Security in Mobile ADHOC Networks
SECURITY
Among all the challenges of the VANET, security got less attention so far. VANET packets contains life critical information hence it is necessary to make sure that these packets are not inserted or modified by the attacker; likewise the liability of drivers should also be established that they inform the traffic environment correctly and within time. These security problems do not similar to general communication network. The size of network, mobility, geographic relevancy etc makes the implementation difficult and distinct from other network security.
Security Challenges in VANET
The challenges of security must be considered during the design of VANET architecture, security protocols, cryptographic algorithm etc. The following list presents some security challenges:
Real time Constraint: VANET is time critical where safety related message should be delivered with 100ms transmission delay. So to achieve real time constraint, fast cryptographic algorithm should be used. Message and entity authentication must be done in time.
Data Consistency Liability: In VANET even authenticate node can perform malicious activities that can cause accidents or disturb the network. Hence a mechanism should be designed to avoid this inconsistency. Correlation among the received data from different node on particular information may avoid this type of inconsistency.
Low tolerance for error: Some protocols are designed on the basis of probability. VANET uses life critical information on which action is performed in very short time. A small error in probabilistic algorithm may cause harm.
Key Distribution: All the security mechanisms implemented in VANET dependent on keys. Each message is encrypted and need to decrypt at receiver end either with same key or different key. Also different manufacturer can install keys in different ways and in public key infrastructure trust on CA become major issue. Therefore distribution of keys among vehicles is a major challenge in designing a security protocols.
Incentives: Manufactures are interested to build applications that consumer likes most. Very few consumers will agree with a vehicle which automatically reports any traffic rule violation. Hence successful deployment of vehicular networks will require incentives for vehicle manufacturers, consumers and the government is a challenge to implement security in VANET.
High Mobility: The computational capability and energy supply in VANET is same as the wired network node but the high mobility of VANET nodes requires the less execution time of security protocols for same throughput that wired network produces. Hence the design of security protocols must use the approaches to reduce the execution time. Two approaches can be implementing to meet this requirement.
Low complexity security algorithms: Current security protocols such as SSL/TLS, DTLS, WTLS, generally uses RSA based public key cryptography. RSA algorithm uses the integer factorisation on large prime no. which is NP-Hard. Hence decryption of the message that used RSA algorithm becomes very complex and time consuming. Hence there is need to implement alternate cryptographic algorithm like Elliptic curve cryptosystems and lattice based cryptosystems. For bulk data encryption AES can be used.
Transport protocol choice: To secure transaction over IP, DTLS should be preferred over TLS as DTLS operates over connectionless transport layer. IPSec which secures IP traffic should be avoided as it requires too many messages to set up. However IPSec and TLS can be used when vehicles are not in motion.
Security requirements in VANET
VANET must satisfy some security requirements before they are deployed. A security system in VANET should satisfy the following requirements:
Authentication: Authentication ensures that the message is generated by the legitimate user. In VANET a vehicle reacts upon the information came from the other vehicle hence authentication must be satisfied.
Availability: Availability requires that the information must be available to the legitimate users. DoS Attacks can bring down the network and hence information cannot be shared.
Non-Repudiation: Non-repudiation means a node cannot deny that he/she does not transmit the message. It may be crucial to determine the correct sequence in crash reconstruction.
Privacy: The privacy of a node against the unauthorised node should be guaranteed. This is required to eliminate the massage delay attacks.
Data Verification: A regular verification of data is required to eliminate the false messaging.
Attackers on Vehicular Network
To secure the VANET, first we have to discover who are the attacker, their nature, and capacity to damage the system. On the basis of capacity these attackers may be three type •
Insider and Outsider: Insiders are the authenticated members of network whereas Outsiders are the intruders and hence limited capacity to attack.
Malicious and Rational: Malicious attackers have not any personal benefit to attack; they just harm the functionality of the network. Rational attackers have the personal profit hence they are predictable.
Active and Passive: Active attackers generate signals or packet whereas passive attackers only sense the network.
Attacks in the VANET
To get better protection from attackers we must have the knowledge about the attacks in VANET against security requirements. Attacks on different security requirement are given below:
Impersonate: In impersonate attack attacker assumes the identity and privileges of an authorised node, either to make use of network resources that may not be available to it under normal circumstances, or to disrupt the normal functioning of the network. This type of attack is performed by active attackers.
They may be insider or outsiders. This attack is multilayer attack means attacker can exploit either network layer, application layer or transport layer vulnerability. This attack can be performed in two ways: a) False attribute possession: In this scheme an attacker steals some property of legitimate user and later with the use of attribute claims that it is who (legitimate user) that sent this message. By using this type attack a normal vehicle can claim that he/she is a police or fire protector to free the traffic. b) Sybil: In this type of attack, an attacker use different identities at the same time.
Session hijacking: Most authentication process is done at the start of the session. Hence it is easy to hijack the session after connection establishment. In this attack attackers take control of session between nodes.
Identity revealing: Generally a driver is itself owner of the vehicles hence getting owner‘s identity can put the privacy at risk.
Location Tracking: The location of a given moment or the path followed along a period of time can be used to trace the vehicle and get information of driver.
Repudiation: The main threat in repudiation is denial or attempt to denial by a node involved in communication. This is different from the impersonate attack. In this attack two or more entity has common identity hence it is easy to get indistinguishable and hence they can be repudiated.
Eavesdropping: Eavesdropping is a most common attack on confidentiality. This attack is belongs to network layer attack and passive in nature. The main goal of this attack is to get access of confidential data. • Denial of Service: DoS attacks are most prominent attack in this category. In this attack attacker prevents the legitimate user to use the service from the victim node. DoS attacks can be carried out in many ways.
a) Jamming: In this technique the attacker senses the physical channel and gets the information about the frequency at which the receiver receives the signal. Then he transmits the signal on the channel so that channel is jam.
b) SYN Flooding: In this mechanism large no of SYN request is sent to the victim node, spoofing the sender address. The victim node send back the SYN-ACK to the spoofed address
but victim node does not get any ACK packet in return. This result too half opens connection to handle by a victim node‘s buffer. As a consequence the legitimate request is discarded.
c) Distributed DoS attack: This is another form Dos attack. In this attack, multiple attackers attack the victim node and prevents legitimate user from accessing the service.
Routing attack: Routing attacks re the attacks which exploits the vulnerability of network layer routing protocols. In this type of attack the attacker either drops the packet or disturbs the routing process of the network. Following are the most common routing attacks in the VANET:
a) Black Hole attack: In this type of attack, the attacker firstly attracts the nodes to transmit the packet through itself. It can be done by continuous sending the malicious route reply with fresh route and low hop count. After attracting the node, when the packet is forwarded through this node, it silently drops the packet.
b) Worm Hole attack: In this attack, an adversary receives packets at one point in the network, tunnels them to another point in the network, and then replays them into the network from that point. This tunnel between two adversaries are called wormhole. It can be established through a single long-range wireless link or a wired link between the two adversaries. Hence it is simple for the adversary to make the tunnelled packet arrive sooner than other packets transmitted over a normal multi-hop route.
c) Gray Hole attack: This is the extension of black hole attack. In this type of attack the malicious node behaves like the black node attack but it drops the packet selectively. This selection can be of two type:
i) A malicious node can drop the packet of UDP whereas the TCP packet will be forwarded.
ii) The malicious node can drop the packet on the basis of probabilistic distribution.