Heartbeat Message Based Misbehavior Detection ... - IEEE Xplore

2012 International Conference on Connected Vehicles and Expo

Heartbeat message based misbehavior detection scheme for Vehicular Ad-hoc Networks Rajesh P. Barnwal Information Technology Group CSIR-Central Mechanical Engineering Research Institute Durgapur, India 713 209 Email: [email protected]

Soumya K. Ghosh School of Information Technology Indian Institute of Technology Kharagpur, India 721 302 Email: [email protected]

VANET has special characteristics of ephemeral network, where the network dynamically changes its topology and participating members. In this condition, the network is vulnerable to different kinds of attacks, either from unknown attacker or known (i.e., authenticated) adversary. The unknown/ unauthenticated attacker is provisioned to be detected and filtered out with the help of PKI based security mechanism. But the main problem arises when an authenticated node misbehaves, either unintentionally due to malfunctioning of its sensing equipments or intentionally for taking unnecessary and illegal benefits out of the network. In both of these conditions, it is dangerous for the commutators to blindly rely on all the alert messages in the VANET. Moreover, the frequent misbehavior of nodes may simply create illusion that VANET is useless or may results into severe problems like accidents. In this paper, we propose a misbehavior detection scheme (MDS), which can help to identify the misbehaving node, who is disseminating false position and speed information through its heartbeat messages. The proposed scheme works in real-time and considers the short-term observations for decision making. The uniqueness of the proposed scheme lies in the fact that it neither requires any additional sensors nor overload the VANET communication channel by using additional messages. The rest of the paper is organized as follows: Section II discusses the related works, Section III describes the proposed misbehavior detection scheme, Section IV depicts the simulation parameters/ scenarios, Section V discusses evaluation results of the proposed scheme, and Section VI concludes the paper.

Abstract—Safety applications in VANET mostly rely upon the correctness of position and other vehicle kinematics information contained in heartbeat messages. A false information or incorrect notification can create traffic inconvenience on the road and may results into the loss of property and human lives. An authenticated node, which disseminates false information intentionally/ unintentionally is termed as misbehaving node. Prior knowledge about this kind of misbehaving node might not be possible in ephemeral network like VANET. It is required to have some verification mechanism in place, which can ensure the reliability of the information content of heartbeat messages, at least in terms of reported position and other vehicle kinematics. A good amount of research has been reported for the authentication of the node in VANET, but misbehavior detection research in VANET is still in nascent stage. The paper proposes a heartbeat message based short-term misbehavior detection scheme, which is capable of identifying the source of false information with very high probability. The proposed scheme has been implemented and analysed in simulation environment with the help of ns-2 and VanetMobiSim. The results are found to be encouraging and pave the way for further research in this direction. Keywords-VANET; misbehavior; privacy; security; trust

I. I NTRODUCTION The idea of Vehicular Ad-hoc Networks (VANETs) is conceptualized and promoted for enhancement of road safety and travellers’ convenience [1], [2]. In compliance with the specifications of Dedicated Short Range Communications (DSRC) [3], VANET-enabled vehicles broadcast periodic messages over a single hop. This periodic safety messages are termed as heartbeat/ beacon messages, which are intended to keep the neighbour vehicles aware of a node’s position and kinematics. This information helps the VANET application to take various types of decisions for its future activity. In addition to heartbeat messages, vehicle also transmits event-driven messages over multi-hop to disseminate various event alerts [1] such as, Post Crash Notification (PCN), Slow Vehicle Alert (SVA), Emergency Electronic Brake Light (EEBL), Cooperative Collision Warning (CCW) etc. 978-0-7695-4900-2/12 $26.00 © 2012 IEEE DOI 10.1109/ICCVE.2012.14

II. P REVIOUS W ORKS Security in case of safety applications in VANET is of concern due to involvement of human lives and thus requires attentions. In [1], [4], authors described various safety VANET applications. The success of safety applications highly depends upon the level of security mechanism in VANET communications. Among other security concerns, 29

misbehavior detection in VANET is one of the most challenging problem [5]–[7]. Leinmuller et al. [8] studied the effects of the false positions information in VANET and proposed sensor based approach to verify the positions. The suggested method requires sensors and continuous observations to decide about the trustworthiness of a node. The sensor method requires additional hardware and nodes need to be in line-of-sight to be analysed for potential misbehavior. A signature based intrusion detection method has been proposed in [9]. The paper assumes that the presence of some genuine vehicles in the network can help to identify a single fake vehicle or attacker, which is trying to misguide the VANET nodes. As the suggested scheme is proposed to take help from other vehicles, thus it is prone to Sybil [10] attack. Misbehavior detection scheme for the PCN application is proposed in [11]. The scheme uses predefined descriptions of expected driving behaviour and vehicle’s trajectory in presence of crash, and then compares this expected trajectory to the actual path followed by the driver. The scheme is only applicable in case of some particular events and is difficult to generalize. The problems of injecting false data in VANET and its security threats are discussed in [5]. Paper presents the notion of proof-of-relevance (PoR), which believes that the event reporter should be authentically relevant to its reported event. This scheme assumes the presence of other genuine nodes for decision making and thus also susceptible to Sybil [10] attack. Ghosh et al. [6] uses basic cause-tree approach to achieve misbehavior detection and route cause identification for the observed misbehavior. The work mainly focuses on Post Crash Notification (PCN) application alerts and the expected behaviour of a crashed vehicle. The concept of data-centric misbehavior detection has been discussed by S. Ruj et al. in [7]. The paper proposes algorithms for detecting false alert messages and misbehaving nodes by observing the actions of the reporting nodes after sending out the alert messages. This scheme only works if there is an alert from a misbehaving vehicle. However, it is imperative that misbehavior should be detectable even in absence of some particular event. Weeransinghe et al. [12] proposed a protocol for position and velocity verification of node in VANET. The protocol is based on post-message request and reply mechanism. The protocol assumes that vehicle will reply each time after its alert message, which is time and bandwidth consuming and thus may not be suitable for ephemeral network like VANET. Aforesaid works depict that the misbehavior detection in VANET is a point of concern among security researchers. It is an active area of research as the existing schemes are having their own limitations. The present work is an attempt to devise a robust self-dependant misbehavior detection scheme

for identification of vehicles, which are disseminating false positional or kinematics information in ephemeral network like VANET. III. P ROPOSED M ISBEHAVIOR D ETECTION S CHEME A. System Model System consists of vehicles equipped with OBU (OnBoard Unit), antenna, GPS (Global Positioning System) and other sensing devices, capable of sensing their own position, speed, steering angle and current time. The vehicle can communicate with each other with the help of OBU and antenna following DSRC standard of communication. The vehicles move on the roads and broadcast beacon messages at a fixed interval, say δt. In case of any specific event, corresponding application generates alert message and broadcasts to all the neighbours. It has been assumed that there is no message loss in the network. B. Misbehavior Model A misbehaving node is characterized as the vehicle, who disseminates inconsistent information and demonstrates unexpected behaviour in terms of disseminating factual data such as time, position, speed and steering angle. This inconsistency may arise due to bad intention of reporting node viz. to misguide other nodes in the network or because of faulty sensing devices like GPS, speed sensor or steering angle sensor etc. C. Assumptions The proposed scheme adopts following assumptions: • vehicles are equipped with OBU, antenna, GPS and other sensing devices • vehicles communicate among each other with the help of OBU and antenna following DSRC standard • vehicles use only pseudonyms during message exchange process to protect their real identifications for privacy reason D. Misbehavior Detection Scheme (MDS) The proposed misbehavior detection scheme works on continuous basis and meant for use by the vehicle to monitor other neighbouring vehicles in the vicinity for their behaviour. Scheme works based on assumption that a genuine vehicle should always behave in honest manner in terms of information dissemination and mutual co-operations. Short term misbehavior detection scheme is for detecting the possible inconsistency in disseminated information using consecutive beacons. Here, the word short-term signifies that the detection is done based on very short-term observations for faster decision making. The short-term decision making can be a basis of predicting future behaviour of a node. In this work, we use two dimensional position coordinate, which is realistic. For short term inconsistency detection, the communication range, R of an OBU antenna has been

30

Figure 1.

Virtual zone division for short-term misbehavior detection

Algorithm 1 Misbehavior Detection Algorithm Input: series of heartbeat messages from vehicle Vr Output: vehicle Vr is misbehaving vehicle or not SIVr = 0 while SIVr ≤ τ do receive beacon(β(PVr ) at time t calculate expected zone(Vr ) at time t based on information received through beacon at time t − δt calculate observed zone(Vr ) at time t based on information received through beacon at time t if expected zone(Vr (t)) = observed zone(Vr (t)) then SIVr + + end if end while if SIVr ≥ τ then declare vehicle Vr as misbehaving vehicle end if

divided into n number of equal distanced virtual zones as shown in Figure 1. As per DSRC standard, the average communication range of an OBU has been taken as R = 300m. Considering the average speed of a vehicle in rural or urban areas as 65 mph ( 30 m/sec) and beacon sampling rate at 1 per sec, the size of inter-zone distance has been kept as d = 30m. Assuming the DSRC communication range of 300m, it has been divided into 20 equal sized virtual zones. Here, an observing vehicle, running MDS is represented as Vo and the reporting vehicle, which broadcasts information through beacons, is represented by Vr . For the purpose of this work, beacon is defined as six tuples data structure and represented as β < PVr , t, X cur (t), Y cur (t), S cur (t), ψ cur (t) >, where PVr is the current pseudonyms of Vr , t is the current message time, X cur (t) & Y cur (t) are components of position coordinate of Vr at time t, S cur (t) is the speed of Vr at time t and ψ cur (t) is the steering angle of Vr at time t. For the sake of clarity, the definition of vehicle’s steering angle is shown in Figure 2.

Figure 2.

position, speed and steering angle from the same reporting vehicle at time t − Δt. Based on expected position of Vr , Vo calculates the expected zone for the reporting vehicle Vr at time instant t. However, Vo calculates the observed zone of Vr directly from the beacon received from Vr at time t. If the observed and expected zone matches, then it is called match otherwise the algorithm increases reporting vehicle’s suspicion index SIVr by 1. We hereby propose to use the pseudonym of the vehicle for all communications so that even if a particular vehicle’s trust level gets affected due to wrong classifications, it won’t affect its future communications with new pseudonyms. However, if a particular vehicle has been detected as misbehaving from first few heartbeat messages, it will not be considered for any further trustworthy communications by the peers till that particular pseudonyms is in effect. The expected position of the reporting vehicle Vr at time t is predicted using Equation 1 and Equation 2.

Definition of Steering Angle

The virtual zones, as shown in Figure 1, always move with Vo and thus do not change their relative positions with reference to observing node. Zones are numbered from left as Z0 , Z1 , Z2 , ..., Zn , where n =  2R d . Using this concept, Algorithm 1 analyses the received beacons for information consistencies. In the proposed scheme, the observing vehicle receives periodic beacon messages from nearby vehicles. After receiving the beacon message from reporting vehicle Vr , the observing vehicle Vo calculates the expected position of the reporting vehicle based on last received information like

XVexp (t) = XVexp (t−Δt)+SVcur (t−Δt)×Δt×cos(ψVcur (t−Δt)) r r r r

(1)

31

YVexp (t) = YVexp (t−Δt)+SVcur (t−Δt)×Δt×sin(ψVcur (t−Δt)) r r r r

Table I C ONFIGURATION OF S CENARIOS FOR VANET M OBI S IM

(2) The expected and observed distance of Vr with respect to Vo are calculated using Equation 3 and Equation 4 respectively.  DVexp (t) = (XVexp (t) − XVcur (t))2 + (YVexp (t) − YVcur (t))2 r r o r o (3)  cur (t) − X cur (t))2 + (Y cur (t) − Y cur (t))2 DVobs (t) = (X Vr Vo Vr Vo r (4) Expected position of the reporting vehicle is used for finding the expected zone of the reporting vehicle Vr at time t and is calculated based on Equation 5. ⎧ undef ined , if [XVcur (t) − XVcur (t)] = 0 ⎪ o r ⎪ ⎪ ⎪ cur cur ⎪ and [YVo (t) − YVr (t)] = 0 ⎪ ⎪ ⎪ ⎪ ⎪ (t) > R or DVexp ⎪ r ⎪ ⎪ ⎨ exp zoneexp DV (t) Vr (t) = r ⎪ + n2 , if [signx ≤ 0 or signy ≤ 0] ⎪ d ⎪ ⎪ ⎪ ⎪ and DVexp (t) < R ⎪ r ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎩ n DVexp (t) r , otherwise 2 − d (5) where, (t) − XVcur (t − Δt)] × [XVcur (t) − XVcur (t)] signx = [XVcur o o o r cur cur cur (t)] signy = [YVo (t) − YVo (t − Δt)] × [YVo (t) − YVcur r

Parameter Dimension Nodes Speed of nodes Lane Speed Limits Mobility Model Driving Model Vehicle Length Jam Distance Acceleration Politeness Factor

City Road Scenario 20 km x 10 km 500 20 - 120 Km/hrs 20 - 120 km/hrs

Highway Scenario 20 km length 500 40 - 120 Km/hrs 120 km/hrs

Activity based Trip [15] Intelligent Driving Model with Lane Changing [16] 4m 4m 2 m/s2 1

Random Trip Intelligent Driving Model with Lane Changing [16] 4m 4m 4 m/s2 0.5

Table II PARAMETERS USED IN PROPOSED MDS Parameter Interzone distance Simulation time

Value 30 m 600 sec

ALGORITHMS

Parameter Misbehaving vehicle Observation time

Value 10% 60 sec

IV. S IMULATION OF PROPOSED SCHEME In our experiments, VanetMobiSim [13] and ns-2 [14] are used as vehicular traffic generator and network simulator respectively. The simulated data have been used for analysing the efficacy of the proposed misbehavior detection scheme. We generated traffic scenarios for both highway and city road conditions using VanetMobiSim. In highway scenario, road is modelled as straight road with very high speed limit, less number of traffic signals and very few turnings. In contrary to this, city roads are created with frequent turnings, traffic signals and varying speed limits depending upon the residential area, market place etc. In the simulated scenario, each vehicle set to broadcast periodic beacon messages at fixed interval of 1 sec. Table I shows detailed configuration parameters used for the simulations. These are representative parameters and used for simulating the highway and city road scenario.

Similarly, the observed zone of the reporting vehicle Vr at time t is calculated using Equation 6. ⎧ ⎪ (t) − XVcur (t)] = 0 undef ined , if [XVcur ⎪ o r ⎪ ⎪ cur cur ⎪ ⎪ (t) − Y and [Y ⎪ Vo Vr (t)] = 0 ⎪ ⎪ obs ⎪ or DVr (t) > R ⎪ ⎪ ⎪ ⎪ ⎨ obs zoneobs DV (t) Vr (t) = r ⎪ + n2 , if [signx ≤ 0 or signy ≤ 0] ⎪ d ⎪ ⎪ ⎪ ⎪ (t) < R and DVobs ⎪ r ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ ⎪ (t) ⎩ n − DVobs r , otherwise 2 d (6) where, signx = [XVcur (t) − XVcur (t − Δt)] × [XVcur (t) − XVcur (t)] o o o r cur cur cur (t)] signy = [YVo (t) − YVo (t − Δt)] × [YVo (t) − YVcur r

A. Parameters for the proposed MDS Algorithms Parameters used in the proposed MDS algorithm are described in Table- II. Observation time has been kept as 60sec to comply the requirement of lifetime of a pseudonyms. However, this parameter can be adjusted according to the allowed life of a pseudonym in VANET. Since, our algorithm doesn’t take any help from other vehicles, thus the percentage of misbehaving vehicles are immaterial.

In Equation 5 and Equation 6, signx and signy are used to determine the relative movement direction of reporting vehicle, Vr with respect to observing vehicle Vo . If signx (or signy ) is positive, it means that both observing vehicle and reporting vehicle are moving in the same direction otherwise movements are in opposite direction. If the suspicion index SIVr reaches a pre-defined threshold value τ , the vehicle Vr will be declared as misbehaving, otherwise vehicle is treated as genuine one.

B. Modeling GPS Errors and Misbehavior To test the robustness of the algorithm in the presence of GPS errors, random GPS errors in the range of -5 meters to +5 meters have been intentionally induced in the position value of all reporting vehicles. However, misbehavior has been modelled by inducing random position errors in the

32

range of 15-50 meters, random speed error in the range of 0-33 m/sec and random steering angle in the range of 0-3 radians in the respective fields of the beacon messages. V. R ESULTS AND D ISCUSSIONS A. Evaluation Measures In our evaluation, we used standard information retrieval metrics of precision and recall. Precision can be seen as a measure of exactness or quality, whereas recall is a measure of completeness or quantity [17]. These two performance measures give their output based on True positives (TP), False positives (FP), True negatives (TN) and False negatives (FN). These measures are capable of providing better idea about efficiency of an detection/ classifier algorithm. Formally, precision and recall can be defined as in Equation 7 and Equation 8 respectively. P recision = Recall =

TP TP + FP

TP TP + FN

Figure 3.

Precision/ Recall plot in Highway Scenario

Figure 4.

Precision/ Recall plot in City Road Scenario

(7) (8)

For misbehavior detection algorithm, precision is the fraction of vehicles, which are detected as misbehaving one and are actually misbehaving vehicles. However, recall is the fraction of misbehaving vehicles that are detected correctly by the detection algorithm. B. Simulation Outcomes The goal of misbehavior detector is to detect as many misbehaving vehicles as possible but simultaneously to avoid too many false positives. Thus, to achieve this goal, a different value of threshold, τ have been experimented for both types of roads. During experimentations, we assumed that misbehaving vehicles will always misbehave and accordingly, at first we kept the misbehaving probability as 1. From the obtained precision/recall graph, as shown in Figure 3 and Figure 4 for the case of highway and city road scenario, it has been found that the proposed algorithm demonstrates reasonably good performance and balanced precision/ recall value at the threshold value, τ =9. Accordingly, threshold value, τ has been fixed at 9 for subsequent experimentations. It is highly probable that a misbehaving node may not misbehaves all the time. Based on this hypothesis, we analysed the performance of our schemes to test its response at different misbehavior probabilities. Experimentations have been conducted with different misbehavior probabilities, both in highway and city road conditions. The results as shown in Figure 5 and Figure 6 depict that the proposed misbehavior detection scheme is equally effective upto the misbehaving probability of 0.7. However, the quality of output in terms of recall starts deteriorating, in case of city road conditions, if the misbehaving probability falls below 0.7.

Figure 5.

Precision in Highway and City Road Scenario

Further, in case of highway like scenario, the proposed

33

[3] J. B. Kenney, “Dedicated short-range communications (dsrc) standards in the united states,” Proceedings of the IEEE, vol. 99, no. 7, pp. 1162–1182, July 2011. [4] F. Bai, H. Krishnan, V. Sadekar, G. Holl, and T. Elbatt, “Towards characterizing and classifying communication-based automotive applications from a wireless networking perspective,” in IEEE Workshop on Automotive Networking and Applications (AutoNet), 2006. [5] Z. Cao, J. Kong, M. Gerla, Z. Chen, and J. Hu, “Filtering false data via authentic consensus in vehicle ad hoc networks,” International Journal of Autonomous and Adaptive Communications Systems, vol. 3, no. 2, pp. 217–235, 2010.

Figure 6.

[6] M. Ghosh, A. Varghese, A. Gupta, A. Kherani, and S. Muthaiah, “Misbehavior detection scheme with integrated root cause detection in VANET,” Ad Hoc Networks, vol. 8, no. 7, pp. 778–790, 2010.

Recall in Highway and City Road Scenario

[7] S. Ruj, M. Cavenaghi, Z. Huang, A. Nayak, and I. Stojmenovic, “Data-centric Misbehavior Detection in VANETs,” Arxiv preprint arXiv:1103.2404, p. 12, Mar. 2011.

scheme is highly effective even in the situation, when the probability of misbehaving is as low as 0.1. This proves that the proposed algorithm is immune to changing misbehavior probabilities, in case of highway and works reasonably good in case of city roads.

[8] T. Leinmuller, E. Schoch, and F. Kargl, “Position verification approaches for vehicular ad hoc networks,” IEEE Wireless Communication Magazine, Oct. 2006.

VI. C ONCLUSION AND F UTURE W ORK

[9] N. Bissmeyer, C. Stresing, and K. Bayarou, “Intrusion detection in VANETs through verification of vehicle movement data,” in In IEEE Vehicular Networking Conference (VNC), 2010, 2010, pp. 166–173.

In this work, we present a novel short-term misbehavior detection scheme to detect the vehicles, who deviate from their expected behaviour of reporting correct positional and kinematics information through their heartbeat messages. We conducted experiments to evaluate the performance of the proposed scheme using VanetMobiSim and ns-2. Two well known performance metrics, namely, precision and recall are used for evaluating the efficacy of the proposed algorithm. The evaluation is based on microscopic vehicle traffic simulation both in highway and city road scenarios. The obtained results are encouraging and demonstrate a good balance of precision and recall in both highway as well as city traffic conditions. The performances of the proposed scheme are not deteriorating too much even in cases, when misbehaving probability of a node drops to 0.7 in city road scenario and 0.6 in highway scenario. In future, the work is intended to be extended for fusion of the short-term misbehavior detector’s results with that of long-term observations for better and reliable decision making.

[10] J. Douceur, “The sybil Attack,” in First international workshop on peer to peer(P2P) system., March 2002, pp. 251–260. [11] M. Ghosh, A. Verghese, A. Kherani, and A. Gupta, “Distributed misbehavior detection in VANETs,” in In IEEE Wireless Communication and Networking Conference (WCNC 2009), April 2009, pp. 1–6. [12] H. D. Weerasinghe, R. Tackett, and H. Fu, “Verifying position and velocity for vehicular ad-hoc networks.” [13] J. H¨arri and M. Fiore, “VanetMobiSim–Vehicular Ad hoc Network mobility extension to the CanuMobiSim framework,” Institut Eur´ecom Department of Mobile Commu, vol. 6904, 2007. [Online]. Available: http://vanet.eurecom.fr/ [14] S. McCanne and S. Floyd, “ns network simulator.” [Online]. Available: http://www.isi.edu/nsnam/ns/ [15] M. Treiber, A. Hennecke, and D. Helbing, “Congested traffic states in empirical observations and microscopic simulations,” Phys. Rev. E, vol. 62, no. 2, pp. 1805–1824, Aug 2000.

R EFERENCES [1] C. V. S. C. Consortium, “Vehicle safety communications project task 3 final report: Identify intelligent vehicle safety applications enabled by DSRC,” National Highway Traffic Safety Administration, U.S. Department of Transportation, 2005.

[16] E. I. Pas, “Recent advances in activity-based travel demand modeling,” in Activity-Based Travel Forecasting Conference Proceedings, June 2-5 1996. [17] Wikipedia, “Precision and recall.” [Online]. Available: http://en.wikipedia.org/wiki/Precision-and-recall

[2] M. Schagrin, “Vehicle-to-vehicle (v2v) communications for safety.” [Online]. Available: http://www.its.dot.gov/research/v2v.htm

34