Effects of Attackers and Attacks on Availability ... - IEEE Xplore

Effects of Attackers and Attacks on Availability Requirement in Vehicular Network: A Survey Irshad Ahmed Sumra, Halabi Bin Hasbullah

Jamalul-lail bin AbManan

Computer and Information Sciences Department Universiti Teknologi PETRONAS Bandar Seri Iskandar, 31750,Tronoh, Perak, Malaysia. [email protected], [email protected]

Advanced Information Security Cluster MIMOS Berhad,Technology Park Malaysia Kuala Lumpur, Malaysia. [email protected]

Abstract — Availability is one of the key security requirements in vehicular network. The purpose of vehicular network is to serve the user with its potential applications, but this purpose is to fulfill only when networks are available to the end users. Due to open nature of wireless medium, the attackers can affect the vehicular environment. In this paper, we are providing a survey on the attackers and all possible attacks on the availability requirement of vehicular network. The main aim of this study is to describe the threat levels of all possible attacks on the availability. It has been investigated that each level has its own priorities. Threats levels and its priorities will be useful to understand the behavior of attackers and attacks in the vehicular network. Keywords — Security requirements, Application, Attackers, Attacks, Threats levels.

I.

INTRODUCTION

Exchange information is one of the key features for vehicular network to ensure safety of users on road. Dedicated Short Range Communication (DSRC) is used to communicate between different users and makes their journey more secure and enjoyable. DSRC operates on 5.9GHz frequency band and it is based on IEEE 802.11a standard and IEEE 1609 working group is being standardized as IEEE 802.11p for special vehicular communication [1]. Security of this life safety network is one of the key important factors for its successful implementation in real life. User, vehicle and road side units (RSU) are some of the major entities of vehicular network and they are performing their task accurately and will contribute to achieve one principal goal of this network. Objective of attacker is to create problems for user, using of safety and nonsafety applications [2]. If applications meet the security requirements then it would be difficult to achieve the attackers’ objective. Attacker is an important entity in a vehicular network and it is necessary to analyze its behavior for secure communication in network. Attacker and attacks are most important factor to change the behavior of whole communication network. It is very difficult to attacker/faulty node in network because it is very dynamic topology network and speed of the node is also high, so in this environment we should make analysis of attackers and their perspective attacks. Nodes joining and 978-1-4799-0059-6/13/$31.00 ©2014 IEEE

leaving in vehicular network and this makes scenario more difficult to find faulty node from such network [3]. VANET should be secure and make possibilities to meet the security requirements by minimizing the role of attacker and their attacks so the users take advantages of its safety and non-safety applications. This paper is divided into three sections; Section II describes the availability requirements in VANET. Section III describes the attacker and some possible attacks on availability in vehicular network and section IV enlightens the conclusion and future work. II.

AVAILABILITY REQUIREMENT IN VANET

Availability is one of the hot research topics in vehicular communication. The purpose of a vehicular network is to serve the users. But if the network is not available for communication then the main goal of the network has become useless. If an accident happens in location X and the user sends this information to another vehicle but the channel is not available due to a DoS attack, this makes availability of network a significant factor. Another example would be, if a user wants to use a service from an infrastructure such as downloading multimedia files from an RSU but because of the attack the user’s receiving network is not available for this service; this becomes an inconvenience for the user. For example, the accident happened on location X and vehicle user A send this information to other user C but, it could be not possible due to DoS attack and medium is not available to authentic user for sending security information to other user of the network. In this same network user B want to communicate with RSU, but it is not possible and network is not accessible to user B for communication with RSU. Fig.1 explains the whole situation.

Fig. 1. Network not available due to Attack

It is the expected time needed to repair the system from the failure and how long the user will be unavailable to access the network. First, the problem should be diagnosed to find out the reasons for the failure. If a user constantly cannot access the network then the particular reasons for this problem must be found. The problem could be any technical reason or any attacks and network should be available for user on 24/7. When the MTTR goes up then availability goes down [4]. Table I shows the importance of availability requirements with safety applications [5]. TABLE.I. SECURITY REQUIREMENTS WITH SAFETY APPLICATIONS [5]

III.

ATTACKERS AND ATTACKS ON AVAILABILITY IN VANET

The behavior of the network and attacker are the most important factors affecting the vehicular environment. Both of these behaviors are interrelated with each other. The dynamic topology of a vehicular network shows the positive behavior of entities within network. An attacker creates and generates the negative behavior of the network i.e. if an attacker launches any attack then the behavior of the network will be changed negatively. So first we should describe the properties of attacker [3], which perform DoS attack in network, the detail is given below. So now we can discuss in detail the attacks on availability of the vehicular network. Fig.2 provides the detail description of all types of attackers and possible attacks related to the availability requirements in vehicular network. Here we are discussing all types of attackers and possible attacks on availability in vehicular network [3, 6 and 7].

a) Malicious Attacker: Malicious Attacker could potentially be an active attacker and launch different attacks that can be of high intensity. They can create problems for other users of the network through jamming the communication medium at any critical moment. b) Active Attacker: Active attackers work in two dimensions while they create trouble in the network. These dimensions are described here. • Some packets are generated and sent to other VANET vehicles and also to the roadside infrastructure. • Signals are generated and sent in network in a way that disturbs the main frequency band. c) Local Attacker: This type of attack is often limited in its scope and effect, as the attackers can only control the VANET vehicles or its infrastructure (RSU) locally. Only a localized area is affected by an attack such as this and other entities of the network are not bothered. d) Passive Attacker: This is a form of a violation of a user’s privacy on the road. The goal of passive attackers is only to listen in on the communication taking place among the vehicles or with the RSU in the wireless medium of the network. e) Insider attacker: This type of attack is an authentic user of the network who can create problems in the network by changing the certificate keys. An insider attacker might have access to insider knowledge and this knowledge will be used for understanding the design and configuration of the network. f) Outsider Attacker: The outsider attacker is considered as an authentic vehicle of the network and it is a kind of intruder which aims to misuse the protocols of the network. The range of outsider attacker is limited and as compared to the insider attacker, it has a limited diversity for launching different kinds of attacks in network. A- Denial of Services (DoS) Attack A DoS attack is one of the key attacks in relation to the availability of the network. Channel jamming in wireless environments is also part of this attack and the objective of the attacker is to prevent the authentic vehicles from accessing the network services. The attack may jam the whole channel or may create some problems directly or indirectly to utilize the resources of the networks and system so they are no longer available to legitimate users. In a vehicular network, it is a very serious condition on the road when the channel becomes jammed and vehicles cannot communicate with each other. The system should be seamless so that life critical information reaches to users in time. The following are three possible ways to represent the behavior of attackers in order to achieve the DoS attacks in the vehicular environment [8]. ¾

Fig. 2. Attackers and Attacks on availability in VANET

Drop Communication Packets: It is also called network DoS attack, selfish node or malicious node drop communication packets in network. This is also one of the aspects related to behavior of an attacker in which an attacker just drops the packets; the purpose of this is to ensure that users do not perform any type of communication in the network and Fig.3 show the dos attack in network.

communication channel between the vehicles and the RSU. At the same time other vehicles want to communicate with the RSU but it is not possible due to network breakdown.

RSU A

X

A

D

RSU

C

B

RSU Jam Area X

Fig. 3. DoS Attack in V2V and V2R

¾

Network Overloaded /Overwhelm Network Resources: The goal of an attacker is to overwhelm the vehicle’s resources so that the vehicle cannot perform other necessary tasks. The vehicle network access signals becomes continuously busy and utilizes all it resources to verify the messages. Fig. 4 explains the DoS attacks in cases of vehicle to vehicle (V2V) and vehicle to RSU (V2R) in which an attacker X sends a warning message “Accident at location Y” to the other vehicle B (victim), and vehicle B just receives this message and after this, the message is shown continuously and it keeps the vehicle’s network busy using all the resources of the vehicle until the user stops the vehicle. In the next time slot, the attacker launches an attack on the Road Side Unit (RSU) and the RSU is continuously busy verifying the received message; consequently, when another vehicle on the road wants to communicate with the RSU, it can’t because the RSU is still busy with the attacker’s message.

D Jam Area

A

B

C

Fig. 5. DoS Attack in V2V and V2R

B- Distributed Denial of Service (DDoS) Attack A DoS attack is severe in vehicular environment but a DDoS attack is even more severe because the mechanism of the attack in it is in a distributed manner. In this case, attackers launch attacks from different locations. They may use different time slots for sending the messages. The nature of the messages and time slots may be varied from vehicle to vehicle of the attackers. The aim of the attacks is the same i.e. to shut down the network. Fig. 6 explains the scenario in which a group of attackers (C, D, G) launches a DDoS attack on vehicle F. After some time, the victim vehicle F cannot communicate with other vehicles in the network.

Warning Message Accident at location Y::::

E

F

G

RSU A A

D

C

B

B

X

Fig. 6. DDoS Attack in vehicle to vehicle communication C

D

E

F

Fig. 4. DoS Attack in V2V and V2R

¾

Jammed Communication channels in V2V and V2R: This is the highest level of a DOS attack in which the attacker jams the whole channel. The following are two possible scenarios. • The attacker sends high frequency signals and jams the communication channel between the vehicles. These vehicles cannot send or receive safety or non-safety messages on the network. There are no services in that specific domain due to this attack. When vehicles leave the domain of the attack then they receive the messages. Fig.5 explains this scenario in which vehicle A could not communicate with the other vehicle B due to a DoS attack. • The next stage of the attack is to jam the communication between the vehicles and road side unit (RSU). The attacker launches the attacks near the RSU and jams the

Fig. 7 explains a DDoS attack of a road side unit (RSU) in which a group of attackers (C, F, G) launches the DDoS attack from different locations on the road side unit (RSU). When vehicle D wants to access the network then the RSU is overloaded.

RSU

A

G

F

E

B

C

D

Fig. 7. DDoS Attack in Vehicle to RSU Communication

C- Broadcast Tampering Attack Safety messages are broadcast in the network and inform other users about current safety conditions of any specific

region. In this case, an attacker tampers with the broadcast safety message and possibly injects false safety message. The purpose of this is to cause road accidents or change the flow of traffic on some specific route. Fig. 8 shows the behavior of attacker X where the attacker broadcasts two different kinds of messages to two different groups of users. Broadcast Message: Work Zone Warning!!!

A B

Broadcast Message: Intersection Collision Warning!!!!

D

X C

E

F

E- Spamming Attack In this situation, the sole purpose of the attacker is to increase the latency of the transmission and use up the bandwidth of the network so no service is available to other users; this is achieved by sending spam messages through the network. It is nearly impossible to control attacks of this type when there is no basic infrastructure or centralized administration available. Fig. 10 shows the situation when attacker X broadcasts spam messages to a particular group of users; the users receiving these messages are not concerned in any way with these types of messages. RSUs also send spam messages, which are most often just advertisements, to the group of users. RSU Sends Spam Message..

Attacker X Sends Spam Message..

RSU

Fig. 8. Broadcast Tampering Attack A

D- Malware Attack A vehicle has its own software and application unit (AU) which performs its own task and communicates with other users as well as the road side unit (RSU). There is some possibility to enter a virus and worm into the vehicle and disturb the operation of the network. Some possible scenarios can be discussed as given below. •

•

•

A malicious user puts a virus affected memory stick (USB) into a vehicle and then the vehicle’s operating system could be down or change its behavior due to the virus and trojan. An insider attacker performs this attack more easily as compared to an outsider rogue person. When a vehicle onboard unit (OBU) communicates with an infrastructure (RSU) and wants to update its software and the RSU is effected due to attackers then, the viruses and worms come to the vehicle’s operating system. Fig.9 explains the scenario in which a user sends a request to the RSU for software updates. The RSU is already controlled by an attacker, so the attacker downloads the malicious software into the vehicle which made the request. Now this software creates problems for the users. When a user uses the Internet, through the Internet any viruses (Trojan horse or worm) can come to the system of the user. In this way the system of the vehicle does not perform their job correctly and the behavior of the vehicle software will be changed due to viruses.

D

B

G

F

E

Fig. 10. Broadcast spam message Attack in Network

F- Black Hole Attack Blackhole is a different kind of attack and there are two possible cases in any particular vehicular network. • When any new user wants to start communication with other users or simply participate in a network, then other users simply refuse it. In Fig. 11, user D wants to start communication with user X, but user X refuses it and simply sends a reply with ‘SORRY’. So now user D tries to communicate with any other user of that network. • One user starts communication with other users of the network and it is suddenly dropped out of the communication. Fig. 11 explains the situation in which user B communicating with user A and user C. User B plays the role of router and sends and receives messages from user A to user C. Attacker X drops the communication of user B and the other neighboring vehicles are disturbed because this vehicle was performing the routing task and many vehicles were connected through it as the router client. In this way, all possible links are down due to the dropping of the link with this intermediate vehicle. Sorry !!!

X

A

B

Fig. 11. Black hole Attack Fig. 9. Malware Attack

x

C

D

C

Table II. Explains the security attacks on the availability requirement with its threats levels. Broadcast tampering, malware, spamming and black hole attacks are considered in low levels attacks and due to these low levels attacks user is still the part of the network. But in the case of DoS attack (jam communication), the user is directly affected and could not make communication with other user of the network. The threat levels are so high in DDoS, because a group of attackers’ launches attack from different locations in different time slots. So it is very difficult to detect and prevent these attacks in vehicular environment. Table III describes the different types of attackers who launch different kinds of attacks and directly affect the availability security requirement in vehicular network. Table III provides the complete summary of previous work in the field of availability and solutions of attackers and attacks in vehicular network. TABLE.II ATTACKS ON AVAILABILITY WITH THREAT LEVELS

IV.

CONCLUSION AND FUTURE WORK

By implementing the VANET applications, it could be possible to provide the safety for the end users on road in next generation vehicular network. In vehicular network, the attackers can launch different kind of attacks in network and purposes of these attacks are creating problems for authentic users of network and also break the security requirements. So, availability is one of the key security requirements in network and due to negative behaviour of attackers and attackers this security requirements is also effected. In this paper, we have provided the detail description about the availability security requirements and also mentioned the different types of attackers who launch attacks related to availability of network. In future work, we will be able to implement the trusted computing mechanism to solve the problem of attacks and also ensure the availability of the network for end users. ACKNOWLEDGMENT This work is funded by Universiti Teknologi PETRONAS Postgraduate Assistantship Scheme.

REFERENCES [1] D. Jiang, V. Taliwal, A. Meier, W. Holfelder, R. Herrtwich, “Design of 5.9GHz DSRC based vehicular safety communication”, IEEE Wireless Communication Magazine,Vol.13, No.05, Nov 2006, pp:36-43. [2] SU. Rahman, H.Falaki, “Security and Privacy for DSRC-based automotive Collision Reporting”, www.cs.ucla.edu/falaki/courses/securityproject.pdf. [3] M. Raya, J. Pierre, Hubaux, ”Securing vehicular ad hoc Networks, Journal of Computer Security”, vol.15, january 2007, pp: 39-68. [4] W.Torell, V.Avelar, “Mean Time Between Failure: Explanation and Standards”, white paper,APC, Legendary Reliability. [5] Fuentes, José María de, Ana Isabel González Tablas,Arturo Ribagorda. "Overview of security issues in Vehicular Ad-hoc Networks." (2010). [6] S. Zeadally, R. Hunt, Y. S. Chen, A. Irwin, A. Hassan, “Vehicular Ad Hoc Networks (VANETS): Status, Results, and Challenges”, Telecommunication Systems 50 (4), 217-241. 2010. [7] J.T.Isaac, S.Zeadally, J.S.Camara, “Security attacks and solution for vehicular ad hoc networks”, IET communication 2010, vol. 4, Iss 7, pp.894 - 903. [8] J. Blum, A. Eskandarian, ”The Threat of Intelligent Collisions”, IT Professional, IEEE Computer Society 2004. [9] Hamieh, A.; Ben-Othman, J.; Mokdad, L.; “Detection of Radio Interference Attacks in VANET", Global Telecommunications Conference, 2009. GLOBECOM 2009. IEEE , vol., no., pp.1-5, Nov.30 2009-Dec. 4 2009. [10] Studer, F. Bai, B. Bellur, A. Perrig, “Flexible, extensible, and efficient VANET authentication”, 6th Conference on Embedded Security in Cars (Escar) Hamburg, Germany, pp. 22, March. 2008. [11] C. Laurendeau, M. Barbeau,”Theat to security in DSRC/WAVE”, 5thInternational Conference on Ad Hoc Networks and Wireless (ADHOC- NOW). LNCS 4104, pp.226279, 2006. [12] Blum, J.J.; Neiswender, A.; Eskandarian, A.; "Denial of Service Attacks on Inter-Vehicle Communication Networks", Intelligent Transportation Systems, 2008. ITSC 2008. 11thInternational IEEE Conference on , vol., no., pp.797-802, 12-15 Oct. 2008. [13] H.B.Hasbullah, I.A Soomro,J.lb.AbManan,”Denial of Service (DOS) Attack and Its Possible Solutions in VANET”, WASET issue 65, april 2010 ISSN 2070-3724. [14] Biswas, S.; Misic, J.; Misic, V., "DDoS attack on WAVEenabled VANET through synchronization", Global Communications Conference (GLOBECOM), 2012 IEEE , vol., no., pp.1079,1084, 3-7 Dec. 2012. [15] A.T. Nguyen, L.Mokdad, J.B. Othman, “Solution of detecting jamming attacks in vehicle ad hoc networks”, 16th ACM international conference on Modeling, analysis & simulation of wireless and mobile systems, Barcelona, Spain ,2013. [16] O. Puñal, A. Aguiar, J. Gross, "In VANETs we Trust? Characterizing RF Jamming in Vehicular Networks", 9th ACM International Workshop on Vehicular Internetworking, Systems and Applications (VANET), pp. 83-92. ACM Jun. 2012. [17] Moharrum, M.A., Al Daraiseh, A.A.: “Toward Secure Vehicular Ad-hoc Networks: A Survey”, IETE Technical Review, vol. 29, issue 1, pp: 80-89, 2012.

Table. III Summary of different Proposed Techniques for the Availability in VANET

Authors

Key Points of Proposed Solutions

A. Hamieh et al.

•

[9]

•

A. Studer et al.

•

[10]

•

C. Laurendeau. et al.

• •

[11]

• J.J. Blum. et. Al

•

[12]

• •

H.Hasbullah. et. Al

• •

[13] S. Biswas,. et. Al

•

[14]

•

A.T. Nguyen et. Al

•

[15] •

O. Puñal

et. Al

•

[16]

•

M.A. Moharrum et. al

•

[17]

The authors proposed a model to detect a particular class of Jamming attack in VANET and this detection model is based upon the measurement of error distribution. The jammer transmits only when valid radio activity is signal from its radio hardware and the attacker jams the packet with Pjam probability. The authors proposed a new certificate verification and authentication strategy that prevents denial of service attack (DoS) while requiring zero additional sender overhead. The new proposed a authentication building block TESLA++ that represents a DoS resilient version of TESLA. In proposed authentication framework, used both ECDSA signatures and TESLA++ to provide timely and efficient authentication of VANET messages while remaining resilient to DoS attacks in VANET. The introduction of a routing protocol lowering the number of broadcast messages could be used to measure the increase WAVE’s resilience to a DoS threat. The authors proposed the identification of the security threats innate to the emerging DSRC/WAVE. They also proposed ranking these identified threats on the basis of the European Telecommunications Standards Institute’s (ETSI) methodology for threat analysis. DoS is ranked as a major attack but threats of this kind could be checked by utilizing puzzles and directional antennas. The authors intended to investigate the various strategies to reduce the amplification effect of the DoS attacks in vehicular environment. The authors described and simulated three different DoS attacks (Sporadic Partial Jamming Attack, Sustained Partial Jamming Attack and Complete Jamming Attack) in a highway environment with dense vehicle traffic. Simulations results demonstrated the potential for amplification of the effects of a DoS attack far beyond vehicles within radio range of the attacker. The authors proposed model to handle with DoS attack. The proposed model is made up of four major modules and described a switching mechanism in case of a DoS attack in VANET. The authors analyzed the prospect of a synchronization based DDoS attacks on vehicular communications and proposed mitigation techniques to avoid such an attack. The authors also highlight a security vulnerability of vehicular network in which a group of malicious entities can launch a DDoS attack and exploiting the 802.11p’s weak EDCA credentials. In this paper, the authors proposed one solution to detect jamming attacks in vehicular network and proposed solution is based on the combination of the packet delivery ratio (PDR) and its diminution. Proposed one solution can detect the presence of jamming attacks as soon as their attacks are effective in vehicular network. The authors studied the impact of a constant, a reactive and a pilot RF jammer on 802.11p vehicle -to-vehicle communications through extensive laboratory experiments. It build a jammer on a software defined radio and implement constant, reactive, pilot jamming patterns and whose effectiveness is first measured in an anechoic chamber. The author discussed in detail the some security techniques for secure communication in VANET. - PKI-based Proposal - Hybrid Approaches - Pseudonyms-based Approaches - Group Signature-based Approaches - Independent Security Improvements - Identity-based Cryptography Approaches