Routing and data diffusion in VANETs -- Security requirements
Editor's Note: Wireless sensor networks lie at the heart of emerging applications in nearly every industry segment. In building these networks, designers contend with issues that encompass real-time communications, efficient high-bandwidth data exchange, multiple network topologies, selection of optimal routing strategies, and more. The book, Building Wireless Sensor Networks, offers detailed treatments on critical requirements and promising solutions in each of these areas and more.
This excerpt focuses on design challenges and methods associated with creating a vehicular ad hoc network (VANET). To share data as vehicles pass on roads or rest in parking areas, a VANET must contend with issues as varied as the physics of signal propagation, the fluid nature of data routing, and the security vulnerabilities associated with participation in an ad hoc network. Because of the changing nature of a VANET, designers need a broad understanding of these issues.
In this excerpt from the book, the authors offer an in-depth discussion that defines the nature of VANET challenges and discusses alternatives for their solution. Continuing the description of VANETs in part 1, part 2, part 3, and part 4, this installment of this series provides an in-depth discussion of security requirements for VANETs.
Elsevier is offering this and other engineering books at a 30% discount. To use this discount, click here and use code ENGIN318 during checkout.
Adapted from Building Wireless Sensor Networks, by Smain Femmam, Editor.
Chapter 3. Routing and data diffusion in vehicular ad hoc networks (Cont.)
By Frédéric Drouhin and Sébastien Bindel
3.4. VANET security
The VANET offers a multitude of services ranging from accident prevention, multimedia and Internet access. These different uses are strongly linked to computer security. Moreover, the VANET protocol stack references the open system interconnection (OSI) network model, and so, inherits from its vulnerability. Indeed, by taking a simple example with a vehicle (malicious vehicle), which broadcasts alert messages, it is easy to cause congestion or even accidents. This simple example shows the need to integrate IT security into VANETs.
Safety goes beyond accident prevention even and remains a priority. Risks related to the interception of data that may compromise both vehicle (e.g. owner data of the manufacturer, vehicle location) and driver (privacy data such as home location). Through these examples, security is at the heart of the VANET issues such as the recent work of [ABB 16] on the controller area network (CAN) bus safety. In addition, like all connected devices, vehicles can be used as botnets to relay attacks of the type Deny of Service (like MIRAI botnet) and consequently cause congestion of network traffic.
The attack objectives vary and depend on the target of a hacker. They may want to alter the proper functioning of a system, destabilize a company or even a country, steal data, trade secrets, private data as mentioned above, in order to use or resell it and of course to serve as an emblem of a given hacker’s dubious skills. These attacks can be carried out by individuals, a set of constituted and coordinated individuals, rival companies, foreign governments, but also the government of a country (e.g. population supervision). These attacks do not necessarily seek to be destructive but can alter the proper functioning of the networks and thus cause varying amounts of damage. Depending on the type of attack, company employees (seeking revenge) can also participate in these attacks and have a much greater impact.
The VANET security protocols must guarantee the important notions of security: authentication, non-repudiation, integrity but also the private data of the manufacturer and the driver and his passengers. It concerns vehicles, RSU and both V2V and V2I communication.
The first section describes the security requirements in VANETs generalized to the IoT, the second section gives the various attacks in terms of passive attacks and active attacks and the last section discusses VANET security solutions.
3.4.1. Security requirements in VANET
[KER 16] and [XIA 05] describe the protection against different attacks using various requirements in VANET security set-up. These requirements are:
– Authenticity: data authentification ensures that a message is trustworthy and sent by a legitimate and authorized vehicle.
– Integrity: data should not be altered or modified by an unauthorized third party. Modifications may be intentional or due to faulty sensors.
– Non-repudiation: is the mechanism to associate a transaction with the emitter. The emitter cannot deny that the message was sent by itself.
–Availability: communication channel should be available to allow vehicles to send information and other vehicles to receive.
– Access control: a transaction sent should be reliable and secure and altered messages removed by an authority.
– Confidentiality: when exchanging data, the confidentiality of data should be guaranteed. In VANETs, vehicles are also anonymous from the point of view of other vehicles and from RSUs. On the other hand, they must be recognized by a trusted authority.
All these requirements are mandatory in order to ensure security in VANET.
3.4.2. VANET security threats
In this section, major attacks are described. In a wireless network, passive listening is all the easier as the air medium is difficult to control. Passive attacks do not change the operation of the system but seek to collect information about the system. As part of the VANET, the hacker will seek to collect a set of information about the vehicle (theft of industrial secrets) or data from the private life of the driver. Indeed, the attacks also concern the passengers since the VANETs also include playful aspects and, with the extension of the WiFi in vehicles as a new service, passengers are also sensitive to these attacks. Moreover, the layers between the on-board WiFi and the VANET communication (or even CAN bus) should be studied in order to be sure that intercommunication is not possible.