Fast Exclusion of Errant Devices from Vehicular Networks

Vehicular networks, in which cars communicate wirelessly to exchange information on traffic conditions, offer a promising way to improve road safety. Yet ensuring the correct functioning of such a system is essential: malicious or faulty devices transmitting inaccurate messages could trigger accidents. Therefore, any errant device, along with the messages it generates, must be identified and ignored as quickly as possible. This task is especially challenging because traditional approaches to revoking credentials use a central authority, causing long delays during which the network is vulnerable. To eliminate this window of vulnerability, we propose that vehicles locally decide whether to exclude errant devices. We describe two ways of doing so: first, LEAVE, an existing protocol which allows devices to vote by exchanging signed claims of impropriety, and second, Stinger, a new protocol where a device unilaterally removes a misbehaving neighbor by agreeing to limit its own participation. We provide detailed simulations that offer insight into the protocols' operations in the context of vehicular networks and enable a powerful comparison between the strategies. We compare the security and performance properties of LEAVE and Stinger while varying attacker capabilities, traffic conditions, and the accuracy of the misbehavior detection mechanisms. We identify several interesting trade-offs: Stinger is significantly faster than LEAVE at removing errant devices, but LEAVE excludes fewer good devices when the attacker has compromised several devices simultaneously; LEAVE is better at handling false positives, but Stinger scales better when the traffic density increases. As a result, we conclude by outlining a combined protocol that balances the security and performance characteristics of both strategies.

[1]  Maxim Raya,et al.  The security of vehicular ad hoc networks , 2005, SASN '05.

[2]  Adrian Perrig,et al.  Challenges in Securing Vehicular Networks , 2005 .

[3]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[4]  Adrian Perrig,et al.  On the distribution and revocation of cryptographic keys in sensor networks , 2005, IEEE Transactions on Dependable and Secure Computing.

[5]  Panagiotis Papadimitratos,et al.  Securing Vehicular Communications - Assumptions, Requirements, and Principles , 2006 .

[6]  Claude Crépeau,et al.  A certificate revocation scheme for wireless ad hoc networks , 2003, SASN '03.

[7]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[8]  Tim Leinmüller,et al.  Improved security in geographic ad hoc routing through autonomous position verification , 2006, VANET '06.

[9]  Jessica Staddon,et al.  Detecting and correcting malicious data in VANETs , 2004, VANET '04.

[10]  Panagiotis Papadimitratos,et al.  Eviction of Misbehaving and Faulty Nodes in Vehicular Networks , 2007, IEEE Journal on Selected Areas in Communications.

[11]  Haiyun Luo,et al.  Adaptive security for multilevel ad hoc networks , 2002, Wirel. Commun. Mob. Comput..

[12]  Nalini Venkatasubramanian,et al.  Security Issues in a Future Vehicular Network , 2002 .

[13]  Jolyon Clulow,et al.  New Strategies for Revocation in Ad-Hoc Networks , 2007, ESAS.

[14]  Amit Kumar Saha,et al.  Modeling mobility for vehicular ad-hoc networks , 2004, VANET '04.