JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.

1 (1-14)
Vehicular Communications ••• (••••) •••–•••

1 67
Contents lists available at ScienceDirect
2 68
3 69
4 Vehicular Communications 70
5 71
6 72
7 www.elsevier.com/locate/vehcom 73
8 74
9 75
10 76
11 77
12 VANet security challenges and solutions: A survey 78
13 79
14 Hamssa Hasrouny a,b , Abed Ellatif Samhat b , Carole Bassil c , Anis Laouiti a 80
15 81
a
SAMOVAR, Telecom SudParis, CNRS, University Paris-Saclay, 9 rue Charles Fourier, 91011 Evry Cedex, France
16 b 82
Lebanese University, Faculty of Engineering-CRSI, University Campus, Hadath, Lebanon
17 c
Lebanese University, Faculty of Sciences II, University Campus, Fanar, Lebanon 83
18 84
19 85
20 a r t i c l e i n f o a b s t r a c t 86
21 87
22 Article history: VANET is an emergent technology with promising future as well as great challenges especially in 88
23 Received 16 September 2016 its security. In this paper, we focus on VANET security frameworks presented in three parts. The 89
Received in revised form 28 November 2016 first presents an extensive overview of VANET security characteristics and challenges as well as
24 90
Accepted 20 January 2017
25 requirements. These requirements should be taken into consideration to enable the implementation of 91
Available online xxxx
26
secure VANET infrastructure with efficient communication between parties. We give the details of the 92
Keywords: recent security architectures and the well-known security standards protocols. The second focuses on a
27 93
VANET novel classification of the different attacks known in the VANET literature and their related solutions. The
28 94
Security challenges third is a comparison between some of these solutions based on well-known security criteria in VANET.
29 95
Attacks classification Then we draw attention to different open issues and technical challenges related to VANET security,
30 V2V communication which can help researchers for future use. 96
31 Security solutions © 2017 Elsevier Inc. All rights reserved. 97
32 98
33 99
34 100
35 101
36 1. Introduction 102
37 103
38 VANET aims to insure safe drive by improving the traffic flow 104
39 and therefore significantly reducing the car accidents. The latter is 105
40 solved by providing appropriate information to the driver or to the 106
41 vehicle. Still, any alteration of this real-time information may lead 107
42 to system failure impacting people safety on the road. To insure its 108
43 smooth functioning, securing this information becomes a must and 109
44 hence it is on the top outlook of security researchers. 110
45 VANET is a special class of mobile ad-hoc network with pre- Fig. 1. Future vehicle design in VANET. 111
46 defined routes (roads). It relies on specific authorities for registra- 112
47 tion and management, Roadside units (RSUs) and On-Board units traffic congestions and status. Then automatically take appropriate 113
48 (OBUs). RSUs are widespread on the road edges to fulfill spe- actions in vehicle and relay this information through V2V or V2I 114
49 cific services and OBUs are installed in the vehicles navigating in within the vehicular network. 115
50 VANET. All vehicles are moving freely on road network and com- VANET users profit from many applications that are classified 116
51 municating with each other or with RSUs and specific authorities. into active road safety, infotainment, traffic efficiency and manage- 117
52 Using DSRC (Dedicated Short Range Communication) in a single ment [1]; the latter stands for speed management and cooperative 118
53 or multi-hop, the communication mode is either V2V (Vehicle-to- navigation. 119
54 Vehicle), V2I (Vehicle-to-Infrastructure) or hybrid. The security is the state of being free from danger or threat. 120
55 In the coming years, most of the vehicles in VANET will be Security means safety, as well as the measures taken to be safe or 121
56
equipped with on-board wireless device (OBU), GPS (Global Po- protected. For example, in order to provide adequate security for 122
57
sitioning System), EDR (Event Data Recorder) and sensors (radar the parade, town officials often hire extra guards. 123
58
and ladar) as shown in Fig. 1. These equipments are used to sense In VANET, it is critical to guard against misuse activities and 124
59 to well define the security architecture because it is a wireless 125
60 communication which is harder to secure. The security and its 126
61
E-mail addresses: hamssa.hasrouny@telecom-sudparis.eu (H. Hasrouny),
guaranteed level of implementation affect people safety. Few years 127
62 samhat@ul.edu.lb (A.E. Samhat), cbassil@ul.edu.lb (C. Bassil), ago, many researchers have explored the security attacks and tried 128
63 anis.laouiti@telecom-sudparis.eu (A. Laouiti). to find their related solutions. Others tried to define security in- 129
64 130
http://dx.doi.org/10.1016/j.vehcom.2017.01.002
65 131
2214-2096/© 2017 Elsevier Inc. All rights reserved.
66 132
 JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.2 (1-14)
2 H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–•••

1 – Wireless communication: the nodes connection and their data 67

2 exchange are done via wireless channels. Thus requires se- 68
3 curer communication. 69
4 – High mobility and rapidly changing network topology: nodes are 70
5 moving at high/random speed which make harder to predict 71
6 their position and the network topology. Thus enhancing 72
7 node’s privacy and causing frequent disconnection, volatility 73
8 and impossibility of handshake. It lacks the relatively long 74
9 life context (e.g., password) which is impractical for secur- 75
10 ing vehicular communication. Under these constraints, the 76
11 alert dissemination delay should be respected. A good delay 77
12 performance is needed either by using fast cryptographic al- 78
13 gorithm or by entity authentication and message delivery 79
14 on time. For this, a prioritization of data packets and conges- 80
15 tion control is of higher significance; data related to traffic 81
16 safety and efficiency should be faster than the others. 82
Fig. 2. VANET Network.
17 – In addition to reliability and cross layer between transport 83
18 and network layers are suggested to support real-time and 84
19 frastructures, or formalize standards and protocols. But still, the multimedia applications. 85
20 trend of trustworthiness of a node and misbehaving detection is ii. VANET Characteristics related to Vehicles and Drivers: 86
21 large to explore. – High processing power and sufficient energy: VANET nodes have 87
22 This paper presents VANET security characteristics and inves- no issue of energy and computation resources. They have 88
23 tigates most of the VANET security challenges as well as the ex- their own power in the form of batteries and high comput- 89
24 isting solutions in a comprehensive manner. After detailing the ing powers to run complex cryptographic calculations. 90
25 recent security architectures and the well-known security stan- – Better physical protection: VANET nodes are physically better 91
26 dards protocols, we present and discuss the recent frameworks protected. It is more difficult to be compromised physically. 92
27 that address the related issues. We focus on a novel classification Thus reduce the effect of infrastructure attacks. 93
28 of the different attacks known in the literature of VANET security – Known time and position: most vehicles are equipped with 94
29 and their solutions. Finally, despite all the promising opportunities GPS because many applications rely on position and geo- 95
30 that accompany VANET and after discussing the presented works, graphical addressing or area. A tamper proof GPS is used for 96
31 we have specified certain research challenges and open questions secure localization to protect nodes location against attack- 97
32 which may be future research directions. Thus enabling VANET to ers. 98
33 efficiently implement a system for trusting vehicles and protect it – The majority of participants are honest: the majority of drivers 99
34 from malicious nodes. are assumed to be good and helpful to find the adversary. 100
35 The remainder of this paper is organized as follows: Section 2 – Existing law enforcement infrastructure: Via the law enforce- 101
36 expands VANET model and its security requirements. Section 3 de- ment officers, they can catch the adversary that attacked the 102
37 tails the attacker model. Section 4 presents the standardization system. 103
38 efforts. Section 5 presents the solutions classified in a coherent – Central registration with periodic maintenance and inspection: 104
39 manner. Section 6 expands the gap analysis. Section 7 highlights vehicles are registered with central authority and have 105
40 the emerging and open issues and we conclude in Section 8. unique id (license plate). Vehicles periodic maintenance is 106
41 for firmware and software updates. In PKC (Public key Cryp- 107
42
2. Vanet characteristics, security challenges and constraints tography), maintenance is for updating certificates, keys and 108
43 obtaining fresh CRL (Certificate Revocation List). 109
44 110
2.1. VANET characteristics
45 Briefly, the vehicular network is an interaction between the 111
46 behavior and cooperation of the drivers, the network, and the in- 112
47 VANETs are ad hoc networks, highly dynamic, with little access frastructure. Probing a security solution must find a compromise 113
48 to the network infrastructure and offering multiple services. The to involve all parties within it. After presenting VANET character- 114
49 communication modes in VANET shown in Fig. 2 can be catego- istics, we will detail in the next section VANET security challenges 115
50 rized into Vehicle to Vehicle (V2V), Vehicle to Infrastructure (V2I) and constraints. 116
51 and Hybrid. In V2V, the used communication media is character- 117
52 ized by short latency and high transmission rate. This architecture 2.2. VANET security challenges and constraints 118
53 is used in different scenarios of broadcasting alerts (emergency 119
54 braking, collision, deceleration, etc.) or in a cooperative driving. In In VANET, security must guarantee that the exchanged mes- 120
55 V2I, vehicular network takes into account the applications that use sages are not inserted or modified by attackers. As well, the lia- 121
56 the infrastructure points RSUs which multiply the services through bility of the drivers is essential to inform the traffic environment 122
57 internet portals in common. Hybrid mode is a combination of the correctly within time constraint. Exclusive security challenges rise 123
58 two previous techniques. VANET characteristics explored in [1–6] because of the distinctive characteristics of VANET. Mistreating 124
59 can be grouped related to: i) Network topology and communica- these security challenges will lead to many constraints. We list be- 125
60 tion mode or ii) Vehicles and drivers. low some of these security challenges: 126
61 127
62 i. VANET Characteristics related to Network Topology and Communi- – The Network size, the geographical relevancy, the high mobility 128
63 cation Mode: and dynamic topology, the short connection duration and the fre- 129
64 – Unbounded and scalable network: VANET can be implemented quent disconnections [1,2]: Network size can be geographically 130
65 for one or several cities even for countries. Thus requires unbounded and very scalable, growing fast with no global au- 131
66 cooperation and management for security requirements. thority to govern the standards for it. 132
 JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.3 (1-14)
H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–••• 3

1 – The Trust and information verification: trust is required as Table 1 67

2 VANET ad hoc nature motivates the nodes to gather informa- Classification of security requirements. 68
3 tion from other vehicles and RSUs [7]. Hence this information VANET communication mode Security requirements 69
4 exchange is frequent, it must be trusted and integrity verified. V2V, V2I Availability
70
5 Trustworthiness of the data is more useful than trustworthi- Confidentiality 71
6 ness of the nodes transmitting it [2]. Error detection 72
7 – Key distribution: security mechanisms depend on keys, which Liability identification 73
Authentication
8 make their distribution critical. Non-repudiation
74
9 – The Forwarding algorithms: which is challenging concerning the Privacy and anonymity 75
10 number of transferred packets after finding the best route; is Flexibility and efficiency 76
11 it unicast, broadcast, V2V, V2I or hybrid communication. Location privacy 77
12 Integrity 78
Traceability
13 While for VANET constraints or requirements [1], we can list: Data verification
79
14 80
V2I Revocability
15 – Congestion and collision control: it is a must due to the un- 81
Access control
16 bounded network size. 82
17 – Low Tolerance for Error occurrence: some protocols are based on V2V Data verification 83
18 probability and any error can affect people life. 84
19 – Environmental impact: on magnetic waves due to obstacles [1] 85
• Error detection: for detecting malicious and erroneous trans-
20 which prevent their propagation. 86
mission.
21 – Risk analysis and management: we can find sometimes solution 87
• Liability identification: accountability or user identification dur-
22 for the attacks. But finding models for the attackers’ behaviors 88
ing communication. Messages can be used to identify users.
23 are still missing. 89
• Flexibility and efficiency: the flexibility in the security architec-
24 – Anonymity, privacy and liability: nodes receiving data need to 90
ture and the system design is significant. Though it is essen-
25 trust the sender. Privacy is ensured by anonymous vehicle 91
tially designed for traffic safety application that requires less
26 identities. Sometimes even authenticated nodes can do mali- 92
time and bandwidth. This makes the channel efficiency crucial
27 cious issues. Thus, a trade-off solution is needed between the 93
in its consequent low delay.
28 anonymity, privacy and liability. 94
29 95
After defining and analyzing the security requirements, we clas-
30 These security challenges and constraints can be minimized if 96
sify them in Table 1 based on their needs in VANET communica-
31 we better handle the security services presented in the next sec- 97
tion mode, either for V2V, V2I or both. For each VANET communi-
32 tion. 98
33 cation mode, we define its prerequisites of security services. 99
34 2.3. Security requirements (services) 100
35 3. Attacker model 101
36 The security services increase the security of processing and 102
37 data exchange in VANET. The security requirements include: The deployment of a security system for VANET is challeng- 103
38 ing. In fact, the highly dynamic nature with frequent disconnec- 104
39 • Authentication: ensures that the message is generated by a le- tion, instantaneous arrivals and departures of vehicles, the usage 105
40 gitimate user using certificate. Or the receiver identifies the of wireless channels to exchange emergency and safety messages, 106
41 sender of a message via a pseudonym [8]. expose VANETs to various threats and attacks. In this section, we 107
42 • Availability: by resisting to DoS (Denial of Service), we assure will classify the attacks, the attackers and analyze which VANET 108
43 normal functioning. Because a delay in seconds makes the communication mode they affect. 109
44 message meaningless [4]. 110
45 • Confidentiality: involves a set of rules or a promise that lim- 111
3.1. Attacks
46 its access restrictions on certain resources. It is done using 112
47 encryption or exchanging special message between OBUs and 113
48 RSUs as some form of data verification [9]. Many researchers in [2,3,5,7,9,10,23] investigated the attacks in 114
49 • Non-repudiation: sender can’t deny sending a message as he VANETs. The classification of these attacks is useful because the 115
50 is already known from a good authority. They can retrieve at- nature of VANET brings vulnerabilities and constraints that require 116
51 tacker even after harm via Tamper Proof Device (TPD) [4]. solutions. By dividing, we can better control. 117
52 • Integrity: no alteration for data. Digital signature is used for Attacks can be categorized into four main groups: (1) those that 118
53 message and data integrity [3,10]. pose a risk to wireless interface, (2) those that pose a threat to 119
54 • Privacy and anonymity: hide the identity of the user against hardware and software, (3) those that pose a hazard to sensors in- 120
55 unauthorized nodes using temporary and anonymous keys. put in vehicle and (4) those that pose a danger behind wireless 121
56 Thus affording the Location privacy, no one can track the tra- access, which means in the infrastructure (CAs or vehicle manu- 122
57 jectory of any node. facturer). The following sub-sections present the threats posed to 123
58 • Data verification: to eliminate false messaging. The verification each of the areas mentioned above. 124
59 of data consistency with similar messages is used for detecting 125
60 data correctness, especially between neighboring vehicles. 1) Threats to Wireless Interface 126
61 • Access control: all nodes work according to rules and roles priv- • Identity and geographical position revealing (Location Tracking): 127
62 ileges [11]. an attacker tries to get info of the driver and trace him. 128
63 • Traceability and revocability: Although a vehicle real identity This exposes a certain node at risk. For example, a car rental 129
64 should be hidden from others, still there should be a com- company that wants to follow in an illegitimate manner its 130
65 ponent with the ability to obtain vehicles’ real identities to own vehicles. Users will be tracked and no privacy preserv- 131
66 revoke them for future use. ing. 132
 JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.4 (1-14)
4 H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–•••

1 • DoS: an attacker tries to make the resources and the ser- • Cheating with position info (GPS spoofing) and tunneling attack: 67
2 vices unavailable to the users in the network. It is either by hidden vehicles generate false positions that cause accidents. 68
3 jamming the physical channel or by “Sleep Deprivation”. GPS doesn’t work. 69
4 ◦ DDoS (Distributed Denial of Service): it is a DoS from dif- • Timing attack: Malicious vehicles add some timeslots to the 70
5 ferent locations. received message, to create delay before forwarding it. Thus, 71
6 • Sybil Attack: an attacker creates multiple vehicles on the neighboring vehicles receive it after they actually require, or 72
7 road with same identity. It provides illusion to other vehi- after the moment when they should receive it. 73
8 cles by sending some wrong messages for the benefits of • Replay attack: malicious or unauthorized users try to imper- 74
9 this attacker. sonate a legitimate user/RSU by using previously generated 75
10 • Malware: an attacker sends spam messages in the network frames in new connections. 76
11 to consume the network bandwidth and increase the trans- 3) Threats to Sensors input in vehicle 77
12
mission latency. It is difficult to control this kind of at- In addition to GPS spoofing mentioned in sub-section (2), we 78
13
tack, due to lack of necessary infrastructure and centralized present: 79
14
administration. Attacker disseminates spam messages to a • Illusion attack: the adversary deceives purposefully the sen- 80
15
group of users. Those messages are of no concern to the sors on his car to produce wrong sensor readings. Therefore, 81
16
users just like advertisement messages. incorrect traffic warning messages are broadcasted to neigh- 82
17
• Spam: an insider node transmits spam messages to increase bors. 83
18
transmission, latency and bandwidth consumption. • Jamming attack: the attacker interferes with the radio fre- 84
19
• Man in the Middle Attack (MiM): a malicious node listens to quencies used by VANET nodes. 85
20
the communication established between two other vehicles. 4) Threats to Infrastructure 86
21
It pretends to be each one of them to reply to the other. It In addition to Spoofing, Impersonation and Tampering message 87
22
injects false information between them. and hardware mentioned in sub-section (1) and (2), we iden- 88
23
• Brute force Attack: is a trial-and-error method an attacker tify: 89
24
uses to obtain information such as a user password or per- • Unauthorized access: malicious entities try to access the net- 90
25
sonal identification number or to crack encrypted data, or to work services without having the rights or privileges. This 91
26 causes accidents, damage or spy confidential data. 92
test network security.
27
• Black Hole Attack: a malicious node declares having the • Session Hijacking: authentication is done at the beginning. 93
28 After that, the hackers take control of the session between 94
shortest path to get the data and then routes and redi-
29 nodes. 95
rects them. The malicious node is able to intercept the data
30 • Repudiation (Loss of event traceability): denial of a node in 96
packet or retain it. When the forged route is successfully es-
31 a communication. 97
tablished, it depends on the malicious node whether to drop
32 98
or forward the packet to wherever he wants.
33 Table 2 shows the classification of the attacks and the VANET 99
2) Threats to Hardware and Software
34 communication modes they hit (V2V, V2I or both). This classifi- 100
In addition to DoS, Sybil attack, Malware and Spam, MiM, Brute
35 cation helps to identify the predefined attacks on these entities 101
force mentioned above in sub-section (1), we can list:
36 (hardware or software, members or authorities) and on the VANET 102
• Injection of erroneous messages (bogus info): an attacker injects
37 communication mode they affect. Thus preventing these attacks or 103
intentionally falsified info within the network. It directly af-
38 trying to minimize their effects becomes easier as they are nomi- 104
fects the users’ behavior on the road. It causes accidents or
39 nated and VANET becomes more secure. 105
40 traffic redirection on the used route. 106
41 • Message Suppression or alteration: attacker drops packet from 3.2. Attackers 107
42 the network or changes message content. In addition to Fab- 108
43 rication Attack where new message is generated. Or Replay VANET attackers are one of the basic interest of the researchers 109
44 Attack by replaying old messages or Spoofing and Forgery at- in [2,3,9,24]. They got many canonical names listed below based 110
45 tacks that consist of injection of high volume of false emer- on their actions and targets: 111
46 gency warning messages for vehicles. Or Broadcast tamper- 112
47 ing: in which attacker injects false safety messages into the • Selfish driver: he can redirect the traffic. 113
48 network to cause serious problems. • Malicious attacker: he has specific targets. He causes damages 114
49 • Usurpation of the identity of a node (Spoofing or Imperson- and harms via applications in VANET. 115
50 ation or Masquerade): an attacker tries to impersonate an- • Pranksters: attacker does things for his own fun; such as DoS 116
51 other node. To receive his messages or to get privileges not or message alteration (hazard warning) to cause road traffic 117
52 granted to him. Doing malicious issues then declaring that for example. 118
53 the good one is the doer. • Greedy drivers: they try to attack for their own benefit. For 119
54 • Tampering Hardware: during yearly maintenance, in the ve- example: sending accident message may cause congestion on 120
55 hicle manufacturer, some malicious employees try to tamper road. Or sending false messages for freeing up the road. 121
56 the hardware. Either to get or put special data. • Snoops/eavesdropper: attacker tries to collect information about 122
57 • Routing Attack: an attacker exploits the vulnerability of the other resources. 123
58 network layer, either by dropping the packet or disturbing • Industrial insiders: while firmware update or key distribution, 124
59 the routing. It includes in addition to the Black Hole Attack: malicious employees do hardware tampering. 125
60 – Wormhole attack: Overhearing data; an attacker receives 126
61 packets at a point targeted via a tunnel to another point. The attackers are classified into: 127
62 He replays it from there. 128
63 – Greyhole attack: a malicious node misleads the network by – Insider vs. outsider: insider represents authenticated user on the 129
64 agreeing to forward the packets. But sometimes, he drops network vs. outsider one with limited capacity to attack. 130
65 them for a while and then switches to his normal behav- – Malicious vs. rational: malicious presents any personal benefit 131
66 ior. vs. rational which has personal and predictable profit. 132
 JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.5 (1-14)
H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–••• 5

1 Table 2 67
2 Classification of Attacks based on four categories and VANET communication mode. 68
3 Attacks on Attack name Attack on VANET 69
4 communication mode 70
5 Wireless – Location Tracking V2V 71
6 interface – DoS, DDoS 72
7 – Sybil 73
– Malware and spam.
8 74
– Tunnelling, Blackhole,
9 Greyhole. 75
10 – MiM 76
11 – Brute force 77
12 Hardware and – DoS V2V, V2I 78
software – Spoofing and forgery.
13 79
– Cheating with position
14 info (GPS spoofing). 80
15 – Message suppression/ Fig. 3. PKI schema. 81
16 alteration/fabrication. 82
– Replay
17 83
– Masquerade
18 84
– Malware and spam
19 – MiM 85
20 – Brute force 86
21 – Sybil V2V 87
– Injection of erroneous
22 88
messages (bogus info).
23 – Tampering hardware 89
24 – Routing, Blackhole, 90
25 wormhole and Greyhole. 91
– Timing.
26 92
Sensors input – Cheating with position V2V
27 93
in vehicle info(GPS spoofing)
28 Fig. 4. Mapping OSI to ETSI architectural layers. 94
– Illusion attack
29 – Jamming attack 95
30 Infrastructure – Session hijacking V2I and V2V 4.1. Security infrastructure: PKI 96
– DoS, DDoS
31 97
– Unauthorized access
32 – Tampering hardware Exploring the VANET security infrastructures, PKI is the most 98
33 – Repudiation used one. It is shown in Fig. 3. PKI supports the distribution and 99
34 – Spoofing, impersonation identification of public encryption keys. This enables users to se- 100
or masquerade curely exchange data over the network and verify the identity of
35 101
36 the other party. PKI consists of hardware, software, policies and 102
37 – Active vs. passive: active attacker generates signals or packets standards. All together manage the creation, administration, distri- 103
38
vs. passive one who only senses the network. bution and revocation of keys and digital certificates. PKI includes 104
39 the following key elements: 105
– Local vs. extended: local attacker works with limited scope
40 106
even on several vehicles or base stations vs. extended attacker
41 • A trusted party, called a Root certificate authority (CA). It acts 107
which broadens his scope by controlling several entities scat-
42 as the root of trust and provides services to authenticate the 108
tered across the network.
43 identity of entities. 109
44 • A registration authority, called a subordinate CA, certified by a 110
After detailing the classified attacks and attackers, we will de-
45 root CA. It issues certificates for specific uses permitted by the 111
tail in the next section the standardization and the recent projects
46 root. It is used to protect the root CA. The users communica- 112
47
efforts. tion to the Root CA pass through the subordinate CA thus any 113
48 attack can be detected before reaching the root CA. 114
49 • A certificate database, which stores certificate requests and 115
4. Standardization efforts
50 issues/revokes certificates. It is accessible by the root and sub- 116
51 ordinate CAs. 117
52 • A certificate store, which resides on each vehicle to store is- 118
An infrastructure is an underlying foundation for a system. Se-
53 sued certificates and private keys. 119
curity architecture is a security design. It addresses the necessities
54 120
55
and potential risks involved in a certain environment and speci- Briefly, the processes of distribution of encryption keys and cer- 121
56 fies when and where to apply security controls. Standard provides tificates verification are done by the Root and Subordinate CAs. 122
57 detailed requirements on how a policy must be implemented. They identify the vehicles specific access within the vehicular net- 123
58 In VANET, many groups [12–16] have investigated the security work using specific hardware/software and wired/wireless commu- 124
59 architectures and infrastructures. They generated either security nication. 125
60 standard protocols [17] or define security architecture [18]. Other 126
61 projects Scoop@F [19], C-Roads [20] are currently investigating the 4.2. Security architectures 127
62 security in the ITS(intelligent transport system). 128
63 In the following, we detail the most popular security infras- Many groups in Europe and USA build their own security ar- 129
64 tructure namely PKI (Public Key Infrastructure), the recent VANET chitectures based on PKI. In Europe (EU), ETSI in [18] define 130
65 security architectures and the well-known security standards pro- its security architecture for ITS (Intelligent Transport System). In 131
66 tocols. USA, within the Vehicle Safety Communication Consortium (VSC), 132
 JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.6 (1-14)
6 H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–•••

1 Table 3 4.3. Security standards 67

2 Security services in ETSI and NHTSA architectures. 68
3 Security service Architectures For standardization, we consider the IEEE 1609.2 security stan- 69
4 dard and ETSI standards. 70
Authentication NHTSA authenticates via digital signature and
5 encryption. ETSI via signed messages. The IEEE 1609.2 security standard [16,19] presents methods to 71
6 Confidentiality NHTSA and ETSI via symmetric and asymmetric secure message formats, application messages, and messages pro- 72
7 encryption. 73
Integrity NHTSA assures the integrity via Message Authentication
cessing used by WAVE (Wireless Access in Vehicular Environments)
8 74
Code. ETSI check the value of signed message. devices. All these security issues are based on PKI using keys
9 75
Liability identification NHTSA via Misbehavior Authority. ETSI via and certificates management. The symmetric encryption AES-CCM,
10 accountability and remote management. 76
the asymmetric signature ECDSA, and the asymmetric encryption
11 Message security NHTSA and ETSI use PKI. NHTSA use ECDSA. 77
ECIES are used for the keys distribution and for the safety mes-
12 Non-repudiation ETSI and NHTSA have EDR for tracing. 78
Privacy NHTSA uses an anonymizer proxy and sages formats. The security requirements in this standard such as
13 79
privacy-preserving revocation via MA. confidentiality, authenticity, non-repudiation and integrity are en-
14 80
sured but anonymity is limited and no mechanism is defined for
15 81
multi-hop communication in V2V.
16 VSC-A (Vehicle Safety Communications-Applications), we consider 82
ETSI in [13,18,22] defined ITS security services and architecture
17 the NHTSA (National Highway Traffic Safety Administration) [12] and ITS-communications security management. We had discussed 83
18 with its security architecture for VANET. the security architecture of ETSI standard in section 4.2. Table 4 84
19 ETSI in [18] specifies security architecture for ITS communica- below summarizes the mapping between security services of ETSI 85
20 tions. Based on the security services defined in [22], it identifies 86
and IEEE 1609.2 based on [22].
21 87
the functional entities and their relationships: EA (Enrollment Au- We conclude from Table 4, that some services in ETSI are still
22 88
thority), AA (Authorization Authority) and ITS-S (Intelligent Trans- missing or under development in IEEE 1609.2. The accountability,
23 89
port System-Station). ITS-S security lifecycle begins in the man- remote management and report misbehaving are completely ab-
24 90
ufacturer then enrolment, authorization and maintenance. ITS-S sent in IEEE 1609.2. While for plausibility check, IEEE 1069.2 does-
25 91
architecture is based upon four processing layers: Access Layer, n’t check dynamic parameters. For replay protection, IEEE 1609.2
26 92
Networking & Transport Layer, Facilities Layer and Applications uses the timestamp but they do not use the sequence number.
27 93
Layer bounded by two vertical layers: Management and Security And finally for the security association management (session), IEEE
28 94
as shown in Fig. 4. EA validates (authenticates and grants) that 1609.2 check the security in any session on the fly, it checks the
29 95
certificate and signature but does not establish and manage a se-
30 an ITS-S is trusted to function in ITS communication. AA provides 96
curity association between two ITS-S communicating together.
31 ITS-S proof to use specific services by issuing authorization ticket. 97
After describing the standardization efforts, we will move in the
32 CI (Canonical Identifier) is globally unique for an ITS-S facing the 98
next section, to expand many proposed solutions for different at-
33 Enrolment credentials. 99
tacks in VANET literature.
34 NHTSA proposed a security architecture [12] based on PKI. 100
35 They detailed functional entities based on long term enrolment 101
5. Proposed solutions from the literature to the previously
36 certificates for OBU (Bootstrap functions) and short term digital 102
described attacks
37 103
certificates (Pseudonym functions). Their basic issue is trust. The
38 104
entities of the NHTSA architecture are shown in Fig. 5. Within Many researchers worked on proposing solutions for the previ-
39 105
their proposal, V2V communication consists of two types of mes- ously described attacks. We grouped these proposals based on the
40 106
sages: BSM (Basic Safety Message) and security information mes- categorized attacks mentioned in section 3.1.
41 107
sage. For BSM, the digital signature and certificate are used for
42 108
43
verification purpose. For the communications between vehicles and 5.1. Attacks on wireless interface: 109
44 SCMS (Security certificate management System), the asymmetric en- 110
45 cryption ECIES (Elliptic Curve Integrated Encryption Scheme) is For Tracking, Eavesdropping and Traffic analysis attacks: 111
46 used for confidentiality and the digital signature ECDSA (Ellip- The privacy is one of the basic cures for these attacks. Many 112
47 tic Curve Digital Signature Algorithm) is used to validate the de- researchers investigated many techniques to maintain participants’ 113
48 vice. For the Communications inside the SCMS (entity to entity), the privacy within VANET: It can be ensured by a set of anonymous 114
49 symmetric encryption AES-CCM (Advanced Encryption Standard- keys changing according to the driving speed or via pseudonyms 115
50 Counter with CBC-MAC) is used for confidentiality with MAC (Mes- that cannot be linked to the true identity of the user or the vehicle 116
51 sage Authentication Code) for integrity and together they pro- [25] or either via group signatures [12,27,26]. 117
52 vide authenticity. This security architecture assures Privacy against ETSI standard in [28] specifies the privacy management for a 118
53
insiders and outsiders; a single SCMS component cannot link node based on anonymity, unobservability, pseudonyms, and un- 119
54
any two certificates to the same device (no tracking) and no linkability. The communication between nodes is done using the 120
55 SA (Security Association) and key management. The authors in 121
stored information within SCMS can link certificates to a partic-
56 [3] propose to preload anonymous keys in TPD which are certi- 122
ular vehicle or owner. MA (Misbehavior Authority) assures the
57 fied by CA and traced back to Electronic License Plate (ELP). [29] 123
continuation of the trusted nodes only, by producing/publishing
58 propose to keep node identity and location private. Thus using a 124
CRL and misbehavior reports in VANET. LOP (Location Obscurer
59 decentralized group authentication with set of anonymous keys, 125
60 Proxy) acts as anonymizer proxy and shuffles misbehavior report pseudonyms, group signatures and ECPP (Efficient Conditional Pri- 126
61 sent by OBUs to MA. Efficient privacy-preserving revocation ex- vacy Preserving) protocol for anonymous authentication. In [30], 127
62 ists. the vehicles use many temporary certificates (pseudonyms) from 128
63 Table 3 presents the security services afforded within ETSI and their tamper proof device that cannot be linked with each other. 129
64 NHTSA architecture. After presenting the security architectures, in [24] propose to use variables MAC (Media Access Control) and IP 130
65 the next section we will present the well-known security standards addresses to separate the addresses from the identities of vehi- 131
66 in VANET. cles and drivers [23]. [31] suggest VIPER (Vehicle-To-Infrastructure 132
 JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.7 (1-14)
H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–••• 7

1 67
2 68
3 69
4 70
5 71
6 72
7 73
8 74
9 75
10 76
11 77
12 78
13 79
14 80
15 81
16 82
17 83
18 84
19 85
20 86
Fig. 5. NHTSA security system design.
21 87
22 88
23 Table 4 89
Mapping ETSI security services with IEEE 1609.2.
24 90
25 Security service group ETSI security service at Rx/Tx Mapping definition IEEE 1609.2 91
26 Enrolment Obtain/Remove/Update Enrolment Credentials Certificate Signing Request 92
27 93
Authorization Obtain/Update Authorization Ticket Certificate Signing Request
28 Publish/Update authorization Status Certificate Revocation List(CRL) request/update 94
29 Add/Validate authorization credential to single message Signed Messages and processing signed messages 95
30 96
Security association management (session) Establish/Remove/Update Security Association Not supported: support on the fly security associations
31 by identifying the trust hierarchy and security service 97
32 applied to the message in the body and content of the 98
33 public key certificate. 99
34 Authentication Authenticate ITS user/network Signed messages. 100
35 101
Confidentiality Encrypt/Decrypt message Encrypted messages
36 102
Send/Receive secured message using Security Association Not supported
37 103
38 Integrity Insert/Validate check value Signed messages. 104
39 Replay protection Timestamp message Supported 105
40 Insert/Validate sequence number Not supported 106
41 107
Accountability Record incoming/outgoing message Not supported
42 Plausibility validation Validate data plausibility and dynamic Parameters Basic support: rejected if geographic location far or 108
43 expiry time too far in the past. 109
44 110
Remote management Activate/Deactivate ITS transmission Not supported
45 111
46 Report misbehaving Report Misbehavior Report of ITS-S Not supported 112
47 113
48 114
Communication Privacy Enforcement Protocol) for V2I communica- and [32] succeeded to protect privacy of the participants and were
49 115
tions. very efficient in terms of computing capabilities and communica-
50 116
For the group signature, it is used to sign message on behalf tion bandwidth using the asymmetric and symmetric cryptography
51 117
of the group, no revealing to the identity of the signer which pre- and tamper resistant hardware.
52 118
vents tracking and assure privacy [26]. Only the group manager For Information Disclosure:
53 119
54
can unlock the identity of the user and trace him via a secret trap- The authors in [2] propose SMT (Secure Message Transmission) 120
55
door. In [12], V2V inside groups uses secret-key for their basics and NMD routing protocol to solve this issue via MAC and asym- 121
56 authentication. Groups or ring signatures enhance the privacy by metric cryptography. 122
57 saving communication in the most efficient way. In [27], a non- For DOS attack: 123
58 interactive authentication scheme is presented providing privacy It can be lessened using the digital signature [24], specific au- 124
59 among drivers assembled in groups for V2V communication net- thentication methods [33], routing protocols [1] or trustworthiness 125
60 works; drivers may change their own set of public keys frequently of a node [34]. Digital signature is used for secure and reliable 126
61 without control from the third trusted party (TTP). message communication and authentication [35]. Digitally signing 127
62 Also we can mitigate these attacks by encrypting the data. The data acts as Proactive security for it [1], also customized hardware 128
63 authors in [2] propose an asymmetric cryptography via NMD (Non- with non-public protocols let attackers take time to penetrate to 129
64 Disclosure Method) routing protocol, [12] suggest the symmetric the system. [36] suggest the usage of short life time private and 130
65 encryption for beacons to avoid being tracked. The security ar- public keys with a hash function. For the authentication, Tesla++ 131
66 chitecture for V2V and V2I communication adopted in [14,15,23] [33] is an authentication method used as effective alternative to 132
 JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.8 (1-14)
8 H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–•••

1 signatures. It uses symmetric crypto with delayed key disclosure. 5.2. Attacks on hardware and software 67
2 Secure and prevents memory based DoS attack. It reduces the 68
3 memory requirement at the receiver end for authentication mech- For Message tampering:
69
4 anism. For the routing protocol, [2] apply the SEAD (Secure and Use similarity algorithm [50], data correlation [26] and chal-
70
5 Efficient Ad-hoc Distance Vector) or ARIADNE routing protocol that 71
lenge response authentication method [33] to prove the reliability
6 use one way hash function and symmetric cryptography. Concern- 72
of the messages. Ref. [50] proposes a trust and reputation man-
7 ing the trustworthiness of a vehicle, [34] propose a trust model 73
agement framework based on similarity algorithm and trust of
8 that calculates the trust metric values of nodes participating in 74
messages content between vehicles to help driver to believe or not
9 VANET. One of its critical factors consists of limiting the number 75
a received message. By calculating the trust value if it surpasses
10 of accepted received messages from neighbors. Once exceeding a 76
a threshold they take appropriate action and rebroadcast the mes-
11 certain threshold (which is the case in DOS attack), using a fuzzy- 77
sage. Otherwise they drop it.
12 based approach, a direct report is sent to MA to deactivate the 78
In [26], a novel group signature based on a security framework
13 attacker. 79
assures authenticity, integrity, anonymity, accountability, access
14 80
For Sybil attack: control approach and probabilistic signature verification scheme
15 81
Deploy a central Validation Authority (VA), which validates en- is used to detect the tampered messages for unauthorized node.
16 82
17
tities in real time directly or indirectly using temporary certificates Based on tamper resistance device, it correlates data from vehicles 83
18
[37]. Use PKI for key distribution and revocation [38]. Apply the and cross-validates it via a set of rules. The security layer of this 84
19
registration, the ECDSA for signature and use timestamp per ve- framework is composed of: capability check, signature generation, 85
20
hicle [8]. Ref. [39] proposes to use approved certification. In case firewall, signature verification, authorization check, anomaly check. 86
21
of authentic and secure links with trusted nodes, [40] proposes In [33] a challenge-Response authentication method is pro- 87
22
validating unknown nodes with the method of secure location ver- posed; a combination of digital signature and challenge response 88
23
ification. Ref. [9] suggests the position verification by analyzing authentication. It is used to minimize the false message. A receiver 89
24 the signal strength and radio resource testing. Ref. [41] advocates getting any message sends a challenge to the sender. By replying, 90
25 strengthening the authentication mechanism by the use of dis- it transmits its location and timestamp to prove its authenticity. 91
26 tance bounding protocols based on cryptographic techniques. In [9] Location can tell us if the vehicle was at vicinity of an accident, 92
27 RobSAD (Robust Sybil Attack Detection) for abnormal/normal tra- which increases the reliability of the safety message. 93
28 jectory, with higher detection rate and lower system requirements. 94
For Spoofing and Forgery attacks:
29 It can detect attacks independently by comparing digital signa- 95
Use vehicular PKI (VPKI) for authentication between vehicles
30 tures for the same motion trajectories. Ref. [42] proposes many 96
[51], or sign warning messages [52], or establish group communi-
31 privacy-preserving schemas with VANET architecture generating 97
cations [54], or include a non-cryptographic checksum per message
32 certificates/pseudonyms and monitoring vehicles then reporting to 98
sent and apply plausibility checks on incoming one [25]. Or even
33 CA. Ref. [43] proposes to use on-board radar (virtual eye). Vehicle 99
use cryptographic certificate via routing protocol ARAN (Authen-
34 can see surrounding vehicles and receive reports of their GPS co- 100
ticated Routing for Ad-hoc network) [1] or use on-board radar
35 ordinates. By comparing, they can detect the real position and the 101
(virtual eye) [43], then vehicle can detect the real position and the
36 malicious vehicles. In [3], Location is used to prevent Sybil attacks 102
malicious vehicles.
37 by checking its logical place. A vehicle receives message, examines 103
For VPKI, it is a set of trusted third parties, one CA in each
38 certificate, its lifetime and location. If it is correct and in logical 104
country, with delegated CA in regions, CAs mutually recognize ve-
39 location, it accepts the message else it reports to the nearest CA. 105
hicles in different areas. Each vehicle has their own private and
40 They also use TCRL (Timely geographical CRL) that contains fresh 106
public keys and short lifetime of certificates with anonymous keys
41 revoked CRLs of a specific area. Finally, [44] compared different 107
changing according to the driver speed [51]. Only legal authorities
42 Sybil attacks solutions. 108
can correlate between Electronic License Plate of a vehicle and its
43 For Malware and Spamming: 109
pseudonyms. So a disseminated signed message with certificate at-
44 Digital signature of software and sensors is a must. Using 110
tached is authenticated via CA. Thus the communication between
45 trusted hardware make impossible to change existing protocols 111
authenticated users is only established in a secure manner.
46 and values, except by authorized nodes [41]. 112
Use ECDSA for digital signature [47], it provides secure and fast
47 113
For Man in the middle attack: dissemination of info; after validating the public key then authen-
48 114
Use strong authentication methods such as digital certificates ticating the private key of a user signing a message.
49 115
and confidential communication with key or powerful cryptogra- For the group communication [54], keys can be managed by a
50 116
phy [9]. Include several authentication schemes mentioned in [45] group key management system. An intruder could not be able to
51 117
where anonymity, pseudonyms, trust and privacy are ensured via communicate with the group. Drivers are organized into groups
52 118
short-lived keys changing frequently and RSU used for authenti- with shared public key between members [55], in case of a ma-
53 119
cation and key distribution. In [36], a decentralized lightweight licious behavior, the identity of the signer can be revealed only
54 120
authentication scheme for V2V is given to protect valid users in by the TTP. In [35], they use SECA (Security Engineering Cluster
55 121
VANETs from malicious attacks based on the concept of transitive Analysis) for securing the group. For beacons security, they use
56 122
trust relationships. Ref. [46] proposes an authentication via MM certificate and digital signature while for multi-hop security, the
57 123
58 (Membership Manager) which can detect misbehaving nodes via geographical position is used. 124
59 RSUs that trace vehicles. In [47], an efficient cooperative message For Message Saturation: 125
60 authentication permits vehicle users to cooperatively authenticate Ref. [25] proposes to limit the message traffic to V2I/I2V, im- 126
61 a bunch of message-signature pairs without trusted agent using plement station registration so only registered vehicles accept and 127
62 Public Key Cryptography (PKC) and Secret key Cryptography (SKC). process messages received from ITS infrastructure in its radio 128
63 For Brute force attack: range, reduce the frequency of beaconing and add source iden- 129
64 Use strong encryption and key generation algorithms unbreak- tification (equivalent to IP address) in V2V messages. While the 130
65 able within a reasonable running time [49]. Then unauthorized authors in [23] try to limit the flooding of the signed messages, 131
66 access is prohibited. built on location based grouping and aggregation signature. 132
 JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.9 (1-14)
H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–••• 9

1 Table 5 For surpassing Masquerading: 67

2 Attacks, compromised services and solutions. [25] propose to include an authoritative identity in each mes- 68
3 Attacks Compromised Solutions sage and authenticate it, or as suggested in [47], use the digital 69
4 services signature and sequence number. 70
5 Tracking Privacy [2,3,12,24–32] 71
For resisting against Routing attacks (Blackhole, Greyhole, Worm-
6 Traffic analysis Confidentiality [2,12,14,15,23,32] 72
hole and Tunnelling):
7 Eavesdropping 73
Digital signature of software and sensors are used. In ARAN,
8 Information disclosure Authentication [2] 74
Privacy ARIADNE and SEAD routing protocol [2] cryptographic certificate,
9 75
DOS Authentication [1,2,24,33–36] symmetric cryptography, MAC (Message Authentication Code) and
10 76
Availability one way hash function are used respectively to solve these issues.
11 Sybil attack Authentication [3,8,9,37–44] 77
In [9], HEAP an efficient technique is proposed to defend against
12 Availability 78
Wormhole attack in the network. It is based on AODV protocol. It
13 Malware Availability [41,41] 79
Spamming Confidentiality
use geographical leash to limit the travelled distance from source
14 80
Man in the middle Authentication [9,36,45–47] to destination, if the threshold is surpassed then the packet is
15 81
attack Confidentiality dropped. They propose also the TIK (TESLA with instant key dis-
16 Integrity 82
closure) authentication protocol. [48] presents various mechanisms
17 Non-repudiation 83
to improve different ad-hoc routing protocols for secure routing
18 Brute force Authentication [49,48,49] 84
Confidentiality
process by enhancing the trust among different nodes in VANETs.
19 85
20
Tampering Hardware Confidentiality Control of manufacturer For Timing attack: 86
Privacy users’ job. Time stamping mechanism is used for packets of delay-sensitive
21 Message tampering/ Authentication [26,33,50] 87
22
applications in a trusted platform with strong cryptographic mod- 88
suppression/ Availability
23 fabrication/alteration Integrity ules [9,24,36]. 89
24 Non-repudiation 90
25
Message saturation Authentication [1,25,35,43,47,51,52,55,54,23] 5.3. Attacks on Sensors input in vehicle 91
(Spoofing and forgery Availability
26 attacks) Integrity 92
27
For Jamming attack: 93
Broadcast tampering Availability Cryptographic primitives are
28 Integrity enabled with non-repudiation
The authors in [57] propose to switch the transmission chan- 94
29 mechanism. nel or use the frequency hopping technique. While [35] suggest to 95
30
Node impersonation Authentication [2,37,39,41] switch either between different wireless technologies. 96
Integrity
31 Non-repudiation
For GPS Spoofing or Faking Position or Illusion attack: 97
32 Masquerading Authentication [25,47] Use signature with positioning system to accept only authentic 98
33 Non-repudiation location data [58]. Or implement differential monitoring to iden- 99
34 Integrity tify unusual changes in position [25]. Or calculate a reputation 100
Routing: Authentication [2,9,48] score for safety application [35] by analyzing and filtering received
35 101
Blackhole, Greyhole, Availability
36 queries to detect malicious and incorrect position. Hence potential 102
Wormhole, Confidentiality
37 Tunnelling Integrity adversaries are detected and ejected from VANET. 103
38 GPS spoofing/Position Authentication [25,35,58] 104
39 faking Privacy 5.4. Attacks on Infrastructure 105
Timing attack Availability [9,24,36]
40 106
Replay Authentication [2,25,43]
41 For Key and/or certificate replication that cause Unauthorized Ac- 107
Integrity
42 Non-repudiation cess: 108
43 Illusion attack Authentication [25,35,58] Use certified and disposable keys, or check the validity of the 109
44 Integrity digital certificates in real time via CRL [24], or use the revocation 110
45 Jamming Availability [35,57] protocols instead of CRL [3]. Use the cross certification between 111
Key and/or certificate Authentication [3,24,30,33,38,39]
46 different CAs involved in VANETs security scheme [39]. Or adopt a 112
replication Confidentiality
47 (unauthorized
hierarchical distributed CAs with trust going through a long chain 113
48 access) [30]. 114
49 Loss of event Non-repudiation [9,41,33] A “Freshness” concept in [38] provides a constant verification 115
50 traceability time independent of the number of revoked certificates, thus no 116
(Repudiation)
51 need for PKI to distribute the CRL and OBUs to maintain them. 117
52 This reduces the storage requirement at OBUs. 118
53 For Replay attack: Ref. [33] proposes to revoke the certificate either when cryp- 119
54 Use time stamping technique for sensitive packets [43] or tographic keys are compromised or when a fraudulent user issues 120
55 timestamp all messages by broadcasting time (UTC or GNSS), or signed certificates to transmit fake info. The certificate consists of a 121
56 digitally sign and include sequence number in each message [25]. public key, certificate lifetime, signature of CA and CRL appended. 122
57 Beside cryptographic certificate or symmetric cryptography and Some of the suitable revocation protocols are mentioned in [3]: 123
58 RTPD (Revocation Tamper Proof Device), if activated in any vehicle 124
MAC via ARAN and ARIADNE routing protocol [2].
59 prohibit it of sending messages, and DRP (Distributed Revocation 125
60 For Node Impersonation: Protocol) which allows vehicles to communicate and accuse others 126
61 Use variables MAC and IP addresses for V2V and V2I communi- that misbehave and when possible report to CA. Then their TPD 127
62 cations [39]. Or Authenticate via digital certificates [37]. Ref. [41] will no longer able to sign messages. 128
63 proposes to strengthen the authentication mechanism using the For Loss of event traceability (Repudiation): 129
64 distance bounding protocols based on cryptographic techniques. Or The authors in [41] recommend using trusted hardware for 130
65 use cryptographic certificate via ARAN routing protocol as men- which it is impossible to change the existing protocols and val- 131
66 tioned in [2]. ues except by authorized ones. As per [33], reading and updating 132
 JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.10 (1-14)
10 H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–•••

1 from sensors must be authenticated and verified e.g. by a chal- many emerging and open issues are raised. We will expand them 67
2 lenge/response mechanism. While [9] propose the PVN (Plausibly within the next section. 68
3 Validation Network) to collect raw data from sensors and antenna 69
4 to check if plausible or not. 7. Emerging and open issues 70
5 Finally, ETSI in [13] proposes for attacks countermeasures to use 71
6 the audit log, the remote activation and deactivation of nodes. Based on the security approaches presented in section 5, the 72
7 In Table 5, we present the previously described attacks, their researchers in VANET tried to bypass many constraints or vulnera- 73
8 related compromised services and their proposed solutions. bilities attacking the vehicular network. Although, many issues still 74
9 open. We highlight below some of them which may become new 75
10 6. GAP analysis between different solutions research areas in the future: 76
11 77
12 When performing a gap analysis in VANET, the aim is to iden- 1) The trustworthiness evaluation of nodes participating in VANET and 78
13 tify gaps of missing/necessary needs in relation to what outcomes their misbehavior detection: 79
14 are desired. One must compare what has been done in the area, i. Evaluating the trustworthiness of a vehicle in VANET is an 80
15 and compare this to the ambitions of what to aim for. There will open problem. We mentioned above that any defection in 81
16 probably be a gap in-between, which in that case must be identi- the communication and/or messages endangered people’s 82
17 fied. When this identifying process is completed the analysis hope- lives. So what are the criteria that would define if a node is 83
18 fully proposes a solution of how to fill the gap. trusty or not? Is it reliable to count on it for disseminating 84
19 Researchers in VANET tried to bypass the scalability prob- critical messages? 85
20 lems and save the communication in the most efficient manner. ii. Based on these criteria we can detect the misbehavior ei- 86
21 They attain to reduce the delay in propagation. They worked on ther in vehicle or in the backend. Once the misbehavior 87
22 authentication, data delivery and try to propose how to trust detected, what are the appropriate actions to take? Pun- 88
23 messages between vehicles. They tried to find balance between ishment factors are not clearly defined also encouragement 89
24 the need to preserve user privacy and the traceability require- ones. Both factors can be incentives as they can limit the 90
25 ment for law enforcement authorities. They used cryptographic ap- danger of malicious nodes. 91
26 proaches based on PKI to distribute symmetric or asymmetric keys 2) The revocation process and the certificate revocation list manage- 92
27 for message encryption, and certificates for authentication. They ment and distribution: once the misbehavior is detected how 93
28 trust group formation based on symmetric and asymmetric crypto- would be the revocation process? CRL-based solutions still un- 94
29 graphic schemes in order to speed the processing and strengthen der development. Using the short lifetime certificates in CRL 95
30 the security and the privacy. They encrypt data to prevent track- and certificates change strategies are not defined yet and still 96
31 ing. They use digital signature and trust model at the receiver vulnerability under no infrastructure for CRL. Certificate ver- 97
32 end, to prevent DoS. They validate data in real time, by analyzing ification and revocation is longer in case of chain certificate 98
33 signal strength or buying virtual eye to detect Sybil attack. They authorities so what are the alternatives? 99
34 use the digital signature or transitive relationship for malware and 3) The ability of the network to self-organize via a high mobile network 100
35 spamming detection. They suggest strong encryption and key gen- environment: the Group formation is a trend but how to deliver 101
36 eration algorithms unbreakable within a reasonable running time across partitions in VANET still not well-defined yet. In the 102
37 to resist to brute force attack. They propose similarity algorithm to group formation, the group leader is the center server for all 103
38 check and detect tampering by calculating trust value surpassing nodes joining this group. The key management and basic com- 104
39 a certain threshold. They adopt the group communication to limit munication pass through him. What happens if this GL decides 105
40 the unauthorized access. They reduce the frequency of sending to to leave the group? Should be a backup group leader? What 106
41 limit the message saturation. They use special routing protocol and about the Key management when the GL leaves the group? It 107
42 digital signature to prevent replay attack. They suggest switching is not well clear. What happens if the GL leaves the group or a 108
43 between different wireless technologies to prevent jamming the radio link cuts? Is the solution by trying to integrate different 109
44 channel. They use certified and disposable keys, and check the va- wireless technologies within VANET and switch between them 110
45 lidity of the digital certificates in real time via CRL, or use instead in case of any problem occurrence? 111
46 the revocation protocols. For unauthorized access, they revoke the 4) Data context trust and verification: VANET aims to insure safe 112
47 certificate when cryptographic keys are compromised. They use the and cooperative drive. This happens by providing the appropri- 113
48 reporting to specific authority and the remote activation and deac- ate information to the driver or vehicle. So it is very important 114
49 tivation of nodes. They propose for attacks countermeasures to use to check and verify the exchanged information in VANET. For 115
50 the audit log. Data-centric trust and verification, the tamper-resistance hard- 116
51 Briefly, most of them agreed on using PKI, digital signature ware used in a vehicle to detect unnecessary accident warn- 117
52 and certificates with cryptographic techniques and group forma- ings, needs to be further researched. For the context verifica- 118
53 tion to maintain the basic security issues in VANET. But each of tion, a vehicle must be capable to act as an intrusion detection 119
54 the proposed solution is a wide field to explore and future work is system by comparing received information about status and 120
55 required to test and prove the best that can fit. environment with its own available information. In addition, 121
56 Table 6 below shows a comparison between the solutions based the reactive security concept needs to be enhanced. 122
57 on predefined criteria that tackle deeply the VANET security such 5) Cryptographic approaches for security, privacy and non-traceability 123
58 as Centralized or decentralized, Privacy is preserved or not, Certi- assurance: starting with the key distribution, it is exclusive 124
59 fication Authority/RSU is used or not, support of routing protocol, to whom, the vehicle manufacturer or the government? For 125
60 Support of Cryptographic algorithm, Support of Group Formation, the key size, there are not a proposed key size, authentica- 126
61 Reporting to specific authority, Remote activation or deactivation, tion delays and specific protocols. How to deal with keys of 127
62 Data verification, Detection Rate. This comparison is between some short duration? How to remove keys? It may cause overhead. 128
63 selected solutions and their attacks. Those attacks and their solu- Method of switching certificates periodically for privacy assur- 129
64 tions are expanded in section 5. One can benefit from this table to ance is not defined yet. Also for non-traceability and privacy, 130
65 find a compromised solution among these different services. After more efficient method for partial pseudonym distribution and 131
66 presenting and analyzing the different solutions in VANET security, butterfly keys and linkage values are not employed yet. In ad- 132
66
65
64
63
62
61
60
59
58
57
56
55
54
53
52
51
50
49
48
47
46
45
44
43
42
41
40
39
38
37
36
35
34
33
32
31
30
29
28
27
26
25
24
23
22
21
20
19
18
17
16
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1

JID:VEHCOM AID:74 /REV

Table 6
Brief summary of some solutions for different attacks.

Solution Attack Centralized/ Privacy Certification Support of Support of Support of Reporting to Remote Data Detection
decentralized preserved of authority/RSU routing cryptographic group specific activation/ verification rate
a node or not used or not protocol algorithm formation authority deactivation
[28] Tracking centralized yes yes no yes no yes yes no good
[29] Tracking decentralized Yes, keep yes no Yes, using yes no no no -
node identity various
and location anonymous
private. keys using
ECCP

H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–•••

[31] Tracking decentralized Yes, using yes no yes yes Yes, to RSU no no Good, with
VIPER limitation as
protocol number of
vehicles
increase
[27] Tracking decentralized yes yes no yes yes no no no
[2] DoS decentralized yes yes Yes, apply yes no no no no good, but
SEAD or availability
ARIADNE remains
protocol major issue to
solve
[34] DoS decentralized yes yes no yes Yes Yes to yes no good
Misbehavior
authority
[3] Sybil decentralized no yes no yes no Yes to CA Use – good
geographic
TCRL
[42] Sybil decentralized yes yes no yes yes Yes to CA Using CRL – good
[50] Message decentralized yes yes Yes, OLSR yes yes Yes to – Yes, using good
Temparing neighboring similarity
algorithm
[26] Message decentralized yes yes no yes yes no – Yes, based on Good, limited
Temparing probabilistic to the
signature, it optimal key
detects the distribution
tampered method

[m5G; v1.199; Prn:31/01/2017; 10:49] P.11 (1-14)

messages
[45] Man in the decentralized Yes using Yes, RSU for no yes yes yes – – good
middle short-lived authentica-
keys changing tion and key
frequently distribution
[47] Man in the decentralized yes yes no Yes using PKC no no – – effective
middle
(continued on next page)

11
132
131
130
129
128
127
126
125
124
123
122
121
120
119
118
117
116
115
114
113
112
111
110
109
108
107
106
105
104
103
102
101
100
99
98
97
96
95
94
93
92
91
90
89
88
87
86
85
84
83
82
81
80
79
78
77
76
75
74
73
72
71
70
69
68
67
66
65
64
63
62
61
60
59
58
57
56
55
54
53
52
51
50
49
48
47
46
45
44
43
42
41
40
39
38
37
36
35
34
33
32
31
30
29
28
27
26
25
24
23
22
21
20
19
18
17
16
15
14
13
12
11
10
9
8
7
6
5
4
3
2
1

12
JID:VEHCOM
AID:74 /REV
Table 6 (continued)

Solution Attack Centralized/ Privacy Certification Support of Support of Support of Reporting to Remote Data Detection
decentralized preserved of authority/RSU routing cryptographic group specific activation/ verification rate
a node or not used or not protocol algorithm formation authority deactivation
[54] Spoofing decentralized yes yes no Yes, using yes Yes, TTP Yes, append no –

H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–•••

group key to the CRL.
management
system
[51] Spoofing centralized Yes, using Yes, CAs in no yes no To CA Using CRL no good
anonymous region and
keys changing each country
according to
driver speed
[25] Replay centralized yes yes no yes no yes yes Yes using good
sequence number
[2] Replay decentralized yes yes Yes, apply yes no no no no good
ARAN or
ARIADNE
protocol
[2] Routing decentralized yes yes Yes, apply yes no no no – good
ARAN, SEAD
or ARIADNE
protocol
[9] Routing decentralized yes yes Based on no no no no Limit travelled –
AODV distance, if
protocol threshold
surpassed, packet
is dropped
[33] Unauthorized centralized Yes, location yes no yes no no Broadcast yes –
access privacy CRL

[m5G; v1.199; Prn:31/01/2017; 10:49] P.12 (1-14)

[3] Unauthorized decentralized yes yes no yes no Yes, CA Broadcast – Into limits
access CRL
132
131
130
129
128
127
126
125
124
123
122
121
120
119
118
117
116
115
114
113
112
111
110
109
108
107
106
105
104
103
102
101
100
99
98
97
96
95
94
93
92
91
90
89
88
87
86
85
84
83
82
81
80
79
78
77
76
75
74
73
72
71
70
69
68
67
 JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.13 (1-14)
H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–••• 13

1 Table 7 [2] R.S. Raw, M. Kumar, N. Singh, Security challenges, issues and their solutions for 67
2 Open issues in VANET, communication modes and corresponding categories. VANET, Int. J. Netw. Secur. Appl. 5 (5) (September 2013). 68
3 [3] Gh. Samara, W.A.H. Al-Salihy, R. Sures, Security analysis of vehicular ad hoc 69
Open issue Communication Corresponding
networks (VANET), in: Second International Conference on Network Applica-
4 mode categories 70
tions Protocols and Services (NETAPPS), IEEE, 2010, pp. 55–60.
5 Trustworthiness evaluation V2V, V2I Wi-H&S-Si-I [4] M.N. Mejri, J. Ben-Othman, M. Hamdi, Survey on VANET security challenges 71
6 of nodes and misbehavior and possible cryptographic solutions, Veh. Commun. 1 (2014) 53–66, contents 72
7 detection available at ScienceDirect, www.elsevier.com/locate/vehcom. 73
Revocation process and V2V, V2I Wi-H&S-I [5] N.K. Chauley, Security analysis of vehicular ad hoc networks (VANETs): a com-
8 74
certificate revocation list prehensive study, Int. J. Netw. Secur. Appl. 10 (5) (2016) 261–274.
9 [6] B. Mokhtar, M. Azab, Survey on security issues in vehicular ad hoc networks, 75
management and
10 Alex. Eng. J. 54 (2015) 115–1126, available at www.elsevier.com/locate/aej. 76
distribution
11 [7] K. Lim, D. Manivannan, An efficient protocol for authenticated and secure mes- 77
Ability of the network to V2V H&S-I sage delivery in vehicular ad hoc networks, Veh. Commun. 4 (2016) 30–37.
12 78
self-organize via a high [8] R. van der Heijden, Security architectures in V2V and V2I communication, in:
13 mobile network 79
13th Twenty Student Conference on IT June 21st, Enschede, The Netherlands,
14 environment: 2010. 80
15 Data context trust and V2V, V2I Wi-H&S-Si [9] V. La Hoa, A. Cavalli, Security attacks and solutions in vehicular ad hoc net- 81
16 verification works: a survey, Int. J. Netw. Syst. 4 (2) (April 2014). 82
[10] A.Y. Dak, S. Yahya, M. Kassim, A literature survey on security challenges in
17 Cryptographic approaches V2I H&S-I 83
VANETs, Int. J. Comput. Theory Eng. 4 (6) (December 2012).
18 for security, privacy and 84
[11] R.K. Sakib, Security issues in vanet, in: Department of Electronics and Commu-
non-traceability assurance
19 nication Engineering, BRAC University, Dhaka, Bangladesh, 2010. 85
20 Anti-malware and Intrusion V2I Wi-H&S-I [12] W. Whyte, A. Weimerskirch, V. Kumar, T. Hehn, A security credential manage- 86
Detection System ment system for V2V communications, in: IEEE Vehicular Networking Confer-
21 87
ence, 2013.
22 [13] ETSI TS 102 731 V1.1.1-ITS-Security services and architectures. 88
23 dition to, using mobile IP or changing IP or MAC address by [14] K. Plößl, H. Federrath, A privacy aware and efficient security infrastructure for 89
24 vehicles for preventing traceability is still under study. vehicular ad hoc networks, Comput. Stand. Interfaces 30 (6) (2008) 390–397. 90
[15] M. Abuelela, S. Olariu, Kh. Ibrahim, A secure and privacy aware data dissem-
25 6) Anti-malware and Intrusion Detection System: Embedded anti- ination for the notification of traffic incidents, in: Proceedings of the IEEE
91
26 malware frameworks are still problematic issues in VANETs. Vehicular Technology Conference, Spring, Barcelona, April 2009.
92
27 It is a must to develop an intrusion detection mechanism to [16] H. Hasrouny, C. Bassil, A.E. Samhat, A. Laouiti, Group-based authentication in 93
28 enhance network security. V2V communications, in: DICTAP, Fifth International Conference, IEEE, 2015, 94
29 pp. 173–177. 95
[17] IEEE Trial-Use Standard for Wireless Access in Vehicular Environments: IEEE
30 In Table 7, we categorize the open issues mentioned above Std 1609.2™-2012.
96
31 based on which communication mode they hit (V2V, V2I or both) [18] ETSI TS 102 940 V1.1.1-ITS – Communications security architecture and security 97
32 and which of the following categories they concern: (1) Wireless management. 98
33 [19] https://ec.europa.eu/inea/en/connecting-europe-facility/cef-transport/projects- 99
interface (Wi), (2) Hardware and Software (H&S), (3) Sensors input
by-country/multi-country/2014-eu-ta-0669-s.
34 in vehicle (Si), (4) Infrastructure (I) (CA or vehicle manufacturer). 100
[20] https://www.sbdautomotive.com/en/intelligence-news.
35 All these issues push to find a Trade-off between security and [21] IEEE Trial-Use Standard for Wireless Access in Vehicular Environments: IEEE 101
36 efficiency from one side, and anonymity/trust/privacy from the Std 1609.2™-2006. 102
37 [22] ETSI TS 102 867 V1.1.1- Security-Mapping for IEEE 1609.2. 103
other side. Especially anonymity and adaptive privacy, where users
[23] M. Raya, A. Aziz, J.P. Hubaux, Efficient secure aggregation in VANETs, in: Pro-
38 are allowed to select their privacy level based on their own trust 104
ceedings of the 3rd International Workshop on Vehicular Ad Hoc Networks,
39 calculation over the others. 105
VANET ’06, 2006, pp. 67–75.
40 [24] M. Raya, J.P. Hubaux, The security of vehicular ad hoc networks, in: Proceed- 106
41 ings of the 3rd ACM Workshop on Security of Ad Hoc and Sensor Networks, 107
8. Conclusion
42 SASN’05, November 7, Alexandria, Virginia, USA, 2005, pp. 11–21. 108
[25] ETSI TR 102 893 V1.1.1- ITS- Security- Threat, Vulnerability and Risk Analysis.
43 109
Users want safety and security much more on the road as many [26] J. Guo, J.P. Baugh, Sh. Wang, A group signature based secure and privacy-
44 preserving vehicular communication framework, in: CD-ROM Proceedings of 110
people life end there, due to misbehaving and maliciously of oth-
45 the Mobile Networking for Vehicular Environments (MOVE) Workshop in Con- 111
ers. Overcoming these problems requires more efforts in the future
46 junction with IEEE INFOCOM, Alaska, May 2007. 112
to reach a secure VANET environment. This paper presented an [27] F.M. Salem, M.H. Ibrahim, I. Ibrahim, Non-interactive authentication scheme
47 113
extensive overview of the most of VANET security challenges and providing privacy among drivers in vehicle-to-vehicle networks, in: Sixth In-
48 ternational Conference on Networking and Services, 2010. 114
their causes as well as the existing solutions in a comprehensive
49 [28] ETSI TS 102 941 V1.1.1- ITS, Security- Trust and Privacy Management. 115
manner. We give the details of the recent security architectures
50 [29] R.G. Engoulou, M. Bellaïche, S. Pierre, A. Quintero, VANET security surveys, 116
and the well-known security standards and protocols. We focused Comput. Commun. 44 (2014) 1–13, journal homepage: www.elsevier.com/
51 117
on the classification of the different attacks known in the litera- locate/comcom.
52 118
ture and their solutions. Finally, we have specified certain research [30] B. Aslam, C.C. Zou, Distributed certificate architecture for VANETs, in: Military
53 Communications Conference, IEEE, 2009, pp. 1–7. 119
challenges and open questions which may be future research di-
54 [31] A. Rawat, S. Sharma, R. Sushil, VANET: security attacks and its possible solu- 120
rections. Thus enable VANET to efficiently implement a system for tions, J. Inf. Oper. Manag. 3 (1) (2012) 301–304.
55 121
trusting vehicles and protect it from any malicious node. [32] G. Calandriello, P. Papadimitratos, J.P. Hubaux, A. Lioy, Efficient and robust
56 122
pseudonymous authentication in VANET, in: Proceedings of the Fourth ACM
57 International Workshop on Vehicular Ad Hoc Networks, VANET ’07, 2007, 123
Uncited references
58 pp. 19–28. 124
59 [33] A. Dahiya, V. Sharma, A Survey on Securing User Authentication in Vehicular 125
60
[21] [53] [56] Ad Hoc Networks, 2009.
126
[34] H. Hasrouny, C. Bassil, A. Samhat, A. Laouiti, Security risk analysis of a trust
61 model for secure group leader-based communication in VANET, in: Second In- 127
62 References ternational Workshop on Vehicular Adhoc Networks for Smart Cities, IWVSC’, 128
63 2016. 129
64 [1] G. Karagiannis, O. Altintas, E. Ekici, G. Heijenk, B. Jarupan, K. Lin, T. Weil, Ve- [35] R. Engoulou, Securisation des vanets par reputation des nœuds, Thesis Report, 130
hicular networking: a survey and tutorial on requirements, architectures, chal- Ecole Polytechnique de Montreal, 2013.
65 131
lenges, standards and solutions, IEEE Commun. Surv. Tutor. 13 (4) (July 2011) [36] M.Ch. Chuang, J.F. Lee, TEAM: trust-extended authentication mechanism for ve-
66 584–616. hicular ad hoc networks, IEEE Syst. J. 8 (3) (2013). 132
 JID:VEHCOM AID:74 /REV [m5G; v1.199; Prn:31/01/2017; 10:49] P.14 (1-14)
14 H. Hasrouny et al. / Vehicular Communications ••• (••••) •••–•••

1 [37] M.S. Al-kahtani, Survey on security attacks in vehicular ad hoc networks [47] R. Raiya, Sh. Gandhi, Survey of various security techniques in VANET, Int. J. Adv. 67
2 (VANETs), in: 6th International Conference on Signal Processing and Commu- Res. Comput. Sci. Softw. Eng. 4 (6) (June 2014). 68
3 nication Systems (ICSPCS), IEEE, 2012, pp. 1–9. [48] N. Patel, R.H. Jhaveri, Trust Based Approaches for Secure Routing in VANET: 69
[38] A. Rao, A. Sangwan, A.A. Kherani, A. Varghese, B. Bellur, R. Shorey, Secure V2V A Survey, Elsevier, 2015, available online at www.sciencedirect.com, ICACTA.
4 70
communication with certificate revocations, in: IEEE Mobile Networking for Ve- [49] S. Zeadally, R. Hunt, Y.-S. Chen, A. Irwin, A. Hassan, Vehicular ad hoc networks
5 hicular Environments, 2007. (VANETs): status, results, and challenges, Telecommun. Syst. 50 (4) (2012) 71
6 [39] M. Raya, P. Papadimitratos, J.P. Hubaux, Securing vehicular communications, 217–241. 72
7 IEEE Wirel. Commun. 13 (5) (2006) 8–15. [50] P. Caballero-Gil, Security issues in VANET, available http://cdn.intechopen.com/ 73
8 [40] B. Xiao, B. Yu, C. Gao, Detection and localization of sybil nodes in VANETs, in: pdfs-wm/12879.pdf, 2011. 74
Proceedings of the 2006 Workshop on Dependability Issues in Wireless Ad Hoc [51] R. Rajadurai, N. Jayalakshmi, Vehicular network: properties, structure, chal-
9 75
Networks and Sensor Networks, ACM, 2006, pp. 1–8. lenges, attacks, solution for improving scalability and security, Int. J. Adv. Res.
10 [41] D. Singelee, B. Preneel, Location verification using secure distance bounding 1 (3) (March 2013), IJOAR.org. 76
11 protocols, in: IEEE International Conference on Mobile Adhoc and Sensor Sys- [52] J. Blum, A. Eskandarian, The threat of intelligent collisions, IT Prof. 6 (1) (2004) 77
12 tems, 2005, p. 7. 24–29. 78
[42] T. Zhou, R.R. Choudhury, P. Ning, K. Chakrabarty, P2DAP – sybil attacks detec- [53] S.S. Kaushik, Review of different approaches for privacy scheme in VANETs, Int.
13 79
tion in vehicular ad hoc networks, IEEE J. Sel. Areas Commun. 29 (3) (March J. Adv. Eng. Technol. (ISSN 2231-1963) 5 (2) (2012).
14 2011). [54] V. Vèque, C. Johnen, Hiérarchisation dans les réseaux ad hoc de véhicules, in: 80
15 [43] G. Yan, S. Olaruis, M. Weigle, Use of infrastructure in VANETs, Comput. Com- UBIMOB, Bayonne, France. CEPADUES, 2012, pp. 45–52. 81
16 mun. 12 (2008) 2883–2897. [55] P. Fan, J.G. Haran, J. Dillenburg, P.C. Nelson, Cluster-based framework in vehic- 82
17 [44] D. Kushwaha, P.K. Shukla, R. Baraskar, A survey on sybil attack in vehicular ular ad-hoc networks, in: 4th International Conference, ADHOC-NOW, Proceed- 83
ad-hoc network, Int. J. Comput. Appl. 98 (15) (July 2014). ings, 2005, pp. 32–42.
18 84
[45] L. Song, Q. Han, J. Liu, Investigate key management and authentication models [56] A.M. Malla, R.K. Sahu, A review on vehicle to vehicle communication protocols
19 in VANETs, in: IEEE International Conference on Electronics, Communications in VANETs, Int. J. Adv. Res. Comput. Sci. Softw. Eng. 3 (2) (February 2013). 85
20 and Control (ICECC), 2011. [57] A.M. Malla, R.K. Sahu, Security attacks with an effective solution for Dos attacks 86
21 [46] Ch.D. Jung, Ch. Sur, Y. Park, K.H. Rhee, A robust conditional privacy-preserving in VANET, Int. J. Comput. Appl. (ISSN 0975-8887) 66 (22) (2013). 87
authentication protocol in VANET, in: First International ICST Conference, Mo- [58] L. He, W.T. Zhu Mitigating, Dos attacks against signature-based authentication
22 88
biSec, Italy, June 2009, pp. 35–45. in VANETs, IEEE Int. Conf. Comput. Sci. Automat. Eng. (CSAE) 3 (2012) 261–265.
23 89
24 90
25 91
26 92
27 93
28 94
29 95
30 96
31 97
32 98
33 99
34 100
35 101
36 102
37 103
38 104
39 105
40 106
41 107
42 108
43 109
44 110
45 111
46 112
47 113
48 114
49 115
50 116
51 117
52 118
53 119
54 120
55 121
56 122
57 123
58 124
59 125
60 126
61 127
62 128
63 129
64 130
65 131
66 132