Essay: SECURITY ATTACKS AND SOLUTIONS IN VEHICULAR AD HOC NETWORKS

A SURVEY

ABSTRACT

Vehicular Ad Hoc Network (VANET) is a sub class of mobile ad hoc networks. VANET provides wireless communication among vehicles and vehicle to road side equipment’s. The communication between vehicles is used for safety, proficiency and other added services. However, VANETs are themselves defenseless against attacks that can directly lead to the corruption of networks and then probably provoke big losses of time, money, and even lives. This paper presents a survey of VANETs attacks and solutions in carefully seeing other similar works as well as updating new attacks and categorizing them into different classes.

KEYWORDS

Vehicular Ad hoc Networks (VANETs), Security, Privacy, VANETs Attacks.

1. INTRODUCTION

In the last few years, accompanying the massive deployment of wireless technologies and the growing number of wireless products on motorized vehicles including remote keyless entry devices, personal digital assistants (PDAs), laptops, and mobile telephones, automotive industries have opened a wide variety of possibilities for both drivers and their passengers. Vehicular Ad hoc Networks (VANETs) have attracted a lot of attention in research community because of their varied value added services, namely vehicle safety, automated toll payment, traffic management, enhanced navigation, location-based service for finding the closest fuel station, travel lodge or restaurant and simply access to the Internet.

Fig. 1. Hierarchy of wireless ad hoc networks

However, many forms of attacks against VANETs have emerged recently and alarmed the unsettling situation of these networks’ security. Being an implementation of Mobile Ad hoc Networks (MANETs) (Fig. 1), VANETs inherit all the discovered and undiscovered security and privacy vulnerabilities related to MANETs. Furthermore, VANETs have a number of distinctive properties [5] that could be also vulnerabilities for attackers to exploit. Those properties include the particular nature of communication in VANETs. Connections in a VANET in particular and in any Wireless Ad hoc Network in general are based on node-to-node communications: every node is able to act as either a host inquiring data or a router forwarding data. There are two types of nodes: (i) RoadSide Units (RSUs) standing for fixed nodes provisioned along the route and (ii) OnBoard Unit (OBU) referring to mobile nodes (i.e., vehicles) equipped with some sort of radio interface that enables connecting to other nodes in wireless manner. Fig. 2 depicts a general view of VANETs structure. It is worth mentioning that the speed of mobile nodes- vehicles in VANETs may be much higher than in MANETs. This reason makes VANETs very dynamic in nature. A number of nodes can communicate once as a group but can then rapidly change their own structure caused by leaving of a member or joining of another node. Therefore, it is expected that nodes are continuously “keeping in touch” with other nodes in the group to maintain the survival of the network. This aspect of VANETs seems to be very vulnerable and attacks can be unconsciously or intentionally performed to damage a part of or the total network. As mentioned above, VANETs provide many added applications that are safety, entertainment, or infotainment oriented. Attacks to VANETs may lead to catastrophic consequences such as the losses of lives in the case of traffic accident, losses of time (e.g., tampering traffic jam made by attacks) or financial losses (i.e., in payment services).

Fig. 2. A basic structure of VANETs [5]

The researches on VANETs security were triggered in the middle of 2000s and genuinely bloomed since 2007. In order to provide a thorough survey covering a big number of publications related to VANETs attacks, we searched for and collected papers approaching this topic from 2007 to 2013 that had made a significant contribution to the improvement of VANETs security. Fig. 3 indicated the numbers of publications each year that we found by searching on five main technical publishers, including IEEE explore, ACM Portal, Springer Online Library, Wiley Inter Science, and Elsevier Online Library, with either “VANETs security” “VANETs attacks” “VANETs vulnerabilities” keywords in title or abstract.

There has been many research works on the VANETs security in general and VANETs attacks in particular, especially the last three years from 2011 to 2013. However, there is a few survey works in the literature on VANETs attacks. In the existing surveys [2], [3], [6], some of attacks were not enough illustrated in detail and some were missed. Our paper aims to introduce more concisely the possible attacks, their mechanisms and influences as well as their corresponding solutions to thwart those attacks. We characterize the attacks (e.g., type of attacker, security aspects that are damaged) for a further classification. For each attack, we try to perform a concise scenario to better identify this attack. We equally point out the properties that can be collected to detect the attacks. These properties could be the input for an intrusion detector that we consider as future work of our research. Our purpose in this study is to not only depict a detailed list containing up-to-date attacks but also a global view of security threats in VANETs, in order to provide a useful starting point for researchers interested in the subject and to help VANETs designers to develop and deploy secure VANETs infrastructures.

Fig. 3. VANETs security publications from 2007 to 2013

The rest of this paper is organized as follows: Section 2 presents some related works that are similar to our study. Section 3 is devoted to the VANETs security requirements. Section 4 contains the VANETs attacks and their corresponding solutions as well as examples. Section 5 summarizes the attacks that were mentioned in previous section, characterizes, and classifies them. Finally, we discuss about our study, conclude, and propose the future work in section 6.

2. RELATED WORK

In 2010, J.T. Isaac, S. Zeadally, and J.S. Camara published a paper on “Security attacks and solutions for vehicular ad hoc networks” [6]. They discussed some of the major security attacks that have been reported on VANETs before and in 2010. They presented also the corresponding security solutions that have been proposed to prevent those security attacks and vulnerabilities. The main security areas that they focused on include anonymity, key management, privacy, reputation, and location. Anonymity is a critical issue in VANETs concerning the physical identity of mobile nodes (i.e., vehicles) that should be kept secret in unauthorized components’ point of view. Key management deals with problems on generating, distributing, and storing keys. For ad hoc networks, there are three main approaches for key management reported by literature, namely key exchange, key agreement, and key management infrastructure. Privacy refers to the ability of the drivers to protect sensitive information about them against unauthorized observers. Reputation of a member is usually evaluated by a particular one in answering the question “How much is this member trustable?” in a specific setting or domain of interest. Certainly, trustworthy behavior will be trusted and encouraged by reputation systems. In VANETs, the defense against compromised nodes, and malicious ones can be assured by applying such kinds of systems. Location refers to vehicle position in VANETs that can be considered as one of the most valuable pieces of information in geographic routing. It is often readily available through positioning services such as global positioning system (GPS).

In 2012, in the paper “Survey on Security Attacks in Vehicular Ad hoc Networks (VANETs)” [3], Mohammed Saeed Al-kahtani identified different security attacks, classified them, compared their defending mechanism in VANETs and suggested some future possibilities in this area. The author categorized three types of attacker as follows:

Insider vs. Outsider

If the attacker is a member node who can communicate with other members of the network, it will be known as an Insider and able to attack in various ways. Whereas, an outsider, who is not authenticated to directly communicate with other members of the network, have a limited capacity to perform an attack (i.e., have less variety of attacks).

Malicious vs. Rational

A malicious attacker uses various methods to damage the member nodes and the network without looking for its personal benefit. On the contrary, a rational attacker expects its own benefit from the attacks. Thus, these attacks are more predictable and follow some patterns.

Active vs. Passive

An active attacker can generate new packets to damage the network whereas a passive attacker only eavesdrop the wireless channel but cannot generate new packets (i.e., less harmful). In fact, there is another attribute to characterize an attacker, which is presented in [8]:

Local vs. Extended

An attacker is considered as local if it is limited in scope, even if it possesses several entities (e.g., vehicles or base stations). Otherwise, an extended attacker broadens its scope by controlling several entities that are scattered across the network. This distinction is especially important in wormhole attacks that we will describe later.

In 2013, Irshad Ahmed Sumra proposed five different classes of attacks [2] and every class is expected to provide better perspectives for the VANETs security (Table 1). This paper attempted to propose a classification and an identification of different attacks in VANETs.

Monitoring Attacks

Social Attacks

Timing Attacks

Application Attacks

Network Attacks

Table 1: Proposed classification of attacks in [2]

In first class- Network Attacks, attackers can directly affect other vehicles and infrastructure. These attacks are on the high level of danger because these affect the whole network. Whilst, in Application Attacks class, the objectives of attackers are applications that provide added service in VANETs. The attacker is mainly interested in changing contents used in applications and abusing it for their own benefits. The third class- Timing Attacks- is a type of attacks in which attackers’ main objective is to add some time slot in original message, for example, to create delays in order to block this message come to the receiver before the expiration of its lifetime. All unmoral messages, which trigger bad emotions of other drivers, are classified into the class Social Attacks. Finally, attacks in which monitoring and tracking activities are performed are laying in the class Monitoring Attacks.

The related works above alert an alarming situation of VANETs security. In the next sections, we aim to emphasize security requirements in VANETs, then introduce more concisely the possible attacks, their corresponding countermeasures and propose another classification of these attacks.

3. VANETS SECURITY REQUIREMENTS

In this section, we present the main security requirements for VANETs [11], [12]. Three properties regarding security that cannot be ignored are confidentiality, integrity, and availability. In terms of VANETs security, these three properties stand for some more specific meaning.

Confidentiality

In VANETs, the definition of confidentiality refers to “confidential communication” [11]. In a group, none except group members are able to decrypt the messages that are broadcasted to every member of group; and none (even other members) except a dedicated receiver member is capable to decrypt the message devoted to it.

Integrity

It ensures that data or messages delivered among nodes are not altered by attackers. This concept in VANETs often combines with the concept “authentication” to guarantee that: A node should be able to verify that a message is indeed sent and signed by another node without being modified by anyone. In order to gain this property, Data Verification is also required: Once the sender vehicle is authenticated, the receiving vehicle performs data verifications to check whether the message contains the correct or corrupted data.

Availability

The network should be available even if it is under an attack without affecting its performance. This concept of VANETs is not different from itself in other kinds of networks but not easy to ensure because of the mobility in high speed of vehicles.

Besides three main security requirements above, the following security aspects should be also satisfied in VANETs:

Privacy

The profile or a driver’s personal information must be maintained against unauthorized access. We consider the following two cases:

– Communications between vehicles and RSUs: Privacy means that an eavesdropper is impossible to decide whether two different messages come from the same vehicle.

– Communications between vehicles: Privacy means that determining whether two different valid messages coming from the same vehicle is intensely burdensome for everyone except a legitimate component (e.g., tracing manager [12]).

Identity privacy preserving is similar to the concept of “Anonymity”. That means identifying the physical identity of a message’s originator should be computationally expensive.

Traceability and revocability

Although a vehicles real identity should be hidden from other vehicles, there should be still a component (e.g., Trace Manager) that has the ability to obtain vehicles’ real identities and to revoke them from future usage.

Non-repudiation

Drivers must be reliably identified in case of accidents. A sender should have mandatory responsibility in transmitting the messages for the investigation that will determine the correct sequence and content of messages exchanged before the accident [8].

Real-time constraints

Since vehicles are able to randomly move in and quickly move out to a group of a VANET for a short duration, real-time constraints should be maintained.

Low Overhead

All messages in VANETs are time critical. Thus, “low overhead” is essential to retain the usefulness and validity of messages.

4. ATTACKS AND COUNTERMESURES IN VANETS

In this paper, only the attacks perpetrated against VANETs communication are taken into consideration. Physical problems (e.g., hardware tampering) are out of the scope of our research.

4.1. Sybil Attack

The Sybil attack is a well-known hurtful attack that was firstly described and formalized by Douceur [13] in the context of peer-to-peer networks. To perform this kind of attack, a vehicle declares to be several vehicles either at the same time or in succession. This attack is very dangerous since a vehicle can claim to be in different positions at the same time, thereby creating chaos and huge security risks in the network. The Sybil attack damages network topologies and connections as well as network bandwidth consumption. In Fig. 4, an attacker A transmits multiple messages with different identities to the other vehicles. Thus, other vehicles realize that there is currently a heavy traffic.

Fig. 4. Sybil attack

Traditionally in ad hoc networks, there are three types of defenses against Sybil attacks introduced, namely registration, position verification, and radio resource testing. Registration itself is not enough to prevent Sybil attacks, because a malicious node has possibility to register with multiple identities by non-technical means such as stealing. Moreover, a strict registration may lead to serious privacy troubles. In position verification [9], the position of nodes will be verified. The goal is to make certain that each physical node refers to one and only one identity. Radio resource testing [12], [13] is based on the assumption that all physical entities are limited in resources. The work done in [13] uses computational puzzles to test computational resources of each node. The general idea bases on the maximum capacity that an entity can solve multiple puzzles simultaneously. If an attacker impersonates different entities at the same time, it will have too many puzzles. It will be impossible to resolve and will be detected. However, this technique is not appropriate for VANETs since an attacker node can be equipped with more computational resources than an ordinary node. Thus, to eliminate this problem, the work done in [11] proposed another approach relying on the assumption that “any physical device has only one radio” and “a radio is incapable of simultaneously sending or receiving on more than one channel”. As a concrete example, in order to verify that none of the neighbors is Sybil identity, a node can assign each of its n neighbors a different channel on that it broadcasts some messages. Then it selects randomly a channel to listen. If its neighbor is legitimate, it will be able to get the response from the corresponding channel. Otherwise, that must be a Sybil node. The detection rate arises if this test is repeatedly processed.

However, the three aforementioned types of defenses are designed for indoor applications and they all rely on fixed base stations or specific hardware. They need an adaptation to be suitable for the highly mobile context of vehicular networks. The paper [13] proposed another solution rely on detection and localization of Sybil Nodes in VANETs. The motivation is to estimate a nodes position by analyzing its signal strength distribution between transmitted and received signals and then verify whether the estimated position is consistent with the claimed position. If they are too far from each other, this considered node is suspected as a Sybil attacker. The weakness of this approach is the fact that it is mostly based on several assumptions, which are not always realistic in practical VANETs.

In [9], the authors try to deal with the Sybil attack by public key cryptography. A Public Key Infrastructure for VANETs (VPKI) is proposed. The authors illustrate a complete solution to enhance communication security by addressing the key distribution and key revocation. The Sybil attack is always detected very early since each vehicle is authenticated correspondingly with its public key. Nonetheless, like any other cryptography-based approaches, the deployment of VPKI is a heavy and uncertain issue that must be tested to assess the possible utilization in reality. Timestamp series is another approach that relies on the prevention of Sybil attack and the protection of drivers’ privacy. This approach works well for an initial development stage of VANETs with the availability of the RSU infrastructure. The main idea is the fact that two vehicles rarely pass through a few different RSUs far apart from each other at the same time. The RSU issues digital timestamps to each vehicle that passes through it. A traffic message sent out by any vehicle, thus, contains several timestamps corresponding to the previous passed RSUs. Therefore, if multiple traffic messages consist of very similar series of timestamps, they might be suspected as Sybil messages original from a single vehicle. This approach is economic since it does not use computational expensive public key infrastructure (PKI) or Internet accessible RSUs. Fig. 5 illustrates the working scenario of timestamp series approach.

Fig. 5. Illustration of the timestamp series approach [12]

In [10], RobSAD (Robust method of Sybil Attack Detection) is proposed to detect Sybil attacks in the initial deployment stage of VANETs. The idea is based on the differences between the normal and abnormal motion trajectories of legitimate vehicles and malicious vehicles respectively. Under normal conditions, people drive vehicles at their own chosen speed, selected path, and keep a reasonable safe distance from other vehicles. Therefore, physical nodes will have different motion trajectories and they can move separately. In contrast, Sybil nodes normally have the same motion trajectories all the time. The similarity of Sybil nodes motion trajectories is unrealistic and unacceptable in real world. RobSAD supposes that in VANETs, authorized infrastructures (i.e., RSUs) can provide vehicles digital signatures along with timestamp ondemand or periodically. Helped by RSUs, each node can record these signatures and use them to draw signature vectors of neighbors. Then it compares and measures the differences from the neighboring nodes signature vectors to detect Sybil nodes independently. Thus, this is a very effective, unique, and robust approach with higher detection rate and lower system requirements. This is because each node does not require collaborating with neighboring nodes but can detect attacks independently by comparing digital signatures. This approach uses infrastructure only to broadcast the digital signatures along with timestamp to other vehicular nodes.

The work done in [13] assesses the role of some assumptions on Sybil attack detection’s success rate. In order to measure such a success rate, they evaluate the number of nodes that could be cheated from the sender’s points of view and receiver’s one. From the sender’s point of view, they evaluate the impact of transmission power tuning. From the receiver’s point of view, they characterize the impact of bi-directional antenna over omnidirectional antenna. To remain general, this assessment uniquely counts on reception signal strength and direction. Instead of using a propagation model to determine the precise location of a given node, they take into account a free space propagation model to compute the distance between transmitters and receivers. Their main purpose is to estimate the effects of assumptions and antennas in detecting Sybil attackers. Results demonstrate that Sybil attacks can be easily detected using bi-directional antennas in receiver’s side. Thus, the usage of multiple antennas is significant in VANETs.

4.2. Bogus Information and Bush telegraph

The attacker performing Bogus Information attack can be outsider (intruder) or insider (legitimate user). The idea is to transmit incorrect or bogus information in the network for personal advantage. For instance, an attacker may transmit a message announcing “Heavy traffic conditions” to the others in order to make its movement easier on the road.

Fig. 6. Bogus information attack [8]

Fig. 6 demonstrates an example of bogus information attack, colluding attackers (A and C) disseminate false information to affect the decisions of other vehicles (D) and thus clear the way of attacker E.

Bush telegraph is a developed form of the bogus information attack. The difference in this case is that the attacker possesses multiple entities spread over several wireless hops. It is worth mentioning that after receiving a packet, a hop checks the error. If the error is small enough to be considered within tolerance margins, this error could be tolerated and ignored. Abusing this vulnerability, a bush telegraph attacker appends incremental errors to the data at each hop. At each hop, the error is probably small enough to be tolerated and hence accepted by the neighbor. After passing several hops, the overall accumulation of these errors eventually yields to bogus information.

ECDSA (Elliptic Curve Digital Signature Algorithm) is named as one of the solutions for this kind of attacks. It is a message authentication scheme that uses hashing technique to keep messages more secured and provides strong authentication for the destination vehicles. Each vehicle consists of private key and public key. The public key is available to all vehicles in VANETs. Both the source and destination nodes are obligated to agree upon the elliptic curve domain parameters. ECDSA is actually a variant of DSA (Digital Signature Algorithm). The source vehicle hashes the message, encrypts it by using a secured hash algorithm and private key, and sends the message to the destination vehicle. At the destination, the message is decrypted using the public key, which is the hash of the message. This scheme is more secured on message authentications since hashing is a strong technique. Changes in messages will also change in the hash message, which makes it unique.

4.3. Impersonation Attack and Masquerade

In an ad hoc network, a node is free to move in and out. In VANETs, a host is uniquely identified by IP and MAC address. These measurements are not enough to authenticate senders. The attacker uses MAC and IP spoofing in order to get identity of other nodes and hide into the network. If there is no authentication process in order to make the network secure from malicious nodes, a malicious vehicle can send message on behalf of other vehicles to gain its own benefits or create chaos, traffic jam or accidents and hide itself. It is achieved by using masquerade identity and messages fabrication, alteration and replay. For example, a malicious node may impersonate an ambulance to request others for priority lane or demand nearby RSUs to change traffic lights to green. Thus, the message from an OBU has to be integrity-checked and authenticated before it can be relied on. Furthermore, privacy is recently another important issue. A driver has the right to prevent the disclosure of its driving routes that someone can reach by tracing messages sent by its OBU. Therefore, an anonymous communications protocol is needed. While being anonymous, a vehicles real identity should be able to be revealed by a trusted party when necessary. For instance, the driver must be incapable to escape by using an anonymous identity after sending out fake messages and causing an accident. That is the reason why this kind of privacy is called conditional privacy. The work done in [19], [20] proposes a scheme, called SPECS (Secure and Privacy Enhancing Communications Schemes), to ensure the security and privacy issues of V2V (Vehicle-To-Vehicle) communications and detect the impersonation attacks. This approach is based on the idea of IBV (Identity-Based Batch Verification) Scheme [21], which suffers from impersonation attack and cannot fulfill privacy requirements. To protect the identity of each vehicle it uses pseudo-identity and a shared secret key mi between a vehicle and RSU. The security scheme [3] works as follows:

To authenticate a vehicle with a nearby RSU, the scheme uses Public Key Infrastructure (PKI) and assumes that there is a trusted authority (TA) constantly online and trusted. A secure fixed network is dedicated for communications between RSUs and TA. To avoid bottleneck, redundant TAs with identical functionalities and databases are installed. It is worth noting that TA is the only authorized component knowing the real identity of vehicles.

Fig. 7. Initial handshaking

Fig. 7 illustrates an initial handshaking that is executed when a vehicle meets a new RSU. The vehicle authentication with the TA is performed via RSU. Then TA passes verification information to RSU. RSU then generates a shared secret key mi with the vehicle. If this is the first time that the vehicle authenticates itself with the TA, TA will also pass its master key s and a shared secret mi to the vehicle, via RSU of course. This only needs to be done once in the whole journey. For security reasons, s is not preloaded into any vehicle’s hardware. Each time the vehicle passes a new RSU, a new shared-secret key is generated. To generate the signature, vehicle uses the shared secret key and hash function with the signing key. As mi is only known by the vehicle, RSU and TA, attackers or other vehicles cannot generate the valid signing key to sign the message. RSU always verify the vehicle’s signature even if the vehicle uses pseudo identity to sign the message. Invalid signatures can be detected using a batch verification process by RSU. In IBV (Identity-Based Batch Verification), if any invalid signature is found using the batch verification process the whole batch is dropped. However, SPECS does not drop the whole batch; it uses binary search, divides the batch in two halves, and checks the invalidity on each half. If an attacker is found, it notifies other vehicles and repeats the process until the search reaches a predefined level or all signatures are validated. After verifying the signature, the RSU broadcasts the message to all vehicles without the hash value, which is stored into positive and negative bloom filters. Any vehicle that wants to know the validity of a received message will create the hash value and compare with the bloom filters hash value. A message is valid if the hash value of this message is found in the positive bloom filter. Otherwise, the message is considered as invalid.

4.4. Timing Attack

Safety applications are one of the most important and promising advantages of VANETs. However, they are time critical applications and require data transmissions from one vehicle to another vehicle at the right time. In timing attacks [11], when malicious vehicles receive a message, they do not forward it as normal but add some timeslots to the original message to create delay. Thus, neighboring vehicles of the attackers receive the message after they actually require or after the moment when they should receive that message.

Fig. 8. Timing attack

In Fig. 8, there was an accident between two cars A and B. Malicious car D was announced about this accident but it delayed to transmit the message to the others by adding some timeslots to the original message. F should receive this message soon to change the lane but because of the delay, it only received the message about accident when it has already reached the accident position (F’). There are also some other scenarios that are presented in [11] including both attacks to V2V communications and V2I communications.

In order to avoid timing attacks, data integrity verification is required to eliminate any timeslots that can be added to packets. TPM (Trusted Platform Module) is one of the major security approaches to maintain the integrity of message by using the strong cryptographic functioning modules. Together with two protocols, namely Privacy Certification Authority (PCA) and Direct Anonymous Attestation (DAA), TPM has proved its two main advantages: (1) -Secure piece of hardware with cryptographic capabilities and (2) – Abilities to protect and store data in shielded location.

4.5. Global Positioning System (GPS) Spoofing, Hidden vehicle and Tunnel Attack

In VANETs, a location table with the geographic locations and vehicles identities is a critical element that is maintained due to GPS satellite. Using the GPS satellite simulator to generate signals, that are stronger than those generated by the actual satellite system are, an attacker can produce false readings in the GPS to deceive vehicles to think that they are in a different location. Hidden vehicle is another concrete example of cheating with positioning information [8]. As Fig. 9 illustrates, the vehicle B deceives the vehicle A to believe that it is better placed (at B’) for forwarding the warning message, but then keep silence about the accident.

Fig. 9. Hidden vehicle attack [8]

Fig. 10. Tunnel attack [8]

Another attack concerning position information is Tunnel Attacks [8]. Because of the temporary disappearance of GPS signals in tunnels, an attacker is possible to inject false positioning information once the vehicle leaves the tunnel and before it receives an authentic position update, as Fig. 10 illustrates. This phenomenon happens with either a physical tunnel or an area jammed by the attacker, that leads to the same effects.

In order to deal with problems from these kinds of attacks, one idea emerging is the work depicted in [16] that was earlier presented as a solution for Sybil attack. However, the ability of this approach’s adaptation in VANETs is still a problematic issue.

4.6. Illusion Attack

In illusion attacks, the adversary deceives purposefully the sensors on his car to produce wrong sensor readings and thus incorrect traffic information. In consequence, the corresponding system reaction is invoked and then incorrect traffic warning messages are broadcasted to neighbors. Thus, illusion condition is successfully created. In general, drivers’ behaviors will depend on the traffic warning messages they have received. Caused by illusions, vehicles received the wrong traffic information will most likely change their driving behaviors, correspondingly. Hence, the attacker can cause accident, traffic jam and decrease the performance by invisibly manipulating network topology of the network.

Traditional message authentication and message integrity verification cannot totally defend against illusion attacks because the adversary directly manipulates and confuses the sensors on a vehicle to report false information. Plausibility Validation Network (PVN) [23] is a security model to secure VANETs against illusion attacks. PVN processes by collecting raw sensors’ data and verifying whether the collected data are plausible or not. Two types of inputs are taken into account: incoming data from antennas and data collected by sensors. An input data header will categorize the data. PVN has a rule database and data-checking module, which helps to check the validity of input data and take necessary action accordingly. A message is considered trustworthy if it passes all verifications. Otherwise, it is declared as an invalid message and dropped automatically. PVN has possibility of cooperation with various types of cryptography methods and defend against further attacks.

4.7. ID Disclosure

In this attack, a node in the network discloses the identity of neighbors, tracks the current location of a target node, and uses this data for a range of purposes (e.g., this is actually the way some car rental companies track their own cars). One of the most famous scenarios of ID Disclosure is as follow: A global observer sends a “virus” to some neighbors of the target node. Whenever attacked by the virus, these neighbors periodically report the ID and the locations of the target node. This attack violates the requirement concerning not only the authentication but also the privacy.

In [13], authors propose a holistic protocol for secure data transmission and detecting misbehaviors sent by the authorized users. In their proposed work, the vehicle should register with nearby Road Side Unit (RSU). In Registration phase, the user presents the user name and password to the RSU, then the RSU provides Registration ID to the user, which consists of license number and the vehicle registration number. Then RSU authenticates the vehicle by verifying the provided certificate. If the authentication is failed, the data/node will be blocked. This type of protocol is holistic protocol concerning the whole rather than the individual parts. It aim to provide authentication, integrity, availability, confidentiality, and non-repudiation properties for VANETs, thus, detect and prevent misbehaviors (e.g., virus).The main advantages in holistic protocol for secure data transmission in VANET are the less time consumption and the security assured for both outsider and insider attacks.

4.8. Denial of Service (DoS) and Distributed Denial of Service (DDos)

Denial of Service (DoS) [2], [3], [7] is always one of the most serious level attacks in every network. The scenarios to perform are very diverse. The main aim is to prevent the authentic users to access the network services. In DoS attacks, attackers may transmit dummy messages to jam the channel and thus, reduce the efficiency and performance of the network. A part of or the total network is no longer available to legitimate users. Fig. 11 indicates that a malicious black car forges a large number of fake identities and transmits a dummy message “Lane close ahead” to a legitimate car behind it and even to an RSU to create a jam in the network.

Fig. 11. Denial of Service (DoS) attack

The Distributed DoS (DDoS) is more severe than the DoS where a number of malicious cars attack on a legitimate car in a distributed manner from different locations and timeslots. Fig. 12 demonstrates that three malicious black cars attack on the car A from different locations and time so that A cannot communicate with the other vehicles.

Fig. 12. Distributed Denial of Service (DDoS) Attack

One of DoS attack solutions is based on the support of OBU (OnBoard Unit) that is equipped in vehicles. There is a processing unit that has the role to suggest to the OBU to switch channel, technology, or to use frequency hopping technique or multiple transceiver in the case of DoS attack. The work in [11] present a distributed and robust defense against DoS attacks where a malicious node forges a large number of fake identities, i.e., Internet Protocol (IP) addresses in order to disrupt the proper functioning of fair data transfer between two fast-moving vehicles. In the proposed approach, these fake identities are analyzed through the medium of the consistent existing IP address information. All the vehicles exchange frequently beacon packets to claim their presence and be aware of the neighbors. Each node periodically keeps and updates a record of its database by exchanging the information with the community. If a node detects in its record that there are some similar IP addresses, these identic IP addresses are likely evidences of a DoS attack. The authors developed a model for DoS prevention called IP-CHOCK that prove the significant strength in locating malicious nodes without the requirement of any secret information exchange or special hardware support. Simulation results depict an encouraging detection rate that will be even enhanced whenever optimal numbers of nodes are forged by the attackers.

4.9. Black Hole Attack

A black hole [2], [3], [5] is an area where the network traffic is redirected. However, either there is no node in that area or the nodes reside in that area refuse to participate in the network. In a black hole attack, a malicious node introduces itself for having the shortest path to the destination node and thus, cheats the routing protocol. Instead of taking a look on routing table firstly, this hostile node advertises rapidly that it has a fresh route for the route request. In consequence, attacker node wins the right of replying to the route request and thus it is able to intercept the data packet or retain it. When the forged route is successfully established, it depends on the malicious node whether to drop or forward the packets to wherever it wants.

Fig. 13 illustrates an example where the node A wants to send data packets to node F but does not know the route to F. Therefore, A initiates the route discovery process. As a malicious node, D claims that it has active route to F and pretends that it must be next-node if A wants to send packets to F. Depending on the routing protocol (e.g., Ad hoc On-demand Distance Vector (AODV) or Optimized Link State Routing (OLSR)), an attacker builds its own method to fits in the data routes.

Gray Hole attack is known as a variation of Black Hole attack, in which the malicious node misleads the network by agreeing to forward the packets but it sometimes drops them for a while and then switches to its normal behavior. It is very difficult to figure out such kind of attack.

Fig. 13. Black hole attack

Existing solutions to black hole attacks [39] consider designing protocols in which there are more than one route from the source to the destination, or conceptualizing a Real-time Intrusion Detection system that adopts specification-based detection technique as well as processes countermeasures to reduce the damage. However, these solutions might be suitable to MANETs rather than VANETs, because MANETs have several mobile nodes and higher end-to-end delay to find additional nodes or paths. Another solution is to use packet sequence numbers in a packet header so that if any packet is lost, the destination can simply identify it from the missing packet sequence number.

4.10. Wormhole Attack

Wormhole [2], [12] is a severe attack in VANETs and other ad hoc networks that could be considered as a variation of Black Hole attack. In this attack, two or more malicious nodes create a tunnel to transmit data packets from one end to the malicious node at the other end and these packets are broadcasted to the network. Owing to the nature of wireless transmission, a malicious node is capable creating a wormhole even for packets not addressed to it, simply by overhearing them in wireless environment and then tunneling them to the colluding node at the other end of the wormhole. The wormhole allows the attacker getting a very dominant role in comparison to other nodes, and it can exploit this position in a variety of ways, for example, to gain unauthorized access, disrupt routing, or perform a Denial of Service (DoS) attack, thus, threaten the security of transmitting data packets.

Review this student essay:

Name
Email
Rating
Comments (optional)

Latest student essay reviews:

About this essay:

This essay was submitted to us by a student in order to help you with your studies.

If you use part of this page in your own work, you need to provide a citation, as follows:

Essay Sauce, SECURITY ATTACKS AND SOLUTIONS IN VEHICULAR AD HOC NETWORKS. Available from:<http://www.essaysauce.com/information-technology-essays/security-attacks-and-solutions-in-vehicular-ad-hoc-networks/> [Accessed 10-12-18].