[ieee 2012 6th international conference on signal processing and communication systems (icspcs 2012)...
TRANSCRIPT
Survey on Security Attacks in Vehicular Ad hoc
Networks (VANETs)
Mohammed Saeed Al-kahtani
Computer Engineering Dept., Salman bin Abdulaziz University, Saudi Arabia
Abstract Vehicular Ad hoc Networks (VANETs) are
emerging mobile ad hoc network technologies incorporating
mobile routing protocols for inter-vehicle data communications
to support intelligent transportation systems. Among others
security and privacy are major research concerns in VANETs
due to the frequent vehicles movement, time critical response
and hybrid architecture of VANETs that make them different
than other Ad hoc networks. Thus, designing security
mechanisms to authenticate and validate transmitted message
among vehicles and remove adversaries from the network are
significantly important in VANETs. This paper presents
several existing security attacks and approaches to defend
against them, and discusses possible future security attacks
with critical analysis and future research possibilities.
Keywords: Vehicular Ad hoc Networks (VANET); Security;
Privacy; Road Side Unit; On-board Unit; Wormhole; Sybil;
Certificate; Masquerade; Black hole etc.
I. INTRODUCTION
Recently, Vehicular Ad hoc Networks (VANETs) have
achieved widespread applicability in different application
domains related to transportation systems such as providing
public safety and assistance, driving improvement, toll
collection, roadside service finders, traffic monitoring and
control, highway Internet access and enhancing safety and
efficiency of highway systems. VANETs are also known as
Wireless Access in Vehicular Environment (WAVE) [13]
that supports Intelligent Transportation Systems (ITS) [3]
through Dedicated Short-Range Communication (DSRC).
Figure 1 illustrates the architecture of a VANET.
In VANETs, there are two types of communications: (1)
vehicle to vehicle (V2V) and (2) vehicle to infrastructure
(V2I). Vehicles have On Board Units (OBUs), which consist
of Omni directional antennas, processors, GPS unit, and
sensors for V2V communications. Vehicles also perform
V2I communications with roadside infrastructures, which
are placed within a fixed distance of each other depending
upon the communication range of the roadside devices, also
known as Road Side Units (RSUs). RSUs communicate each
other through wireless medium or wired connections. They
can also be mobile. The V2I communications can be further
extended to provide applications such as Internet since RSUs
can be connected to a network. The V2V communications
can be used to send emergency and real-time information
such as an accident or road traffic information so that other
vehicles can take alternative routes to prevent traffic
congestions.
RSU
DSRC
Cellular
Base station
Vehicle
3G, WiMAX
Internet
Internet
V2V
V2I
Figure 1: Vehicular Ad hoc Networks (VANETs)
Since VANETs support emergency real-time
applications and also deal with life critical information they
should follow the security requirements such as privacy,
confidentiality, integrity, and non-repudiation to provide
secured communications against attackers, and malicious
nodes. Various security attacks such as Denial of Service
(DOS) [17], Sybil attack [6, 9, 12], Wormhole attack [19,
23], Illution attack [14] and Purposeful attack [16] not only
affect the privacy of the drivers and vehicles but also
compromise traffic safety and eventually lead to loss of life.
Hence, extensive researches are being conducted to provide
security in VANETs. The main purpose of providing the
security and privacy in VANETs is based on the fact that at
no point during the communication in VANETs the true
identity of the drivers should be exposed since adversaries
may use this information for launching attacks with false
identities and never get caught. However, vehicles and
drivers have to disclose their identities to RSUs to
978-1-4673-2393-2/12/$31.00 ©2012 IEEE
communicate with them. Hence, the security and privacy
issues must be handled carefully so that the adversaries
cannot misuse them.
In this paper, we present several security and privacy
attacks in VANETs with their defending mechanisms, and
classify these mechanisms. Thus, the main contributions of
this paper are to (i) identify different security attacks, (ii)
present, classify and compare their defending mechanism in
VANETs (iii) identify future possibilities in this area.
The remainder of this paper is organized as follows.
Section II presents different security attributes and types of
malicious nodes in VANETs. In Section III, we present
security attacks and their defending mechanisms with
examples. In Section IV, we classify the security and privacy
approaches of VANETs. Section VI concludes the paper
with discussion, and some future research ideas.
II. SECURITY ATTRIBUTES
In the following subsections, we present security
attributes in Vehicular Ad hoc Networks (VANETs) and
types of malicious vehicles.
A. Security Attributes
There are several important requirements to achieve
security in VANETs, which are discussed as follows. [17].
Authentication: Vehicles should respond only to the
messages transmitted by legitimate members of the network.
Thus, it is very important to authenticate the sender of a
message.
Data Verification: Once the sender vehicle is authenticated
the receiving vehicle performs data verifications to check
whether the message contains the correct or corrupted data.
Availability: The network should be available even if it is
under an attack using alternative mechanisms without
affecting its performance.
Road Clear
Malicious Car
Traffic Jam AheadBC D
.
Figure 2: Data Integrity
Data Integrity: It ensures that data or messages are not
altered by attackers. Otherwise, users are directly affected by
the altered emergency data. For example, if a vehicle B
sends a message to a malicious vehicle C and
C this
message to a legitimate vehicle D, it (D) will be affected by
this message since D will change the road and be in trouble
later on. Figure 2 demonstrates such a scenario of data
integrity.
Non-repudiation: A sender must not deny a message
transmission whenever an investigation or identity of a
vehicle is required.
Privacy: The profile or a driver personal information must
be maintained against unauthorized access.
Real-time constraints: Since vehicles are connected to
VANETs for a short duration, real-time constraints should
be maintained.
B. Types of Malicious Vehicles
In VANETs, malicious vehicles launch attacks on
legitimate vehicles in several ways. Thus, malicious or
attacker vehicles are classified as follows.
Insiders Vs Outsiders
In a network, a member node who can communicate
with other members of the network is known as an Insider
and can attack in various ways. Outsiders who cannot
communicate directly with the members of the network have
a limited capacity to attack (i.e., have less variety of attacks).
Malicious Vs Rational
A malicious attacker uses various methods to damage
the member nodes and the network without looking for its
personal benefit. On the contrary, a rational attacker expects
personal benefit from the attacks. Thus, these attacks are
more predictable and follow some patterns.
Active Vs Passive
An active attacker can generate new packets to damage
the network whereas a passive attacker only eavesdrop the
wireless channel but cannot generate new packets (i.e., less
harmful).
III. SECURITY ATTACKS AND APPROACES
In this section, we present several security attacks on
Vehicular Ad hoc Networks (VANETs), and defending
mechanisms of some of these attacks [7, 9, 17, 19, 20, 24].
Bogus Information
Attackers may transmit incorrect or bogus information
in the network for their advantage. For instance, an attacker
may transmit wrong information about the traffic conditions
in order to make its movement easier on the road. This
attack is related to the authentication security requirements.
Elliptic Curve Digital Signature Algorithm (ECDSA)
[16] is a message authentication scheme that uses hashing
technique to keep messages more secured and provides
strong authentication for the destination vehicles. This
scheme works by generating public and private keys from
the source vehicle. This public key is available to all
vehicles in VANETs. The source vehicle hashes the message
and encrypts it using a secured hash algorithm and private
key and sends the message to the destination vehicle. At the
destination, the message is decrypted using the public key,
which is the hash of the message. This scheme is more
secured on message authentications since hashing is a strong
technique. Changes in messages will also change in the hash
message, which makes it unique.
Denial of Service (DoS)
Attackers may transmit dummy messages to jam the
channel and thus, reduce the efficiency and performance of
the network. Figure 3 illustrates that a malicious black car
transmits a
legitimate car behind it and also to an RSU to create a jam in
the network. The Distributed DoS (DDoS) is more severe
than the DoS where a number of malicious cars attack on a
legitimate car in distributed manner from different locations
and timeslots. Figure 4 demonstrates that a number of
malicious black cars attack on V1 from different locations
and time so that V1 cannot communicate with other
vehicles.
RSU
Vehicle
Lane Close
Ahead
Lane Close
Ahead
Malicious Car
Figure 3: Denial of Service (DOS) Attack
RSU
Lane Close Ahead
Lane Close Ahead
Malicious
Car
Accident Ahead
V1
Figure 4: Distributed Denial of Service (DDoS) Attack
Masquerade
A vehicle fakes its identity and pretends to be another
vehicle for its own advantage. It is achieved using message
fabrication, alteration, and replay. For instance, a malicious
vehicle or attacker can pretend to be an ambulance to
defraud other vehicles to slow down and yield.
Black Hole Attack
A black hole is an area of the network where the
network traffic is redirected. However, either there is no
node in that area or the nodes reside in that area refuse to
participate in the network. This causes data packets to be
lost. Figure 5 illustrates a black hole attack where the black
hole is formed by a number of malicious nodes, which
refuses to transmit the messages received from the legitimate
cars C and D to the cars E and F.
RSU
Malicious Car
Accident Ahead
Black Box
RSU
C
D
E
F
Figure 5: Black hole attack
Existing solutions to black hole attacks consider
designing protocols having more than one route to the
destination, which imposes processing overload to the
network. Moreover, this solution might be suitable to
MANETs rather than VANETs, which has several mobile
nodes and higher end-to-end delay to find additional nodes
or paths. Another solution could use packet sequence
numbers in a packet header so that if any packet is lost the
destination can identify from the missing packet sequence
number.
Malware and Spam
Malware and spam attacks, such as viruses and spam
can cause serious disruptions in the normal VANETs
operations. Malware and spam attacks are normally
executed by malicious insiders rather than outsiders
whenever on board units (OBU) of vehicles and road side
units (RSUs) perform software updates. These attacks
increase transmission latency, which can be alleviated by
using a centralized administration.
Timing Attack
Transmitting data at the right time from one vehicle to
another vehicle is significantly important to achieve data
integrity and security. In timing attacks, whenever malicious
vehicles receive any emergency message they do not
forward it to the neighboring vehicles at the right time but
they add some timeslots to the original message to create
delay. Thus, neighboring vehicles of the attackers receive
the message after they actually require it. Figure 6 illustrates
that whenever the malicious black vehicle receives the
it to the
vehicle whenever it is at the right position F but transmits by
adding some timeslots so that whenever the vehicle receives
the message it is on the spot F1 where the accident has
happened.
Malicious Car
Accident AheadC
D
E
FF1
Figure 6: Timing Attack
Global Positioning System (GPS) Spoofing
The GPS satellite maintains a location table with the
geographic location and vehicles identity in the network. An
attacker can produce false readings in the GPS positioning
system to deceive vehicles to think that they are in a
different location. The attackers use the GPS satellite
simulator to generate signals that are stronger than those
generated by the actual satellite system.
Man in the Middle Attack (MiMA)
In this attack, malicious vehicles listen to the
communication among vehicles and inject false information
between vehicles. Figure 7 demonstrates a MiMA attack
where the malicious vehicle C listens to the communication
between vehicles B and D as well as sends wrong
information to the vehicle E that C receives from the vehicle
A.
Lane Close
Ahead
Malicious Car
A
B
C
D
E
F
Figure 7: Man-in-the-Middle Attack
Sybil Attack
In Sybil attack [4, 25], an attacker generates multiple
identities to simulate multiple nodes. Each node transmits
messages with multiple identities. Thus, other vehicles
realize that there are many vehicles in the network at the
same time. This attack is very dangerous since a vehicle can
claim to be in different positions at the same time, thereby
creating chaos and huge security risks in the network.
Sybil attacks can be detected through resource testing [7,
20]. This approach assumes that all physical entities are
limited to some resources. The work done in [7] uses
computational PUZZLES to test computational resources of
each node. However, this technique is not appropriate for
VANETs [20] since an attacker node can have more
computational resources than an ordinary node. Thus, radio
resource testing [20] is used to eliminate this problem.
Sybil attacks can be eliminated using public key
cryptography [18] where each vehicle is authenticated using
public keys. Key revocation is another approach that reduces
the influence of Sybil attacks detected in wireless sensor
networks [2, 22] using a predefined propagation model. This
model measures the distance of a node through RSSI
approach, where the differences of the signal strength
between transmitted and received signals is used and
matched with claimed position. If the claimed
position is too far from the evaluated distance this node is
suspected as a Sybil attacker.
However, these approaches are mostly based on several
assumptions, which are not realistic to reduce the Sybil
attacks in VANETs. The work done in [9] tries to find a
success rate of Sybil attacks based on the assumptions of
transmission power or antenna. To measure the success they
evaluate the number of cheated nodes from the sender and
receiver s points of view. From the sender points of view
they evaluate the sender s transmission power tuning and
from receiver s points of view they calculate the impact of
using bi-directional antennas over Omni-directional
antennas. They only consider the receipt signal strength and
directions. They do not consider any special propagation
model to compute the location of a node but only use a free
space propagation model to calculate the distance between
transmitters and receivers. Their main purpose of this work
is to estimate the effects of assumptions and antennas to
detect Sybil attackers. They have shown that Sybil attacks
can be detected easily using bi-directional antennas in
receiver side. Thus, the usage of more antennas is
significant in VANETs.
RSU1
Curren
t
Tim
estam
p
Init
ial
Req
ues
t
RSU2
Req
uest
from
prev
ious
carAggre
gat
edT
imes
tam
p
Vehicle 2Vehicle 1
Figure 8: Timestamp series approach
Timestamp series approach is another approach to
secure VANETs from Sybil attacks [25]. This approach
works well for an initial development stage of VANETs with
the availability of the RSU infrastructure and only a small
number of vehicles with communication capabilities. The
RSU issues digital certificates to each vehicle that passes
through it and assumes that two vehicles cannot pass
multiple RSUs at the same time. Thus, a Sybil attacker node
is detected if a vehicle receives multiple messages with the
very similar timestamp certificates. This approach is also
economic since it does not use computational expensive
public key infrastructure (PKI) or Internet accessible RSUs.
Figure 8 illustrates the working scenario of timestamp series
approach.
RobSAD [5] is another approach that detects Sybil
attacks in the initial deployment stage of VANETs. The
method is based on the differences between the normal and
abnormal motion trajectories of vehicles. Each node can
detect attacks independently with the little support from
RSUs. In VANETs, authorized infrastructures (i.e., RSUs)
can provide vehicles digital signatures along with timestamp
on-demand or periodically. Each node can record these
signatures and use to compare and measure the differences
from the neighboring nodes signature vectors to detect Sybil
nodes independently. Thus, this is a very effective, unique
and robust approach with higher detection rate and lower
system requirements. This is because each node does not
require collaborating with neighboring nodes but can detect
attacks independently by comparing digital signatures. This
approach uses infrastructure only to broadcast the digital
signatures along with timestamp to other vehicular nodes.
Wormhole Attack
Wormhole is a severe attack in VANETS and other ad
hoc networks. In this attack, two or more malicious nodes
create a tunnel to transmit data packets from one end of the
network to the malicious node at the other end and these
packets are broadcasted to the network. The malicious nodes
take the control of such a short network connection or link,
threaten the security of transmitting data packets and delete
them.
Malicious Car
Tunnel
Listen privacy information and
transmit through tunnelMalicious Car
Figure 9: Wormhole Attack
Wormhole attacks disrupt the multicast and broadcast
operations for transmitting messages tin VANETS as well
as in on-demand routing protocols such as AODV or DSR.
The AODV protocol does not use any authentication and
protection mechanisms for routing packets and thus, is
affected by wormhole attacks. The malicious nodes or
wormholes can gain unauthorized access to perform Denial
of Service (DoS) attacks. Figure 9 illustrates a wormhole
attack where black malicious cars at two end of the network
form a tunnel to transmit confidential information.
Packet leash [12] is a well known approach to prevent
wormhole attacks. For instance, TIK is a packet leashes-
based protocol for detecting and defending against
wormhole attacks. Temporal leashes ensure that each
packet has an upper bound of distance to travel (which is at
most at the speed of light). All nodes are tightly
synchronized with a clock and the clock difference between
any two nodes is known by all other nodes in the network.
The TIK protocol uses asymmetric cryptography to provide
an instant authentication of the received packets where it
uses n public keys for n nodes and hash functions for
keeping up-to-date keys information and received packets.
An attack is detected by calculating the differences between
the packet travel distance and allowed distance to travel.
An efficient approach called, HEAP [33], which is an
improvement of previously proposed packet leashes method,
used to detect the wormhole attacks in the AODV routing
protocol of VANETs, which is more secure and has low
overhead. Instead of using local leashes the HEAP uses
geographical leashes, which is more effective to detect
malicious nodes. However, geographical leaches limit the
packets travel distance. To eliminate this problem, HEAP
assumes that packets should be dropped whenever their
travel distances are more than the value claimed. Otherwise,
the packets are accepted.
Illusion Attack
It is a new security threat on VANETs where an
adversary broadcasts the traffic warning messages based on
the current road condition, which produces illusion to
vehicles at their neighborhood. It can spread the illusion
largely de
responses, which can cause the traffic jam, car accidents and
decrease the performance of VANETs. Existing message
authentication approaches cannot secure networks against
the illusion attack because the adversary directly controls
and misleads the sensors (of its own car) to produce and
broadcast the incorrect traffic information.
Plausibility Validation Network (PVN) [19] is a new
security model to secure VANETs against illusion attacks.
PVN works by collecting raw data and verifying
whether the collected data are plausible or not. It takes two
types of inputs: incoming data from antennas and data
collected by sensors. These data are categorized by an input
data header. PVN has a rule database and data checking
module which helps to check the validity of input data and
take necessary action accordingly. A message is trustworthy
if it passes all verifications. Otherwise, it is considered as an
invalid message and dropped automatically. PVN can
cooperate with various types cryptography methods and
defend against more attacks.
Purposeful/Intentional Attack
Intentional or purposeful attack by insiders is very
difficult to prevent as they are authenticated and trusted to
perform the peer communications with neighbors.
In VANETs, it is very important to defend against
misbehavior, which are generated by purposeful attackers or
malfunctioning hardware (unintentional). A misbehaving
node can deny transmitting messages that it receives from
other nodes, misinterpret messages, use the bandwidth
improperly or inject bogus message. A technique has been
proposed in [14] to defense against misbehavior in V2V and
V2I communications. This technique considers anonymous
communications to prevent misbehavior and keeps the
privacy of vehicles. A threshold authentication technique is
used where a threshold value is setup to authenticate
misbehavior or malicious nodes a number of times. It
guarantees that any authentication over the threshold value
Impersonation Attack
In V2V communications, one vehicle can broadcast the
security messages to other vehicles that may have impact on
other vehicles and the traffic control system. Thus, all
messages should be authenticated and signed to reduce the
communication overhead. On the other hand, in
impersonation attacks, a malicious vehicle sends message on
behalf of other vehicles to create chaos, traffic jam,
accidents or other security attacks and hides itself.
Thus, the work done in [26] proposes a scheme, called
SPECS to ensure the security and privacy issues of V2V
communications and detect the impersonation attacks. This
approach is based on the idea of IBV protocol [28] which
suffers from impersonation attack and cannot fulfill privacy
requirements. To protect the identity of each vehicle it uses
pseudo-identity and a shared secret key mi between a vehicle
and RSU. The security scheme works as follows
To authenticate a vehicle with a nearby RSU the
scheme uses PKI with its real identity RIDi and password
PWDi. The RA authenticates the vehicle and generates the
shared secret key mi for the vehicle and RSU. TA forwards
mi with a hash function and an encrypted block, which
contains mi and system secret key, s. This encrypted block
can only be decrypted by authorized vehicles. The RSU
transmits this block to vehicles. Each time the vehicle passes
a new RSU a new shared secret key is generated. To
generate the signature it uses the shared secret key and one
way hash function with the signing key. As mi is only known
to a vehicle, RSU and TA attackers or other vehicles cannot
generate the valid signing key to sign the message. Invalid
signatures or attackers can be detected using a batch
verification process by RSU. In IBV, if any invalid signature
is found using the batch verification process the whole batch
is dropped. However, SPECS does not drop the whole batch;
it used binary search and divides the batch in two halves and
checks the invalidity on each half. If an attacker is found it
notifies other vehicles and repeats the process until the
search reaches a pre-defined level or all signatures are
validated. After verifying the signature the RSU broadcasts
the message to all vehicles without the hash value, which is
stored into positive and negative bloom filters. Any vehicle
wants to know the validity of a received message will create
the hash value and compare with the bloom filters hash
value. A message is valid if the hash value of this message is
found in the positive bloom filter. Otherwise, the message is
considered as invalid. Table I lists different types of security
attacks with attacker types and respective security attributes.
Table I: Comparison of security attacks with their types and
security requirements.
Name of Attack Attacker Type Security Attributes or
Requirements
Bogus Information Insider Data Integrity,
Authentication
Denial of Service
(DoS)
Malicious, active,
insider, network
attack
Availability
Masquerading Active, insider Authentication
Black hole Passive, outsider Availability
Malware Malicious, insider Availability
Spamming Malicious, insider Availability
Timing attack Malicious, insider Data integrity
GPS Spoofing Outsider Authentication
Man-in-the-
Middle
Insider, monitoring
attack
Data Integrity,
Confidentiality
Sybil Insider, network
attack
Authentication
Wormhole or
Tunneling
Outsider, malicious,
monitoring attack
Authentication,
Confidentiality
Illusion Attack Insider, malicious Authentication
Purposeful attack Active, insiders,
malfunctioning
hardware
Authentication
Impersonation Insider, network
attack
Authentication
IV. CLASSIFICATION OF SECURITY SCHEMES
Existing security and privacy schemes of Vehicular Ad
hoc Networks (VANETs) can be classified into the
following categories.
A. Public Key Approaches
In these approaches, each node is provided with a pair
of secret and public keys. Public Key Infrastructure (PKI)
should efficiently handle key management to provide
security. A scheme using PKI is proposed whenever a
vehicle has two extra hardware units: Event Data Recorder
(EDR) to record all events and Tamper Proof Hardware
(TPH) to perform cryptographic process.
The work done by Hesham et al. [10] proposes a
dynamic key distribution protocol that handles key
management without the need to store a large number of
keys for PKI support and thus, reduces the usages of Tamper
Proof Device (TPD). In this approach, vehicles unique
information such as Electronic license Plate (ELP), chassis
number that creates Vehicle Authentication Code (VAC) is
used a secret key between a certificate authority (CA) and a
vehicle. A CA is responsible for issuing, distributing,
renewing and revoking public key certificates [1].
This protocol has strong resistance against Denial of
Service (DoS) attack since it uses ELP and a secret key that
is encrypted with unique VAC. Moreover, Man-in-the
Middle attack is not possible since message between RSU,
OBU, and CA is confidential only to the message receiver
and Sybil attack is not possible since the unique identity,
VAC of each vehicle cannot be tampered.
The work done by Gazdar et al. [8] proposes efficient
dynamic cluster-based architecture of the Public Key
infrastructure (PKI) for Vehicular Ad hoc Networks
(VANETs) based on a trust model. Each vehicle will have a
trust value in the range [0, 1] where a new vehicle in the
network starts with 0.1. The vehicle with trust value 1 is the
most authentic and confident vehicle. Base on this trust
value, vehicles will have four different roles as Certificate
Authority (CA), Registration Authority (RA), Gateway
(GW) and Member Node (MN). A CA and RA which have
the trust value equal to 1 issues certificates to the vehicles in
a cluster and protect CA against attacker by avoiding direct
communication between an unknown vehicle and CA,
respectively. A GW is used for inter-cluster communication.
Other vehicles including MNs have to show good behavior
and cooperation to increase their trust values. In the
proposed architecture, a hierarchical monitoring process is
used to observe the behavior of vehicles, where a vehicle
with higher trust value monitors a vehicle with lower trust
level. Authors perform simulation to investigate the effect of
transmission range, vehicle speed and a number of
confidence vehicles on the security of VANETs.
Efficient Certificate Management Scheme (ECMV)
[27] is a PKI-based scheme, which provides an efficient
certificate management between different authorities and
hence, the OBU can update its certificates anywhere at any
instant. Even if the adversary manages to get into the
network, ECMV has an efficient certificate revocation
procedure to remove the adversary. This scheme reduces the
complexity of certificate managements to a great extent and
is very effective in providing security and scalability.
B. Symmetric and Hybrid Approaches
In these schemes nodes communicate after they share
and agree on a secret key that is used for communication.
Most security schemes of VANETs are based on either
public or symmetric keys. Recently, a hybrid system that
uses both symmetric and public keys has been proposed for
security in VANETs. It uses two types of communications:
pair-wise and group communication. Pair-wise
communication is used when two vehicles need to
communicate each other whereas in group communication
more than two vehicles communicate. Hybrid approaches
use symmetric keys for pair-wise communications to avoid
the overhead of using the key pair. However, symmetric
keys should not be used in the authentication process since it
prevents non repudiation. The size of a key is 1024 bits and
AES is used for encryption.
C. Certificate Revocation Approaches
A public key infrastructure (PKI) is widely used to
provide security in VANETs which includes certificate
revocation (i.e., terminating the membership of a vehicle)
[1]. Certificate revocation is performed by CA in two ways:
centralized or decentralized. In the centralized approach, a
central authority is responsible only for taking the revocation
decision whereas in decentralized approach, a group of
vehicles which are neighbors of the revoked vehicle take
such a decision.
This scheme is centralized and uses pervasive
infrastructure and not considered efficient since RSU sends
the certificate revocation list (CRL) list to OBU and thus, the
deployment cost becomes high. Some modified approaches
have been proposed such as Revocation Protocol of Tamper
Proof device (RTPD), Distributed Revocation Protocol
(DRP), Revocation Protocol using Compressed Revocation
Lists (RCCRL). RSU aided Certificate Revocation (RCR) is
another newly proposed scheme where a Trusted Third Party
(TTP) grants secret keys for each RSU so that it can sign
messages in its range. Once a certificate is detected as
invalid, certificate authorities (CA) issues messages to the
RSU which broadcasts messages to all vehicles to revoke
that particular certificate and stop communication with it.
D. ID-based Cryptography
Public Key Infrastructure (PKI) and symmetric key
cryptography are not the best schemes to provide security in
VANETs since they are infrastructure-less. Hence, ID-based
cryptography that covers the best features of other security
schemes is also being explored by the research community.
For instance, ID-based cryptography reduces the
computational cost in the ID-based Signature (IBS) process
for VANETs, and is preferable for authentication using the
ID-based Online/Offline Signature (IBOOS) scheme.
IBOOS increases efficiency by separating signing process
into an offline (executed initially at RSUs or vehicles) and
online phase (executed in vehicles during V2V
communications), in which the verification is more efficient
than that of IBS.
The work done by Lu et al. [11] proposes an ID-based
authentication framework that utilizes both IBS and IBOOS.
This framework utilizes self-defined pseudonyms instead of
real-world IDs without exposing vehicles privacy. This
framework is efficient in term of processing time, storage
and communication overhead. This is because this scheme
preloads a pool of IDs of regional RSUs in each vehicle,
which are very small in size and do not change frequently as
compared to other approaches that pre-stores IDs of all
RSUs. This scheme uses IBS for Vehicle-to-Roadside (V2R)
and Roadside-to-Vehicle (R2V) authentications whereas
IBOOS is used for V2V authentications. Evaluation results
show that this framework efficiently preserves the privacy in
VANETs.
Another work done by Pan et al. [21] proposes an
analytical model to quantify the location privacy based on a
simple scheme called Random Changing Pseudonyms (RCP)
where each vehicle changes its pseudonym after a random
point. However, it is very important to provide unlinkability
between two successive pseudonyms of a vehicle.
Otherwise, an intruder might be able to locate the vehicle by
mapping between successive pseudonyms. Moreover, the
probability of unlinkability between pseudonyms is affected
by the effectiveness of different pseudonym changing
schemes to protect location privacy. Thus, the analytical
model to quantify the effectiveness of pseudonym changing
schemes is an important research problem to provide
security in VANETs.
V. DISCUSSION AND FUTURE WORKS
Vehicular Ad hoc Networks (VANETs) are becoming
popular in transportation systems since they provide road
safety, traffic management, and Internet access on highway
and distribute safety information to drivers and passengers.
However, it poses a great challenge to implement VANETs
in value-added services due to the intruder vehicles and
several security attacks. Thus, providing security and
privacy in VANETs are considered as the most important
research issue in this area.
Additionally, mobility of vehicles and dynamic nature
of the network impose a great challenge to eliminate
malicious vehicles and design secured data transmission
protocols. Though extensive researches are being conducted
to provide security and privacy in VANETs most of these
approaches consider reducing computational and
communication overhead, and processing delay for
authentication between the source and destination vehicles.
Beside, most existing security schemes of VANETs do not
support the security checks while handing over a vehicle
from one Road Side Unit (RSU) to another RSU [15]. The
protocols for high priority applications are still in
exploratory level in terms of security measures. In addition,
the following aspects should be considered as future
research possibilities in this area.
Distributing certificates securely, validating them very
fast and computationally efficient way should be given
more attention while designing secured routing
protocols for VANETs.
Determining the mobility pattern of vehicles and
linking the mobility pattern with malicious vehicles
could be considered as a potential research in
providing security and privacy in VANETs.
Determining and assigning trust values to vehicles and
establishing trust among vehicles are significantly
important to provide the integrity and reliability of
applications in VANETs.
The change of MAC addresses along with the
pseudonyms has not received sufficient attention. If the
IP address changes with the pseudonym the MAC
address should also change. Otherwise, adversaries can
easily track the target vehicle by its MAC address.
VANETs can provide Internet services on highways.
Users normally use Internet on highways for
emergency communications (e.g., checking emails, and
instant messaging) and social network applications
(e.g., facebook, twitter). Thus, designing secured
communication protocols for VANETs to protect user
profiles and private data from malicious vehicles
should be given the highest priority in this area of
research.
REFERENCES
[1]
Innovations in Information Technology (IIT), 2011 International
Conference on, pp.214-219, 25-27 April 201.1
[2
ACM/SIGMOBILE Workshop on
Dependability Issues in Wireless Ad Hoc Networks and Sensor Networks,
pages 1 8, 2006.
[3] S. Biswas, R. Tatchikou, and F. -to-Vehicle Wireless
IEEE
Communications Magazine, vol.44, no 1, pp. 74-82, January 2006.
[4] -based encryption from the Weil
Proc. of Crypto2001, LNCS, pp. 213-229, Springer-Verlag, 2001.
[5] Chen Chen, Xin Wang, Weili Han, and Binyu Zang
Distributed Computing
Systems Workshops, ICDCS Workshops '09. 29th IEEE International
Conference on, 2009, pp. 270-276, 2009.
[6] Chenxi Zhang, Xiaodong Lin, Rongxing Lu, and Pin-
An Efficient RSU Aided Message Authentication Scheme in Vehicular
Communications. ICC'08. IEEE International
Conference on, pp. 1451-1457, 2008.
[7] J In First International Workshop on
Peer-to-Peer Systems, pages 251 260, 2002.
[8] T. Gazdar, A. Benslimane and A. Belghith
Vehicular Technology Conference
(VTC Spring), 2011 IEEE 73rd, pp.1-5, 15-18 May 2011
[9
IEEE International Conference on Mobile Ad hoc and Sensor
Systems, 2007 -6, 2007
[10] A. Hesham, A. Abdel-Hamid and M.A. El-
distribution protocol for PKI- Wireless Days (WD), 2011
IFIP, pp.1-3, 10-12 Oct. 2011
[11] Huang Lu, Jie -based authentication
Computing,
Communications and Applications Conference (ComComAp), 2012, pp.
345-350, 11-13 Jan. 2012
[12] Y.C. Hu, A. Perrig and D.B Johnson cket leashes: a defense
INFOCOM 2003. Twenty-
Second Annual Joint Conference of the IEEE Computer and
Communications. IEEE Societies, vol. 3, pp. 1976-1986, 2003.
[13] D. Jiang and L. Delgrossi
In Proceedings
of IEEE Vehicular Technology Conference (VTC) spring, pp. 2036-2040,
May 2008.
[14] Jinyuan Sun, Yuguang Fang
Military
Communications Conference MILCOM 2008. IEEE, pp. 1-7, 2008.
[15] Md Mahbubul Haque, Jelena Misic, Vojislav Misic, Subir Biswas and
in Encyclopedia of
Wireless and Mobile Communications, September, 2009.
[16] M. Manvi, M.S. Kakkasageri, and D.G. Adiga
Authentication in Vehicular Ad Hoc Networks: E
Future Computer and Communication, ICFCC 2009. International
Conference on, 2009, pp. 16-20.
[17] Maxim Raya and Jean-
Proceedings of the 3rd ACM workshop on Security of ad
hoc and sensor networks (SASN '05), 2005.
[18] Maxim Raya, P. Papadimitratos and Jean-Pierre
IEEE Wireless Communications Magazine,
Special Issue on Inter-Vehicular Communications, pp. 8 15, 2006.
[19] Nai-Wei Lo, Hsiao-Chien Tsai
Applications - Globecom Workshops,
2007 IEEE, pp.1-8, 2007.
[20
International symposium on
information processing in sensor networks, pages 259 268, 2004.
[21] Yuanyuan Pan, Jianqing Li, Li Feng
Network
Computing and Information Security (NCIS), 2011 International
Conference on, vol.2, pp.141-145, 14-15 May 2011.
[22] W. Pires, T. de Paula Figueiredo, HC. Wong, and A. Loureiro,
IEEE
International Parallel & Distributed Processing Symposium, 2004.
[23] S.M. Safi, A. Movaghar and M. Mohammadizadeh
Internet. AH-ICI 2009, First
Asian Himalayas International Conference on, 2009, pp. 1-6
[24] I.A. Sumra, I. Ahmad, H. Hasbullah and J.-L. bin Ab Manan,
Ultra Modern Telecommunications and Control
Systems and Workshops (ICUMT), 2011 3rd International Congress on,
pp.1-8, 5-7 Oct. 2011
[25] Soyoung Park, B. Aslam, D. Turgut and C.C. Zou
Sybil attack in vehicular ad hoc network
Military Communications Conference, MILCOM,IEEE, 2009, pp. 1-7
[26] Tat Wing Chim, S.M. Yiu, L.C.K. Hui and V.O.K Li
Privacy Issues for Inter- Sensor,
Mesh and Ad Hoc Communications and Networks Workshops, 2009.
SECON Workshops '09. 6th Annual IEEE Communications Society
Conference on, 2009, pp. 1-3.
[27] A. Wasef, Y. Jiang, X. Shen
, In: Proceedings of the IEEE GLOBECOM
2008, pp. 1-5.
[28] C. Zhang, R. Lu, X. Lin, P.H. Ho and X.
based Batch Verification Scheme for Vehic IEEE
, Apr. 2008, pp. 816 824.