Lecture 7 Security in Vehicular Ad-hoc Networks (VANETs)

1
Lecture 7Security in Vehicular Ad-hoc Networks
(VANETs)

• Asst.Prof. Supakorn Kungpisdan, Ph.D.
• supakorn_at_mut.ac.th

2
Outline

• VANET Introduction
• VANET Security Threats
• Challenges in VANETs
• Security Requirements

3
Introduction

• Vehicular Ad hoc Networks (VANET) is part of
  Mobile Ad Hoc Networks (MANET), this means that
  every node can move freely within the network
  coverage and stay connected
• In 1998, engineers from Delphi Delco Electronics
  System and IBM proposed a network vehicle concept
  aimed at providing a wide range of applications
• The Car2Car Communication Consortium is initiated
  by six European car manufacturers. Its goal is to
  create a European industrial standard for
  car-to-car communications extend across all
  brands.
• European Commission is pushing for a new research
  effort in this area in order to reach the goal of
  reducing the car accidents of 50 by 2010, aiming
  to reach a satisfactory level of secure VANET.

4
Network On Wheels

• Network On Wheels (NOW) a German research
  project founded by DaimlerChrysler AG, BMW AG,
  Volkswagen AG, Fraunhofer Institute, NEC
  Deutschland GmbH and Siemens AG for Open
  Communication Systems in 2004
• The project adopts an IEEE 802.11 standard for
  wireless access
• The main objectives of this project are to solve
  technical issues related to communication
  protocols and data security for car-to-car
  communications.

5
Introduction (cont.)

• In the U.S., FCC has delegated 75 MHz for DSRC
  (VANET radios) use in the 5.9 GHz band.
• The EU has dedicated 30 MHz to vehicle-to-vehicle
  communication.
• Standards are being assembled for DSRC PHY and
  MAC layers in IEEE 802.11p.
• Safety messages are likely to be sent at a rate
  up to 10 Hz.
• Communications are based on Dedicated Short-Range
  Communications (DSRC) (5.9 GHz), for range can
  reach 1 km in Ad Hoc fashion. Each connected node
  can move freely, no wires required,
• The routers used called Road Side Unit (RSU), the
  RSU works as a router between the vehicles on the
  road and connected to other network devices.

6
Ad-hoc Networks.From Cellular to VANET.
Source F. Dotzer, Privacy Issues in Vehicular Ad
Hoc Networks, BMW Group Research and Technology,
2005
7
MANETs and VANETs.Properties.
Decentralized Self - Organizing
Source F. Dotzer, Privacy Issues in Vehicular Ad
Hoc Networks, BMW Group Research and Technology,
2005
8
VANET.Application Local Danger Warning.
Source F. Dotzer, Privacy Issues in Vehicular Ad
Hoc Networks, BMW Group Research and Technology,
2005
9
VANET Structure

• Vehicle-to-roadside
• Inter-vehicle

10
VANETs

• Ad-hoc network between vehicles.
• Nodes move in well-defined paths.
• Highly dynamic version of MANETs.

Fig. from 4
11
VANETs (cont.)

• Interesting types of data exchanged.
• Traffic/road conditions.
• Accidents/events.
• Commodity/entertainment.

Fig. from 3
12
VANET (cont.)
13
VANET Characteristics
Characteristics Details
High dynamic topology Movement of vehicles at high speed. Suppose two vehicles are moving at the speed of 20m/sec and the radio range between them is 160 m. Then the link between the two vehicles will last 160/20 8 sec .
Frequent disconnected network Frequent disconnection occur between two vehicles when they are exchanging information.
Mobility modeling Mobility pattern of vehicles depends on traffic environment, roads structure, speed of vehicles, drivers driving behavior and so on.
Battery power and storage capacity Vehicles battery power and storage is unlimited.
Communication environment Communication environment between vehicles is different in sparse network dense network. In dense network building, trees other objects behave as obstacles and in sparse network like high-way this things are absent. Routing approach of sparse dense network will be different.
Interaction with onboard sensors Current position movement of nodes can easily be sensed by onboard sensors like GPS device. It helps for effective communication routing decisions.
14
VANETs.Security Requirements.
Authentic Information Trust Establishment vs.
Information Matching Availability Node
Cooperation, DoS, Secure Routing Privacy Locatio
n Privacy, Identities, Profiling
Source F. Dotzer, Privacy Issues in Vehicular Ad
Hoc Networks, BMW Group Research and Technology,
2005
15
Security in VANETs

• When data is compromised, the whole system
  suffers.
• The nature of VANETs could lead to malicious
  attacks.
• Predictable movement of nodes.
• High mobility of victim/attacker.
• Adversaries could break the system.
• Data sinkholes (black hole).
• Feed false information.
• Sybil attacks.
• Flood the system.
• Security measures must be taken to avoid
  malicious attacks on the system.

16
Outline

• VANET Introduction
• VANET Security Threats
• Challenges in VANETs
• Security Requirements

17
Threats in VANETs
18
Threats to Availability
19
Black Hole Attack

• Nodes refuse to participate in the network or
  when an established node drops out.
• All network traffics are redirected to a specific
  node, which does not exist at all that cause
  those data to be lost.
• Two proposed possible solutions for this problem
  in VANETs.
• Find alternative route to the destination. This
  solution may impose overload to network. Finding
  additional node increases unwanted parameters
  such as delay or cost of service.
• Exploit the packet sequence number included in
  any packet header.

20
Malware

• Malware attacks, such as viruses in VANETs, have
  the potential to cause serious disruption to its
  normal operation.
• Malware attacks are more likely to be carried out
  by a malicious insider rather than an outsider.
• Malware attacks may be introduced into the
  network when the cars VANET units and roadside
  station receive software updates.

21
Spamming

• The presence of spam messages on VANETs elevates
  the risk of increased transmission latency.
• The lack of centralized administration causes
  serious problems in VANET

22
Selfish Driver

• All vehicles must be trusted to follow the
  protocols specified by the application.
• Some drivers try to maximize their profit from
  the network by taking advantage of the network
  resources illegally.
• A Selfish Driver can tell other vehicles that
  there is congestion on the road ahead. They must
  choose an alternate route. Thus the road will be
  clear for him/her.

23
Malicious Attacker

• This kind of attacker tries to cause damage via
  the applications available on the vehicular
  network. In many cases, these attackers will have
  specific targets, and they will have access to
  the resources of the network
• For instance, a terrorist can issue a
  deceleration warning, to make the road congested
  before detonating a bomb.

24
Denial of Services (DoS)

• The goal of is to overwhelm the node resources
  such that the nodes cannot perform other
  important and necessary tasks.
• Jamming the Channel
• Distributed Denial of Services (DDoS)

25
Threats to Authentication
26
Masquerading

• The attacker actively pretends to be another
  vehicle by using false identities and can be
  motivated by malicious or rational objectives.
• Message fabrication, alteration, and replay can
  also be used towards masquerading.
• For example, assume an attacker tries to act as
  an emergency vehicle to defraud other vehicles to
  slow down and yield.

27
Global Positioning System (GPS) Spoofing

• The GPS satellite maintains a location table with
  the geographic location and identity of all
  vehicles on the network.
• An attacker can fool vehicles into thinking that
  they are in a different location by producing
  false readings in the GPS positioning system
  devices.
• This is possible through the use of a GPS
  satellite simulator to generate signals that are
  stronger than those generated by the genuine
  satellite.
• This also affects routing in VANETs, especially
  geographical-based routing

28
Pranksters

• People probing for vulnerabilities and hackers
  seeking to reach fame via their damage
• For instance, a prankster can convince one
  vehicle to slow down, and tell the vehicle behind
  it to increase the speed

29
Sybil Attack

• Attacker creates large number of pseudonymous,
  and claims or acts like it is more than a hundred
  vehicles to tell other vehicles that there is jam
  ahead, and force them to take alternate route

30
Message Tampering

• Any node acting as a relay can disrupt
  communications of other nodes. It can drop or
  corrupt messages, or meaningfully modify
  messages.
• In this way, the reception of valuable or even
  critical traffic notifications or safety messages
  can be manipulated.
• An attacker can make this attack by transmitting
  false information into the network, the
  information could be false or the transmitter
  could claim that it is somebody else.

31
Threats To Confidentiality

• Because VANET mobility is higher than MANET,
  routing with capability of ensuring security in
  VANET is more problematic than Adhoc.
• Illegal collection of messages by eavesdropping
  and gathering of location information available
  through the transmission of broadcast messages.
• Location privacy and anonymity are important
  issues for vehicle users

32
ID Disclosure

• This attack discloses the identity of other nodes
  in the network and tracks the current location of
  the target node.
• A global observer monitors the target node and
  sends a virus to the neighbors of the target
  node.
• When the neighbors are attacked by the virus,
  they take the ID of the target node as well as
  the targets current location.
• Rental car companies are using this technique to
  track their cars

33
Outline

• VANET Introduction
• VANET Security Threats
• Challenges in VANETs
• Security Requirements

34
Challenges in VANETs

• Mobility
• Volatility
• Privacy VS Authentication
• Privacy VS Liability
• Network Scalability

35
Mobility

• In VANETs, nodes moving in high mobility.
• Vehicles make connection with another vehicles
  that may never meet before
• This connection lasts for only few seconds as
  each vehicle goes in its direction, and these two
  vehicles may never meet again.

36
Volatility

• The connectivity among nodes can be in short
  period of time. Vehicles travelling throw
  coverage area and making connection with other
  vehicles.
• These connections will be lost as each car has a
  high mobility, and maybe will travel in opposite
  direction.
• Vehicular networks lacks the relatively long life
  context. Personal contact of users device to a
  hot spot will require long life password.

37
Privacy VS Authentication

• Authentication helps identify cars and drivers on
  the street.
• However, privacy of car drivers are required.
  They may want to keep their information and
  location private.

38
Privacy VS Liability

• Liability will give a good opportunity for legal
  investigation and this data cannot be denied (in
  case of accidents)
• On the other hand the privacy must not be
  violated and each driver must have the ability to
  keep his personal information from others
  (Identity, Driving Path, Account Number for toll
  Collector etc.).

39
Network Scalability

• No global authority govern the standards for
  VANET
• Standards for DSRC in North America is deferent
  from the DSRC standards in Europe,
• Standards for the GM Vehicles is deferent from
  the BMW.

40
Outline

• VANET Introduction
• VANET Security Threats
• Challenges in VANETs
• Security Requirements

41
Security Requirements

• Message authentication and integrity.
• Message non-repudiation.
• Node authentication.
• Access control.
• Message confidentiality.
• Availability
• Accountability.
• Privacy protection.

42
Security Requirements

• Reliable encryption/decryption device.
• Storing and safeguarding private keys.
• Key/certificate generator.
• Third party (CA).
• Random number generators (shared secret keys).
• GPS device.
• Time synchronization.
• Free with GPS.
• Infrastructure.
• Store and relay messages, group keys, etc.

43
Authentication

• Every message must be authenticated to make sure
  its origin and to control authorization level of
  the vehicles
• Vehicles sign messages with their private keys
  along with digital certificate
• Digital signature causes an overhead. To reduce
  this overhead ECC (Elliptic Curve Cryptography)
  can be used

44
Availability

• Vehicular network must be available all the time,
  in real-time
• A delay in seconds for some applications will
  make the message meaningless and maybe the result
  will be devastating
• Attempting to meet real-time demands makes the
  system vulnerable to the DoS attack.

45
Accountability/Non-repudiation

• Non-repudiation will facilitate the ability to
  identify the attackers even after the attack
  happens. This prevents cheaters from denying
  their crimes.
• Accountability is related to the ability to
  provide necessary evidence to show how each party
  involves in the communications.
• Any information related to the car, e.g. the trip
  route, speed, time, any violation will be stored
  in a tamper-proof OBU, any official side holding
  authorization can retrieve this data.

46
Privacy

• Keeping the information of the drivers away from
  unauthorized observers, this information like
  real identity, trip path, speed etc
• The privacy could be achieved by using temporary
  (one-time) keys. Keys are stored in the
  tamper-proof OBU. The keys will be reloaded in
  next time that the vehicle makes an official
  checkup.
• For preserving the real identity of the driver,
  an ELP (Electronic License Plate) is used, this
  license is installed in the factory for every new
  vehicle, it provides an identification number for
  the vehicle, to identify the vehicle in anywhere,
  with the RFID technology to hold the ELP.
• In case when the police or any official wants the
  real identity, it can take an order from the
  judge to recover the identity of specific
  vehicles ELP.

47
Secure Routing Requirements

• Two major routing categories
• ID based.
• Geography based.
• Depending on the needs, each category has its
  advantages.
• ID methods are for sending data to an individual
  node.
• Geography methods are for sending data to a group
  of nodes.

48
Secure Routing Algorithms

• ID based
• Secure Routing Protocol (SRP)
• Secure Beaconing
• Geographic
• PRISM
• Position-Based Routing

49
Additional Readings

• G. Samara at al., Security Analysis of Vehicular
  Ad Hoc Networks (VANET), 2010 Second
  International Conference on Network Applications,
  Protocols and Service, 2010.
• F. Sabahi, The Security of Vehicular Adhoc
  Networks, Proc. Of the 2011 3rd International
  Conference on Computational Intelligence,
  Communication Systems and Networks, 2011.
• J.T. Isaac et al., Security attacks and solutions
  for vehicular ad hoc networks, IET Commun., 2010,
  Vol. 4(7), pp. 894903.
• B. Paul et al., VANET Routing Protocols Pros and
  Cons, Intl Journal of Computer Applications
  (0975 8887), Vol. 20(3), April 2011.
• F. Dotzer, Privacy Issues in Vehicular Ad Hoc
  Networks, BMW Group Research and Technology,
  2005.

50
Questions?
51
Exercise

• Give a possible attack on VANETs based on your
  understanding and explain how it works.
• Can we implement VANETs over Wi-Fi?