A comprehensive survey of V2X cybersecurity mechanisms and future research paths

Recent advancements in vehicle-to-everything (V2X) communication have notably improved existing transport systems by enabling increased connectivity and driving autonomy levels. The remarkable benefits of V2X connectivity come inadvertently with challenges which involve security vulnerabilities and breaches. Addressing security concerns is essential for seamless and safe operation of mission-critical V2X use cases. This paper surveys current literature on V2X security and provides a systematic and comprehensive review of the most relevant security enhancements to date. An in-depth classification of V2X attacks is first performed according to key security and privacy requirements. Our methodology resumes with a taxonomy of security mechanisms based on their proactive/reactive defensive approach, which helps identify strengths and limitations of state-of-the-art countermeasures for V2X attacks. In addition, this paper delves into the potential of emerging security approaches leveraging artificial intelligence tools to meet security objectives. Promising data-driven solutions tailored to tackle security, privacy and trust issues are thoroughly discussed along with new threat vectors introduced inevitably by these enablers. The lessons learned from the detailed review of existing works are also compiled and highlighted. We conclude this survey with a structured synthesis of open challenges and future research directions to foster contributions in this prominent field.This work is supported by the H2020-INSPIRE-5Gplus project (under Grant agreement No. 871808), the ”Ministerio de Asuntos Económicos y Transformacion Digital” and the European Union-NextGenerationEU in the frameworks of the ”Plan de Recuperación, Transformación y Resiliencia” and of the ”Mecanismo de Recuperación y Resiliencia” under references TSI-063000-2021-39/40/41, and the CHIST-ERA-17-BDSI-003 FIREMAN project funded by the Spanish National Foundation (Grant PCI2019-103780).Peer ReviewedPostprint (published version

Survey and Systematization of Secure Device Pairing

Secure Device Pairing (SDP) schemes have been developed to facilitate secure communications among smart devices, both personal mobile devices and Internet of Things (IoT) devices. Comparison and assessment of SDP schemes is troublesome, because each scheme makes different assumptions about out-of-band channels and adversary models, and are driven by their particular use-cases. A conceptual model that facilitates meaningful comparison among SDP schemes is missing. We provide such a model. In this article, we survey and analyze a wide range of SDP schemes that are described in the literature, including a number that have been adopted as standards. A system model and consistent terminology for SDP schemes are built on the foundation of this survey, which are then used to classify existing SDP schemes into a taxonomy that, for the first time, enables their meaningful comparison and analysis.The existing SDP schemes are analyzed using this model, revealing common systemic security weaknesses among the surveyed SDP schemes that should become priority areas for future SDP research, such as improving the integration of privacy requirements into the design of SDP schemes. Our results allow SDP scheme designers to create schemes that are more easily comparable with one another, and to assist the prevention of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications Surveys & Tutorials 2017 (Volume: PP, Issue: 99

Thirty Years of Machine Learning: The Road to Pareto-Optimal Wireless Networks

Future wireless networks have a substantial potential in terms of supporting a broad range of complex compelling applications both in military and civilian fields, where the users are able to enjoy high-rate, low-latency, low-cost and reliable information services. Achieving this ambitious goal requires new radio techniques for adaptive learning and intelligent decision making because of the complex heterogeneous nature of the network structures and wireless services. Machine learning (ML) algorithms have great success in supporting big data analytics, efficient parameter estimation and interactive decision making. Hence, in this article, we review the thirty-year history of ML by elaborating on supervised learning, unsupervised learning, reinforcement learning and deep learning. Furthermore, we investigate their employment in the compelling applications of wireless networks, including heterogeneous networks (HetNets), cognitive radios (CR), Internet of things (IoT), machine to machine networks (M2M), and so on. This article aims for assisting the readers in clarifying the motivation and methodology of the various ML algorithms, so as to invoke them for hitherto unexplored services as well as scenarios of future wireless networks.Comment: 46 pages, 22 fig

Big data analytics for large-scale wireless networks: Challenges and opportunities

© 2019 Association for Computing Machinery. The wide proliferation of various wireless communication systems and wireless devices has led to the arrival of big data era in large-scale wireless networks. Big data of large-scale wireless networks has the key features of wide variety, high volume, real-time velocity, and huge value leading to the unique research challenges that are different from existing computing systems. In this article, we present a survey of the state-of-art big data analytics (BDA) approaches for large-scale wireless networks. In particular, we categorize the life cycle of BDA into four consecutive stages: Data Acquisition, Data Preprocessing, Data Storage, and Data Analytics. We then present a detailed survey of the technical solutions to the challenges in BDA for large-scale wireless networks according to each stage in the life cycle of BDA. Moreover, we discuss the open research issues and outline the future directions in this promising area

Key management for wireless sensor network security

Wireless Sensor Networks (WSNs) have attracted great attention not only in industry but also in academia due to their enormous application potential and unique security challenges. A typical sensor network can be seen as a combination of a number of low-cost sensor nodes which have very limited computation and communication capability, memory space, and energy supply. The nodes are self-organized into a network to sense or monitor surrounding information in an unattended environment, while the self-organization property makes the networks vulnerable to various attacks.Many cryptographic mechanisms that solve network security problems rely directly on secure and efficient key management making key management a fundamental research topic in the field of WSNs security. Although key management for WSNs has been studied over the last years, the majority of the literature has focused on some assumed vulnerabilities along with corresponding countermeasures. Specific application, which is an important factor in determining the feasibility of the scheme, has been overlooked to a large extent in the existing literature.This thesis is an effort to develop a key management framework and specific schemes for WSNs by which different types of keys can be established and also can be distributed in a self-healing manner; explicit/ implicit authentication can be integrated according to the security requirements of expected applications. The proposed solutions would provide reliable and robust security infrastructure for facilitating secure communications in WSNs.There are five main parts in the thesis. In Part I, we begin with an introduction to the research background, problems definition and overview of existing solutions. From Part II to Part IV, we propose specific solutions, including purely Symmetric Key Cryptography based solutions, purely Public Key Cryptography based solutions, and a hybrid solution. While there is always a trade-off between security and performance, analysis and experimental results prove that each proposed solution can achieve the expected security aims with acceptable overheads for some specific applications. Finally, we recapitulate the main contribution of our work and identify future research directions in Part V

Resource-efficient strategies for mobile ad-hoc networking

The ubiquity and widespread availability of wireless mobile devices with ever increasing inter-connectivity (e. g. by means of Bluetooth, WiFi or UWB) have led to new and emerging next generation mobile communication paradigms, such as the Mobile Ad-hoc NETworks (MANETs). MANETs are differentiated from traditional mobile systems by their unique properties, e. g. unpredictable nodal location, unstable topology and multi-hop packet relay. The success of on-going research in communications involving MANETs has encouraged their applications in areas with stringent performance requirements such as the e-healthcare, e. g. to connect them with existing systems to deliver e-healthcare services anytime anywhere. However, given that the capacity of mobile devices is restricted by their resource constraints (e. g. computing power, energy supply and bandwidth), a fundamental challenge in MANETs is how to realize the crucial performance/Quality of Service (QoS) expectations of communications in a network of high dynamism without overusing the limited resources. A variety of networking technologies (e. g. routing, mobility estimation and connectivity prediction) have been developed to overcome the topological instability and unpredictability and to enable communications in MANETs with satisfactory performance or QoS. However, these technologies often feature a high consumption of power and/or bandwidth, which makes them unsuitable for resource constrained handheld or embedded mobile devices. In particular, existing strategies of routing and mobility characterization are shown to achieve fairly good performance but at the expense of excessive traffic overhead or energy consumption. For instance, existing hybrid routing protocols in dense MANETs are based in two-dimensional organizations that produce heavy proactive traffic. In sparse MANETs, existing packet delivery strategy often replicates too many copies of a packet for a QoS target. In addition, existing tools for measuring nodal mobility are based on either the GPS or GPS-free positioning systems, which incur intensive communications/computations that are costly for battery-powered terminals. There is a need to develop economical networking strategies (in terms of resource utilization) in delivering the desired performance/soft QoS targets. The main goal of this project is to develop new networking strategies (in particular, for routing and mobility characterization) that are efficient in terms of resource consumptions while being effective in realizing performance expectations for communication services (e. g. in the scenario of e-healthcare emergency) with critical QoS requirements in resource-constrained MANETs. The main contributions of the thesis are threefold: (1) In order to tackle the inefficient bandwidth utilization of hybrid service/routing discovery in dense MANETs, a novel "track-based" scheme is developed. The scheme deploys a one-dimensional track-like structure for hybrid routing and service discovery. In comparison with existing hybrid routing/service discovery protocols that are based on two-dimensional structures, the track-based scheme is more efficient in terms of traffic overhead (e. g. about 60% less in low mobility scenarios as shown in Fig. 3.4). Due to the way "provocative tracks" are established, the scheme has also the capability to adapt to the network traffic and mobility for a better performance. (2) To minimize the resource utilization of packet delivery in sparse MANETs where wireless links are intermittently connected, a store-and-forward based scheme, "adaptive multicopy routing", was developed for packet delivery in sparse mobile ad-hoc networks. Instead of relying on the source to control the delivery overhead as in the conventional multi-copy protocols, the scheme allows each intermediate node to independently decide whether to forward a packet according to the soft QoS target and local network conditions. Therefore, the scheme can adapt to varying networking situations that cannot be anticipated in conventional source-defined strategies and deliver packets for a specific QoS targets using minimum traffic overhead. ii (3) The important issue of mobility measurement that imposes heavy communication/computation burdens on a mobile is addressed with a set of resource-efficient "GPS-free" soluti ons, which provide mobility characterization with minimal resource utilization for ranging and signalling by making use of the information of the time-varying ranges between neighbouring mobile nodes (or groups of mobile nodes). The range-based solutions for mobility characterization consist of a new mobility metric for network-wide performance measurement, two velocity estimators for approximating the inter-node relative speeds, and a new scheme for characterizing the nodal mobility. The new metric and its variants are capable of capturing the mobility of a network as well as predicting the performance. The velocity estimators are used to measure the speed and orientation of a mobile relative to its neighbours, given the presence of a departing node. Based on the velocity estimators, the new scheme for mobility characterization is capable of characterizing the mobility of a node that are associated with topological stability, i. e. the node's speeds, orientations relative to its neighbouring nodes and its past epoch time. iiiBIOPATTERN EU Network of Excellence (EU Contract 508803

Resilience Strategies for Network Challenge Detection, Identification and Remediation

The enormous growth of the Internet and its use in everyday life make it an attractive target for malicious users. As the network becomes more complex and sophisticated it becomes more vulnerable to attack. There is a pressing need for the future internet to be resilient, manageable and secure. Our research is on distributed challenge detection and is part of the EU Resumenet Project (Resilience and Survivability for Future Networking: Framework, Mechanisms and Experimental Evaluation). It aims to make networks more resilient to a wide range of challenges including malicious attacks, misconfiguration, faults, and operational overloads. Resilience means the ability of the network to provide an acceptable level of service in the face of significant challenges; it is a superset of commonly used definitions for survivability, dependability, and fault tolerance. Our proposed resilience strategy could detect a challenge situation by identifying an occurrence and impact in real time, then initiating appropriate remedial action. Action is autonomously taken to continue operations as much as possible and to mitigate the damage, and allowing an acceptable level of service to be maintained. The contribution of our work is the ability to mitigate a challenge as early as possible and rapidly detect its root cause. Also our proposed multi-stage policy based challenge detection system identifies both the existing and unforeseen challenges. This has been studied and demonstrated with an unknown worm attack. Our multi stage approach reduces the computation complexity compared to the traditional single stage, where one particular managed object is responsible for all the functions. The approach we propose in this thesis has the flexibility, scalability, adaptability, reproducibility and extensibility needed to assist in the identification and remediation of many future network challenges

SECURITY, PRIVACY AND APPLICATIONS IN VEHICULAR AD HOC NETWORKS

With wireless vehicular communications, Vehicular Ad Hoc Networks (VANETs) enable numerous applications to enhance traffic safety, traffic efficiency, and driving experience. However, VANETs also impose severe security and privacy challenges which need to be thoroughly investigated. In this dissertation, we enhance the security, privacy, and applications of VANETs, by 1) designing application-driven security and privacy solutions for VANETs, and 2) designing appealing VANET applications with proper security and privacy assurance. First, the security and privacy challenges of VANETs with most application significance are identified and thoroughly investigated. With both theoretical novelty and realistic considerations, these security and privacy schemes are especially appealing to VANETs. Specifically, multi-hop communications in VANETs suffer from packet dropping, packet tampering, and communication failures which have not been satisfyingly tackled in literature. Thus, a lightweight reliable and faithful data packet relaying framework (LEAPER) is proposed to ensure reliable and trustworthy multi-hop communications by enhancing the cooperation of neighboring nodes. Message verification, including both content and signature verification, generally is computation-extensive and incurs severe scalability issues to each node. The resource-aware message verification (RAMV) scheme is proposed to ensure resource-aware, secure, and application-friendly message verification in VANETs. On the other hand, to make VANETs acceptable to the privacy-sensitive users, the identity and location privacy of each node should be properly protected. To this end, a joint privacy and reputation assurance (JPRA) scheme is proposed to synergistically support privacy protection and reputation management by reconciling their inherent conflicting requirements. Besides, the privacy implications of short-time certificates are thoroughly investigated in a short-time certificates-based privacy protection (STCP2) scheme, to make privacy protection in VANETs feasible with short-time certificates. Secondly, three novel solutions, namely VANET-based ambient ad dissemination (VAAD), general-purpose automatic survey (GPAS), and VehicleView, are proposed to support the appealing value-added applications based on VANETs. These solutions all follow practical application models, and an incentive-centered architecture is proposed for each solution to balance the conflicting requirements of the involved entities. Besides, the critical security and privacy challenges of these applications are investigated and addressed with novel solutions. Thus, with proper security and privacy assurance, these solutions show great application significance and economic potentials to VANETs. Thus, by enhancing the security, privacy, and applications of VANETs, this dissertation fills the gap between the existing theoretic research and the realistic implementation of VANETs, facilitating the realistic deployment of VANETs

Game Theory for Multi-Access Edge Computing:Survey, Use Cases, and Future Trends

Game theory (GT) has been used with significant success to formulate, and either design or optimize, the operation of many representative communications and networking scenarios. The games in these scenarios involve, as usual, diverse players with conflicting goals. This paper primarily surveys the literature that has applied theoretical games to wireless networks, emphasizing use cases of upcoming multiaccess edge computing (MEC). MEC is relatively new and offers cloud services at the network periphery, aiming to reduce service latency backhaul load, and enhance relevant operational aspects such as quality of experience or security. Our presentation of GT is focused on the major challenges imposed by MEC services over the wireless resources. The survey is divided into classical and evolutionary games. Then, our discussion proceeds to more specific aspects which have a considerable impact on the game's usefulness, namely, rational versus evolving strategies, cooperation among players, available game information, the way the game is played (single turn, repeated), the game's model evaluation, and how the model results can be applied for both optimizing resource-constrained resources and balancing diverse tradeoffs in real edge networking scenarios. Finally, we reflect on lessons learned, highlighting future trends and research directions for applying theoretical model games in upcoming MEC services, considering both network design issues and usage scenarios