Routing and data diffusion in VANETs — Security requirements

Editor's Note: Wireless sensor networks lie at the heart of emerging applications in nearly every industry segment. In building these networks, designers contend with issues that encompass real-time communications, efficient high-bandwidth data exchange, multiple network topologies, selection of optimal routing strategies, and more. The book, Building Wireless Sensor Networks, offers detailed treatments on critical requirements and promising solutions in each of these areas and more. 

This excerpt focuses on design challenges and methods associated with creating a vehicular ad hoc network (VANET). To share data as vehicles pass on roads or rest in parking areas, a VANET must contend with issues as varied as the physics of signal propagation, the fluid nature of data routing, and the security vulnerabilities associated with participation in an ad hoc network. Because of the changing nature of a VANET, designers need a broad understanding of these issues. 

In this excerpt from the book, the authors offer an in-depth discussion that defines the nature of VANET challenges and discusses alternatives for their solution. Continuing the description of VANETs in part 1, part 2, part 3, and part 4, this installment of this series provides an in-depth discussion of security requirements for VANETs. 

Elsevier is offering this and other engineering books at a 30% discount. To use this discount, click here and use code ENGIN318 during checkout.

Adapted from Building Wireless Sensor Networks , by Smain Femmam, Editor.

Chapter 3. Routing and data diffusion in vehicular ad hoc networks (Cont.)
By Frédéric Drouhin and Sébastien Bindel

3.4. VANET security

The VANET offers a multitude of services ranging from accident prevention, multimedia and Internet access. These different uses are strongly linked to computer security. Moreover, the VANET protocol stack references the open system interconnection (OSI) network model, and so, inherits from its vulnerability. Indeed, by taking a simple example with a vehicle (malicious vehicle ), which broadcasts alert messages, it is easy to cause congestion or even accidents. This simple example shows the need to integrate IT security into VANETs.

Safety goes beyond accident prevention even and remains a priority. Risks related to the interception of data that may compromise both vehicle (e.g. owner data of the manufacturer, vehicle location) and driver (privacy data such as home location). Through these examples, security is at the heart of the VANET issues such as the recent work of [ABB 16] on the controller area network (CAN) bus safety. In addition, like all connected devices, vehicles can be used as botnets to relay attacks of the type Deny of Service (like MIRAI botnet) and consequently cause congestion of network traffic.

The attack objectives vary and depend on the target of a hacker. They may want to alter the proper functioning of a system, destabilize a company or even a country, steal data, trade secrets, private data as mentioned above, in order to use or resell it and of course to serve as an emblem of a given hacker’s dubious skills. These attacks can be carried out by individuals, a set of constituted and coordinated individuals, rival companies, foreign governments, but also the government of a country (e.g. population supervision). These attacks do not necessarily seek to be destructive but can alter the proper functioning of the networks and thus cause varying amounts of damage. Depending on the type of attack, company employees (seeking revenge) can also participate in these attacks and have a much greater impact.

The VANET security protocols must guarantee the important notions of security: authentication, non-repudiation, integrity but also the private data of the manufacturer and the driver and his passengers. It concerns vehicles, RSU and both V2V and V2I communication.

The first section describes the security requirements in VANETs generalized to the IoT, the second section gives the various attacks in terms of passive attacks and active attacks and the last section discusses VANET security solutions.

3.4.1. Security requirements in VANET

[KER 16] and [XIA 05] describe the protection against different attacks using various requirements in VANET security set-up. These requirements are:

Authenticity : data authentification ensures that a message is trustworthy and sent by a legitimate and authorized vehicle.

Integrity : data should not be altered or modified by an unauthorized third party. Modifications may be intentional or due to faulty sensors.

Non-repudiation : is the mechanism to associate a transaction with the emitter. The emitter cannot deny that the message was sent by itself.

Availability : communication channel should be available to allow vehicles to send information and other vehicles to receive.

Access control : a transaction sent should be reliable and secure and altered messages removed by an authority.

Confidentiality : when exchanging data, the confidentiality of data should be guaranteed. In VANETs, vehicles are also anonymous from the point of view of other vehicles and from RSUs. On the other hand, they must be recognized by a trusted authority.

All these requirements are mandatory in order to ensure security in VANET.

3.4.2. VANET security threats

In this section, major attacks are described. In a wireless network, passive listening is all the easier as the air medium is difficult to control. Passive attacks do not change the operation of the system but seek to collect information about the system. As part of the VANET, the hacker will seek to collect a set of information about the vehicle (theft of industrial secrets) or data from the private life of the driver. Indeed, the attacks also concern the passengers since the VANETs also include playful aspects and, with the extension of the WiFi in vehicles as a new service, passengers are also sensitive to these attacks. Moreover, the layers between the on-board WiFi and the VANET communication (or even CAN bus) should be studied in order to be sure that intercommunication is not possible.

Active attacks cause the attacked system to malfunction. Hackers seek to disrupt the system in order to render it inoperative or no longer able to perform the service for which it is made. Both passive and active attacks pass by the analysis and monitoring of the traffic (i.e. messages exchanged). Even if the analysis and the monitoring are passive, it is the basis of any attack. It consists of intercepting all of the traffic and then detecting a security breach or collected data. Hackers may monitor and analyze a network to collect all information or use brute force attacks by generating a large number of consecutive values usually breaking encryption keys. The brute force attack can be time- and resource-consuming.

Different attacks concern security and confidential threats and concern both on-board units (OBU) and RSU. Note that the RSU should be actively protected since they may be used as authority or at least manage the communication authority. RSU also manage traceability that coexists with confidentiality. Attacks do not only refer to a given hacker’s targets but can be a consequence of faulty devices or captors (e.g. wrong temperature, wrong node speed or wrong location). Faulty devices may cause wrong interpretations similar to attacks by hackers (deny-of-service, delay in delivery, etc.), and finally, spread faulty information which may cause congestion and safety issues like masquerading attacks.

[MEJ 14] provides a list of different possible attacks:

Availability :

Denial Of Service (DoS): one or several nodes (distributed denial of service – DDoS) flood a network by sending continuous (dummy) messages that overload a network and make it unusable or at least reduces network efficiency. This method can also target a single and specific node.

Jamming : at the level of propagation, it consists of transmitting on the same frequency ranges as VANET.

Black hole attack : since a node can route and forward messages to other nodes, it can drop all the traffic and discard all packets. This node may be related to a sink node. A gray hole attack does not drop all packets but selects information type (e.g. safety) or randomly drops some information.

Malware : like any computer-based system, VANET is sensitive to viruses, worms, trojans, spyware, adware, rootkits, ransomware, etc. The differences with the previous cited attacks is that VANET need to install a third-party software, but VANET are still affected in case of snooping attacks (spyware, adware), it can also be used for data modification (viruses) or as a relay in an attack dedicated to VANETs or even for a more global attack on the Internet (ransomware, rootskits, trojans, worms).

Integrity :

Replay attack : consists of replaying the original message emitted by an authenticated and authorized vehicle. This kind of attack affects the network (flooding) and resources on vehicles (CPU, memory, etc.), and, of course, alters VANET service. This attack does not focus on stopping the operation of VANET like a denial of service attack.

Data modification attack : an active attack, it is based on interception of exchanged data. This data can be modified and deleted in order to alter the comprehension of the message and to prevent information arriving at the receivers, e.g. in the case of an accident or traffic congestion.

Authenticity and identification :

Replay attack and masquerading attack : an already described in the previous paragraph (Integrity).

GPS spoofing : one or several nodes (malicious or infected nodes) send fake locations which affect geographical protocols or service applications based on GPS.

Timing attack : consists of delaying messages, especially safety messages, or prevents information arriving on time to receivers (expired information).

Repudiation : a node denies a message that has been sent by itself which requires sending the message a second time (time- and resource- consuming).

Sybil attack : similar to a botnet, hackers launch attacks using controlled nodes (malicious or infected nodes) to relay other attacks (e.g. replay, timing, DoS attacks). It can also be used to propagate an attack on VANET or Internet nodes.

Masquerading attack : can be used in an impersonation attack where the authorized and authenticated vehicle provides a valid identity to the attacker. The node can turn into a malicious node and send fake alerts or malicious messages: betrayal attack.

Confidentiality :

Traffic analysis : monitor and analyze network to collect information and find security breaches. Once enough data are collected, they might be modified, altered or stolen.

Eavesdropping : e.g. man in the middle, essentially intercepting communication.

Snooping attack : mainly concerns privacy data both from industrial and driver/passengers information. In this case, it concerns information from drivers’ licenses and car information to Global Positioning System (GPS) position of home/work place, etc.

Table 3.2 summarizes attacks and attacked services based on requirements in section 3.4.1.

Table 3.2. Security threats and solution category

The next installment of this series discusses IEEE 1609.2-2016 — IEEE Standard for Wireless Access in Vehicular Environments and Security Services for Applications and Management Messages.

Reprinted with permission from Elsevier/ISTE Press, Copyright © 2017

Frédéric Drouhin is an Assistant Professor in the Laboratoire Modélisation Intelligence Processus Systèmes (MIPS) at the Université de Haute Alsace.

Sébastien Bindel is an Associate Professor in the Département Réseaux et Télécommunications at Université de Haute-Alsace.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.