Bißmeyer, Norbert (2014)
Misbehavior Detection and Attacker Identification in Vehicular Ad-hoc Networks.
Technische Universität Darmstadt
Ph.D. Thesis, Primary publication
|
Text
Disseration Norbert Bißmeyer.pdf - Accepted Version Copyright Information: CC BY-NC-ND 2.5 Generic - Creative Commons, Attribution, NonCommercial, NoDerivs . Download (6MB) | Preview |
Item Type: | Ph.D. Thesis | ||||
---|---|---|---|---|---|
Type of entry: | Primary publication | ||||
Title: | Misbehavior Detection and Attacker Identification in Vehicular Ad-hoc Networks | ||||
Language: | English | ||||
Referees: | Waidner, Prof. Dr. Michael ; Kargl, Prof. Dr. Frank | ||||
Date: | 1 December 2014 | ||||
Place of Publication: | Darmstadt | ||||
Date of oral examination: | 27 November 2014 | ||||
Abstract: | The objective of the research presented in this dissertation is to detect misbehavior in vehicular ad hoc networks (VANETs) and to identify the responsible attackers or faulty nodes in order to exclude them from active network participation. Vehicles and roadside units use wireless ad hoc communication in VANETs to increase traffic safety and efficiency by exchanging cooperative awareness information and event-based messages. Considering both presence and status of vehicles moving in a defined range drivers can be notified instantly about upcoming potentially dangerous situations such as a sudden braking action of a vehicle driving in front or the tail end of a traffic jam ahead. VANET nodes frequently broadcast mobility-related information (i.e. absolute values for position, time, heading, and speed) within a communication range of several hundred meters to establish a cooperative awareness of single-hop neighbors. Due to the ad hoc communication between network nodes traffic safety applications become feasible that have low latency requirements. The protection against external attackers in VANETs is provided by applying cryptographic methods. Only registered nodes of the VANET are equipped with valid keys that are certified by a trusted certificate authority. Internal attackers who possess appropriate hardware, software, and valid certificates must be considered as a dangerous threat. Attackers who either extract valid keys and certificates from a communication unit or install a malware on VANET devices on board of vehicles or on roadside units are able to send bogus messages that are accepted by unsuspecting vehicles. We demonstrate that the processing of fake information may affect the safety and efficiency of the overall traffic in the attackers' single or multi-hop communication range. Most existing solutions in the context of misbehavior detection in VANETs are based on data-centric plausibility and consistency checks. We propose in this dissertation new methods and frameworks to evaluate the behavior of VANET nodes based on cooperatively exchanged location-related information. Most existing solutions are only tested within simulations. In contrast we analyzed the applicability of misbehavior detection in VANETs under real conditions. Long-term experiments in outdoor field operational tests and dedicated trials with test vehicles revealed new insights with respect to misbehavior detection and attacker identification which are presented in this dissertation. Based on this knowledge a novel strategy has been developed that consists of three main contributions: local misbehavior detection, local short-term identification of potential attackers, and central long-term identification of attackers. The concept for local misbehavior detection on VANET nodes is based on different information sources such as received packets or sensor measurements to perform data consistency and data plausibility checks. In case of detected inconsistencies or implausible movement characteristics the suspicious node is observed and its trustworthiness is locally evaluated. The contributions for local short-term identification of potential attackers consider explicitly the frequent change of neighbor node identifiers as stipulated by European standards and international industrial regulations. Based on test results gained from a large field operational test a concept for the local misbehavior evaluation of neighbor nodes is proposed. The resulting node trustworthiness is further used to generate misbehavior reports that are transmitted to a central evaluation authority. Consequently, the central authority is informed about suspicious nodes and hence potential attackers of the VANET. The third main contribution is the processing of misbehavior reports for central long-term identification of attackers. If sufficient evidence is reported by a significant number of independent VANET nodes the central misbehavior evaluation authority is authorized to request information whether different pseudonymous IDs contained in related misbehavior reports belong to the same suspicious node. This process is supported by the central certificate authorities which ensure the consideration of drivers' privacy while processing critical information. After the assessment of the reported suspects the central misbehavior evaluation authority is able to identify the attacker and exclude his or her from active participation in any VANET communication. Based on the knowledge gained from our practical experiments with test vehicles we developed an effective concept to enable the secure and reliable long-term operation of VANETs. Attackers and faulty nodes can reactively be excluded from the network after independent network nodes have locally detected their misbehavior and a central authority has identified the offenders. This approach is more effective in terms of long-term attacker exclusion and minimization of false-positive detections compared to related approaches that are only deployed on VANET nodes. Consequently, the proposed concept will help to minimize the motivation of potential attackers to aim on VANETs. Due to the detection of abnormal node behavior even novel attack methods that may emerge in the future should be effectively counteracted by applying these concepts. |
||||
Alternative Abstract: |
|
||||
URN: | urn:nbn:de:tuda-tuprints-42573 | ||||
Classification DDC: | 000 Generalities, computers, information > 004 Computer science | ||||
Divisions: | 20 Department of Computer Science | ||||
Date Deposited: | 04 Dec 2014 07:54 | ||||
Last Modified: | 09 Jul 2020 00:49 | ||||
URI: | https://tuprints.ulb.tu-darmstadt.de/id/eprint/4257 | ||||
PPN: | 386760071 | ||||
Export: |
View Item |