Data-centric Misbehavior Detection in VANETs

Detecting misbehavior (such as transmissions of false information) in vehicular ad hoc networks (VANETs) is very important problem with wide range of implications including safety related and congestion avoidance applications. We discuss several limitations of existing misbehavior detection schemes (MDS) designed for VANETs. Most MDS are concerned with detection of malicious nodes. In most situations, vehicles would send wrong information because of selfish reasons of their owners, e.g. for gaining access to a particular lane. Because of this (\emph{rational behavior}), it is more important to detect false information than to identify misbehaving nodes. We introduce the concept of data-centric misbehavior detection and propose algorithms which detect false alert messages and misbehaving nodes by observing their actions after sending out the alert messages. With the data-centric MDS, each node can independently decide whether an information received is correct or false. The decision is based on the consistency of recent messages and new alert with reported and estimated vehicle positions. No voting or majority decisions is needed, making our MDS resilient to Sybil attacks. Instead of revoking all the secret credentials of misbehaving nodes, as done in most schemes, we impose fines on misbehaving nodes (administered by the certification authority), discouraging them to act selfishly. This reduces the computation and communication costs involved in revoking all the secret credentials of misbehaving nodes.Comment: 12 page

Secure Message Dissemination with QoS Guaranteed Routing in Internet of Vehicles

Internet of Vehicles (IoV) is a variant of vehicular adhoc network (VANET) where vehicles can communicate with other vehicles, infrastructure devices, parking lots and even pedestrians.  Communication to other entities is facilitates through various services like DSRC, C2C-CC. Fake messages can be propagated by attackers for various selfish needs. Complex authentication procedures can affect the propagation of emergency messages. Thus a light weight mechanism to ensure the trust of messages without affecting the delivery deadlines for emergency messages. Addressing this problem, this work proposes a clustering based network topology for IoV where routing is optimized for message dissemination of various classes using hybrid meta-heuristics.  In addition, two stage message authentication technique combining collaborative authentication with Bayesian filtering is proposed to verify the authenticity of message. Through simulation analysis, the proposed solution is found to detect fake messages with an accuracy of 96% with 10% lower processing delay compared to existing works

Speed Offset Attack Detection in Vehicular Ad-Hoc Networks (VANETs) Using Machine Learning

An integral component of the Intelligent Transportation System (ITS) is the emerging technology called Vehicular ad-hoc network (VANET). VANET allows Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I) communication wirelessly to improve road safety, traffic congestion, and information dissemination. Communication of vehicles in a VANET network is vulnerable to various attacks. Commonly used cryptographic techniques alone are insufficient to ensure and protect vehicle message integrity and authentication from insider attacks. In such cases, additional measures are necessary to ensure the correctness of the transmitted data. Each vehicle in the network periodically broadcasts a basic safety message (BSM) that contains essential status information about a vehicle, such as its position, speed, and heading to other vehicles and Road Side Units (RSU) to report its status. A speed offset attack is where an attacker (misbehaving vehicle) misleads the network by adding an offset value to its actual speed data in each BSM. Such attacks can result in traffic congestion and road accidents; therefore, it is essential to accurately detect and identify such attackers to ensure safety in the network. This research proposes a novel data-centric approach for detecting speed offset attacks using Machine Learning (ML) and Deep Learning (DL) algorithms. Vehicular Reference Misbehavior (VeReMi) Extension Dataset is used for this research. Preliminary results indicate that the proposed model can detect malicious nodes in the network quickly and accurately

A taxonomy and survey of cyber-physical intrusion detection approaches for vehicles

With the growing threat of cyber and cyber-physical attacks against automobiles, drones, ships, driverless pods and other vehicles, there is also a growing need for intrusion detection approaches that can facilitate defence against such threats. Vehicles tend to have limited processing resources and are energy-constrained. So, any security provision needs to abide by these limitations. At the same time, attacks against vehicles are very rare, often making knowledge-based intrusion detection systems less practical than behaviour-based ones, which is the reverse of what is seen in conventional computing systems. Furthermore, vehicle design and implementation can differ wildly between different types or different manufacturers, which can lead to intrusion detection designs that are vehicle-specific. Equally importantly, vehicles are practically defined by their ability to move, autonomously or not. Movement, as well as other physical manifestations of their operation may allow cyber security breaches to lead to physical damage, but can also be an opportunity for detection. For example, physical sensing can contribute to more accurate or more rapid intrusion detection through observation and analysis of physical manifestations of a security breach. This paper presents a classification and survey of intrusion detection systems designed and evaluated specifically on vehicles and networks of vehicles. Its aim is to help identify existing techniques that can be adopted in the industry, along with their advantages and disadvantages, as well as to identify gaps in the literature, which are attractive and highly meaningful areas of future research

Hardware Assisted Solutions for Automobile Security

In the past couple of decades, many in-vehicle features have been invented and deployed in order to make modern vehicles which not only safer and more reliable but also connected, smarter, and intelligent. Meanwhile, vehicular ad-hoc networks (VANETs) are proposed to provide communications between vehicles and road-side stations as the foundation of the intelligent transportation system to provide efficient and safe transportation. To support these updated functions, a large amount of electronic equipment has been integrated into the car system. Although these add-on functions around vehicles offer great help in driving assistance, they inevitably introduced new security vulnerabilities that threaten the safety of the on-board drivers, passengers and pedestrians. This has been demonstrated by many well-documented attacks either on the in-vehicle bus system or on the wireless vehicular network communications. In this dissertation, we design and implement several hardware-oriented solutions to the arousing security issues on vehicles. More specifically, we focus on three important and representative problems: (1) how to secure the in-vehicle Controller Area Network (CAN), (2) how to secure the communication between vehicle and outside, and (3) how to establish trust on VANETs. Current approaches based on cryptographic algorithms to secure CAN bus violate the strict timing and limited resource constraints for CAN communications. We thus emphasize on the alternate solution of intrusion detection system (IDS) in this dissertation. We explore monitoring the changes of CAN message content or the physical delay of its transmission to detect on the CAN bus. We first propose a new entropy-based IDS following the observation that all the known CAN message injection attacks need to alter the CAN identifier bit. Thus, analyzing the entropy changes of such bits can be an effective way to detect those attacks. Next, we develop a delay-based IDS to protect the CAN network by identifying the location of the compromised Electronic Control Unit (ECU) from the transmission delay difference to two terminals connected to the CAN bus. We demonstrate that both approaches can protect the integrity of the messages on CAN bus leading to a further improve the security and safety of autonomous vehicles. In the second part of this dissertation, we consider Plug-and-Secure, an industrial practice on key management for automotive CAN networks. It has been proven to be information theoretically secure. However, we discover side-channel attacks based on the physical properties of the CAN bus that can leak almost the entire secret key bits. We analyze the fundamental characteristics that lead to such attacks and propose techniques to minimize information leakage at the hardware level. Next, we extend our study from in-vehicle secure CAN communication to the communication between vehicle and outside world. We take the example of the popular GPS spoofing attack and show how we can use the rich information from CAN bus to build a cross-validation system to detect such attacks. Our approach is based on the belief that the local driving data from the in-vehicle network can be authenticated and thus trusted by secure CAN networks mechanisms. Such data can be used to cross-validate the GPS signals from the satellite which are vulnerable to spoofing attacks. We conduct driving tests on real roads to show that our proposed approach can defend both GPS spoofing attacks and location-based attacks on the VANETs. Finally, we propose a blockchain based Anonymous Reputation System (BARS) to establish a privacy-preserving trust model for VANETs. The certificate and revocation transparency is implemented efficiently with the proofs of presence and absence based on the extended blockchain technology. To prevent the broadcast of forged messages, a reputation evaluation algorithm is presented relying on both direct historical interactions of that vehicle and indirect opinions from the other vehicles. This dissertation features solutions to vehicle security problems based on hardware or physical characteristics, instead of cryptographic algorithms. We believe that given the critical timing requirement on vehicular systems and their very limited resource (such as the bandwidth on CAN bus), this will be a very promising direction to secure vehicles and vehicular network

Enhancing service quality and reliability in intelligent traffic system

Intelligent Traffic Systems (ITS) can manage on-road traffic efficiently based on real-time traffic conditions, reduce delay at the intersections, and maintain the safety of the road users. However, emergency vehicles still struggle to meet their targeted response time, and an ITS is vulnerable to various types of attacks, including cyberattacks. To address these issues, in this dissertation, we introduce three techniques that enhance the service quality and reliability of an ITS. First, an innovative Emergency Vehicle Priority System (EVPS) is presented to assist an Emergency Vehicle (EV) in attending the incident place faster. Our proposed EVPS determines the proper priority codes of EV based on the type of incidents. After priority code generation, EVPS selects the number of traffic signals needed to be turned green considering the impact on other vehicles gathered in the relevant adjacent cells. Second, for improving reliability, an Intrusion Detection System for traffic signals is proposed for the first time, which leverages traffic and signal characteristics such as the flow rate, vehicle speed, and signal phase time. Shannon’s entropy is used to calculate the uncertainty associated with the likelihood of particular evidence and Dempster-Shafer (DS) decision theory is used to fuse the evidential information. Finally, to improve the reliability of a future ITS, we introduce a model that assesses the trust level of four major On-Board Units (OBU) of a self-driving car along with Global Positioning System (GPS) data and safety messages. Both subjective logic (DS theory) and CertainLogic are used to develop the theoretical underpinning for estimating the trust value of a self-driving car by fusing the trust value of four OBU components, GPS data and safety messages. For evaluation and validation purposes, a popular and widely used traffic simulation package, namely Simulation of Urban Mobility (SUMO), is used to develop the simulation platform using a real map of Melbourne CBD. The relevant historical real data taken from the VicRoads website were used to inject the traffic flow and density in the simulation model. We evaluated the performance of our proposed techniques considering different traffic and signal characteristics such as occupancy rate, flow rate, phase time, and vehicle speed under many realistic scenarios. The simulation result shows the potential efficacy of our proposed techniques for all selected scenarios.Doctor of Philosoph

Erkennung und Vermeidung von Fehlverhalten in fahrzeugbasierten DTNs

Delay- and Disruption-Tolerant Networks (DTNs) are a suitable technology for many applications when the network suffers from intermittent connections and significant delays. In current vehicular networks, due to the high mobility of vehicles, the connectivity in vehicular networks can be highly unstable, links may change or break soon after they have been established and the network topology varies significantly depending on time and location. When the density of networked vehicles is low, connectivity is intermittent and with only a few transmission opportunities. This makes forwarding packets very difficult. For the next years, until a high penetration of networked vehicles is realized, delay-tolerant methods are a necessity in vehicular networks, leading to Vehicular DTNs (VDTNs). By implementing a store-carry-forward paradigm, VDTNs can make sure that even under difficult conditions, the network can be used by applications. However, we cannot assume that all vehicles are altruistic in VDTNs. Attackers can penetrate the communication systems of vehicles trying their best to destroy the network. Especially if multiple attackers collude to disrupt the network, the characteristics of VDTNs, without continuous connectivity, make most traditional strategies of detecting attackers infeasible. Additionally, selfish nodes may be reluctant to cooperate considering their profit, and due to hard- or software errors some vehicles cannot send or forward data. Hence, efficient mechanisms to detect malicious nodes in VDTNs are imperative. In this thesis, two classes of Misbehavior Detection Systems (MDSs) are proposed to defend VDTNs against malicious nodes. Both MDSs use encounter records (ERs) as proof to document nodes' behavior during previous contacts. By collecting and securely exchanging ERs, depending on different strategies in different classes of MDSs, a reputation system is built in order to punish bad behavior while encouraging cooperative behavior in the network. With independently operating nodes and asynchronous exchange of observations through ERs, both systems are very well suited for VDTNs, where there will be no continuous, ubiquitous network in the foreseeable future. By evaluating our methods through extensive simulations using different DTN routing protocols and different realistic scenarios, we find that both MDS classes are able to efficiently protect the system with low overhead and prevent malicious nodes from further disrupting the network.In Netzwerken mit zeitweisen Unterbrechungen oder langen Verzögerungen sind Delay- and Disruption-Tolerant Networks (DTNs) eine geeignete Technologie für viele Anwendungen. Die Konnektivität in Fahrzeugnetzen ist bedingt durch die hohe Mobilität und die geringe Verbreitung von netzwerkfähigen Fahrzeugen oft instabil. Bis zur flächendeckenden Verbreitung von netzwerkfähigen Fahrzeugen ist es daher zwingend notwendig auf Methoden des Delay Tolerant Networking zurückzugreifen um die bestmögliche Kommunikation zu gewährleisten. In diesem Zusammenhang wird von Vehicular Delay Tolerant Networks (VDTNs) gesprochen. Durch das Store-Carry-Forward-Prinzip kann ein VDTN Kommunikation für Anwendungen ermöglichen. Allerdings ist davon auszugehen, dass sich nicht alle Fahrzeuge altruistisch verhalten: Angreifer können Fahrzeuge übernehmen und das Netzwerk attackieren oder Knoten sind aus egoistischen Motiven oder auf Grund von Defekten unkooperativ. Verfahren, die Fehlverhalten in stabilen Netzen durch direkte Beobachtung erkennen können, sind in VDTNs nicht anwendbar. Daher sind Methoden, die Fehlverhalten in VDTNs nachweisen können, zwingend erforderlich. In dieser Arbeit werden zwei Klassen von Misbehavior Detection Systems (MDSs) vorgestellt. Beide Systeme basieren auf Encounter Records (ERs): Nach einem Kontakt tauschen zwei Knoten kryptografisch signierte Meta-Informationen zu den erfolgten Datentransfers aus. Diese ERs dienen bei darauffolgenden Kontakten mit anderen Netzwerkteilnehmern als vertrauenswürdiger Nachweis für das Verhalten eines Knotens in der Vergangenheit. Basierend auf der Auswertung gesammelter ERs wird ein Reputationssystem entwickelt, das kooperatives Verhalten belohnt und unkooperatives Verhalten bestraft. Dauerhaft unkooperative Knoten werden aus dem Netzwerk ausgeschlossen. Durch den asynchronen Austausch von Informationen kann jeder Knoten das Verhalten seiner Nachbarn selbstständig und unabhängig evaluieren. Dadurch sind die vorgestellten MDS-Varianten sehr gut für den Einsatz in einem VDTN geeignet. Durch umfangreiche Evaluationen wird gezeigt, dass sich die entwickelten MDS-Verfahren für verschiedene Routingprotokolle und in unterschiedlichen Szenarien anwenden lassen. In allen Fällen ist das MDS in der Lage das System mit geringem Overhead gegen Angreifer zu verteidigen und eine hohe Servicequalität im Netzwerk zu gewährleisten