highlighted some phrases in change strategies

main.tex

@@ -324,17 +324,17 @@ A last example so far:  Focusing on one vehicle, let us assume it changes its ps
 
 These examples already show important points to take care of when changing pseudonyms:  There needs to be some ambiguity regarding which node changed to which pseudonym – there shall be other nodes present within the reception range, coordination and frequency of change matter, and all identifiers need to be changed simultaneously with buffers being flushed or discarded.  The position needs to be updated during pseudonym change, too, to prevent re-identification through stale position coordinates included in GN packets.  Control metadata like sequence numbers in \ac{GN} packets have to be reset as well.
 
-The \ac{ETSI} \ac{ITS} working group gathers a number of concepts for pseudonym change strategies in a technical report \cite{europeantelecommunicationsstandardsinstituteetsiETSITR1032018}:  The parameters deciding about a pseudonym change (e.g. time period or way length) shall be randomized to prevent linkability by analyzing the periodicity of changes.  After changing pseudonyms, random-length \textit{silent periods} shall be abided in which nodes stop sending any packages.  When using a \textit{vehicle-centric} strategy, pseudonym change time, its frequency and duration of silent periods are influenced by the vehicle's mobility and trajectory to make linkage of pseudonyms based on broadcasted movement parameters harder.  When using a density-based approach, pseudonyms are changed only if enough other vehicles are around to avoid unnecessary unambiguous pseudonym changes.
+The \ac{ETSI} \ac{ITS} working group gathers a number of concepts for pseudonym change strategies in a technical report \cite{europeantelecommunicationsstandardsinstituteetsiETSITR1032018}:  The parameters deciding about a pseudonym change (e.g. time period or way length) shall be randomized to prevent linkability by analyzing the periodicity of changes.  After changing pseudonyms, random-length \textit{silent periods} shall be abided in which nodes stop sending any packages.  When using a \textit{vehicle-centric} strategy, pseudonym change time, its frequency and duration of silent periods are influenced by the vehicle's mobility and trajectory to make linkage of pseudonyms based on broadcasted movement parameters harder.  When using a \textit{density-based} approach, pseudonyms are changed only if enough other vehicles are around to avoid unnecessary unambiguous pseudonym changes.
 
-Mix-zones are geographical areas where no messages of location-aware services are exchanged.  This concept is supposed to make linkage of in-going and outgoing vehicles from the zone difficult.  These zones are especially effective in high-density and high-fluctuation areas like intersections or parking spots.  \\
+\textit{Mix-zones} are geographical areas where no messages of location-aware services are exchanged.  This concept is supposed to make linkage of in-going and outgoing vehicles from the zone difficult.  These zones are especially effective in high-density and high-fluctuation areas like intersections or parking spots.  \\
 Within these zones, vehicles could collaboratively change pseudonyms by first announcing it via broadcast messages and then changing synchronously.  As stated in the report, the efficiency of that approach depends heavily on the density of the situation.  \\
 A special variant are \textit{cryptographic mix-zones}:  Within these zones with a size limited to the radio coverage of \iac{RSU}, no identifying data is sent in plaintext but everything is encrypted with the same symmetric key provided by the \ac{RSU}.  This allows the usage of location-aware collision detection messages while preventing an outsider from eavesdropping, without having to switch off important safety features.
 
-An alternative to just changing from one pseudonym to the next one from a node's internal storage is swapping pseudonyms randomly between nearby vehicles.  We find this approach to limited though by the inclusion of vehicle-specific data into messages and legal requirements demanding the possibility of an identity resolution for law enforcement.
+An alternative to just changing from one pseudonym to the next one from a node's internal storage is \textit{swapping pseudonyms} randomly between nearby vehicles.  We find this approach to limited though by the inclusion of vehicle-specific data into messages and legal requirements demanding the possibility of an identity resolution for law enforcement.
 
 The \ac{ETSI} survey \cite{europeantelecommunicationsstandardsinstituteetsiETSITR1032018} also gives an overview of used strategies in existing standards or projects.  These include some interesting further approaches:  \\
-The SCOOP@F project proposes a timeslot-based round-robin pseudonym selection.  The interesting thing about this is that reuse of pseudonyms from the local pool is explicitly allowed as the selection mechanism makes sure they are not always re-used in the same order.  This is a useful approach against the problem of pseudonym refill (acquiring new pseudonyms) not always being possible.  \\
-The strategy proposed by the Car-2-Car Communication Consortium is dividing each trip into at least 3 segments:  The first one from the start of the trip to a middle segment, the middle segment being common to a number of people and unassociated to certain origins and destinations, and the last segment to the intended destination of the trip.  This shall achieve that locations significant to a user can neither be linked together nor to the user and thus preventing individual movement profiles.  The values for changing pseudonyms have been statistically obtained with the outcome of changing pseudonyms at the beginning of a trip, then randomly after 0.8-1.5 km, and from then on randomly at least every 0.8 km or 2-6 minutes.
+The SCOOP@F project proposes a \textit{timeslot-based round-robin} pseudonym selection.  The interesting thing about this is that reuse of pseudonyms from the local pool is explicitly allowed as the selection mechanism makes sure they are not always re-used in the same order.  This is a useful approach against the problem of pseudonym refill (acquiring new pseudonyms) not always being possible.  \\
+The strategy proposed by the Car-2-Car Communication Consortium is \textit{dividing each trip} into at least 3 segments:  The first one from the start of the trip to a middle segment, the middle segment being common to a number of people and unassociated to certain origins and destinations, and the last segment to the intended destination of the trip.  This shall achieve that locations significant to a user can neither be linked together nor to the user and thus preventing individual movement profiles.  The values for changing pseudonyms have been statistically obtained with the outcome of changing pseudonyms at the beginning of a trip, then randomly after 0.8-1.5 km, and from then on randomly at least every 0.8 km or 2-6 minutes.
 
 Some safety requirements of the \ac{ETSI} standard affect pseudonym change:  In critical situations when a receiving station would need to take immediate action in response to received safety information, pseudonyms have to be locked.  The reason behind that is that cooperational collision avoidance depends on all vehicles broadcasting their location and trajectory.  Vehicles in a silent period due to a pseudonym change wouldn't be taken into account, and vehicles changing pseudonyms without silent period could appear as duplicate or ghosting vehicles hindering collision evasion.   Recognizing such critical situations and initiating the pseudonym locking is done by the receiving \ac{ITS} vehicle, which decreases the risk of an attacker trying to deliberately lock pseudonyms without a critical situation being present.