Survey on Security Attacks in Vehicular Ad hoc
Networks (VANETs)
Mohammed Saeed Al-kahtani
Computer Engineering Dept., Salman bin Abdulaziz University, Saudi Arabia
alkahtani@sau.edu.sa
Abstract ± Vehicular Ad hoc Networks (VANETs) are
emerging mobile ad hoc network technologies incorporating
mobile routing protocols for inter-vehicle data communications
to support intelligent transportation systems. Among others
security and privacy are major research concerns in VANETs
due to the frequent vehicles movement, time critical response
and hybrid architecture of VANETs that make them different
than other Ad hoc networks. Thus, designing security
mechanisms to authenticate and validate transmitted message
among vehicles and remove adversaries from the network are
significantly important in VANETs. This paper presents
several existing security attacks and approaches to defend
against them, and discusses possible future security attacks
with critical analysis and future research possibilities.
Keywords: Vehicular Ad hoc Networks (VANET); Security;
Privacy; Road Side Unit; On-board Unit; Wormhole; Sybil;
Certificate; Masquerade; Black hole etc.
I. INTRODUCTION
Recently, Vehicular Ad hoc Networks (VANETs) have
achieved widespread applicability in different application
domains related to transportation systems such as providing
public safety and assistance, driving improvement, toll
collection, roadside service finders, traffic monitoring and
control, highway Internet access and enhancing safety and
efficiency of highway systems. VANETs are also known as
Wireless Access in Vehicular Environment (WAVE) [13]
that supports Intelligent Transportation Systems (ITS) [3]
through Dedicated Short-Range Communication (DSRC).
Figure 1 illustrates the architecture of a VANET.
In VANETs, there are two types of communications: (1)
vehicle to vehicle (V2V) and (2) vehicle to infrastructure
(V2I). Vehicles have On Board Units (OBUs), which consist
of Omni directional antennas, processors, GPS unit, and
sensors for V2V communications. Vehicles also perform
V2I communications with roadside infrastructures, which
are placed within a fixed distance of each other depending
upon the communication range of the roadside devices, also
known as Road Side Units (RSUs). RSUs communicate each
other through wireless medium or wired connections. They
can also be mobile. The V2I communications can be further
uthorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on September 28,2023 at 10:52:04 UTC from IEEE Xplore. Restrictions apply
978-1-4673-2393-2/12/$31.00 ©2012 IEEE
extended to provide applications such as Internet since RSUs
can be connected to a network. The V2V communications
can be used to send emergency and real-time information
such as an accident or road traffic information so that other
vehicles can take alternative routes to prevent traffic
congestions.
Internet
V2I
RSU V2V
Vehicle
DSRC
3G, WiMAX
Cellular
Base station
Internet
Figure 1: Vehicular Ad hoc Networks (VANETs)
Since VANETs support emergency real-time
applications and also deal with life critical information they
should follow the security requirements such as privacy,
confidentiality, integrity, and non-repudiation to provide
secured communications against attackers, and malicious
nodes. Various security attacks such as Denial of Service
(DOS) [17], Sybil attack [6, 9, 12], Wormhole attack [19,
23], Illution attack [14] and Purposeful attack [16] not only
affect the privacy of the drivers and vehicles but also
compromise traffic safety and eventually lead to loss of life.
Hence, extensive researches are being conducted to provide
security in VANETs. The main purpose of providing the
security and privacy in VANETs is based on the fact that at
no point during the communication in VANETs the true
identity of the drivers should be exposed since adversaries
may use this information for launching attacks with false
identities and never get caught. However, vehicles and
drivers have to disclose their identities to RSUs to
 communicate with them. Hence, the security and privacy
issues must be handled carefully so that the adversaries
cannot misuse them.
In this paper, we present several security and privacy
attacks in VANETs with their defending mechanisms, and
classify these mechanisms. Thus, the main contributions of
this paper are to (i) identify different security attacks, (ii)
present, classify and compare their defending mechanism in
VANETs (iii) identify future possibilities in this area.
The remainder of this paper is organized as follows.
Section II presents different security attributes and types of
malicious nodes in VANETs. In Section III, we present
security attacks and their defending mechanisms with
examples. In Section IV, we classify the security and privacy
approaches of VANETs. Section VI concludes the paper
with discussion, and some future research ideas.
II. SECURITY ATTRIBUTES
In the following subsections, we present security
attributes in Vehicular Ad hoc Networks (VANETs) and
types of malicious vehicles.
A. Security Attributes
There are several important requirements to achieve
security in VANETs, which are discussed as follows. [17].
Authentication: Vehicles should respond only to the
messages transmitted by legitimate members of the network.
Thus, it is very important to authenticate the sender of a
message.
Data Verification: Once the sender vehicle is authenticated
the receiving vehicle performs data verifications to check
whether the message contains the correct or corrupted data.
Availability: The network should be available even if it is
under an attack using alternative mechanisms without
affecting its performance.
C D
B Road Clear Traffic Jam Ahead
Malicious Car
.
Figure 2: Data Integrity
Data Integrity: It ensures that data or messages are not
altered by attackers. Otherwise, users are directly affected by
the altered emergency data. For example, if a vehicle B
sends a ³5RDG&OHDU´message to a malicious vehicle C and
C DOWHUVWKHPHVVDJHDV³7UDIILF-DP$KHDG´DQGVHQGV this
uthorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on September 28,2023 at 10:52:04 UTC from IEEE Xplore. Restrictions apply
message to a legitimate vehicle D, it (D) will be affected by
this message since D will change the road and be in trouble
later on. Figure 2 demonstrates such a scenario of data
integrity.
Non-repudiation: A sender must not deny a message
transmission whenever an investigation or identity of a
vehicle is required.
Privacy: The profile or a driver¶V personal information must
be maintained against unauthorized access.
Real-time constraints: Since vehicles are connected to
VANETs for a short duration, real-time constraints should
be maintained.
B. Types of Malicious Vehicles
In VANETs, malicious vehicles launch attacks on
legitimate vehicles in several ways. Thus, malicious or
attacker vehicles are classified as follows.
Insiders Vs Outsiders
In a network, a member node who can communicate
with other members of the network is known as an Insider
and can attack in various ways. Outsiders who cannot
communicate directly with the members of the network have
a limited capacity to attack (i.e., have less variety of attacks).
Malicious Vs Rational
A malicious attacker uses various methods to damage
the member nodes and the network without looking for its
personal benefit. On the contrary, a rational attacker expects
personal benefit from the attacks. Thus, these attacks are
more predictable and follow some patterns.
Active Vs Passive
An active attacker can generate new packets to damage
the network whereas a passive attacker only eavesdrop the
wireless channel but cannot generate new packets (i.e., less
harmful).
III. SECURITY ATTACKS AND APPROACES
In this section, we present several security attacks on
Vehicular Ad hoc Networks (VANETs), and defending
mechanisms of some of these attacks [7, 9, 17, 19, 20, 24].
Bogus Information
Attackers may transmit incorrect or bogus information
in the network for their advantage. For instance, an attacker
may transmit wrong information about the traffic conditions
in order to make its movement easier on the road. This
attack is related to the authentication security requirements.
 Elliptic Curve Digital Signature Algorithm (ECDSA)
[16] is a message authentication scheme that uses hashing
technique to keep messages more secured and provides
strong authentication for the destination vehicles. This
scheme works by generating public and private keys from
the source vehicle. This public key is available to all
vehicles in VANETs. The source vehicle hashes the message
and encrypts it using a secured hash algorithm and private
key and sends the message to the destination vehicle. At the
destination, the message is decrypted using the public key,
which is the hash of the message. This scheme is more
secured on message authentications since hashing is a strong
technique. Changes in messages will also change in the hash
message, which makes it unique.
Denial of Service (DoS)
Attackers may transmit dummy messages to jam the
channel and thus, reduce the efficiency and performance of
the network. Figure 3 illustrates that a malicious black car
transmits a GXPP\ PHVVDJH ³/DQH FORVH $KHDG´ WR D
legitimate car behind it and also to an RSU to create a jam in
the network. The Distributed DoS (DDoS) is more severe
than the DoS where a number of malicious cars attack on a
legitimate car in distributed manner from different locations
and timeslots. Figure 4 demonstrates that a number of
malicious black cars attack on V1 from different locations
and time so that V1 cannot communicate with other
vehicles.
RSU
Lane Close
Ahead
Lane Close
Ahead
Malicious Car Vehicle
Figure 3: Denial of Service (DOS) Attack
RSU
Accident Ahead Lane Close Ahead
V1
Malicious
Car Lane Close Ahead
Figure 4: Distributed Denial of Service (DDoS) Attack
uthorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on September 28,2023 at 10:52:04 UTC from IEEE Xplore. Restrictions apply
Masquerade
A vehicle fakes its identity and pretends to be another
vehicle for its own advantage. It is achieved using message
fabrication, alteration, and replay. For instance, a malicious
vehicle or attacker can pretend to be an ambulance to
defraud other vehicles to slow down and yield.
Black Hole Attack
A black hole is an area of the network where the
network traffic is redirected. However, either there is no
node in that area or the nodes reside in that area refuse to
participate in the network. This causes data packets to be
lost. Figure 5 illustrates a black hole attack where the black
hole is formed by a number of malicious nodes, which
refuses to transmit the messages received from the legitimate
cars C and D to the cars E and F.
RSU RSU
Black Box
C E
Malicious Car
Accident Ahead
D F
Figure 5: Black hole attack
Existing solutions to black hole attacks consider
designing protocols having more than one route to the
destination, which imposes processing overload to the
network. Moreover, this solution might be suitable to
MANETs rather than VANETs, which has several mobile
nodes and higher end-to-end delay to find additional nodes
or paths. Another solution could use packet sequence
numbers in a packet header so that if any packet is lost the
destination can identify from the missing packet sequence
number.
Malware and Spam
Malware and spam attacks, such as viruses and spam
can cause serious disruptions in the normal VANETs
operations. Malware and spam attacks are normally
executed by malicious insiders rather than outsiders
whenever on board units (OBU) of vehicles and road side
units (RSUs) perform software updates. These attacks
increase transmission latency, which can be alleviated by
using a centralized administration.
Timing Attack
Transmitting data at the right time from one vehicle to
another vehicle is significantly important to achieve data
integrity and security. In timing attacks, whenever malicious
vehicles receive any emergency message they do not
forward it to the neighboring vehicles at the right time but
they add some timeslots to the original message to create
 delay. Thus, neighboring vehicles of the attackers receive
the message after they actually require it. Figure 6 illustrates
that whenever the malicious black vehicle receives the
³$FFLGHQW $KHDG´ PHVVDJH LW GRHV QRW WUDQVPLW it to the
vehicle whenever it is at the right position F but transmits by
adding some timeslots so that whenever the vehicle receives
the message it is on the spot F1 where the accident has
happened.
Malicious Car
C
d
hea
ent
A between transmitted and received signals is used and
cid
Ac
D F1
Figure 6: Timing Attack
Global Positioning System (GPS) Spoofing
The GPS satellite maintains a location table with the
geographic location and vehicles identity in the network. An
attacker can produce false readings in the GPS positioning
system to deceive vehicles to think that they are in a
different location. The attackers use the GPS satellite
simulator to generate signals that are stronger than those
generated by the actual satellite system.
Man in the Middle Attack (MiMA)
In this attack, malicious vehicles listen to the
communication among vehicles and inject false information
between vehicles. Figure 7 demonstrates a MiMA attack
where the malicious vehicle C listens to the communication
between vehicles B and D as well as sends wrong
information to the vehicle E that C receives from the vehicle
A.
C E
A Lane Close
Ahead
Malicious Car
B D
Figure 7: Man-in-the-Middle Attack
Sybil Attack
In Sybil attack [4, 25], an attacker generates multiple
identities to simulate multiple nodes. Each node transmits
messages with multiple identities. Thus, other vehicles
realize that there are many vehicles in the network at the
same time. This attack is very dangerous since a vehicle can
claim to be in different positions at the same time, thereby
creating chaos and huge security risks in the network.
Sybil attacks can be detected through resource testing [7,
20]. This approach assumes that all physical entities are
limited to some resources. The work done in [7] uses
uthorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on September 28,2023 at 10:52:04 UTC from IEEE Xplore. Restrictions apply
computational PUZZLES to test computational resources of
each node. However, this technique is not appropriate for
VANETs [20] since an attacker node can have more
computational resources than an ordinary node. Thus, radio
resource testing [20] is used to eliminate this problem.
Sybil attacks can be eliminated using public key
cryptography [18] where each vehicle is authenticated using
public keys. Key revocation is another approach that reduces
the influence of Sybil attacks detected in wireless sensor
networks [2, 22] using a predefined propagation model. This
model measures the distance of a node through RSSI
E approach, where the differences of the signal strength
matched with WKH QRGH¶V claimed position. If the claimed
F position is too far from the evaluated distance this node is
suspected as a Sybil attacker.
However, these approaches are mostly based on several
assumptions, which are not realistic to reduce the Sybil
attacks in VANETs. The work done in [9] tries to find a
success rate of Sybil attacks based on the assumptions of
transmission power or antenna. To measure the success they
evaluate the number of cheated nodes from the sender¶V and
receiver¶s points of view. From the sender¶V points of view
they evaluate the sender¶s transmission power tuning and
from receiver¶s points of view they calculate the impact of
using bi-directional antennas over Omni-directional
antennas. They only consider the receipt signal strength and
directions. They do not consider any special propagation
model to compute the location of a node but only use a free
space propagation model to calculate the distance between
transmitters and receivers. Their main purpose of this work
is to estimate the effects of assumptions and antennas to
detect Sybil attackers. They have shown that Sybil attacks
can be detected easily using bi-directional antennas in
receiver¶V side. Thus, the usage of more antennas is
significant in VANETs.
RSU1 RSU2
F
Requ us car
Tim egated
previ
uest
mp
Time
Curre m
est fr
l Req
esta
o
r
Agg
p
sta
nt
om
Initia
Vehicle 1 Vehicle 2
Figure 8: Timestamp series approach
Timestamp series approach is another approach to
secure VANETs from Sybil attacks [25]. This approach
works well for an initial development stage of VANETs with
the availability of the RSU infrastructure and only a small
number of vehicles with communication capabilities. The
RSU issues digital certificates to each vehicle that passes
 through it and assumes that two vehicles cannot pass
multiple RSUs at the same time. Thus, a Sybil attacker node
is detected if a vehicle receives multiple messages with the
very similar timestamp certificates. This approach is also
economic since it does not use computational expensive
public key infrastructure (PKI) or Internet accessible RSUs.
Figure 8 illustrates the working scenario of timestamp series
approach.
RobSAD [5] is another approach that detects Sybil
attacks in the initial deployment stage of VANETs. The
method is based on the differences between the normal and
abnormal motion trajectories of vehicles. Each node can
detect attacks independently with the little support from
RSUs. In VANETs, authorized infrastructures (i.e., RSUs)
can provide vehicles digital signatures along with timestamp
on-demand or periodically. Each node can record these
signatures and use to compare and measure the differences
from the neighboring nodes signature vectors to detect Sybil
nodes independently. Thus, this is a very effective, unique
and robust approach with higher detection rate and lower
system requirements. This is because each node does not
require collaborating with neighboring nodes but can detect
attacks independently by comparing digital signatures. This
approach uses infrastructure only to broadcast the digital
signatures along with timestamp to other vehicular nodes.
Wormhole Attack
Wormhole is a severe attack in VANETS and other ad
hoc networks. In this attack, two or more malicious nodes
create a tunnel to transmit data packets from one end of the
network to the malicious node at the other end and these
packets are broadcasted to the network. The malicious nodes
take the control of such a short network connection or link,
threaten the security of transmitting data packets and delete
them.
Tunnel
Malicious Car Listen privacy information and
Malicious Car
transmit through tunnel
Figure 9: Wormhole Attack
Wormhole attacks disrupt the multicast and broadcast
operations for transmitting messages tin VANETS as well
as in on-demand routing protocols such as AODV or DSR.
The AODV protocol does not use any authentication and
protection mechanisms for routing packets and thus, is
affected by wormhole attacks. The malicious nodes or
wormholes can gain unauthorized access to perform Denial
of Service (DoS) attacks. Figure 9 illustrates a wormhole
uthorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on September 28,2023 at 10:52:04 UTC from IEEE Xplore. Restrictions apply
attack where black malicious cars at two end of the network
form a tunnel to transmit confidential information.
Packet leash [12] is a well known approach to prevent
wormhole attacks. For instance, TIK is a packet leashes-
based protocol for detecting and defending against
wormhole attacks. Temporal leashes ensure that each
packet has an upper bound of distance to travel (which is at
most at the speed of light). All nodes are tightly
synchronized with a clock and the clock difference between
any two nodes is known by all other nodes in the network.
The TIK protocol uses asymmetric cryptography to provide
an instant authentication of the received packets where it
uses n public keys for n nodes and hash functions for
keeping up-to-date keys information and received packets.
An attack is detected by calculating the differences between
the packet travel distance and allowed distance to travel.
An efficient approach called, HEAP [33], which is an
improvement of previously proposed packet leashes method,
used to detect the wormhole attacks in the AODV routing
protocol of VANETs, which is more secure and has low
overhead. Instead of using local leashes the HEAP uses
geographical leashes, which is more effective to detect
malicious nodes. However, geographical leaches limit the
packets travel distance. To eliminate this problem, HEAP
assumes that packets should be dropped whenever their
travel distances are more than the value claimed. Otherwise,
the packets are accepted.
Illusion Attack
It is a new security threat on VANETs where an
adversary broadcasts the traffic warning messages based on
the current road condition, which produces illusion to
vehicles at their neighborhood. It can spread the illusion
largely deSHQGLQJ RQ WKH GULYHUV¶ EHKDYLRU RQ WKHLU
responses, which can cause the traffic jam, car accidents and
decrease the performance of VANETs. Existing message
authentication approaches cannot secure networks against
the illusion attack because the adversary directly controls
and misleads the sensors (of its own car) to produce and
broadcast the incorrect traffic information.
Plausibility Validation Network (PVN) [19] is a new
security model to secure VANETs against illusion attacks.
PVN works by collecting raw VHQVRUV¶ data and verifying
whether the collected data are plausible or not. It takes two
types of inputs: incoming data from antennas and data
collected by sensors. These data are categorized by an input
data header. PVN has a rule database and data checking
module which helps to check the validity of input data and
take necessary action accordingly. A message is trustworthy
if it passes all verifications. Otherwise, it is considered as an
invalid message and dropped automatically. PVN can
cooperate with various types cryptography methods and
defend against more attacks.
 Purposeful/Intentional Attack is dropped. However, SPECS does not drop the whole batch;
Intentional or purposeful attack by insiders is very it used binary search and divides the batch in two halves and
difficult to prevent as they are authenticated and trusted to checks the invalidity on each half. If an attacker is found it
perform the peer communications with neighbors. notifies other vehicles and repeats the process until the
search reaches a pre-defined level or all signatures are
In VANETs, it is very important to defend against validated. After verifying the signature the RSU broadcasts
misbehavior, which are generated by purposeful attackers or the message to all vehicles without the hash value, which is
malfunctioning hardware (unintentional). A misbehaving stored into positive and negative bloom filters. Any vehicle
node can deny transmitting messages that it receives from wants to know the validity of a received message will create
other nodes, misinterpret messages, use the bandwidth the hash value and compare with the bloom filters hash
improperly or inject bogus message. A technique has been value. A message is valid if the hash value of this message is
proposed in [14] to defense against misbehavior in V2V and found in the positive bloom filter. Otherwise, the message is
V2I communications. This technique considers anonymous considered as invalid. Table I lists different types of security
communications to prevent misbehavior and keeps the attacks with attacker types and respective security attributes.
privacy of vehicles. A threshold authentication technique is
used where a threshold value is setup to authenticate Table I: Comparison of security attacks with their types and
misbehavior or malicious nodes a number of times. It security requirements.
guarantees that any authentication over the threshold value Name of Attack Attacker Type Security Attributes or
ZLOOWUDFHWKHPLVEHKDYLRUQRGH¶VFUHGHQWLDO Requirements
Bogus Information Insider Data Integrity,
Impersonation Attack Authentication
In V2V communications, one vehicle can broadcast the Denial of Service Malicious, active, Availability
(DoS) insider, network
security messages to other vehicles that may have impact on attack
other vehicles and the traffic control system. Thus, all Masquerading Active, insider Authentication
messages should be authenticated and signed to reduce the Black hole Passive, outsider Availability
communication overhead. On the other hand, in Malware Malicious, insider Availability
impersonation attacks, a malicious vehicle sends message on Spamming Malicious, insider Availability
Timing attack Malicious, insider Data integrity
behalf of other vehicles to create chaos, traffic jam,
GPS Spoofing Outsider Authentication
accidents or other security attacks and hides itself. Man-in-the- Insider, monitoring Data Integrity,
Middle attack Confidentiality
Thus, the work done in [26] proposes a scheme, called Sybil Insider, network Authentication
SPECS to ensure the security and privacy issues of V2V attack
communications and detect the impersonation attacks. This Wormhole or Outsider, malicious, Authentication,
Tunneling monitoring attack Confidentiality
approach is based on the idea of IBV protocol [28] which
Illusion Attack Insider, malicious Authentication
suffers from impersonation attack and cannot fulfill privacy Purposeful attack Active, insiders, Authentication
requirements. To protect the identity of each vehicle it uses malfunctioning
pseudo-identity and a shared secret key mi between a vehicle hardware
and RSU. The security scheme works as follows Impersonation Insider, network Authentication
attack
To authenticate a vehicle with a nearby RSU the
scheme uses PKI with its real identity RIDi and password IV. CLASSIFICATION OF SECURITY SCHEMES
PWDi. The RA authenticates the vehicle and generates the
Existing security and privacy schemes of Vehicular Ad
shared secret key mi for the vehicle and RSU. TA forwards
hoc Networks (VANETs) can be classified into the
mi with a hash function and an encrypted block, which
following categories.
contains mi and system secret key, s. This encrypted block
can only be decrypted by authorized vehicles. The RSU A. Public Key Approaches
transmits this block to vehicles. Each time the vehicle passes In these approaches, each node is provided with a pair
a new RSU a new shared secret key is generated. To of secret and public keys. Public Key Infrastructure (PKI)
generate the signature it uses the shared secret key and one should efficiently handle key management to provide
way hash function with the signing key. As mi is only known security. A scheme using PKI is proposed whenever a
to a vehicle, RSU and TA attackers or other vehicles cannot vehicle has two extra hardware units: Event Data Recorder
generate the valid signing key to sign the message. Invalid (EDR) to record all events and Tamper Proof Hardware
signatures or attackers can be detected using a batch (TPH) to perform cryptographic process.
verification process by RSU. In IBV, if any invalid signature
is found using the batch verification process the whole batch

uthorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on September 28,2023 at 10:52:04 UTC from IEEE Xplore. Restrictions apply
 The work done by Hesham et al. [10] proposes a
dynamic key distribution protocol that handles key
management without the need to store a large number of
keys for PKI support and thus, reduces the usages of Tamper
Proof Device (TPD). In this approach, vehicles unique
information such as Electronic license Plate (ELP), chassis
number that creates Vehicle Authentication Code (VAC) is
used a secret key between a certificate authority (CA) and a
vehicle. A CA is responsible for issuing, distributing,
renewing and revoking public key certificates [1].
This protocol has strong resistance against Denial of
Service (DoS) attack since it uses ELP and a secret key that
is encrypted with unique VAC. Moreover, Man-in-the
Middle attack is not possible since message between RSU,
OBU, and CA is confidential only to the message receiver
and Sybil attack is not possible since the unique identity,
VAC of each vehicle cannot be tampered.
The work done by Gazdar et al. [8] proposes efficient
dynamic cluster-based architecture of the Public Key
infrastructure (PKI) for Vehicular Ad hoc Networks
(VANETs) based on a trust model. Each vehicle will have a
trust value in the range [0, 1] where a new vehicle in the
network starts with 0.1. The vehicle with trust value 1 is the
most authentic and confident vehicle. Base on this trust
value, vehicles will have four different roles as Certificate
Authority (CA), Registration Authority (RA), Gateway
(GW) and Member Node (MN). A CA and RA which have
the trust value equal to 1 issues certificates to the vehicles in
a cluster and protect CA against attacker by avoiding direct
communication between an unknown vehicle and CA,
respectively. A GW is used for inter-cluster communication.
Other vehicles including MNs have to show good behavior
and cooperation to increase their trust values. In the
proposed architecture, a hierarchical monitoring process is
used to observe the behavior of vehicles, where a vehicle
with higher trust value monitors a vehicle with lower trust
level. Authors perform simulation to investigate the effect of
transmission range, vehicle speed and a number of
confidence vehicles on the security of VANETs.
Efficient Certificate Management Scheme (ECMV)
[27] is a PKI-based scheme, which provides an efficient
certificate management between different authorities and
hence, the OBU can update its certificates anywhere at any
instant. Even if the adversary manages to get into the
network, ECMV has an efficient certificate revocation
procedure to remove the adversary. This scheme reduces the
complexity of certificate managements to a great extent and
is very effective in providing security and scalability.
B. Symmetric and Hybrid Approaches
In these schemes nodes communicate after they share
and agree on a secret key that is used for communication.
uthorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on September 28,2023 at 10:52:04 UTC from IEEE Xplore. Restrictions apply
Most security schemes of VANETs are based on either
public or symmetric keys. Recently, a hybrid system that
uses both symmetric and public keys has been proposed for
security in VANETs. It uses two types of communications:
pair-wise and group communication. Pair-wise
communication is used when two vehicles need to
communicate each other whereas in group communication
more than two vehicles communicate. Hybrid approaches
use symmetric keys for pair-wise communications to avoid
the overhead of using the key pair. However, symmetric
keys should not be used in the authentication process since it
prevents non repudiation. The size of a key is 1024 bits and
AES is used for encryption.
C. Certificate Revocation Approaches
A public key infrastructure (PKI) is widely used to
provide security in VANETs which includes certificate
revocation (i.e., terminating the membership of a vehicle)
[1]. Certificate revocation is performed by CA in two ways:
centralized or decentralized. In the centralized approach, a
central authority is responsible only for taking the revocation
decision whereas in decentralized approach, a group of
vehicles which are neighbors of the revoked vehicle take
such a decision.
This scheme is centralized and uses pervasive
infrastructure and not considered efficient since RSU sends
the certificate revocation list (CRL) list to OBU and thus, the
deployment cost becomes high. Some modified approaches
have been proposed such as Revocation Protocol of Tamper
Proof device (RTPD), Distributed Revocation Protocol
(DRP), Revocation Protocol using Compressed Revocation
Lists (RCCRL). RSU aided Certificate Revocation (RCR) is
another newly proposed scheme where a Trusted Third Party
(TTP) grants secret keys for each RSU so that it can sign
messages in its range. Once a certificate is detected as
invalid, certificate authorities (CA) issues messages to the
RSU which broadcasts messages to all vehicles to revoke
that particular certificate and stop communication with it.
D. ID-based Cryptography
Public Key Infrastructure (PKI) and symmetric key
cryptography are not the best schemes to provide security in
VANETs since they are infrastructure-less. Hence, ID-based
cryptography that covers the best features of other security
schemes is also being explored by the research community.
For instance, ID-based cryptography reduces the
computational cost in the ID-based Signature (IBS) process
for VANETs, and is preferable for authentication using the
ID-based Online/Offline Signature (IBOOS) scheme.
IBOOS increases efficiency by separating signing process
into an offline (executed initially at RSUs or vehicles) and
online phase (executed in vehicles during V2V
communications), in which the verification is more efficient
than that of IBS.
 The work done by Lu et al. [11] proposes an ID-based
authentication framework that utilizes both IBS and IBOOS.
This framework utilizes self-defined pseudonyms instead of
real-world IDs without exposing vehicles privacy. This
framework is efficient in term of processing time, storage
and communication overhead. This is because this scheme
preloads a pool of IDs of regional RSUs in each vehicle,
which are very small in size and do not change frequently as
compared to other approaches that pre-stores IDs of all
RSUs. This scheme uses IBS for Vehicle-to-Roadside (V2R)
and Roadside-to-Vehicle (R2V) authentications whereas
IBOOS is used for V2V authentications. Evaluation results
show that this framework efficiently preserves the privacy in
VANETs.
Another work done by Pan et al. [21] proposes an
analytical model to quantify the location privacy based on a
simple scheme called Random Changing Pseudonyms (RCP)
where each vehicle changes its pseudonym after a random
point. However, it is very important to provide unlinkability
between two successive pseudonyms of a vehicle.
Otherwise, an intruder might be able to locate the vehicle by
mapping between successive pseudonyms. Moreover, the
probability of unlinkability between pseudonyms is affected
by the effectiveness of different pseudonym changing
schemes to protect location privacy. Thus, the analytical
model to quantify the effectiveness of pseudonym changing
schemes is an important research problem to provide
security in VANETs.
V. DISCUSSION AND FUTURE WORKS
Vehicular Ad hoc Networks (VANETs) are becoming
popular in transportation systems since they provide road
safety, traffic management, and Internet access on highway
and distribute safety information to drivers and passengers.
However, it poses a great challenge to implement VANETs
in value-added services due to the intruder vehicles and
several security attacks. Thus, providing security and
privacy in VANETs are considered as the most important
research issue in this area.
Additionally, mobility of vehicles and dynamic nature
of the network impose a great challenge to eliminate
malicious vehicles and design secured data transmission
protocols. Though extensive researches are being conducted
to provide security and privacy in VANETs most of these
approaches consider reducing computational and
communication overhead, and processing delay for
authentication between the source and destination vehicles.
Beside, most existing security schemes of VANETs do not
support the security checks while handing over a vehicle
from one Road Side Unit (RSU) to another RSU [15]. The
protocols for high priority applications are still in
exploratory level in terms of security measures. In addition,
uthorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on September 28,2023 at 10:52:04 UTC from IEEE Xplore. Restrictions apply
the following aspects should be considered as future
research possibilities in this area.
x Distributing certificates securely, validating them very
fast and computationally efficient way should be given
more attention while designing secured routing
protocols for VANETs.
x Determining the mobility pattern of vehicles and
linking the mobility pattern with malicious vehicles
could be considered as a potential research in
providing security and privacy in VANETs.
x Determining and assigning trust values to vehicles and
establishing trust among vehicles are significantly
important to provide the integrity and reliability of
applications in VANETs.
x The change of MAC addresses along with the
pseudonyms has not received sufficient attention. If the
IP address changes with the pseudonym the MAC
address should also change. Otherwise, adversaries can
easily track the target vehicle by its MAC address.
x VANETs can provide Internet services on highways.
Users normally use Internet on highways for
emergency communications (e.g., checking emails, and
instant messaging) and social network applications
(e.g., facebook, twitter). Thus, designing secured
communication protocols for VANETs to protect user
profiles and private data from malicious vehicles
should be given the highest priority in this area of
research.
REFERENCES
[1] + $O )DODVL DQG ( %DUND ³5HYRFDWLRQ LQ 9$1(7V $ VXUYH\´
Innovations in Information Technology (IIT), 2011 International
Conference on, pp.214-219, 25-27 April 201.1
[2@%LQ;LDR%R<XDQG&KXDQVKDQ*DR³'HWHFWLRQDQG/RFDOL]DWLRQRI
6\ELO 1RGHV LQ 9$1(7V´ ,Q ACM/SIGMOBILE Workshop on
Dependability Issues in Wireless Ad Hoc Networks and Sensor Networks,
pages 1±8, 2006.
[3] S. Biswas, R. Tatchikou, and F. 'LRQ ³9HKLFOH-to-Vehicle Wireless
&RPPXQLFDWLRQ 3URWRFROV IRU (QKDQFLQJ +LJKZD\ 7UDIILF 6DIHW\´ IEEE
Communications Magazine, vol.44, no 1, pp. 74-82, January 2006.
[4] ' %RQHK DQG 0 )UDQNOLQ ³,GHQWLW\-based encryption from the Weil
SDLULQJ´ Proc. of Crypto2001, LNCS, pp. 213-229, Springer-Verlag, 2001.
[5] Chen Chen, Xin Wang, Weili Han, and Binyu Zang ³$ 5REXVW
'HWHFWLRQRIWKH6\ELO $WWDFNLQ8UEDQ9$1(7V´ Distributed Computing
Systems Workshops, ICDCS Workshops '09. 29th IEEE International
Conference on, 2009, pp. 270-276, 2009.
[6] Chenxi Zhang, Xiaodong Lin, Rongxing Lu, and Pin-+DQ+R³5$,6(
An Efficient RSU Aided Message Authentication Scheme in Vehicular
&RPPXQLFDWLRQ 1HWZRUNV´ Communications. ICC'08. IEEE International
Conference on, pp. 1451-1457, 2008.
[7] J  'RXFHXU ³7KH 6\ELO $WWDFN´ In First International Workshop on
Peer-to-Peer Systems, pages 251±260, 2002.
[8] T. Gazdar, A. Benslimane and A. Belghith³6HFXUH&OXVWHULQJ6FKHPH
%DVHG.H\V0DQDJHPHQWLQ9$1(7V´ Vehicular Technology Conference
(VTC Spring), 2011 IEEE 73rd, pp.1-5, 15-18 May 2011
[9@ *LOOHV *XHWWH %HUWUDQG 'XFRXUWKLDO ³2Q WKH 6\ELO DWWDFN GHWHFWLRQ LQ
9$1(7´ IEEE International Conference on Mobile Ad hoc and Sensor
Systems, 2007´PDKVVSS-6, 2007
 [10] A. Hesham, A. Abdel-Hamid and M.A. El-1DVU ³$ G\QDPLF NH\
distribution protocol for PKI-EDVHG 9$1(7V´ Wireless Days (WD), 2011
IFIP, pp.1-3, 10-12 Oct. 2011
[11] Huang Lu, Jie /L DQG 0 *XL]DQL ³$ QRYHO ,'-based authentication
IUDPHZRUN ZLWK DGDSWLYH SULYDF\ SUHVHUYDWLRQ IRU 9$1(7V´ Computing,
Communications and Applications Conference (ComComAp), 2012, pp.
345-350, 11-13 Jan. 2012
[12] Y.C. Hu, A. Perrig and D.B Johnson ³3Dcket leashes: a defense
DJDLQVWZRUPKROHDWWDFNVLQZLUHOHVVQHWZRUNV´INFOCOM 2003. Twenty-
Second Annual Joint Conference of the IEEE Computer and
Communications. IEEE Societies, vol. 3, pp. 1976-1986, 2003.
[13] D. Jiang and L. Delgrossi ³,((( S 7RZDUGV DQ ,QWHUQDWLRQDO
6WDQGDUGIRU:LUHOHVV$FFHVVLQ9HKLFXODU(QYLURQPHQWV´ In Proceedings
of IEEE Vehicular Technology Conference (VTC) spring, pp. 2036-2040,
May 2008.
[14] Jinyuan Sun, Yuguang Fang ³$ GHIHQVH WHFKQLTXH DJDLQVW
PLVEHKDYLRU LQ 9$1(7V EDVHG RQ WKUHVKROG DXWKHQWLFDWLRQ´ Military
Communications Conference MILCOM 2008. IEEE, pp. 1-7, 2008.
[15] Md Mahbubul Haque, Jelena Misic, Vojislav Misic, Subir Biswas and
6DHHG 5DVKZDQG ³9HKLFXODU 1HWZRUN 6HFXULW\´ in Encyclopedia of
Wireless and Mobile Communications, September, 2009.
[16] M. Manvi, M.S. Kakkasageri, and D.G. Adiga ³0HVVDJH
Authentication in Vehicular Ad Hoc Networks: E&'6$%DVHG$SSURDFK´
Future Computer and Communication, ICFCC 2009. International
Conference on, 2009, pp. 16-20.
[17] Maxim Raya and Jean-3LHUUH +XEDX[ ³7KH VHFXULW\ RI YHKLFXODU DG
KRFQHWZRUNV´,QProceedings of the 3rd ACM workshop on Security of ad
hoc and sensor networks (SASN '05), 2005.
[18] Maxim Raya, P. Papadimitratos and Jean-Pierre +XEDX[ ³6HFXULQJ
9HKLFXODU &RPPXQLFDWLRQV´ IEEE Wireless Communications Magazine,
Special Issue on Inter-Vehicular Communications, pp. 8±15, 2006.
[19] Nai-Wei Lo, Hsiao-Chien Tsai ³,OOXVLRQ $WWDFN RQ 9$1(7
Applications - $ 0HVVDJH 3ODXVLELOLW\ 3UREOHP´Globecom Workshops,
2007 IEEE, pp.1-8, 2007.
uthorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on September 28,2023 at 10:52:04 UTC from IEEE Xplore. Restrictions apply
[20@ - 1HZVRPH ( 6KL ' 6RQJ DQG $ 3HUULJ ³7KH 6\ELO $WWDFN LQ
6HQVRU 1HWZRUNV $QDO\VLV  'HIHQVHV´ ,Q International symposium on
information processing in sensor networks, pages 259±268, 2004.
[21] Yuanyuan Pan, Jianqing Li, Li Feng DQG %HQ ;X ³$Q $QDO\WLFDO
0RGHOIRU5DQGRP&KDQJLQJ3VHXGRQ\PV6FKHPHLQ9$1(7V´ Network
Computing and Information Security (NCIS), 2011 International
Conference on, vol.2, pp.141-145, 14-15 May 2011.
[22] W. Pires, T. de Paula Figueiredo, HC. Wong, and A. Loureiro,
³0DOLFLRXV 1RGH 'HWHFWLRQ LQ :LUHOHVV 6HQVRU 1HWZRUNV´ ,Q IEEE
International Parallel & Distributed Processing Symposium, 2004.
[23] S.M. Safi, A. Movaghar and M. Mohammadizadeh³$QRYHODSSURDFK
IRU DYRLGLQJ ZRUPKROH DWWDFNV LQ 9$1(7´ Internet. AH-ICI 2009, First
Asian Himalayas International Conference on, 2009, pp. 1-6
[24] I.A. Sumra, I. Ahmad, H. Hasbullah and J.-L. bin Ab Manan,
³%HKDYLRURIDWWDFNHUDQGVRPHQHZSRVVLEOHDWWDFNVLQ9HKLFXODU$GKRF
1HWZRUN 9$1(7 ´ Ultra Modern Telecommunications and Control
Systems and Workshops (ICUMT), 2011 3rd International Congress on,
pp.1-8, 5-7 Oct. 2011
[25] Soyoung Park, B. Aslam, D. Turgut and C.C. Zou³'HIHQVHDJDLQVW
Sybil attack in vehicular ad hoc network EDVHG RQ URDGVLGH XQLW VXSSRUW´
Military Communications Conference, MILCOM,IEEE, 2009, pp. 1-7
[26] Tat Wing Chim, S.M. Yiu, L.C.K. Hui and V.O.K Li³6HFXULW\DQG
Privacy Issues for Inter-YHKLFOH &RPPXQLFDWLRQV LQ 9$1(7V´ Sensor,
Mesh and Ad Hoc Communications and Networks Workshops, 2009.
SECON Workshops '09. 6th Annual IEEE Communications Society
Conference on, 2009, pp. 1-3.
[27] A. Wasef, Y. Jiang, X. Shen³(&09HIILFLHQWFHUWLILFDWHPDQDJHPHQW
VFKHPHIRUYHKLFXODUQHWZRUNV´, In: Proceedings of the IEEE GLOBECOM
2008, pp. 1-5.
[28] C. Zhang, R. Lu, X. Lin, P.H. Ho and X.6KHQ³$Q(IILFLHQW,GHQWLW\
based Batch Verification Scheme for VehicXODU6HQVRU1HWZRUNV´LQIEEE
3URFHHGLQJVRIWKH,1)2&20¶, Apr. 2008, pp. 816 ± 824.