220 likes | 373 Views
Security Threats in Vehicular Ad Hoc Networks. Author: Ahmed Shoeb Al Hasan , Md. Shohrab Hossain , Mohammed Atiquzzaman Publisher: 2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI ) Presenter : 柯 懷 貿 Date: 2018/10/31.
E N D
Security Threats in Vehicular Ad Hoc Networks Author:Ahmed Shoeb Al Hasan, Md. Shohrab Hossain, Mohammed Atiquzzaman Publisher: 2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI) Presenter: 柯懷貿 Date: 2018/10/31 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.
Introduction • A new type of Mobile Ad Hoc Network (MANET) is Vehicular Ad Hoc Network (VANET) that allows smart transport system to provide road security and reduce traffic jam through automobile to automobile and automobile to roadside communication. • Two types of communication technologies are implementedfor VANET, Vehicle to Vehicle (V2V) and another is Vehicle to Infrastructure (V2I). National Cheng Kung University CSIE Computer & Internet Architecture Lab
VANET • Many features of VANET are different from MANET such as cost of VANET is higher than MANET, due to the higher speed of vehicles over mobile nodes. • Basically there are two types of applications in VANET, one is safety related applications and another is comfort applications. National Cheng Kung University CSIE Computer & Internet Architecture Lab
Safety Applications • Assistance Messages (AM): These messages include lane switching messages, cooperative collision avoidance (CCA), and navigating. • Information Messages (IMs): Examples of such messages are work zone information, in the highway, toll point ahead, and speed limit. • Warning Messages (WMs): Examples of WMs are post-crash, obstacle, stop light (ahead) in a highway, toll point, or road condition warnings. National Cheng Kung University CSIE Computer & Internet Architecture Lab
Comfort Applications • Automatic toll collection: Using this service, payment is completed electronically. So the vehicle doesn’t need to stop to pay the fees. • Location based applications: Location of restaurants, gas station, shopping malls, ATMs etc. Vehicles can exchange these information through network. • Internet Connectivity: Vehicle passengers can access Internet to receive or send emails using internet. Using vehicular networks reduces the cost of RSU. National Cheng Kung University CSIE Computer & Internet Architecture Lab
False Information • A malicious node can send incorrect or wrong information for its own benefit. • Elliptic Curve Digital Signature Algorithm (ECDSA) : Sender first uses the public key of the destination node to encrypt the message, then encrypted using a hash algorithm and further encrypted by the private key of the sender. • If the message is altered in the transmission channel, then the hash too will be changed which can be easily detected by the destination vehicle National Cheng Kung University CSIE Computer & Internet Architecture Lab
Denial of Service (DoS) • A malicious car may send malicious messages repeatedly to jam the network as well as to the RSU to reduce its efficiency. • Distributed Denial of Service (DDoS) poses more threat than DoS where multiple vehicles attack one single vehicle. National Cheng Kung University CSIE Computer & Internet Architecture Lab
Deception & Black Hole Attack • Deception: A vehicle may pretend to be another one to benefit its movement. • Black Hole Attack: data packets may get lost while travelling through the Black Hole that has no node or some nodes that refuse to transmit data packets to the next destination. • Redundant paths between the sender and the destination add to the network complexity. Use of sequence number in the packet header is another solution. National Cheng Kung University CSIE Computer & Internet Architecture Lab
Malware and Spam • These attacks are caused by malicious insider nodes of the network rather than outsider. • The attack is initiated during the software updating of OBUs and RSUs. The impact of these attacks include increased. • These attacks can be mitigated by centralized administration. National Cheng Kung University CSIE Computer & Internet Architecture Lab
Timing Attack & Man in the Middle Attack • Timing Attack: The neighboring vehicles don’t receive the message at the proper time to avoid a dangerous situation. • Man in the Middle Attack: A malicious car can overhear communication between two vehicles. National Cheng Kung University CSIE Computer & Internet Architecture Lab
Global Positioning System (GPS) Spoofing • A malicious vehicle may alter the information in the location table to some other random location. • A vehicle can be deceived to think that it is in a different position by reading the false information • An attacker can also use a GPS simulator to produce signals stronger than the original satellite. National Cheng Kung University CSIE Computer & Internet Architecture Lab
Sybil Attack • In this attack, a single malicious node may produce different identities, thereby, transmits messaging that seem to be from different legitimate vehicles. • Other legitimate vehicles think the network has many vehicles which is not the case. This attack can be extremely harmful since at a certain time, a malicious automobile can claim itself to be present in different places. • Resource testingcan be used to detect Sybil attack, but this approach is not appropriate for VANET as the attacker vehicle can have more resources than the legitimate vehicle. To overcome this problem, radio resource testing is used in. National Cheng Kung University CSIE Computer & Internet Architecture Lab
Sybil Attack • Public Key cryptography can be used to eliminate Sybil attack where all the vehicles will be authenticated using public key, as well as key revocation. • Timestamp series approach can secure development stage VANET from Sybil attacks by detecting a vehicle gets several messages with common timestamp certificate. National Cheng Kung University CSIE Computer & Internet Architecture Lab
Wormhole Attack • A tunnel is created by more than one malicious vehicles to send messages from one part of the network to another part to reach other malicious vehicle. • A well-known approach to prevent wormhole attack is Packet leash that calculates the differences between allowed travel distance and travel distance of the packet to identify an attack. National Cheng Kung University CSIE Computer & Internet Architecture Lab
Illusion Attack & Impersonation Attack • illusion attack: A new threat in VANET which creates illusions to neighboring and Plausibility Validation Network (PVN) is a method to avoid it. • Impersonation Attack : A malicious vehicle sends messages using the identity of another vehicle to create traffic jam, chaos, accidents and hides itself. Secure and privacy enhancing communications schemes (SPECS) is a method to avoid it. National Cheng Kung University CSIE Computer & Internet Architecture Lab
Public Key Methods • Each node is equipped with two keys, which are public and secret key. • Key organization is handled by Public Key Infrastructure (PKI) containing event data recorder keeps records of all the events and tamper-proof hardware is used to perform cryptographic approach. • Dynamic key distribution protocol and dynamic cluster-based architecture of PKI with trust value from 0 to 1 are available. National Cheng Kung University CSIE Computer & Internet Architecture Lab
Symmetric and Hybrid Methods • Vehicles contact each other when both of them share a secret key. • Both public and symmetric key are used in hybrid system for two types of communications in this approach: pairwise and group communication. • To avert the use of key pair to reduce overhead, symmetric key is used for pairwise communication in hybrid system. National Cheng Kung University CSIE Computer & Internet Architecture Lab
ID-based Cryptography • This scheme does not expose vehicle privacy by not using real-world IDs rather it uses self-constructed pseudonyms. • ID-based online/offline signature (IBOOS) scheme is used which offline process is performed first in the vehicles or in the RSUs while online phase is performed during V2V communications among the vehicles. • IBOOS is more efficient in the verification process than IBS. National Cheng Kung University CSIE Computer & Internet Architecture Lab
Certificate Revocation Methods • Centralized and decentralized, in these two ways certification is used for invalidating the association of a vehicle. • In centralized system certificate authority (CA) initiates revocation while in decentralized approach, revocation decision is taken by the neighboring vehicles. National Cheng Kung University CSIE Computer & Internet Architecture Lab