SECURITY
Among all
the challenges of the VANET, security got less attention so far. VANET packets
contains life critical information hence it is necessary to make sure that these
packets are not inserted or modified by the attacker; likewise the liability of
drivers should also be established that they inform the traffic environment
correctly and within time. These security problems do not similar to general
communication network. The size of network, mobility, geographic relevancy etc
makes the implementation difficult and distinct from other network security.
Security Challenges in VANET
The
challenges of security must be considered during the design of VANET
architecture, security protocols, cryptographic algorithm etc. The following
list presents some security challenges:
Real time Constraint: VANET is
time critical where safety related message should be delivered with 100ms transmission delay. So to achieve real time
constraint, fast cryptographic algorithm should be used. Message and entity
authentication must be done in time.
Data Consistency Liability: In VANET
even authenticate node can perform malicious activities that can cause accidents or disturb the network. Hence
a mechanism should be designed to avoid this inconsistency. Correlation among
the received data from different node on particular information may avoid this
type of inconsistency.
Low tolerance for error: Some
protocols are designed on the basis of probability. VANET uses life critical information on which action is performed in
very short time. A small error in probabilistic algorithm may cause harm.
Key Distribution: All the
security mechanisms implemented in VANET dependent on keys. Each message is encrypted and need to decrypt at receiver end
either with same key or different key. Also different manufacturer can install
keys in different ways and in public key infrastructure trust on CA become
major issue. Therefore distribution of keys among vehicles is a major challenge
in designing a security protocols.
Incentives: Manufactures are interested to
build applications that consumer likes most. Very few consumers will agree with a vehicle which automatically
reports any traffic rule violation. Hence successful deployment of vehicular
networks will require incentives for vehicle manufacturers, consumers and the
government is a challenge to implement security in VANET.
High Mobility: The computational capability and
energy supply in VANET is same as the wired
network node but the high mobility of VANET nodes requires the less execution
time of security protocols for same throughput that wired network produces.
Hence the design of security protocols must use the approaches to reduce the
execution time. Two approaches can be implementing to meet this requirement.
Low complexity security algorithms: Current
security protocols such as SSL/TLS, DTLS,
WTLS, generally uses RSA based public key cryptography. RSA algorithm uses
the integer factorisation on large prime no. which is NP-Hard. Hence decryption
of the message that used RSA algorithm becomes very complex and time consuming.
Hence there is need to implement alternate cryptographic algorithm like
Elliptic curve cryptosystems and lattice based cryptosystems. For bulk data
encryption AES can be used.
Transport protocol choice: To secure
transaction over IP, DTLS should be preferred over TLS as DTLS operates over connectionless transport layer. IPSec
which secures IP traffic should be avoided as it requires too many messages to
set up. However IPSec and TLS can be used when vehicles are not in motion.
Security requirements in VANET
VANET
must satisfy some security requirements before they are deployed. A security
system in VANET should satisfy the following requirements:
Authentication: Authentication ensures that the
message is generated by the legitimate user. In VANET a vehicle reacts upon the information came from the other
vehicle hence authentication must be satisfied.
Availability: Availability requires that the
information must be available to the legitimate users. DoS Attacks can bring down the network and hence
information cannot be shared.
Non-Repudiation: Non-repudiation means a node
cannot deny that he/she does not transmit
the message. It may be crucial to determine the correct sequence in crash
reconstruction.
Privacy: The privacy of a node against the
unauthorised node should be guaranteed. This is required to eliminate the massage delay attacks.
Data Verification: A regular
verification of data is required to eliminate the false messaging.
Attackers on Vehicular Network
To secure
the VANET, first we have to discover who are the attacker, their nature, and
capacity to damage the system. On the basis of capacity these attackers may be
three type •
Insider and Outsider: Insiders
are the authenticated members of network whereas Outsiders are the intruders and hence limited capacity to attack.
Malicious and Rational: Malicious
attackers have not any personal benefit to attack; they just harm the functionality of the network.
Rational attackers have the personal profit hence they are predictable.
Active and Passive: Active
attackers generate signals or packet whereas passive attackers only
sense the
network.
Attacks in the VANET
To get
better protection from attackers we must have the knowledge about the attacks
in VANET against security requirements. Attacks on different security
requirement are given below:
Impersonate: In impersonate attack attacker
assumes the identity and privileges of an
authorised node, either to make use of network resources that may not be
available to it under normal circumstances, or to disrupt the normal
functioning of the network. This type of attack is performed by active
attackers.
They may
be insider or outsiders. This attack is multilayer attack means attacker can
exploit either network layer, application layer or transport layer
vulnerability. This attack can be performed in two ways: a) False attribute
possession: In this scheme an attacker steals some property of legitimate user
and later with the use of attribute claims that it is who (legitimate user)
that sent this message. By using this type attack a normal vehicle can claim
that he/she is a police or fire protector to free the traffic. b) Sybil: In this
type of attack, an attacker use different identities at the same time.
Session hijacking: Most
authentication process is done at the start of the session. Hence it is easy to hijack the session after
connection establishment. In this attack attackers take control of session
between nodes.
Identity revealing: Generally
a driver is itself owner of the vehicles hence getting owner‘s identity can put the privacy at risk.
Location Tracking: The
location of a given moment or the path followed along a period of time can be used to trace the vehicle
and get information of driver.
Repudiation: The main threat in repudiation is
denial or attempt to denial by a node involved in communication. This is different from the impersonate attack.
In this attack two or more entity has common identity hence it is easy to get
indistinguishable and hence they can be repudiated.
Eavesdropping: Eavesdropping is a most common
attack on confidentiality. This attack is
belongs to network layer attack and passive in nature. The main goal of
this attack is to get access of confidential data. • Denial of Service: DoS
attacks are most prominent attack in this category. In this attack attacker
prevents the legitimate user to use the service from the victim node. DoS
attacks can be carried out in many ways.
a)
Jamming: In this
technique the attacker senses the physical channel and gets the information about the frequency at
which the receiver receives the signal. Then he transmits the signal on the
channel so that channel is jam.
b) SYN Flooding: In this mechanism large no of SYN
request is sent to the victim node, spoofing
the sender address. The victim node send back the SYN-ACK to the spoofed
address
but
victim node does not get any ACK packet in return. This result too half opens
connection to handle by a victim node‘s buffer. As a consequence the legitimate
request is discarded.
c) Distributed DoS attack: This is
another form Dos attack. In this attack, multiple attackers attack the victim node and prevents legitimate user from accessing
the service.
Routing attack: Routing attacks re the attacks
which exploits the vulnerability of network
layer routing protocols. In this type of attack the attacker either drops
the packet or disturbs the routing process of the network. Following are the
most common routing attacks in the VANET:
a) Black Hole attack: In this
type of attack, the attacker firstly attracts the nodes to transmit the packet through itself. It can be
done by continuous sending the malicious route reply with fresh route and low hop
count. After attracting the node, when the packet is forwarded through this
node, it silently drops the packet.
b)
Worm Hole
attack: In this attack, an adversary receives packets at one point in the network, tunnels them to another point
in the network, and then replays them into the network from that point. This
tunnel between two adversaries are called wormhole. It can be established
through a single long-range wireless link or a wired link between the two
adversaries. Hence it is simple for the adversary to make the tunnelled packet
arrive sooner than other packets transmitted over a normal multi-hop route.
c)
Gray Hole
attack: This is the extension of black hole attack. In this type of attack the malicious node behaves like the black
node attack but it drops the packet selectively. This selection can be of two
type:
i) A
malicious node can drop the packet of UDP whereas the TCP packet will be
forwarded.
ii) The
malicious node can drop the packet on the basis of probabilistic distribution.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.