Real-time ConstraintThe connection in VANET has a real-time processing nature due to the short time period of communication; hence required use a fast cryptographic method for entity verification, attacks prevention, and information exchange as they are with high speed traveling.Threads and AttacksThe attack on a VANET, like other networks, targets the privacy and security service in term of “CIA” (Confidentiality, Integrity, and Availability). There are several classifications of attacks that we will explain briefly.
Capacity-based AttacksAl-Qahtani categorized attacks based on intentions and manner of attackers as follows:Rational and Malicious. Rational attacker is predictable and has the personal benefits. The malicious attacker damages the functionality of the network; unlike the rational attacker, he hasn’t personal profit to attack.
Passive and Active. A passive attacker spies on the network, whereas an active attacker creates packets and sends them to the network.Insider and Outsider. Outsiders are the infiltrators and have limited power, whereas Insiders are the trusted vehicles in the network.Maxim et al mentioned one more attribute to this classification that is:Local and Extended. A local attacker has a limited scope, unlike an extended attacker who controls several entities within the network in order to extend.Security Information AttacksA VANET is vulnerable to various types of attacks. Different attacks have a different impact on the network.
Another classification includes attacks that target the Information security that includes:Confidentiality, an important issue for vehicle users is the privacy of the location and anonymity. Insider and outsider attackers collect the messages illegally to gather information about the location at a time when the users of the vehicles are unaware.Availability, means having access to data or a service at any the times. Examples of attacks that affect the availability are Denial of service (DOS) attack, Spamming, Malware, and etc.Authenticity, means ensuring the validity of the information received. The attacks that threaten authenticity include Sybil attack, Node Impersonation attack, Replay, and etc.Miscellaneous threats, attacks that do not place in any of the previous groups, for example, Timing Attack, ID Disclosure, Bogus information, and etc.
Irshad et al. suggested another classification for the security information attacks includes five classes of attack.Network Attack: Vehicles and infrastructures are the objectives in this attack. Since the network is fully affected by this attack, it has paramount.
The network attack targets the legitimate users in the network and creates problems for them. Denial of service (DOS) Attack, Sybil Attack, and Node Impersonation Attack are examples of this attack.Application Attack: The network applications are divided into safety and non-safety applications. The attacker changes the content of the applications and sends them to other vehicles. Since safety applications send warning messages, it has paramount, where falsification of these messages leads to significant human and material losses.
While non-safety applications are associated with user comfort and improved traffic system.Timing Attack: In this type of attack, an attacker creates a delay in a message sent over the network. The recipient receives the message after expiry. Critical time applications as safety applications become useless if they are delayed.
Social Attack: Unethical messages sent in the network and intended to create problems. This type of messages infuriates legitimate users.Monitoring Attack: an attacker eavesdrops on communications within the network (V2V ; V2I); whenever finds relevant information sent to the person concerned. ID discloses attack is an example of this attack.Here we will discuss and analyze some of the attacks that VANET suffers from them.Denial of Service (DOS) attackDenial of Service (DoS) is one of the most serious attacks. The attacker in DoS tries to control and consumes the resources. The attacker also attempts to disruption of the communication channel by sending a group of unrelated messages, RF interference, and confusion as a result vehicle cannot send and receive important messages or access to the network.
Sybil AttackAn attacker forces the vehicles to take another road through the illusion that there is congestion on the road. The attacker controls the most important part of the network to misuse it or to destroy the proper network connection.The attacker sends a bunch of messages to other vehicles. Each message carries a fake ID to give the illusion that messages come from different vehicles and thus the road will be clear for the attacker.Malware and SpamMalware causes malfunctions in the VANET; for example, a malicious node sends a large number of messages that cause consumption of network resources.
Because of the lack of centralized administration and infrastructure, it is difficult to control this type of attacks.ImpersonateTo access and use resources that are not available to an attacker or to disable the network performance, the attacker will spoof the identity and privileges of the authorized node.An attacker is an active attacker from inside or outside the network and exploits a gap in either the transport layer, application layer, or network layer.Black Hole AttackThe black-hole attack redirects the network traffic. Malicious nodes in this type of attack drop or misuse the packets. Furthermore, they refuse to participate in the network.
Bogus InformationAn attacker, in Bogus Information, transmits incorrect information to the network for falsifying the traffic.Timing AttackSome messages are critical-time messages and should arrive on time. An attacker increases the message time-slots which caused the delay in the message transmission. Consequently, neighboring vehicles receive the message too late.
Wormhole AttackIn this type of attack, the malicious nodes create a tunnel. Data transferred from one end of the network to the other by malicious nodes. With take control of the network by the attacker, it becomes difficult to determine an authoritative path moreover data security will be threatened.Illusion AttackIn the illusion attack, an opponent sends a false warning message and causes traffic congestion. This happens due to changes in the driver’s behavior after receiving the forged message.
Adversaries and AttackersThere are different intentions for attacking the network. An attacker targets the network for fame or personal purposes. This section discusses some categories of attackers.Pranksters.
Pranksters are people who seek fame by damaging others.Malicious Attacker. On the contrary of Pranksters, Malicious attackers have specific targets and have access to network resources.
Selfish Driver. Attackers exploit the network for their personal benefit regardless of the damage resulting in the network.Solutions for Different AttacksThere are different security and privacy schemes for VANETs exist.
Following are countermeasures against different attacks to maintain security and privacy of VANET message communication.Attacked Packet Detection AlgorithmRoselinMary et al. proposed an Attacked Packet Detection Algorithm (APDA) method to detect the DOS attack in a VANET. An APDA reveals attacks through factors like the velocity, frequency, and change in position. The APDA algorithm improves network security as well as prevents delays.An APDA depends on the RSU for the message transmitting process. The vehicle used APDA algorithm for sending a message to the RSU.
Conversely, the RSU uses the APDA mechanism to detect data packets and the position of the vehicle; information stored in the OBU and TAMPER is used for this purpose. If the data packet is attacked ((the vehicle has the high Frequency and Velocity), the opponent vehicle will track.Timestamp SeriesTo defend against Sybil attack, Soyoung et al. presented the “timestamp series” method. The method depends on the roadside unit (RSU).
Although the timestamp method depends on digital certificates, but avoids the using of the Vehicular Public Key Infrastructure (VPKI).In order to determine the attack, each vehicle gets the certified timestamps whenever it passes near an RSU. Thus a traffic message sent by the vehicle must contain a series of most of the timestamp certificates that he recently obtained. Because of the dynamics of the topology, it is rare for two vehicles to get certified timestamps at the same time from the same RSUs; therefore Sybil attack can be detected.
Authenticated Routing for Ad hoc NetworkAn Authenticated Routing for Ad-hoc Network (ARAN) method depends on public key encryption. The certificate server should know the public keys for all vehicles. The ARAN uses the timestamp for ensuring the freshness of the route. For route discovery, the source node broadcasts Route Discovery Packet to its neighbors. Each node appends its signature and certificate to the packet then rebroadcasts the packet. When the destination receives the packet, creates the Reply packet and sends it through the same route but in the opposite direction.
In the event of breaking the route due to the movement of the node an Error (ERR) message will be sent. Therefore, each node requires maintaining the nodes’ routing table. An unfounded node will be deactivated from the table.Packet Sequence Number {la2014security} referenced a solution for Black hole attack in which using packet sequence numbers. This sequence numbers placed in the packet header. Thereby the destination can detect if a packet lost, from the missing packet sequence number.Elliptic Curve Digital Signature Algorithm{la2014security} mentioned an Elliptic Curve Digital Signature Algorithm (ECDSE) as a solution for Bogus Information attacks.
The ECDSA uses the hashing technique to provide authentication for the destination vehicles, keep messages confidential, and to authenticate messages. The vehicles in the network have private and public keys. The vehicle’s public key is known to all vehicles in VANETs. The source and the destination vehicles agree upon the elliptic curve domain parameters.
The source vehicle hashes and encrypts the message using a hash algorithm and private key; then forward the message to the destination vehicle. In another side, the destination decrypts the message using the public key. The changing in the message will cause the changing in the hash message.
The hashing is a strong technique and an efficient scheme for authenticating messages. Vehicle-to-Infrastructure Privacy EnforcementA Vehicle-to-Infrastructure Privacy Enforcement pRotocol (VIPER) cite{cencioni2008mechanism} is used to protect VANET against a timing attack. To maintain messages confidential, the VIPER encrypts messages. For this purpose, a public key cryptosystem is used to protect the network against eavesdroppers. Moreover, VIPER uses Hash Message Authentication Code (HMAC); as a result, the vehicle can determine if is the message destination without decrypting the message. In this mechanism, the vehicles act as the mix nodes. The mix means vehicles that belong to the same group. The group means a combination of vehicles registered within an RSU.
When the vehicle needs to send a message to the RSU, flips a biased coin which has two sides: send and forward. The forward means, the vehicle randomly selects a vehicle to forward the message to it; while the send means, the vehicle sends the message for the RSU. The RSU periodically broadcasts the identities of vehicles currently belonging to the group via a message called group notification messages (GNM).
Plausibility Validation NetworkA Plausibility Validation Network (PVN) is a secure method to detect illusion attack. The PVN checks the incoming data to the system and verifies whether the data is reasonable or not.In general, data enters the system either via a wireless antenna or sensors. This data classified based on data-type header. The PVN consists of two modules: the rule database and the plausibility network checking module where the PVN by them validate data received. Depending on the type of the message received, the system retrieves a rule set from the rule database, which consists of a series of verification procedures; on the other hand, a PN checker performs a cross-verification process. The message is trustworthy if it complies with the rules in the rule set otherwise it will be dropped.Packet Leash{la2014security} referred to a temporal leash as a solution for preventing wormhole attacks in which ensuring upper bound of travel distance for each packet.
In this technique, all vehicles synchronized with the clock. It is necessary to adjust the time synchronization between the connected parties. All vehicles know the clock difference between any two vehicles. Also, each vehicle knows the public keys for other vehicles. A symmetric cryptographic primitive used for the message authentication.
If the package travel distance is more than the distance allowed to travel, then there is an attack on the network; moreover, retransmitting the packet by the wormhole caused delay it long enough so that the identical key has been invalid.
