Misbehavior detection in vehicular ad-hoc networks

In this paper we discuss misbehavior detection for vehicular ad-hoc networks (VANETs), a special case of cyber-physical systems (CPSs). We evaluate the suitability of existing PKI approaches for insider misbehavior detection and propose a classification for novel detection schemes. Cyber-physical systems (CPSs) are digital systems that are closely embedded into the physical world with which they interact through sensors and actuators. In contrast to classical embedded systems, they often form networks with a large number of sensor or actuator devices. These devices sense information, process it in a distributed system, and then influence the physical world using actuators. Notable examples of CPS are wireless sensor networks (WSNs), smart factories, distributed eHealth systems, and VANETs. In this paper, we focus on VANETs, which are a prime example for CPS and will soon be deployed on a large scale. Vehicular ad-hoc networks (VANETs) are networks that are created by equipping vehicles with wireless transmission equipment. VANETs offer great potential to improve road safety and to provide information and entertainment applications for drivers and passengers. Due to the unique properties of VANETs, this type of network has attracted many researchers, including those in the domain of security. The security challenges in VANETs include the requirement for strong privacy, the computationally constrained environment, and the ephemeral nature of connectivity. VANETs and other CPSs share a number of characteristics that require fundamentally new approaches for security, which differ from existing IT security requirements. • Critical usage scenarios. CPSs often control systems where failure or malfunction may have severe consequences, including massive financial loss or loss of lives. Often, these systems fall under the term critical infrastructures (CI). VANETs are one example where failure or malfunction may lead to massive congestion with subsequent delays and financial losses or even to accidents with loss of lives in a worst case. • No clear security perimeter. In many of these systems, there is no clear boundary between insiders and outsiders. Instead, the logically and physically distributed nature of CPSs leads to unclear security perimeters and possible insider attacks. VANETs are again a core example, as such networks are cooperatively formed by vehicles and road-side equipment. As vehicles are under distributed ownership and control, it needs to be assumed that some of the vehicles are under full control of attackers. • Limited physical security. As nodes in CPSs are often distributed in a potentially hostile environment, they may be subject to hijacking, analysis, and reprogramming by attackers. Due to cost constraints, the protection against such hijacking is often limited. A typical example is a Wireless Sensor Network for environmental monitoring, where nodes may be scattered randomly in the environment. Due to the long lifetime of vehicles, similar challenges can be found in both VANETs and invehicle networks. • Sensor values as security assets. The primary security assets in CPS are the sensor values and the actuators controlled based on this input. Spoofing and manipulation of sensor data are thus primary attack vectors. For instance, in a VANET that is used for detecting traffic jams, an attacker may want to suppress certain sensor readings that would indicate a traffic jam, or inject sensor values that indicate a traffic jam where none exists.