**2.4 Security on VANETs**

As mentioned before vehicular networks could help improve traffic management and roadside safety. Several efforts have been focused on the development of applications for these kinds of networks. However, those applications will have important requirements regarding data security. Vehicular communication security is a major challenge, having a great impact on future development of vehicular networks. According to Weimerskirch, security is defined as *"*protection against malicious manipulation of IT systems and plays an important role when designing and implementing such applications" (Weimerskirch et al., 2010)*.* 

In this sense, VANET's applications face important challenges in the security area, as they are more vulnerable to attacks. In vehicular communication scenarios, due to exhaustive data exchange amongst vehicles and the infrastructure the potential risk of violation of data security is greatly increased. Therefore, applications could be used for illegal objectives such as tracking people on their vehicles or to disseminate false information about traffic conditions.

In vehicular networks is needed an exhaustive risk analysis in order to identify potential attacks. However risk analysis has not yet been studied in an extensive way. Some works as the proposed in (Aijaz et al., 2006) and (Schneier, 1999) are cited by different authors on attacker capabilities in vehicular communications. In (Huanqun et al., 2008) authors presented some possible security threats and attacks scenarios which are described as follow:


There are several research efforts in the area of security in vehicular networks. A majority of works converge towards a design with vehicles frequently beaconing their position along with warnings on their condition or the environment. Typical beaconing periods considered are in the order of one beacon per 100 milliseconds per vehicle. Other efforts have been focused on the definition of security architectures as the developed by the *Vehicle Safety Communications consortium* (VSCC), which defines a PKI-based approach for messages, sent in vehicle-to-vehicle and vehicle-to-infrastructure communication environments (Papadimitratos et al., 2008). However, VANET applications will bring a series of challenges on the security area that help to solve several issues such as integrity, privacy and the nonrepudiation of messages and authentication.

### **2.4.1 Integrity**

66 Urban Development

 *Ad-hoc (address-based/topology-based).* This category groups routing protocols initially designed to operate in *Mobile Ad-hoc Networks* (MANET) environments. VANET attempts to test these routing protocols in such new environments have been carried out. However, requirements on these address-based and topology-based mechanisms such as unique address identification among others make these protocols less suitable

As mentioned before vehicular networks could help improve traffic management and roadside safety. Several efforts have been focused on the development of applications for these kinds of networks. However, those applications will have important requirements regarding data security. Vehicular communication security is a major challenge, having a great impact on future development of vehicular networks. According to Weimerskirch, security is defined as *"*protection against malicious manipulation of IT systems and plays an important role when designing and implementing such applications" (Weimerskirch et al.,

In this sense, VANET's applications face important challenges in the security area, as they are more vulnerable to attacks. In vehicular communication scenarios, due to exhaustive data exchange amongst vehicles and the infrastructure the potential risk of violation of data security is greatly increased. Therefore, applications could be used for illegal objectives such as tracking people on their vehicles or to disseminate false information about traffic

In vehicular networks is needed an exhaustive risk analysis in order to identify potential attacks. However risk analysis has not yet been studied in an extensive way. Some works as the proposed in (Aijaz et al., 2006) and (Schneier, 1999) are cited by different authors on attacker capabilities in vehicular communications. In (Huanqun et al., 2008) authors presented

*Eavesdropping.* This consists on diffusing wrong information in the networks to affect

*ID disclosure of other vehicle.* This scenario is related to put under surveillance vehicles by

 *Cheating with sensory information.* This problem consists on altering information (such as perceived position, speed, direction, among others) in order to avoid liability especially

There are several research efforts in the area of security in vehicular networks. A majority of works converge towards a design with vehicles frequently beaconing their position along with warnings on their condition or the environment. Typical beaconing periods considered are in the order of one beacon per 100 milliseconds per vehicle. Other efforts have been focused on the definition of security architectures as the developed by the *Vehicle Safety Communications consortium* (VSCC), which defines a PKI-based approach for messages, sent

some possible security threats and attacks scenarios which are described as follow:

*Spoofing.* This is related to taking-over the identity of an authorized device.

 *Denial of service.* This is related to restrict the accessibility of services. *Bogus information.* This consists on faking a warning message.

*Theft.* Breaking in someone else's vehicle, i.e. impersonation.

for VANETs.

2010)*.* 

conditions.

the behaviour of the drivers.

means of vehicular networks.

in the case of an accident.

**2.4 Security on VANETs** 

Integrity is related to honesty and verification of the information. For applications trustworthiness of data is more useful that trustworthiness of nodes communicating data. Data trust and verification ensures that, on the one hand, the exchanged information can be trusted, and on the other hand, the receiver nodes can verify the integrity of the received information in order to protect the vehicular network from attacks and impersonation security. In (Leinmuller et al., 2007) authors classify the trust and verification concepts into proactive security and reactive security. According to Leinmuller the former has been researched extensively and consists of digitally signed messages, a proprietary system design, and Tamper resistant hardware (Caladriello et al., 2007; Hu & Labertearx, 2006; Garfinkel et al., 2003). The latter consists of signature-based, anomaly-based and contextbased approaches. Their main characteristic is that they correlate the received information with information that is either already available into the system from observations on normal system operations or that is introduced additionally (Brutch & Ko, 2003; Zhang et al., 2003).

#### **2.4.2 Privacy and non-repudiation**

As mentioned before, security in vehicular networks must be designed to prevent potential attacks caused by drivers reacting dangerously as a result of receiving erroneous messages. Non-repudiation is related to define mechanisms, to prevent an entity from denying previous commitments or actions. Vehicular applications require a strong mutual authentication with non-repudiation because all safety-related messages may contain lifesaying information. For instance, the diffusion of fake safety messages by an attacker could produce potentially dangerous situations on the road.

Privacy is related to protect user information, while at the same time authorities have to be able to reveal the identity of message senders in case of an eventuality (Raya et al., 2006). Therefore it is critical to develop mechanisms to preserve privacy in vehicular networks. Some of the proposed techniques to provide privacy are: anonymous certificates, group signatures and pseudonym certificates. The anonymous certificates technique is based on the usage of a list of anonymous certificates for message authentication, which is stored in a central repository (such as a transportation regulation center). The second technique is in charge of providing anonymity to a group of members. Any node of the group has the capacity of verifying whether a group member sent a certain message, however it is not necessary to know the real identify of the sender node. Finally, pseudonymous authentication is a technique widely accepted in vehicular networks. Its main use is anonymous authentication.

In (Rivas et al., 2011) authors analyse other important issue in the security area for vehicular networks, the detection and eviction of misbehaving and faulty nodes. Due to the attacker's ability or just to the devices aging process at some point in the time there will be

Emerging Technologies for Urban Traffic Management 69

makes use of spectrum band and channels allocated to the *Dedicated Short Range Communications* (DSRC) by the U.S. *Federal Communication Commission* (FCC) in 1999. The DSRC radio uses a 75 MHz spectrum at 5.9 GHz (Figure 2). The main aim of this standard is to provide support public safety applications that can save lives and improve traffic flow. The DSRC band is a free spectrum and is licensed by the FCC. The license regulates its usage and the technologies that make us of it, this is, all radio manufacturers, must fulfil FCC regulations (Jiang & Delgrossi, 2008). The DSRC band offers 7 licensed channels with a transmission range of up to 1000 meters and a transmission data rate between 6 to 27 Mbps, supporting speeds of up to 200 Km/h. The Department of Transportation of the United States and the automotive industry are strongly supporting the development of DSRC

devices (i.e. on board units and road side units) and applications (Jiang et al., 2006).

WiMAX is a high bandwidth technology designed to provide broadband wireless access over large areas to home and business and to a large number of users. WiMAX is an implementation of the IEEE 802.16 standard and was created by the WiMAX Forum4 in 2001 (Ghosh & Wolter, 2005). To date more than 500 companies are members of the WiMAX Forum. Some of the potential usages of WiMAX include: mobile broadband connectivity across cities, last mile broadband access, VOIP, Internet connectivity, in-building coverage, temporary coverage and coverage on a mobile vehicle, among others (Peters & Heath, 2009). WiMAX maximum operating range of coverage is 100 Km and supports speeds of up to 1 Gbps (on fixed stations). WiMAX speed depends on the distance covered, the closer the

Fig. 2. Available channels for DSRC.

**3.2 WiMAX (IEEE 802.16)** 

4 http://www.wimaxforum.org

misbehaving or faulty nodes in the vehicular networks. Several works in the literature study this issue. For instance, in (Golle et al., 2004) authors proposed a heuristic approach, which consists in finding the best explanation for corrupted data. In reference (Xiao et al., 2006) authors proposed an approach to detect attacks based on radio signal strength analysis and use the idea that a vehicle cannot be on different places at the same time. In (Raya et al., 2007) authors proposed an approach that uses the Tamper Proof Devices (TPD) and assumed the existence of a honest majority on the attacker's neighborhood. TPD are used to execute their protocol and revoke themselves if they detect that have been tampered.

### **2.4.3 Message authentication**

Vehicular networks require a mechanism to help authenticate messages, identify valid vehicles, and remove malevolent vehicles. Reference (Kargl et al.*, 2006)* explains that authentication ensures that a message is trustable by correctly identifying the sender of the message. With an ID authentication, the receiver is able to verify a unique ID of the sender. The ID could be the license plate or chassis number of the vehicle. In other cases receivers are not interested in the actual identity of nodes. They are satised if they are able to verify that the sender has a certain property. Property authentication is a security requirement that allows verifying properties of the sender, e.g. the sender is a car, a traffic sign. For applications using location information, location authentication allows verifying that the sender is actually at the claimed position, or that the message location statement is valid. Some protocols have been proposed for safety messages in vehicular networks. On the one hand, some of these protocols rely on the concept of pseudonymous authentication, also known as *Baseline Pseudonym* (BP). In this kind of protocols each vehicle generates its own pseudonyms, in order to eliminate the need of pre-loading, storing and relling pseudonyms and the corresponding private keys. In this way, the burden of key and pseudonym management is greatly reduced. Other protocols are based on *Group Signatures* (GS) for V2V communication (Lin et al., 2007). GS is more robust than pseudonymous authentication, as any two group signatures generated by a node cannot be linked (Calandriello et al.*,* 2007).
