Securing Vehicular Ad-hoc Networks Against

Malicious Drivers: A Probabilistic Approach

Danda B. Rawat‡, Bhed B. Bista§, Gongjun Yan∗, and Michele C. Weigle†

‡Dept. of Electrical & Computer Engineering, Old Dominion University, Norfolk, VA, USA. Email: drawa001@odu.edu§Faculty of Software & Information Science, Iwate Prefectural University, Japan 020-0193. Email: bbb@iwate-pu.ac.jp

∗Department of NMIS, Indiana University Kokomo, Kokomo, IN, USA. Email: goyan@iuk.edu†Dept. of Computer Science, Old Dominion University, Norfolk, VA, USA. Email: mweigle@cs.odu.edu

Abstract—Future development of Intelligent Transporta-tion Systems (ITS) depends on Vehicular Ad-hoc NETworks(VANETs) in which communications will help to improve trafficsafety and efficiency through exchanging information amongvehicles. As each vehicle cannot be a source of all messagesin VANET, most communications depend on the informationreceived from other vehicles. To protect VANET from maliciousaction, each vehicle must be able to evaluate, decide and reactlocally on information received from other vehicles. Messageverification is more challenging in VANETs since the securityand privacy of the participating vehicles, in general, and of thedrivers and passengers specifically is of major concern. Eachvehicle needs to verify the accuracy of the message and needsto verify that the received message is from a legitimate vehicle.In this paper, we propose a new algorithm to secure vehicularcommunication with the help of trust measured for the givenperiod using a probabilistic approach. The proposed algorithmsecures VANETs against the untrustworthy drivers. The proposedalgorithm is illustrated through numerical results obtained fromsimulations.

Index Terms—Vehicular networks, securing vehicular ad hocnetworks (VANETs), trust in VANETs,

I. INTRODUCTION

Vehicular communications can be considered as single hop

or multi-hop vehicle-to-vehicle (V2V) communications and/or

vehicle-to-roadside (V2R) communications. In V2R commu-

nications, roadside infrastructure works as a relay unit where

the received message can be forwarded to specific locations

or broadcast to all locations. In such communications, the

information of participating vehicles can be stored locally for

different legitimate purposes such as tracking back the vehicle

if it performs some malicious actions for VANETs. Cellular

infrastructure or base stations can be used as roadside units,

however, the use of such infrastructure in VANETs results in

high delay as the message travels from the transmission vehicle

to the base station, and then from the base station to receiving

vehicles, which is not desirable for time sensitive messages

[1], [2]. Furthermore, in this scenario, it may take more than

10 seconds to get call admission for a vehicle with the base

station. An alternative solution is to install access points (APs)

across the roads as in wireless local area networks (WLANs).

However, this solution might not be economically feasible.

In V2V communications, each vehicle receives a message

from other vehicles in a single hop or multiple hops without

using a roadside unit. In this scenario, vehicles form the

communication network in an ad-hoc manner and form a

Vehicular Ad-hoc Network (VANET) since a vehicle or driver

joins (enter to a highway) and leaves (take exit from the

highway) the network as per driver’s desire. In this type

of scenario, it is almost impossible to keep track of every

one in the network by ensuring security and privacy of the

participating drivers.

VANET is regarded as a subset of Mobile Ad-hoc NETwork

(MANET) and has unique characteristics [1], [2] (virtually

infinite energy supply, high mobility and dynamic change

in network topology, etc.). Because of these unique charac-

teristics of VANETs, the solutions and protocols proposed

for MANETs might not be directly applicable to VANETs

without any amendment. In VANETs, it is assumed that

individual vehicles are equipped with DSRC enabled com-

puting (processing, recording, positioning features etc.) and

communication system. Furthermore, VANETs are expected

to utilize a variety of wireless communication technologies

for road safety and comfort as well as infotainment applica-

tions. VANETs basically depend on communication systems,

applications (safety, comfort), incident detection and sensing

systems, and drivers (human behaviors) as shown in Figure 1.

Human behavior heavily affects the network topology, whereas

sensing and communication systems determine the perfor-

mance of the overall system. Thus, the accuracy of the incident

detection/sensing system and the communication system to

exchange the information with neighboring vehicles is of vital

importance. It is also well known that security schemes heavily

depend on the wireless systems and technologies that are used.

In V2R-based vehicular communication, trustworthiness of

the message can be easily verified since the locally centralized

roadside unit can keep track of the participating vehicles and

the received messages. Then centralized unit can aggregate the

messages and broadcast it to the vehicles. However, as men-

tioned, the message dissemination from source to destination

might face higher delay, which is undesirable in VANETs for

time critical messages. Even with prioritization of messages

as in [3], [4] the system might not be able to satisfy the delay

requirement of time sensitive high priority messages such as

message related to an accident. The apparent solution, in order

to have timely dissemination of messages towards a destination

region, is V2V-based vehicular communication. In such V2V-

2011 International Conference on Complex, Intelligent, and Software Intensive Systems

978-0-7695-4373-4/11 $26.00 © 2011 IEEE

DOI 10.1109/CISIS.2011.30

146

VehicularCommunications

or

VANETs

Communication

Systems

and

Technology

VANETs

ApplicationsDriver's/Human

Behaviors

Incident

Detection

and

Sensing

Systems

Fig. 1. Basic VANET Components and Their Inter-dependencies

based vehicular communications, individual vehicles work as

a router, destination and source of the message. Therefore,

it is challenging for a vehicle to verify whether the recently

received message is legitimate or not. In order to address

security in VANET, there have been different approaches

proposed in the literature [5]–[8]. VANETs can be secured

using cryptographic algorithms and protocols. Usually a third

party, believed as a trust center, is involved in these protocols

for key distribution, message authentication and digital signa-

tures. However, such mechanisms are not attractive solutions

in terms of trust as well as economics. Therefore, in this

paper, we are interested to accomplish automatic detection

of malicious vehicle/driver in VANET to provide genuine

message in the network. It is noted that if a message is not a

legitimate one or not from a legitimate vehicle, the received

message can be discarded. The malicious driver can be alerted

by sending a warning message.

In this paper, we consider a probabilistic approach to mea-

sure the trust of the received message by making observations

for a given time interval to verify whether the received

message is from a legitimate vehicle or not. It is worth noting

that the received message might be from a near the roadside

intruder or a malicious driver on the road. Observing the

message over the given time interval will help verify the

validity of the message. We also note that making a decision

with a single instance of the message can be inaccurate,

resulting misleading communications.

The paper is structured as follows: we present related work

in Section II. In Section III, we present the problem statement.

Section IV deals with the proposed approach, followed by the

algorithm in Section V and simulation results in Section VI.

Finally, we conclude the paper in Section VII.

II. RELATED WORK

VANETs have attracted interest in both academia and indus-

tries [1], [2] such as Car to Car communication [9] as well as

projects such as NoW [10], PReVENT [11], ORBIT [12], and

PATH [13]. These works cover almost all aspects of vehicular

communications [1], [1].

VANETs are highly dynamic in nature because of the high

speeds of vehicles and the highly personal nature of informa-

tion sharing. Therefore, existing methods for wireless security,

trust and privacy might not be suitable in VANETs. Recent

works include [8], [14] for security in VANETs. However, in

order to implement the existing security and trust mechanisms

in VANETs, we need trust centers installed along the highways

as roadside units. This might lead to many questions such

as Who will be the owner? Is it trustworthy to all? Is

it cost effective? In [14], a cryptographic algorithm along

with position information has been considered to implement

security in VANETs.

In [15], the authors discussed privacy and proposed cen-

trally assigned digital pseudonyms. The authors in [16] have

proposed a method in which vehicles change their pseudonyms

in a certain region (where the many vehicles are within the

communication range) pointed by the system. This method

cannot work in the case when there are not a sufficient number

of vehicles. To overcome this, authors in [17] have proposed a

method which works based on self signed digital pseudonyms.

We note that most of the research and proposed solutions in

privacy and trust are mainly focused on the use of pseudonyms

and the algorithms for changing them. However, implementing

pseudonyms in VANET is challenging. Generally, VANET

security systems should protect the privacy of both drivers and

passengers [8], however it should be able to help establish the

liability of drivers. In such cases, trust is an important factor

while implementing privacy and security in VANET to prevent

a generic attack on the network. Verification of the message

received from other vehicles is required to protect the network

from malicious drivers. As we know vehicles are personal

devices and are owned for long time, it is required to protect

personal information from being disclosed to unauthorized

users for their privacy. A vehicle can collect messages from

any vehicle but the vehicle might not be able to verify whether

the message itself is legitimate one. It is worth noting that

the privacy level of VANETs after implementing wireless

communications should be at least the same level that is

obtained without implementing wireless communications [18].

Specific privacy threats in VANETs include: tracking a specific

vehicle, cheating with information, and so on. The general

principle of privacy in VANETs is to protect the participating

drivers/vehicles against the non-authorized users. However

information should be discloseable to authorized parties.

As mentioned, trust provides VANET security. Thus, trust

establishment and maintenance for fixed infrastructure based

wireless communication networks, such as cellular systems

and Internet, requires a lengthy process but it is assumed to

be validated for a long time. For such infrastructure based

wireless systems, assuming that base stations in cellular sys-

tems or access points in WLAN trust are trustworthy, existing

approaches to trust management can be applied with minor

modification. In contrast, the frequently changing topology

and network life-time in VANETs make trust management

a challenging problem and requires considerable attention.

Therefore, we focus on trust establishment in VANETs. When

vehicles are within the communicating range with others, they

start to interact with each other. In VANETs, each vehicle may

147

not be able to detect an incident since a vehicle might be

looking for traffic updates which might be miles away from

the incident area. In such a scenario, a vehicle has to rely on

the information received from other vehicles. Without having

proper mechanism for trust management, communication in

VANET might be prone to security threats.

Our research work in this paper checks the trustworthiness

of the received message by observing the received message

from a given vehicle over a given time interval and determine

corresponding suspicion level and trust level for a given

vehicle where the identity of drivers/vehicles are unknown. By

looking at the suspicion or trust level of the given vehicle for

given time period, one can easily decide whether the received

message is legitimate or not. It is important to note again that

the decision made based on a single instance might not be fair

enough to measure the validity of the received message.

III. PROBLEM STATEMENT FOR TRUSTWORTHY

In ad-hoc based V2V communications, as each vehicle

works as a router and a destination for the received message,

it is important to verify the integrity and legitimacy of the

received message. Observing the single activity of message

transmission by a vehicle might not be enough to treat it

as malicious. Thus in order to have secure communication

in VANET, where message integrity is ensured with the help

of some automatic methods where the actual identity of the

participating vehicles are not used or unknown. This method

should also ensure the privacy and/or security of drivers while

securing the VANETs.

IV. PROPOSED APPROACH

We use the following analysis for malicious driver detection

and to determine the trustworthiness of the received message

based on suspicion and trust levels.

We consider that Xi(t) is the message transmitted by a

vehicle i in a VANET at time slot t. We use attack probability

(pa) which tells us how strong the attack is, which implies

the willingness of a vehicle being an attacker in VANET. A

given vehicle i will attack the VANET with probability pa by

sending manipulated information Xi(t)± � with the � amount

of extra or less amount of message with pa probability. It is

worth noting that the message Xi(t)± � results in false alarm

resulting in a decrease in trust of VANETs.

Basically, for the transmitted message Xi(t), the received

signal without any modification over the network is given by

ℋ0 : yi(t) = Xi(t)± � + wi(t)ℋ1 : yi(t) = Xi(t) + wi(t)

(1)

where ℋ0 and ℋ1, respectively, represent the manipulated and

non-manipulated/original messages, and wi(t) is the additive

white Gaussian noise (AWGN) that corrupts the received

signal.

In this section, a novel method is presented to detect a

malicious driver based on the received messages over a given

time interval and measure the trustworthiness of the given

vehicle using a probabilistic approach. It is noted that in

the VANET scenario where no malicious drivers are present,

it is not required to use the proposed method and secure

VANET against malicious drivers since the method might

introduce computation overhead in the network. However,

we consider that there is at least one malicious driver in a

VANET among N participating vehicles for given geographic

location and individual vehicle interact and communicate with

each other to get upcoming traffic updates using suitable

wireless communication technologies. It is also noted that

many communicating vehicles will be sending the copies

of the message for comparison. In this context, legitimate

vehicles will send the original messages whereas the malicious

vehicles will send manipulated messages. Comparing copies of

the received messages, individual vehicle can identify whether

they receive the message ℋ0 or ℋ1. Then, we define the

suspicion level of a vehicle/driver i as

�i(t) ≡ P (Ti = M ∣Ot) (2)

where Ti is the type of driver that could be Malicious (M) or

Honest (H), and Ot is the observation collected for the interval

[1, t]. It is noted that if t is high then more messages will be

used to calculate the suspicion level of the given vehicle.

Then, using Bayesian criterion, the suspicion level of a

vehicle/driver i can be written as

�i(t) =P (Ot∣Ti = M)P (Ti = M)

∑N

m=1 P (Ot∣Tm = M)P (Tm = M)(3)

Without loss of generality, we consider that any vehicle can

be malicious with probability P (Ti = M) = �. Then the

equation (3) is expressed as

�i(t) =P (Ot∣Ti = M)

∑N

m=1 P (Ot∣Tm = M)(4)

Now, we can write

P (Ot∣Ti = M) =

= P (X(�)∣Ti = M,O�−1)P (O�−1∣Ti = M, )

=...

=t∏

�=1

P (X(�)∣Ti = M,O�−1)

=t∏

�=1

⎡

⎣

N∏

j=1,j ∕=i

P (Xj(�)∣Tj = H)

⎤

⎦P (Xi(�)∣O�−1)

︸ ︷︷ ︸

�i(�)

=

t∏

�=1

�i(�)

(5)

Equation (5) represents the probability of reports at time slot

t conditioned that node i is malicious.

148

Again it is noted that the driver with Xi(t) information

can transmit the same information if it is not malicious (or

genuine) or transmit with some extra or less information

Xi(t)± � if it is malicious.

Using equation (3) and (5), the suspicion level �i(t) of the

vehicle/driver i can be written as

�i(t) =

t∏

�=1

�i(�)

N∑

j=1

t∏

�=1

�j(�)

(6)

It is worth noting that the suspicion level and trust level of

a driver are regarded as complement/opposite characteristics,

thus the trust level �̂i(t) of a vehicle/driver i can be computed

from its suspicion level �i(t) as

�̂i(t) = 1− �i(t) (7)

This value gives the trust level of a participating vehicle/driver

i. It is important to note that the vehicle with trust level closer

to 1 is the legitimate one whereas the vehicle with trust level

closer to 0 (or less than certain threshold value) is malicious.

V. THE ALGORITHM

Based on the analysis presented above, the algorithm is

stated in Algorithm 1.

Algorithm 1 Malicious Driver Detection

1: Input: receive messages from N participating vehicles

over the observation period t, and take an initial threshold

value �T

2: repeat

3: compute trust values {�̂i(t)}Ni=1

4: for each vehicle i do

5: if �̂i(t) < �T then

6: vehicle/driver i is untrustworthy so the message from

the vehicle i is removed from further consideration

to transmit to other vehicles.

7: else

8: vehicle/driver i is trustworthy so the message from

vehicle i is accepted, and will be considered for

further transmission to other vehicles.

9: end if

10: end for

11: until message is received from other vehicles

12: Output: Trust level of vehicle/driver i and trustworthy

message of driver i.

It is worth noting that the threshold value �T will be

changing on the fly based on its history at each vehicle. The

typical initial value of the threshold is equal to 0.5, that is,

�T = 0.5.

VI. SIMULATION AND PERFORMANCE EVALUATION

In order to corroborate our theoretical findings, we have

performed extensive simulations. We consider a Gaussian

noise for SNR levels.

We have considered the VANET scenario where the ve-

hicles are moving on a road segment of 10 miles with a

4 lane highway. The rate of vehicles entering the road is

1 vehicle/sec/lane. Vehicles transmit some information to other

vehicles so that one can easily identify whether the vehicle

is performing as a trustworthy one or not. We note that

each vehicles run Algorithm 1 to measure the trust level

and to validate the messages. All vehicles are assumed to be

equipped with communication and computing equipment so

that they can communicate with their neighboring vehicles.

Specifically, as the given vehicle receives a regular messages

from other vehicles, it computes the trust level for the message

transmitting vehicle and validates the message based on the

trust level by comparing with given threshold value.

In the first experiment, we have performed simulations to

find the received power level for a given transmit power level

and the distances used in DSRC enabled vehicles using signal

propagation models presented in [19]. We also note that with

the help of speed limit information, we incorporate attenuation

factors during received power calculations. That is, high speed

limit implies that the road is rural and low/city speed limit

implies that the communicating environment is urban/city. It is

worth noting that this speed limit information can be obtained

with the help of positioning system such as GPS, GALILEO

or GLONASS. All vehicles use transmission power within

the range proposed for DSRC standard [20], [21] (that is

maximum transmit power 35dBw corresponds to maximum

transmission range 1000m). Figure 2 shows the variation

of received power for different SNRs and distance between

transmitter and receiver vehicles. As expected the received

power fluctuation is higher in the case of low SNR value than

that with high SNRs. Furthermore, as it is expected, with the

increasing distance, the received power level decreases.

In the second experiment, calculated trust levels are used

for given vehicles based on the received messages for different

SNR values. We consider that some vehicles act as malicious

by changing some information with � amount while they

transmit the message to other vehicles. We have considered

that there will be at least one malicious driver in the system.

We first look at the trustworthiness of a vehicle for different

SNR values. With an increasing SNR value, the corresponding

trustworthiness value increases as shown in Figure 3. If the

trustworthiness value is 1, a vehicle can conclude that it

is communicating with a trustworthy vehicle. Furthermore,

because of the interference and noise, even if the trust level is

approximately equal to 1 or greater than the given threshold

value �T , a vehicle can think of communicating with a

legitimate vehicle. We also plot the trust levels of genuine and

malicious drivers for different SNR values shown in Figure 3.

We note that the trust levels for trustworthy drivers increases

with increasing SNR values and reaches to 1. However, the

149

0100

200300

400500

600700

800900

1000

−5

0

5

10

15

20

25

30

−100

−60

−20

20

60

100

Distance (m)SNR (dB)

Receive power (dBm)

Fig. 2. Variation of received signal power for different SNRs and distancesbetween transmitter and receiver vehicles.

−5 0 5 10 15 20 25 300.3

0.4

0.5

0.6

0.7

0.8

0.9

1

SNR (dB)

Trust level

Trust levels of malicious drivers/vehicles

Trust levels of genuine drivers/vehicles

Fig. 3. Trust levels of genuine and malicious drivers for different SNR values

trust levels for untrustworthy drivers remains below 0.5 for

all SNR values and are constant even for high SNR values

(10dB − 30dB) as shown in Figure 3. It can be observed than

one can use threshold �T = 0.5 or can adapt according to the

operating environment.

Figure 4 shows the Receiver Operating Characteristics

(ROC) curves, which is a plot of true positive rate versus the

false positive rate. By looking at the ROC in Figure 4, we note

that the performance of VANETs degrades significantly even

when there are less malicious drivers than the genuine drivers

in vehicular communications.

It is important to note that the trust level based on a single

instance of a received message might mislead the decision.

Thus, we have considered the decision based on an observation

0 0.2 0.4 0.6 0.8 1

0.82

0.84

0.86

0.88

0.9

0.92

0.94

0.96

0.98

1

Probability of false alarm

Probability of detection

N=200 with no attacker

N=150 with no attacker

N= 100 with no attacker

N=100 with 20 attackers

Fig. 4. ROC curves for different scenarios for pa = 75% in false alarmattack environment.

period which incorporates the temporary history of the drivers.

As the observation time increases, the decision will be more

accurate however the time needed to make the decision will

be high which might not be suitable. There should be some

trade-off between the observation time and the time needed to

report the decision.

It is also noted that a given vehicle can make a correct

decision as expected when there are a smaller number of

malicious drivers present. Furthermore the correct decision

will be easy for higher SNR values.

We conclude this section by noting that using a probabilistic

approach to measure the trust level, VANETs can be secured

against malicious drivers from possible changes in message

and thus we can have safer driving.

VII. CONCLUSION

In this paper we have proposed a method to determine the

trust levels of the communicating drivers and check the validity

of received messages. Information dissemination in VANETs

depends on the message received from other participating

vehicles and thus each vehicle needs to verify the accuracy

of the message and that the message comes from a legitimate

vehicle. Based on the trust level, which uses probabilistic

approach for a given observation period, a vehicle can judge

the received message and decide whether the message will

be considered for further transmission or not. As noted, trust,

privacy, and security in VANETs for future development of

intelligent transportation systems are of vital importance. This

paper has provided a mechanism to measure the trustworthy

levels of participating vehicles. We also found that for high

SNR values the trust level is high for genuine vehicles/drivers,

however the trust level is low for malicious drivers. We have

presented the simulation results to support our theoretical

claims.

150

REFERENCES

[1] D. B. Rawat and G. Yan, Infrastructures in Vehicular Communications:

Status, Challenges and Perspectives. Dr. M. Watfa, Eds. IGI Global,2010.

[2] S. Olariu and M. C. Weigle, Eds., Vehicular Networks: From Theory

to Practice. CRC Press / Taylor & Francis, March 2009.[3] D. B. Rawat, D. C. Popescu, G. Yan, and S. Olariu, “Enhancing VANET

Performance by Joint Adaptation of Transmission Power and ContentionWindow Size,” 2011, in press.

[4] D. B. Rawat, G. Yan, D. C. Popescu, M. C. Weigle, and S. Olariu, “Dy-namic adaptation of joint transmission power and contention window inVANET,” in Proceedings of the IEEE Vehicular Technology Conference

- Fall, Anchorage, Alaska, September 2009, pp. 1–5.[5] M. Raya, P. Papadimitratos, J. Hubaux, and E. de Lausanne, “Securing

Vehicular Communications,” IEEE Wireless Communications, vol. 13,no. 5, pp. 8–15, 2006.

[6] P. Papadimitratos, V. Gligor, and J. Hubaux, “Securing VehicularCommunications-Assumptions, Requirements, and Principles,” in Work-

shop on Embedded Security in Cars (ESCAR), vol. 2006, 2006.[7] M. Gerlach, A. Festag, T. Leinmuller, G. Goldacker, and C. Harsch,

“Security Architecture for Vehicular Communication,” 2nd International

Workshop on Intelligent Transportation – WIT 2005, 2005.[8] M. Raya and J.-P. Hubaux, “The Security of Vehicular Ad hoc Net-

works—,” in SASN ’05: Proceedings of the 3rd ACM workshop on

Security of ad hoc and sensor networks. New York, NY, USA: ACM,2005, pp. 11–21.

[9] “ Car to Car Communication Consortium (C2CCC). http://www.car-to-car.org ,” 2011.

[10] “ Network on Wheels (NoW). http://www.network-on-wheels.de ,” 2011.[11] “ PREVENT project. http://www.prevent-ip.org ,” 2011.[12] “ DISCO Lab. http://discolab.rutgers.edu/traffic ,” 2011.[13] “ California Partners for Advanced Transit and Highways (PATH).

http://www.path.berkeley.edu ,” 2011.[14] G. Yan, S. Olariu, and M. Weigle, “Providing VANET security through

active position detection,” Computer Communications, vol. 31, no. 12,pp. 2883–2897, 2008.

[15] F. Dotzer, “Privacy Issues in Vehicular Ad hoc Networks,” in Privacy

Enhancing Technologies, 2005, pp. 197–209.[16] A. R. Beresford and F. Stajano, “Mix Zones: User Privacy in Location-

aware Services,” in PERCOMW 2004, Washington, DC, USA, 2004, p.127.

[17] P. Golle, D. Greene, and J. Staddon, “Detecting and Correcting Mali-cious Data in VANETs,” in Vehicular Ad hoc Network 2004 –VANET’04,New York, NY, USA, 2004, pp. 29–37.

[18] J. Serna, J. Luna, and M. Medina, “Geolocation-Based Trust for Vanet’sPrivacy,” in Fourth International Conference on Information Assurance

and Security, 2008. ISIAS’08, 2008, pp. 287–290.[19] T. Rappaport, Wireless Communications: Principles and Practice. Pren-

tice Hall PTR New Jersey, 2002.[20] R. Sengupta and Q. Xu, “DSRC for Safety Systems,” vol. 10, no. 4.

California PATH – Partners for Advanced Transit and Highways, 2004,pp. 2–5.

[21] “ Vehicle Safety Communications Project Task 3 Final Report: IdentifyIntelligent Vehicle Safety Applications Enabled by DSRC,” VehicleSafety Communications Consortium consisting of BMW, Daimler-Chrysler, Ford, GM, Nissian, Toyota, and VW.

151