Professional Documents
Culture Documents
VANet Security Challenges and Solutions - A Survey
VANet Security Challenges and Solutions - A Survey
1 (1-14)
Vehicular Communications ••• (••••) •••–•••
1 67
Contents lists available at ScienceDirect
2 68
3 69
4 Vehicular Communications 70
5 71
6 72
7 www.elsevier.com/locate/vehcom 73
8 74
9 75
10 76
11 77
12 VANet security challenges and solutions: A survey 78
13 79
14 Hamssa Hasrouny a,b , Abed Ellatif Samhat b , Carole Bassil c , Anis Laouiti a 80
15 81
a
SAMOVAR, Telecom SudParis, CNRS, University Paris-Saclay, 9 rue Charles Fourier, 91011 Evry Cedex, France
16 b 82
Lebanese University, Faculty of Engineering-CRSI, University Campus, Hadath, Lebanon
17 c
Lebanese University, Faculty of Sciences II, University Campus, Fanar, Lebanon 83
18 84
19 85
20 a r t i c l e i n f o a b s t r a c t 86
21 87
22 Article history: VANET is an emergent technology with promising future as well as great challenges especially in 88
23 Received 16 September 2016 its security. In this paper, we focus on VANET security frameworks presented in three parts. The 89
Received in revised form 28 November 2016 first presents an extensive overview of VANET security characteristics and challenges as well as
24 90
Accepted 20 January 2017
25 requirements. These requirements should be taken into consideration to enable the implementation of 91
Available online xxxx
26
secure VANET infrastructure with efficient communication between parties. We give the details of the 92
Keywords: recent security architectures and the well-known security standards protocols. The second focuses on a
27 93
VANET novel classification of the different attacks known in the VANET literature and their related solutions. The
28 94
Security challenges third is a comparison between some of these solutions based on well-known security criteria in VANET.
29 95
Attacks classification Then we draw attention to different open issues and technical challenges related to VANET security,
30 V2V communication which can help researchers for future use. 96
31 Security solutions © 2017 Elsevier Inc. All rights reserved. 97
32 98
33 99
34 100
35 101
36 1. Introduction 102
37 103
38 VANET aims to insure safe drive by improving the traffic flow 104
39 and therefore significantly reducing the car accidents. The latter is 105
40 solved by providing appropriate information to the driver or to the 106
41 vehicle. Still, any alteration of this real-time information may lead 107
42 to system failure impacting people safety on the road. To insure its 108
43 smooth functioning, securing this information becomes a must and 109
44 hence it is on the top outlook of security researchers. 110
45 VANET is a special class of mobile ad-hoc network with pre- Fig. 1. Future vehicle design in VANET. 111
46 defined routes (roads). It relies on specific authorities for registra- 112
47 tion and management, Roadside units (RSUs) and On-Board units traffic congestions and status. Then automatically take appropriate 113
48 (OBUs). RSUs are widespread on the road edges to fulfill spe- actions in vehicle and relay this information through V2V or V2I 114
49 cific services and OBUs are installed in the vehicles navigating in within the vehicular network. 115
50 VANET. All vehicles are moving freely on road network and com- VANET users profit from many applications that are classified 116
51 municating with each other or with RSUs and specific authorities. into active road safety, infotainment, traffic efficiency and manage- 117
52 Using DSRC (Dedicated Short Range Communication) in a single ment [1]; the latter stands for speed management and cooperative 118
53 or multi-hop, the communication mode is either V2V (Vehicle-to- navigation. 119
54 Vehicle), V2I (Vehicle-to-Infrastructure) or hybrid. The security is the state of being free from danger or threat. 120
55 In the coming years, most of the vehicles in VANET will be Security means safety, as well as the measures taken to be safe or 121
56
equipped with on-board wireless device (OBU), GPS (Global Po- protected. For example, in order to provide adequate security for 122
57
sitioning System), EDR (Event Data Recorder) and sensors (radar the parade, town officials often hire extra guards. 123
58
and ladar) as shown in Fig. 1. These equipments are used to sense In VANET, it is critical to guard against misuse activities and 124
59 to well define the security architecture because it is a wireless 125
60 communication which is harder to secure. The security and its 126
61
E-mail addresses: hamssa.hasrouny@telecom-sudparis.eu (H. Hasrouny),
guaranteed level of implementation affect people safety. Few years 127
62 samhat@ul.edu.lb (A.E. Samhat), cbassil@ul.edu.lb (C. Bassil), ago, many researchers have explored the security attacks and tried 128
63 anis.laouiti@telecom-sudparis.eu (A. Laouiti). to find their related solutions. Others tried to define security in- 129
64 130
http://dx.doi.org/10.1016/j.vehcom.2017.01.002
65 131
2214-2096/© 2017 Elsevier Inc. All rights reserved.
66 132
JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.2 (1-14)
2 H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–•••
1 • DoS: an attacker tries to make the resources and the ser- • Cheating with position info (GPS spoofing) and tunneling attack: 67
2 vices unavailable to the users in the network. It is either by hidden vehicles generate false positions that cause accidents. 68
3 jamming the physical channel or by “Sleep Deprivation”. GPS doesn’t work. 69
4 ◦ DDoS (Distributed Denial of Service): it is a DoS from dif- • Timing attack: Malicious vehicles add some timeslots to the 70
5 ferent locations. received message, to create delay before forwarding it. Thus, 71
6 • Sybil Attack: an attacker creates multiple vehicles on the neighboring vehicles receive it after they actually require, or 72
7 road with same identity. It provides illusion to other vehi- after the moment when they should receive it. 73
8 cles by sending some wrong messages for the benefits of • Replay attack: malicious or unauthorized users try to imper- 74
9 this attacker. sonate a legitimate user/RSU by using previously generated 75
10 • Malware: an attacker sends spam messages in the network frames in new connections. 76
11 to consume the network bandwidth and increase the trans- 3) Threats to Sensors input in vehicle 77
12
mission latency. It is difficult to control this kind of at- In addition to GPS spoofing mentioned in sub-section (2), we 78
13
tack, due to lack of necessary infrastructure and centralized present: 79
14
administration. Attacker disseminates spam messages to a • Illusion attack: the adversary deceives purposefully the sen- 80
15
group of users. Those messages are of no concern to the sors on his car to produce wrong sensor readings. Therefore, 81
16
users just like advertisement messages. incorrect traffic warning messages are broadcasted to neigh- 82
17
• Spam: an insider node transmits spam messages to increase bors. 83
18
transmission, latency and bandwidth consumption. • Jamming attack: the attacker interferes with the radio fre- 84
19
• Man in the Middle Attack (MiM): a malicious node listens to quencies used by VANET nodes. 85
20
the communication established between two other vehicles. 4) Threats to Infrastructure 86
21
It pretends to be each one of them to reply to the other. It In addition to Spoofing, Impersonation and Tampering message 87
22
injects false information between them. and hardware mentioned in sub-section (1) and (2), we iden- 88
23
• Brute force Attack: is a trial-and-error method an attacker tify: 89
24
uses to obtain information such as a user password or per- • Unauthorized access: malicious entities try to access the net- 90
25
sonal identification number or to crack encrypted data, or to work services without having the rights or privileges. This 91
26 causes accidents, damage or spy confidential data. 92
test network security.
27
• Black Hole Attack: a malicious node declares having the • Session Hijacking: authentication is done at the beginning. 93
28 After that, the hackers take control of the session between 94
shortest path to get the data and then routes and redi-
29 nodes. 95
rects them. The malicious node is able to intercept the data
30 • Repudiation (Loss of event traceability): denial of a node in 96
packet or retain it. When the forged route is successfully es-
31 a communication. 97
tablished, it depends on the malicious node whether to drop
32 98
or forward the packet to wherever he wants.
33 Table 2 shows the classification of the attacks and the VANET 99
2) Threats to Hardware and Software
34 communication modes they hit (V2V, V2I or both). This classifi- 100
In addition to DoS, Sybil attack, Malware and Spam, MiM, Brute
35 cation helps to identify the predefined attacks on these entities 101
force mentioned above in sub-section (1), we can list:
36 (hardware or software, members or authorities) and on the VANET 102
• Injection of erroneous messages (bogus info): an attacker injects
37 communication mode they affect. Thus preventing these attacks or 103
intentionally falsified info within the network. It directly af-
38 trying to minimize their effects becomes easier as they are nomi- 104
fects the users’ behavior on the road. It causes accidents or
39 nated and VANET becomes more secure. 105
40 traffic redirection on the used route. 106
41 • Message Suppression or alteration: attacker drops packet from 3.2. Attackers 107
42 the network or changes message content. In addition to Fab- 108
43 rication Attack where new message is generated. Or Replay VANET attackers are one of the basic interest of the researchers 109
44 Attack by replaying old messages or Spoofing and Forgery at- in [2,3,9,24]. They got many canonical names listed below based 110
45 tacks that consist of injection of high volume of false emer- on their actions and targets: 111
46 gency warning messages for vehicles. Or Broadcast tamper- 112
47 ing: in which attacker injects false safety messages into the • Selfish driver: he can redirect the traffic. 113
48 network to cause serious problems. • Malicious attacker: he has specific targets. He causes damages 114
49 • Usurpation of the identity of a node (Spoofing or Imperson- and harms via applications in VANET. 115
50 ation or Masquerade): an attacker tries to impersonate an- • Pranksters: attacker does things for his own fun; such as DoS 116
51 other node. To receive his messages or to get privileges not or message alteration (hazard warning) to cause road traffic 117
52 granted to him. Doing malicious issues then declaring that for example. 118
53 the good one is the doer. • Greedy drivers: they try to attack for their own benefit. For 119
54 • Tampering Hardware: during yearly maintenance, in the ve- example: sending accident message may cause congestion on 120
55 hicle manufacturer, some malicious employees try to tamper road. Or sending false messages for freeing up the road. 121
56 the hardware. Either to get or put special data. • Snoops/eavesdropper: attacker tries to collect information about 122
57 • Routing Attack: an attacker exploits the vulnerability of the other resources. 123
58 network layer, either by dropping the packet or disturbing • Industrial insiders: while firmware update or key distribution, 124
59 the routing. It includes in addition to the Black Hole Attack: malicious employees do hardware tampering. 125
60 – Wormhole attack: Overhearing data; an attacker receives 126
61 packets at a point targeted via a tunnel to another point. The attackers are classified into: 127
62 He replays it from there. 128
63 – Greyhole attack: a malicious node misleads the network by – Insider vs. outsider: insider represents authenticated user on the 129
64 agreeing to forward the packets. But sometimes, he drops network vs. outsider one with limited capacity to attack. 130
65 them for a while and then switches to his normal behav- – Malicious vs. rational: malicious presents any personal benefit 131
66 ior. vs. rational which has personal and predictable profit. 132
JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.5 (1-14)
H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–••• 5
1 Table 2 67
2 Classification of Attacks based on four categories and VANET communication mode. 68
3 Attacks on Attack name Attack on VANET 69
4 communication mode 70
5 Wireless – Location Tracking V2V 71
6 interface – DoS, DDoS 72
7 – Sybil 73
– Malware and spam.
8 74
– Tunnelling, Blackhole,
9 Greyhole. 75
10 – MiM 76
11 – Brute force 77
12 Hardware and – DoS V2V, V2I 78
software – Spoofing and forgery.
13 79
– Cheating with position
14 info (GPS spoofing). 80
15 – Message suppression/ Fig. 3. PKI schema. 81
16 alteration/fabrication. 82
– Replay
17 83
– Masquerade
18 84
– Malware and spam
19 – MiM 85
20 – Brute force 86
21 – Sybil V2V 87
– Injection of erroneous
22 88
messages (bogus info).
23 – Tampering hardware 89
24 – Routing, Blackhole, 90
25 wormhole and Greyhole. 91
– Timing.
26 92
Sensors input – Cheating with position V2V
27 93
in vehicle info(GPS spoofing)
28 Fig. 4. Mapping OSI to ETSI architectural layers. 94
– Illusion attack
29 – Jamming attack 95
30 Infrastructure – Session hijacking V2I and V2V 4.1. Security infrastructure: PKI 96
– DoS, DDoS
31 97
– Unauthorized access
32 – Tampering hardware Exploring the VANET security infrastructures, PKI is the most 98
33 – Repudiation used one. It is shown in Fig. 3. PKI supports the distribution and 99
34 – Spoofing, impersonation identification of public encryption keys. This enables users to se- 100
or masquerade curely exchange data over the network and verify the identity of
35 101
36 the other party. PKI consists of hardware, software, policies and 102
37 – Active vs. passive: active attacker generates signals or packets standards. All together manage the creation, administration, distri- 103
38
vs. passive one who only senses the network. bution and revocation of keys and digital certificates. PKI includes 104
39 the following key elements: 105
– Local vs. extended: local attacker works with limited scope
40 106
even on several vehicles or base stations vs. extended attacker
41 • A trusted party, called a Root certificate authority (CA). It acts 107
which broadens his scope by controlling several entities scat-
42 as the root of trust and provides services to authenticate the 108
tered across the network.
43 identity of entities. 109
44 • A registration authority, called a subordinate CA, certified by a 110
After detailing the classified attacks and attackers, we will de-
45 root CA. It issues certificates for specific uses permitted by the 111
tail in the next section the standardization and the recent projects
46 root. It is used to protect the root CA. The users communica- 112
47
efforts. tion to the Root CA pass through the subordinate CA thus any 113
48 attack can be detected before reaching the root CA. 114
49 • A certificate database, which stores certificate requests and 115
4. Standardization efforts
50 issues/revokes certificates. It is accessible by the root and sub- 116
51 ordinate CAs. 117
52 • A certificate store, which resides on each vehicle to store is- 118
An infrastructure is an underlying foundation for a system. Se-
53 sued certificates and private keys. 119
curity architecture is a security design. It addresses the necessities
54 120
55
and potential risks involved in a certain environment and speci- Briefly, the processes of distribution of encryption keys and cer- 121
56 fies when and where to apply security controls. Standard provides tificates verification are done by the Root and Subordinate CAs. 122
57 detailed requirements on how a policy must be implemented. They identify the vehicles specific access within the vehicular net- 123
58 In VANET, many groups [12–16] have investigated the security work using specific hardware/software and wired/wireless commu- 124
59 architectures and infrastructures. They generated either security nication. 125
60 standard protocols [17] or define security architecture [18]. Other 126
61 projects Scoop@F [19], C-Roads [20] are currently investigating the 4.2. Security architectures 127
62 security in the ITS(intelligent transport system). 128
63 In the following, we detail the most popular security infras- Many groups in Europe and USA build their own security ar- 129
64 tructure namely PKI (Public Key Infrastructure), the recent VANET chitectures based on PKI. In Europe (EU), ETSI in [18] define 130
65 security architectures and the well-known security standards pro- its security architecture for ITS (Intelligent Transport System). In 131
66 tocols. USA, within the Vehicle Safety Communication Consortium (VSC), 132
JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.6 (1-14)
6 H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–•••
1 67
2 68
3 69
4 70
5 71
6 72
7 73
8 74
9 75
10 76
11 77
12 78
13 79
14 80
15 81
16 82
17 83
18 84
19 85
20 86
Fig. 5. NHTSA security system design.
21 87
22 88
23 Table 4 89
Mapping ETSI security services with IEEE 1609.2.
24 90
25 Security service group ETSI security service at Rx/Tx Mapping definition IEEE 1609.2 91
26 Enrolment Obtain/Remove/Update Enrolment Credentials Certificate Signing Request 92
27 93
Authorization Obtain/Update Authorization Ticket Certificate Signing Request
28 Publish/Update authorization Status Certificate Revocation List(CRL) request/update 94
29 Add/Validate authorization credential to single message Signed Messages and processing signed messages 95
30 96
Security association management (session) Establish/Remove/Update Security Association Not supported: support on the fly security associations
31 by identifying the trust hierarchy and security service 97
32 applied to the message in the body and content of the 98
33 public key certificate. 99
34 Authentication Authenticate ITS user/network Signed messages. 100
35 101
Confidentiality Encrypt/Decrypt message Encrypted messages
36 102
Send/Receive secured message using Security Association Not supported
37 103
38 Integrity Insert/Validate check value Signed messages. 104
39 Replay protection Timestamp message Supported 105
40 Insert/Validate sequence number Not supported 106
41 107
Accountability Record incoming/outgoing message Not supported
42 Plausibility validation Validate data plausibility and dynamic Parameters Basic support: rejected if geographic location far or 108
43 expiry time too far in the past. 109
44 110
Remote management Activate/Deactivate ITS transmission Not supported
45 111
46 Report misbehaving Report Misbehavior Report of ITS-S Not supported 112
47 113
48 114
Communication Privacy Enforcement Protocol) for V2I communica- and [32] succeeded to protect privacy of the participants and were
49 115
tions. very efficient in terms of computing capabilities and communica-
50 116
For the group signature, it is used to sign message on behalf tion bandwidth using the asymmetric and symmetric cryptography
51 117
of the group, no revealing to the identity of the signer which pre- and tamper resistant hardware.
52 118
vents tracking and assure privacy [26]. Only the group manager For Information Disclosure:
53 119
54
can unlock the identity of the user and trace him via a secret trap- The authors in [2] propose SMT (Secure Message Transmission) 120
55
door. In [12], V2V inside groups uses secret-key for their basics and NMD routing protocol to solve this issue via MAC and asym- 121
56 authentication. Groups or ring signatures enhance the privacy by metric cryptography. 122
57 saving communication in the most efficient way. In [27], a non- For DOS attack: 123
58 interactive authentication scheme is presented providing privacy It can be lessened using the digital signature [24], specific au- 124
59 among drivers assembled in groups for V2V communication net- thentication methods [33], routing protocols [1] or trustworthiness 125
60 works; drivers may change their own set of public keys frequently of a node [34]. Digital signature is used for secure and reliable 126
61 without control from the third trusted party (TTP). message communication and authentication [35]. Digitally signing 127
62 Also we can mitigate these attacks by encrypting the data. The data acts as Proactive security for it [1], also customized hardware 128
63 authors in [2] propose an asymmetric cryptography via NMD (Non- with non-public protocols let attackers take time to penetrate to 129
64 Disclosure Method) routing protocol, [12] suggest the symmetric the system. [36] suggest the usage of short life time private and 130
65 encryption for beacons to avoid being tracked. The security ar- public keys with a hash function. For the authentication, Tesla++ 131
66 chitecture for V2V and V2I communication adopted in [14,15,23] [33] is an authentication method used as effective alternative to 132
JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.8 (1-14)
8 H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–•••
1 signatures. It uses symmetric crypto with delayed key disclosure. 5.2. Attacks on hardware and software 67
2 Secure and prevents memory based DoS attack. It reduces the 68
3 memory requirement at the receiver end for authentication mech- For Message tampering:
69
4 anism. For the routing protocol, [2] apply the SEAD (Secure and Use similarity algorithm [50], data correlation [26] and chal-
70
5 Efficient Ad-hoc Distance Vector) or ARIADNE routing protocol that 71
lenge response authentication method [33] to prove the reliability
6 use one way hash function and symmetric cryptography. Concern- 72
of the messages. Ref. [50] proposes a trust and reputation man-
7 ing the trustworthiness of a vehicle, [34] propose a trust model 73
agement framework based on similarity algorithm and trust of
8 that calculates the trust metric values of nodes participating in 74
messages content between vehicles to help driver to believe or not
9 VANET. One of its critical factors consists of limiting the number 75
a received message. By calculating the trust value if it surpasses
10 of accepted received messages from neighbors. Once exceeding a 76
a threshold they take appropriate action and rebroadcast the mes-
11 certain threshold (which is the case in DOS attack), using a fuzzy- 77
sage. Otherwise they drop it.
12 based approach, a direct report is sent to MA to deactivate the 78
In [26], a novel group signature based on a security framework
13 attacker. 79
assures authenticity, integrity, anonymity, accountability, access
14 80
For Sybil attack: control approach and probabilistic signature verification scheme
15 81
Deploy a central Validation Authority (VA), which validates en- is used to detect the tampered messages for unauthorized node.
16 82
17
tities in real time directly or indirectly using temporary certificates Based on tamper resistance device, it correlates data from vehicles 83
18
[37]. Use PKI for key distribution and revocation [38]. Apply the and cross-validates it via a set of rules. The security layer of this 84
19
registration, the ECDSA for signature and use timestamp per ve- framework is composed of: capability check, signature generation, 85
20
hicle [8]. Ref. [39] proposes to use approved certification. In case firewall, signature verification, authorization check, anomaly check. 86
21
of authentic and secure links with trusted nodes, [40] proposes In [33] a challenge-Response authentication method is pro- 87
22
validating unknown nodes with the method of secure location ver- posed; a combination of digital signature and challenge response 88
23
ification. Ref. [9] suggests the position verification by analyzing authentication. It is used to minimize the false message. A receiver 89
24 the signal strength and radio resource testing. Ref. [41] advocates getting any message sends a challenge to the sender. By replying, 90
25 strengthening the authentication mechanism by the use of dis- it transmits its location and timestamp to prove its authenticity. 91
26 tance bounding protocols based on cryptographic techniques. In [9] Location can tell us if the vehicle was at vicinity of an accident, 92
27 RobSAD (Robust Sybil Attack Detection) for abnormal/normal tra- which increases the reliability of the safety message. 93
28 jectory, with higher detection rate and lower system requirements. 94
For Spoofing and Forgery attacks:
29 It can detect attacks independently by comparing digital signa- 95
Use vehicular PKI (VPKI) for authentication between vehicles
30 tures for the same motion trajectories. Ref. [42] proposes many 96
[51], or sign warning messages [52], or establish group communi-
31 privacy-preserving schemas with VANET architecture generating 97
cations [54], or include a non-cryptographic checksum per message
32 certificates/pseudonyms and monitoring vehicles then reporting to 98
sent and apply plausibility checks on incoming one [25]. Or even
33 CA. Ref. [43] proposes to use on-board radar (virtual eye). Vehicle 99
use cryptographic certificate via routing protocol ARAN (Authen-
34 can see surrounding vehicles and receive reports of their GPS co- 100
ticated Routing for Ad-hoc network) [1] or use on-board radar
35 ordinates. By comparing, they can detect the real position and the 101
(virtual eye) [43], then vehicle can detect the real position and the
36 malicious vehicles. In [3], Location is used to prevent Sybil attacks 102
malicious vehicles.
37 by checking its logical place. A vehicle receives message, examines 103
For VPKI, it is a set of trusted third parties, one CA in each
38 certificate, its lifetime and location. If it is correct and in logical 104
country, with delegated CA in regions, CAs mutually recognize ve-
39 location, it accepts the message else it reports to the nearest CA. 105
hicles in different areas. Each vehicle has their own private and
40 They also use TCRL (Timely geographical CRL) that contains fresh 106
public keys and short lifetime of certificates with anonymous keys
41 revoked CRLs of a specific area. Finally, [44] compared different 107
changing according to the driver speed [51]. Only legal authorities
42 Sybil attacks solutions. 108
can correlate between Electronic License Plate of a vehicle and its
43 For Malware and Spamming: 109
pseudonyms. So a disseminated signed message with certificate at-
44 Digital signature of software and sensors is a must. Using 110
tached is authenticated via CA. Thus the communication between
45 trusted hardware make impossible to change existing protocols 111
authenticated users is only established in a secure manner.
46 and values, except by authorized nodes [41]. 112
Use ECDSA for digital signature [47], it provides secure and fast
47 113
For Man in the middle attack: dissemination of info; after validating the public key then authen-
48 114
Use strong authentication methods such as digital certificates ticating the private key of a user signing a message.
49 115
and confidential communication with key or powerful cryptogra- For the group communication [54], keys can be managed by a
50 116
phy [9]. Include several authentication schemes mentioned in [45] group key management system. An intruder could not be able to
51 117
where anonymity, pseudonyms, trust and privacy are ensured via communicate with the group. Drivers are organized into groups
52 118
short-lived keys changing frequently and RSU used for authenti- with shared public key between members [55], in case of a ma-
53 119
cation and key distribution. In [36], a decentralized lightweight licious behavior, the identity of the signer can be revealed only
54 120
authentication scheme for V2V is given to protect valid users in by the TTP. In [35], they use SECA (Security Engineering Cluster
55 121
VANETs from malicious attacks based on the concept of transitive Analysis) for securing the group. For beacons security, they use
56 122
trust relationships. Ref. [46] proposes an authentication via MM certificate and digital signature while for multi-hop security, the
57 123
58 (Membership Manager) which can detect misbehaving nodes via geographical position is used. 124
59 RSUs that trace vehicles. In [47], an efficient cooperative message For Message Saturation: 125
60 authentication permits vehicle users to cooperatively authenticate Ref. [25] proposes to limit the message traffic to V2I/I2V, im- 126
61 a bunch of message-signature pairs without trusted agent using plement station registration so only registered vehicles accept and 127
62 Public Key Cryptography (PKC) and Secret key Cryptography (SKC). process messages received from ITS infrastructure in its radio 128
63 For Brute force attack: range, reduce the frequency of beaconing and add source iden- 129
64 Use strong encryption and key generation algorithms unbreak- tification (equivalent to IP address) in V2V messages. While the 130
65 able within a reasonable running time [49]. Then unauthorized authors in [23] try to limit the flooding of the signed messages, 131
66 access is prohibited. built on location based grouping and aggregation signature. 132
JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.9 (1-14)
H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–••• 9
1 from sensors must be authenticated and verified e.g. by a chal- many emerging and open issues are raised. We will expand them 67
2 lenge/response mechanism. While [9] propose the PVN (Plausibly within the next section. 68
3 Validation Network) to collect raw data from sensors and antenna 69
4 to check if plausible or not. 7. Emerging and open issues 70
5 Finally, ETSI in [13] proposes for attacks countermeasures to use 71
6 the audit log, the remote activation and deactivation of nodes. Based on the security approaches presented in section 5, the 72
7 In Table 5, we present the previously described attacks, their researchers in VANET tried to bypass many constraints or vulnera- 73
8 related compromised services and their proposed solutions. bilities attacking the vehicular network. Although, many issues still 74
9 open. We highlight below some of them which may become new 75
10 6. GAP analysis between different solutions research areas in the future: 76
11 77
12 When performing a gap analysis in VANET, the aim is to iden- 1) The trustworthiness evaluation of nodes participating in VANET and 78
13 tify gaps of missing/necessary needs in relation to what outcomes their misbehavior detection: 79
14 are desired. One must compare what has been done in the area, i. Evaluating the trustworthiness of a vehicle in VANET is an 80
15 and compare this to the ambitions of what to aim for. There will open problem. We mentioned above that any defection in 81
16 probably be a gap in-between, which in that case must be identi- the communication and/or messages endangered people’s 82
17 fied. When this identifying process is completed the analysis hope- lives. So what are the criteria that would define if a node is 83
18 fully proposes a solution of how to fill the gap. trusty or not? Is it reliable to count on it for disseminating 84
19 Researchers in VANET tried to bypass the scalability prob- critical messages? 85
20 lems and save the communication in the most efficient manner. ii. Based on these criteria we can detect the misbehavior ei- 86
21 They attain to reduce the delay in propagation. They worked on ther in vehicle or in the backend. Once the misbehavior 87
22 authentication, data delivery and try to propose how to trust detected, what are the appropriate actions to take? Pun- 88
23 messages between vehicles. They tried to find balance between ishment factors are not clearly defined also encouragement 89
24 the need to preserve user privacy and the traceability require- ones. Both factors can be incentives as they can limit the 90
25 ment for law enforcement authorities. They used cryptographic ap- danger of malicious nodes. 91
26 proaches based on PKI to distribute symmetric or asymmetric keys 2) The revocation process and the certificate revocation list manage- 92
27 for message encryption, and certificates for authentication. They ment and distribution: once the misbehavior is detected how 93
28 trust group formation based on symmetric and asymmetric crypto- would be the revocation process? CRL-based solutions still un- 94
29 graphic schemes in order to speed the processing and strengthen der development. Using the short lifetime certificates in CRL 95
30 the security and the privacy. They encrypt data to prevent track- and certificates change strategies are not defined yet and still 96
31 ing. They use digital signature and trust model at the receiver vulnerability under no infrastructure for CRL. Certificate ver- 97
32 end, to prevent DoS. They validate data in real time, by analyzing ification and revocation is longer in case of chain certificate 98
33 signal strength or buying virtual eye to detect Sybil attack. They authorities so what are the alternatives? 99
34 use the digital signature or transitive relationship for malware and 3) The ability of the network to self-organize via a high mobile network 100
35 spamming detection. They suggest strong encryption and key gen- environment: the Group formation is a trend but how to deliver 101
36 eration algorithms unbreakable within a reasonable running time across partitions in VANET still not well-defined yet. In the 102
37 to resist to brute force attack. They propose similarity algorithm to group formation, the group leader is the center server for all 103
38 check and detect tampering by calculating trust value surpassing nodes joining this group. The key management and basic com- 104
39 a certain threshold. They adopt the group communication to limit munication pass through him. What happens if this GL decides 105
40 the unauthorized access. They reduce the frequency of sending to to leave the group? Should be a backup group leader? What 106
41 limit the message saturation. They use special routing protocol and about the Key management when the GL leaves the group? It 107
42 digital signature to prevent replay attack. They suggest switching is not well clear. What happens if the GL leaves the group or a 108
43 between different wireless technologies to prevent jamming the radio link cuts? Is the solution by trying to integrate different 109
44 channel. They use certified and disposable keys, and check the va- wireless technologies within VANET and switch between them 110
45 lidity of the digital certificates in real time via CRL, or use instead in case of any problem occurrence? 111
46 the revocation protocols. For unauthorized access, they revoke the 4) Data context trust and verification: VANET aims to insure safe 112
47 certificate when cryptographic keys are compromised. They use the and cooperative drive. This happens by providing the appropri- 113
48 reporting to specific authority and the remote activation and deac- ate information to the driver or vehicle. So it is very important 114
49 tivation of nodes. They propose for attacks countermeasures to use to check and verify the exchanged information in VANET. For 115
50 the audit log. Data-centric trust and verification, the tamper-resistance hard- 116
51 Briefly, most of them agreed on using PKI, digital signature ware used in a vehicle to detect unnecessary accident warn- 117
52 and certificates with cryptographic techniques and group forma- ings, needs to be further researched. For the context verifica- 118
53 tion to maintain the basic security issues in VANET. But each of tion, a vehicle must be capable to act as an intrusion detection 119
54 the proposed solution is a wide field to explore and future work is system by comparing received information about status and 120
55 required to test and prove the best that can fit. environment with its own available information. In addition, 121
56 Table 6 below shows a comparison between the solutions based the reactive security concept needs to be enhanced. 122
57 on predefined criteria that tackle deeply the VANET security such 5) Cryptographic approaches for security, privacy and non-traceability 123
58 as Centralized or decentralized, Privacy is preserved or not, Certi- assurance: starting with the key distribution, it is exclusive 124
59 fication Authority/RSU is used or not, support of routing protocol, to whom, the vehicle manufacturer or the government? For 125
60 Support of Cryptographic algorithm, Support of Group Formation, the key size, there are not a proposed key size, authentica- 126
61 Reporting to specific authority, Remote activation or deactivation, tion delays and specific protocols. How to deal with keys of 127
62 Data verification, Detection Rate. This comparison is between some short duration? How to remove keys? It may cause overhead. 128
63 selected solutions and their attacks. Those attacks and their solu- Method of switching certificates periodically for privacy assur- 129
64 tions are expanded in section 5. One can benefit from this table to ance is not defined yet. Also for non-traceability and privacy, 130
65 find a compromised solution among these different services. After more efficient method for partial pseudonym distribution and 131
66 presenting and analyzing the different solutions in VANET security, butterfly keys and linkage values are not employed yet. In ad- 132
66
65
64
63
62
61
60
59
58
57
56
55
54
53
52
51
50
49
48
47
46
45
44
43
42
41
40
39
38
37
36
35
34
33
32
31
30
29
28
27
26
25
24
23
22
21
20
19
18
17
16
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1
Solution Attack Centralized/ Privacy Certification Support of Support of Support of Reporting to Remote Data Detection
decentralized preserved of authority/RSU routing cryptographic group specific activation/ verification rate
a node or not used or not protocol algorithm formation authority deactivation
[28] Tracking centralized yes yes no yes no yes yes no good
[29] Tracking decentralized Yes, keep yes no Yes, using yes no no no -
node identity various
and location anonymous
private. keys using
ECCP
11
132
131
130
129
128
127
126
125
124
123
122
121
120
119
118
117
116
115
114
113
112
111
110
109
108
107
106
105
104
103
102
101
100
99
98
97
96
95
94
93
92
91
90
89
88
87
86
85
84
83
82
81
80
79
78
77
76
75
74
73
72
71
70
69
68
67
66
65
64
63
62
61
60
59
58
57
56
55
54
53
52
51
50
49
48
47
46
45
44
43
42
41
40
39
38
37
36
35
34
33
32
31
30
29
28
27
26
25
24
23
22
21
20
19
18
17
16
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1
12
JID:VEHCOM
AID:74 /REV
Table 6 (continued)
Solution Attack Centralized/ Privacy Certification Support of Support of Support of Reporting to Remote Data Detection
decentralized preserved of authority/RSU routing cryptographic group specific activation/ verification rate
a node or not used or not protocol algorithm formation authority deactivation
[54] Spoofing decentralized yes yes no Yes, using yes Yes, TTP Yes, append no –
1 Table 7 [2] R.S. Raw, M. Kumar, N. Singh, Security challenges, issues and their solutions for 67
2 Open issues in VANET, communication modes and corresponding categories. VANET, Int. J. Netw. Secur. Appl. 5 (5) (September 2013). 68
3 [3] Gh. Samara, W.A.H. Al-Salihy, R. Sures, Security analysis of vehicular ad hoc 69
Open issue Communication Corresponding
networks (VANET), in: Second International Conference on Network Applica-
4 mode categories 70
tions Protocols and Services (NETAPPS), IEEE, 2010, pp. 55–60.
5 Trustworthiness evaluation V2V, V2I Wi-H&S-Si-I [4] M.N. Mejri, J. Ben-Othman, M. Hamdi, Survey on VANET security challenges 71
6 of nodes and misbehavior and possible cryptographic solutions, Veh. Commun. 1 (2014) 53–66, contents 72
7 detection available at ScienceDirect, www.elsevier.com/locate/vehcom. 73
Revocation process and V2V, V2I Wi-H&S-I [5] N.K. Chauley, Security analysis of vehicular ad hoc networks (VANETs): a com-
8 74
certificate revocation list prehensive study, Int. J. Netw. Secur. Appl. 10 (5) (2016) 261–274.
9 [6] B. Mokhtar, M. Azab, Survey on security issues in vehicular ad hoc networks, 75
management and
10 Alex. Eng. J. 54 (2015) 115–1126, available at www.elsevier.com/locate/aej. 76
distribution
11 [7] K. Lim, D. Manivannan, An efficient protocol for authenticated and secure mes- 77
Ability of the network to V2V H&S-I sage delivery in vehicular ad hoc networks, Veh. Commun. 4 (2016) 30–37.
12 78
self-organize via a high [8] R. van der Heijden, Security architectures in V2V and V2I communication, in:
13 mobile network 79
13th Twenty Student Conference on IT June 21st, Enschede, The Netherlands,
14 environment: 2010. 80
15 Data context trust and V2V, V2I Wi-H&S-Si [9] V. La Hoa, A. Cavalli, Security attacks and solutions in vehicular ad hoc net- 81
16 verification works: a survey, Int. J. Netw. Syst. 4 (2) (April 2014). 82
[10] A.Y. Dak, S. Yahya, M. Kassim, A literature survey on security challenges in
17 Cryptographic approaches V2I H&S-I 83
VANETs, Int. J. Comput. Theory Eng. 4 (6) (December 2012).
18 for security, privacy and 84
[11] R.K. Sakib, Security issues in vanet, in: Department of Electronics and Commu-
non-traceability assurance
19 nication Engineering, BRAC University, Dhaka, Bangladesh, 2010. 85
20 Anti-malware and Intrusion V2I Wi-H&S-I [12] W. Whyte, A. Weimerskirch, V. Kumar, T. Hehn, A security credential manage- 86
Detection System ment system for V2V communications, in: IEEE Vehicular Networking Confer-
21 87
ence, 2013.
22 [13] ETSI TS 102 731 V1.1.1-ITS-Security services and architectures. 88
23 dition to, using mobile IP or changing IP or MAC address by [14] K. Plößl, H. Federrath, A privacy aware and efficient security infrastructure for 89
24 vehicles for preventing traceability is still under study. vehicular ad hoc networks, Comput. Stand. Interfaces 30 (6) (2008) 390–397. 90
[15] M. Abuelela, S. Olariu, Kh. Ibrahim, A secure and privacy aware data dissem-
25 6) Anti-malware and Intrusion Detection System: Embedded anti- ination for the notification of traffic incidents, in: Proceedings of the IEEE
91
26 malware frameworks are still problematic issues in VANETs. Vehicular Technology Conference, Spring, Barcelona, April 2009.
92
27 It is a must to develop an intrusion detection mechanism to [16] H. Hasrouny, C. Bassil, A.E. Samhat, A. Laouiti, Group-based authentication in 93
28 enhance network security. V2V communications, in: DICTAP, Fifth International Conference, IEEE, 2015, 94
29 pp. 173–177. 95
[17] IEEE Trial-Use Standard for Wireless Access in Vehicular Environments: IEEE
30 In Table 7, we categorize the open issues mentioned above Std 1609.2™-2012.
96
31 based on which communication mode they hit (V2V, V2I or both) [18] ETSI TS 102 940 V1.1.1-ITS – Communications security architecture and security 97
32 and which of the following categories they concern: (1) Wireless management. 98
33 [19] https://ec.europa.eu/inea/en/connecting-europe-facility/cef-transport/projects- 99
interface (Wi), (2) Hardware and Software (H&S), (3) Sensors input
by-country/multi-country/2014-eu-ta-0669-s.
34 in vehicle (Si), (4) Infrastructure (I) (CA or vehicle manufacturer). 100
[20] https://www.sbdautomotive.com/en/intelligence-news.
35 All these issues push to find a Trade-off between security and [21] IEEE Trial-Use Standard for Wireless Access in Vehicular Environments: IEEE 101
36 efficiency from one side, and anonymity/trust/privacy from the Std 1609.2™-2006. 102
37 [22] ETSI TS 102 867 V1.1.1- Security-Mapping for IEEE 1609.2. 103
other side. Especially anonymity and adaptive privacy, where users
[23] M. Raya, A. Aziz, J.P. Hubaux, Efficient secure aggregation in VANETs, in: Pro-
38 are allowed to select their privacy level based on their own trust 104
ceedings of the 3rd International Workshop on Vehicular Ad Hoc Networks,
39 calculation over the others. 105
VANET ’06, 2006, pp. 67–75.
40 [24] M. Raya, J.P. Hubaux, The security of vehicular ad hoc networks, in: Proceed- 106
41 ings of the 3rd ACM Workshop on Security of Ad Hoc and Sensor Networks, 107
8. Conclusion
42 SASN’05, November 7, Alexandria, Virginia, USA, 2005, pp. 11–21. 108
[25] ETSI TR 102 893 V1.1.1- ITS- Security- Threat, Vulnerability and Risk Analysis.
43 109
Users want safety and security much more on the road as many [26] J. Guo, J.P. Baugh, Sh. Wang, A group signature based secure and privacy-
44 preserving vehicular communication framework, in: CD-ROM Proceedings of 110
people life end there, due to misbehaving and maliciously of oth-
45 the Mobile Networking for Vehicular Environments (MOVE) Workshop in Con- 111
ers. Overcoming these problems requires more efforts in the future
46 junction with IEEE INFOCOM, Alaska, May 2007. 112
to reach a secure VANET environment. This paper presented an [27] F.M. Salem, M.H. Ibrahim, I. Ibrahim, Non-interactive authentication scheme
47 113
extensive overview of the most of VANET security challenges and providing privacy among drivers in vehicle-to-vehicle networks, in: Sixth In-
48 ternational Conference on Networking and Services, 2010. 114
their causes as well as the existing solutions in a comprehensive
49 [28] ETSI TS 102 941 V1.1.1- ITS, Security- Trust and Privacy Management. 115
manner. We give the details of the recent security architectures
50 [29] R.G. Engoulou, M. Bellaïche, S. Pierre, A. Quintero, VANET security surveys, 116
and the well-known security standards and protocols. We focused Comput. Commun. 44 (2014) 1–13, journal homepage: www.elsevier.com/
51 117
on the classification of the different attacks known in the litera- locate/comcom.
52 118
ture and their solutions. Finally, we have specified certain research [30] B. Aslam, C.C. Zou, Distributed certificate architecture for VANETs, in: Military
53 Communications Conference, IEEE, 2009, pp. 1–7. 119
challenges and open questions which may be future research di-
54 [31] A. Rawat, S. Sharma, R. Sushil, VANET: security attacks and its possible solu- 120
rections. Thus enable VANET to efficiently implement a system for tions, J. Inf. Oper. Manag. 3 (1) (2012) 301–304.
55 121
trusting vehicles and protect it from any malicious node. [32] G. Calandriello, P. Papadimitratos, J.P. Hubaux, A. Lioy, Efficient and robust
56 122
pseudonymous authentication in VANET, in: Proceedings of the Fourth ACM
57 International Workshop on Vehicular Ad Hoc Networks, VANET ’07, 2007, 123
Uncited references
58 pp. 19–28. 124
59 [33] A. Dahiya, V. Sharma, A Survey on Securing User Authentication in Vehicular 125
60
[21] [53] [56] Ad Hoc Networks, 2009.
126
[34] H. Hasrouny, C. Bassil, A. Samhat, A. Laouiti, Security risk analysis of a trust
61 model for secure group leader-based communication in VANET, in: Second In- 127
62 References ternational Workshop on Vehicular Adhoc Networks for Smart Cities, IWVSC’, 128
63 2016. 129
64 [1] G. Karagiannis, O. Altintas, E. Ekici, G. Heijenk, B. Jarupan, K. Lin, T. Weil, Ve- [35] R. Engoulou, Securisation des vanets par reputation des nœuds, Thesis Report, 130
hicular networking: a survey and tutorial on requirements, architectures, chal- Ecole Polytechnique de Montreal, 2013.
65 131
lenges, standards and solutions, IEEE Commun. Surv. Tutor. 13 (4) (July 2011) [36] M.Ch. Chuang, J.F. Lee, TEAM: trust-extended authentication mechanism for ve-
66 584–616. hicular ad hoc networks, IEEE Syst. J. 8 (3) (2013). 132
JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.14 (1-14)
14 H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–•••
1 [37] M.S. Al-kahtani, Survey on security attacks in vehicular ad hoc networks [47] R. Raiya, Sh. Gandhi, Survey of various security techniques in VANET, Int. J. Adv. 67
2 (VANETs), in: 6th International Conference on Signal Processing and Commu- Res. Comput. Sci. Softw. Eng. 4 (6) (June 2014). 68
3 nication Systems (ICSPCS), IEEE, 2012, pp. 1–9. [48] N. Patel, R.H. Jhaveri, Trust Based Approaches for Secure Routing in VANET: 69
[38] A. Rao, A. Sangwan, A.A. Kherani, A. Varghese, B. Bellur, R. Shorey, Secure V2V A Survey, Elsevier, 2015, available online at www.sciencedirect.com, ICACTA.
4 70
communication with certificate revocations, in: IEEE Mobile Networking for Ve- [49] S. Zeadally, R. Hunt, Y.-S. Chen, A. Irwin, A. Hassan, Vehicular ad hoc networks
5 hicular Environments, 2007. (VANETs): status, results, and challenges, Telecommun. Syst. 50 (4) (2012) 71
6 [39] M. Raya, P. Papadimitratos, J.P. Hubaux, Securing vehicular communications, 217–241. 72
7 IEEE Wirel. Commun. 13 (5) (2006) 8–15. [50] P. Caballero-Gil, Security issues in VANET, available http://cdn.intechopen.com/ 73
8 [40] B. Xiao, B. Yu, C. Gao, Detection and localization of sybil nodes in VANETs, in: pdfs-wm/12879.pdf, 2011. 74
Proceedings of the 2006 Workshop on Dependability Issues in Wireless Ad Hoc [51] R. Rajadurai, N. Jayalakshmi, Vehicular network: properties, structure, chal-
9 75
Networks and Sensor Networks, ACM, 2006, pp. 1–8. lenges, attacks, solution for improving scalability and security, Int. J. Adv. Res.
10 [41] D. Singelee, B. Preneel, Location verification using secure distance bounding 1 (3) (March 2013), IJOAR.org. 76
11 protocols, in: IEEE International Conference on Mobile Adhoc and Sensor Sys- [52] J. Blum, A. Eskandarian, The threat of intelligent collisions, IT Prof. 6 (1) (2004) 77
12 tems, 2005, p. 7. 24–29. 78
[42] T. Zhou, R.R. Choudhury, P. Ning, K. Chakrabarty, P2DAP – sybil attacks detec- [53] S.S. Kaushik, Review of different approaches for privacy scheme in VANETs, Int.
13 79
tion in vehicular ad hoc networks, IEEE J. Sel. Areas Commun. 29 (3) (March J. Adv. Eng. Technol. (ISSN 2231-1963) 5 (2) (2012).
14 2011). [54] V. Vèque, C. Johnen, Hiérarchisation dans les réseaux ad hoc de véhicules, in: 80
15 [43] G. Yan, S. Olaruis, M. Weigle, Use of infrastructure in VANETs, Comput. Com- UBIMOB, Bayonne, France. CEPADUES, 2012, pp. 45–52. 81
16 mun. 12 (2008) 2883–2897. [55] P. Fan, J.G. Haran, J. Dillenburg, P.C. Nelson, Cluster-based framework in vehic- 82
17 [44] D. Kushwaha, P.K. Shukla, R. Baraskar, A survey on sybil attack in vehicular ular ad-hoc networks, in: 4th International Conference, ADHOC-NOW, Proceed- 83
ad-hoc network, Int. J. Comput. Appl. 98 (15) (July 2014). ings, 2005, pp. 32–42.
18 84
[45] L. Song, Q. Han, J. Liu, Investigate key management and authentication models [56] A.M. Malla, R.K. Sahu, A review on vehicle to vehicle communication protocols
19 in VANETs, in: IEEE International Conference on Electronics, Communications in VANETs, Int. J. Adv. Res. Comput. Sci. Softw. Eng. 3 (2) (February 2013). 85
20 and Control (ICECC), 2011. [57] A.M. Malla, R.K. Sahu, Security attacks with an effective solution for Dos attacks 86
21 [46] Ch.D. Jung, Ch. Sur, Y. Park, K.H. Rhee, A robust conditional privacy-preserving in VANET, Int. J. Comput. Appl. (ISSN 0975-8887) 66 (22) (2013). 87
authentication protocol in VANET, in: First International ICST Conference, Mo- [58] L. He, W.T. Zhu Mitigating, Dos attacks against signature-based authentication
22 88
biSec, Italy, June 2009, pp. 35–45. in VANETs, IEEE Int. Conf. Comput. Sci. Automat. Eng. (CSAE) 3 (2012) 261–265.
23 89
24 90
25 91
26 92
27 93
28 94
29 95
30 96
31 97
32 98
33 99
34 100
35 101
36 102
37 103
38 104
39 105
40 106
41 107
42 108
43 109
44 110
45 111
46 112
47 113
48 114
49 115
50 116
51 117
52 118
53 119
54 120
55 121
56 122
57 123
58 124
59 125
60 126
61 127
62 128
63 129
64 130
65 131
66 132