IPWAVE Working Group J. Jeong, Ed. Internet-Draft Sungkyunkwan University Intended status: InformationalOctober 3, 2019January 6, 2020 Expires:April 5,July 9, 2020IPIPv6 Wireless Access in Vehicular Environments (IPWAVE): Problem Statement and Use Casesdraft-ietf-ipwave-vehicular-networking-12draft-ietf-ipwave-vehicular-networking-13 Abstract This document discusses the problem statement and use cases ofIP- basedIPv6-based vehicular networking for Intelligent Transportation Systems (ITS). The main scenarios of vehicular communications arevehicle- to-vehiclevehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), andvehicle-to- everythingvehicle-to-everything (V2X) communications. First, this document explains use cases using V2V, V2I, and V2X networking. Next, it makes a problem statement about key aspects inIP-basedIPv6-based vehicular networking, such as IPv6 Neighbor Discovery, Mobility Management, and Security & Privacy. For each key aspect, this document specifies requirementsin IP-basedfor IPv6-based vehicularnetworking, and suggests the direction of solutions satisfying those requirements.networking. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire onApril 5,July 9, 2020. Copyright Notice Copyright (c)20192020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . .56 3.1. V2V . . . . . . . . . . . . . . . . . . . . . . . . . . .57 3.2. V2I . . . . . . . . . . . . . . . . . . . . . . . . . . .68 3.3. V2X . . . . . . . . . . . . . . . . . . . . . . . . . . .79 4. Vehicular Networks . . . . . . . . . . . . . . . . . . . . .89 4.1. Vehicular Network Architecture . . . . . . . . . . . . .910 4.2. V2I-based Internetworking . . . . . . . . . . . . . . . .1113 4.3. V2V-based Internetworking . . . . . . . . . . . . . . . .1315 5. Problem Statement . . . . . . . . . . . . . . . . . . . . . .1416 5.1. Neighbor Discovery . . . . . . . . . . . . . . . . . . .1516 5.1.1. Link Model . . . . . . . . . . . . . . . . . . . . .1618 5.1.2. MAC Address Pseudonym . . . . . . . . . . . . . . . .1719 5.1.3. Routing . . . . . . . . . . . . . . . . . . . . . . .1820 5.2. Mobility Management . . . . . . . . . . . . . . . . . . .1920 6. Security Considerations . . . . . . . . . . . . . . . . . . .2021 7. Informative References . . . . . . . . . . . . . . . . . . .2123 Appendix A. Changes from draft-ietf-ipwave-vehicular-networking-11networking-12 . . . . . . . . . . . . . . . . . . .2729 Appendix B. Acknowledgments . . . . . . . . . . . . . . . . . .2829 Appendix C. Contributors . . . . . . . . . . . . . . . . . . . .2829 Author's Address . . . . . . . . . . . . . . . . . . . . . . . .3032 1. Introduction Vehicular networking studies have mainly focused on improving safety and efficiency, and also enabling entertainment in vehicular networks. The Federal Communications Commission (FCC) in the US allocated wireless channels for Dedicated Short-Range Communications (DSRC) [DSRC] in the Intelligent Transportation Systems (ITS) with the frequency band of 5.850 - 5.925 GHz (i.e., 5.9 GHz band). DSRC- based wireless communications can support vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), and vehicle-to-everything (V2X) networking. The European Union (EU) allocated radio spectrum for safety-related and non-safety-related applications of ITS with the frequency band of 5.875 - 5.905 GHz, as part of the Commission Decision 2008/671/EC [EU-2008-671-EC]. For direct inter-vehicular wireless connectivity, IEEE has amended WiFi standard 802.11 to enable driving safety services based on DSRC for the Wireless Access in Vehicular Environments (WAVE) system. The Physical Layer (L1) and Data Link Layer (L2) issues are addressed in IEEE 802.11p [IEEE-802.11p] for the PHY and MAC of the DSRC, while IEEE 1609.2 [WAVE-1609.2] covers security aspects, IEEE 1609.3 [WAVE-1609.3] defines related services at network and transport layers, and IEEE 1609.4 [WAVE-1609.4] specifies the multi-channel operation. IEEE 802.11p was first a separate amendment, but was later rolled into the base 802.11 standard (IEEE 802.11-2012) as IEEE 802.11 Outside the Context of a Basic Service Set (OCB) in 2012 [IEEE-802.11-OCB]. Along with these WAVE standards, IPv6 [RFC8200] and MobileIPIPv6 protocols (e.g.,MIPv4 [RFC5944], MIPv6Mobile IPv6 (MIPv6) [RFC6275], and Proxy MIPv6 (PMIPv6)[RFC5213][RFC5844])[RFC5213]) can be applied to vehicular networks. In addition, ISO has approved a standard specifying the IPv6 network protocols and services to be used for Communications Access for Land Mobiles (CALM) [ISO-ITS-IPv6]. This document describes use cases and a problem statement aboutIP- basedIPv6-based vehicular networking for ITS, which is namedIPIPv6 Wireless Access in Vehicular Environments (IPWAVE). First, it introduces the use cases for using V2V, V2I, and V2X networking in ITS. Next, it makes a problem statement about key aspects in IPWAVE, namely, IPv6 NeighborDiscovery,Discovery (ND), MobilityManagement,Management (MM), and Security &Privacy.Privacy (SP). For each key aspect of the problem statement, this document specifies requirementsin IP-basedfor IPv6-based vehicularnetworking, and proposes the direction of solutions fulfilling those requirements.networking. This document is intended to motivate development of key protocols for IPWAVE. 2. Terminology This document uses the terminology described in [RFC8691]. In addition, the followingdefinitions:terms are defined below: o Class-Based Safety Plan: A vehicle can make safety plan by classifying the surrounding vehicles into different groups for safety purposes according to the geometrical relationship among them. The vehicle groups can be classified as Line-of-Sight Unsafe, Non-Line-of-Sight Unsafe, and Safe groups [CASD]. o Context-Awareness: A vehicle can be aware of spatial-temporal mobility information (e.g., position, speed, direction, and acceleration/deceleration) of surrounding vehicles for both safety and non-safety uses through sensing or communication [CASD]. oLiDAR: "Light DetectionEdge Computing (EC): It is the local computing near an access network (i.e., edge network) for the sake of vehicles andRanging".pedestrians. o Edge Computing Device (ECD): It is ascanningcomputing deviceto measure a distance to an object by emitting pulsed laser light and measuring(or server) for edge computing for thereflected pulsed light. o Mobility Anchor (MA): A node that maintains IP addresses and mobility informationsake of vehiclesin a road network to support their address autoconfigurationandmobility management with a binding table. An MA has end-to-end connections with RSUs under its control.pedestrians. oOn-Board Unit (OBU): A nodeEdge Network (EN): In is an access network that hasphysical communication devices (e.g., IEEE 802.11-OCB and Cellular V2X (C-V2X) [TS-23.285-3GPP])an IP-RSU for wirelesscommunicationscommunication with otherOBUsvehicles having an IP-OBU and wired communication with other network devices (e.g., routers, IP- RSUs, ECDs, servers, and MA). It maybe connected to in-vehicle devices or networks. An OBU is mounted onhave avehicle. o OCB: "Outsideradio receiver of Global Positioning System (GPS) for its position recognition and theContextlocalization service for the sake of vehicles. o IP-OBU: "Internet Protocol On-Board Unit": An IP-OBU denotes aBasic Service Set".computer situated in a vehicle such as a car, bicycle, or similar. It has at least one IP interface that runs in mode OCB of 802.11 and has an "OBU" transceiver. Also, it may have an IP interface that runs in Cellular V2X (C-V2X) [TS-23.285-3GPP]. See the definition of the term "OBU" in [RFC8691]. o IP-RSU: "IP Roadside Unit": An IP-RSU isdifferentiated fromsituated along theBasic Service Set (BSS) moderoad. It has at least two distinct IP-enabled interfaces. The wireless PHY/MAC layer of at least one of its IP-enabled interfaces is configured to operate inIEEE802.11-OCB mode. An IP-RSU communicates with the IP-OBU over an 802.11standard. A nodewireless link operating in OCBmode can directly transmit packetsmode. Also, it may have an IP interface that runs in C-V2X along with an "RSU" transceiver. An IP-RSU is similar toother nodesan Access Network Router (ANR), defined in [RFC3753], and a Wireless Termination Point (WTP), defined in [RFC5415]. See the definition of the term "RSU" in [RFC8691]. o LiDAR: "Light Detection and Ranging". It is a scanning device to measure a distance to an object by emitting pulsed laser light and measuring the reflected pulsed light. o Mobility Anchor (MA): A node that maintains IPv6 addresses and mobility information of vehicles in a road network to support their IPv6 address autoconfiguration and mobility management with a binding table. An MA has End-to-End (E2E) connections with IP- RSUs under itswireless range withoutcontrol for theauthentication or association process definedaddress autoconfiguration and mobility management of the vehicles. This MA can play a role of a Local Mobility Anchor (LMA) inBSSPMIPv6 [RFC5213] for vehicles moving in the road network . o OCB: "Outside the Context of a Basic Service Set - BSS". It is a mode of operation in which a Station (STA) is not a member of a BSS and does not utilize IEEE Std 802.11 authentication, association, or data confidentiality [IEEE-802.11-OCB]. o 802.11-OCB: It refers to the mode specified in IEEE Std 802.11-2016 [IEEE-802.11-OCB] when the MIB attribute dot11OCBActivited is 'true'. o Platooning: Moving vehicles can be grouped together to reduce air- resistance for energy efficiency and reduce the number of drivers such that only the leading vehicle has a driver and the other vehicles are autonomous vehicles without a driver and closely following the leading vehicle [Truck-Platooning]. oRoad-Side Unit (RSU): A node that has physical communication devices (e.g., IEEE 802.11-OCB and C-V2X) for wireless communications with vehicles and is also connected to the Internet through a router or switch for packet forwarding. An RSU can accommodate multiple routers (or switches) and servers (e.g., DNS server and edge computing server) in its internal network as an edge computing system. An RSU is typically deployed on the road infrastructure, either at an intersection or in a road segment, but may also be located in a car parking area. oTraffic Control Center (TCC): A node that maintains road infrastructure information (e.g.,RSUs,IP-RSUs, traffic signals, and loop detectors), vehicular traffic statistics (e.g., average vehicle speed and vehicle inter-arrival time per road segment), and vehicle information (e.g., a vehicle's identifier, position, direction, speed, and trajectory as a navigation path). TCC is included in a vehicular cloud for vehicular networks. o Vehicle: A Vehicle in this document is a node that has anOBUIP-OBU for wireless communication with other vehicles andRSUs.IP-RSUs. It has a radio navigation receiver of Global Positioning System (GPS) for efficient navigation. o Vehicular Ad Hoc Network (VANET): A network that consists of vehicles interconnected by wireless communication. Two vehicles in a VANET can communicate with each other using other vehicles as relays even where they are out of one-hop wireless communication range. o Vehicular Cloud: A cloud infrastructure for vehicular networks, having compute nodes, storage nodes, and network forwarding elements (e.g., switch and router). o Vehicle Detection Loop (i.e., Loop Detector): An inductive device used for detecting vehicles passing or arriving at a certain point, for instance, at an intersection with traffic lights or at a ramp toward a highway. The relatively crude nature of the loop's structure means that only metal masses above a certain size are capable of triggering the detection. o V2D: "Vehicle to Device". It is the wireless communication between a vehicle and a device (e.g., IoT device). o V2P: "Vehicle to Pedestrian". It is the wireless communication between a vehicle and a pedestrian's mobile device (e.g., smartphone). o V2I2P: "Vehicle to Infrastructure to Pedestrian". It is the wireless communication between a vehicle and a pedestrian's mobile device (e.g., smartphone) via an infrastructure node (e.g., IP- RSU). o V2I2V: "Vehicle to Infrastructure to Vehicle". It is the wireless communication between a vehicle and another vehicle via an infrastructure node (e.g., IP-RSU). o VIP: "Vehicular Internet Protocol". It is an IPv6 extension for vehicular networks including V2V, V2I, and V2X. o VMM: "Vehicular Mobility Management". It is an IPv6-based mobility management for vehicular networks. oV2I2V: "Vehicle to Infrastructure to Vehicle".VND: "Vehicular Neighbor Discovery". It is an IPv6 ND extension for vehicular networks. o VSP: "Vehicular Security and Privacy". It is an IPv6-based security and privacy for vehicular networks. o WAVE: "Wireless Access in Vehicular Environments" [WAVE-1609.0]. 3. Use Cases This section explains use cases of V2V, V2I, and V2X networking. The use cases of the V2X networking exclude the ones of the V2V and V2I networking, but include Vehicle-to-Pedestrian (V2P) and Vehicle-to- Device (V2D). Since IP is widely used among various computing devices in the Internet, it is expected that the use cases in this section need to work on top of IPv6 as the network layer protocol. Thus, the IPv6 for these use cases should be extended for vehicular IPv6 such that the IPv6 can support the functions of the network layer protocol such as Vehicular Neighbor Discovery (VND), Vehicular Mobility Management (VMM), and Vehicular Security and Privacy (VSP) in vehicular networks. Refer to Section 5 for the problem statement of the requirements of the vehicular IPv6. 3.1. V2V The use cases of V2V networking discussed in this section include o Context-aware navigation for driving safety and collision avoidance; o Cooperative adaptive cruise control in an urban roadway; o Platooning in a highway; o Cooperative environment sensing. These four techniques will be important elements for self-driving vehicles. Context-Aware Safety Driving (CASD) navigator [CASD] can help drivers to drive safely by alerting the drivers about dangerous obstacles and situations. That is, CASD navigator displays obstacles or neighboring vehicles relevant to possible collisions in real-time through V2V networking. CASD provides vehicles with a class-based automatic safety action plan, which considers three situations, namely, the Line-of-Sight unsafe, Non-Line-of-Sight unsafe, and safe situations. This action plan can be put into action among multiple vehicles using V2V networking. Cooperative Adaptive Cruise Control (CACC) [CA-Cruise-Control] helps vehicles to adapt their speed autonomously through V2V communication among vehicles according to the mobility of their predecessor and successor vehicles in an urban roadway or a highway. Thus, CACC can help adjacent vehicles to efficiently adjust their speed in an interactive way through V2V networking in order to avoid collision. Platooning [Truck-Platooning] allows a series of vehicles (e.g., trucks) to follow each other very closely. Trucks can use V2V communication in addition to forward sensors in order to maintain constant clearance between two consecutive vehicles at very short gaps (from 3 meters to 10 meters). Platooning can maximize the throughput of vehicular traffic in a highway and reduce the gas consumption because the leading vehicle can help the following vehicles to experience less air resistance. Cooperative-environment-sensing use cases suggest that vehicles can share environmental information from various vehicle-mounted sensors, such as radars, LiDARs, and cameras with other vehicles and pedestrians. [Automotive-Sensing] introduces a millimeter-wave vehicular communication for massive automotive sensing. A lot of data can be generated by those sensors, and these data typically need to be routed to different destinations. In addition, from the perspective of driverless vehicles, it is expected that driverless vehicles can be mixed with driver-operated vehicles. Through the cooperative environment sensing, driver-operated vehicles can use environmental information sensed by driverless vehicles for better interaction with the other vehicles and environment. To support the applications of these V2V use cases, the functions of IPv6 such as VND and VSP are prerequisite for the IPv6-based packet exchange and the secure, safe communication between two vehicles. 3.2. V2I The use cases of V2I networking discussed in this section include o Navigation service; o Energy-efficient speed recommendation service; o Accident notification service. A navigation service, for example, the Self-Adaptive Interactive Navigation Tool (SAINT) [SAINT], using V2I networking interacts with TCC for the large-scale/long-range road traffic optimization and can guide individual vehicles for appropriate navigation paths in real time. The enhanced version of SAINT [SAINTplus] can give fast moving paths to emergency vehicles (e.g., ambulance and fire engine) to let them reach an accident spot while redirecting other vehicles near the accident spot into efficient detour paths. A TCC can recommend an energy-efficient speed to a vehicle that depends on its traffic environment. [Fuel-Efficient] studies fuel- efficient route and speed plans for platooned trucks. The emergency communication between accident vehicles (or emergency vehicles) and TCC can be performed via eitherRSUIP-RSU or 4G-LTE networks. The First Responder Network Authority (FirstNet) [FirstNet] is provided by the US government to establish, operate, and maintain an interoperable public safety broadband network for safety and security network services, e.g., emergency calls. The construction of the nationwide FirstNet network requires each state in the US to have a Radio Access Network (RAN) that will connect to the FirstNet's network core. The current RAN is mainly constructed by 4G-LTE for the communication between a vehicle and an infrastructure node (i.e., V2I) [FirstNet-Report], but it is expected that DSRC-based vehicular networks [DSRC] will be available for V2I and V2V in near future. To support the applications of these V2I use cases, the functions of IPv6 such as VND, VMM, and VSP are prerequisite for the IPv6-based packet exchange, the transport-layer session continuity, and the secure, safe communication between a vehicle and a server in the vehicular cloud. 3.3. V2X The use case of V2X networking discussed in this section is pedestrian protection service. A pedestrian protection service, such as Safety-Aware Navigation Application (SANA) [SANA], using V2I2P networking can reduce the collision of a vehicle and a pedestrian carrying a smartphone equipped with a network device for wireless communication (e.g., WiFi) with anRSU.IP-RSU. Vehicles and pedestrians can also communicate with each other via anRSU that delivers schedulingIP-RSU. An edge computing device behind the IP-RSU can collect the mobility informationforfrom vehicles and pedestrians, compute wireless communicationin order toscheduling for the sake of them. This scheduling can save thesmartphones'batterythroughof each pedestrian's smartphone by allowing it to work in sleepingmode.mode before the communication with vehicles, considering their mobility. For Vehicle-to-Pedestrian (V2P), a vehicle can directly communicate with a pedestrian's smartphone by V2X withoutRSUIP-RSU relaying.Light- weightLight-weight mobile nodes such as bicycles may also communicate directly with a vehicle for collision avoidance using V2V. To support the applications of these V2X use cases, the functions of IPv6 such as VND, VMM, and VSP are prerequisite for the IPv6-based packet exchange, the transport-layer session continuity, and the secure, safe communication between a vehicle and a pedestrian either directly or indirectly via an IP-RSU. 4. Vehicular Networks This section describesaan exemplary vehicular network architecture supporting V2V, V2I, and V2X communications in vehicular networks.Also, itIt describes an internal network within a vehicle orRSU,an edge network (called EN). It explains not only the internetworking between the internal networks of a vehicle and an EN via wireless links, but also the internetworking between the internal networks of two vehicles viaDSRCwireless links. Traffic Control Center in Vehicular Cloud ******************************************* +-------------+ * * |Corresponding| * +-----------------+ **| Node |<->* | Mobility Anchor | * +-------------+ * +-----------------+ * * ^ * * |Ethernet* * v * ******************************************* ^ ^ ^ |Ethernet|Ethernet|Ethernet| | | v v v+--------+ Ethernet +--------+ Ethernet +--------+ | RSU1 |<-------->| RSU2 |<---------->| RSU3 | +--------+ +--------+ +--------++---------+ +---------+ +---------+ | IP-RSU1 |<--------->| IP-RSU2 |<--------->| IP-RSU3 | +---------+ +---------+ +---------+ ^ ^ ^ : : : +-----------------+ +-----------------+ +-----------------+ | : V2I | | : V2I | | : V2I | | v | | v | | v | +--------+ | +--------+ | | +--------+ | | +--------+ | |Vehicle1|===> |Vehicle2|===>| | |Vehicle3|===>| | |Vehicle4|===>| +--------+<...>+--------+<........>+--------+ | | +--------+ | V2V ^ V2V ^ | | ^ | | : V2V | | : V2V | | : V2V | | v | | v | | v | | +--------+ | | +--------+ | | +--------+ | | |Vehicle5|===> | | |Vehicle6|===>| | |Vehicle7|==>| | +--------+ | | +--------+ | | +--------+ | +-----------------+ +-----------------+ +-----------------+ Subnet1 Subnet2 Subnet3 (Prefix1) (Prefix2) (Prefix3) <----> Wired Link <....> Wireless Link ===> Moving Direction Figure 1:AAn Exemplary Vehicular Network Architecture for V2I and V2VNetworking4.1. Vehicular Network Architecture Figure 1 shows an exemplary vehicular network architecture for V2I and V2Vnetworkingin a road network. The vehicular network architecture contains vehicles,RSUs,IP-RSUs, Vehicular Cloud, Traffic Control Center, and Mobility Anchor as components. However, some components in the vehicular network architecture may not be needed for vehicularnetworking,networks, such as Vehicular Cloud, Traffic Control Center, and Mobility Anchor. As shown in this figure,RSUsIP-RSUs as routers and vehicles withOBUIP-OBU have wireless media interfaces for VANET. Furthermore, the wireless media interfaces are autoconfigured with a global IPv6 prefix (e.g., 2001:DB8:1:1::/64) to support both V2V and V2I networking. Note that 2001:DB8::/32 is a documentation prefix [RFC3849] for example prefixes in this document, and also that any routable IPv6 address needs to be routable in a VANET and a vehicular network including IP- RSUs. For IPv6 packets transported over IEEE 802.11-OCB,[IPv6-over-802.11-OCB][RFC8691] specifies several details, including Maximum Transmission Unit (MTU), frame format, link-local address, address mapping for unicast and multicast, stateless autoconfiguration, and subnet structure. An Ethernet Adaptation (EA) layer is in charge of transforming some parameters between IEEE 802.11 MAC layer and IPv6 network layer, which is located between IEEE 802.11-OCB's logical link control layer and IPv6 network layer. This IPv6 over 802.11-OCB can be used for both V2V and V2I inIP-basedIPv6-based vehicular networks. In Figure 1, threeRSUs (RSU1, RSU2,IP-RSUs (IP-RSU1, IP-RSU2, andRSU3)IP-RSU3) are deployed in the road network and are connectedto a Vehicular Cloudwith each other through theInternet.wired networks (e.g., Ethernet), which are part of a Vehicular Cloud. A Traffic Control Center (TCC) is connected to the Vehicular Cloud for the management ofRSUsIP-RSUs and vehicles in the road network. A Mobility Anchor (MA)canmay be located in the TCC asits key componenta mobility management controller, which is a controller for the mobility management of vehicles. Vehicle2, Vehicle3, and Vehicle4 are wirelessly connected toRSU1, RSU2,IP-RSU1, IP-RSU2, andRSU3,IP-RSU3, respectively. The three wireless networks ofRSU1, RSU2,IP-RSU1, IP-RSU2, andRSU3IP-RSU3 can belong to three different subnets (i.e., Subnet1, Subnet2, and Subnet3), respectively. Those three subnets use three different prefixes (i.e., Prefix1, Prefix2, and Prefix3). A single subnet prefix can span multiple vehicles in VANET. For example, in Figure 1, for Prefix 1, three vehicles (i.e., Vehicle1, Vehicle2, and Vehicle5) can construct a connected VANET. Also, for Prefix 2, two vehicles (i.e., Vehicle3 and Vehicle6) can construct another connected VANET, and for Prefix 3, two vehicles (i.e., Vehicle4 and Vehicle7) can construct another connected VANET. In wireless subnets in vehicular networks (e.g., Subnet1 and Subnet2 in Figure 1), vehicles can construct a connected VANET (with an arbitrary graph topology) and can communicate with each other via V2V communication. Vehicle1 can communicate with Vehicle2 via V2V communication, and Vehicle2 can communicate with Vehicle3 via V2V communication because they are within the wireless communication range for each other. On the other hand, Vehicle3 can communicate with Vehicle4 via the vehicular infrastructure (i.e.,RSU2IP-RSU2 and IP- RSU3) by employing V2I (i.e., V2I2V) communication because they are not within the wireless communication range for each other.InAn IPv6 mobility solution is needed in vehicularnetworks, asymmetric links sometimes exist and mustnetworks so that a vehicle's TCP session can beconsidered forcontinued while it moves from an IP- RSU's wirelesscommunications.coverage to another IP-RSU's wireless coverage. In Figure 1, assuming that Vehicle2 has a TCP session with a corresponding node in the vehicular cloud, Vehicle2 can move from IP- RSU1's wireless coverage to IP-RSU2's wireless coverage. In this case, a handover for Vehicle2 needs to be performed by either a host- based mobility management scheme (e.g., MIPv6 [RFC6275]) or a network-based mobility management scheme (e.g., PMIPv6 [RFC5213]). In the host-based mobility scheme, an IP-RSU plays a role of a home agent in a visited network. On the other hand, in the network-based mobility scheme, an MA plays a role of a mobility management controller such as a Local Mobility Anchor (LMA) in PMIPv6, and an IP-RSU plays a role of an access router such as a Mobile Access Gateway (MAG) in PMIPv6 [RFC5213]. In vehicular networks, the control plane can be separated from the data plane forefficientefficient mobility management and data forwarding. The separation of the control plane and data plane can be performed by the Software-Defined Networking (SDN) [RFC7149]. An MA can configure and monitor its IP-RSUs and vehicles for mobilitymanagementmanagement, location management, anddata forwarding.security services in an efficient way. The mobility information of a GPS receiver mounted in its vehicle (e.g., position, speed, and direction) can be used to accommodate mobility-aware proactiveprotocols.handover schemes, which can perform the handover of a vehicle according to its mobility and the wireless signal strength of a vehicle and an IP-RSU in a proactive way. Vehicles can use the TCC as their Home Network having a home agent for mobility management as in MIPv6 [RFC6275] and PMIPv6 [RFC5213], so the TCC maintains the mobility information of vehicles for location management. IP tunneling over the wireless link should be avoided for performance efficiency. Also, in vehicular networks, asymmetric links sometimes exist and must be considered for wireless communications such as V2V and V2I. +-----------------+ (*)<........>(*) +----->| Vehicular Cloud | 2001:DB8:1:1::/64 | | | +-----------------+ +------------------------------+ +---------------------------------+ | v | | v v | | +-------++------++-------+ | | +-------++------++-------+ | | | Host1 | |IP-OBU1| |DNS1 | |Router1| | | |Router3| | DNS2| |IP-RSU1| | Host3 | | | +-------++------++-------+ | | +-------++------++-------+ | | ^ ^^| | ^ ^^ | || | | | | | | | | | v vv| | v vv| | ---------------------------- | | ------------------------------- | | 2001:DB8:10:1::/64 ^ | | ^ 2001:DB8:20:1::/64 | | | | | | | | v | | v | | +-------+ +-------+ | | +-------+ +-------+ +-------+ | | | Host2 ||Router2||Router1| | ||Router4||Router2| |Server1|...|ServerN| | | +-------+ +-------+ | | +-------+ +-------+ +-------+ | | ^ ^ | | ^ ^ ^ | | | | | | | | | | | v v | | v v v | | ---------------------------- | | ------------------------------- | | 2001:DB8:10:2::/64 | | 2001:DB8:20:2::/64 | +------------------------------+ +---------------------------------+ Vehicle1 (Moving Network1)RSU1EN1 (Fixed Network1) <----> Wired Link <....> Wireless Link (*) Antenna Figure 2: Internetworking between VehicleNetworkandRSUEdge Network 4.2. V2I-based Internetworking This section discusses the internetworking between a vehicle's internal network (i.e., moving network) and anRSU'sEN's internal network (i.e., fixed network) via V2I communication. Note that anRSUEN can accommodate multiple routers (or switches) and servers (e.g.,DNS serverECDs, navigation server, andedge computingDNS server) in its internalnetwork as an edge computing system.network. A vehicle's internal network often uses Ethernet to interconnectcontrol unitsElectronic Control Units (ECUs) in the vehicle. The internal networkalso supportscan support WiFi and Bluetooth to accommodate a driver's and passenger's mobile devices (e.g., smartphone or tablet). The network topology and subnetting depend on each vendor's network configuration for a vehicle and an EN. It is reasonable to consider the interaction between the internal network and an external network within another vehicle orRSU.an EN. As shown in Figure2, the vehicle's moving network and the RSU's fixed network are self-contained networks having multiple subnets and having an edge router for the communication with another vehicle or RSU. Internetworking between two internal networks via V2I communication requires an exchange of network prefix and other parameters through a prefix discovery mechanism, such as ND-based prefix discovery [ID-Vehicular-ND]. For ND-based prefix discovery, network prefixes and parameters should be registered with a vehicle's router and an RSU router with an external network interface in advance. For an IP communication between a vehicle and an RSU or between two neighboring vehicles, the network parameter discovery collects information relevant to the link layer, MAC layer, and IP layer. The link layer information includes wireless link layer parameters and transmission power level. The MAC layer information includes the MAC address of an external network interface for the internetworking with another vehicle or RSU. The IP layer information includes the IP address2, as internal networks, a vehicle's moving network andprefix ofanexternalEN's fixed networkinterfaceare self-contained networks having multiple subnets and having an edge router (e.g., IP-OBU and IP-RSU) for theinternetworkingcommunication with another vehicle orRSU. Onceanother EN. Internetworking between two internal networks via V2I communication requires thenetwork parameter discovery and prefixexchangeoperations have been performed, packets can be transmitted betweenof thevehicle's movingnetwork parameters and theRSU's fixed network. A DNS service should be supported for the DNS name resolution of in-vehicle devices within a vehicle's internalnetworkas well as for the DNS name resolutionprefixes ofthose devices from a remote host intheInternet (e.g., a customer's web browser and an automotive service center system). The DNS names of in-vehicle devices and their service names can be registered with a DNS server in a vehicle or an RSU, as shown in Figure 2.internal networks. Figure 2 also shows internetworking between the vehicle's moving network and theRSU'sEN's fixed network. There exists an internal network (Moving Network1) inside Vehicle1. Vehicle1 hasthe DNS Server (DNS1), thetwo hosts (Host1 and Host2), andthetwo routers(Router1(IP-OBU1 andRouter2).Router1). There exists another internal network (Fixed Network1) insideRSU1. RSU1EN1. EN1 hasthe DNS Server (DNS2),one host (Host3),thetwo routers(Router3(IP-RSU1 andRouter4),Router2), and the collection of servers (Server1 to ServerN) for various services in the road networks, such as the emergency notification and navigation. Vehicle1'sRouter1 (aIP-OBU1 (as a mobile router) andRSU1's Router3 (aEN1's IP-RSU1 (as a fixed router) use 2001:DB8:1:1::/64 for an external link (e.g., DSRC) for V2I networking. Thus,onea host (Host1) in Vehicle1 can communicate withonea server (Server1) inRSU1EN1 for a vehicular service through Vehicle1's moving network, a wireless link betweenVehicle1IP-OBU1 and IP- RSU1, andRSU1'sEN1's fixed network. For an IPv6 communication between an IP-OBU and an IP-RSU or between two neighboring IP-OBUs, network parameters need to be shared among them, such as MAC layer and IPv6 layer information. The MAC layer information includes wireless link layer parameters, transmission power level, the MAC address of an external network interface for the internetworking with another IP-OBU or IP-RSU. The IPv6 layer information includes the IPv6 address and network prefix of an external network interface for the internetworking with another IP- OBU or IP-RSU. Through the exchange of network parameters and network prefixes among internal networks, packets can be transmitted between the vehicle's moving network and the EN's fixed network. Thus, V2I requires an efficient exchange protocol for network parameters and an efficient routing protocol for network prefixes. (*)<..........>(*) 2001:DB8:1:1::/64 | | +------------------------------+ +------------------------------+ | v | | v | | +-------++------++-------+ | | +-------++------++-------+ | | | Host1 | |IP-OBU1| |DNS1||Router1| | | |Router5| | DNS3|IP-OBU2| || Host4Host3 | | | +-------++------++-------+ | | +-------++------++-------+ | | ^ ^^| | ^ ^^ || | | | | | | | | || vv v | | v vv| | ---------------------------- | | ---------------------------- | | 2001:DB8:10:1::/64 ^ | | ^ 2001:DB8:30:1::/64 | | | | | | | | v | | v | | +-------+ +-------+ | | +-------+ +-------+ | | | Host2 ||Router2||Router1| | ||Router6||Router2| |Host5Host4 | | | +-------+ +-------+ | | +-------+ +-------+ | | ^ ^ | | ^ ^ | | | | | | | | | | v v | | v v | | ---------------------------- | | ---------------------------- | | 2001:DB8:10:2::/64 | | 2001:DB8:30:2::/64 | +------------------------------+ +------------------------------+ Vehicle1 (Moving Network1) Vehicle2 (Moving Network2) <----> Wired Link <....> Wireless Link (*) Antenna Figure 3: Internetworking between TwoVehicle NetworksVehicles 4.3. V2V-based Internetworking This section discusses the internetworking between the moving networks of two neighboring vehicles via V2V communication. Figure 3 shows internetworking between the moving networks of two neighboring vehicles. There exists an internal network (Moving Network1) inside Vehicle1. Vehicle1 hasthe DNS Server (DNS1), thetwo hosts (Host1 and Host2), andthetwo routers(Router1(IP-OBU1 andRouter2).Router1). There exists another internal network (Moving Network2) inside Vehicle2. Vehicle2 hasthe DNS Server (DNS3), thetwo hosts(Host4(Host3 andHost5),Host4), andthetwo routers(Router5(IP-OBU2 andRouter6).Router2). Vehicle1'sRouter1 (aIP-OBU1 (as a mobile router) and Vehicle2'sRouter5 (aIP-OBU2 (as a mobile router) use 2001:DB8:1:1::/64 for an external link (e.g., DSRC) for V2V networking. Thus,onea host (Host1) in Vehicle1 can communicate withoneanother host(Host4)(Host3) inVehicle1Vehicle2 for a vehicular service through Vehicle1's moving network, a wireless link betweenVehicle1IP-OBU1 andVehicle2,IP- OBU2, and Vehicle2's moving network. (*)<..................>(*)<..................>(*) | | | +-----------+ +-----------+ +-----------+ | | | | | | | +-------+ | | +-------+ | | +-------+ | ||Router1||IP-OBU1| | ||Router5||IP-OBU2| | ||Router7||IP-OBU3| | | +-------+ | | +-------+ | | +-------+ | | | | | | | | +-------+ | | +-------+ | | +-------+ | | | Host1 | | | |Host4Host2 | | | |Host6Host3 | | | +-------+ | | +-------+ | | +-------+ | | | | | | | +-----------+ +-----------+ +-----------+ Vehicle1 Vehicle2 Vehicle3 <....> Wireless Link (*) Antenna Figure 4: Multihop Internetworking between Two Vehicle Networks Figure 4 shows multihop internetworking between the moving networks of two vehicles in the same VANET. For example, Host1 in Vehicle1 can communicate withHost6Host3 in Vehicle3 viaRouter 5IP-OBU1 inVehicle2 that is an intermediate vehicle being connected to Vehicle1Vehicle1, IP- OBU2 in Vehicle2, and IP-OBU3 in Vehicle3 in a linear topology as shown in the figure. 5. Problem Statement In order to specify protocols using the abovementioned architecture for VANETs, IPv6 core protocols have to be adapted to overcome certain challenging aspects of vehicular networking. Since the vehicles are likely to be moving at great speed, protocol exchanges need to be completed in a time relatively small compared to the lifetime of a link between a vehicle and anRSU,IP-RSU, or between two vehicles. This has a major impact on IPv6neighbor discovery.Neighbor Discovery (ND). MobilitymanagementManagement (MM) is also vulnerable to disconnections that occur before the completion of identity verification and tunnel management. This is especially true given the unreliable nature of wireless communications.Finally, and perhaps most importantly, proper authorization for vehicular protocol messages must be assured in order to prevent false reports of accidents or other mishaps on the road, which would cause horrific misery in modern urban environments. ThisThus, this section presents key topics such as neighbor discovery and mobility management. 5.1. Neighbor Discovery IPv6Neighbor Discovery (IPv6 ND)ND [RFC4861][RFC4862] is a core part of the IPv6 protocol suite. IPv6 ND is designed for point-to-point links and transit links (e.g., Ethernet). It assumes an efficient and reliable support of multicast from the link layer for various network operations such as MAC Address Resolution (AR) and Duplicate Address Detection (DAD).DAD and ND-related parameters (e.g., Router Lifetime) need to be extended to vehicular networking (e.g., V2V, V2I, and V2X).Vehicles move quickly within the communication coverage of any particular vehicle orRSU.IP-RSU. Before the vehicles can exchange application messages with each other, they need to be configured with alink- locallink-local IPv6 address or a global IPv6 address, and run IPv6 ND. The legacy DAD assumes that a node with an IPv6 address can reach any other node with the scope of its address at the time it claims its address, and can hear any future claim for that address by another party within the scope of its address for the duration of the address ownership. However, the partitioning and merging of VANETs makes this assumption frequently invalid in vehicular networks. The merging and partitioning of VANETs occurs frequently in vehicular networks. This merging and partitioning should be considered for the IPv6Neighbor Discovery (e.g., SLAAC).ND such as IPv6 Stateless Address Autoconfiguration (SLAAC) [RFC4862]. Due to the merging of VANETs, two IPv6 addresses may conflict with each other though they were unique before the merging. Also, the partitioning of a VANET may make vehicles with the same prefix be physically unreachable. Also, SLAACshould be extendedneeds to prevent IPv6 address duplication due to the merging of VANETs. According to the merging and partitioning, a destination vehicle (as anIPIPv6 host)shouldneeds to be distinguished as either an on-link host or an off-link host even though the source vehicle uses the same prefix with the destination vehicle.TheTo efficiently prevent the IPv6 address duplication due to the VANET partitioning and merging from happing in vehicular networks, the vehicular networks need to support a vehicular-network-wide DAD by defining a scope that is compatible with the legacyDAD, andDAD. In this case, two vehicles can communicate with each other when there exists a communication path over VANET or a combination of VANETs and IP- RSUs, as shown in Figure 1. By using the vehicular-network-wide DAD, vehicles can assure that their IPv6 addresses are unique in the vehicular network whenever they are connected to the vehicular infrastructure or become disconnected from it in the form of VANET.A vehicular infrastructure having RSUs and an MA can participate in the vehicular-network-wide DAD for the sake of vehicles [RFC6775]. For the vehicle as an IPv6 node, deriving a unique IPv6 address from a globally unique MAC address creates a privacy issue. Refer to Section 6 for the discussion about such a privacy issue.ND time-related parameters such as router lifetime and Neighbor Advertisement (NA) intervalshouldneed to be adjusted for high-speed vehicles and vehicle density. As vehicles move faster, the NA interval should decrease (e.g., from 1 sec to 0.5 sec) for the NA messages to reach the neighboring vehicles promptly. Also, as vehicle density is higher, the NA interval should increase (e.g., from 0.5 sec to 1 sec) for the NA messages to reduce collision probability with other NA messages.According to a report from the National Highway Traffic Safety Administration (NHTSA) [NHTSA-ACAS-Report], an extra 0.5 second of warning time can prevent about 60% of the collisions of vehicles moving closely in a roadway. A warning message should be exchanged every 0.5 second. Thus, if the ND messages (e.g., NS and NA) are used as warning messages, they should be exchanged every 0.5 second.ForIP-basedIPv6-based safety applications (e.g., context-aware navigation, adaptive cruise control, and platooning) invehicular network, this boundedvehicular networks, the delay-bounded data delivery is critical. Implementations for such applications are not available yet. IPv6 ND needs to efficiently work to supportIP- basedIPv6-based safety applications. 5.1.1. Link Model A prefix model for a vehicular network needs to facilitate the communication between two vehicles with the same prefix regardless of the vehicular network topology as long as there exist bidirectional E2E paths between them in the vehicular network including VANETs and IP-RSUs. This prefix model allows vehicles with the same prefix to communicate with each other via a combination of multihop V2V and multihop V2I with VANETs and IP-RSUs. IPv6 protocols work under certain assumptions for the link model that do not necessarily hold in a vehicular wireless link[VIP-WAVE] [RFC5889].[VIP-WAVE][RFC5889]. For instance, some IPv6 protocols assume symmetry in the connectivity among neighboring interfaces [RFC6250]. However, radio interference and different levels of transmission power may cause asymmetric links to appear in vehicular wireless links. As a result, a new vehicular link modelshouldneeds to consider the asymmetry of dynamically changing vehicular wireless links. There is a relationship between a link and a prefix, besides the different scopes that are expected from the link-local and global types of IPv6 addresses. In an IPv6 link, it is assumed that all interfaces which are configured with the same subnet prefix and with on-link bit set can communicate with each other on anIPIPv6 link. However, the vehicular link model needs to define the relationship between a link and a prefix, considering the dynamics of wireless links and the characteristics of VANET. A VANET can have multiple links between pairs of vehicles within wireless communication range, as shown in Figure 4. When two vehicles belong to the same VANET, but they are out of wireless communication range, they cannot communicate directly with each other. Suppose that a global-scope IPv6 prefix is assigned to VANETs in vehicular networks. Even though two vehicles in the same VANET configure their IPv6 addresses with the same IPv6 prefix, they may not communicate with each other not in a one hop in the same VANET because of the multihop networkconnectivity.connectivity between them. Thus, in this case, the concept of an on-link IPv6 prefix does not hold because two vehicles with the same on-link IPv6 prefix cannot communicate directly with each other. Also, when two vehicles are located in two different VANETs with the same IPv6 prefix, they cannot communicate with each other. When these two VANETs converge to one VANET, the two vehicles can communicate with each other in a multihopfashion.fashion, for example, wheh they are Vehicle1 and Vehicle3, as shown in Figure 4. From the previous observation, a vehicular link model should consider the frequent partitioning and merging of VANETs due to vehicle mobility. Therefore, the vehicular link model needs to use an on- link prefix and off-link prefix according to theone-hop reachability among thenetwork topology of vehiclesin an appropriate way.such as a one-hop reachable network and a multihop reachable network (or partitioned networks). If the vehicles with the same prefix are reachable with each other in one hop, the prefix should be on-link. On the other hand, if some of the vehicles with the same prefix are not reachable with each other in one hop due to either themulti-hopmultihop topology in the VANET or multiple partitions, the prefix should be off-link. The vehicular link model needs to support the multihop routing in a connected VANET where the vehicles with the same global-scope IPv6 prefix are connected in one hop or multiple hops. It also needs to support the multihop routing in multiple connected VANETsvia an RSU that hasthrough infrastructure nodes (e.g., IP-RSU) where they are connected to thewireless connectivity with each VANET.infrastructure. For example, in Figure 1, suppose that Vehicle1, Vehicle2, and Vehicle3 are configured with their IPv6 addresses based on the same global-scope IPv6 prefix. Vehicle1 and Vehicle3 can also communicate with each other via eithermulti-hopmultihop V2V ormulti-hopmultihop V2I2V. When the two vehicles of Vehicle1 and Vehicle3 are connected in a VANET, it will be more efficient for them to directly communicate with each other via VANET rather than indirectly via IP- RSUs. On the other hand, when the two vehicles of Vehicle1 and Vehicle3 are far away from the communication range in separate VANETs and under two differentRSUs,IP-RSUs, they can communicate with each other through the relay ofRSUsIP-RSUs via V2I2V. Thus, two separate VANETs can merge into one network viaRSU(s).IP-RSU(s). Also, newly arriving vehicles can merge two separate VANETs into one VANET if they can play a role of a relay node for those VANETs. 5.1.2. MAC Address Pseudonym For the protection of drivers' privacy, a pseudonym of a MAC address of a vehicle's network interface should be used, so that the MAC address can be changed periodically. However, although such a pseudonym of a MAC address can protect some extent of privacy of a vehicle, it may not be able to resist attacks on vehicle identification by other fingerprint information, for example, the scrambler seed embedded in IEEE 802.11-OCB frames [Scrambler-Attack]. The pseudonym of a MAC address affects an IPv6 address based on the MAC address, and a transport-layer (e.g.,TCP)TCP and and SCTP) session with an IPv6 address pair. However, the pseudonym handling is not implemented and tested yet for applications on IP-based vehicular networking. In the ETSI standards, for the sake of security and privacy, an ITS station (e.g., vehicle) can use pseudonyms for its network interface identities (e.g., MAC address) and the corresponding IPv6 addresses [Identity-Management]. Whenever the network interface identifier changes, the IPv6 address based on the network interface identifiershouldneeds to be updated, and the uniqueness of the addressshouldneeds to beperformedchecked through the DAD procedure. For vehicular networks with high mobility and density, this DADshouldneeds to be performed efficiently with minimum overhead so that the vehicles can exchangewarningapplication messages (e.g., collision avoidance and accident notification) with each otherevery 0.5 second [NHTSA-ACAS-Report]. For the continuity of an end-to-end (E2E) transport-layer (e.g., TCP, UDP, and SCTP) session,with amobility management schemeshort interval (e.g.,MIPv6 and PMIPv6), the new IP address for the transport-layer session can be notified to an appropriate end point, and the packets of the session should be forwarded to their destinations with the changed network interface identifier and IPv6 address. This mobility management overhead for pseudonyms should be minimized for efficient operations in vehicular networks having lots of vehicles.0.5 second) [NHTSA-ACAS-Report]. 5.1.3. Routing For multihop V2V communications in either a VANET or VANETs via IP- RSUs, a vehicular ad hoc routing protocol (e.g., AODV and OLSRv2) may be required to support both unicast and multicast in the links of the subnet with the same IPv6 prefix. However, it will be costly to run both vehicular ND and a vehicular ad hoc routing protocol interms of control traffic overhead [ID-Multicast-Problems]. The merging of the IPv6 Neighbor Discovery and a VANET routing protocol allows the efficient wireless channel utilization.terms of control traffic overhead [ID-Multicast-Problems]. A routing protocol for VANET may cause redundant wireless frames in the air to check the neighborhood of each vehicle and compute the routing information in VANET with a dynamic network topologyifbecause the IPv6 ND is used to check the neighborhood of eachvehicle, and can be extended to compute each vehicle's routing table in VANET. Vehicular ND can be extended to accommodatevehicle. Thus, the vehicular routingfunctionality with a prefix discovery option. The ND extension can allow vehiclesneeds toexchange their prefixes in a multihop fashion [ID-Vehicular-ND]. Withtake advantage of theexchanged prefixes, they can compute their routing table (orIPv6ND's neighbor cache) for the VANETs with a distance-vector algorithm [Intro-to-Algorithms].ND to minimize its control overhead. 5.2. Mobility Management The seamless connectivity and timely data exchange between two end points requires an efficient mobility management including location management and handover. Most of vehicles are equipped with a GPS receiver as part of a dedicated navigation system or a corresponding smartphone App. Note that The GPS receiver may not provide vehicles with accurate location information inadverse, localadverse environments such as a building area and tunnel. The location precision can be improved by the assistance from theRSUsIP-RSUs or a cellular system with a GPS receiver for location information. With a GPS navigator, an efficient mobility managementwillcan bepossible byperformed with the help of vehicles periodically reporting their current position and trajectory (i.e., navigation path) to the vehicular infrastructure (havingRSUsIP-RSUs and an MA inTCC) [ID-Vehicular-MM].TCC). This vehicular infrastructure can predict the future positions of the vehicles with their mobility information (i.e., the current position, speed, direction, and trajectory) for the efficient mobility management (e.g., proactive handover). For a better proactive handover, link-layer parameters, such as the signal strength of a link-layer frame (e.g., Received Channel Power Indicator (RCPI) [VIP-WAVE]), can be used to determine the moment of a handover betweenRSUsIP-RSUs along with mobility information. By predicting a vehicle's mobility, the vehicular infrastructurecanneeds to better supportRSUsIP-RSUs to perform efficientDAD,SLAAC, datapacket routing,forwarding, horizontal handover (i.e., handover in wireless links using a homogeneous radio technology), and vertical handover (i.e., handover in wireless links using heterogeneous radio technologies) in advance along with the movement of thevehicle [ID-Vehicular-MM].vehicle. For example, as shown in Figure 1, when a vehicle (e.g., Vehicle2) is moving from the coverage of an IP-RSU (e.g., IP-RSU1) into thewireless link undercoverage of anotherRSUIP-RSU (e.g., IP-RSU2) belonging to a different subnet, theRSUIP-RSUs can proactivelyperformsupport theDADIPv6 mobility of the vehicle, while performing the SLAAC, data forwarding, and handover for the sake of thevehicle, reducing IPv6 control traffic overhead invehicle. Therefore, for thewireless link. To prevent a hacker from impersonating RSUs as bogus RSUs, RSUsproactive andMA inseamless IPv6 mobility of vehicles, the vehicular infrastructureneed to have secure channels via IPsec. Therefore, with a proactive handover(including IP-RSUs anda multihop DAD in vehicular networks, RSUsMA) needs to efficientlyforward data packets fromperform thewired network (ormobility management of thewireless network) to a moving destination vehicle along its trajectory.vehicles with their mobility information and link-layer information. 6. Security Considerations This section discusses security and privacy forIP-basedIPv6-based vehicular networking. The security andprivacy are one of key componentsprivacy is one of key components in IPv6-based vehicular networking along with neighbor discovery and mobility management. Security and privacy are paramount in the V2I, V2V, and V2X networking. Only authorized vehicles need to be allowed to use the vehicular networking. Also, in-vehicle devices (e.g., ECU) and mobile devices (e.g., smartphone) in a vehicle need to communicate with other in-vehicle devices and mobile devices inIP-based vehicular networking, such as neighbor discoveryanother vehicle, andmobility management, so they needother servers in an IP-RSU in a secure way. Even a perfectly authorized and legitimate vehicle may be hacked to run malicious applications to track and collect its and other vehicles' information. For this case, an attack mitigation process may beanalyzed in depth.required to reduce the aftermath of the malicious behaviors. Strong security measures shall protect vehicles roaming in road networks from the attacks of malicious nodes, which are controlled by hackers. For safety applications, the cooperation among vehicles is assumed. Malicious nodes may disseminate wrong driving information (e.g., location, speed, and direction) to make driving be unsafe. For example, Sybil attack, which tries to confuse a vehicle with multiple false identities, disturbs a vehicle in taking a safe maneuver. This sybil attackshouldneeds to be prevented through the cooperation between good vehicles andRSUs.IP-RSUs. Note that good vehicles are ones with valid certificates that are determined by the authentication process with an authentication server in the vehicularnetwork. Applicationscloud. However, applications onIP-basedIPv6-based vehicular networking, which are resilient to such a sybil attack, are not developed and tested yet.Security and privacy are paramount inTo identify theV2I, V2V, and V2X networking in vehicular networks. Only authorizedgenuineness of vehiclesshould be allowed to use vehicular networking. Also, in-vehicle devices and mobile devices in a vehicle need to communicate with other in-vehicle devices and mobile devices in another vehicle, and other servers in an RSU in a secure way. Even a perfectly authorized and legitimate vehicle may be hacked to runagainst maliciousapplications to track and collect other vehicles' information. For this case,vehicles, anattack mitigation process may be required to reduce the aftermath of the malicious behaviors.authentication method is required. A Vehicle Identification Number (VIN) and a user certificate along with in-vehicle device's identifier generation can be used to efficiently authenticate a vehicle or a user through a road infrastructure node (e.g.,RSU)IP-RSU) connected to an authentication server in the vehicular cloud. Also, Transport Layer Security (TLS) certificates can be used for the vehicle authentication to allow secure E2E vehicle communications. To identify the genuineness of vehicles against malicious vehicles, an authentication method is required. For vehicle authentication, information available from a vehicle or a driver (e.g., Vehicle Identification Number (VIN) and Transport Layer Security (TLS) certificate [RFC8446]) needs to be used to efficiently authenticate a vehicle or a user with the help of a road infrastructure node (e.g., IP-RSU) connected to an authentication server inTCC. Also, Transport Layer Security (TLS) certificates can be used for secure E2E vehicle communications.the vehicular cloud. For secure V2I communication, a secure channel between a mobile router (i.e., IP-OBU) in a vehicle and a fixed router (i.e., IP-RSU) in anRSU shouldEN needs to be established, as shown in Figure 2. Also, for secure V2V communication, a secure channel between a mobile router (i.e., IP-OBU) in a vehicle and a mobile router (i.e., IP-OBU) in another vehicleshouldneeds to be established, as shown in Figure 3. To prevent an adversary from tracking a vehicle with its MAC address or IPv6 address, MAC address pseudonymshouldneeds to be provided to the vehicle; that is, each vehicleshouldperiodicallyupdateupdates its MAC address and the corresponding IPv6 addressas suggested in[RFC4086][RFC4941]. Such an update of the MAC and IPv6 addresses should not interrupt the E2E communications between two vehicles (or between a vehicle and an IP- RSU)in terms of transport layerfor along- living higher-layerlong-living transport-layer session. However, if this pseudonym is performed without strong E2E confidentiality, there will be no privacy benefit from changing MAC andIPIPv6 addresses, because an adversary canseeobserve the change of the MAC andIPIPv6 addresses and track the vehicle with those addresses. For the IPv6 ND, thevehicular-network-wideDAD is required for the uniqueness of the IPv6 address of a vehicle's wireless interface. This DAD can be used as a flooding attack that makes the DAD-related ND packets are disseminated over the VANETandor vehicularnetwork including the RSUs andnetworks. Thus, theMA. Thevehicles andRSUsIP-RSUs need to filter out suspicious ND traffic in advance. For the mobility management, a malicious vehicle can construct multiple virtual bogus vehicles, and register them withthe RSUIP-RSUs andtheMA. This registration makes theRSUIP-RSUs and MA waste their resources. TheRSUIP-RSUs and MA need to determine whether a vehicle is genuine or bogus in the mobility management. Also, the confidentiality of control packets and data packets among IP-RSUs and MA, the E2E paths (e.g., tunnels) need to be protected by secure communication channels. In addition, to prevent bogus IP-RSUs and MA from interfering IPv6 mobility of vehicles, the mutual authentication among them needs to be performed by certificates (e.g., TLS certificate). 7. Informative References [Automotive-Sensing] Choi, J., Va, V., Gonzalez-Prelcic, N., Daniels, R., R. Bhat, C., and R. W. Heath, "Millimeter-Wave Vehicular Communication to Support Massive Automotive Sensing", IEEE Communications Magazine, December 2016. [CA-Cruise-Control] California Partners for Advanced Transportation Technology (PATH), "Cooperative Adaptive Cruise Control", [Online] Available: http://www.path.berkeley.edu/research/automated-and- connected-vehicles/cooperative-adaptive-cruise-control, 2017. [CASD] Shen, Y., Jeong, J., Oh, T., and S. Son, "CASD: A Framework of Context-Awareness Safety Driving in Vehicular Networks", International Workshop on Device Centric Cloud (DC2), March 2016. [DSRC] ASTM International, "Standard Specification for Telecommunications and Information Exchange Between Roadside and Vehicle Systems - 5 GHz Band Dedicated Short Range Communications (DSRC) Medium Access Control (MAC) and Physical Layer (PHY) Specifications", ASTM E2213-03(2010), October 2010. [EU-2008-671-EC] European Union, "Commission Decision of 5 August 2008 on the Harmonised Use of Radio Spectrum in the 5875 - 5905 MHz Frequency Band for Safety-related Applications of Intelligent Transport Systems (ITS)", EU 2008/671/EC, August 2008. [FirstNet] U.S. National Telecommunications and Information Administration (NTIA), "First Responder Network Authority (FirstNet)", [Online] Available: https://www.firstnet.gov/, 2012. [FirstNet-Report] First Responder Network Authority, "FY 2017: ANNUAL REPORT TO CONGRESS, Advancing Public Safety Broadband Communications", FirstNet FY 2017, December 2017. [Fuel-Efficient] van de Hoef, S., H. Johansson, K., and D. V. Dimarogonas, "Fuel-Efficient En Route Formation of Truck Platoons", IEEE Transactions on Intelligent Transportation Systems, January 2018. [ID-Multicast-Problems] Perkins, C., McBride, M., Stanley, D., Kumari, W., and JC. Zuniga, "Multicast Considerations over IEEE 802 Wireless Media",draft-ietf-mboned-ieee802-mcast-problems-06 (work in progress), July 2019. [ID-Vehicular-MM] Jeong, J., Ed., Shen, Y., and Z. Xiang, "Vehicular Mobility Management for IP-Based Vehicular Networks", draft-jeong-ipwave-vehicular-mobility-management-01 (work in progress), July 2019. [ID-Vehicular-ND] Jeong, J., Ed., Shen, Y., and Z. Xiang, "Vehicular Neighbor Discovery for IP-Based Vehicular Networks", draft-jeong-ipwave-vehicular-neighbor-discovery-07draft-ietf-mboned-ieee802-mcast-problems-11 (work in progress),JulyDecember 2019. [Identity-Management] Wetterwald, M., Hrizi, F., and P. Cataldi, "Cross-layer Identities Management in ITS Stations", The 10th International Conference on ITS Telecommunications, November 2010. [IEEE-802.11-OCB] "Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications", IEEE Std 802.11-2016, December 2016. [IEEE-802.11p] "Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications - Amendment 6: Wireless Access in Vehicular Environments", IEEE Std 802.11p-2010, June 2010.[Intro-to-Algorithms] H. Cormen, T., E. Leiserson, C., L. Rivest, R., and C. Stein, "Introduction to Algorithms, 3rd ed.", The MIT Press, July 2009. [IPv6-over-802.11-OCB] Benamar, N., Haerri, J., Lee, J., and T. Ernst, "Basic Support for IPv6 over IEEE Std 802.11 Networks Operating Outside the Context of a Basic Service Set (IPv6-over- 80211-OCB)", draft-ietf-ipwave-ipv6-over-80211ocb-49 (work in progress), July 2019.[ISO-ITS-IPv6] ISO/TC 204, "Intelligent Transport Systems - Communications Access for Land Mobiles (CALM) - IPv6 Networking", ISO 21210:2012, June 2012. [NHTSA-ACAS-Report] National Highway Traffic Safety Administration (NHTSA), "Final Report of Automotive Collision Avoidance Systems (ACAS) Program", DOT HS 809 080, August 2000. [RFC3561] Perkins, C., Belding-Royer, E., and S. Das, "Ad hoc On- Demand Distance Vector (AODV) Routing", RFC 3561, July 2003. [RFC3753] Manner, J. and M. Kojo, "Mobility Related Terminology", RFC 3753, June 2004. [RFC3849] Huston, G., Lord, A., and P. Smith, "IPv6 Address Prefix Reserved for Documentation", RFC 3849, July 2004. [RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker, "Randomness Requirements for Security", RFC 4086, June 2005. [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP Version 6 (IPv6)", RFC 4861, September 2007. [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address Autoconfiguration", RFC 4862, September 2007. [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", RFC 4941, September 2007. [RFC5213] Gundavelli, S., Ed., Leung, K., Devarapalli, V., Chowdhury, K., and B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008.[RFC5844] Wakikawa, R.[RFC5415] Calhoun, P., Montemurro, M., andS. Gundavelli, "IPv4 Support for Proxy Mobile IPv6",D. Stanley, "Control And Provisioning of Wireless Access Points (CAPWAP) Protocol Specification", RFC5844, May 2010.5415, March 2009. [RFC5889] Baccelli, E. and M. Townsley, "IP Addressing Model in Ad Hoc Networks", RFC 5889, September 2010.[RFC5944] Perkins, C., Ed., "IP Mobility Support in IPv4, Revised", RFC 5944, November 2010.[RFC6250] Thaler, D., "Evolution of the IP Model", RFC 6250, May 2011. [RFC6275] Perkins, C., Ed., Johnson, D., and J. Arkko, "Mobility Support in IPv6", RFC 6275, July 2011. [RFC6775] Shelby, Z., Chakrabarti, S., Nordmark, E., and C. Bormann, "Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)", RFC 6775, November 2012. [RFC7149] Boucadair, M. and C. Jacquenet, "Software-Defined Networking: A Perspective from within a Service Provider Environment", RFC 7149, March 2014. [RFC7181] Clausen, T., Dearlove, C., Jacquet, P., and U. Herberg, "The Optimized Link State Routing Protocol Version 2", RFC 7181, April 2014. [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC8200, July 2017.8200, July 2017. [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, August 2018. [RFC8691] Benamar, N., Haerri, J., Lee, J., and T. Ernst, "Basic Support for IPv6 Networks Operating Outside the Context of a Basic Service Set over IEEE Std 802.11", RFC 8691, December 2019. [SAINT] Jeong, J., Jeong, H., Lee, E., Oh, T., and D. Du, "SAINT: Self-Adaptive Interactive Navigation Tool for Cloud-Based Vehicular Traffic Optimization", IEEE Transactions on Vehicular Technology, Vol. 65, No. 6, June 2016. [SAINTplus] Shen, Y., Lee, J., Jeong, H., Jeong, J., Lee, E., and D. Du, "SAINT+: Self-Adaptive Interactive Navigation Tool+ for Emergency Service Delivery Optimization", IEEE Transactions on Intelligent Transportation Systems, June 2017. [SANA] Hwang, T. and J. Jeong, "SANA: Safety-Aware Navigation Application for Pedestrian Protection in Vehicular Networks", Springer Lecture Notes in Computer Science (LNCS), Vol. 9502, December 2015. [Scrambler-Attack] Bloessl, B., Sommer, C., Dressier, F., and D. Eckhoff, "The Scrambler Attack: A Robust Physical Layer Attack on Location Privacy in Vehicular Networks", IEEE 2015 International Conference on Computing, Networking and Communications (ICNC), February 2015. [Timing-Attack] Matte, C., Cunche, M., Rousseau, F., and M. Vanhoef, "Defeating MAC Address Randomization Through Timing Attacks", ACM the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec '16), July 2016. [Truck-Platooning] California Partners for Advanced Transportation Technology (PATH), "Automated Truck Platooning", [Online] Available: http://www.path.berkeley.edu/research/automated-and- connected-vehicles/truck-platooning, 2017. [TS-23.285-3GPP] 3GPP, "Architecture Enhancements for V2X Services", 3GPP TS 23.285, June 2018. [VIP-WAVE] Cespedes, S., Lu, N., and X. Shen, "VIP-WAVE: On the Feasibility of IP Communications in 802.11p Vehicular Networks", IEEE Transactions on Intelligent Transportation Systems, vol. 14, no. 1, March 2013. [WAVE-1609.0] IEEE 1609 Working Group, "IEEE Guide for Wireless Access in Vehicular Environments (WAVE) - Architecture", IEEE Std 1609.0-2013, March 2014. [WAVE-1609.2]IEEE 1609 Working Group, "IEEE Standard for Wireless Access in Vehicular Environments - Security Services for Applications and Management Messages", IEEE Std 1609.2-2016, March 2016. [WAVE-1609.3] IEEE 1609 Working Group, "IEEE Standard for Wireless Access in Vehicular Environments (WAVE) - Networking Services", IEEE Std 1609.3-2016, April 2016. [WAVE-1609.4] IEEE 1609 Working Group, "IEEE Standard for Wireless Access in Vehicular Environments (WAVE) - Multi-Channel Operation", IEEE Std 1609.4-2016, March 2016. Appendix A. Changes from draft-ietf-ipwave-vehicular-networking-11 The following changes are made from draft-ietf-ipwave-vehicular- networking-11: o This version is revised based on the comments from Charlie Perkins and Sandra Cespedes. o In Section 5, the problem statement is revisd with easily identifiable problems. o In Section 1, the description of GeoNetworking (GN) protocols (i.e., geographic routing) is removed because the GN protocols are not relevant to the IPWAVE's use cases. o In Section 2, the terms of OCB, Context-Awareness, Platooning, and Class-Based Safety Plan are clarified. o In Section 2, the definition of an RSU is revised so that it can accommodate multiple routers (or switches) and servers (including DNS server and edge computing server) as an edge computing system because the RSU is regularly a router or switch. o In Section 4.1, a general vehicular network architecture is proposed for the problem statement along with Figure 1. This figure clarifies that a single subnet prefix can span multiple vehicles that construct a subnet. Also, some components in the vehicular network architecture may not be needed such as Vehicular Cloud, Traffic Control Center, and Mobility Anchor. o In Section 5.1.1, the motivation of a new link model as a vehicular link model is added. The "on-link" and "off-link"IEEE 1609 Working Group, "IEEE Standard forprefixes are classified according to the subnet topology of VANET. o In Section 5.1.1, the merging and partitioning of VANETs is described, and the requirements of the IPv6 ND are addressedWireless Access in Vehicular Environments - Security Services forthe mergingApplications andpartitioning as a problem statement. o In Section 5.1.2, a citation of [Scrambler-Attack], which uses the scrambler seedManagement Messages", IEEE Std 1609.2-2016, March 2016. [WAVE-1609.3] IEEE 1609 Working Group, "IEEE Standard for Wireless Access intheVehicular Environments (WAVE) - Networking Services", IEEE802.11-OCB frames as fingerprint information, is added to show the insufficiency of the MAC address pseudonymStd 1609.3-2016, April 2016. [WAVE-1609.4] IEEE 1609 Working Group, "IEEE Standard forprivacy.Wireless Access in Vehicular Environments (WAVE) - Multi-Channel Operation", IEEE Std 1609.4-2016, March 2016. Appendix A. Changes from draft-ietf-ipwave-vehicular-networking-12 The following changes are made from draft-ietf-ipwave-vehicular- networking-12: oIn Section 5.1, the subsection of Prefix Dissemination/ExchangeThis version isremoved becauserevised based on thePrefix Dissemination/Exchange subsection discusses a solutioncomments from Carlos Bernardos. o This version focuses on problems rather thana problem or requirement. o In Section 5.1.3,solutions for IPWAVE. Also, this version addresses themotivationrequirements ofmerging theIPv6ND and a VANET routing protocol is explained to improve wireless channel utilization by removing redundantneighborinformation exchange. o The text of the problemsdiscovery, mobility management, andrequirements ofsecurity andprivacy in vehicular networks are moved to Section 6.privacy. o In Section6, the compromise2, IP-OBU and IP-RSU are used instead ofa perfectly authorizedOBU andlegitimate vehicle is described as a security problem to be considered.RSU, respectively. o In Section3.3, the description of Vehicle-to-Pedestrian (V2P)4.1, an exemplary vehicular network architecture isconcised to deliver the clear concept ofillustrated for thedirect communication between a vehicle and a pedestrian.problem statement as Figure 1. Appendix B. Acknowledgments This work was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (2017R1D1A1B03035885). This work was supported in part by the MSIT (Ministry of Science and ICT), Korea, under the ITRC (Information Technology Research Center) support program (IITP-2019-2017-0-01633) supervised by the IITP (Institute for Information & communications Technology Promotion). This work was supported in part by the French research project DataTweet (ANR-13-INFR-0008) and in part by the HIGHTS project funded by the European Commission I (636537-H2020). Appendix C. Contributors This document is a group work of IPWAVE working group, greatly benefiting from inputs and texts by Rex Buddenberg (Naval Postgraduate School), Thierry Ernst (YoGoKo), Bokor Laszlo (Budapest University of Technology and Economics), Jose Santa Lozanoi (Universidad of Murcia), Richard Roy (MIT), Francois Simon (Pilot), Sri Gundavelli (Cisco), Erik Nordmark, Dirk von Hugo (Deutsche Telekom),andPascal Thubert(Cisco).(Cisco), Carlos Bernardos (UC3M), Russ Housley (Vigil Security), and Suresh Krishnan (Kaloom). The authors sincerely appreciate their contributions. The following are co-authors of this document: Nabil Benamar Department of Computer Sciences High School of Technology of Meknes Moulay Ismail University Morocco Phone: +212 6 70 83 22 36 EMail: benamar73@gmail.com Sandra Cespedes NIC Chile Research Labs Universidad de Chile Av. Blanco Encalada 1975 Santiago Chile Phone: +56 2 29784093 EMail: scespede@niclabs.cl Jerome Haerri Communication Systems Department EURECOM Sophia-Antipolis France Phone: +33 4 93 00 81 34 EMail: jerome.haerri@eurecom.fr Dapeng Liu Alibaba Beijing, Beijing 100022 China Phone: +86 13911788933 EMail: max.ldp@alibaba-inc.com Tae (Tom) Oh Department of Information Sciences and Technologies Rochester Institute of Technology One Lomb Memorial Drive Rochester, NY 14623-5603 USA Phone: +1 585 475 7642 EMail: Tom.Oh@rit.edu Charles E. Perkins Futurewei Inc. 2330 Central Expressway Santa Clara, CA 95050 USA Phone: +1 408 330 4586 EMail: charliep@computer.org Alexandre Petrescu CEA, LIST CEA Saclay Gif-sur-Yvette, Ile-de-France 91190 France Phone: +33169089223 EMail: Alexandre.Petrescu@cea.fr Yiwen Chris Shen Department of Computer Science & Engineering Sungkyunkwan University 2066 Seobu-Ro, Jangan-Gu Suwon, Gyeonggi-Do 16419 Republic of Korea Phone: +82 31 299 4106 Fax: +82 31 290 7996 EMail: chrisshen@skku.edu URI: http://iotlab.skku.edu/people-chris-shen.php Michelle Wetterwald FBConsulting 21, Route de Luxembourg Wasserbillig, Luxembourg L-6633 Luxembourg EMail: Michelle.Wetterwald@gmail.com Author's Address Jaehoon Paul Jeong (editor) Department of Computer Science and Engineering Sungkyunkwan University 2066 Seobu-Ro, Jangan-Gu Suwon, Gyeonggi-Do 16419 Republic of Korea Phone: +82 31 299 4957 Fax: +82 31 290 7996 EMail: pauljeong@skku.edu URI: http://iotlab.skku.edu/people-jaehoon-jeong.php