and Y. + Kim, "DFC: Device-free human counting through WiFi fine- + grained subcarrier information", IET Communications, + Volume 15, Issue 3, pp. 337-350, DOI 10.1049/cmu2.12043, + February 2021, . + + [DSRC] ASTM International, "Standard Specification for + Telecommunications and Information Exchange Between + Roadside and Vehicle Systems - 5 GHz Band Dedicated Short + Range Communications (DSRC) Medium Access Control (MAC) + and Physical Layer (PHY) Specifications", + ASTM E2213-03(2010), DOI 10.1520/E2213-03R10, September + 2018, . + + [EU-2008-671-EC] + European Union, "COMMISSION DECISION of 5 August 2008 on + the harmonised use of radio spectrum in the 5 875-5 905 + MHz frequency band for safety-related applications of + Intelligent Transport Systems (ITS)", EU 2008/671/EC, + August 2008, . + + [Fake-Identifier-Attack] + ABC News, "Berlin artist uses handcart full of smartphones + to trick Google Maps' traffic algorithm into thinking + there is traffic jam", February 2020, + . + + [FCC-ITS-Modification] + Federal Communications Commission, "FCC Modernizes 5.9 GHz + Band to Improve Wi-Fi and Automotive Safety", November + 2020, . + + [FirstNet] FirstNet Authority, "First Responder Network Authority | + FirstNet", . + + [FirstNet-Report] + FirstNet, "FY 2017: ANNUAL REPORT TO CONGRESS, Advancing + Public Safety Broadband Communications", FirstNet FY 2017, + December 2017, . + + [FPC-DMM] Matsushima, S., Bertz, L., Liebsch, M., Gundavelli, S., + Moses, D., and C. E. Perkins, "Protocol for Forwarding + Policy Configuration (FPC) in DMM", Work in Progress, + Internet-Draft, draft-ietf-dmm-fpc-cpdp-14, 22 September + 2020, . + + [Fuel-Efficient] + van de Hoef, S., Johansson, K., and D. Dimarogonas, "Fuel- + Efficient En Route Formation of Truck Platoons", IEEE + Transactions on Intelligent Transportation Systems, Volume + 19, Issue 1, pp. 102-112, DOI 10.1109/TITS.2017.2700021, + January 2018, . + + [Google-Maps] + Google, "Google Maps", . + + [Identity-Management] + Wetterwald, M., Hrizi, F., and P. Cataldi, "Cross-layer + identities management in ITS stations", 10th IEEE + International Conference on ITS Telecommunications, + November 2010, + . + + [IEEE-802.11-OCB] + IEEE, "IEEE Standard for Information technology - + Telecommunications and information exchange between + systems Local and metropolitan area networks-Specific + requirements - Part 11: Wireless LAN Medium Access Control + (MAC) and Physical Layer (PHY) Specifications", + DOI 10.1109/IEEESTD.2016.7786995, IEEE Std 802.11-2016, + December 2016, + . + + [IEEE-802.11p] + IEEE, "IEEE Standard for Information technology-- Local + and metropolitan area networks-- Specific requirements-- + Part 11: Wireless LAN Medium Access Control (MAC) and + Physical Layer (PHY) Specifications Amendment 6: Wireless + Access in Vehicular Environments", + DOI 10.1109/IEEESTD.2010.5514475, IEEE Std 802.11p-2010, + July 2010, . + + [In-Car-Network] + Lim, H., Volker, L., and D. Herrscher, "Challenges in a + future IP/Ethernet-based in-car network for real-time + applications", Proceedings of the 48th Design Automation + Conference, pp. 7-12, DOI 10.1145/2024724.2024727, June + 2011, . + + [IPPL] Nordmark, E., "IP over Intentionally Partially Partitioned + Links", Work in Progress, Internet-Draft, draft-ietf- + intarea-ippl-00, 30 March 2017, + . + + [ISO-ITS-IPv6] + ISO/TC 204, "Intelligent transport systems - + Communications access for land mobiles (CALM) - IPv6 + Networking", ISO 21210:2012, June 2012, + . + + [ISO-ITS-IPv6-AMD1] + ISO/TC 204, "Intelligent transport systems - + Communications access for land mobiles (CALM) - IPv6 + Networking - Amendment 1", ISO 21210:2012/AMD 1:2017, + September 2017, . + + [LIFS] Wang, J., Xiong, J., Jiang, H., Jamieson, K., Chen, X., + Fang, D., and C. Wang, "Low Human-Effort, Device-Free + Localization with Fine-Grained Subcarrier Information", + IEEE Transactions on Mobile Computing, Volume 17, Issue + 11, pp. 2550-2563, DOI 10.1109/TMC.2018.2812746, November + 2018, . + + [MAC-ADD-RAN] + Zuniga, JC., Bernardos, CJ., Ed., and A. Andersdotter, + "Randomized and Changing MAC Address", Work in Progress, + Internet-Draft, draft-ietf-madinas-mac-address- + randomization-06, 11 March 2023, + . + + [NHTSA-ACAS-Report] + National Highway Traffic Safety Administration (NHTSA), + "Automotive Collision Avoidance Systems (ACAS) Program + Final Report", DOT HS 809 080, August 2000, + . + + [OMNI] Templin, F. L., Ed., "Transmission of IP Packets over + Overlay Multilink Network (OMNI) Interfaces", Work in + Progress, Internet-Draft, draft-templin-intarea-omni-27, + 23 February 2023, . + + [PARCELS] Templin, F. L., Ed., "IP Parcels and Advanced Jumbos", + Work in Progress, Internet-Draft, draft-templin-intarea- + parcels-55, 28 February 2023, + . + + [PSCE] European Commission, "PSCEurope Public Safety + Communications Europe", . + + [RCM-USE-CASES] + Henry, J. and Y. Lee, "Randomized and Changing MAC Address + Use Cases and Requirements", Work in Progress, Internet- + Draft, draft-ietf-madinas-use-cases-05, 13 March 2023, + . + + [RFC2710] Deering, S., Fenner, W., and B. Haberman, "Multicast + Listener Discovery (MLD) for IPv6", RFC 2710, + DOI 10.17487/RFC2710, October 1999, + . + + [RFC3626] Clausen, T., Ed. and P. Jacquet, Ed., "Optimized Link + State Routing Protocol (OLSR)", RFC 3626, + DOI 10.17487/RFC3626, October 2003, + . + + [RFC3753] Manner, J., Ed. and M. Kojo, Ed., "Mobility Related + Terminology", RFC 3753, DOI 10.17487/RFC3753, June 2004, + . + + [RFC3810] Vida, R., Ed. and L. Costa, Ed., "Multicast Listener + Discovery Version 2 (MLDv2) for IPv6", RFC 3810, + DOI 10.17487/RFC3810, June 2004, + . + + [RFC3963] Devarapalli, V., Wakikawa, R., Petrescu, A., and P. + Thubert, "Network Mobility (NEMO) Basic Support Protocol", + RFC 3963, DOI 10.17487/RFC3963, January 2005, + . + + [RFC3971] Arkko, J., Ed., Kempf, J., Zill, B., and P. Nikander, + "SEcure Neighbor Discovery (SEND)", RFC 3971, + DOI 10.17487/RFC3971, March 2005, + . + + [RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker, + "Randomness Requirements for Security", BCP 106, RFC 4086, + DOI 10.17487/RFC4086, June 2005, + . + + [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast + Addresses", RFC 4193, DOI 10.17487/RFC4193, October 2005, + . + + [RFC4301] Kent, S. and K. Seo, "Security Architecture for the + Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, + December 2005, . + + [RFC4302] Kent, S., "IP Authentication Header", RFC 4302, + DOI 10.17487/RFC4302, December 2005, + . + + [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", + RFC 4303, DOI 10.17487/RFC4303, December 2005, + . + + [RFC4308] Hoffman, P., "Cryptographic Suites for IPsec", RFC 4308, + DOI 10.17487/RFC4308, December 2005, + . + + [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU + Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007, + . + + [RFC4885] Ernst, T. and H-Y. Lach, "Network Mobility Support + Terminology", RFC 4885, DOI 10.17487/RFC4885, July 2007, + . + + [RFC4888] Ng, C., Thubert, P., Watari, M., and F. Zhao, "Network + Mobility Route Optimization Problem Statement", RFC 4888, + DOI 10.17487/RFC4888, July 2007, + . + + [RFC5213] Gundavelli, S., Ed., Leung, K., Devarapalli, V., + Chowdhury, K., and B. Patil, "Proxy Mobile IPv6", + RFC 5213, DOI 10.17487/RFC5213, August 2008, + . + + [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., + Housley, R., and W. Polk, "Internet X.509 Public Key + Infrastructure Certificate and Certificate Revocation List + (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, + . + + [RFC5415] Calhoun, P., Ed., Montemurro, M., Ed., and D. Stanley, + Ed., "Control And Provisioning of Wireless Access Points + (CAPWAP) Protocol Specification", RFC 5415, + DOI 10.17487/RFC5415, March 2009, + . + + [RFC5614] Ogier, R. and P. Spagnolo, "Mobile Ad Hoc Network (MANET) + Extension of OSPF Using Connected Dominating Set (CDS) + Flooding", RFC 5614, DOI 10.17487/RFC5614, August 2009, + . + + [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection + (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, + DOI 10.17487/RFC5881, June 2010, + . + + [RFC5889] Baccelli, E., Ed. and M. Townsley, Ed., "IP Addressing + Model in Ad Hoc Networks", RFC 5889, DOI 10.17487/RFC5889, + September 2010, . + + [RFC6130] Clausen, T., Dearlove, C., and J. Dean, "Mobile Ad Hoc + Network (MANET) Neighborhood Discovery Protocol (NHDP)", + RFC 6130, DOI 10.17487/RFC6130, April 2011, + . + + [RFC6250] Thaler, D., "Evolution of the IP Model", RFC 6250, + DOI 10.17487/RFC6250, May 2011, + . + + [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., + Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, + JP., and R. Alexander, "RPL: IPv6 Routing Protocol for + Low-Power and Lossy Networks", RFC 6550, + DOI 10.17487/RFC6550, March 2012, + . + + [RFC6583] Gashinsky, I., Jaeggli, J., and W. Kumari, "Operational + Neighbor Discovery Problems", RFC 6583, + DOI 10.17487/RFC6583, March 2012, + . + + [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. + Bormann, "Neighbor Discovery Optimization for IPv6 over + Low-Power Wireless Personal Area Networks (6LoWPANs)", + RFC 6775, DOI 10.17487/RFC6775, November 2012, + . + + [RFC6959] McPherson, D., Baker, F., and J. Halpern, "Source Address + Validation Improvement (SAVI) Threat Scope", RFC 6959, + DOI 10.17487/RFC6959, May 2013, + . + + [RFC7149] Boucadair, M. and C. Jacquenet, "Software-Defined + Networking: A Perspective from within a Service Provider + Environment", RFC 7149, DOI 10.17487/RFC7149, March 2014, + . + + [RFC7181] Clausen, T., Dearlove, C., Jacquet, P., and U. Herberg, + "The Optimized Link State Routing Protocol Version 2", + RFC 7181, DOI 10.17487/RFC7181, April 2014, + . + + [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. + Kivinen, "Internet Key Exchange Protocol Version 2 + (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October + 2014, . + + [RFC7333] Chan, H., Ed., Liu, D., Seite, P., Yokota, H., and J. + Korhonen, "Requirements for Distributed Mobility + Management", RFC 7333, DOI 10.17487/RFC7333, August 2014, + . + + [RFC7427] Kivinen, T. and J. Snyder, "Signature Authentication in + the Internet Key Exchange Version 2 (IKEv2)", RFC 7427, + DOI 10.17487/RFC7427, January 2015, + . + + [RFC7429] Liu, D., Ed., Zuniga, JC., Ed., Seite, P., Chan, H., and + CJ. Bernardos, "Distributed Mobility Management: Current + Practices and Gap Analysis", RFC 7429, + DOI 10.17487/RFC7429, January 2015, + . + + [RFC7466] Dearlove, C. and T. Clausen, "An Optimization for the + Mobile Ad Hoc Network (MANET) Neighborhood Discovery + Protocol (NHDP)", RFC 7466, DOI 10.17487/RFC7466, March + 2015, . + + [RFC7721] Cooper, A., Gont, F., and D. Thaler, "Security and Privacy + Considerations for IPv6 Address Generation Mechanisms", + RFC 7721, DOI 10.17487/RFC7721, March 2016, + . + + [RFC8002] Heer, T. and S. Varjonen, "Host Identity Protocol + Certificates", RFC 8002, DOI 10.17487/RFC8002, October + 2016, . + + [RFC8028] Baker, F. and B. Carpenter, "First-Hop Router Selection by + Hosts in a Multi-Prefix Network", RFC 8028, + DOI 10.17487/RFC8028, November 2016, + . + + [RFC8175] Ratliff, S., Jury, S., Satterwhite, D., Taylor, R., and B. + Berry, "Dynamic Link Exchange Protocol (DLEP)", RFC 8175, + DOI 10.17487/RFC8175, June 2017, + . + + [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 + (IPv6) Specification", STD 86, RFC 8200, + DOI 10.17487/RFC8200, July 2017, + . + + [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol + Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, + . + + [RFC8505] Thubert, P., Ed., Nordmark, E., Chakrabarti, S., and C. + Perkins, "Registration Extensions for IPv6 over Low-Power + Wireless Personal Area Network (6LoWPAN) Neighbor + Discovery", RFC 8505, DOI 10.17487/RFC8505, November 2018, + . + + [RFC8629] Cheng, B. and L. Berger, Ed., "Dynamic Link Exchange + Protocol (DLEP) Multi-Hop Forwarding Extension", RFC 8629, + DOI 10.17487/RFC8629, July 2019, + . + + [RFC8684] Ford, A., Raiciu, C., Handley, M., Bonaventure, O., and C. + Paasch, "TCP Extensions for Multipath Operation with + Multiple Addresses", RFC 8684, DOI 10.17487/RFC8684, March + 2020, . + + [RFC8757] Cheng, B. and L. Berger, Ed., "Dynamic Link Exchange + Protocol (DLEP) Latency Range Extension", RFC 8757, + DOI 10.17487/RFC8757, March 2020, + . + + [RFC8899] Fairhurst, G., Jones, T., Tüxen, M., Rüngeler, I., and T. + Völker, "Packetization Layer Path MTU Discovery for + Datagram Transports", RFC 8899, DOI 10.17487/RFC8899, + September 2020, . + + [RFC8928] Thubert, P., Ed., Sarikaya, B., Sethi, M., and R. Struik, + "Address-Protected Neighbor Discovery for Low-Power and + Lossy Networks", RFC 8928, DOI 10.17487/RFC8928, November + 2020, . + + [RFC8981] Gont, F., Krishnan, S., Narten, T., and R. Draves, + "Temporary Address Extensions for Stateless Address + Autoconfiguration in IPv6", RFC 8981, + DOI 10.17487/RFC8981, February 2021, + . + + [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based + Multiplexed and Secure Transport", RFC 9000, + DOI 10.17487/RFC9000, May 2021, + . + + [RFC9099] Vyncke, É., Chittimaneni, K., Kaeo, M., and E. Rey, + "Operational Security Considerations for IPv6 Networks", + RFC 9099, DOI 10.17487/RFC9099, August 2021, + . + + [RFC9119] Perkins, C., McBride, M., Stanley, D., Kumari, W., and JC. + Zúñiga, "Multicast Considerations over IEEE 802 Wireless + Media", RFC 9119, DOI 10.17487/RFC9119, October 2021, + . + + [RFC9300] Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A. + Cabellos, Ed., "The Locator/ID Separation Protocol + (LISP)", RFC 9300, DOI 10.17487/RFC9300, October 2022, + . + + [SAINT] Jeong, J., Jeong, H., Lee, E., Oh, T., and D. H. C. Du, + "SAINT: Self-Adaptive Interactive Navigation Tool for + Cloud-Based Vehicular Traffic Optimization", IEEE + Transactions on Vehicular Technology, Volume 65, Issue 6, + pp. 4053-4067, DOI 10.1109/TVT.2015.2476958, June 2016, + . + + [SAINTplus] + Shen, Y., Lee, J., Jeong, H., Jeong, J., Lee, E., and D. + H. C. Du, "SAINT+: Self-Adaptive Interactive Navigation + Tool+ for Emergency Service Delivery Optimization", IEEE + Transactions on Intelligent Transportation Systems, Volume + 19, Issue 4, pp. 1038-1053, DOI 10.1109/TITS.2017.2710881, + June 2017, . + + [SANA] Hwang, T. and J. Jeong, "SANA: Safety-Aware Navigation + Application for Pedestrian Protection in Vehicular + Networks", Lecture Notes in Computer Science book series + (LNISA, Volume 9502), DOI 10.1007/978-3-319-27293-1_12, + December 2015, + . + + [Scrambler-Attack] + Bloessl, B., Sommer, C., Dressier, F., and D. Eckhoff, + "The scrambler attack: A robust physical layer attack on + location privacy in vehicular networks", 2015 + International Conference on Computing, Networking and + Communications (ICNC), DOI 10.1109/ICCNC.2015.7069376, + February 2015, + . + + [SEC-PRIV] Jeong, J., Ed., Shen, Y., Jung, H., Park, J., and T. Oh, + "Basic Support for Security and Privacy in IP-Based + Vehicular Networks", Work in Progress, Internet-Draft, + draft-jeong-ipwave-security-privacy-07, 4 February 2023, + . + + [SignalGuru] + Koukoumidis, E., Peh, L., and M. Martonosi, "SignalGuru: + leveraging mobile phones for collaborative traffic signal + schedule advisory", MobiSys '11: Proceedings of the 9th + international conference on Mobile systems, applications, + and services, pp. 127-140, DOI 10.1145/1999995.2000008, + June 2011, . + + [TR-22.886-3GPP] + 3GPP, "Study on enhancement of 3GPP support for 5G V2X + services", 3GPP TS 22.886 16.2.0, December 2018, + . + + [Truck-Platooning] + California Partners for Advanced Transportation Technology + (PATH), "Truck Platooning", + . + + [TS-23.285-3GPP] + 3GPP, "Architecture enhancements for V2X services", 3GPP + TS 23.285 16.2.0, December 2019, + . + + [TS-23.287-3GPP] + 3GPP, "Architecture enhancements for 5G System (5GS) to + support Vehicle-to-Everything (V2X) services", 3GPP + TS 23.287 16.2.0, March 2020, + . + + [UAM-ITS] Templin, F., Ed., "Urban Air Mobility Implications for + Intelligent Transportation Systems", Work in Progress, + Internet-Draft, draft-templin-ipwave-uam-its-04, 4 January + 2021, . + + [Vehicular-BlockChain] + Dorri, A., Steger, M., Kanhere, S., and R. Jurdak, + "BlockChain: A Distributed Solution to Automotive Security + and Privacy", IEEE Communications Magazine, Volume 55, + Issue 12, pp. 119-125, DOI 10.1109/MCOM.2017.1700879, + December 2017, + . + + [VEHICULAR-MM] + Jeong, J., Ed., Mugabarigira, B., Shen, Y., and H. Jung, + "Vehicular Mobility Management for IP-Based Vehicular + Networks", Work in Progress, Internet-Draft, draft-jeong- + ipwave-vehicular-mobility-management-09, 4 February 2023, + . + + [VEHICULAR-ND] + Jeong, J., Ed., Shen, Y., Kwon, J., and S. Cespedes, + "Vehicular Neighbor Discovery for IP-Based Vehicular + Networks", Work in Progress, Internet-Draft, draft-jeong- + ipwave-vehicular-neighbor-discovery-15, 4 February 2023, + . + + [VIP-WAVE] Cespedes, S., Lu, N., and X. Shen, "VIP-WAVE: On the + Feasibility of IP Communications in 802.11p Vehicular + Networks", IEEE Transactions on Intelligent Transportation + Systems, Volume 14, Issue 1, pp. 82-97, + DOI 10.1109/TITS.2012.2206387, March 2013, + . + + [WAVE-1609.0] + IEEE, "IEEE Guide for Wireless Access in Vehicular + Environments (WAVE) - Architecture", + DOI 10.1109/IEEESTD.2014.6755433, IEEE Std 1609.0-2013, + March 2014, + . + + [WAVE-1609.2] + IEEE, "IEEE Standard for Wireless Access in Vehicular + Environments - Security Services for Applications and + Management Messages", DOI 10.1109/IEEESTD.2016.7426684, + IEEE Std 1609.2-2016, March 2016, + . + + [WAVE-1609.3] + IEEE, "IEEE Standard for Wireless Access in Vehicular + Environments (WAVE) - Networking Services", + DOI 10.1109/IEEESTD.2016.7458115, IEEE Std 1609.3-2016, + April 2016, + . + + [WAVE-1609.4] + IEEE, "IEEE Standard for Wireless Access in Vehicular + Environments (WAVE) - Multi-Channel Operation", + DOI 10.1109/IEEESTD.2016.7435228, IEEE Std 1609.4-2016, + March 2016, + . + + [Waze] Google, "Waze", . + + [WIRELESS-ND] + Thubert, P., Ed. and M. Richardson, "Architecture and + Framework for IPv6 over Non-Broadcast Access", Work in + Progress, Internet-Draft, draft-thubert-6man-ipv6-over- + wireless-15, 8 March 2023, + . + +Appendix A. Support of Multiple Radio Technologies for V2V + + Vehicular networks may consist of multiple radio technologies, such + as DSRC and 5G V2X (or LTE V2X). Although a Layer 2 solution can + provide support for multihop communications in vehicular networks, + the scalability issue related to multihop forwarding still remains + when vehicles need to disseminate or forward packets toward + destinations that are multiple hops away. In addition, the + IPv6-based approach for V2V as a network-layer protocol can + accommodate multiple radio technologies as MAC protocols, such as + DSRC and 5G V2X (or LTE V2X). Therefore, the existing IPv6 protocol + can be augmented through the addition of a virtual interface (e.g., + OMNI [OMNI] and DLEP [RFC8175]) and/or protocol changes in order to + support both wireless single-hop/multihop V2V communications and + multiple radio technologies in vehicular networks. In such a way, + vehicles can communicate with each other by V2V communications to + share either an emergency situation or road hazard information on a + highway having multiple radio technologies. + +Appendix B. Support of Multihop V2X Networking + + The multihop V2X networking can be supported by RPL (IPv6 Routing + Protocol for Low-Power and Lossy Networks) [RFC6550] and Overlay + Multilink Network Interface [OMNI] with AERO [AERO]. + + RPL defines an IPv6 routing protocol for Low-Power and Lossy Networks + (LLNs) as being mostly designed for home automation routing, building + automation routing, industrial routing, and urban LLN routing. It + uses a Destination-Oriented Directed Acyclic Graph (DODAG) to + construct routing paths for hosts (e.g., IoT devices) in a network. + The DODAG uses an Objective Function (OF) for route selection and + optimization within the network. A user can use different routing + metrics to define an OF for a specific scenario. RPL supports + multipoint-to-point, point-to-multipoint, and point-to-point traffic; + and the major traffic flow is the multipoint-to-point traffic. For + example, in a highway scenario, a vehicle may not access an IP-RSU + directly because of the distance of the DSRC coverage (up to 1 km). + In this case, the RPL can be extended to support a multihop V2I since + a vehicle can take advantage of other vehicles as relay nodes to + reach the IP-RSU. Also, RPL can be extended to support both multihop + V2V and V2X in the similar way. + + RPL is primarily designed to minimize the control plane activity, + which is the relative amount of routing protocol exchanges versus + data traffic; this approach is beneficial for situations where the + power and bandwidth are scarce (e.g., an IoT LLN where RPL is + typically used today), but also in situations of high relative + mobility between the nodes in the network (also known as swarming, + e.g., within a variable set of vehicles with a similar global motion, + or a variable set of drones flying toward the same direction). + + To reduce the routing exchanges, RPL leverages a Distance Vector (DV) + approach, which does not need a global knowledge of the topology, and + only optimizes the routes to and from the root, allowing peer-to-peer + (P2P) paths to be stretched. Although RPL installs its routes + proactively, it only maintains them lazily, that is, in reaction to + actual traffic or as a slow background activity. Additionally, RPL + leverages the concept of an OF, which allows adapting the activity of + the routing protocol to use cases, e.g., type, speed, and quality of + the radios. RPL does not need to converge and provides connectivity + to most nodes most of the time. The default route toward the root is + maintained aggressively and may change while a packet progresses + without causing loops, so the packet will still reach the root. + There are two modes for routing in RPL: non-storing mode and storing + mode. In non-storing mode, a node inside the mesh or swarm that + changes its point(s) of attachment to the graph informs the root with + a single unicast packet flowing along the default route, and the + connectivity is restored immediately; this mode is preferable for use + cases where Internet connectivity is dominant. On the other hand, in + storing mode, the routing stretch is reduced for better P2P + connectivity, and the Internet connectivity is restored more slowly + during the time for the DV operation to operate hop-by-hop. While an + RPL topology can quickly scale up and down and fit the needs of + mobility of vehicles, the total performance of the system will also + depend on how quickly a node can form an address, join the mesh + (including Authentication, Authorization, and Accounting (AAA)), and + manage its global mobility to become reachable from another node + outside the mesh. + + OMNI defines a protocol for the transmission of IPv6 packets over + Overlay Multilink Network Interfaces that are virtual interfaces + governing multiple physical network interfaces. OMNI supports + multihop V2V communication between vehicles in multiple forwarding + hops via intermediate vehicles with OMNI links. It also supports + multihop V2I communication between a vehicle and an infrastructure + access point by multihop V2V communication. The OMNI interface + supports an NBMA link model where multihop V2V and V2I communications + use each mobile node's ULAs without need for any DAD or MLD + messaging. + + In the OMNI protocol, an OMNI virtual interface can have a ULA + [RFC4193] indeed, but wireless physical interfaces associated with + the OMNI virtual interface can use any prefixes. The ULA supports + both V2V and V2I multihop forwarding within the vehicular network + (e.g., via a VANET routing protocol) while each vehicle can + communicate with Internet correspondents using IPv6 global addresses + via OMNI interface encapsulation over the wireless interface. + + For the control traffic overhead for running both vehicular ND and a + VANET routing protocol, the AERO/OMNI approach may avoid this issue + by using MANET routing protocols only (i.e., no multicast of IPv6 ND + messaging) in the wireless underlay network while applying efficient + unicast IPv6 ND messaging in the OMNI overlay on an as-needed basis + for router discovery and NUD. This greatly reduces the overhead for + VANET-wide multicasting while providing agile accommodation for + dynamic topology changes. + +Appendix C. Support of Mobility Management for V2I + + The seamless application communication between two vehicles or + between a vehicle and an infrastructure node requires mobility + management in vehicular networks. The mobility management schemes + include a host-based mobility scheme, network-based mobility scheme, + and software-defined networking scheme. + + In the host-based mobility scheme (e.g., MIPv6), an IP-RSU plays the + role of a home agent. On the other hand, in the network-based + mobility scheme (e.g., PMIPv6), an MA plays the role of a mobility + management controller, such as a Local Mobility Anchor (LMA) in + PMIPv6, which also serves vehicles as a home agent, and an IP-RSU + plays the role of an access router, such as a Mobile Access Gateway + (MAG) in PMIPv6 [RFC5213]. The host-based mobility scheme needs + client functionality in the IPv6 stack of a vehicle as a mobile node + for mobility signaling message exchange between the vehicle and home + agent. On the other hand, the network-based mobility scheme does not + need such client functionality of a vehicle because the network + infrastructure node (e.g., MAG in PMIPv6) as a proxy mobility agent + handles the mobility signaling message exchange with the home agent + (e.g., LMA in PMIPv6) for the sake of the vehicle. + + There are a scalability issue and a route optimization issue in the + network-based mobility scheme (e.g., PMIPv6) when an MA covers a + large vehicular network governing many IP-RSUs. In this case, a + distributed mobility scheme (e.g., DMM [RFC7429]) can mitigate the + scalability issue by distributing multiple MAs in the vehicular + network such that they are positioned closer to vehicles for route + optimization and bottleneck mitigation in a central MA in the + network-based mobility scheme. All these mobility approaches (i.e., + a host-based mobility scheme, network-based mobility scheme, and + distributed mobility scheme) and a hybrid approach of a combination + of them need to provide an efficient mobility service to vehicles + moving fast and moving along with relatively predictable trajectories + along the roadways. + + In vehicular networks, the control plane can be separated from the + data plane for efficient mobility management and data forwarding by + using the concept of Software-Defined Networking (SDN) [RFC7149] + [FPC-DMM]. Note that Forwarding Policy Configuration (FPC) in + [FPC-DMM], which is a flexible mobility management system, can manage + the separation of data plane and control plane in DMM. In SDN, the + control plane and data plane are separated for the efficient + management of forwarding elements (e.g., switches and routers) where + an SDN controller configures the forwarding elements in a centralized + way, and they perform packet forwarding according to their forwarding + tables that are configured by the SDN controller. An MA as an SDN + controller needs to efficiently configure and monitor its IP-RSUs and + vehicles for mobility management and security services. + +Appendix D. Support of MTU Diversity for IP-Based Vehicular Networks + + The wireless and/or wired-line links in paths between both mobile + nodes and fixed network correspondents may configure a variety of + Maximum Transmission Units (MTUs), where all IPv6 links are required + to support a minimum MTU of 1280 octets and may support larger MTUs. + Unfortunately, determining the path MTU (i.e., the minimum link MTU + in the path) has proven to be inefficient and unreliable due to the + uncertain nature of the loss-oriented ICMPv6 messaging service used + for path MTU discovery. Recent developments have produced a more + reliable path MTU determination service for TCP [RFC4821] and UDP + [RFC8899]; however, the MTUs discovered are always limited by the + most restrictive link MTU in the path (often 1500 octets or smaller). + + The AERO/OMNI service addresses the MTU issue by introducing a new + layer in the Internet architecture known as the "OMNI Adaptation + Layer (OAL)". The OAL allows end systems that configure an OMNI + interface to utilize a full 65535-octet MTU by leveraging the IPv6 + fragmentation and reassembly service during encapsulation to produce + fragment sizes that are assured of traversing the path without loss + due to a size restriction. Thus, this allows end systems to send + packets that are often much larger than the actual path MTU. + + Performance studies over the course of many decades have proven that + applications will see greater performance by sending smaller numbers + of large packets (as opposed to larger numbers of small packets) even + if fragmentation is needed. The OAL further supports even larger + packet sizes through the IP Parcels construct [PARCELS], which + provides "packets-in-packet" encapsulation for a total size up to 4 + MB. Together, the OAL and IP Parcels will provide a revolutionary + new capability for greater efficiency in both mobile and fixed + networks. On the other hand, due to the highly dynamic nature of + vehicular networks, a high packet loss may not be able to be avoided. + The high packet loss on IP Parcels can simultaneously cause multiple + TCP sessions to experience packet retransmissions, session time-out, + or re-establishment of the sessions. Other protocols, such as MPTCP + and QUIC, may also experience similar issues. A mechanism for + mitigating this issue in OAL and IP Parcels should be considered. + +Acknowledgments + + This work was supported by a grant from the Institute of Information + & Communications Technology Planning & Evaluation (IITP) funded by + the Korea MSIT (Ministry of Science and ICT) (R-20160222-002755, + Cloud-based Security Intelligence Technology Development for the + Customized Security Service Provisioning). + + This work was supported in part by the MSIT, Korea, under the ITRC + (Information Technology Research Center) support program (IITP- + 2022-2017-0-01633) supervised by the IITP. + + This work was supported in part by the IITP (2020-0-00395-003, + Standard Development of Blockchain-based Network Management + Automation Technology). + + This work was supported in part by the French research project + DataTweet (ANR-13-INFR-0008) and in part by the HIGHTS project funded + by the European Commission I (636537-H2020). + + This work was supported in part by the Cisco University Research + Program Fund, Grant # 2019-199458 (3696), and by ANID Chile Basal + Project FB0008. + +Contributors + + This document is a group work of the IPWAVE working group, greatly + benefiting from inputs and texts by Rex Buddenberg (Naval + Postgraduate School), Thierry Ernst (YoGoKo), Bokor Laszlo (Budapest + University of Technology and Economics), Jose Santa Lozanoi + (Universidad of Murcia), Richard Roy (MIT), Francois Simon (Pilot), + Sri Gundavelli (Cisco), Erik Nordmark (Zededa), Dirk von Hugo + (Deutsche Telekom), Pascal Thubert (Cisco), Carlos Bernardos (UC3M), + Russ Housley (Vigil Security), Suresh Krishnan (Cisco), Nancy Cam- + Winget (Cisco), Fred L. Templin (The Boeing Company), Jung-Soo Park + (ETRI), Zeungil (Ben) Kim (Hyundai Motors), Kyoungjae Sun (Soongsil + University), Zhiwei Yan (CNNIC), YongJoon Joe (LSware), Peter E. Yee + (Akayla), and Erik Kline (Aalyria). The authors sincerely appreciate + their contributions. + + The following are coauthors of this document: + + Nabil Benamar + Department of Computer Sciences, + High School of Technology of Meknes + Moulay Ismail University + Morocco + Phone: +212 6 70 83 22 36 + Email: benamar73@gmail.com + + + Sandra Cespedes + NIC Chile Research Labs + Universidad de Chile + Av. Blanco Encalada 1975 + Santiago + Chile + Phone: +56 2 29784093 + Email: scespede@niclabs.cl + + + Jérôme Härri + Communication Systems Department + EURECOM + Sophia-Antipolis + France + Phone: +33 4 93 00 81 34 + Email: jerome.haerri@eurecom.fr + + + Dapeng Liu + Alibaba + Beijing + 100022 + China + Phone: +86 13911788933 + Email: max.ldp@alibaba-inc.com + + + Tae (Tom) Oh + Department of Information Sciences and Technologies + Rochester Institute of Technology + One Lomb Memorial Drive + Rochester, NY 14623-5603 + United States of America + Phone: +1 585 475 7642 + Email: Tom.Oh@rit.edu + + + Charles E. Perkins + Futurewei Inc. + 2330 Central Expressway, + Santa Clara, CA 95050 + United States of America + Phone: +1 408 330 4586, + Email: charliep@computer.org + + + Alexandre Petrescu + CEA, LIST, CEA Saclay + 91190 Gif-sur-Yvette + France + Phone: +33169089223 + Email: Alexandre.Petrescu@cea.fr + + + Yiwen Chris Shen + Department of Computer Science & Engineering + Sungkyunkwan University + 2066 Seobu-Ro, Jangan-Gu + Suwon + Gyeonggi-Do + 16419 + Republic of Korea + Phone: +82 31 299 4106 + Email: chrisshen@skku.edu + URI: https://chrisshen.github.io + + + Michelle Wetterwald + FBConsulting + 21, Route de Luxembourg, + L-L-6633, Wasserbillig, + Luxembourg + Email: Michelle.Wetterwald@gmail.com + + +Author's Address + + Jaehoon Paul Jeong (editor) + Department of Computer Science and Engineering + Sungkyunkwan University + 2066 Seobu-Ro, Jangan-Gu + Suwon + Gyeonggi-Do + 16419 + Republic of Korea + Phone: +82 31 299 4957 + Email: pauljeong@skku.edu + URI: http://iotlab.skku.edu/people-jaehoon-jeong.php -- cgit v1.2.3