Security of vehicular ad-hoc networks: A comprehensive survey

Security of Vehicular Ad-hoc Networks: A Comprehensive Survey

Journal Pre-proof

Security of Vehicular Ad-hoc Networks: A Comprehensive Survey Avleen Kaur Malhi, Shalini Batra, Husanbir Singh Pannu PII: DOI: Reference:

S0167-4048(18)31287-2 https://doi.org/10.1016/j.cose.2019.101664 COSE 101664

To appear in:

Computers & Security

Received date: Revised date: Accepted date:

11 November 2018 6 October 2019 12 November 2019

Please cite this article as: Avleen Kaur Malhi, Shalini Batra, Husanbir Singh Pannu, Security of Vehicular Ad-hoc Networks: A Comprehensive Survey, Computers & Security (2019), doi: https://doi.org/10.1016/j.cose.2019.101664

This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition of a cover page and metadata, and formatting for readability, but it is not yet the definitive version of record. This version will undergo additional copyediting, typesetting and review before it is published in its final form, but we are providing this version to give early visibility of the article. Please note that, during the production process, errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain. © 2019 Published by Elsevier Ltd.

1

Security of Vehicular Ad-hoc Networks: A Comprehensive Survey

2

Avleen Kaur Malhi 1 , Shalini Batra, Husanbir Singh Pannu CSED Thapar Institute of Engineering and Technology Patiala India 147004 [email protected]

3 4

5

Abstract Vehicles equipped with significant computing, communication and sensing (also known as “smart” vehicles), are being focused by Intelligent Transportation Systems (ITS). The primitive target of Vehicular Ad-Hoc Networks (VANETs) is to deliver safer and efficient traffic conditions by providing real time traffic conditions to automobiles and involved trusted third parties. This paper reviews eminent safety solutions to address the security aspects for VANETs. Four ingredients of this paper are (a) attacks and security mechanisms in VANETs (b) comparative analysis of security schemes based on cryptography mechanism used (c) trust management schemes based upon discrete characteristics and intrusion detection systems (d) open issues which need a thorough consideration in the future. Here we discuss how the research reflects the evolutionary growth of security attacks with its future prophesy, based upon the past developments in the area of computer security.

6

Keywords: VANETs, Security Attacks, Cryptography techniques, Security Mechanisms, Comparative Analysis

7

1. Introduction and Motivation

27

Vehicular Network (VN) is a form of communication network which connects the vehicles with each other and roadside infrastructures. The connectivity in Vehicular Ad-Hoc Network (VANETs) can be divided into vehicle-tovehicle (V2V) communications and Roadside-to-Vehicle (R2V) communications in conformance to prevailing condition of VANETs. V2V communications are the most popular architectures requiring attention and R2V communications comprise the infrastructure in order to support the network which is completely connected. Each vehicle in vehicular networks is equipped with devices like Event Data Recorders (EDRs) and sensors that support communication facility in VANETs. The communication among various vehicles and the Road Side Units (RSUs) takes place when they are within the transmission range. Nowadays, the vehicular field has the apparent utility of wireless data communications. Future vehicles need to be equipped with the capabilities to communicate among each other, roadside infrastructure and with concerned trusted authorities. Vehicular communications are becoming increasingly popular, due to the car manufacturer investments, Public Transport Authorities and propelled by navigation safety requirements. VANETs serve as the primitive technology needed to actualize the multitudinous applications such as vehicular communications, traffic accidents, vehicle traffic conditions, drivers, pedestrians and passengers. The state of being free from any kind of threat or danger is termed as security. It means safety or any counter measures taken for being safe or protected. In vehicular ad-hoc networks, it is vital to guard the network against malicious activity or misuse to guard the security architecture. This is because wireless connection is usually quite difficult to secure. The security and its guaranteed level of implementation is important for people’s safety. Recently, many researchers have explored the literature related to security considerations in VANETs and their solutions for quality enhancement. Others have also considered security infrastructures and security protocols required to ensure security. Nevertheless, the trends of trustworthiness of a vehicle and its misbehaviour is an open question to explore.

28

1.1. Motivation

8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

29 30 31

Existing systematic literature reviews contribute candid and extensive glimpse of an open-ended research conducted to explore the problems and solutions. Lu et al. [7] only focuses on the privacy and authentication parameters for the analysis of the security schemes proposed so far. Choi et al. [8] focused on the security architectures and Preprint submitted to Elsevier

November 14, 2019

32 33 34 35 36 37 38 39 40 41

third party protocols for V2V and V2I communications. Chen et al. [9] discusses the data dissemination protocols in VANETs where diverse routing algorithms have been used to analyse latency impact, habit deviation and data dissemination for achieving faster packet delivery during unexpected user behaviors. In the survey article [19], various challenges, security features, attacks and their classifications based upon various network layers is discussed. VANET communication architecture, security challenges to solve and privacy is surveyed in [53]. However, none of the previous works focus completely on all the security aspects of the vehicular networks giving the readers complete picture of the security of the vehicular networks. Moreover, none of the previous works focus on the classification of security mechanisms based on their cryptography mechanism. This paper has done comparative analysis of diverse cryptography schemes and their effectiveness for VANET. Hence, the motivation behind the current review paper is as follows:

42

1. A systematic literature analysis for VANETs security, based on extensive research on secure VANETs.

43

2. To reports the findings on major attacks possible in VANETs.

44

3. To analyze the open issues encountered in deploying secure VANETs.

45 46 47

48 49

1.2. Our Contributions • A comprehensive extensive study has been conducted to investigate various existing security techniques employed for securing VANETs by in-depth learning of security schemes and methodologies used. • The aforementioned security techniques have been categorized based on the various characteristics (Cryptography schemes, Intrusion Detection Schemes, Trust Management, Attacks).

50

• These techniques are compared among themselves and with others based upon their common properties.

51

• Some open problems which are being encountered while enforcing security in VANETs are presented.

52

1.3. Related Surveys

64

There are many landmark literature surveys in the field of security of VANETs. A systematic literature review is presented by [1] [2] [3] [4] [5] to provide a method of exploring, analyzing, classifying and portraying all available literature related to a peculiar research field. Table 1 compares the existing surveys in the field of security of VANETs and as it could be easily depicted from the table that no article focuses on the detailed cryptography solutions proposed so far for VANETs. Whereas, cryptography plays a major role when security is the question. Further, our work is an exhaustive study about various security issues, challenges, requirements, attacks, security mechanisms classification (based on cryptography schemes), trust management and intrusion detection schemes. Moreover, our survey focuses on all the related issues in security of VANETs which are not covered by any of the existing surveys. Major motivation behind this survey is to categorize the security mechanisms according to the cryptographic mechanism employed. It will give a clear picture of the possible cryptographic scheme which can be employed to secure vehicular networks in lieu of their dynamic nature unlike other forms of networks. Therefore, there was a need of this survey where all the works related to VANET security can be studied on a common platform.

65

1.4. Article Road map

53 54 55 56 57 58 59 60 61 62 63

66 67 68 69 70 71 72 73 74

The article starts with an introduction to vehicular networks in section 1 explaining the motivation behind the survey and our contributions. It also gives a brief overview of the related surveys and how the current survey is different from other surveys. Next section 2 helps the readers to have background knowledge of the topics such as VANETs, node equipment and its architecture. Section 3 gives the details about the need of security in VANETs along with security challenges, attacks available in VANETs with proposed solutions so far and the security requirements for VANET communications. Section 4 classifies the security mechanisms proposed so far into various categories based on the employed cryptography mechanism. Section 5 studies the trust management approaches and gives their classification. Section 6 lists the intrusion detection systems proposed in the literature and classifies them into various categories. Section 7 provides the comparative discussion for all the techniques proposed in above sections based 2

Secure VANETs

Pure PKI

Motivation

Group Communicatio n Pseudonym approaches

Anonymous certificates

Hybrid Approaches

Contributions VANETs Overview

VANETs Node Equipment

1. Introduction and Motivation

Related surveys

2.Background Article Roadmap

Article Organization

Certificate revocation

Challenges Public Key Infrastructure

Analysis

Symmetric Key Approaches

4. Security Mechanisms

Analysis

ID based digital signatures

Classes of Adversaries

Adversaries and Attacks 3. Security of VANETs

Pure Symmetric key Hybrid approaches

Research Questions

VANET Architecture

VANET Security Requirements Mapping Attacks with Security Req.

Entity Oriented Trust Models

Existing Trust Models

Data Oriented Trust Models

5. Trust Management

Identity Based Cryptography Approaches

Properties of Existing Trust Models

ID based Group Communication

Attacks in VANETs

Hybrid Trust Models

Based on router nodes

Hybrid Schemes

6. Intrusion Detection Mechanisms

Based on reputation

Analysis 7.Discussion Certificateless Authentication Schemes

Aggregate signature schemes

Certificateless Cryptography Approaches

8. Open Issues

Based on distributive architecture

Based on zones 9.Conclusion Hybrid IDS

Analysis

Figure 1: The roadmap for the paper

75 76 77 78

on various comparison parameters. Section 8 discusses about open issues in security of VANETs. Section 9 is the conclusion. This survey article is holistic in its form discussing about the various attacks possible in VANETs with their solutions, the security solutions proposed in literature classified according to the cryptography mechanism employed, 3

Table 1: Comparison of existing surveys in security of VANETs Research Paper

Domain

Mejri et al. [53] Liang et al. [173]

Security Challenges Architectures, Research issues, Challenges Routing protocols Intrusion detection Security issues

Liu et al. [174] Mitchell et al. [175] Mokhtar et al. [176] Patel et al. [177] Hasrouny et al. [178] Engoulou et al. [179] Fonseca et al. [180] Gillani et al. [181] Razzaque et al. [182] Samara et al. [183] Al-Sultan et al. [184] Proposed

79 80

81 82 83

84 85

86 87

88 89 90

91 92 93

94 95 96

97 98

trust based Approaches Security Challenges Security Issues Secure routing techniques security threats VANETs security VANETs issues & Challenges VANETs survey VANETs security

Security Challenges Yes

Security requirements Yes

Attacks

Routing Protocols

Cryptographic Security Mechanisms

Trust models

Yes Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes Yes

Yes Yes

Yes

Yes

Yes

Yes Yes

Yes

Yes Yes

Yes Yes

Yes

Open issues

Yes

Yes Yes

Comp. Analysis Yes

Yes

Yes

Intrusion detection Systems

Yes

Yes

Yes

Yes

Yes

Yes

Yes

classification of trust management solutions, classification of intrusion detection mechanisms, comparison of all proposed solutions and finally presenting open research challenges. The road map for the article is depicted in Figure 1. 1.4.1. Research Questions A number of key scenarios requiring to be addressed in a broad range of domains can be summarized into the following questions: RQ1 What are challenges and security requirements mainly requiring consideration among the VANETs? - This research question is answered in section 3.1 and 3.3 RQ2 What are the attacks possible in VANETs and which solutions were proposed by the scientific community? - This research question is answered in section 3.2 RQ3 What are requirements and challenges that such attacks are supposed to cope with and to what extent do the solutions proposed adhere to the requirements? - This research question is answered in section 3.4 RQ4 What are the various security solutions proposed in literature for VANETs and how can they be categorized based on cryptographic mechanism employed? - This research question is answered in section 4 RQ5 What are the various trust based approaches proposed in literature for VANETs and how can they be categorized? - This research question is answered in section 5 RQ6 What are the Intrusion Detection Systems employed for VANETs and how can they be categorized? - This research question is answered in section 6 4

99 100

101 102

RQ7 The comparison of the proposed techniques using different parameters. - This research question is answered in section 7 RQ8 What are the future research directions identified by the present work and what do they involve? - This research question is answered in section 8

109

1.5. Article Organization Section 1 gives the introduction to the work done and motivation behind it. Section 2 gives the background of the VANETs and security of VANETs. Section 3 overviews various attacks and security requirements to put in place for securing VANETs. Miscellaneous proposed solutions for securing VANETs are presented in section 4 and trust management approaches are discussed in section 5. Section 6 discusses about various intrusion detection techniques and Section 7 discusses the comparative analysis of diverse security schemes with major open issues discussed in section 8. Finally, the conclusion has been given in section 9.

110

2. Background

103 104 105 106 107 108

111 112

113 114 115 116 117 118

This section presents the background knowledge to readers about the generic idea of VANETS, node equipment of VANET and its architecture. This section gives the overview of the concepts of VANETs. 2.1. VANETs Overview The communication in VANETs is enabled by installation of short-range radios in law enforcement authorities, road side infrastructures and vehicles. It helps to make them capable of communicating with each other on VANETs. There are various other components of a VANET to provide accurate detailed position coordinates, fixed road side infrastructure and trusted authorities. These components are responsible for managing the vehicle identities and registration. Therefore, to equip each vehicle with short-range radios for communication is the foremost requirement of VANETs. Dedicated Short Range Communication (DSRC) can be defined as a one/two way channel that can

Figure 2: The General Communication Scenario in VANETs 119

5

120 121 122 123 124 125 126 127 128 129

range from short to medium wireless communication. It has been designed specifically for automotive use. There has already been an allocation of 75 MHz by the Federal Communication Commission (FCC) for DSRC in USA. DSRC radio signal facilitates the communication of each vehicle with other vehicles and fixed units. These radio signal has been allocated in the range of 5.85 GHz-5.93 GHz for vehicular technology. There has been an allocation of 30 MHz for DSRC in Europe by the European Telecommunication Standards Institute (ETSI). An amendment has been developed to the 802.11 standard in 2004 by the IEEE Task Group p (IEEE 802.11p) [13] to include vehicular environments. Based on IEEE 802.11p, there is one higher layer standard IEEE 1609. Then, further additional layers of IEEE 1609 were specified by the IEEE working group 1609: IEEE 1609.1-resource manager [14], IEEE 1609.2security [15], IEEE 160, 3-networking [16], IEEE 1609, 4-multi-channel operation [17]. Different security services for management operations and applications were defined by the standard IEEE 1609.2 [15]. They include:

130

1. Secure message formats

131

2. Processing of the messages communicated in network

132

3. Secure message exchange conditions for their usage

133

4. Processing of these message exchanges

152

Wireless Access in Vehicular Environments (WAVE) is denoted with the combination of IEEE 802.11p standard with protocol suite of IEEE 1609. VANETs (Fig. 2) are specifically designed for traffic management, providing safety related information and imparting infotainment services. The real time information is required by safety and traffic management systems and the information thus rendered can affect life or death decisions. The appropriate integration of on-board units, GPS receivers, computing platforms and communication capabilities not only opens astounding opportunities, but also hikes formidable research confrontations. The major research challenge raised is security of VANETs. A vehicular network becomes prone to large number of attacks such as generation of false warnings by suppressing the true positives. It results in breaching the security of network and causing accidents. Therefore security is a major factor for attention in building VANETs. Two contradictory facts while securing vehicular networks are to provide anonymity but at the same time allowing the law enforcement authorities to trace the misbehaving vehicle. The malicious vehicle in vehicular networks may cheat other vehicles by sending out bogus information which may be done purposely to throw another vehicle out of its way by means of false traffic reports and clear up one’s own way. Then, false information may be sent to nearby vehicles by terrorists for blocking of the police cars. On the other hand, there is an access to information on speed of vehicle, its trajectories, status as well as vehicle’s locations within the range of vehicles which can be exploited by intruders to draw conclusions about a driver’s identity, places of visit and social relationships. This kind of information may be exploited to expose the vehicles and drivers to harassment, blackmailing and other dangers in underground markets [18]. Thesis [12] discusses about security, dissemination, data processing and collection to locate the vehicles with regard to weak GPS signals through installed sensors on cell phones.

153

2.2. VANET Node Equipment

134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151

154 155

156

157 158

In VANETs, vehicles act as nodes which are equipped with different tools as shown in Figure 3, that make the communication between the various vehicle nodes possible. Various node equipment are as follows: • GPS receiver which enables the vehicle to track its own location. • On-board computing devices allowing the vehicle to perform simple calculations related to encryption, decryption and other vehicles’ positions.

159

• Communication devices (DSRC compliant) to propagate/receive information.

160

• A set of 2 or 3 radars enabling to verify neighbor’s position and identify obstacles.

161

• A set of sensors to report crashes, engine statistics, weather conditions and other statistics.

162

• Pre-stored digital map which enables the vehicle to know location of itself and other vehicles’ locations. 6

Event Data Recorder ( EDR) Positioning System (GPS) Forward radar Communication facility

Rear radar Human Machine Interface

Computing platform

Figure 3: VANET Node Equipment

163

• Dedicated and secured memory to store log files such as public/private keys or a set of certificates.

164

• Vehicle’s own battery to ensure information transmission is not impacted in case of a severe accident.

165

• Vehicle’s own clock to simplify obtaining an accurate time-stamp.

166

2.3. VANET Architecture

179

The basic VANET architecture has been shown in Figure 4. It consists of one centrally Trusted Authority (TA) at the root followed by the State Trusted Authorities (STA) under it, which in turn is followed by City Trusted Authorities (CTA) in hierarchy. Under each CTA, there are number of RSU’s located along the road and each RSU controls the vehicle groups on the road. As each OBU (On-board Unit) on the vehicle has the ability to communicate with the other OBU’s and RSU’s located along the road. Each vehicle also consists of Tamper Proof Hardware (TPH) in order to store the keys and certificates. The function of TA is to control and manage the keys and certificates of STAs under it. Similarly, STA manages the keys and certificates of CTAs. CTA manages the key distribution and certificate management of the RSUs located under it and of the group of vehicles under each RSU. A vehicle will receive the keys and certificates from CTA via the corresponding RSUs under that particular CTA at the time of authentication for intervehicle communication. Therefore, hierarchical architecture is maintained which is suitable in view of the scale-able nature of VANETs. Fundamental architecture of the network has been explained along with three prominent research problems, techniques and future projections in [173].

180

3. Security of VANETs

167 168 169 170 171 172 173 174 175 176 177 178

182

The need for the security in VANETs is described in this section by listing various challenges in it, various attacks possible in VANETs and their solutions proposed. Further, security considerations required in VANETs are also listed.

183

3.1. Challenges

181

184 185 186 187

It can be analyzed that there are many security challenges which are to be dealt with, before the implementation of security schemes for VANETs gets in action. Since VANETs are highly dynamic adhoc networks, there are various challenges shown in Figure 5 which need consideration in the area. For the survey on VANET security challenges, refer to [188]. 7

TA

STA

STA

STA

CTA

CTA

CTA

RSU

RSU

RSU

vehicles

Figure 4: VANET General Architecture

High Mobility

Difficulty in trust management

Huge data

RSU's range of communication

Dependence on infrastructure

Scalability

Challenges

High cost

Figure 5: The security challenges in VANETs

188 189 190 191 192 193 194

195

• Dependence on Infrastructure: The vehicle nodes need to authenticate themselves to the trusted authorities before they become a part of vehicular communications. As the vehicles need to authenticate via digital certificates in public key cryptography, obtain the private key from Key Generation Centre in ID based cryptography, and the partial private key from trusted authority in certificate-less cryptography, there is always need of authentication as it is mandatory for revocation and non-repudiation. Moreover, the vehicular communication signal gradually diminishes which needs to be amplified by the infrastructure [189]. So, the vehicles need to depend on infrastructure to secure vehicular communications. • Communication range of RSU’s: Now, the communication range of RSU’s poses a constraint on vehicular 8

196 197 198

199 200 201 202

203 204 205 206 207 208

209 210 211 212

213 214 215 216

217 218 219 220 221 222

223 224 225 226 227 228 229

230 231 232

233 234 235 236 237

238 239 240

networks. The communication range of an RSU is about 500m in radius, i.e. Road Side Infrastructure is to be built at a distance gap of 1 km which is not feasible in the view of high network of roads for developed countries. Communication patterns in VANets have been studied in [190] • Vehicle mobility: The high mobility of vehicles restrict the usage of already implemented security solutions for other types of networks. The communication time and computation time needs to be reduced significantly without compromising the security of such ephemeral network. In [191] a highway VANET simulation has been studied for efficient realistic communication modeling. • Difficulty in trust management: Due to high scale of the network, there is quite low probability that the two vehicles which maintained the trust relationships among themselves will meet again in future. Moreover, it is very difficult to manage such large data in the on-board unit of vehicle as the vehicle will meet thousands of other vehicles everyday leading to millions of vehicles per month. So, it is difficult to manage such an enormous amount of information. The survey [192] has studied about trust modeling, attacks of online social communities and trust inference. • Huge data: Huge amount of data is produced everyday, in vicinity of the multiple number of vehicles and several roads in the country. So it is difficult to manage such massive data by a central authority. A decentralized approach is acceptable for such networks. But at the same time, decentralized approach may hinder the revocation and non-repudiation of vehicles. For big data solutions to VANET challenges, refer to [193] • Scalability: A highly scalable nature of the vehicles prevents an actual deployment of such networks. This is because the security schemes need to be defined for whole network but the actual scale of the network is unpredictable at the first stage of deployment. As an example, [194] studied hierarchical bloom filters for scalable VANET content routing. • High cost: The limited communication range of roadside infrastructures leads to deployment of several RSU’s on the roads at 1km distance which renders a high cost of such networks. Moreover, a high computing platform of RSU also renders to a high cost of RSU’s. Again, all the vehicles need to be equipped with communication facility, computing platform and storage capacity which incurs high costs for vehicle manufacturers and in turn, renders increase in the cost of vehicles. In [195] a cost efficient VANET deployment based on RSU has been proposed. • Block chain: The block chain technologies have emerged with great deal of attention nowadays where peer to peer communication is performed without trusted central authority. VANETs rely on these type of technologies heavily for performing vehicle to vehicle communication. However, block chain communication imposes a challenge in VANETs to ensure anonymous communication without compromising the ability to trace a vehicle. So, if we rely completely on vehicle-to-vehicle communication, we may lose the authenticity and non-repudiation properties of VANETs. In [196] a privacy preserving trust model has been proposed which was based on block-chains. 3.2. Adversaries and their Attacks The available attacks which are possible in VANETs in near future cannot be envisioned. But potential list of attacks has been discussed below with a general classification. 3.2.1. Classes of Adversaries It is important to define adversaries to have an overview of the attacks that are possible in VANETs. It will help to determine the various resources and their scope for securing the vehicular networks. A general classification is given with the major adversary classes of identification to be studied in vehicular network system (Figure 6). Recent literature about adversary classification and survey can be found in [197] and [205]. i Insider vs. Outsider. The network’s authenticator member is an insider which can abuse the capabilities of the network. An intruder in the network is termed as outsider and thus have limitation in mounting diversified attacks and usually misuse the protocols related to the network. 9

Insider vs. Outsider

Malicious vs. Rational

Classes of Adversaries

Active vs. Passive

Local vs. Extended

Independent vs. Colluding Figure 6: The classes of adversaries

241 242 243 244

245 246 247

248 249 250

251 252 253

254 255 256 257 258 259 260 261 262 263

ii Malicious vs. Rational. Aim of the malicious attacker is to impair the network members or disrupt the functionality of the network with no personal benefit. Hence, an attacker can adopt any means to harm the capabilities of the network. Whereas, a rational attacker tries to seek personal benefit in the network by predicting the attack means and attack target. iii Active vs. Passive. The new packets are fabricated in a network by an active attacker, whereas wireless communication channel is eavesdropped by a passive attacker to gain the personal information of the network members. iv Local vs. Extended. If the scope of the attacker is limited, it is a local attacker and it controls several network members (vehicles or base stations). If the scope of an attacker is extended by having access to several scattered network members, then it is known as extended attacker. v Independent vs. Colluding. If the attackers act independently for the exchange of information, it is known as independent attacker. It could also be in collusion with others by cooperating with each other, for making effective attacks. Consider an example where DDoS attack is launched by vehicles by colluding with each other. 3.2.2. Attacks in VANETs The deployment of VANETs expose it to multiple attack scenarios which hinder its deployment at the initial stage. [187] has proposed a secure Vanet scheme based upon Veins simulation platform based upon universal testing structure which is a general security framework against all types of attacks. Malicious message attacks has been considered from expressway tolling application through VANET using testing framework for performance demonstration. In addition, limitations and challenges of combining the packet simulators under a common framework has also been explored. The results demonstrated that the attacks result in about 44% longer travel times, 9% longer distances and 60% toll fees. The evolution of the research conducted in various security attacks is summarized in Figure 7. The major attacks which are possible in VANETs are given in Figure 8. The employed security mechanisms for the attacks in vehicular ad-hoc network have been studied in detail [199]. 10

Security attacks research evolution

2006-2010

2011-2014

2015-2019

Message delay attack

Message falsification

Greedy drivers

Impersonation attack

Illusion attack

Message delay attack

Wormhole attack

Sinkhole attack

Sybil attack

Industrial insider

Blackhole attack

In-transit tampering

Denial of service

Message alteration attack

Position attack

Distributed DoS

Forgery

In-transit tampering Figure 7: Evolution of research in security attacks

264

Greedy Drivers

275

If the drivers attack in the network for their personal benefit, they are known as greedy drivers. The neighbours of greedy drivers are convinced about the congestion ahead so that they may choose some alternate route giving the greedy driver an awesome driving experience. Greedy drivers usually launch the attacks such as message falsification where the message is altered and message delay where the critical messages are not transmitted to its neighbours leading to fatal consequences. SVM based context aware security framework is discussed in [128] to separate malicious and benign nodes. It is more flexible for environmental factors and robust to track down the attack patterns. In [23], botnet attack in self driven case of vehicle aspect for potential congestion cause while focusing on the hot spot road sections. Trip time of the vehicles bumps up in magnitude due to attacks and the roads can become dead stop for usability. Ultimately the whole urban branch gets affected through multiple roads starting from a specific hot spot. New possibilities of defense are explained while showing the weakness of existing counter measures. A survey about security goals related to availability, integrity and confidentiality has been surveyed by Sumra et al. in [200].

276

Impersonation Attack

265 266 267 268 269 270 271 272 273 274

277 278 279 280

Eavesdropper tries to gain the personal information about the network entities by launching Impersonation attack where someone else identity is taken by an attacker for gaining the benefits in the network. Snoops can also launch privacy violation attack by associating the vehicles’ identity with the sent messages. These are the threats to confidentiality of the network. The IBV scheme[24] was unable to fulfill the privacy requirement and suffered from the 11

Attacks in VANETs

Message Alteration attacks

Pranksters based attacks

Message falsification Industrial insiders

Illusion attacks

Greedy drivers

Message delay

position attacks

Misleading attacks

Forgery

Availability hindering attacks

Impersonation attacks

plausibility checks [54] Plausibility Validation Network [26]

Sybil attacks

Message Content Validation Algorithm[27]

SPECs [25]

DoS

DDoS

Blackhole Warmhole Grayhole Sinkhole attack attack attack attack

Synchronizatio n based DDoS prevention [51] invalid signatures method [48]

Test Method [49]

DEIPHI [30] Radio resource testing technique [33]

A distributed data fusion method [36]

A timestamp series approach [38]

Time and location based attacks

RobSAD approach [39]

Packet leash [28]

Trust based approach [31] HEAP [29]

P2DAP mechanism [42]

Figure 8: The different attacks possible in VANETs

281 282 283 284

impersonation attack. Based on which, the mechanism known as SPECS [25] was designed to ensure private communication in VANETs and to detect impersonation attacks. The pseudo identity is used by the vehicle and it also shares secret key with road side infrastructure. In [201] Huang et al. has discussed an efficient technique based conditional privacy protocol for VANETs for pseudonymous authentication.

295

Illusion Attack In this type of attack, the perceived speed, position, direction etc. are altered by an attacker in order to escape from law enforcement authorities, if any accident occurs. The adversary tampers and misleads the sensors of the vehicle which broadcasts the misleading traffic warning signals. Thus the incorrect traffic information broadcast may lead to car accidents, traffic jams, bad road condition warnings and performance of VANETs deteriorates. A new model known as Plausibility Validation Network [26] was proposed to secure the network against illusion attack. Two types of data inputs are collected from antennas and sensors. The data checking module validates the input data and takes the necessary actions as required. Thus, the rule set need to be stored for each and every message which may lead to storage overhead in vehicles. Therefore, an efficient mechanism called Message Content Validation Algorithm[27] was proposed where possibilities of an illusion attacker are explored in all dimensions and security goals are designed accordingly. Vanet application illusion attacks has been studied in [202] in context to a message plausibility problem.

296

Wormhole Attack

285 286 287 288 289 290 291 292 293 294

297 298 299

It is a serious threat in VANETs which takes place even after employing all types of authentication and confidentiality checks. The packets received by one node at one location are tunnelled to other node in the network at different location and are re-transmitted again in the network. Thus, the malicious nodes in the wormhole attacks disrupt the 12

311

normal operations in the network. The wormhole attack was prevented by an approach known as Packet leash [28] in wireless networks where temporal leashes ensure that there is upper bound for each packet in its lifetime restricting the maximum distance travelled and geographical leashes ensure that a packet can be received only within a certain distance from sender. All the nodes are tightly synchronized by clock and a leash based protocol TIK implements these leashes. Further an improved approach of packet leash, HEAP [29] was proposed having more security and less overhead. The wormhole attacks are detected with the help of HEAP in AODV routing protocol in VANETs. HEAP uses the geographic leashes with loosely synchronized clocks and the packets are dropped when the claimed passing distance by the packet is not correct thus solving the problem of limitation on packet travel. Another approach known as DEIPHI [30] was given in wireless ad hoc networks for wormhole detection where the sender is able to detect the wormhole attacks by observing the delays of different paths to the receiver. This method incurs less cost as it does not require the synchronized clocks and On board Units need not to be equipped with some special special hardware. In [203] a new method called HEAP has been proposed for authentication and to avoid wormhole attacks.

312

Sinkhole Attack

300 301 302 303 304 305 306 307 308 309 310

321

In Sinkhole attack, the compromised node lures all the traffic from its neighboring area creating a sinkhole in the center. The attacker or compromised node attracts all its neighbour’s data. The attacker tries to present itself as the most attractive relay in the neighbourhood. A Trust based approach [31] against sinkhole attack was proposed to detect sinkhole in AODV based VANET where the route is decided by the node after receiving the neighbours’ route reply messages and the type of association between nodes is used to decide the route between he nodes. Hence, it will lead to the detection of sinkhole nodes for which there will be no preference in selecting a route. In [204], to handle VANET security, two game theoretic techniques such as non-cooperative and cooperative have been discussed. In this paper the game theoretic approaches like co-operative and non-cooperative games for handling security issues in VANET are discussed.

322

Blackhole Attack

313 314 315 316 317 318 319 320

326

Blackhole is an area where there are no nodes present or the available nodes refuse to participate in the communication leading to the loss of data packets. The nodes in the blackhole deny to transmit the legitimate nodes’ messages. Solutions to blackhole attack impose that the designed routing protocols should have more than one route to the destination.

327

Grayhole Attack

323 324 325

331

In Grayhole attack, the network entities are mislead by an attacker by agreeing in forwarding the data packets in the network although it starts dropping the packets as it receives the packets. Initially, the attacker behaves normally by replying to all the messages and as it receives the packets, the packets are dropped. It is different from the Blackhole attack that the packets are dropped by the attacker while forwarding them in the Grayhole attack.

332

Pranksters

328 329 330

337

The things attempted by bored teenagers for fun are the pranksters. If a vehicle is convinced by prankster for slowing down and another vehicle is convinced for speeding up, for example. The attacks which can be launched by a prankster are Message Alteration attack or Denial of Service (DoS) by disabling the applications by preventing sensitive information from reaching other vehicle or by altering the warning messages to no-warning messages, respectively.

338

Industrial Insiders

333 334 335 336

339 340 341 342

People who stay in the car manufacturing company are called industrial insiders. They load the malicious firmware in the vehicle. At one manufacturer, the keys are created by industrial insider which are accepted by neighbouring vehicles. Industrial insiders usually tamper with the security hardware of a vehicle by stealing identities and extracting cryptographic keys. Therefore, tamper proof hardware needs to be implemented in the vehicles.

13

343

Sybil Attacks

385

The multiple messages are fabricated and transmitted by an attacker in Sybil attack and different source identities are used by each message to transmit a message. Thus, the receiver gets an illusion that the messages are received from different identities. Malicious attackers deliberately attempt to cause harm as these have specific targets, and are more professional. For example, the deceleration warning system may be manipulated by the terrorists for creating a gridlock before a bomb can be detonated. Sybil attacker floods the network with wrong information and the neighbours also believe the received messages as the messages are fabricated with different identities. To further analyse the Sybil malicious activity, security gaps are analysed in [11]. Malicious vehicles can trace and periodically transmit broadcast the messages to disturb the safety or non-safety policing mechanism mimicking VANET vehicles. These types of attacks are detected using the method of resource scheduling [32] assuming that there are limited physical resources where the computational puzzles are used to test each node’s computation power. This is not a feasible technique for VANETs, as there are more computational resources with vehicles in this network so, the technique of radio resource testing [33] was propounded for VANETs. Yan et al. in [34] has proposed a solution for detecting Sybil attacks by proposing a solution based on radar in VANETS where a vehicle’s physical existence was detected by radar for validating the vehicle’s abstract information. Another approach was proposed for VANETs where Position Evidence System [35] was designed to improve the detection accuracy by employing the statistical methods and it is able to identify the direction of the vehicle. A distributed data fusion method [36] has also been proposed to detect Sybil attacks where distributed confidence over the VANET is built. The suspected node’s signal strength distribution [37] was observed over a particular time period to detect Sybil attacks in VANETs and verification error rate was significantly reduced by using the statistical methods. A time stamp series approach in [38] is another method to secure VANETs from Sybil attacks with infrastructure support. The digital certificates are issued by the road side infrastructure and thus, it is impossible that two vehicles will pass the multiple RSUs simultaneously. The two messages issued under the same time stamp series under RSUs are considered as Sybil attacks by the vehicle. RobSAD approach [39] with limited infrastructure support was proposed where the difference among vehicle’s abnormal and normal motion trajectories was used to detect Sybil attacks and each node was able to detect attacks individually without the support from infrastructure. The success rate of Sybil attacks in VANETs is calculated based on transmission power’s or antenna’s assumption [40] where the cheated nodes number is calculated from the sender’s as well as receiver’s point of view. A signal strength variations [41] based approach uses the node to verify authenticity of other nodes according to their localizations and a metric is used to define the degree to distinguish between two nodes. A lightweight and scalable P2 DAP mechanism [42] is used to detect Sybil attacks in distributed manner in VANETs where set of fixed nodes (called Road Side Boxes) undergo passive overhearing of the network to detect the malicious vehicles. In [43], revocation authorities are reported about localized VANET Sybil nodes through road side units. Authentic tokens are passed on to good nodes which are absorbed to report about event reporting message. The scheme is computationally economical and preserves beacons and ERM privacy. In case of dispute it provides conditional anonymity and attackers are revoked. To resist false messages, a dynamic reputation along with trusted value per event are used in an event based reputation scheme [44]. Sybil malicious contents through fake or stolen identities are detected along with conspired attacks by examining the uniqueness of trusted and reputation values. Different parameters collected by road side unit such as angle of passing by vehicles, distance, received signal strength, are used to detect Sybil attackers effectively in [45]. Multi agent microscopic trac simulator has been used to validate results in real case scenarios. An interesting case study about Sybil attack detection is discussed in [46] along with their pros and cons. The attacker mimic other vehicles and acquire fake identities sometime gaining private information, creating congestion delay or accidents in the network.

386

Denial of Service

344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384

387 388 389 390 391 392

The transmissions are inferred deliberately by the jammer for preventing communication in the reception range of vehicle. The vehicular network is partitioned by an attacker through limited power of transmission and cryptographic schemes are also not compromised. The attackers may try to transmit plenty of messages for jamming the network channel. Thus, it reduces the network’s performance and efficiency. An outsider attacker may launch DoS attack where it transmits invalid messages in the network and exhausts the messages from the legitimate nodes. Thus, the messages from the legitimate nodes are prevented from processing by the invalid messages from the attacker. In 14

393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415

416 417 418 419 420 421 422 423 424

425 426 427 428 429

430 431 432 433 434

435 436 437 438 439 440

comparison to DoS, more severe attack is Distributed DoS (DDoS) in which a group of illegitimate nodes perform an attack on one legitimate node from different locations and time slots. The effects of DoS attacks can be mitigated by a mechanism [48] where invalid signatures that are received by each vehicle are kept track in particular time period based on which invalid signature ratio is calculated. When the invalid signature ratio reaches a threshold, it indicates DoS attacks warning. Another approach was given for minimizing DoS attacks in VANETs where the data packets received by a node is passed through a sequence of tests and if any test fails, the node drops that data packet [49]. These constraints also help to identify if the node’s claimed position as a nearest node is true or not. The Synchronization based DDoS attacks in VANETs are mitigated by randomizing the RSU schedule during each cycle of periodic transmission and minimizing the contention window size which reduces the back-off delay [51]. Denial of service attacks in IEEE802.11p has been examined in [50] using the exchange of periodic position messages by the vehicles in a sub division. Another denial of service detection scheme and metric is defined in [53] which is known as packet entropy. Supervision of traffic status is performed after regular and short intervals. Without need of modification of 802.11p MAC layer protocol any node can monitor traffic traces for denial of service attacks. A novel bloom filter based IP chock detection method to defend from IP spoofing and denial of service attacks is proposed in [47]. Access of service for legitimate vehicles is granted and IP spoofing addresses are tracked down while providing increased bandwidth and securing the communication. It is easy to deploy, requires lesser resources, provides faster detection, lower space and time complexity. The study in [186] has proposed a Secure Group Management Framework (SEGM) in integrated Vanet comprising of two schemes. They play the role for fixed trusted member and general dynamic untrusted member case respectively. There are two phases in this proposed scheme: (a) group setup/maintenance and (b) access authentication management. Message authentication code (MAC) aggregation method containing DoS attacks has been authenticated by a lightweight group authentication access protocol. Both management and access authentication outperform contemporary techniques for communication overhead and bandwidth consumption. Position Attacks The location table is maintained by the GPS satellite maintaining location information with the vehicle’s identity. The reading in the GPS system may be manipulated by the attacker to deceive the vehicle about its location. To reduce the position based attacks in VANETs, set of plausibility checks [54] were proposed which do not require extra special hardware and are able to mitigate the effects of position based attacks. The proposed mechanism was able to adapt to different road conditions and traffic conditions. Pros and cons for various position based routing protocols are listed in [174] by concluding the decision in favor of hybrid routing protocol for highway and urban environments. Most of these protocols are based upon greedy-forwarding mechanism for ever changing dynamic VANET topologies. Markov chain predictions and landmark recognitions are employed for location definition. Forgery The timely receipt of the contents of the message and their correctness is a major vulnerability. Single attacker causes forgery for transmitting false hazard warning messages(e.g., bad road conditions) leading large portions of the network being contaminated with wrong information. The various dimensions and roadside attacker behaviour in VANETs is discussed [55]. In-transit Traffic Tampering A node which acts as relay can replay, meaningfully modify, drop or corrupt messages; disrupting communication. This leads to the manipulation of the safety messages or of traffic notifications. Thus, in-transit message tampering is more powerful and simpler when compared with forgery attacks. The different attacks discussed can be categorized based on the class of adversary and the security requirement which they are hindering. 3.3. VANET Security Requirements The vehicular communication systems are secured from the possible attacks explained in the previous sections by employing some measures that are enforced to protect the network are known as security requirements. The primary security goals including integrity, availability and confidentiality, are used to derive the security requirements. The possible security requirements required for the secure vehicular communications are shown in Figure 9. By reviewing the existing literature [56][57][58][59][60], the general security requirements of a VC system are: 15

Table 2: Mapping of various attacks, adversaries, security requirements hindered and proposed solutions

441 442 443 444

445 446

447 448 449

Name of Attack

Class of Adversary

Violated Security Requirement

Proposed Solutions

Message Falsification Attack

Insider, Rational, Active

Data Integrity

[198]

Greedy Drivers

Insider, Rational, Active

Data Integrity

[128] [23]

Message Delay Attack

Insider, Rational

Data Integrity

[19][160]

Impersonation Attack

Outsider, Malicious, Passive

Authentication, Confidentiality

[24] [25] [201]

Illusion Attack

Insider, Malicious

Authentication

[26] [27] [202]

Wormhole Attack

Insider, Extended, Passive, Colluding

Authentication, Confidentiality

[28] [29] [30] [203]

Sinkhole Attack

Insider, Independent, Local

Confidentiality

[31] [204]

Blackhole Attack

Passive, Outsider

Availability

[198]

Grayhole Attack

Passive, Insider, Malicious

Availability, Data Integrity

[186] [127]

Message Alteration Attack

Insider, Malicious

Data Integrity

[42]

Industrial Insider Attack

Outsider, Malicious

Data Integrity

[78]

Sybil Attack

Insider, Active, Local

Denial of Service Attack

Outsider, Active, Local, Independent

Availability

[100][119]

Distributed Denial of Service Attack

Insider, Active, Colluding

Availability

[111] [168] [198]

Position Attacks

Outsider

Authentication

[15]

Forgery

Insider, Independent, Extended

Data Integrity

[80] [137]

In-Transit Traffic Tampering

Insider, Active

Data Integrity, Confidentiality

[144] [172] [200]

[66] [193]

i Authentication: Authentication ensures that the receiver correctly identifies the sender of the received message [56]. When the receiver verifies the unique identity of the sender, it is termed as ID authentication. Property authentication is a security requirement which verifies that the sender is a car, RSU etc. The location authentication verifies the claimed location of the sender. ii Integrity: Integrity requirements demand that the message should always be correct and should not be dropped or altered while it is being transmitted from sender to receiver. iii Entity Authentication: It is used for ensuring the fact that the message which is received recently should be live and fresh. Entity authentication is used for preventing the message replay attack among the vehicles. It is used to ascertain that the sent and received messages are reasonably within a small time frame. [58]. 16

Confidentiality

Privacy

Integrity

Availability VANET Security Requirements

Physical Security Authentication

Access Control Auditability

Figure 9: The possible security requirements for secure vehicular communications

450 451

452 453 454 455 456 457 458

459 460 461 462

463 464 465 466

467 468 469

470 471 472

iv Confidentiality: It is used for preventing the eavesdropping of information sent between sender and receiver. the information transmitted should be accessed by only the sender and receiver of the message. v Privacy: In order to successfully deploy VANETs and its public acceptance, privacy is an important concern as studied in [61]. The collection of vehicle-specific information may lead to violation of the privacy of the drivers’ personal data. A primitive apprehension for vehicular networks is providing vehicle’s location privacy, which prevents others from learning the location behaviour of the vehicle. Location privacy can be avoided by adopting anonymity for vehicular communications. If it needs to be specified about how much sender’s identity need to be kept as secret, ID privacy is used (as studied in [56]) so that it should be able to track the misleading vehicles by the law enforcement authorities. vi Availability: It is the foremost concern of vehicular networks that there should be availability of the the wireless channel at all times for the vehicles to receive critical messages. If in case of jamming by an attacker, DoS or DDoS attacks, the wireless radio channel goes out; then the messages cannot be broadcasted and VANETs itself become useless. Hence, it is critical for the vehicular communication systems to have high availability. vii Access Control: It is imperative to distinguish between different access levels of node or infrastructure for specifying the task each node is permitted to perform within the wireless channel[56]. The malicious vehicles are excluded from communicating in the network by the law enforcement authorities by the certificate revocation method or by calculating reputation score or by any other means. viii Auditability: The non-repudiation or auditability, is the technique for which the communicating vehicles can not refrain from the sending and receiving of the messages. This requirement is of utmost importance in case of accident scenarios in identifying the actual cause of the accident. ix Physical Security: It prevents the unauthorized access of vehicle which includes compromising the security of the vehicle or tampering of cryptographic credentials. this can be prevented by adopting the tamper proof hardware in the on-board units of the vehicle. 17

473 474

In [205] a global security architecture has been studied for Vanet safety challenges. Vanet information security is the one of the prime aspects in an open access environment for driver’s privacy, vehicle security and road safety.

Security Issues in VANETs

Confidentiality

Data Integrity

Authentication

Non-repudiation

Repudiation attack

Availability

Wormhole attack

Message falsification

Sybil attack

Blackhole attack

Impersonation attack

Message delay attack

Tunnelling

Grayhole attack

Sinkhole attack

Illusion attack

GPS spoofing

Denial of service attack

In-transit tampering

Message alteration attack

Impersonation

Distributed DoS

Greedy drivers

Message replay attack

Grayhole attack

Illusion attack

Industrial insider attack Forgery In-transit tampering

Figure 10: The classification of attacks based on security requirements

475

3.4. Mapping of attacks with security requirements

479

Figure 10 classifies the attacks based on the security requirement violated by them. Table 2 gives the mapping between the various attacks, classes of adversaries, security requirements hindered and solutions proposed for that attack. It maps the list of attacks along with class of adversary to which they belong. Further, they enlist the security requirement which they hinder along with the security solution proposed for that particular attack.

480

4. Security Mechanisms based on Cryptography

476 477 478

481 482 483 484 485 486 487 488 489 490

After discussion of various attacks and their proposed solutions, it is important to discuss about the generic security solutions proposed in literature which can handle all the attacks and provide the secure communication which focuses on all the security requirements listed in section 9. A survey on state of art of VANET about security issues and privacy concerns needed to be focused for network safety is discussed in [63]. The current article acknowledges current problems in security for VANET with respect to cryptographic angle and classifies them according to proposed cryptographic mechanisms recommended for VANETs along with their proposed solutions, effectiveness analysis and future extensions. The classification of various security schemes has been depicted in Figure 11. The crucial target of this review is to explore the literature which is attainable based on the search criteria. Figure 12 gives the citations of the various security schemes adopted by the researchers in a hierarchical manner to secure vehicular networks. It gives an overview of the general findings of the paper. The search is being classified based 18

Security Mechanisms

Intrusion Detection systems

Cryptography Mechanisms

Symmetric key cryptography

Public key cryptography

Entity based trust model

Public Key Infrastructure

Identity based cryptography

Trust based models

Data based trust model

Hybrid trust model

Certificateless Cryptography

Certificate Revocation

Figure 11: The classification of security mechanisms

499

on two classifications namely, cryptographic techniques and trust management techniques. The cryptographic techniques include four major cryptographic techniques, symmetric key, public key, identity based and the certificate-less cryptography. The trust management models are also divided into entity based, data based and combined trust models. The subject related to security in VANETs has so far being overlooked by both academia and industry which has been postponed to the later stages of implementation and deployment. This section provides a concise survey of recent literature related to proposed security frameworks and strategies used to secure vehicular communications has been provided. The survey focus on various prevalent techniques for securing the vehicular networks including public key infrastructure, symmetric key cryptography, certificate revocation and identity based cryptography, certificate-less cryptography.

500

4.1. Public Key Infrastructure

491 492 493 494 495 496 497 498

501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516

VANETs need to be protected from outsiders, as well as malicious insiders therefore, legitimacy of messages is mandatory. The messages exchanged among vehicles and trusted authorities must be authenticated. The vehicle firstly authenticates itself to a trusted authority which issues the pubic keys to vehicles. An infrastructure based on public key cryptosystem leads to the creation of digital certificates by Certification Authority (CA) upon authentication of vehicles and distribution of certificates among vehicles for secure communication among them (Figure 13). A central repository is used by CA to store the digital certificates which are revoked in case of malicious activity by some entity. The digital certificates so created actually maps the public keys with the vehicular entities. In fact, digital certificates are used to verify that a particular public key is associated to a specific node in network. Therefore, PKI finds use in message authentication with the help of digital certificates and in key distribution. Hu et al. [64] mentioned the security objectives of VANET framework as authenticity, privacy, information availability, short term linkability, efficiency, traceability and revocation. The security concepts for vehicular networks are defined by Gerlach et al. [67] by describing four viewpoints. Security aspects have been taken into consideration in [68] while talking about VANETs. Luo and Hubaux [69] propose the introduction in the MAC layer of VANETs along with discussion on security issues in [70]. Eichler et al. in [72] has provide a general overview of car to car communication (c2c comm.). The various challenges encountered in vehicular networks including attacks and adversary types were discussed by [75] and they 19

Figure 12: Overview of the literature for securing VANETs

517 518 519 520 521 522 523 524 525

526 527 528 529 530

discuss the issue by providing discrete security mechanisms for securing VANETs. [76] described architecture for VANETs by concisely remarking the various security concerns and their feasible resolutions. The concept of digital signatures usage in VANETs was given by [77]. SeVeCom security framework was described in [58] [81] by Raya and Papadimitratos in which architecture, vulnerabilities, challenges and cryptographic support were discussed in a detailed way to offer a more practical view on the problems that can occur. An architecture was described by Raya et al. [82] for private vehicular communications focusing on the management of identities and cryptographic keys. USA addressed the DSRC Consortium [96] as the most extrusive industrial effort in vehicular networks. While the Car 2 Car Communication Consortium [97] is being addressed in Europe and considerable other projects such as SEVECOM project [98]. 4.1.1. Pure PKI A new security architecture was described by Blum and Eskandarian [65] for VANETs to counter the only type of attack known as “intelligent collisions” (which are intentionally caused). The knowledge of as many potential threats in VANETs as possible is necessary to build such a security architecture. A virtual infrastructure was used by them in which clusters of vehicles were used and cluster-heads were responsible for digitally signing the messages using 20

Registration Process Public key

Private key Key Generation

User

Registration Certificate Issuance

Public Database Certification Authority

Encryption Algorithm

Private key User

Public key

Encryption

Decryption

Cipher Decryption Algorithm

Public Key Certificate

Message

Message

Figure 13: The basic Public key infrastructure

531 532 533 534 535 536

537 538 539 540 541 542 543 544 545 546 547

548 549 550 551 552 553 554 555 556 557

PKI for their reliable dissemination. The drawback of this approach is that bottlenecks are created at cluster-heads and further, it is difficult to manage such clusters in such highly ephemeral networks. Hubaux [66] focused on the privacy of vehicles by managing the trade-off between privacy and liability and used the unique electronic identifiers of the vehicles known as Electronic License Plates (ELP). Another scheme called PUCA [91] claims to provide efficient privacy while keeping basic qualities intact, such as revocation and Sybil-resistance for backend provider authentication. 4.1.2. Group Communication Secure aggregations are discussed in [71] that can be used to increase the channel efficiency in vehicular networks where there exists geographically dissected maps into tiny area cells and vehicle compares its GPS location with the already loaded dissected area maps to know its group. The cell length is 400 m and group leader is in center which assigns group key to all the members of the group. The drawbacks of such a group based approach is that firstly, group leader is difficult to manage as vehicles continuously changes their location and secondly, group formation difficult in vicinity of too few vehicles. The CARAVAN scheme [78] preserved privacy of the vehicles with the help of formation of groups in case of applications where vehicles need to communicate with infrastructure. The group leader accesses the infrastructure on behalf of whole group members and when the infrastructure is not accessed by vehicles, eavesdroppers are prevented from tracking pseudonyms of the vehicles by remaining silent. Gerlach offer a different perspective for implementing security models in car to car communication [79]. 4.1.3. Pseudonymous approaches Raya and Hubaux in [73] has proposed a new approach based on the pseudonyms where anonymous public keys were used along with the public key certificate for each anonymous public keys. However, this scheme has some shortcomings as it gives rise to high storage overhead of anonymous public keys and certificates also leading to extra communication. Raya and Hubaux have focused on particular VANET security subjects and make a complete overview of the architecture that could be used in the implementation of such networks [74][68]. Zhang [83] also discusses the security in VANETs in which the author implements attacks and discovers weaknesses in the VANET security layer. Yeh et al. [86] proposed a certificate based group key framework where the responsibility of managing of groups as well as distribution of keys was given to group leader. The proposed framework was lightweight yet high overhead was created by certificate based framework for the management of certificates in a large mobile network. 21

558 559 560 561

562 563 564 565 566 567 568 569 570 571 572

573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591

592 593 594 595 596 597 598 599 600 601 602 603 604 605 606

Dietzal et al. [93] introduces a robust aggregation scheme to remove the traffic information redundancy. It also applies the data integrity tests to ensure and purge false aggregate information with a considerably small overhead in the trade off. Traffic information as a service (TIaaS) is introduced in VANET base clouds to provide detailed traffic related information [94]. 4.1.4. Anonymous Certificates Raya et al. [80] proposed a different authentication scheme for vehicular communications where large number of short-lived anonymous certificates were used and are preloaded in OBU of vehicle. When the vehicle needs to sign the message, a certificate is used from the certificate pool. This approach had the deficiency that large certificate pool may lead to identity dispute as severe effort is needed to resolve it. The PKI-based authentication was combined with TESLA [84] protocol for VANETs to present a new anonymous authentication approach [85]. The first message signed and sent by sender is verified by trusted authority. By using the TESLA procedure, the subsequent messages are authenticated by receiver by directly comparing the MAC (Message Authentication Code) only if first message is authenticated. But, the receiver needs to store all digital certificates of adjoining nodes for long time which needs to storage overhead. Moreover, message authentication starts after the second message is received being infeasible in delay intolerant networks. 4.1.5. Hybrid Approaches Younes et al. in [87] has presented a secure protocol for congestion control for providing message authenticity and integrity that are transmitted in the network for detecting the security threats. The public key cryptography is employed for RSU authentication at intersection of roads. The identity based signatures and group signatures are employed for communication among various vehicles but at the same time, the proposed model also incurs high communication overheads. Lin et al. [88] proposed a bundle forwarding protocol assisted by RSU for vehicular delay tolerant networks to increase the network performance by increasing the delivery ratio in the network and black hole attacks are also prevented. Another privacy preserving authentication scheme was proposed by [89] based on the already in use spanish eID cards which have been used for VANETs. It helps in improving the security mechanism in VANETs when a road authority requires a direct and on demand authentication mechanism. For VANET scenarios a secure trustable protocol On-SiteDriverID is proposed in [90] to get the driver’s identities for the purpose of real time traffic control and policing situations. The performance success is 60-70% for real VANET scenarios to obtain the driver identities. Centralized approaches of networking require strong security concerns and uniform service provider. So Florian et al. [92]proposed a new decentralized long distance geo cast services technique which also improves the location privacy by not allowing the location based information access beyond local neighbourhood. Privacy based upon location is also proposed to protect the privacy of outsiders and insiders adversaries towards message manipulation. It also has efficient mechanism for revocation and a thin-client concept for real time safety applications. For swift dissemination of secure data, an effective protocol is presented in [95]. It keeps the sender private and allows the tracking system back to the sender at any point of time. 4.1.6. Certificate Revocation Certificates of any vehicle are revoked when some vehicle misbehaves in the network and in turn, RSU revokes its certificate to prohibit its communication with other vehicles in the network. Mostly, Certificate Revocation Lists (CRLs) are shared among all the VANET entities to revoke the certificates which are provided through the available infrastructure. Moreover, the keys are automatically revoked when short lived certificates are used. ”IEEE P1609.2/D2 draft standard” [15] proposes these methods. Raya et al. [73] propounded three protocols for certificate revocation namely,“Distributed Revocation Protocol (DRP)”, “Revocation protocol using Compressed Certificate Revocation Lists (RCCRL)” and “Revocation protocol of Tamper-Proof Device (RTPD)”. These protocols were introduced because standard methods of revocation cause high overhead. A novel certificate revocation proposal was introduced by Lin et al. [110] where in secret keys are granted for each RSU by trusted authority to sign all the messages which are communicated in the range of RSU. During certificate revocation, Trusted Third Party (TTP) sends messages to all the RSU’s and the messages are broadcasted by RSUs to the vehicles moving in the range of RSU to revoke the appropriate vehicle and the vehicle is restricted from communication. Although not specifically for VANETs, a blacklisted anonymous credential system was proposed by Tsang et al.[111] to block the misbehavior without use of trusted authority this approach can be feasible in VANETs: the vehicular entity needs to assure that blacklist does not contain 22

Table 3: Comparison of Public key Infrastructures for VANETs

607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631

632 633 634 635 636 637 638 639 640 641 642

Security Schemes

Anonymous certificates

Pseudonyms

Group Formation

RSU aided

Traceability by TA

Anonymity

Group signatures

Revocation

[“Blum et al. 2004”] [65] [“Hubaux et al.2004”] [66] [“Gerlach et al.2007”] [67] [“Raya et al. 2006a”] [71] [“Raya and Hubaux 2007”] [74] [“Huang et al. 2005”] [78] [“Raya et al. 2006b”] [80] [“Lin et al. 2007”] [85]

× × × × X × X ×

× × X × X X X ×

X × × X × X × X

× × × × × X X X

× X X × X × X X

× X X X X X X X

× × × X × × × X

× X X × X × × X

its ID and if it fails to do so, the messages from that vehicle will be ignored. A threshold based authentication mechanism was proposed by Sun et al. [112] and the traceability is provided by network authorities by tracing misbehaving vehicles. Few other schemes [113][114] were adopted to leverage the pseudonyms in vehicular networks where the revocation was possible only in few revocations feasible in finite settings. The scheme in [113] preserves user privacy, and simultaneously provides traceability by enforcement authorities by tracing law violators. Ganon et al. [115] proposed a merkle hash tree based revocation mechanism which preserves privacy by using a crowds based anonymous protocol to reduce the overhead caused by checking of status of certificates. It simplifies the time expensive certificate revocation of misbehaving vehicle checklist procedure. The data structure build by employing one way hash function is known as Merkle Hash Tree [116] where data’s hash value is carried by children nodes and the children’s hash value is concatenated by the internal nodes. Thus, a scalable approach is provided for the distribution of network’s revocation information. Ganan et al. [117] also proposed another revocation method where all vehicles’ revocation information is accumulated by the higher Certification Authority (CA) in VANETs into a single value which can be easily transmitted to the vehicles present in the network. This is the accurate method for providing each vehicle’s revocation information and at the same time, vehicle’s privacy is also preserved. Almulla et al. [118] proposed a k-means clustering approach for the certificate revocation validation in VANETs where the scheme’s detailed analysis of security was given. The scheme improves the certificate validation and thus improving the communication security in the scheme. A distributed approach was proposed for the distribution of certificate revocation list by Chen et al. [119] where the movement assisted approach is evaluated on a large scale network. There are several problems incurred in distributing CRLs. First, it can be difficult to manage huge CRLs as these tend to be quite long in view of high number of vehicular nodes and their high mobile nature as the vehicle while travelling the long distances can confront a large number of vehicles. Moreover, it’s not bandwidth efficient and requires additional communications to distribute huge CRLs. Second, if the short lived certificates are used, it still creates a vulnerability window as the CRL size grows at a harsh rate. Third, the additional storage requirements are needed in the onboard of vehicles to store large CRLs. Last but not least, the distribution of the CRLs depends heavily on the availability of an infrastructure. 4.1.7. Analysis After going through various proposed schemes discussed above it is quite evident that the public key infrastructure is not a viable solution in VANETs in view of the high vehicle mobility and real time guaranties. The overhead of certificate management and the keys sizes put a restraint on use of PKI in VANETs due to limited bandwidth. Further, if there occur an identity dispute, rigid effort is needed to resolve the same. If anonymous keys and short lived certificates are used for privacy preservation, it renders a high overhead on the network to manage large number of certificates. Table 3 gives the comparative analysis of proposed public key infrastructures for VANETs where the comparison has been done on various parameters which includes whether the certificates are being used, pseudonyms are used for communication, groups are formed among vehicles, communication is assisted by roadside infrastructure, the vehicle can be traced by trusted authority, communication is anonymous, signatures of group are followed and revocation of vehicles is supported or not.

23

643 644 645 646 647 648 649 650 651

4.2. Symmetric Key Approaches The most primitive type of cryptosystems used for securing information is Symmetric Key Cryptosystem where the session key is being shared and agreed upon by the nodes that are used to process communication messages (Figure 14). In this approach, a common shared key is established between two nodes which is used to exchange all the messages between these two nodes for the current session. Such type of cryptographic mechanisms are in fact, time and space efficient But, the pair wise shared keys are being prohibited from pre-loading in VANETs due to the huge scale of VANETs. Hence, there should be dynamic key establishment. Firstly, initial public key and certificate exchange is completed and then, “ISO/IEC 11770-3 Key Transport Mechanism 3” [99] is used for key establishment which is considered the most efficient way.

Intruder

??

Encrypt Plaintext

A

Decrypt Ciphertext

Plaintext

Shared Secret Key which is known to both A and B

B

Symmetric Key

Figure 14: The basic symmetric key communication process

652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671

4.2.1. Pure symmetric key A lightweight security mechanism was proposed by Choi et al.[102] to balance the privacy and liability in VANETs. It is unsuitable for inter vehicle communication as the neighboring vehicles authenticate each other through the road side units, which in not at all feasible in such highly mobile networks. Freudiger et al.[103] introduced ”mix zones” which are developed at road crossings for achieving location based secrecy in vehicular communications by mixing the vehicle identifiers at the intersections. Vehicles within the mix-zones use the symmetric keys with RSU’s to exchange messages with RSU’s. These solutions are more efficient in high traffic congestions to prevent tracking of vehicles. However, drawback is that overhead is incurred in mix-zones and non-repudiation is difficult. Hu et al. [105] also provided the scheme using ”Hash-based Message Authentication Code” in VANETs. The secure communications between vehicular nodes and road side units was achieved by symmetric encryption with HMAC checking. The groups of vehicles are maintained having a shared key and group communication among vehicles is done by using symmetric encryption along with HMAC calculation. Zhu et al. [106] proposed a secure communication network based on symmetric cryptography where two party key as well as group key distribution and agreement protocols were developed by different VANET scenarios. The problem of key leak was solved by this solution which is caused by joining or leaving of vehicles in network. The approach employed an aggregate signature scheme and XOR operation was used instead of point addition yet a high overhead was imposed due to usage of symmetric cryptography in such mobile vehicular networks. Another lightweight authentication scheme was proposed by Wang et al. [107] which is based on symmetric encryption and Message Authentication Code (MAC) is used for the signing and verification of messages. The pseudo identities were used for private communication yet providing conditional traceability to vehicles. 24

Table 4: Comparison of the various Symmetric key Approaches

672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689

Security Schemes

Privacy

Scalability

pseudonyms

Group Formation

RSU aided

NonHybrid Repudiation System

[“Burmester et al. 2008”] [100] [“Plob et al. 2008”] [101] [“Choi et al. 2005”] [102] [“Freudiger et al. 2007”][103] [“Chim et al. 2012”] [104] [“Hu et al. 2012”] [105]

X X X × X X

× × × X X ×

× × × × X X

× × × × × X

× X X X X X

× X X × X X

X X × X X X

4.2.2. Hybrid approaches A hybrid system was proposed by Burmester et al.[100] that uses both symmetric and asymmetric approaches for providing security in VANETs. It supports privacy, confidentiality and authentication. The two types of communications are provided: pair wise, when two nodes need to communicate and group communication when more than two nodes require communication. In Pair wise communication, symmetric keys were used for avoiding the overhead of using public key pair. A security architecture was given by Plob et al. [101] where PKI is employed at initialization exclusively for safety messages and the other messages mainly periodically sent beacons, employ symmetric key cryptography for maintaining the privacy of the participating entities. The symmetric key was established between the vehicle node and the trusted third party. However, drawback of this approach was that the vehicles have to contact the trusted third party (TTP) to decrypt and verify message each time which leads to high overhead in highly scalable vehicular networks. A new scheme was proposed by Chim et al. [104] where authentication of regular messages was done by using ”Hash-based Message Authentication Code” and endorsed public key cryptosystem for the verification of urgent messages by using some conditional privacy-preserving authentication scheme. A security framework was proposed by Wagen et al. [108] by employing symmetric and asymmetric cryptography such that authentication process and the secure key exchange was done by using asymmetric cryptography and safety applications used symmetric key for reducing the network latency. A dual protection and key management for efficient key distribution and updation is proposed in [109] when the user join or leave. Trusted authority identifies primary, secondary or unauthorized users which can be done in computationally efficient manner by updation of small quantity of information.

699

4.2.3. Analysis The symmetric keys are not viable solution for securing the VANETs as session key cannot be established between each pair of vehicles in the network. Thus, it is not feasible solution for highly scalable VANETs and soon exceeds in terms of overhead. The congestion-less wireless channel prevents the session key establishment for efficiency purposes in vicinity of only few vehicles. Besides, symmetric key establishment prevents from achieving non-repudiation, which is foremost requirement for VANETs. The various symmetric key schemes are discussed in Table 4. The various comparison parameters used are if the communication is private, the scheme proposed is scalable, if pseudonyms are used, if groups of vehicles are formed, the communication is having infrastructure support, non-repudiation is supported for accountability of sending messages and the system employs multiple types of cryptographic mechanisms.

700

4.3. Identity Based Cryptography Approaches

690 691 692 693 694 695 696 697 698

701 702 703 704 705 706 707 708

Recently, the identity based approach has become the mainstream in VANETs security when focused on the properties of VANETs. Earlier security approaches relied on Public Key Cryptography or Symmetric Key Cryptography but researchers have discovered recently that such security approaches are not the best choices for security of infrastructure-less networks like VANETs. The general layout of the identity based cryptography has been depicted in the Figure 15. Moreover distribution and management of keys, key sizes and certificate overhead pose a constraint on using the public key infrastructure due to limited bandwidth. Further, VANETs are delay intolerant networks and require real time services therefore; symmetric key cryptography is also not preferred. Hereby, ID based cryptography is presently believed as a practicable choice for VANETs.

25

Public parameters

1. Initialization www.xyz.com Key Generation Center ( KGC)

Alice

Bob

3. Key Generation

Public parameters

Message

Master public key

www.xyz.com

www.xyz.com

4. Decryption

2. Encryption

Secret key SK xyz.com

Message

Figure 15: The general identity based cryptography scheme

709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735

4.3.1. ID based digital signatures Few researchers have proposed of using Identity based Cryptography for securing VANETs. A ring signature scheme [120] based on IDBC was adopted by Gamage et al. [121] where ring signature scheme was modified for achieving ambiguity of signer to enhance the privacy requirements in vehicular networks. However the ring signature scheme is unsuitable in VANETs as it results in conditional privacy leading to non-repudiation, foremost requirement of VANET unattainable. A novel ID-based framework was propounded by Sun et al. [113] to achieve anonymity and non-repudiation. Privacy is achieved by the use of pseudonyms based approach and non-repudiation is achieved through threshold based distributed control where the driver’s identity cannot be revealed by single authority. It is assumed that the Tamper Proof Hardware (TPH) is used in the vehicles and the master key of trusted third party is never revealed. The identity string consisting of vehicle’s position information and timestamp was used by Biswas et al. [131] as public key by vehicle for generation of digital signatures for prevention of the wormhole [133] as well as replay attacks. This scheme used a variation of “elliptic curve digital signature algorithm (ECDSA)” with identity-based signature. Bloom filters are used to prioritize the messages in high traffic areas. However, it was found by Tsai [132] that the proposed scheme was susceptible to private key reveal attack and thus was insecure. He improved this scheme [132] by incorporating the concept of identity revocation such that vehicle receiving the signed message was able to check whether or not the message has been received from the vehicle which was revoked. Park et al.[134] proposed a protocol to achieve authentication and to provide location assurance by avoiding illicit tracking of vehicle’s location. The authentication between the RSU and vehicle is done by identity-based authenticated key agreement protocol [135], and the hierarchical identity-based signature [136] is used for generating and verifying the location-based signature. Another security framework was proposed by Bradai and Afifi [137] based on Identity Based Cryptography to achieve anonymity, non-repudiation and securing the messages in a confronted accident scene. Lee et al. [141] proposed On demand secure routing protocol which uses ID based cryptosystem and at the same time authenticates all the intermediate nodes. The Boneh and Franklin’s scheme is applied for additional security features. A new ID based privacy preservation scheme is employed by Huang et al. [142] where pseudonyms are used by vehicles in place of their real identities for communicating. An adequate mechanism for revocation is also provided in this scheme for identifying and revoking vehicles if needed. A conditional privacy preserving authentication (CPPA) without using traditional and mostly used bilinear pairing to achieve both privacy and authentication is proposed in 26

736 737 738 739 740 741 742 743 744 745 746 747 748

749 750 751 752 753 754 755 756 757 758 759 760 761 762 763

764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781

782 783 784

[143]. In regard with current cryptographic technology, bilinear pairing is quite complex operation for CPPA schemes which is avoided in this research paper. An Identity Based Signature based authentication framework was proposed for VANETs by Lu et al. [127] which utilizes “Identity Based Online/Offline Signature (IBOOS)”. Vehicle’s signing process is separated into online and offline phase in IBOOS to increase the efficiency of pairing processes. Initially, vehicles or roadside units execute offline phase employed for R2V(Roadside to Vehicle) or V2R (Vehicle to Roadside) communications and vehicles execute online phase for V2V communication. ACPN scheme [128] extended the IBOOS scheme by generating the pseudonyms based on PKC for preserving the privacy and updation was done as per vehicle request. Thus, it provided non-repudiation as well as authentication with anonymity. Nasreen et al. [139] employed a scheme where the authentication for vehicle to RSU is done by employing ID based signature and inter-vehicle authentication through ID based online/offline signatures. Chaudhuri et al. [140] presents a secure algorithm employing identity based cryptography for VANETs which attains the properties of security and privacy with management of pair of public/private key pair and identities. 4.3.2. ID based Group communication schemes An IDBC based group signature scheme was proposed by Chen et al. [122] where privacy of signer lies in the hands of group manager. The group members register itself to an authority named Group registration Manager (GRM) which on group’s behalf, can sign any message. This scheme provides liability as GRM can disclose any identity of the vehicle. Such group based schemes poses a constraint due to group formation limitation and group leader election in VANETs. Lin et al. [85] proposed a new scheme by combining the group signature and ID based signature to provide anonymous authentication in VANETs. The OBU of vehicle uses the short group signature based on bilinear pairings to sign a message. RSUs adopt the identity based signatures where the public key used is the location information of RSU. Chim et al. [25] introduced a new ID based framework where a vehicle uses a different pseudonym for each message protecting its privacy and the true identity of the vehicle can only be revealed by trusted authority. The vehicles moving in range of particular RSU form a group and the group members communicate securely by authenticating each other. An adequate authentication scheme was given by Hui et al. [138] where private vehicles use group signature to sign the messages. The RSUs and public vehicles (ambulance, public bus etc.) employed an identity-based signature to sign messages. In addition, the verification time is reduced by adopting the batch verification techniques. 4.3.3. Hybrid schemes A secure scheme SECSPP was given by Li et al. [123] which is an efficient authentication scheme adopting ID based cryptography and includes hash functions and blind signatures. Another ID-based security framework was proposed by Kamat et al. [124] where signcryption scheme was used to achieve security paradigms of anonymity, data integrity, authentication, non-repudiation and confidentiality. However, the framework relied heavily on road side infrastructure for generation of pseudonyms and pseudonyms are generated after vehicle signs a single message which renders high signaling overhead problem. The use of signcryption [125] is also proposed in VANETs having considerable advantage over signature and encryption methods as VANET nodes are not computational power restricted. However, in all these ID based proposals; the main obstacle was that the Key Generation Center generates the secret key of vehicular entity by utilizing KGC’s master key. It does not ensure non-repudiation as any message can be signed and decrypted by KGC abusing access proficiencies of vehicles leading to Key Escrow Problem [126]. To deal with the problem of key escrow, another solution was adduced by Choi et al.[129] in which Regional Transportation Authority (RTA) verifies vehicle’s ID and then issues signature value (Γ) to generate the vehicle’s public and private key using RSA algorithm and are generated on-board of the vehicle. Nonetheless, anonymity issues were not addressed. This drawback was mitigated by Dikmak et al. [130] where maximum anonymity is being focused by updating the pseudonyms periodically. However, RSA public/private key pair generation is autonomous of the update of pseudonyms and validity period of key pair is generally longer than the expiry time of pseudonyms. The hierarchical distribution of Certification Authorities (CAs) solves the problem of central point failure. 4.3.4. Analysis Table 5 gives briefly the comparison of the major ID based frameworks which have been proposed so far for VANETs. The comparison parameters used are if the scheme faces key escrow problem, there are so much broad27

Table 5: Comparison of proposed ID based frameworks

785 786 787

788 789 790

Security Schemes

Key Escrow Problem

Signalling Overhead

Privacy

pseudonyms

NonRSU aided Repudiation

[“Lin et al. 2007”] [85] [“Sun et al. 2007”] [113] [“Chen et al. 2003”] [122] [“Kamat et al. 2006”] [124] [“Lu et al. 2012”] [127] [“Choi et al. 2009”] [129] [“Dikmak et al. 2012”] [130] [“Biswas et al. 2013”] [131] [“Chim et al. 2011”] [25] [“Hui et al. 2010”] [138] [“Huang et al. 2011”] [142]

X X X X X × × × × X ×

× × X X × × × X X × ×

X × X X X × X X X X X

× X × X X × X × X × X

× X X X × X X X X X X

X X × X X × × × X X X

Group Formation

Location ID

X × X × × × × × X X ×

X × × × × × × X × × ×

casted messages in network which leads to overhead, private communication is employed, pseudonyms are used, non-repudiation is supported, infrastructure support to aid communication, group formation of vehicles and if the location ID of vehicle is added in message or not. 4.4. Certificateless Cryptography Approaches Certificateless Cryptography is a new and attractive paradigm which is in practice nowadays due to its enticing characteristics. It alleviates from the overhead of certificates as in PKI and also solves the problem of escrowing an identity in ID based cryptography (Figure 16). CL-PKC is considered to be well suited for VANETs in perspective of

Public key Cryptography

Identity based Cryptography

Certificateless Cryptography

Figure 16: Certificateless cryptography scheme is the middleway between IBC and PKC 791 792

793 794 795 796 797 798 799 800 801

802 803 804 805 806

limited bandwidth and the dynamic nature of such networks. 4.4.1. Certificateless authentication schemes Taha et al. in [145] has studied a key agreement scheme, based on Certificate-less Cryptography where it achieves mutual authentication between a Mobile Network node and a mobile router and also secure shared key is created between them. Certificateless Online/Offline Signature (CLOOS) Scheme is presented by Sharmila et al. [147] which is a light weight cryptographic scheme having high security and low communication overhead. The scheme is much efficient for resource constrained and low power devices. A new Certificateless Private Querying scheme was presented by Wan [148] to solve the anonymity problem in querying services in VANETs based on location by applying the technique of pseudo identity. After authenticating himself/herself to a nearby RSU, a driver can use the service. 4.4.2. Aggregate signature scheme A certificateless aggregate signature protocol was proposed by Mohanty et al. [144] for vehicular networks where RSU were responsible for the purpose of authentication and aggregating as well as verifying the messages from other vehicles. The results are also notified back to vehicles which are in the range of RSU and to other neighboring roadside units. The batch verification scheme is employed to reduce the verification time of large number of signatures from 28

Table 6: Comparison of Certificateless approaches in VANETs

807 808

Security Schemes

Privacy

Traceability

Aggregate Verification

RSU aided

Pseudonyms

Dynamic

[“Mohanty et al. 2012”] [144] [“Taha et al.2012”] [145] [“Wan 2013”] [148] [“Tseng et al. 2011”] [149]

X X X X

X × × X

X × × X

X X X ×

X × × ×

× X X ×

neighboring vehicles. The privacy is attained by the use of pseudonyms. The general scenario of the certificateless cryptography has been explained in the Figure 17.

Alice's Identity ALICE

Partial private key

KEY GENERATION CENTER (KGC)

secret value

Private key

Public key

Partial private key + secret value

Secret value + Public generator

master key

Figure 17: The general certificateless cryptography scheme 809 810 811 812 813 814 815

The recent paper [146] presents a pairing based certificateless aggregate signature scheme for ad-hoc networks. A secure authentication scheme was adduced by Tseng et al. [149] using certificateless cryptography for emergency messages validation in VANETs. The conditional privacy is ensured where vehicles should be traceable by law enforcement authorities. The method of signature aggregation and batch verification was used by the proposed scheme for verifying of emergency messages for the reduction of computation overhead. A novel certificate based signature scheme for V2I communication has been proposed by Hu et al. [64]. Thus, the certificateless cryptography retains the identity based key management characteristics but with key escrow problem being solved.

820

4.4.3. Analysis Table 6 gives the relative study of the proposed certificateless approaches and comparison is done based on parameters such as private communication, vehicle can be traced by authority, aggregate verification of signatures is employed, communication is supported by infrastructure, pseudonyms support and scheme is dynamic in nature where changes can be incorporated easily.

821

5. Trust Management

816 817 818 819

822 823

All the security solutions proposed so far, focus primarily on assuring that the message is delivered to its neighbours securely and there has been less attention towards grading the information quality which is exchanged among 29

841

the vehicles as the malicious nodes may send the bogus information in order to compromise the VANET. This section focuses how we can classify the works related to trust management in Vehicular ad-hoc networks. So, the control system should be such designed that the malicious incorrect information should be reduced to mitigate its effect on the vehicular network. Therefore, the notion of trust among the neighbouring vehicles in VANETs is a crucial matter that needs consideration. The trust is assimilated among the different vehicle nodes so that the false information sent by the malicious vehicles can be detected. It gives incentives to these vehicle peers to discourage self-centered behaviour and behave honestly. Modelling trustworthiness among vehicles poses various exceptional challenges. Firstly, the vehicles on highway are highly mobile and at such mobility, reaction time to such an inevitable solution need to be very minimal leading to the urgent need for vehicles to reacttrust incoming messages in real time. Secondly, the highly scalable nature of VANETs poses a constraint on trust management among peers as the million number of vehicles may pass through particular point in the network which leads to high overload in the network as the vehicles receive lots of information from the neighbouring vehicles. Hence there is need for an effective system to react in such hazardous situations. Another major challenge in modelling the trust in VANETs is the decentralized nature of VANETs. The vehicle which is interacting with other vehicle may not communicate with it in the future which hampers from building the long term relationships in such highly dynamic networks. Variety of schemes are explained in [177] to enhance various ad-hoc routing protocols through improving the credibility between various nodes in VANET to design secure routing procedure.

842

5.1. Existing Trust Models for VANETs

824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840

843 844 845 846 847 848

849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871

In vehicular networks, limited numbers of trust models are being proposed so far for assuring the trust among neighbouring vehicles in VANETs. In this section, all these models have been summarized and their issues have been discussed. There can be three broad classifications of trust models, entity oriented trust models, data oriented trust models and hybrid trust models. The trust relationships among VANET entities is targeted by entity-oriented trust models, the evaluation of the data trustworthiness among entities is targeted by data-oriented trust models and hybrid trust models focus on both entity trust and data trust. 5.1.1. Entity-oriented trust models Gerlach in [151] has studied a sociological trust model which was based on an entity trust where architecture was designed to incorporate the trust and location privacy among the entities of the network. This model has distinct levels of trust which includes situational trust, dispositional trust and system trust and formation of belief regarding data is based on the various trusts. Nevertheless, it was not explained that how different trusts should be combined. Minhas et al. [152] proposed a multi-faceted trust modelling system for VANETs which includes the experience trust as well as role based trust to be used as the parameter to evaluate trust of vehicle nodes. The vehicles can inquire other vehicles regarding any event that has occurred but also restricts the number of received reports. A new trust framework was presented by Ayman et al. [153] which preserves the privacy while allows the formation of trust based on the reputation of network entity. The framework employs the group formation where VANET entities preserve the anonymity and only group managers are able to identify the group members. Therefore, groups simplify the task of building group reputation and trust calculation of received messages without compromising privacy. Chuang et al. [154] proposed a decentralized and lightweight trust based authentication scheme for inter vehicle communications. This scheme adopted the trust relationships which are transitive in nature for the enhancement of authentication method. Another security framework was presented by Wagan et al.[155] which employed symmetric and asymmetric cryptography and forms trusted groups to build an enhanced trust relationships among vehicles in the group. Wu et al. [156] proposed a privacy preserving framework for trustworthiness of messages in inter-vehicle message exchanges. The attackers are thwarted by employing both a posteriori as well as a priori countermeasures. Until and unless the vehicle does not sign twice the same message, the vehicle privacy is preserved. The scheme was based on threshold authentication for inter-vehicle communications where one can change threshold with respect to message context without the need to define it at design phase. Additionally, the authentication of messages is expedited by batch verification technique.

30

872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893

5.1.2. Data-oriented trust models These trust models are used to evaluate the data trustworthiness coming from the neighbouring vehicles. A data centric trust model which is applicable for VANETs was defined by Raya et al. [157] where distinct metrics for trust were given of which a priori trust relationships is considered as one of the parameter for trust evaluation and trust is dependent on the various metrics associated correlated with the typical vehicle entity. The level of trust of entity depends on the various events associated with nodes that if the event took place or not which was associated with data. This trust model has shortcomings that only transitory trust is formed upon data and no trust relationships between vehicles are built therefore, trust needs to be established again and again. A trust model was designed to detect and amend the incorrect data by Golle et al. [158] in VANETs. This model has all the information about the other entities in VANETs. When the data received by particular entity matches with the already contained information in model with high probability then the data is accepted by the vehicle. However, in such a highly scalable network, it is not achievable that each vehicle has all the information about the network and exclusively assesses the data validity. Further, it also leads to storage overhead problem in vehicle entities. To calculate VANET security’s trust, a combination of probabilistic and deterministic approach is introduced in [159]. It calculates the peer vehicles’ trust to find out if the message is transferred further or should be dropped. It considers signal strength and geographic location of the vehicle to calculate the trust level. Another software-defined trust management VANET is explained in [160]. Control plane is separated from forwarding plane. Control plane controls the routing protocols along with trust evaluation. Routing protocol known as software-defined trust based ad-hoc on demand distance vector routing, is explained using on demand distance vector routing. Another method [161] to check the authenticity of mobile and data nodes to control malicious attacks. Two dimensional trust is calculated using the recommendation and functional trust from the data analysis through multiple vehicles. It is recommended to be used for wide application ranges to enhance authenticity and mobility of VANET traffic.

912

5.1.3. Hybrid trust models Hybrid trust models combine the entity level trust and data centric trust. Chen et al. [162] propounded a trust based framework where trust relationships are maintained with the help of distinct trust metrics to evaluate the data received from the other vehicle entities. This scheme employs an identity based aggregation scheme to be employed for data aggregation and calculating trust notions. The groups are formed and group leader are responsible for calculation of trust based on the trustworthiness of other entities’ by combining the trust based on role and experience which is then used for computing majority opinion to detect malicious information sent from sender and the incorrect information so detected is either dropped or regulated to local minima. Ultimately, the decision about the data trustworthiness for the entity is derived from the evaluation result. Hereby, the proposed hybrid model approves the vehicles for evaluation of the information by taking into account the other entities’ believes. Another hybrid trust based message propagation model was designed by Zhang et al. [83] where the information collected from the neighbouring vehicles is propagated securely and efficiently and dynamic dissemination of information is controlled thus, elevating scalability of network. A reputation based hybrid trust model was proposed by Patwardhan et al. [163] where it is assumed that anchor nodes are already authenticated, and the data supplied by them is considered to be accurate. The model approves the data by either having an opinion with neighbouring vehicles or explicitly communicating with any of the anchor node. If the validation algorithm disapproves the data received from a particular entity then that entity is termed as malicious entity. The weakness of the current model is that reputation of the neighbours is not determined while calculating the data trustworthiness and hence, this model is only dependent on the broadcasted information from neighbouring entities.

913

5.2. Analysis of existing trust models

894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911

914 915 916 917 918 919 920

The discrete properties are being aspired by trust management models in VANETs which include privacy, system level security, authentication etc. The trust management in VANETs need to de decentralized to manage with immensely scalable, mobile and distributed quality of VANETs. Since the environment of neighbouring nodes is changing rapidly and consistently, hereby the trust models should capture this dynamism for managing trust among entities. Trust management should also be able to deal best with the scalable nature of VANETs. Confidence measure should be included in trust management to capture uncertainty. The confidence level should depend on the various metrics that were available to calculate trust value. The mechanism of trust management should be robust enough to 31

Table 7: Properties of Existing Trust Models Security Schemes

Decentralized Robustness Authentication Privacy

[“Gerlach 2007”] [151] [“Minhas et al. 2010”] [152] [“Wu et al. 2010”] [156] [“Raya et al. 2008b”] [157] [“Golle et al. 2004”] [158] [“Chen et al. 2010”] [162] [“Patwardhan et al.2006”] [163] [“Zhang et al. 2010”] [83]

× X × X X X X X

× × X × X × × ×

X X X × X X X ×

X X X × X × × ×

Security

Confidence

Scalability

Dynamics

X X X X X X X X

X X X X × X × X

× X × × × X × X

X X X X × X X X

923

deal with the distinct attacks which can be mounted on VANETs. Table 7 lists the comparative analysis of the properties of existing trust models where comparison parameters used are if the scheme is decentralized, robust, security requirements of authentication, privacy, confidentiality, scheme is secure, scalable and dynamics supported or not.

924

6. Intrusion Detection Systems

921 922

934

The deployment of Intrusion Detection Systems (IDS) helps in identification of an attack in an effective manner. Intrusion can be defined as “any set of actions that attempt to compromise integrity, confidentiality or availability of the resource”. This section classifies the Intrusion detection mechanisms proposed in literature for VANETs. For example, the systems and protocols intended for providing VANET services can be prone to number of attacks such as Denial of Service (DOS). The network systems are protected by using a second line of defense i.e. intrusion detection systems. It is important to detect the intrusion which can in turn launch counter measures by putting the response in place for minimizing the damage. The assumption of being network activities observable is made by intrusion detection systems i.e. all the packets in the network are being captured for examination. This network information captured is known as audit data which helps in determining the significant variation from the normal behaviour of the system and if there is significant variation, IDS determines the system under attack.

935

6.1. IDS based on router nodes

925 926 927 928 929 930 931 932 933

936 937 938 939 940 941 942

943 944 945 946 947 948 949 950 951 952 953 954 955

A lightweight and precise intrusion detection scheme is proposed by Sedjelmaci et al. [165] to work for topological variation and intense mobile node. It uses clustering techniques using network vulnerability and node mobility. Enhanced performance metrics include lower communication overhead, faster attack detection, low false positive rate and high detection rate. Zaidi et al. [209] proposed an intrusion detection system based on detection of false nodes using statistical information of the nodes and it is evaluated by simulation using rogue nodes (RNs) which are used for launching different types of attacks. The proposed IDS is capable of detecting a false information attack using statistical techniques effectively and can also detect other types of attacks. 6.2. IDS based on reputation In [171], security breaching issues have been handled using learning automata-assisted distributive systems using clustering approach. Learning automata are assumed to be installed on the vehicles for cluster analysis which assist the clouded based storage infrastructure by choosing the cluster heads. Automata adaptively learns and modifies the decision based on the learning network environment and maintains a performance probability vector when applied on NS-2 along with SUMO. A statistical technique for rogue detection is discussed in [209]. Intrusion detection system model is trained through VANET model in the simulations involving the rogue nodes. Presentation using statistical and graphical techniques is done , rogue nodes are introduced and then caught through the proposed algorithm based upon cooperative information exchange mechanism. An intrusion detection based upon automata is proposed by Kumar et al. [164] which is installed on the vehicles to get the network status. State transitions depend upon network congestion and states are defined through Markov chain model. Collaborative trust index parameter is used for parameter tuning and optimized results include overhead generated, detection ratio and false alarm ratio. Intrusion detection pros cons survey is provided for a given wireless network (WLAN, WPAN, WSN, WMN, CPS, mobile telephony) by Mitchell 32

957

et al. [175]. It considers trust model, analysis technique, collection process and detection technique for their research gaps and proposed fillers.

958

6.3. IDS based on distributed architecture

956

959 960 961 962 963 964 965

966 967 968 969 970 971

Kumar et al. has studied IDS based on collaborative learning automata (T-CLAIDS) for VANet as discussed in [206]. Learning Automata have been used for information capture from vehicles about their different states followed by Markov chain model for their state transition representation. For cyber security, in [185] a hierarchical cooperative Cyber Defence Game (CDG) based upon head and secondary agents to shield against attacks. Role of head have been played by Decision agent which is after obtaining the strategies from secondary players: Detection, Prediction and Reaction systems. This collaboration results in lower communication overhead and FP/FN rates. CDG is scalable for large scale Vanets and includes the overheads as driving variables for affecting the secondary agents. 6.4. IDS based on zones In [208] Arain et al. has proposed mix-zone authentication which just requires vehicle communication for dynamic pseudonym change using reported server based registration. Mixed zone base communication has been studied in [207] which is able to yield robust protection for vehicle communication. Memon et al. has proposed three techniques, multiple region based image retrieval, unsupervised feature technique PCA and Geolocation based image retrieval (GLBIR).

984

6.5. Hybrid intrusion detection systems Incremental SVM based multi decision intrusion detection is introduced in [167] and is known as Collection, Exchange, Analy-sis, and Propagation model. It handles high mobile nature of VANET with minimal overhead and high detection rate. It handles the massive training dataset by reducing the data collection through specialised nodes and saving only support vectors for retraining. Detection of malicious nodes in VANET is proposed by Khan et al. [168] which effectively authenticates the malicious node detection to improve the network performance. Even before passing through the server, the fake messages can be filtered out using technique described by Lalitha et al. [169]. It also maintains the senders and the message information which is helpful to track down the source. In [170], a lightweight efficient technique is invented for three problems: false alert generation, integrity target and denial of service. NS-3 simulator has been used for performance analysis of proposed technique ELIDV to claim high accuracy and lower overhead. The intrusion detection classification with the required properties has been detailed in table 8 where the intrusion detection systems designed have been compared.

985

7. Discussion

972 973 974 975 976 977 978 979 980 981 982 983

986 987 988 989 990 991 992 993 994 995

The various security schemes have been discussed so far by analyzing the pros and cons of each scheme. This section presents the systematic chronological order of all the schemes which have been discussed in the previous sections. Table 9 gives the comparison of the different schemes chronologically based on the distinctive characteristics and thus helps to the review of the security solutions accurately. The table firstly, groups the techniques based on the type of security mechanism employed ie. public key cryptography, symmetric key cryptography, identity based cryptography, certificateless cryptography, trust model or intrusion detection system. Then the comparison is done based on the type of approach employed in each of the above mechanisms and then discussing the technique used, security properties achieved by that approach i.e authentication, integrity, confidentiality, non-repudiation etc. The table also discusses if the proposed approach is pseudonymous based or not, if it allows group formation or not, does it have infrastructure support or not and then finally discussing the unique properties of the approach. Table 9: Classification of prominent VANET security methods based on distinctive characteristics: Public Key Cryptography, Symmetric Key Cryptography, Identity Based Cryptography, Certificateless Cryptography, Entity BasedTrust Model, Data BasedTrust Model, HybridTrust Model.

Mechanism

Approach

Technique

VANET properties

33

Pseudonyms

Group

Infrastructure support

Description

PKC

Blum [65] (2004)

Digital signatures, Group communication

Authentication

-

X

-

Messages reliably disseminate by cluster heads after signing.

PKC

Hubaux [66] (2004)

Inter-vehicle communication

Authentication, Anonymity, Non-repudiation, Scalability

-

-

-

Electronic license plates as IDs for communication among vehicles.

PKC

Huang [78] (2005)

Group signatures

Anonymity

X

X

X

Group leader only accesses infrastructure on behalf of group members.

PKC

Raya [71] (2006)

Group signatures

Authentication, Anonymity

-

X

-

Dissected area map helps vehicle to locate group by comparing locations.

PKC

Raya [80] (2006)

Anonymous Preloaded Certificates

Authentication, Anonymity, Traceability

X

-

X

Revocation difficult due to large certificate pool.

PKC

Raya and Hubaux[73] (2007)

Anonymous Preloaded Certificates

Authentication, Anonymity, Non-repudiation

X

-

-

Anonymous certificates are preloaded in on board of vehicle.

PKC

Gerlach [67] (2007)

Logical viewpoints presented

Authentication, Privacy, Non-repudiation

X

-

X

Security concepts are defined for VANET using four viewpoints.

PKC

Lin [85] (2007)

Group Signatures

Authentication, Anonymity, Non-repudiation

-

X

-

Verification is possible when second message is received, revocation difficult as OBU store all certificates.

SKC

Choi [102] (2005)

Symmetric Communication

Authentication, Anonymity, Non-repudiation

-

-

X

Peer vehicles need mutual authenticatation via a base station.

SKC

Freudiger [103] (2007)

Combination of symmetric and asymmetric

Anonymity, Scalability Traceability

-

-

X

Mix zones are created at intersections where vehicles use symmetric keys with RSU’s to exchange messages.

SKC

Plob [101] (2008)

Asymmetric and symmetric communication

Authentication, Anonymity, Non-repudiation

-

-

-

Vehicles need to contact Trusted third part each time to verify each message

SKC

Burmester [100] (2008)

Hybrid System

Authentication, Anonymity

-

-

-

Symmetric keys for pair-wise communication and public keys for group communication.

SKC

Chim [104] (2012)

HMAC and Public key infrastructure

Authentication, Anonymity, Non-repudiation, Scalability

X

-

X

HMAC based authentication for regular messages and PKI for urgent messages.

SKC

Hu [105] (2012)

HMAC and symmetric encryption

Authentication, Anonymity, Non-repudiation

X

X

X

Symmetric encryption is used to establish a secure communication among group members in a group.

IDC

Chen [122] (2003)

Identity Based Group Signatures

Authentication, Anonymity, Traceability

-

X

-

The vehicles register themselves to GRM and any message can be signed by them on group’s behalf.

IDC

Kamat [124] (2006)

Signcryption Scheme

Authentication, Anonymity, Confidentiality, Non-repudiation

X

-

X

Availability of infrastructure for pseudonym generation but it leads to signaling overhead problem.

IDC

Sun [113] (2007)

ID based Digital signatures scheme

Authentication, Anonymity, Non-repudiation, Scalability

X

-

X

Pseudonymous based approach through threshold based secret sharing scheme to achieve non-repudiation.

IDC

Lin [85] (2007)

ID based signature and group signature

Authentication, Anonymity

-

X

X

Vehicles use group signature to sign messages and RSU’s use location information as public key.

IDC

Choi [129] (2009)

ID based cryptosystem with self generated RSA public keys

Authentication, Anonymity, Non-repudiation

-

-

-

RTA verifies the vehicle ID and generates signature value to generate signatures.

IDC

Hui [138] (2010)

Identity based signature and group signature

Authentication, Anonymity, Non-repudiation

-

X

X

ID based signature for public vehicles/RSUs and group signature for private vehicles.

IDC

Huang [142] (2011)

Identity based signature

Authentication, Anonymity, Non-repudiation

X

-

X

Psuedo ID are used and an adequate mechanism for revocation is provided in this scheme.

IDC

Lu [127] (2012)

ID based online/offline signature

Authentication, Anonymity

X

-

X

ID based signature is for authentication between RSU and vehicles. ID based online/offline signatures for authentication among vehicles.

34

IDC

Dikmak [130] (2012)

ID based cryptosystem with RSA keys

Authentication, Anonymity, Traceability

X

-

-

RSA public/private key pair is independent of pseudonym update.

IDC

Biswas [131] (2013)

Elliptic curve digital signature algorithm

Authentication, Anonymity, Non-repudiation

-

-

-

Current position information and timestamp of vehicle are used as ID and bloom filters are used to prioritize the messages.

CC

Tseng [149] (2011)

Certificateless authentication scheme

Authentication, Anonymity, Non-repudiation, Scalability

-

-

-

The scheme uses aggregation and batch verification schemes for emergency message verification.

CC

Mohanty [144] (2012)

Certificateless aggregate signature scheme

Authentication, Anonymity, Traceability, Scalability

X

-

-

The user generates the public key by using public parameters of KGC and secret key.

CC

Taha [145] (2012)

Certificateless ture scheme

Authentication, Anonymity

-

-

X

The scheme achieves mutual authentication between mobile node and mobile router.

CC

Wan[148] (2013)

Certificateless based private querying scheme

Anonymity

-

-

X

The scheme applies pseudo ID and after authenticating to a nearby RSU, driver can use location based services.

ETM

Gerlach[151] (2007)

Sociological model

Authentication, Anonymity, Confidence

-

-

-

Sociological trust model based on an entity trust; architecture designed to incorporate trust/ location privacy among network entities.

ETM

Minhas [152] (2010)

Multi-faced trust model

Authentication, Anonymity, Confidence, Scalability

-

-

-

Calculation of trust based on trustworthiness of other entities’ by combining trust based on role and experience to detect malicious information.

ETM

Wu [156] (2010)

Threshold authentication scheme

Authentication, Anonymity, Confidence

-

-

-

Framework to preserve privacy for trust of messages exchanges. Attackers are thwarted by adapting a priori and a posteriori measures.

DTM

Golle [158] (2004)

Probability based trust

Authentication, Anonymity, Decentralized

-

-

-

Model has info about other VANET entities. Data received by entity is accepted if it matches the model with high probability.

DTM

Raya [157] (2008)

Data oriented trust

Confidence, Decentralized

-

-

-

Trust level of entity depends on events associated with nodes. But only transitory trust is formed and no trust relationships are built.

HTM

Patwardhan [163] (2006)

Reputation based trust model

Authentication, Decentralized

-

-

-

Model approves data by having a neighboring opinion any of the already authenticated anchor nodes.

HTM

Chen [162] (2010)

Identity based aggregation scheme

Authentication, Confidence, Decentralized, Scalability

-

X

-

Trust relationships are maintained with distinct trust metrics to evaluate data and employs ID based aggregation scheme.

HTM

Zhang [83] (2010)

Trust based message propagation scheme

Confidence, Decentralized, Scalability

-

-

-

Info collected from neighbours is propagated efficiently in it.

signa-

trust

996

997

998 999 1000 1001 1002 1003 1004 1005 1006

1007 1008

8. Open Issues From the perspective of VANETs, the information should be transmitted from one vehicle to other vehicles without much communication overhead and delay. The transmission in the network must ensure that the security requirements are fulfilled and information transmission is reliable. There exists some open issues to be considered while considering the security as a major milestone for the successful deployment of VANETs. The open issues reported in security of VANETs can be categorized based on various communication modes and technologies used. There are many issues which still need consideration and can become open research areas. Few of these issues which can become new emerging directions in future are shown in table 10 where major open problems are being discussed along with the category in which they fall i.e. V2V or V2I and the technology on which they rely upon i.e. hardware & software support, infrastructure, wireless interface and sensors used in vehicle. 1. Cryptographic approaches employed for security, privacy and traceability of vehicles: The very basic concept of cryptographic technique is key management. Is the key management and distribution exclusive to vehicle 35

Table 8: Properties of Existing Intrusion Detection Systems for VANETs Intrusion Detection System

Architecture

Methodology

Technique Adopted

Attack Prevented

[“Sedjelmaci et al. 2015”] [165] [“Zaidi et al. 2016”] [209]

Clustered

clustering techniques based on network vulnerability and node mobility Statistical techniques for detection of false nodes

generic

[“Kumar et al. [171]

2015”]

Distributed and clustered

Based on router nodes Based on router nodes based on reputation

[“Kumar et al. [164]

2014”]

Distributed

based on reputation

[“Kumar et al. [206]

2014”]

Cooperative

[“Brahmi et al. [185]

2019”]

Cooperative and distributed

[“Memon et al. [207] [“Wahab et al. [167] [“Hitchem et al. [170]

2017”]

clustered

2016”]

distributed

based on Cooperative distributed architecture based on Cooperative distributed architecture based on Cooperative detection based on SVM

2016”]

distributed

Hybrid

standalone

Automata assisted distributive systems. Automata learns and modifies decision and maintains performance probability vector Automata based state transitions which are defined through markov chain model. Collaborative trust index used for parameter tuning. Collaborative learning automata for information capture followed by markov chain model.

False information attack Generic Generic Generic

hierarchical cooperative defense game to defense against attacks with the help of decision agents and predication/reaction systems . Mix zone based communication .

Generic

multi decision intrusion detection where data collection is reduced through specialized nodes . lightweight technique for false alert detection, integrity target and denial of service with low overhead

Generic

Generic

False alert, denial of service

Table 10: Open issues in VANETs and corresponding categories

1009 1010 1011 1012 1013

1014 1015

Open Issue

Mode of communication

technology support

Cryptographic approaches employed for security, privacy and traceability of vehicles

V2I

Hardware & Software, Infrastructure

Ability of network to self organize to enable communication

V2V

Hardware & Software, Infrastructure

Revocation process and CRL management and distribution

V2V & V2I

Wireless interface, Hardware & Software, Infrastructure

Data trust and reputation of node

V2V

Wireless interface, Hardware & Software, Sensors in vehicle

Trust evaluation and misbehaviour detection

V2V & V2I

Wireless interface, Hardware & Software, Sensors in vehicle, Infrastructure

Intrusion detection frameworks

V2I

Wireless interface, Hardware & Software, Infrastructure

manufacturer or government? What should be the key size so that it does not impose any message delay in the network? How to handle the delays related to key management and distribution? How to deal with keys without any certificates? How to deal with short lived keys? How does it impose a communication overhead while managing the keys and revoking the keys? How the traceability and privacy is achieved ? For non-traceability, partial pseudonyms can be used, But how secure are they? 2. Ability of network to self organize to enable communication: The ability of the vehicles to form groups and have inter-group as well as intra-group communications feasible. How to handle the group partitioning and how 36

1016 1017 1018 1019 1020

1021 1022 1023 1024 1025 1026 1027

1028 1029 1030 1031 1032 1033

1034 1035 1036 1037 1038 1039

1040 1041 1042 1043

1044

1045 1046 1047 1048 1049

1050 1051 1052 1053

1054 1055 1056 1057 1058

1059 1060 1061

to communicate across jammed signals? What happens to key management and communication channel if the group leader leaves the group? Is there any second best leader chosen? What are the criteria to select the group leader? What happens if the group leader is a malicious vehicle? What happens if the communication fails? Is there any infrastructure support to support group communications? If yes, Will not it render high cost to the network? What are problems incurred with integrating other wireless technologies? 3. Revocation process and CRL management and distribution: The revocation process involves revoking the vehicle once it is detected as misbehaving and distributing the list of revoked vehicles. How the revocation should be done once misbehaviour is detected. How the CRL should be distributed? Doesn’t it impose any overhead on network while distributing CRLs? these solutions are still not fully developed even though they are strong part of security systems. There is no infrastructure support for CRLs. How to manage CRLS with short lifetime certificates. Certificate Revocation and authorization are not present in new crypto based security solutions, What are alternatives? Are these alternatives feasible in highly dynamic network? 4. Data trust and reputation of node: It is very important to ensure that the information exchanged between vehicles in VANET is accurate or misleading to ensure the safe drive. It is major concern to trust the information received from other vehicles. the vehicle must be able to act as intrusion detection system to check the validity of the messages received. What happens if the vehicle is having trust value initially and suddenly it turns malicious? How to check if any changes have been done with the tamper proof hardware or not? How much should be the reaction time of vehicle without compromising security? 5. Trust evaluation and misbehaviour detection: Evaluating the trust of the vehicle is an open problem as many trust models have already been proposed to calculate the vehicle’s reputation level and communication is based on the reputation level a particular vehicle possesses. What criteria should be defined for the node to check if it is trusty or not? Is the trust calculated reliable? Is it countable to send critical messages? What actions should be taken once trust is calculated? Where are punishment factors defined? What are criteria to revoke vehicle in case of wrong trust calculation? 6. Intrusion detection frameworks: The intrusion detection systems are very important for detecting any malicious activity in the network and these should be already embedded in all the vehicles. Are the existing intrusion detection systems capable enough to timely handle the malicious and misleading information in the network? How these can be improved to handle the issues of network security in highly dynamic network? Some of the problems in VANETs that pose constraints on securing the networks are as follows: • Broadcasting based Dissemination: The broadcasting based dissemination of information may flood the network with high traffic leading to congestion of the channel. In densely populated areas i.e. in populated cities or major highways with large number of vehicles, the information overload on the channel should be controlled so that it does not exceed the normal wireless bandwidth. The message repetition is also a major drawback in broadcast based information dissemination as the same information is broadcasted by majority of the vehicles. • DoS Resilience: DoS attacks are the nightmare while considering the security aspects as they hinder the availability of the channel and the whole network fails. These are launched with no rational purpose and it is very difficult to detect the major root of the attack, especially when it is launched in a distributed manner. Therefore, such attacks can be mitigated if the switching among the different channels is securely done. • Secure Positioning: The GPS signals should be more accurate and precise as variations of even few meters can lead to hazardous circumstances and the performance of the network degrades. The buildings and infrastructure may deteriorate the signal strength of GPS. Therefore, the GPS readings should be precise enough to give the values accurately. Moreover, GPS is also prone to a number of GPS spoofing attacks or signal jamming attacks. Therefore, definitive solutions to these attacks need to be proposed for the better performance of the network. • Misbehaviour Detection: The legitimate vehicles in the network may act maliciously and transmit the wrong and bogus information in the network to misguide the other vehicles about the traffic conditions. Such misbehaviour is dealt by correlating the data received from such nodes with the other vehicles and testing the 37

1062 1063

1064

trustworthiness of the information. The reputation based systems can be the best possible solutions against such malicious information dissemination. 9. Conclusion

1076

The paper has presented a detailed study on the security and privacy aspects in VANETs. Various attacks and possible adversaries with proposed solutions have been compared and analysed. The study focus over following cryptographic schemes: Public Key Cryptography, Symmetric Key Cryptography, Identity Based Cryptography, Certificateless Cryptography. The state of the art of various cryptographic security solutions and the trust oriented models is reviewed in detail. Furthermore, comparative analysis of the proposed security mechanisms based on the employed technique is presented in detail. Finally, all these schemes are overlapped with the properties of the VANETs and summarized with the major open issues in the area. Thus, the paper gives an overview of the systematic literature in the area of VANETs which was scattered earlier in different reviews. It gives an overall review about requirements, challenges, attacks, security mechanisms, trust management techniques, intrusion detection mechanisms and comparative analysis of the state-of-the-art techniques. Contrast and assessment of security mechanisms in the area of VANETs can aid in selecting the appropriate secure technique. Thus, the review is useful for implementing security in dynamic networks as per the user requirements.

1077

Conflict of interest

1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075

1078

1079

1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113

There is no conflict of interest. References [1] Zeadally S., Hunt R., Chen Y.S., Irwin A., Hassan A. Vehicular ad hoc networks (VANETS): status, results, and challenges, Telecommunication Systems. Vol. 50 (2012) 217-241. [2] Mishra B., Nayak P. and Behera S. Security in Vehicular Adhoc Networks: A Survey. Proceedings of International Conference on Communication, Computing & Security, India (February 2011) 590-595. [3] Moharrum Mohammed A. and Daraiseh Ahmad A. Toward Secure Vehicular Ad-hoc Networks: A Survey, IETE Technical Review , Vol 29, Issue 1 (Jan-Feb 2012) 80-89. [4] Rivas D.A., Jose M.B., Zapata M.G., Morillo-Pozo J.D. Security on VANETs: Privacy, misbehaving nodes, false information and secure data aggregation. Journal of Network and Computer Applications, Vol. 34 (2011) 1942-1955. [5] Zhang J. A Survey on Trust Management for VANETs. Proceedings of International Conference on Advanced Information Networking and Applications. (2011) 105-112. [6] Barbara Kitchenham and Stuart Charters. 2007. Guidelines for performing systematic literature reviews in software engineering. Technical Report EBSE-2007-01. 1-44. Retrieved from http://userpages.unikoblenz.de/ laemmel/esecourse/slides/slr.pdf. [7] Lu H. and J. Li. Privacy preserving authentication schemes for vehicular ad hoc networks: a survey. Wireless Communications and Mobile Computing (2014). [8] Choi J. and Jung S. Unified security architecture and protocols using third party identity in V2V and V2I networks. Wireless Communications and Mobile Computing, Vol. 12, no. 15 (2012) 1326-1337. [9] Chen W., Guha R., Kwon T.J., Lee J. and Hsu Y.Y. A survey and challenges in routing and data dissemination in vehicular ad hoc networks. Wireless Communications and Mobile Computing 11, no. 7 (2011) 787-795. [10] Liu, Jianqi, Jiafu Wan, Qinruo Wang, Pan Deng, Keliang Zhou, and Yupeng Qiao. ”A survey on position-based routing for vehicular ad hoc networks.” Telecommunication Systems 62, no. 1 (2016): 15-30. [11] Neha, Roy, and Jinila Y. Bevish. ”A survey on security challenges and malicious vehicle detection in vehicular ad hoc networks.” Contemporary Engineering Sciences 8, no. 5 (2015): 235-240. [12] Zhou, Tong. ”Data Collection, Dissemination, and Security in Vehicular Ad Hoc Network.” PhD diss., 2015. [13] IEEE 802.11p, Amendment to Standard for Information Technology: Telecommunications and Information Exchange Between SystemsLocal and Metropolitan Area Networks-Specific requirements, Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, Amendment 7: Wireless Access in Vehicular Environment, IEEE Std. IEEE 802.11p, version 2010 (2010). [14] IEEE 1609.1, IEEE Trial-Use Standard for Wireless Access in Vehicular Environments (WAVE): Resource Manager, IEEE Std. IEEE 1609.1, version 2006 (2006). [15] IEEE 1609.2, IEEE Trial-Use Standard for Wireless Access in Vehicular Environments (WAVE): Security Services for Applications and Management Messages: IEEE Std. IEEE 1609.2, version 2006 (2006). [16] IEEE 1609.3, IEEE Trial-Use Standard for Wireless Access in Vehicular Environments (WAVE): Networking Services, IEEE Std. IEEE 1609.3, version 2007 (2007). [17] IEEE 1609.4, IEEE Trial-Use Standard for Wireless Access in Vehicular Environments (WAVE): Multi-Channel Operation, IEEE Std. IEEE 1609.4, version 2006 (2006).

38

1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178

[18] Zhang L. Research on security and Privacy in Vehicular Ad Hoc Networks. PhD Dissertation. Department of Computer Engineering and Maths, University of Rovira, Virgili (2010). [19] Mokhtar, Bassem, and Mohamed Azab. ”Survey on security issues in vehicular ad hoc networks.” Alexandria Engineering Journal 54, no. 4 (2015): 1115-1126. [20] Mejri, Mohamed Nidhal, Jalel Ben-Othman, and Mohamed Hamdi. ”Survey on VANET security challenges and possible cryptographic solutions.” Vehicular Communications 1, no. 2 (2014): 53-66. [21] Liang, Wenshuang, Zhuorong Li, Hongyang Zhang, Shenling Wang, and Rongfang Bie. ”Vehicular ad hoc networks: architectures, research issues, methodologies, challenges, and trends.” International Journal of Distributed Sensor Networks 11, no. 8 (2015): 745303. [22] Li, Wenjia, Anupam Joshi, and Tim Finin. ”Svm-case: An svm-based context aware security framework for vehicular ad-hoc networks.” In Vehicular Technology Conference (VTC Fall), 2015 IEEE 82nd, pp. 1-5. IEEE, 2015. [23] Garip, Mevlut Turker, Mehmet Emre Gursoy, Peter Reiher, and Mario Gerla. ”Congestion attacks to autonomous cars using vehicular botnets.” In NDSS Workshop on Security of Emerging Networking Technologies (SENT), San Diego, CA. 2015. [24] Zhang C., Lu R., Lin X., Ho P.H., and ShenX. An efficient identity-based batch verification scheme for vehicular sensor networks. INFOCOM 2008. The 27th Conference on Computer Communications. IEEE (2008). [25] Chim T.W., Yiu S.M., Lucas C.K. Hui and Victor O.K. Li. SPECS: Secure and privacy enhancing communications schemes for VANETs. Ad Hoc Networks, Vol. 9 (2011) 189-203. [26] Lo, N.W. and Tsai H.C. Illusion attack on vanet applications-a message plausibility problem. Globecom Workshops, IEEE (2007) 1-8. [27] Mathew M.E. and Kumar P. Truc: Towards Trusted Communication For Emergency Scenarios In Vehicular Adhoc Networks (VANETs) Against Illusion Attack. In Qatar Foundation Annual Research Conference, no. 1 (2014). [28] Hu, Y.C., Perrig A. and Johnson D.B. Packet leashes: a defense against wormhole attacks in wireless networks. INFOCOM 2003. TwentySecond Annual Joint Conference of the IEEE Computer and Communications. IEEE Societies, vol. 3 (2003) 1976-1986. [29] Safi S.M., Movaghar A. and Mohammadizadeh M. A novel approach for avoiding wormhole attacks in VANET. First Asian Himalayas International Conference on Internet, IEEE (2009) 1-6. [30] Chiu H.S. and Lui K.S. DelPHI: wormhole detection mechanism for ad hoc wireless networks. 1st International Symposium on Wireless Pervasive Computing, IEEE (2006) 6-12. [31] Chinnasamy A., Prakash S., and Selvakumari P. Enhance Trust based Routing Techniques against Sinkhole Attack in AODV based VANET. International Journal of Computer Applications (0975-8887)Vol. 65, No. 15 (2013) 22-28. [32] Douceur J. The Sybil Attacks. First International Workshop on Peer-to-Peer Systems. (2002) 251-260. [33] Newsome J., Shi E., Song D. and Perrig A. The Sybil Attacks in Sensor Networks: Analysis and Defences. International symposium on information processing in sensor networks (2004) 259-268. [34] Yan G., Olariu S. and Weigle M. Providing VANET security through active position detection. Computer Communications, 31, 12 (2008) 2883-2897. [35] Yu B., Xu C.Z., and Xiao B. Detecting Sybil attacks in vanets. Journal of Parallel and Distributed Computing 73, no. 6 (2013) 746-756. [36] Zoghby E., Cherfaoui N.V., Ducourthial B., and Denoeux T. Distributed Data fusion for detecting Sybil attacks in VANETs. In Belief Functions: Theory and Applications, Springer Berlin Heidelberg (2012) 351-358. [37] Xiao B., Yu B., and Gao C. Detection and localization of Sybil nodes in VANETs. In Proceedings of the 2006 workshop on Dependability issues in wireless ad hoc networks and sensor networks, ACM (2006) 1-8. [38] Park S., Aslam B., Turgut D. and Zou C.C. Defense against Sybil attack in vehicular ad hoc network based on Road Side Unit Support. Military Communications Conference, MILCOM,IEEE (2009) 1-7. [39] Chen C., Wang X., Han W. and Zang B. A robust detection of the Sybil attack in urban vanets. 29th IEEE International Conference on Distributed Computing Systems Workshops, ICDCS Workshops’ 09, IEEE (2009) 270-276. [40] Guette G. and Ducourthial B. On the Sybil attack detection in VANET. IEEE International Conference on Mobile Ad hoc and Sensor Systems (2007) 1-6. [41] Bouassida M.S., Guette G., Shawky M. and Ducourthial B. Sybil Nodes Detection Based on Received Signal Strength Variations within VANET. IJ Network Security 9, no. 1 (2009) 22-33. [42] Zhou T., Choudhury R.R., Ning P. and Chakrabarty K. P2DAP-Sybil attacks detection in vehicular ad hoc networks. IEEE Journal on Selected Areas in Communications, 29, no. 3 (2011) 582-594. [43] Hussain, Rasheed, and Heekuck Oh. ”On secure and privacy-aware Sybil attack detection in vehicular communications.” Wireless personal communications 77, no. 4 (2014): 2649-2673. [44] Feng, Xia, Chun-yan Li, De-xin Chen, and Jin Tang. ”A method for defensing against multi-source Sybil attacks in VANET.” Peer-to-Peer Networking and Applications 10, no. 2 (2017): 305-314. [45] Grover, Jyoti, Manoj Singh Gaur, and Vijay Laxmi. ”Multivariate verification for Sybil attack detection in VANET.” Open Computer Science 5, no. 1 (2015). [46] Pouyan, Ali Akbar, and Mahdiyeh Alimohammadi. ”Sybil Attack Detection in Vehicular Networks.” Computer Science and Information Technology 2, no. 4 (2014): 197-202. [47] Verma, Karan, and Halabi Hasbullah. ”Bloom-filter based IP-CHOCK detection scheme for denial of service attacks in VANET.” Security and Communication Networks 8, no. 5 (2015): 864-878. [48] Wasef A., Lu R., Lin X., and Shen X. Complementing public key infrastructure to secure vehicular ad hoc networks [security and privacy in emerging wireless networks]. IEEE Wireless Communications, 17, no. 5 (2010) 22-28. [49] Khan, A. Minimization of Denial of services attacks in Vehicular Adhoc networking by applying different constraints. International Journal of Academic Research in Business & Social Sciences 3, no. 7 (2013). [50] Lyamin, N., 2016. Performance evaluation of C-ACC/platooning under ITS-G5 communications (Doctoral dissertation, Halmstad University Press). [51] Biswas S., Misic J. and Misic V. DDoS attack on WAVE-enabled VANET through synchronization. Global Communications Conference (GLOBECOM), IEEE (2012) 1079-1084.

39

1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243

[52] Lyamin, Nikita, Alexey Vinel, Magnus Jonsson, and Jonathan Loo. ”Real-time detection of denial-of-service attacks in IEEE 802.11 p vehicular networks.” IEEE Communications letters 18, no. 1 (2014): 110-113. [53] Mejri, Mohamed Nidhal, and Jalel Ben-Othman. ”Entropy as a new metric for denial of service attack detection in vehicular ad-hoc networks.” In Proceedings of the 17th ACM international conference on Modeling, analysis and simulation of wireless and mobile systems, pp. 73-79. ACM, 2014. [54] Nizar A., Wasef A. and Shen X. Mitigating the effects of Position-Based Routing Attacks in Vehicular Ad Hoc Networks. IEEE International Conference on Communications (ICC), IEEE (2011) 1-5. [55] Leinmuller T., Schmidt R., Schoch E., Held A. and Schafer G. Modeling roadside attacker behavior in VANETs. In GLOBECOM Workshops, IEEE (2008) 1-10. [56] Kargl F., Zhendong M., and Schoch E. Security Engineering for VANETs. 4th Workshop on Embedded Security in Cars (ESCAR) Berlin, Germany, 11/2006. [57] Papadimitratos P., Gligor V., and Hubaux J.P. Securing Vehicular Communications - Assumptions, Requirements, and Principles. Workshop on Embedded Security in Cars (2006) 5-14. [58] Papadimitratos P. and Hubaux J.P. Secure vehicular communication systems: Design and architecture. IEEE Communications, Vol. 46, No. 11 (2008) 100-109. [59] Plob K. and Federrath H. A Privacy Aware and Efficient Security Infrastructure for Vehicular Ad Hoc Networks. Computer Standards & Interfaces, 30(6): Special Issue: State of standards in the information systems security area (2008) 390-397. [60] Kroh R., Kung A., and Kargl F. VANETS Security Requirements. Technical report, Secure Vehicle Communication (Sevecom), Sep 2006. Available at http://www.sevecom.org/Pages/ProjectDocuments.html. [61] Dotzer F. Privacy Issues in Vehicular Ad Hoc Network. Volume 3856/2006 of Lecture Notes in Computer Science. Springer Berlin / Heidelberg, Jun 2006. [62] Patel, Nirav J., and Rutvij H. Jhaveri. ”Trust based approaches for secure routing in VANET: A survey.” Procedia Computer Science 45 (2015): 592-601. [63] Mejri, Mohamed Nidhal, Jalel Ben-Othman, and Mohamed Hamdi. ”Survey on VANET security challenges and possible cryptographic solutions.” Vehicular Communications 1, no. 2 (2014): 53-66. [64] Hu Xiong, Zhiguang Qin, and Fagen L. Secure vehicle to roadside communication protocol using certificate based cryptosystem. IETE Technical Review, Vol. 27 (April 2010) 214-219. [65] Blum J. and Eskandarian A. The threat of intelligent collisions. IT Professional vol. 6 No.1 (2004) 24-29. [66] Hubaux J. P., Capkun S., Luo J. The Security and privacy of smart vehicles. Proceedings of IEEE Conference on Security & Privacy, Vol. 2, Issue 3 (2004) 49-55. [67] Gerlach M. and Guttler F. Privacy in VANETs using Changing Pseudonyms - Ideal and Real. Proceedings of the 65th Vehicular Technology Conference, VTC2007-Spring (April 2007) 2521-2525. [68] Raya M. and Hubaux J.P. The security of vehicular ad hoc Networks. Proceedings of the 3rd ACM workshop on Security of ad hoc and sensor networks (2005). [69] Luo J. and Hubaux J.P. A survey of inter-vehicle communication. Technical Report, School of Computer and Communication Sciences, Switzerland (2004). [70] Raya M. and Hubaux J.P. Security aspects of inter-vehicle communications. Proceedings of 5th Swiss Transport Research Conference (2005). [71] Raya M., Aziz A. and Hubaux J.P. Efficient secure aggregation in VANET. Proceedings of VANET’06, California, USA (2006). [72] Eichler S., Schroth C. and Eberspacher J. Car-to-car communication. Proceedings of the VDE Kongress - Innovations for Europe (2006). [73] Raya M. and Hubaux J.P. Securing vehicular ad hoc networks. Journal of Computer Security, Vol. 15, No. 1 (2007) 39-68. [74] Raya M., Papadimitratos P., Aad I., Jungels D., and Hubaux J.P. Eviction of Misbehaving and Faulty Nodes in Vehicular Networks. IEEE J. Selected Areas Comm., Vol. 25, No. 8 (2007) 1557-1568. [75] Parno B. and Perrig A. Challenges in securing vehicular networks. Proceedings of the Workshop on Hot Topics in Networks (2005). [76] Zarki M.E., Mehrotra S., Tsudik G. and Venkatasubramanianm N. Security issues in a future vehicular network. Proceedings of European Wireless (2002). [77] Gollan L. and Meinel C. Digital signatures for automobiles. Proceedings of Systemics, Cybernetics and Informatics (2002). [78] Huang L., Sampigethaya K., Li M., Poovendran R., Matsuura K. and Sezaki K. CARAVAN: Providing Location Privacy for VANET. Proceedings of the Workshop on Embedded Security in Cars (2005). [79] Gerlach M., Festag A., Leinmuller T., Goldacker G. and Harsch C. Security architecture for vehicular communication. WIT (2005). [80] Raya M., Papadimitratos P. and Hubaux J.P. Securing vehicular communication. IEEE Wireless Communications Magazine, Vol. 13, No. 5 (2006) 8-15. [81] Papadimitratos P. and Hubaux J.P. Secure vehicular communication systems: Implementation, performance and research challenges. IEEE Communications, Vol. 46, No. 11 (2008) 110-118. [82] Raya M., Papadimitratos P. and Hubaux J.P. Architecture for secure and private vehicular communications. IEEE International Conference on ITS Telecommunications (2008). [83] Zhang J., Chen C. and Cohen R. A Scalable and Effective Trust-Based Framework for Vehicular Ad-Hoc Networks. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, Vol. 1, No. 4 (2010) 3-15. [84] Perrig A., Canetti R., Tygar J.D., and Song D. The TESLA Broadcast Authentication Protocol. RSA CryptoBytes, vol. 5, Summer (2002) pp. 2-13. [85] Lin X., Sun X., Ho P.H., and Shen X. GSIS: A Secure and Privacy-Preserving Protocol for Vehicular Communications. IEEE Transactions on Vehicular Technology, vol. 56, no. 6 (2007) 3442-3456. [86] C.H. Yeh, M.Y. Hsieh and K.C. Li, A certificate enhanced group key framework for vehicular Ad Hoc networks, Ubiquitous Information Technologies and Applications, Springer Netherlands(2013), 215-222. [87] M.B. Younes, and A. Boukerche, SCOOL: A secure traffic congestion control protocol for VANETs, Wireless Communications and Networking Conference (WCNC), 2015 IEEE (2015), 1960-1965.

40

1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308

[88] Lin X. and Chen H. A secure and efficient RSU aided bundle forwarding protocol for vehicular delay tolerant networks. Wireless communications and mobile computing, Vol. 11, no. 2 (2011) 187-195. [89] Snchez-Garca, Jess, Jos Manuel Garca-Campos, D. G. Reina, S. L. Toral, and Federico Barrero. ”On-siteDriverID: A secure authentication scheme based on Spanish eID cards for vehicular ad hoc networks.” Future Generation Computer Systems 64 (2016): 50-60. [90] Snchez-Garca, Jess, Jos Manuel Garca-Campos, D. G. Reina, S. L. Toral, and Federico Barrero. ”On-siteDriverID: A secure authentication scheme based on Spanish eID cards for vehicular ad hoc networks.” Future Generation Computer Systems 64 (2016): 50-60. [91] Frster, David, Frank Kargl, and Hans Lhr. ”PUCA: A pseudonym scheme with strong privacy guarantees for vehicular ad-hoc networks.” Ad Hoc Networks 37 (2016): 122-132. [92] Florian, Martin, Felix Pieper, and Ingmar Baumgart. ”Establishing location-privacy in decentralized long-distance geocast services.” Ad Hoc Networks 37 (2016): 110-121. [93] Dietzel, Stefan, Julian Grtler, and Frank Kargl. ”A resilient in-network aggregation mechanism for VANETs based on dissemination redundancy.” Ad Hoc Networks 37 (2016): 101-109. [94] Hussain, Rasheed, Zeinab Rezaeifar, Yong-Hwan Lee, and Heekuck Oh. ”Secure and privacy-aware traffic information as a service in VANETbased clouds.” Pervasive and Mobile Computing 24 (2015): 194-209. [95] Lim, Kiho, and D. Manivannan. ”An efficient protocol for authenticated and secure message delivery in vehicular ad hoc networks.” Vehicular Communications 4 (2016): 30-37. [96] 5.9 GHz DSRC. http://grouper.ieee.org/groups/scc32/dsrc/. [97] Car 2 Car Communication Consortium. http://www.car-2-car.org/. [98] SEVECOM project. http://www.sevecom.org/. [99] Boyd C. and Mathuria A. Protocols for Authentication and Key Establishment. Springer (2003). [100] Burmester M., Magkos E. and Chrissikopoulos V. Strengthening privacy protection in VANETs. Proceedings of IEEE International Conference on Wireless and Mobile Computing, Networking and Communication (2008) 508-513. [101] Plob K. and Federrath H. A Privacy Aware and Efficient Security Infrastructure for Vehicular Ad Hoc Networks. Computer Standards & Interfaces, Vol. 30, No.6 Special Issue: State of standards in the information systems security area (2008) 390-397. [102] Choi J.Y., Jakobsson M., and Wetzel S. Balancing Auditability and Privacy in Vehicular Networks. Proceedings of First ACM Int’l Workshop QoS and Security for Wireless and Mobile Networks (2005) 79-87. [103] Freudiger J., Felegyzahi M., Raya M., Papadimitratos P. and Hubaux J.P. Mixzones for location privacy in vehicular networks. ACM Workshop on Wireless Networking for Intelligent Transportation Systems, Vancouver (2007). [104] Chim T.W., Yiu S.M., Lucas C.K. Hui, Victor O.K. Li. MLAS: Multiple level authentication scheme for VANETs. Ad Hoc Networks, Vol. 10 (2012) 1445-1456. [105] Hu C., Chim T.W., Yiu S.M., Hui Lucas C.K., Li Victor O.K. Efficient HMAC-based secure communication for VANETs. Computer Networks, Vol. 56 (2012) 2292-2303. [106] X. Zhu, Y. Lu, X. Zhu, and S. Qiu, Lightweight and scalable secure communication in VANET, International Journal of Electronics 102, no. 5 (2015), 765-780. [107] M. Wang, D. Liu, L. Zhu, Y. Xu, and F. Wang, LESPP: lightweight and efficient strong privacy preserving authentication scheme for secure VANET communication, Computing (2014), 1-24. [108] Wagan A.A. and Jung L.T. Security framework for low latency vanet applications. IEEE International Conference on Computer and Information Sciences (ICCOINS), Kuala Lumpur, Malaysia, 3-5 June(2014) 1-6. [109] Vijayakumar, Pandi, Maria Azees, Arputharaj Kannan, and Lazarus Jegatha Deborah. ”Dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks.” IEEE Transactions on Intelligent Transportation Systems 17, no. 4 (2016): 10151028. [110] Lin X., Lu R., Zhang C., Zhu H., Ho P. And Shen X. Security in Vehicular Ad-hoc Networks. IEEE Communications Magazine, vol. 46, no. 4 (2008) 88-95. [111] Tsang P., Au M.H., Kapadia A. and Smith S.W. Blacklistable Anonymous Credentials: Blocking Misbehaving Users without TTPs. Proceedings of ACM Conf. Computer and Comm. Security (2007) 72-81. [112] Sun J. and Fang Y. A Defense Technique Against Misbehavior in VANETs Based on Threshold Authentication. Proceedings of IEEE Military Communications Conference (2008). [113] Sun J., Zhang C., and Fang Y. An Id-Based Framework Achieving Privacy and Non-Repudiation in Vehicular Ad Hoc Networks. Proceedings of IEEE Military Communications Conference (2007) 1-7. [114] Sun J. and Fang Y. Defense Against Misbehavior in Anonymous Vehicular Ad Hoc Networks. J. Ad Hoc Networks, Vol. 7, No. 8 (2009) 1515-1525. [115] Ganan C., Munoz J.L., Esparza O., Mata-Daz J. and Alins J. EPA: An Efficient and Privacy-aware Revocation Mechanism for Vehicular Ad-Hoc Networks. Pervasive and Mobile Computing (2015) 1-17. [116] Merkle R. A certified digital signature. Advances in Cryptology, CRYPTO89, Lecture Notes in Computer Science 435, SpringerVerlag(1989), 234-246. [117] C. Ga˜nn, J.L. Mu˜noz, O. Esparza, J. Mata-Daz, and J. Alins, PPREM: privacy preserving REvocation mechanism for vehicular ad hoc networks, Computer Standards & Interfaces 36, no. 3 (2014), 513-523. [118] Almulla M., Zhang Q., Boukerche A., and Ren Y. An efficient k-Means authentication scheme for digital certificates revocation validation in vehicular ad hoc networks. Wireless Communications and Mobile Computing 14, no. 16 (2014) 1546-1563. [119] Chen J., Cao X., Zhang Y., Xu W. and Sun Y. Measuring the performance of movement-assisted certificate revocation list distribution in VANET. Wireless Communications and Mobile Computing, Vol.11, no. 7 (2011) 888-898. [120] Zhang F. and Kim K. ID-Based Blind Signature and Ring Signature From Pairings. Advances in Cryptology-Asiacrypt. LNCS. vol. 2510, Springer-Verlag (2002). [121] Gamage C., Gras B., Crispo B., and Tanenbaum A.S. An identity based ring signature scheme with enhanced privacy. Proceedings of 2nd International Conference on Security and Privacy in Communication Networks. Secure Comm (2006).

41

1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373

[122] Chen X., Zhang F., and Kim K. A New ID-Based Group Signature Scheme From Bilinear Pairings. Cryptology ePrint Archive. Report 2003/116, available at http://eprint.iacr.org/2003/116 (2003). [123] Li C.T., Hwang M.S., and Chu Y.P. A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks. Computer. Communications, vol. 31, no. 12 (2008) 2803-2814. [124] Kamat P., Baliga A., and Trappe W. An identity-based security framework for VANETs. Proc. 3rd ACM Int’l Workshop on Vehicular Ad Hoc Networks (2006) 94-95. [125] Baek J., Steinfeld R. and Zheng Y. Formal Proofs for the Security of Signcryption. Journal of Cryptography. vol. 20 (2007) 203-235. [126] Shuhaimi N. and Juhana T. Security in Vehicular Ad-Hoc Network with Identity Based Cryptography Approach: A Survey. 7th International Conference on Telecommunication Systems, Services, and Applications (2012) 276-279. [127] Lu H., Li J. and Guizani M. A Novel ID-based Authentication Framework with Adaptive Privacy Preservation for VANETs. Proceedings of Conference on Computing, Communications and Applications, Japan (2012) 345-350. [128] J. Li, H. Lu and M. Guizani, ACPN: a novel authentication framework with conditional privacy-preservation and non-repudiation for VANETs, IEEE Transactions on Parallel and Distributed Systems 26, no. 4 (2015), 938-948. [129] Choi J. and Jung S. A security framework with strong non-repudiation and privacy in vanets. Proceedings of IEEE Consumer Communications and Networking Conference (2009) 1-5. [130] Dikmak M., Sabra Z., Kayssi A. and Chehab A. Optimized Conditional Privacy Preservation in VANETs. Proceedings of 19th International Conference on Telecommunications (2012) 1-6. [131] Biswas S. and Misic J. A Cross layer Approach to privacy-preventing authentication in WAVE-enabled VANETs. IEEE Transactions on Vehicular Technology (2013) 1-12. [132] J.L. Tsai, An Improved Cross-Layer Privacy-Preserving Authentication in WAVE-Enabled VANETs, Communications Letters, IEEE 18, no. 11 (2014), 1931-1934. [133] Gavril O. Security in Vanet. Graduation project. Polytehnica University of Bucharest (2009). [134] Park Y. and Rhee K.H. and Sur C.: A Secure and Location Assurance Protocol for Location Aware Services in VANETs. Proceedings of 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (2011) 456-461. [135] Chen L., Cheng Z., and Smart N.P. Identity-based key agreement protocols from pairings. Proceedings of International Journal of Information Security. Vol. 6, No. 4, Springer (2007) 213-241. [136] Gentry C., and Silverberg A. Hierarchical ID-based cryptography. Proceedings of Advances in Cryptology - ASIACRYPT 2002, LNCS 2501, Springer-Verlag (2002) 548-566. [137] Bradai A. and Afifi H. A framework using IBC achieving Non-repudiation and Privacy in Vehicular Network. Proceedings of IEEE Conference on Network and Information System Security (2011) 1-6. [138] Hui L., Hui L. and Zhanxin M. Efficient and Secure Authentication Protocol for VANET. Proceedings of International Conference on Computational Intelligence and Security (2010) 523-527. [139] Nasreen S. R., Alangudi B. N. and Sukumar R. A Framework for Authentication in Vehicular Ad-hoc Network using Identity based approach, IOSR Journal of Engineering, Vol. 3, Issue 7 (July 2013) 15-19. [140] Chaudhuri Arpita, Gupta Suparna Das and Saha Soumyabrata. Identity Based Secure Algorithm for VANET. Procedia Engineering, Vol. 38 (2012) 165-171. [141] Lee Y. H, Kim H., Chung B., Lee J. and Yoon H. On demand Secure Routing Protocol for ad hoc network using ID based Cryptography. Proceedings of 4th international conference on parallel and Distributed Computing, Applications and Technologies (2003). [142] Huang D., Misra S., Verma M., and Xue G. PACP: An Efficient Pseudonymous Authentication-Based Conditional Privacy Protocol for VANETs. IEEE Transactions on Intelligent Transportation Systems, Vol. 12, No. 3 (September 2011) 736-746. [143] He, Debiao, Sherali Zeadally, Baowen Xu, and Xinyi Huang. ”An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks.” IEEE Transactions on Information Forensics and Security 10, no. 12 (2015): 2681-2691. [144] Mohanty S., Jena D. and Panigrahy S. Secure RSU-Aided Aggregation and Batch-Verification Scheme for Vehicular Networks. Proceedings of International Conference on Soft Computing and its Applications(ICSCA’2012) Kuala Lumpur, Malaysia (August 2012) 174-178. [145] Taha S. and Shen X. A Link-layer Authentication and Key Agreement Scheme for Mobile Public Hotspots in NEMO based VANET. Communication and Information System Security Symposium- GLOBECOM (2012) 1004-1009. [146] Hu X., Zhi G., Zhong C., Fagen L. An efficient certificateless aggregate signature with constant pairing computations. Information Sciences Vol. 219 No.10 (2013) 225-235. [147] Sharmila Deva Selvi S., Sree Vivek S., Pradhan Vivek Krishna and Pandu Rangan C. Efficient Certificateless Online/Offline Signature with tight security. Journal of Internet Services and Information Security (JISIS), Vol.1, No. 2 (2012) 115-137. [148] Wan A.X. Certificate-less Based Private Querying in VANETs. Proceedings of International Conference on Applied Mathematics and Computational Methods in Engineering (2013) 53-62. [149] Tseng H.R., Jan R.H., Yang W. and Jou E. A Secure Aggregated Message Authentication Scheme For Vehicular Ad Hoc Networks. 18th ITS World Congress, (October 2011) 1-14. [150] Patel, Nirav J., and Rutvij H. Jhaveri. ”Trust based approaches for secure routing in VANET: A survey.” Procedia Computer Science 45 (2015): 592-601. [151] Gerlach M. Trust for vehicular applications. Proceedings of the 8th International Symposium on Autonomous Decentralized Systems (2007) 295-304. [152] Minhas U.F., Zhang J., Tran T., and Cohen R. Towards expanded trust management for agents in vehicular ad-hoc networks. International Journal of Computational Intelligence Theory and Practice (IJCITP), Vol. 5, No. 1 (2010) 3-15. [153] Ayman T., Ayman K. and Ali C. A Privacy-Preserving Trust Model for VANETs. Proceedings of International Conference on Computer and Information Technology (CIT 2010) Bradford, UK, (June 2010) 832-837. [154] M.C. Chuang and J.F. Lee, TEAM: Trust-extended authentication mechanism for vehicular ad hoc networks, Systems Journal, IEEE 8, no. 3 (2014), 749-758. [155] Wagan A.A., Mughal B.M. and Hasbullah H. VANET Security Framework for Trusted Grouping using TPM Hardware. Proceedings of

42

1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438

Second International Conference on Communication Software and Networks (2010) 309-312. [156] Wu Q., Josep D.F. and rsula G.N. Balanced Trustworthiness, Safety, and Privacy in Vehicle-to-Vehicle Communications. IEEE transactions on vehicular technology, Vol. 59, No. 2 (February 2010) 559-573. [157] Raya M., Papadimitratos P., Gligor V., and Hubaux J. On data-centric trust establishment in ephemeral ad hoc networks. Proceedings of IEEE Infocom (2008). [158] Golle P., Dan G., and Staddon J. Detecting and correcting malicious data in vanets. Proceedings of the 1st ACM international workshop on Vehicular ad hoc networks, New York, NY, USA (2004) 29-37. [159] Rawat, Danda B., Gongjun Yan, Bhed Bahadur Bista, and Michele C. Weigle. ”Trust On the Security of Wireless Vehicular Ad-hoc Networking.” Ad Hoc & Sensor Wireless Networks 24, no. 3-4 (2015): 283-305. [160] Zhang, Dajun, F. Richard Yu, Zhexiong Wei, and Azzedine Boukerche. ”Trust-based Secure Routing in Software-defined Vehicular Ad Hoc Networks.” arXiv preprint arXiv:1611.04012 (2016). [161] Li, Wenjia, and Houbing Song. ”ART: An attack-resistant trust management scheme for securing vehicular ad hoc networks.” IEEE Transactions on Intelligent Transportation Systems 17, no. 4 (2016): 960-969. [162] Chen C., Zhang J., Cohen R. and Ho P.H. A Trust Modeling Framework for Message Propagation and Evaluation in VANETs. Proceedings of 2nd International Conference on Information Technology Convergence and Services (ITCS), Cebu, Philippines (August 2010) 1-8. [163] Patwardhan A., Joshi A., Finin T., and Yesha Y. A data intensive reputation management scheme for vehicular ad hoc networks. Proceedings of the 3rd Annual International Conference on Mobile and Ubiquitous Systems - Workshops, Mobiquitous (2006) 1-8. [164] Kumar, Neeraj, and Naveen Chilamkurti. ”Collaborative trust aware intelligent intrusion detection in VANETs.” Computers & Electrical Engineering 40, no. 6 (2014): 1981-1996. [165] Sedjelmaci, Hichem, and Sidi Mohammed Senouci. ”An accurate and efficient collaborative intrusion detection framework to secure vehicular networks.” Computers & Electrical Engineering 43 (2015): 33-47. [166] Mitchell, Robert, and Ray Chen. ”A survey of intrusion detection in wireless network applications.” Computer Communications 42 (2014): 1-23. [167] Wahab, Omar Abdel, Azzam Mourad, Hadi Otrok, and Jamal Bentahar. ”CEAP: SVM-based intelligent detection model for clustered vehicular ad hoc networks.” Expert Systems with Applications 50 (2016): 40-54. [168] Khan, Uzma, Shikha Agrawal, and Sanjay Silakari. ”Detection of malicious nodes (dmn) in vehicular ad-hoc networks.” Procedia Computer Science 46 (2015): 965-972. [169] Lalitha, R. V. S., and G. JayaSuma. ”A contemporary solution to ferret out and obviate the fake messages in vehicular ad hoc networks by not percolating through Web Server.” Procedia Computer Science 45 (2015): 696-705. [170] Sedjelmaci, Hichem, Sidi Mohammed Senouci, and Mosa Ali Abu-Rgheff. ”An efficient and lightweight intrusion detection mechanism for service-oriented vehicular networks.” IEEE Internet of Things Journal 1, no. 6 (2014): 570-577. [171] Kumar, Neeraj, Jaskaran Preet Singh, Rasmeet S. Bali, Sudip Misra, and Sana Ullah. ”An intelligent clustering scheme for distributed intrusion detection in vehicular cloud computing.” Cluster Computing 18, no. 3 (2015): 1263-1283. [172] Zaidi, Kamran, Milos B. Milojevic, Veselin Rakocevic, Arumugam Nallanathan, and Muttukrishnan Rajarajan. ”Host-Based Intrusion Detection for VANETs: A Statistical Approach to Rogue Node Detection.” IEEE Transactions on Vehicular Technology 65, no. 8 (2016): 6703-6714. [173] Liang, Wenshuang, Zhuorong Li, Hongyang Zhang, Shenling Wang, and Rongfang Bie. ”Vehicular ad hoc networks: architectures, research issues, methodologies, challenges, and trends.” International Journal of Distributed Sensor Networks 11, no. 8 (2015): 745303. [174] Liu, Jianqi, Jiafu Wan, Qinruo Wang, Pan Deng, Keliang Zhou, and Yupeng Qiao. ”A survey on position-based routing for vehicular ad hoc networks.” Telecommunication Systems 62, no. 1 (2016): 15-30. [175] Mitchell, Robert, and Ray Chen. ”A survey of intrusion detection in wireless network applications.” Computer Communications 42 (2014): 1-23. [176] Mokhtar, Bassem, and Mohamed Azab. ”Survey on security issues in vehicular ad hoc networks.” Alexandria Engineering Journal 54, no. 4 (2015): 1115-1126. [177] Patel, Nirav J., and Rutvij H. Jhaveri. ”Trust based approaches for secure routing in VANET: a survey.” Procedia Computer Science 45 (2015): 592-601. [178] Hasrouny, Hamssa, Abed Ellatif Samhat, Carole Bassil, and Anis Laouiti. ”VANet security challenges and solutions: A survey.” Vehicular Communications 7 (2017): 7-20. [179] Engoulou, Richard Gilles, Martine Bellache, Samuel Pierre, and Alejandro Quintero. ”VANET security surveys.” Computer Communications 44 (2014): 1-13. [180] Fonseca, Emanuel, and Andreas Festag. ”A survey of existing approaches for secure ad hoc routing and their applicability to VANETS.” NEC network laboratories 28 (2006): 1-28. [181] Gillani, Saira, Farrukh Shahzad, Amir Qayyum, and Rashid Mehmood. ”A survey on security in vehicular ad hoc networks.” In International Workshop on Communication Technologies for Vehicles, pp. 59-74. Springer, Berlin, Heidelberg, 2013. [182] Razzaque, M. A., Ahmad Salehi, and Seyed M. Cheraghi. ”Security and privacy in vehicular ad-hoc networks: survey and the road ahead.” In Wireless Networks and Security, pp. 107-132. Springer Berlin Heidelberg, 2013. [183] Samara, Ghassan, Wafaa AH Al-Salihy, and R. Sures. ”Security issues and challenges of vehicular ad hoc networks (VANET).” In New Trends in Information Science and Service Science (NISS), 2010 4th International Conference on, pp. 393-398. IEEE, 2010. [184] Al-Sultan, Saif, Moath M. Al-Doori, Ali H. Al-Bayatti, and Hussien Zedan. ”A comprehensive survey on vehicular ad hoc network.” Journal of network and computer applications 37 (2014): 380-392. [185] Brahmi, I. H., Ansari, N., & Rehmani, M. H. (2019). Cyber Security Framework for Vehicular Network based on a Hierarchical Game. IEEE Transactions on Emerging Topics in Computing. [186] Lai, C., Zheng, D., Zhao, Q., & Jiang, X. (2018). SEGM: A secure group management framework in integrated VANET-cellular networks. Vehicular Communications, 11, 33-45. [187] Ming, L., Zhao, G., Huang, M., Kuang, X., Zhang, J., Cao, H., & Xu, F. (2018, October). A General Testing Framework Based on

43

1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484

Veins for Securing VANET Applications. In 2018 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI) (pp. 2068-2073). IEEE. [188] Hasrouny, H., Samhat, A. E., Bassil, C., & Laouiti, A. (2017). VANet security challenges and solutions: A survey. Vehicular Communications, 7, 7-20. [189] Jerbi, M., Senouci, S. M., Rasheed, T., & Ghamri-Doudane, Y. (2007, September). An infrastructure-free traffic information system for vehicular networks. In 2007 IEEE 66th Vehicular Technology Conference (pp. 2086-2090). IEEE. [190] Schoch, E., Kargl, F., Weber, M., & Leinmuller, T. (2008). Communication patterns in VANETs. IEEE Communications Magazine, 46(11), 119-125. [191] Akhtar, N., Ergen, S. C., & Ozkasap, O. (2015). Vehicle mobility and communication channel models for realistic and efficient highway VANET simulation. IEEE Transactions on Vehicular Technology, 64(1), 248-262. [192] Ruan, Y., & Durresi, A. (2016). A survey of trust management systems for online social communities-trust modeling, trust inference and attacks. Knowledge-Based Systems, 106, 150-163. [193] Contreras-Castillo, J., Zeadally, S., & Iba˜nez, J. A. G. (2016). Solving vehicular ad hoc network challenges with big data solutions. IET Networks, 5(4), 81-84. [194] Yu, Y. T., Gerla, M., & Sanadidi, M. Y. (2015). Scalable VANET content routing using hierarchical bloom filters. Wireless Communications and Mobile Computing, 15(6), 1001-1014. [195] Kim, D., Velasco, Y., Wang, W., Uma, R. N., Hussain, R., & Lee, S. (2017). A new comprehensive RSU installation strategy for cost-efficient VANET deployment. IEEE Transactions on Vehicular Technology, 66(5), 4200-4211. [196] Lu, Z., Liu, W., Wang, Q., Qu, G., & Liu, Z. (2018). A privacy-preserving trust model based on blockchain for vanets. IEEE Access, 6, 45655-45664. [197] Bariah, L., Shehada, D., Salahat, E., & Yeun, C. Y. (2015, September). Recent advances in VANET security: a survey. In 2015 IEEE 82nd Vehicular Technology Conference (VTC2015-Fall) (pp. 1-7). IEEE. [198] Engoulou, R. G., Bellache, M., Pierre, S., & Quintero, A. (2014). VANET security surveys. Computer Communications, 44, 1-13. [199] Isaac, J. T., Zeadally, S., & Camara, J. S. (2010). Security attacks and solutions for vehicular ad hoc networks. IET communications, 4(7), 894-903. [200] Isaac, J. T., Zeadally, S., & Camara, J. S. (2010). Security attacks and solutions for vehicular ad hoc networks. IET communications, 4(7), 894-903. [201] Sumra, I. A., Hasbullah, H. B., & AbManan, J. L. B. (2015). Attacks on security goals (confidentiality, integrity, availability) in VANET: a survey. In Vehicular Ad-Hoc Networks for Smart Cities (pp. 51-61). Springer, Singapore. [202] Huang, D., Misra, S., Verma, M., & Xue, G. (2011). PACP: An efficient pseudonymous authentication-based conditional privacy protocol for VANETs. IEEE Transactions on Intelligent Transportation Systems, 12(3), 736-746. [203] Lo, N. W., & Tsai, H. C. (2007, November). Illusion attack on vanet applications-a message plausibility problem. In 2007 IEEE Globecom Workshops (pp. 1-8). IEEE. [204] Safi, S. M., Movaghar, A., & Mohammadizadeh, M. (2009, October). A novel approach for avoiding wormhole attacks in VANET. In 2009 Second International Workshop on Computer Science and Engineering (Vol. 2, pp. 160-165). IEEE. [205] Safi, S. M., Movaghar, A., & Mohammadizadeh, M. (2009, October). A novel approach for avoiding wormhole attacks in VANET. In 2009 Second International Workshop on Computer Science and Engineering (Vol. 2, pp. 160-165). IEEE. [206] Kumar, N., & Chilamkurti, N. (2014). Collaborative trust aware intelligent intrusion detection in VANETs. Computers & Electrical Engineering, 40(6), 1981-1996. [207] Memon, M. H., Li, J. P., Memon, I., & Arain, Q. A. (2017). GEO matching regions: multiple regions of interests using content based image retrieval based on relative locations. Multimedia Tools and Applications, 76(14), 15377-15411. [208] Arain, Q. A., Zhongliang, D., Memon, I., Arain, S., Shaikh, F. K., Zubedi, A., ... & Shaikh, R. (2017). Privacy preserving dynamic pseudonym-based multiple mix-zones authentication protocol over road networks. Wireless Personal Communications, 95(2), 505-521. [209] Zaidi, K., Milojevic, M. B., Rakocevic, V., Nallanathan, A., & Rajarajan, M. (2016). Host-based intrusion detection for vanets: a statistical approach to rogue node detection. IEEE transactions on vehicular technology, 65(8), 6703-6714.

44

1485 1486 1487 1488 1489 1490 1491

Avleen Kaur Malhi is currently working as Assistant Professor in Thapar University, Patiala. She completed her PhD in the area of security of VANETs in the Department of Computer Science and Engineering at Thapar University, Patiala, Punjab, India in 2016 and received M.E. (CSE) from Thapar University, Patiala, Punjab, India in 2012. Her research interest include Ad-Hoc Networks, Vehicular Networks and Security of VANETs. Email: [email protected] Mailing address: Thapar University, P.O. Box 32, Patiala, Pin -147004, Punjab, India.

1492

1493 1494 1495 1496 1497 1498 1499 1500 1501

Dr. Shalini Batra is working as Associate Professor in Thapar University, Patiala and she received Ph.D. Degree from Thapar university, Patiala, Punjab, India in area of semantics in 2012 and M.E. Degree from BITS, Pilani, Rajasthan India. She is currently working as Assistant Professor with Computer Science Department at Thapar University, Punjab, India. She has guided 30 M. E. and currently guiding 4 Ph. D. students. She has more than 50 publications in National and International conferences and journals. Her research interest includes Machine Learning, VANETs, Big data and Social Networks. Email: [email protected] Mailing address: Thapar University, P.O. Box 32, Patiala, Pin -147004, Punjab, India.

1502

1503 1504 1505 1506 1507 1508

Dr. Husanbir Singh Pannu is working as lecturer in Thapar University, Patiala , India. He completed his PhD from University of North Texas USA and MS from California State University Eastbay USA. His research interests include Machine Learning, Optimization, Image Processing. Email: [email protected] Mailing address: Thapar University, P.O. Box 32, Patiala, Pin -147004, Punjab, India. 45

1509

1510

Conflict of interest The authors have no conflict of interest.

46