20-09-2016, 10:19 AM
1455258659-kishore.1.pdf (Size: 272.17 KB / Downloads: 7)
Abstract Vehicular communication intends to improve
the traffic safety for decreasing number of accidents and
manages traffic for saving money and time. In vehicular
communication, vehicles communicate wirelessly and so
security of this network against attackers should be
considered. To become a real technology that has public
safety on the roads, vehicular ad hoc network (VANET)
needs appropriate security architecture. Secure architecture
should protect it from different types of security attacks and
preserve privacy for drivers. One of these attacks against
ad-hoc networks is Sybil attack that attacker is creating
multiple identities that are identities belonging to other
vehicles or dummy identities made by the attacker. Attacker
is using them to gain a disproportionately large influence in
the network leading to accidents or causing delay in some
services for the driver using only one physical device. In this
paper we present a case study of different selective methods
for Sybil attack detection in vehicular networks and discuss
about advantages and disadvantages of them for real
implementation.
Introduction
Vehicular network is a specific type of mobile ad hoc
network (MANET) where the mobile nodes are replaced
with vehicles equipped with onboard unit (OBU)
communication devices. VANETs have some different
characteristics in comparison with MANETs including rapid
change in topology, no power constraint, large scale,
variable network density and high predictable mobility
(vehicles are driving with limited speed in a road with a
certain geometric topology) [1]. VANET architecture is
designed for vehicle to vehicle (V2V) and vehicle to
infrastructure (V2I) communications with two
communication devices called the Roadside Unit (RSU) that
is placed on the roadside and OBU installed in vehicles. It
also needs to some sensors installed on the vehicles for
gathering environmental and road information. The medium
used for communications among vehicles is 5.9 GHz Dedicated Short Range Communication (DSRC) identified
as IEEE 802.11p. Due to wireless communications,
VANETs are vulnerable to many of the security attacks. One
of the harmful attacks is Sybil attack introduced by
Douceur [2]. In this attack, one attacker creates multiple
identities either by forging new identities or stealing
identities from neighboring vehicles. Stealing identities can
happen by overhearing identities in message broadcasting, as
vehicles within the communication range of sender can
overhear its exchanged messages. There are numerous
malicious operations by Sybil attackers in different
environments that two major damages by attacker are:
Routing: attacker can disrupts routing protocols in
VANET. Two routing mechanisms vulnerable to the Sybil
attack are multi-path routing and geographic routing.
Moreover, Sybil attack can also disrupt the head selection
mechanism of various cluster-based routing protocols [3]. In
multi-path routing, a set of paths that seem disjoint may pass
through the Sybil nodes owned by a malicious node. In
geographical routing protocols, malicious nodes may appear
at more than one place at a time [4].
Voting and Reputation Systems: voting is effective for
gathering and verifying some useful information for many of
applications that Sybil nodes can change voting result.
Reporting and identifying node misbehavior and verifying
vehicle position are examples of voting applications.
Due to great damage when this attack occurs, we should
have an efficient method for detecting Sybil attack. Defense
mechanism for practical implementation should have proper
detection rate, minimal time complexity, preserve privacy of
drivers and as much as possible not increase exchanging
messages in the network. So in this paper we examine
different mechanisms for Sybil attack detection and then
express some of the selected research works with their
features, advantages and disadvantages.
2. Analysis of Defense Mechanisms
We can classify different defense mechanisms in
VANETs as: (1) resource testing methods, (2) methods
based on position verification, and (3) encryption and
authentication based methods. At the following we express
some selected works in each domain to consider the problems for implementing each mechanism.
2.1. Defense Based on Resource Testing
Resource testing methods test vehicle’s resources, such as
radio resources [5], computational and memory resources
and identification resources. In radio resource testing
methods, each node broadcasts a message for all of the
neighboring nodes and then randomly selects a channel for
listening to the response message. If the selected neighbor is
legitimate, it sends the response in the same channel;
otherwise it cannot send the response message for its
different Sybil entities simultaneously on different channels
and so Sybil attack is detected. Radio resource testing is
based on the assumption of it is not possible for a device to
send and receive on more than one channel at a time. But in
VANETs, attackers may have multiple channels and so this
method is not applicable for vehicular network.
For identification resource, if there are vehicles with MAC
and IP addresses that are not recorded in a list, identify as
fakes [6]. This method is not sufficient for VANETs because
a malicious vehicle may have multiple identities that are not
belonging to any of vehicles in the network and it is possible
to each of them be registered in the list. Moreover operation
of broadcasting the registered identities for legitimate
vehicles violates privacy of drivers. For computational
resource testing, vehicles failing to solve a puzzle are
identified as fakes [6]. Malicious vehicle and its Sybil
entities have shared resources such as memory,
computational resources, IP and so on. We therefore can
detect them with message tracking, monitoring vehicles and
finding which vehicles are using shared resources for
sending messages and processing of the received signal. This
method requires special tools for network monitoring and
message tracking. The goal of using resource testing based
methods is not to prevent this attack. Rather, the aim is
undermining this attack and restricting fake identities. But in
many cases, attacker can obtain sufficient IDs for its purpose
and so a successful attack occurs. Therefore these methods
are not sufficient for using in VANETs
2.2. Defense Based on Position Verification
The methods are employing this technique, take advantage
of this fact: a vehicle can present at only one position at a
time. Some of position based techniques are considered for Sybil attack detection, because these methods are available
for position based applications including traffic condition
reports, collision avoidance, emergency alert, cooperative
driving, or resource availability and then it is not necessary
to use extra devices or computational methods only for
detecting this attack. Protection of position information is
necessary for working these applications in real world,
because adversaries such as pranksters and malicious
attackers can harm the VANET by perpetrating the attacks
such as dropping packets, modifying existing packets,
inserting bogus packets and replying packets [6].
As stated in [8,9], localization schemas are divided into 2
categories: range-based and range free methods. In
Range-based methods, after estimating distance between a
transmitter and receiver, we can use it to compute the
vehicle’s position by using next process. Distance estimation
fall into three categories: Received Signal Strength Indicator
(RSSI) based methods, time-based methods (e.g. Time Of
Arrival (TOA) and Time Difference Of Arrival (TDOA))
and Angle Of Arrival (AOA) based methods [10]. A range
free localization method may be used to provide side
information as complement for other position estimations.
Range-based methods have high accuracy in localization.
Therefore we expose range-based methods for the goal of
distance estimation and so position verification.
To prevent many of attacks against vehicle position and
also Sybil attack, Yan et al. [11] propose a novel method
based on the adage: ‘Seeing of believing’. In this view the
authors use onboard radar as virtual vehicle eye, although the
eyesight is limited for the reason of low radar transmission
range. So a vehicle can see neighboring vehicles at a limited
distance and also it can hear their GPS coordinates reports.
With comparison of what is seen with what is heard by the
vehicle, it is possible for the vehicle to confirm actual
position of neighbors and separates malicious vehicles from
the others. There are some problems for using this method:
(1) the proposed method requires a new additional hardware
that such a device doesn’t exist at present [12], (2) the
method fails when a target vehicle claims it’s at the position
of another existing vehicle that both are at the radio range of
verifier vehicle [12]. An example of this problem is shown in
Fig. 1.
Sybil attack in this situation is not prevented by using this
method and (3) as Shen. P [13] has stated, if a vehicle is out
of radar range, applying this method is impractical. But in
answer to this problem, Yan et al. in [14] state that radar
range in Yan et al. [11] method, is assumed to be constant, so
if a target vehicle is out of verifier vehicle radar range, this
approach uses intermediate vehicles. But using intermediate
vehicles is potential for security problems [14]. For gaining
trusted and safe position information about target vehicle, it
is necessary to use more than one vehicle as intermediates.
But if many of intermediate vehicles are malicious players,
verifier vehicle will be fooled (this problem is possible with
collusion attack).
The problem of constant radar range is solved in Yan et
al. [14]. The purpose of this research work is enhancing position security and reducing response time. Authors
proposed an onboard radar system that is dynamically
configurable. In this method, if target vehicle (target for
receiving position information) is out of verifier vehicle
radar range, radar can dynamically tune its range by
changing the signal sample size and so verifier vehicle at the
most time can get the position information directly rather
than using intermediate vehicles. Therefore vehicle
positioning system is improved and last problem in Yan et
al. [11] method has largely been solved, but other problems
still remain.
Xiao et al. [15,16] proposed a lightweight method for
detecting and localizing Sybil nodes in VANETs. Operation
of this method is locally and distributed around the vehicle.
The verifier confirms claimed position of each vehicle. In
this approach, statistical analysis of received signal strengths
taken by neighboring vehicles over a period of time are used
to calculate position of the claimer vehicle. This simple
method with low overhead and low accuracy has a 10 meters
error range in positioning and if neighbor vehicles are Sybil
entities, this method is vulnerable against spurious signal
strength measurements. Therefore Xiao et al. have proposed
an improvement. In this improvement, each vehicle has the
role of claimer, witness or verifier on different occasions and
for different purposes. The claimer vehicle periodically
broadcasts its position and identity information and verifier
vehicle confirms the claimer position by using a set of
witness vehicles. For witness selection, reliable vehicles
should be selected. So for witness selection, the authors use
traffic pattern and RSU support in two following rules: (1)
each vehicle receives a position certification when passes
through an RSU. This certificate that is contains a time stamp,
the passing vehicle’s identity and position of the RSU,
proves presence of the vehicle near the RSU at a certain time,
and (2) all of the selected witnesses should be in the opposite
road direction of the claimer. By combining these two rules,
witnesses are the physical and legitimate vehicles on
opposite sides of the road, excluding any Sybil vehicle. They
used rule 2 because if the claimer is a Sybil entity generated
by a malicious vehicle, the other Sybil entities from the same
malicious vehicle cannot use the malicious certificates to
prove their physical presence.
Advantages of this method are: (1) it is suitable for
applying on sparse RSUs and so has a low cost architecture,
(2) no additional hardware is required in this approach, and
(3) detection rate is larger than 99%. Disadvantages of this
approach are: (1) non-sufficient accuracy for position
detection with received signal strength measurements in
dense roads, (2) it is possible to there are not sufficient
number of vehicles on opposite side of the road and also
using this method in one-way roads is not possible, (3)
privacy violation with broadcasting identity and position
information for distributed position verification.
RSSI is a low cost method for hardware-constrained
systems, in which the distance between two entities is
estimated based on the received signal strength and using
theoretical radio propagation models. The reliability of the estimated RSSI cannot be guaranteed in environments with
multipath and shadowing effects for the reason of attenuation
in the received signal. There are some techniques that
register RSSI values with vehicle identifier for detection of
Sybil entities [17-19]. These methods may be sufficient for
detecting some attackers in the network, but we cannot use
them as a single defense mechanism. Because in many of
researches some of assumptions for using this approach are
restrictive: malicious vehicles do not collude with each other
and sender vehicles do not increase or decrease their
transmission rate. These two assumptions may happen in
VANET and so if we assume that attacker is very smart, this
method is not sufficient for implementation as a single
mechanism.
2.3. Defense Based on Encryption and Authentication
In the encryption and authentication methods, Sybil attack
detection is based on the authentication mechanism and
public key cryptography. Many of research works are
proposed for attack detection in MANETs and VANETs
based on this mechanism [5,20,21]. Using trusted certificates
is the only approach that has the potential to completely
eliminate Sybil attacks. But many of encryption and
authentication methods are based on the Public Key
Infrastructure (PKI), a heavy and difficult solution that
should be tested and evaluated in reality for VANETs. Public
key encryption or message authentication systems consume
more time and memory than symmetric key based systems
and also increase the message size. Therefore, bandwidth
and resources consumption increase in public key systems.
Chang et al. [22] proposed a new protocol based on the
authorized messages as vehicle trajectory, which is called
Footprint. This protocol preserves the privacy of the vehicles
in the network. In this protocol when a vehicle encounters
with each RSU, upon request, receives an authorized
message from the RSU and thus presence of the vehicle will
be proved at a specific time. For unique vehicle identification,
each vehicle collects a set of consecutive authorized
messages from the RSUs is passing by them. These
authorized messages chain together and form a trajectory for
the vehicle. To reduce computational complexity, only the
last RSU signs the vehicle trajectory (chained authorize
messages). RSUs can track each vehicle with a set of its
authorized messages; therefore in this protocol there are two
conditions that help vehicles to remain ambiguous in the
network. In first condition all of the RSUs that sign the
vehicle’s messages, are unknown or authorized messages are
signer-ambiguous and so with eavesdropping of the
authorized messages it is not possible to detect a specific
vehicle. In another condition, authorized messages are
temporary linkable. This means two messages issued by one
RSU are recognizable if and only if they are issued within the
same period of time. This condition is necessary because
sometimes without even knowing which RSU has signed the
authorized message, malicious vehicle can detect trajectory
of the vehicle by gathering authorized messages by the same