VANET SECURITY AND PRIVACY – AN OVERVIEW
Marvy B. Mansour1, Cherif Salama2, Hoda K. Mohamed3, Sherif A. Hammad4
1British University in Egypt, Cairo, Egypt2,3Computer and Systems Engineering Department, Ain Shams University, Cairo, Egypt4Avelabs, Cairo, Egypt – Munich, Germany
Abstract
Even though vehicular ad-hoc networks (VANETs) bring tremendous benefits to society, yet they raise many challenges where the security and privacy concerns are the most critical ones. In this paper, we provide a detailed overview of the state-of-the-art security and privacy requirements in VANET. Also, a brief of the approachesthat are proposed in the literature to fulfil these requirements is given in this paper. Besides that, a classification of the various VANET attacks based on the communication system layersisprovided in this paper. In addition, the different types of VANET adversaries and attackers arepresented here.In general, this paper aims to provide a good piece of information about VANET security and privacy, in order to be used as a tool to help researchers in this field in developing secure privacy-preserving approaches for VANET.
Keywords
Security and Privacy Requirements in VANET, VANET Adversaries and Attackers, VANET Attacks, VANET Security and Privacy Approaches
1. Introduction
Nowadays, vehicles are equipped with high-technology devices, such as: GPS navigators, radars, and on-board units (OBUs). These wireless-enabled devices make vehicles intelligent and able to communicate with each other, and thereby form a self-organized vehicular ad-hoc network (VANET)[1]. Most proposed system architectures for VANET need to equip vehicles with a box thatcontains a radio interface to enable wireless communication between vehicles.The rapid mobility and dynamically changing topology of VANET cannot use the current IEEE wireless protocols 802.11 in its present state, so a modified version named 802.11p was developed by IEEE for vehicular networks. The modifications were mostly done in the MAC layer. Many wireless technologies like: a) IEEE 802.11p that is a standard for Dedicated Short Range Communication, DSRC, a Wifi typecalled Wireless Access in Vehicular Environment, WAVE, b) General Packet Radio Service (GPRS), c) IEEE 802.16 that is a standard for WiMAX, and d) 4G-Long Term Evolution (LTE) have been proposed for reliable vehicular communications.
Besides that, VANETs are always looked upon as systems that would open innovative and path breaking applications. Also, before the real technology hits the road, a series of detailed research is carried out around the world to make the system reliable and robust. In addition, VANETs are a promising area for the creation of Intelligent Transportation Systems (ITS)that provide assistance to drivers to increase their safety and comfort by offering useful services to them.Moreover, VANETis
a kind of network that has two main types of communication: V2V and V2I, which are vehicle–to–vehicle and vehicle–to–infrastructure respectively. The set of applications that offer comfort and convenience-based services are referred to as non-safety applications, while the safety applications are more concerned with life-saving services[1]. With the assistance of V2V and V2I communications, potentially fatal road accidents can be avoided; dangerous driving behaviors can be alerted; city traffic flows can be optimized; and traffic jams can be alleviated. However, since vehicular communication systems (VCS) aim to serve people, any small error as unauthorized modification of data or system malfunction can be fatal.
Furthermore,VANETs command a unique grade of requirements to maintain liability and accountability of drivers involved in accidents, traffic violations, emission norms and irregularities in order to take punitive actions if adriver commits any crime. Besides that, location and context-aware services require pin-point user location and preferences to provide the most specific, exact and comprehensive list of personalized information.Despite that, communication of such information raises significant privacy issues that cannot be neglected. Also, privacy concerns in vehicular communications are necessary to provide protection for the user data from profiling and tracking. For example, location-based service applications have a high probability of privacy breaching and jeopardizing security-related issues [2], [3], [4], which decrease the widespread of VANET. Moreover, quality and privacy are two divergent tendencies that exist with VANET applications and have undeniable importance to the user[5].Thus, both industry and academia have paid extensive attentions to address the various VANET security- and privacy- related issues [6], [7]. On the account of improving and providing reliable services, many researchers have identified various privacy issues and came up with different techniques and approaches to maintainthe user’s privacy, like the use of pseudonyms[8], mix-zones[9], [10], and group signatures [11]. However, some applications, such as safety critical ones,are time sensitive and prevent the use of security protocols with high computational overhead and cost [12]. Thus, security and privacy requirements in VANET should be taken into consideration when designing a robust system, otherwise, malicious attacks may ruin the original intention of VANET. In this context, prior to putting VANET into practice, it is important tohave an efficient secure privacy-preserving mechanism on board, which provides the needed security and privacy services while mitigates the well-known attacks in VANET.
The rest of this paper is organized as follows. In Section two, we briefly describe the essential security and privacy requirements in VANET. Then, in Section three, we provide anoverview of the security and privacy requirements versus the state-of-the-art approaches proposed for VANET security and privacy. While, in Section four, the main types of existing VANET adversaries, well-known attacks and attackers are discussed in details. Finally, in Section five, we conclude the paper
2. Security and Privacy Requirements
In VANETs, malicious vehicles may disrupt the network performance, for example, via modifying or inserting fake information in the network,which could incur life-endangering accidents. There are three basic requirements that should be met in VANETs to deal with any threat, which are: authentication, integrity, and conditional privacy. These requirements are fundamental so that every VANET system should follow. However, there are other security and privacy requirements discussed in the literature[13]. Despite that, VANET brings in new challenges and conflicts between these security and privacy requirements in the system [14].
2.1 Security Requirements
There are several security requirements that should be taken into consideration when developing a secure architecture for VANET [15], [16], which are explainedin this section as follows:
Data Consistency: It generally encapsulates accuracy, usability, authenticity and integrity of data in vehicular networks. It also warrants that all drivers in the system perceive a consistent
2 . 2 Privacy Requirements
The need for privacy is addressed differently by various countries. Some countries enforce drivers’ identification mechanism for crime prevention. While, some other countries may impose a mandatory privacy policy in the system. Moreover, the requirement for privacy is one of the vital reasons for public acceptance of VANETdeployment. Communication in the network should be anonymous where a message should not reveal any information about its sender.Also,the message sent should be protected in the presence of an unauthorised observer. Furthermore, the activities of a sender should be unlinkable to its source. In some schemes, a higher level of privacy is proposed where the identity of vehicles broadcasting announcements are protected even from the authorities[17]. However, full anonymity may allow for misbehaviour occurrence as attackers would act maliciously without the fear of being caught. Whereas, some other schemes allow authorities to reveal the identity of vehicles in case of misbehaviour detection so as to achieve conditional anonymity, that is, the identity of users remain anonymous unless they misbehave.
In this context, there are several privacy requirements that should be considered when designing a privacy-preserving architecture for VANET [18], which are describedin this section as follows:
Minimum Disclosure: A user should reveal the minimum amount of information during communication. The user’s data that is disclosed during a transaction should be minimum, in
There are other system requirements that should be thought of when developing a robust architecture for VANET [13], [17], which are given in this section as follows:
Table 1. Summary of VANET Security and privacy approaches.
3.SECURITY AND PRIVACY REQUIREMENTS VERSUS SECURITY APPROACHES
In this section, we briefly discuss different VANET approaches presented in the literature[19], which are proposed in order to fulfil various security and privacy requirements in VANET[20], [21], [22], [23]. Table 1 provides a summary of these approaches that are discussed below in details.
3.1 Authentication and Privacy
In recent days, two methods are used for providing anonymous services, which areGroup Signature and Pseudonymous Authentication schemes. Both of them address the problem of authentication and privacy[24]. Ingroup signature schemes, a vehicle is issued a group private key with which it signs a message; while in pseudonymous authentication schemes, each vehicle stores a set of identities. In addition, there are hybrid approaches that combine both group signature and pseudonymous authentication schemes, where a vehicle can maintain a pseudonyms set and a secret group signing key, and also can issue itself a certificate using the group key.
3.1.1 Group Signature Scheme
There are some approaches in VANET that use group signature scheme in order to maintain the signer’s anonymity. This scheme allows every group entity to generate a signature without revealing its exact identity, while other group members could verify the message authenticity. This signature scheme has two components: a group manager and group members. A group manager is responsible for the key distribution, adding a group member, detecting and revoking a misbehaved group member. Each group member signs a message by a group user key issued by the manager, while other members would not be able to identify the exact identity of sender. At first, the manager of group issues different group user keys for every group member, then issues group public key to all group members. A group member usesthe group user key for signing messages,while uses the group public key for verifying the message authenticity. Only the group manager knows each member’s real identity, thus it could detect and revoke the group members. Despite that this scheme provides some security services, yet it incurs a large revocation cost. Also, vehicles can join and leave groups very rapidly; therefore this scheme is not practical to be used in real-life scenarios.
For example, a scheme based on group signature was presented by Studer et al. in[25], where a VANET key management approach using Temporary Anonymous Certificate Keys, TACKs, was examined. In [25], authors gave some valid assumptions and discussed the efficiency of their scheme. However, some issues in VANET still remain in their TACKs; such as:the detection and revocation of temporary keysis restricted by the expiration scheme. Also, the correlation attack could happen in the following situation: when only one OBU is changing its keys at a certain time, the new key could be associated with the old key of this OBU by an adversary, so the adversary can compute the exact identity of the OBU. Also, Qin et al. in[26] proposed the use of Boneh, Gentry, Lynn and Shacham (BGLS) aggregate signature, which allows a receiver to verify a group of signatures in one operation. The authors also proposed a method to compress data and signatures to minimize the storage overhead of an OBU.
Besides that, Zhang et al. in[27] used two mechanisms on top of a PKI system to achieve authentication, privacy, integrity, linkability, efficiency, and scalability. These mechanisms are known as Signcryption and group signature. The system depends heavily on distributed RSUs to run an on‑the‑fly group. Signcryption is a technique used to sign and encrypt a message at the same time. Also, it is used to enable a vehicle to ask for a secrete member key in order to join a group run by a RSU. Then, a RSU would check the validity of vehicle data and issues a key if the vehicle is legitimate. A RSUwould use a group signature where every vehicle in the group is capable of communicating with other group members and RSU without revealing its identity. This is made possible using anonymous group certificate. The authors also proposed that a vehicle can check if the sender is revoked through the RSU instead of maintaining a CRL. Besides that, batch verification is used to reduce the computation time needed. In addition, Wagan et al. in[28],
[29]proposed an efficient group formation technique, where asymmetric cryptography is adopted for normal message communication and symmetric cryptography for event-driven messages. Vehicles form a trusted group using Trusted Platform Module (TPM) to improve security and privacy. While, in order to maintain conditional privacy for V2V communication in VANET, Kim and Lee in[30] presented a batch verification method to prohibit unnecessary group subscriptionsvia group signature method. This approach provides a variety of security requirements utilizing the group signature method. Whereas,Kanchan and Chaudhari in [31] provided a group signature method integrated with a re-encryption technique, where a third party can re-encrypt a message that can be decrypted by other authorized users. This approachallows the message broadcasted in a group to be read by any member of the group or other authorized groups using the re-encryption mechanism.
3.1.2 Pseudonymous Authentication Scheme
The idea behind Pseudonymous Authentication scheme is that each vehicle stores many pseudonymous certificates at first, and then randomly chooses one of these certificates to act as its identity at a certain time. Also, since a Trusted Authority (TA) has sufficient storage and could not be compromised; so, it is safe and feasible for a TA to store these pseudonymous certificates. When a vehicle first registers, the TA sends enough pseudonymous certificates to it, and a unique permanent identity.For privacy considerations, vehicles do not use the permanent identity to sign messages; they rather randomly choose one of the pseudonymous certificates that the TA has issued for digital signature. By this way, the temporary identity of each vehicle changes over time, and a malicious attacker can hardly trace a specific vehicle. This is because after altering the certificate,an attacker would not be able to link the new certificate with the old certificate, which means that the attacker has lost the target. However, this method still has some problems, such as high revocation cost. For example, when a vehicle is revoked, the number of pseudonymous certificates that needs to be added to the Certificate Revocation List (CRL) could be too large[32], where the size of CRL increases rapidly when the size of network increases.
In the context, many works on location privacy address the issue of pseudonyms’ provisioning and update, i.e. how signatures using pseudonyms are assigned, and when pseudonyms are changed, as shown in Figure 1. For example, Sun et al. in [32] proposed a Pseudonymous Authentication and Strong privacy-preserving Scheme (PASS), where a vehicle can update its set certificates via the neighbouring RSU. Compared with the previous pseudonymous schemes, PASS has a lower revocation overhead and lower certificate update overhead too. Also, in [33], a Distributed Certificate Service approach, DCS, was presented by Wasef et al. in order to ensure that an OBU can update its certificate via a RSU; regardless whether this OBU currently exists in the same RSU domain where it has been registered or not. The DCS approach could rapidly certify many certificates and signatures. In addition, some schemes imply that the pseudonyms need to be changed every certain time in a mix-zone to preserve the user’s location privacy, since a mix-zone creates a k-anonymous region where a silent period should be preserved between each pseudonym update [34]. For example, Amro in [10] presented a method for pseudonym update that exhibits the same level of privacy for all trafficscenarios. This method depends on fixing the mix-zone that thwarts an adversary from linking a particular pseudonym with the real identity of a specific vehicle. Whereas, Wang and Yao in [8] proposed a pseudonym-enabled approach for maintaining privacy in VANET. In this approach, a RSU is used to assign a Reputation Label Certificate (RLC) for vehicles in its range in order to overcome the conflict between privacy-preservation and reputation determination of a certain vehicle.
Figure1.Vehicle A updates its pseudonym (Ps) for each new message sent
3.2 Authentication and Data Integrity
One of cryptographic mechanisms used to achieve message authenticity and data integrity is the usage of symmetric primitives. This includes Message Authentication Code (MAC) appended with a message that is computed using shared symmetric secret key. In order to validate a MAC, a third entity needs to see the secret key, but would not know which of the two parties computed the MAC. While symmetric-based techniques are computationally efficient, they do not provide the property of non-repudiation.So, a digital signature is used to solve this problem, since signing a message using valid credentials issued from a Trusted Party (TP) would satisfy both authentication and data integrity. Digital signature schemes used in the literature include: Group Signatures (GS) [11], traditional Public Key Cryptography (PKC)[35], identity-based signatures and batch verification[36].
For example, Kauret al. in[37] presented an approach that utilizes a Decision Packet. In this approach, a node creates a route from departure node todestination node and performs the necessary verificationusing the Decision Packet’s hash value,which thwart an attacker from changingthe hop count. Besides that, Ramet al. in [38]highlighted different security mechanisms in order to provide securityfor the routing protocol and to protect the user’s information from modification. While, Multi Operating Channels Model was proposed by Nitishet al. in [39]to provide network protection against attacks that threatenthe network functioning and data confidentiality in VANET, such as: DoS andmodificationattacks. In addition, Nazmul in [40] adopted a Public Key Infrastructure (PKI) in order to fulfil the major security requirementsin VANET, such as: authentication, integrity, and non-repudiation. Also, an update certificate method is used in [40] when a vehicle enters a new region. In this approach, the computation time needed for message authentication is decreased in order to minimize the message loss rate due to message check delay. Moreover, Mahapatra and Naveena in [36] used an Identity-based Batch Verification (IBV) scheme, where they proposed to randomly update the anonymous identity and location after a certain time. While, Zhang et al. in[41]presented an approach that utilizes multiple TAs and a one-time identity-based aggregate signature. In this approach, vehicles are able to verify multiple messages simultaneously, where signatures are compressed into a single signature in order to minimize the storage space needed by a vehicle.
3.3 Anonymity and Unlinkability
A common approach to achieve anonymity is by using pseudonyms. For example, Kamat et al.in [42]used a pseudonym as a public key in place of an identity in the ID-based announcement scheme. Each key could beeither used once for each message or used to sign multiple messages over its short lifetime, where the key update frequency is varieddepending on some factors, such as vehicle’s speed. The pseudonyms are updated in order to prevent linking of differentvehicle’s activities. However, drawbacks of the pseudonymous technique include: secure key distribution and management, and storage complexity. Also, randomly chosen and changing pseudonyms are used by Kounga et al. in [35] in order to prevent linking to the user’s real identity. While, a silent period was proposed by Buttyan et al.in [34] in order to achieve unlinkability. The level of unlinkability depends on the number of vehicles present during the time the change of pseudonyms takes place. Also, the high velocity of vehicles present at the time of pseudonym update decreases the ability of an adversary to probabilistically determine and link pseudonyms and vice versa. During silent period, transmission of messages is temporarily disabled for a period of time, and a vehicle does not receive any incoming messages. The drawback of this technique is that it restricts a vehicle from generating or receiving a messagefor a certain period of time, which defeats the purpose of VANET deployment.
Besides that, Guo et al.in [9] presented an independent mix-zone mechanism to solve the problem of the pseudonym update in low density areas.This mechanism involves provisioning of certificates and pseudonyms, where a vehicle establishes a mix-zone through itsperiodically broadcasted messages. While other vehicles may produce random versions of a pseudonym respectively, which generateak-anonymous mix-zone. In addition, Memon et al.in [43]proposed a pseudonym update method with multiple mix-zones. Also, a cheating detection technique was presented in [43]that enables a vehicle to check if the pseudonym update process was successful or not. Whereas, Hussain and Oh in[44] presented an approach that offers the following services:1) Maintains the user’s privacy using multiple anonymity.2) Trackstheuser’s route by saving beacon messages in Cloud. 3) Provides conditional privacy via anonymity withdrawal application. This approach incurs less overhead as compared to other approaches proposed in the literature.
3.4 Traceability, Accountability and Non-Repudiation
In a pervasive VANET environment, misbehaviour may take place as a result of hardware malfunctioning or may be intentional. For instance, the safety-related messages may contain fake information, or may have been modified, discarded or delayed intentionally. In such situations, it is desirable to achieve accountability. Also, the source of misbehaviour should be traceable for liability purposes. Traceability is desirable when a dispute arises, however, it is difficult to achievetraceability due to the need of privacy requirement. So, different methods are studied to solve this problem. For instance, in schemes that use pseudonyms, the pseudonyms could be linked with a specific identity that possesses the unique Electronic License Plate (ELP), in order to trace the misbehaved user by the authorities. Meanwhile, in schemes such as: group signatures, a tracing manager is adoptedto revoke the malicious vehicles by opening their signatures [11].
While, accountability is achieved if it satisfies traceability, non-repudiation and revocation requirements. The necessity for accountability in VANETs arises from the possibility of misbehaviour among users that may harm public road safety and jeopardize VANET future deployment. Misbehaviour in VANETs may occur due to malicious activities of users inside the system. Such activities may include: preventing message broadcasting to other vehicles; generating fake messages; injecting non-safety-related messages that may cause traffic jam in the network due to overload of the bandwidth; or escaping from an accident. While attacks performed by outsiders can be addressed by means of authentication, misbehaviour among legitimate senders is a more challenging problem to address. This is because legitimate senders possess valid credentials issued by an authority and could deceive other vehicles to trust them to perform malicious actions.
Another aspect of accountability is non-repudiation, where an entity is not able to deny the act of sending a message signed using a key that belongs exclusively to it, assuming forgery is not possible. A challenge-response protocol is another approach to achieve non-repudiation that was proposed by Chen et al.in [11], where: given a signature on a message, the challenge-response protocol determines whether a vehicle is the signer of the message. While in some other schemes, non-repudiation is assumed in the presence of a fully TP, such as Kamat et al. in[42]. In addition, Sun et al.in [45] presented a mutual authentication approach with DoS resilience. This approach adopts an identity-based signature scheme, and offers security services such as: unlinkability, conditional privacy, and non-repudiation. Besides that, Shehada et al.in [46]provided amobile agent protocol for VCS that providesa variety of security services including accountability and non-repudiation, as well as mitigates well-known attacks. Also, this protocol allows fast response for a vehicle’s request, where the collected data is not lost even if the mobile agent is lost.
3.5 Misbehaviour Detection and Revocation
Detection of misbehaving vehicles is an important issue in VANET that has recently received a lot of attention. The authentication mechanism itself only guarantees the message integrity but cannot ensure that the content of message is correct. Therefore, when a vehicle misbehaves, such as: modifies a message, gives bogus information to others, attacks the network by pretending to be another one; the network should have the ability to detect these false messages and the malicious vehiclein order to revoke that vehicle through some schemes[47].Some misbehaviour detection schemes (MDSs) are run by vehicles in order to detect any misbehaviour and then report the malicious vehicle to the Certificate Authority (CA). Meanwhile, the communication overhead is a big issue when distributing the CRL. Accordingly, some work have been done in order to decrease the size of CRL to reduce the network traffic during the distribution phase. For example, Sun et al. in[32] presented an authentication mechanism, where the size of CRL depends on the number of revoked vehicles and independent on the number of pseudonyms that the misbehaved vehicle owns. Despite that, the CRL distribution process to all remaining vehicles in the whole network takes large time. During this interval, the attacks could still jeopardize other drivers’ safety.
In this context, the existing revocation schemes are mainly of two types, which are local revocation and global revocation that are described as follows[48]:
Moreover, in some revocation schemes, the CRL is no longer used. For example, in reputation-based schemes such as Malipet al. in[49], revocation is achieved by ceasing to provide misbehaved vehicles with their reputation credentials. A vehicle whose reputation score decreases to zero would not be able to continue its future participation in the network. On the other hand, Qu et al. in[50]providedan approach to maintain the security and privacy in VANET. This approachincurs a low computation time and enhances the certificate revocation process.Besides that, Singh and Fhom in [51] proposed an anonymous credential-based protocol that enables the revocation of a misbehaved vehicle. Also, this protocol provides the detection of fraudulent actions, where the revocation of subsequent credentials of a malicious entity is performed.
Furthermore, Erritali et al. in[52] presented anIntrusion Detection System (IDS) in VANET through classifying the detection system into signature-based, anomaly-based[53], and specifications-based systems[54]. Besides that, RoselinMaryet al. in[55] adopted anAttacked Packet Detection Algorithm (APDA) to protect against some security attacks, such as: DoS attack. This algorithmreduces thetime delay to enhance VANET security. In addition, Gandhi and Keerthana in[56] presented a Request Response Detection Algorithm (RRDA) to determine DoS attack. This algorithm utilizes a hash table to minimizea DoS attack caused by a malicious vehicle, and sends messages to all vehicles from departure till destination as well as updates the hop count. Also, this algorithm minimizes the message delay as compared to other algorithms proposed in this context. While, Grzybeket al. in[57] proposed a stable community detection algorithm after considering the vehicle’s dynamic motion, where authors evolved the Label Propagation Algorithm(LPA) community detection algorithm[58]with the Stability and Network Dynamics over a Sharper Heuristic for Assignment of Robust Communities (SandSHARC) [59]. Besides that, in [57], the authors evaluated their work by testing the stability of the detected community. Not only that, but alsoSingh and Sharma in[60] presented an Enhanced Attacked Packet Detection Algorithm (EAPDA) to mitigate various attacks, such as: DoS attack, which results in performance deterioration of VANET. This algorithm incurs less time delay as compared to other proposed algorithms. Whereas, Memon et al.in [61]presented a verification technique to verify the vehicle’s activities in a private manner. In this technique, a RSU decides if a message is trusted or not, and then notifies the neighboring vehicles with the decision.
4. TYPES OF VANET ADVERSARIES, ATTACKS AND ATTACKERS
Vehicular networks are vulnerable to eavesdropping by adversaries in their wireless range as well as location samples can be collected for tracking purposes. Also, envisioned inter-vehicular communication protocols and applications provide information about different identifiers ranging from the vehicle IP address and destination IP address tothe protocol used. The interesting part is the association of these identifiers with location and time samples,i.e. identifier, location, and time. The identifier of a vehicle with its location and time-stamp are often referred to as the location sample. Many profiles of such location samples collected pose a serious threat to the privacy of the user. It is interesting to note that considering only location tracking of a caruser doesn’t violate the user’s privacy until the user is mapped to the vehicle, where breaching of privacy takes place.
When considering VANET security, a large number of threat models may be assumed. Athreat model includes an adversary that is a person or a group of people,which threatens the security and privacy of a given system. Moreover, in VANET, there are several possible attacks and attackers[15], [62], [47].In this section, we explain the different types of adversaries and attackers, and also classify the attackspresent in VCSbased on the communication system layers. Table 2shows the security and privacy requirements that are previously discussed in Section 2 against the various attacks present in VANET.
4.1 Types of Adversaries
VANET safety and non-safety applications may perform as expected or deviate from their expected operationsmainly due to adversarial activities. The adversarial incentives may be money, spying on the user, or some other personal benefits. Some of the previous works proposed in this context provide a survey of the adversaries relevant to the vehicular context [13], [5]. The different types of adversaries that are present in VANET are provided in this section as follows:
Moreover, there are other types of adversaries that are a mixture of the previous types, for example:
Table 2. Security and Privacy Requirements versus VANET Attacks.
4.2 Types of Attacks
In VANET, attacks may arise from faulty or hostile remote computing nodes. Also, the privacy attacksare of greater concern for a user than the security attacks[13]. In this part, the possible attacks that may occur in VANET are classified based on the communication system layers as follows:
4.2.2 Security Attacks on Network Layer
4.2.3 Security Attacks on Physical Layer
4.2.4 Group-related security attacks
Some attacks may be carried out ifthe system utilizes a group approach [63], such as:
4.3 Types of Attackers
An attacker is an entity that compromises the security and breaches the privacy of another entity. Different attackers have different impacts on VANET. Although some attackers look for amusement and fun, some others look for severe damage or privacy breach. The broad categories of attackers explained in this section are as follows[21]:
5.CONCLUSION
In conclusion, the specific nature of VCS brings up the need to address various security and privacy issues for VANET to be widelyadopted by the society. Accordingly, the research community and industry have focused on securing vehicular communications. Also, the open fields of secure inter-vehicular communicationswith 5G-enabled vehicles [64]and driverless vehicle security [65] promise interesting research areas in VANET.
In this paper, we presented the essential security and privacy requirements in VANET as well as demonstrated the state-of-the-art approaches that are developed to fulfil these requirements. Besides that, a detailed description of differentcategories of possible adversaries in VANEThas been providedin this paper. In addition, a brief explanation of the common attacks and attackers in VCS has been given here.Finally, from our work, it can be clearly deduced that developing a secure privacy-preserving architecture is a major requirementfor the promotion of VANET worldwide. In this context, we believe that this paper would give the reader a good piece of information about VANET security and privacy. Hence, this paper is considered as a valuable reference when developing a secure privacy-preserving protocol for VANET that provides the previously mentioned security and privacy services while protects against the presented attacks.
Acknowledgments
We would like to thank the anonymous reviewers for their dedication and valuable comments that helped in motivating this work.
References
Authors
Marvy B. Mansour is currently working as Assistant Lecturer at the British University in Egypt, Cairo, Egypt. She is now pursuing her Ph.D. Degree at Computer and Systems Engineering Department, Faculty of Engineering, Ain Shams University, Cairo, Egypt. She received her M.Sc. Degree at 2013 and B.Sc. Degree at 2007, from Computer Engineering Department, Faculty of Engineering, Arab Academy for Science, Technology and Maritime Transport, Cairo, Egypt.Previous Publications include: M. B. Mansour, C. Salama, H.K. Mohamed, S.A. Hammad, “CARCLOUD: A Secure Architecture for Vehicular Cloud Computing,” 14thEmbedded Security in Cars (ESCAR) Europe Conference, Germany, 2016. Fields of interest include: Cloud Security, Privacy, Security, VANET
Cherif Salama was born in Cairo, Egypt, in 1979. He received the M.Sc. and B.Sc. degrees in electrical engineering from Ain Shams University, Cairo, Egypt in 2001 and 2006 respectively. He received his Ph.D. degree in Computer Science from Rice University, Houston, Texas in 2010.From 2001 to 2006, he was a Teaching and Research Assistant at Ain Shams University and from 2006 to 2010, he held the same position in Rice University. Since 2010, he has been an Assistant Professor in the Computer and Systems Engineering Department of the Faculty of Engineering of Ain Shams University. He is also currently the Unit Head of the Computer Engineering and Software Systems program at Ain Shams University. His research interests and publications span a relatively wide spectrum that includes hardware description languages, programming languages, parallel computing, Cloud Computing, artificial intelligence, and more.Mr. Salama was awarded a full fellowship when he joined Rice University as a graduate student. In addition to his participation in various research projects, he was a key person in the design and development of the Verilog Preprocessor, which was funded by Intel Corporation through the Semiconductor Research Corporation.
Hoda K. Mohamed is a Professor at Computer and Systems Engineering from 2009. The manager of Information System Center in Faculty of Engineering, Ain Shams University from 2011 to 2015. She got her Ph.D., M.Sc. and B.Sc. from Ain Shams University in 2001, 1983, 1978 respectively. Research activities include: Intelligent systems, E-learning systems, Data Mining, Database systems, Image Processing, Artificial Intelligent, Software Engineering, CloudComputing. Previous publications include: 1- Classification of IDS Alerts with Data Mining Techniques, International Journal of Electronic Commerce Studies Vol.7, No.1, pp.1-11, 2012. 2- Database Intrusion Detection using sequential data mining approaches, in the 9th IEEE International Conference on Computer Engineering and Systems (ICCES 2014), Cairo, Egypt, December 2014. 3- Energy efficient resource management for cloud computing environment, the 2014 9th International Conference on Computer Engineering & Systems (ICCES), Cairo, Egypt, December, 2014
Sherif A. Hammad graduated from AinShams University, Faculty of Engineering as computer and systems engineer at 1983. MSc and PhD from the same school. Researcher at Institute Nationale Polytechnique de Grenoble France. Professor of Robotics and Automotive Systems. Was senior engineering manager in Mentor Graphics Egypt; multinational electronic design automation cooperate from 1998-2012. Co-Founder and VP of Avelabs; an SME working in software development for automotive industry, Egypt – Germany. Civil Servant as Minister of Scientific Research during 2014-2015. Main interest is teaching and research in autonomous vehicles and automotive cyber security