Classes of Attacks in VANET Irshad Ahmed Sumra,Iftikhar Ahmad, Halabi Hasbullah Computer and Information Sciences Department Universiti Teknologi PETRONAS Bandar Seri Iskandar 31750, Tronoh, Perak, Malaysia.
[email protected],
[email protected] [email protected] Abstract— Last few years, vehicular network has been taken more attention of researchers and automotive industries due to life saving factor. Vehicular Ad hoc Network (VANET) needs security to implement the wireless environment and serves users with safety and non safety applications. Attackers generate different attacks in this life saving vehicular network. In this paper, we propose five different classes of attacks and every class is expected to provide better perspective for the VANET security. The main contribution of this paper is the proposed solution for classification and identification of different attacks in VANET. Keywords - Vehicular Ad hoc Network (VANET), safety and non safety application, attackers, attacks, Security, classes;
I.
INTRODUCTION
Today major concern is to provide safety of users and safe their lives in road accidents. Safety and non safety potential applications of VANET are to ensure the safety of human life on the road. Security is the main concern of these applications where a wrong message (due to insecure environment) may directly affect the human lives. Dedicated Short Range Communication (DSRC) is used as communication medium and it operates on 5.9GHz frequency band. DSRC is based on IEEE 802.11a standard and IEEE 1609 working group is being standardized as IEEE802.11p for special vehicular communication [1]. Seven channels are provided for safety and non safety applications with 10 MHz bandwidth. DSRC typically provides 6 to 27 Mbps data rate over 1000m communication range [2]. Safety and non safety messages are forwarded between the Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I) on this communication medium. Due to the short range of communication wireless medium, cooperation between the vehicles is essential to communicate with each other [3]. Attacker creates problems in the network using DSRC by launching some attacks. Maxim Raya et.al [4] described the attacker model. Insider, malicious, active, and local is some example of serious level attacks. Types of attacks can be different depending on the behaviour of attackers. Our focus point is too safe the communication medium by controlling attackers. Active and passive safety applications [5] are used to provide safety to users. The role of active safety is high and it sends warning messages to other vehicles. If attackers change these messages then accidents become a part of the network and users’ life can be on risk.
Jamalul-lail bin Ab Manan Advanced Information Security Cluster MIMOS Berhad Technology Park Malaysia Kuala Lumpur, Malaysia
[email protected]
This paper is divided into four sections; Section II describes the properties of attackers. Section III proposed different types of attacks classes for VANET. In Section IV explains the different classes of attacks and show the process in V2V and V2I communication and section IV concludes the paper. II.
PROPERTIES OF ATTACKERS
Attacker create problem in the network by getting full access of communication medium DSRC. Here we are discussing some properties and capability of the attackers which has been mentioned in studies [5]. Insider This type of attackers who is an authentic user of the network and have detail knowledge of network. Insider attacker might have access to insider knowledge and this knowledge will be used for understanding the design and configuration of network. When they have all information about the configuration then it’s easy for them to launch attacks and create more problem as compare to outsider attacker. It can create problem in the network by changing the certificate keys. We can simply say that insider attacker is the right man doing the wrong job in the network. Outsider The outsider attacker is considered as an authentic user of the network. It is a kind of intruder which aims to misuse the protocols of the network and the range of such attacks are limited. Outsider attacker also has a limited diversity for launching different kind of attacks as compare to insider attacker.
Coverage area Coverage area is the main property of attacker when they launch any kind of attacks. Attacker could cover the main area of road, and it depends on the nature of the attacks. Basic level attacker has controlled one DSRC channels and covers the range of at most 1000 meters but the extended level attackers are more organized and cover more area using of hundred DSRC channels. Technical Expertise Technical expertise of the attacker makes them stronger for creating attacks in the network. It is difficult for attacker to mount attacks on cryptographic algorithms. Chance is low for attacker to compromise the infrastructure network and data capture from restricted area of network. Attacker having ability to extracts the program code and secret keys of the
computing platform of OBU and RSU by launching physical attacks. Resources Budget, manpower and tools are the three main key resources and attackers depend on it to achieve their goals. Need budget to borrow technical expert and spend time to understand the configuration of specific network and then disturb network with launching of different kind of attacks. Attacker can use different kind of tools for launching attacks. These software tools can develop by own self or buy from the market. Many business parties make setup their business nears the road and provide non safety application services (Internet, entertainment services). One business party can be used their own maximum resources to create problems for other parties and destroy their business with different kind of attacks. III.
attacks in vehicular network. In DOS attack, attacker jams the main communication medium and network is no more available to legitimate users [4]. The main aim of DOS attacker is to prevent the authentic users to access the network services [7]. Fig. 2 shows the whole scenario when the attacker A launches DOS attack in vehicular network and Jams the whole communication medium between V2V and V2I. As a result, authentic users (B, C, and D) can not communicate with each other as well as with infrastructure [8].
TOC RSU
PROPOSED CLASSES OF ATTACKS
Attacker’s role is important in vehicular network due to launching different type of attacks. The objective of attackers is to create problems for other users of the network by changing the contents type of messages. Researchers have been described different types of attacks in their studies [4, 6, 7, and 8]. In addition to it, we propose five different types of classes for attacks. Each class describes different types of attacks, their threat level, and attacks priority. Along with this model, we also propose some new attacks. The aim of this model is to easily identity these attacks and their association to respective class. Fig. 1 shows the proposed classes for attacks.
A
B
C
D
Figure 2. DOS Attacks between V2V and V2I
2) Distributed Denial of service (DDOS) Attack DDOS attacks are more severe in the vehicular environment because the mechanism of the attack is in distributed manner. In this case attackers launch attacks from different locations. They may use different time slots for sending the messages. Nature of the messages and time slot may be varied from vehicle to vehicle of the attackers. The aim of the attacks is same i.e. to down the network. Fig. 3 explains the vehicle to vehicle (V2V) DDOS attack scenario in which attackers (B, C, D) launches DDOS on vehicle A. A
B
E
Figure 1. Proposed Classes of Attacks
A. First Class: Network Attack Vehicular node and infrastructure are the main components of VANET. At this class, attackers can directly affect other vehicles and infrastructure. These attacks are of high priority because these affect the whole network. The main objective of these attacks is to create problem for legitimate users of network. All those attacks will be considered in this class who directly effective the communication of the network. J.T. Isaac et.al [9] mentioned list of attacks in vehicular network. Malicious vehicle, Brute force attack, misbehaving and faulty nodes, malicious users, and malicious nodes. Some of the attacks are mentioned below. 1) Denial of service (DOS) Attack The availability of network is very important in vehicular network environment where all users rely on the network. Denial of Service (DOS) is one of the most serious level
C
D
Figure 3. DDOS in vehicle to vehicle communication
a) Fig. 4 explain DDOS attack for infrastrcuture where three attackers (B,C,D) in the network and launch attacks on the infrastructure from different locations. When other vehicles (A,E) in the network want to access the network then the infrastructure is overloaded.
TOC RSU
A
C
B D
E
Figure 4. DDOS in vehicle to infrastructure communication
3) Sybil Attack Sybil attack [10] so belongs to the first class. In Sybil attack, the attacker sends multiple messages to other vehicles and each message contains different fabricated source identity (ID). It provides illusion to other vehicle by sending some wrong messages like traffic jam message [3, 4]. Fig 5 explains Sybil attack in which the attacker creates multiple vehicles on the road with same identity. The objective is to enforce other vehicles on the road to leave the road for the benefits of the attacker.
used in V2V or V2I communication are [11] Blind Spot, Post Crash, Breakdown, Work Zone, Curve Speed, Lane Change, Rail Collision, Wrong way driver, Stop Sign Violation, Intersection Collision, Cooperative Collision, Traffic Signal Violation, Emergency Vehicle at Scene, Emergency Vehicle Approaching and Infrastructure Based Road Condition Warning. Work Zone Warning:!!!
Work in Progress Plz!use Alt. route
Road is Clear:!!!
B
A
D
C
Figure 7. Safety Application Attack Figure 5. Sybil Attack
4) Node Impersonation Attack Each vehicle has a unique identifier in VANET and it is used to verify the message whenever an accident happens by sending wrong messages to other vehicles [4, 9, and 10]. Fig 6 explains this scenario in which vehicle A involves in the accident at location Z. When police identify the driver as it is associated with driver’s identity, attacker changes his/her identity and simply refuses it.
Non safety application is related to users’ comfort during their journey. These applications do not disturb safety applications. The role of non safety applications is to comfort the passengers and to improve the traffic system. Car parking is one of the major non safety applications; Road Side Unit (RSU) provides information about the availability of parking in shopping mall and sport complex. Fig 8 explain this attack, authentic user A receive information “Parking Slot available” from road side unit (RSU) near the shopping mall. So he sends this message to other vehicle B. This vehicle B actually attacker vehicle who receive this message. Now attacker alters this message “No empty parking slot” and passes this message to other vehicle C. Entertainment, Toll Collection, Map Download, Restaurant Finding, Gas Station Finding, Parking Availability, Shopping Mall Finding Services are some services that are considered into non safety applications [12]. Shopping MALL
Figure 6. Node Impersonation Attack
B. Second Class: Application Attack (AP) Safety and non safety are two types of potential vehicular applications. At this class the main concern of the attacker is to change content of these applications and use it for their own benefits. Importance of safety applications is greater; it is provided warning messages to other users. The attackers change the content of the actual message and send wrong or fake messages to other vehicle which causes accident. Bogus information attack [4] is one of the attack examples, in which attacker send wrong information to the network and these wrong messages directly affect the behavior of users on the road. Warning messages is important messages that are use in safety applications. It is very serious condition on the road if attackers change the warning messages, many accidents are occurred on road. By using of security mechanism to avoid such attacks, to ensure the truthfulness of the message. Fig. 7 shows the example in which attacker B launches the attack on safety application. Attacker B receives one warning message “Work Zone Warning” from near by vehicle. So he changes the content of the message and sends this message “Road is Clear” to other vehicle C. The important warning messages
RSU
A D
No empty Parking Slot:!!
Parking Slot Available!!!
B
C E
Figure 8. Non Safety Application Attack
C. Third Class: Timing Attack This is new type of attack in which attacker’s main objective is to add some time slot in original message and create delay in original message. Attackers do not disturb the other content of message, only create delay in the message and these messages are received after it requires time. Safety application is a time critical applications, if delay occurred in these applications then main objective of the application are finished. Fig.9 shows the complete scenario of the timing attack, in which attacker C receive warning message (Warning! Accident at location Y) from other vehicle B and then pass this message to other vehicle D by adds some time. Whenever other vehicle D of the network receive this message when accident actually occurred.
Warning:!!! Accident at location Y.
Warning:!!! Accident at location Y.
C
D
B
A
Figure 9. Timing Attack
D. Forth Class: Social Attack All unmoral messages (Social Attack) are lie on this class. It is kind of emotional and social attack. Purpose of these kinds of messages is to indirectly create problem in the network. Legitimate users show angry behavior when they receive such kind of messages. This is actually attacker wants by launching such attack. Fig. 10 explain this condition, attacker B passes this message “You are Idiot” to near by vehicle C. When user receives this message is directly affect his driving behavior by increasing the speed of his/her vehicle. This entire thing is indirectly disturb the other user in the network.
Figure 11. Attacks Process Mechanism
Steps The attacker 1.
Launches first class attack to other vehicle in the network. Sybil attack is the example of this attack.
2.
Also launches first class attack to infrastructure. DOS attack is an example of such attacks.
3.
Receives safety message from other vehicle.
4.
Receives safety message from infrastructure.
5.
Alters the content of the message and passes this message to other vehicle.
6.
Forwards wrong message to infrastructure.
7.
Launches timing attacks to other vehicle.
8.
Launches some social attack to near by vehicle.
9.
Monitors the communication between the vehicles or infrastructure and achieves his/her benefit.
Hello:!!! You are Idiot !!!!
A
B
D
C
E
Figure 10. Social Attack
E. Fifth Class: Monitoring Attack Monitoring and tracking of the vehicles attacks [9] are lying in this class. In monitoring attack, the attacker just monitor the whole network, listen the communication between V2V and V2I. If they find any related information then pass this information to concern person. For example police are plan to perform some operation against criminal and they communicate each other and guide about the exist location of the operation. Attacker listen all communication and informed the criminal about the police operation. Every vehicle has its own unique ID and attacker disclose the identity of other vehicles in the network. Using of these unique ID, the attacker track the existing location of required vehicle. Global observer monitors the target vehicle and sends virus to neighbor of the target [4]. When neighbor is affected then they take data of target vehicle. Rental Car companies are using this ID and track the location of their own vehicles. ID discloses attack is related to user privacy, attacker easily track user location in a specific region [9, 14]. IV.
We propose the solution that provides information about the attack whenever the attacker launches it (see Fig. 13). Whenever the attacker launches any kind of attack, our proposed solution identifies the attack and also mentions that this attack belongs to which class of the proposed classes. There are two possible cases; in first case, the attacker generates attack (DOS attack, Sybil attack) inside the vehicle by using of his/her database and sends the attack in the network. In second case, the attacker receives message (safety or non safety) from OBU and work on that message (alter the message) and sends to the network.
ATTACKS PROCESS MECHANISM
In this process, we explain in detail the different attacks and communication between the authentic VANET user and attacker. The detailed steps are as follow: Figure 12. Process to identify Attacks with respect to attacks classes
Table 1 explains the different type of attacks with its time slot and respective classes. On the bases of messages, the attacks and respective classes are identified. The attacker travels from source to destination and launches all types of attack with different time slot. The attacker’s behavior and time slot for launching attacks may vary, it is not static.
[5] [6]
[7] [8]
TABLE I.
ATTACK CLASSES WITH DIFFERENT TIME SLOT [9]
[10] [11]
[12]
[13]
[14]
V.
CONCLUSION
Users require safety on road in future vehicular network and it could be possible by implementing VANET applications. Vehicular applications must be secured; if attackers change the content of safety applications then users are directly affected. Attackers change their attacking behavior and they launch different attacks at different time. We expect that the proposed attacks classes may helpful to identify attacks and understand attackers. It is difficult to control attackers but in future work we will develop such system to identify attacks in network with respect to some specific class of attack. Implementation could be easy of this future human life saving network if we control attackers and their attacks. ACKNOWLEDGMENT
This work is funded by Universiti Teknologi PETRONAS Postgraduate Assistantship Scheme. REFERENCES [1]
[2]
[3] [4]
D.Jiang,V.Taliwal, A.Meier, W.Holfelder and R.Herrtwich,"Design of 5.9GHz DSRC based vehicular safety communication", IEEE Wireless Communication Magazine,Vol.13,No.05,Nov 2006,pp:36-43. SU. Rahman,H.Falaki, ”Security & Privacy for DSRC-based automotiveCollisionReporting”,www.cs.ucla.edu/falaki/courses/security project.pdf. G. Guette,B.Ducourthial,"On the sybil attack detection in VANET", Laboratoire Heudiasyc UMR CNRS 6599,France. M. Raya, J. Pierre, Hubaux,”Securing vehicular ad hoc Networks” Journal of Computer Security,vol.15, january 2007, pp: 39-68.
A.Weimerskirch,J.J Haas,Y.C.Hu,K.P.Laberteaux,”Data security in vehicular communication networks”,chapter no.09, pp309-310. J. Cheambe, J. J. Tchouto, M. Gerlach “Security in Active Safety Applications” 2nd International workshop on Intelligent Transportation (WIT) 2005, Germany. B. Parno and A. Perrig, “Challenges in Securing Vehicular Networks,”, Hot Topics in Networks (HotNets-IV), 2005. I.Ahmed Soomro, H.B.Hasbullah,J.lb.Ab Manan,”Denial of Service (DOS) Attack and Its Possible Solutions in VANET”,WASET issue 65, april 2010 ISSN 2070-3724. J.T.Isaac,S.Zeadally,J.S.Camara,”Security attacks and solution for vehicular ad hoc networks”, IET communication 2010,vol. 4,Iss 7, pp.894-903. J. Douceur,”The sybil Attack”, First international workshop on peer to peer(P2P) system,march 2002,pp:251-260. T. Leinmuller, E. Schoch, F. Kargl, C. Maihofer, “Improved security in Geographic ad hoc routing through autonomous Position Verification”, ULM University. I.Ahmed Soomro, H.B.Hasbullah,J.lb.Ab Manan,"User requirements model for vehicular ad hoc network applications",International Symposium on Information Technology 2010 (ITSim 2010), Malaysia. M. Raya, P. Papadimitratos, J.P. Hubaux,” Secure vehicular communications”,IEEE Wireless Communication Magazine,specail issue on inter-vehicular communication, Oct 2006. G. Guett, C. Bryce,” Using TPMs to Secure Vehicular Ad-Hoc Networks (VANETs)” IFIP 2008, WISTP 2008, LNCS 5019, pp.106116.
