MARINE: Man-in-the-middle attack resistant trust model IN connEcted vehicles

Vehicular Ad-hoc NETwork (VANET), a novel technology holds a paramount importance within the transportation domain due to its abilities to increase traffic efficiency and safety. Connected vehicles propagate sensitive information which must be shared with the neighbors in a secure environment. However, VANET may also include dishonest nodes such as Man-in-the-Middle (MiTM) attackers aiming to distribute and share malicious content with the vehicles, thus polluting the network with compromised information. In this regard, establishing trust among connected vehicles can increase security as every participating vehicle will generate and propagate authentic, accurate and trusted content within the network. In this paper, we propose a novel trust model, namely, Man-in-the-middle Attack Resistance trust model IN connEcted vehicles (MARINE), which identifies dishonest nodes performing MiTM attacks in an efficient way as well as revokes their credentials. Every node running MARINE system first establishes trust for the sender by performing multi-dimensional plausibility checks. Once the receiver verifies the trustworthiness of the sender, the received data is then evaluated both directly and indirectly. Extensive simulations are carried out to evaluate the performance and accuracy of MARINE rigorously across three MiTM attacker models and the bench-marked trust model. Simulation results show that for a network containing 35% MiTM attackers, MARINE outperforms the state of the art trust model by 15%, 18%, and 17% improvements in precision, recall and F-score, respectively.N/A

Emerging privacy challenges and approaches in CAV systems

The growth of Internet-connected devices, Internet-enabled services and Internet of Things systems continues at a rapid pace, and their application to transport systems is heralded as game-changing. Numerous developing CAV (Connected and Autonomous Vehicle) functions, such as traffic planning, optimisation, management, safety-critical and cooperative autonomous driving applications, rely on data from various sources. The efficacy of these functions is highly dependent on the dimensionality, amount and accuracy of the data being shared. It holds, in general, that the greater the amount of data available, the greater the efficacy of the function. However, much of this data is privacy-sensitive, including personal, commercial and research data. Location data and its correlation with identity and temporal data can help infer other personal information, such as home/work locations, age, job, behavioural features, habits, social relationships. This work categorises the emerging privacy challenges and solutions for CAV systems and identifies the knowledge gap for future research, which will minimise and mitigate privacy concerns without hampering the efficacy of the functions

Trustee: A Trust Management System for Fog-enabled Cyber Physical Systems

In this paper, we propose a lightweight trust management system (TMS) for fog-enabled cyber physical systems (Fog-CPS). Trust computation is based on multi-factor and multi-dimensional parameters, and formulated as a statistical regression problem which is solved by employing random forest regression model. Additionally, as the Fog-CPS systems could be deployed in open and unprotected environments, the CPS devices and fog nodes are vulnerable to numerous attacks namely, collusion, self-promotion, badmouthing, ballot-stuffing, and opportunistic service. The compromised entities can impact the accuracy of trust computation model by increasing/decreasing the trust of other nodes. These challenges are addressed by designing a generic trust credibility model which can countermeasures the compromise of both CPS devices and fog nodes. The credibility of each newly computed trust value is evaluated and subsequently adjusted by correlating it with a standard deviation threshold. The standard deviation is quantified by computing the trust in two configurations of hostile environments and subsequently comparing it with the trust value in a legitimate/normal environment. Our results demonstrate that credibility model successfully countermeasures the malicious behaviour of all Fog-CPS entities i.e. CPS devices and fog nodes. The multi-factor trust assessment and credibility evaluation enable accurate and precise trust computation and guarantee a dependable Fog-CPS system

Security in hybrid ITS networks

Dissertação para obtenção do Grau de Mestre em Engenharia Informática e de ComputadoresSistemas de Transportes Inteligentes e Cooperativos (C-ITS) visam melhorar a segurança e a sustentabilidade dos transportes. No entanto, a comunicação dos sistemas Vehicleto-Everything é inerentemente aberta, levando a vulnerabilidades que atacantes podem explorar. Isto é uma ameaça a todos os utilizadores rodoviários, pois falhas de segurança podem levar a violações de privacidade ou a fatalidades. Além disso, elevadas taxas de mortalidade estão correlacionadas com utilizadores de mobilidade suave. Logo, no desenvolvimento de sistemas C-ITS, é crucial considerar, além dos veículos conectados, os utilizadores de mobilidade suave e os veículos sem a devida tecnologia. Este estudo apresenta uma nova abordagem desenvolvida no contexto emergente das redes híbridas, combinando tecnologias ITS-G5 e celulares. Dois protocolos, MFSPV e DLAPP, foram implementados e avaliados para introduzir garantias de segurança (como privacidade e integridade) nas comunicações dentro do ambiente híbrido C-ITS desenvolvido. Assim, este trabalho integra, com segurança, estações ITS conectadas por G5 e utilizadores de mobilidade suave, através de uma aplicação móvel via redes celulares. Para tal, utilizou-se equipamentos reais, incluindo on-board e roadside units. Tempos computacionais, de latência e de ponta-a-ponta (E2E) foram usados para avaliar o desempenho do sistema. O protocolo MFSPV supera o DLAPP em eficiência computacional, mas o DLAPP atinge uma latência de rede ligeiramente menor. No entanto, ambos introduzem apenas um atraso adicional de 11% nas comunicações híbridas E2E. A comunicação híbrida impõe, em média, 28.29ms extra de tempo E2E. A proposta mostra-se promissora, visto que atinge tempos de E2E abaixo dos requisitos de latência impostos na maioria dos casos de utilização do C-ITS.Cooperative Intelligent Transport Systems (C-ITS) continue to be developed to enhance transportation safety and sustainability. However, the communication of Vehicle-to-Everything systems is inherently open, leading to vulnerabilities that attackers can exploit.This represents a threat to all road users, as security failures can lead to privacy violations or even fatalities. Moreover, a high fatality rate is correlated with softmobility road users. So, in the development of C-ITS systems, it is crucial to broaden the perspective beyond connected vehicles to soft-mobility users and legacy vehicles. This study presents a novel approach developed in the context of emerging hybrid networks, combining ITS-G5 and cellular technologies. Two protocols, MFSPV and DLAPP, were implemented and evaluated to introduce security guarantees (such as privacy and integrity) in communications within the developed C-ITS hybrid environment. As a result, this work securely integrates G5-connected ITS stations and softmobility users through a smartphone application via cellular networks. Real equipment was utilised for this goal, including on-board and roadside units. Computational, latency and end-to-end times were used to assess the system performance.MFSPV outperforms DLAPP in computational efficiency, but DLAPP achieves a slightly lower network latency. Nevertheless, both only introduce an additional 11% delay in hybrid end-to-end communications. Hybrid communication imposes, on average, an extra 28.29ms of end-to-end time. The proposal shows promise as it reaches end-to-end times below the latency requirements imposed in most C-ITS use cases.N/

Data centric trust evaluation and prediction framework for IOT

© 2017 ITU. Application of trust principals in internet of things (IoT) has allowed to provide more trustworthy services among the corresponding stakeholders. The most common method of assessing trust in IoT applications is to estimate trust level of the end entities (entity-centric) relative to the trustor. In these systems, trust level of the data is assumed to be the same as the trust level of the data source. However, most of the IoT based systems are data centric and operate in dynamic environments, which need immediate actions without waiting for a trust report from end entities. We address this challenge by extending our previous proposals on trust establishment for entities based on their reputation, experience and knowledge, to trust estimation of data items [1-3]. First, we present a hybrid trust framework for evaluating both data trust and entity trust, which will be enhanced as a standardization for future data driven society. The modules including data trust metric extraction, data trust aggregation, evaluation and prediction are elaborated inside the proposed framework. Finally, a possible design model is described to implement the proposed ideas

On the Security of the Automatic Dependent Surveillance-Broadcast Protocol

Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next generation air transportation systems. As the heart of modern air traffic control, it will play an essential role in the protection of two billion passengers per year, besides being crucial to many other interest groups in aviation. The inherent lack of security measures in the ADS-B protocol has long been a topic in both the aviation circles and in the academic community. Due to recently published proof-of-concept attacks, the topic is becoming ever more pressing, especially with the deadline for mandatory implementation in most airspaces fast approaching. This survey first summarizes the attacks and problems that have been reported in relation to ADS-B security. Thereafter, it surveys both the theoretical and practical efforts which have been previously conducted concerning these issues, including possible countermeasures. In addition, the survey seeks to go beyond the current state of the art and gives a detailed assessment of security measures which have been developed more generally for related wireless networks such as sensor networks and vehicular ad hoc networks, including a taxonomy of all considered approaches.Comment: Survey, 22 Pages, 21 Figure