Nataša Trkulja,David Starobinski,Randall A. Berry

DOI: https://doi.org/10.48550/arXiv.2010.13725

2020-10-27

Abstract:Cellular Vehicle-to-Everything (C-V2X) networks are increasingly adopted by automotive original equipment manufacturers (OEMs). C-V2X, as defined in 3GPP Release 14 Mode 4, allows vehicles to self-manage the network in absence of a cellular base-station. Since C-V2X networks convey safety-critical messages, it is crucial to assess their security posture. This work contributes a novel set of Denial-of-Service (DoS) attacks on C-V2X networks operating in Mode 4. The attacks are caused by adversarial resource block selection and vary in sophistication and efficiency. In particular, we consider "oblivious" adversaries that ignore recent transmission activity on resource blocks, "smart" adversaries that do monitor activity on each resource block, and "cooperative" adversaries that work together to ensure they attack different targets. We analyze and simulate these attacks to showcase their effectiveness. Assuming a fixed number of attackers, we show that at low vehicle density, smart and cooperative attacks can significantly impact network performance, while at high vehicle density, oblivious attacks are almost as effective as the more sophisticated attacks.

Cryptography and Security,Networking and Internet Architecture

Ji-Ming Chen,Ting-Ting Li,John Panneerselvam

DOI: https://doi.org/10.1109/access.2018.2876153

IF: 3.9

2018-01-01

IEEE Access

Abstract:Message transmission in vehicular networks is increasing in popularity which exploits the network nodes to transmit messages using cooperative communication in a multi-hop fashion. But the increasing number of malicious nodes in the high-speed Internet of Vehicles demands additional methodologies to quickly detect the presence of such nodes to avoid serious security consequences. Early detection of malicious nodes, and accurate assessment of complex data to assess the node reliability are of absolute importance in vehicular networks. To this end, this paper proposes a security scheme that uses evidence combination method to combine local data with external evidence to evaluate the reliability of multi-dimensional data received from other peer nodes. In addition, this paper uses European Telecommunications Standards Institute standard and Decentralized Environmental Notification Message, and proposes a trust calculation method based on collaborative filtering by introducing a small-time interval to detect the changes in the node behaviors. While the former solution helps more accurate computation of the direct trust value, the latter scheme can calculate the indirect trust based on recommendations received from neighbors, ultimately to obtain the global trust value. Finally, more effective traffic data can be obtained to help traffic prediction. Experiments conducted under various network scenarios demonstrate that our proposed scheme outperforms the existing trust models, such as precision or recall and can resist bad-mouth attacks, selective-misbehavior attacks, and time-dependent attacks, especially under larger proportions of malicious nodes.

Yi Gao,Xue Liu,Wei Dong

DOI: https://doi.org/10.1109/icnp.2017.8117532

2017-01-01

Abstract:Dedicated Short Range Communications (DSRC), a promising vehicle-to-vehicle communication technology, has been under active research and large scale DSRC deployment is expected to start shortly. However, before all vehicles are deployed with DSRC, there will be a relatively long partial DSRC deployment period where DSRC-equipped vehicles and non-DSRC-equipped vehicles both exist on roads. More importantly, it is reported that the probability a DSRC-equipped vehicle will benefit from a safety application is only of 1% during the initial DSRC deployment. Therefore, we propose MVS, aMultiple Vehicle Sensing approach to improve the collision avoidance effectiveness under partial DSRC deployment. The design of MVS is based on the observation that vehicles are able to sense the kinematic states of its adjacent vehicles by using existing computer vision technologies and/or on-board radar technologies. Therefore, we focus on improving the efficiency of sharing these sensed kinematic states among DSRC-equipped vehicles. By using the sensed data from multiple adjacent vehicles, the kinematic states of a non-DSRC-equipped vehicle can be accurately estimated. MVS is implemented and evaluated through a trace-driven study based on two realistic vehicle mobility traces. Results show that MVS reduces the collision probability by 61.5% and 60.1% in the two traces.

Junman Qin,Jiajia Liu

DOI: https://doi.org/10.1109/tvt.2022.3164896

IF: 6.8

2022-01-01

IEEE Transactions on Vehicular Technology

Abstract:Due to the gap between calculation-intensive and latency-sensitive features of self-driving tasks and the vehicle's limited computation and storage resources, the development of autonomous vehicles is situated in a bottleneck. Fortunately, multi-access edge computing (MEC) architecture offers a promising measure to bridge this gap. It brings resources proximity to mobile devices at the network edge to support task offloading. Nonetheless, it introduces the problem of insecure wireless communication. Beyond that, the autonomous vehicle also has strict requirements on latency and energy consumption of task offloading technique owing to its safety-related and electricity-driven characteristics. Many scholars have studied the related problems widely. Nevertheless, few papers combine these three significant factors, namely information security, task latency and energy consumption. Thus, we put forward a mobility-ware task offloading scheme in cellular vehicle-to-everything system, which carefully considers these three requirements together. In this scheme, a time approximation algorithm is proposed to tackle the channel condition variations caused by the vehicle movement. Small-cell base station proactively sends artificial noise to debase wiretapper decoding capability and further prevent data exchanged between vehicles and MEC from being eavesdropped at the physical layer. Moreover, the optimal offloading proportion is found to minimize the weighted sum of latency and energy consumption. Experimental performances validate the effectiveness and feasibility of the proposed task offloading scheme.

telecommunications,engineering, electrical & electronic,transportation science & technology

Yingmo Jie,Mingchu Li,Cheng Guo,Ling Chen

DOI: https://doi.org/10.1109/ACCESS.2018.2869399

IF: 3.9

2018-01-01

IEEE Access

Abstract:To fight against denial of services (DoS) attacks on vehicular ad hoc networks, which can cause congestion over networks and degrading the user's experience, a lot of detective techniques and schemes have been proposed. However, the complex ones cannot keep pace with the growth of vehicle networks. In this paper, we propose a simple but effective defense strategy scheme inspired by the port-hopping mechanism, which advantage is manifested in that the detection and filtering off of malicious packets launched by attackers can be achieved without any change in existing protocol. First, we design a dynamic defense strategy scheme to puzzle a DoS attacker, where the specific defense strategy will change according to a scheme of time. To mitigate the losses caused by an attacker whose goal is to probe the vulnerable services' ports contained in the UDP/TCP headers between vehicle-to-vehicle or vehicle-to-infrastructure, we add some security services' ports that are valueless to attackers. Second, we give the specific construction of such a defense strategy scheme reflected as a matrix and a security analysis with respect to detecting the probed ports. At last, in comparison with the non-strategy defense scheme, simulations considering some parameters are conducted, which can show that our scheme is an effective defense scheme used for protecting VANETs.

Mohammed Al-Mehdhara,Na Ruan

DOI: https://doi.org/10.1155/2021/8891758

2021-01-01

Wireless Communications and Mobile Computing

Abstract:The wireless nature of the Vehicular Ad Hoc Network (VANET), a technology that offers facilities such as traffic management and safety services, makes it vulnerable to distributed denial-of-service (DDoS) attacks that exploit network communications and reduce network reliability and performance. This paper proposes a design of a secure VANET architecture using a Software-Defined Networking (SDN) controller and Neural Network Self-Organizing Maps (SOMs). In the proposed design, we adopt the SDN architecture by using its separation of the control plane from the data plane and adding intelligent capabilities to the VANET. To resolve the drawbacks of standard SOMs and to enhance the SOM's efficiency, a Multilayer Distributed SOM (MSOM) model based on two levels of clustering and classification is used. Experimental results show that our solution can efficiently detect malicious traffic, prevent and mitigate DDoS attacks, and increase system security and recovery speed from the attacking traffic. Moreover, the proposed scheme achieves a high accuracy rate (99.67%). Simulation results demonstrate the effectiveness and efficiency of the MSOM regarding detection accuracy and other studied metrics.

Marian Gusatu,Ruxandra F. Olimid

DOI: https://doi.org/10.48550/arXiv.2111.04801

2021-11-10

Abstract:Multi-access Edge Computing (MEC) is a 5G-enabling solution that aims to bring cloud-computing capabilities closer to the end-users. This paper focuses on mitigation techniques against Distributed Denial-of-Service (DDoS) attacks in the context of 5G MEC, providing solutions that involve the virtualized environment and the management entities from the MEC architecture. The proposed solutions aim to reduce the risk of affecting legitimate traffic in the context of DDoS attacks. Our work supports the idea of using a network flow collector that sends the data to an anomaly detection system based on artificial intelligence techniques and, as an improvement over the previous work, it contributes to redirecting detected anomalies for isolation to a separate virtual machine. This virtual machine uses deep packet inspection tools to analyze the traffic and provides services until the final verdict. We decrease the risk of compromising the virtual machine that provides services to legitimate users by isolating the suspicious traffic. The management entities of the MEC architecture allow to re-instantiate or reconfigure the virtual machines. Hence, if the machine inspecting the isolated traffic crashes because of an attack, the damaged machine can be restored while the services provided to legitimate users are not affected.

Cryptography and Security,Networking and Internet Architecture

Haiyang Huang,Tianhui Meng,Jianxiong Guo,Xuekai Wei,Weijia Jia

DOI: https://doi.org/10.1145/3641106

2024-02-23

ACM Transactions on Sensor Networks

Abstract:Application-layer distributed denial-of-service (DDoS) attacks incapacitate systems by using up their resources, causing service interruptions, financial losses, and more. Consequently, advanced deep-learning techniques are used to detect and mitigate these attacks in cloud infrastructures. However, in mobile edge computing (MEC), it becomes economically impractical to equip each node with defensive resources, as these resources may largely remain unused in edge devices. Furthermore, current methods are mainly concentrated on improving the accuracy of DDoS attack detection and saving CPU resources, neglecting the effective allocation of computational power for benign tasks under DDoS attacks. To address these issues, this paper introduces SecEG, a secure and efficient strategy against DDoS attacks for MEC that integrates container-based task isolation with lightweight online anomaly detection on edge nodes. More specifically, a new model is proposed to analyze resource contention dynamics between DDoS attacks and benign tasks. Subsequently, by employing periodic packet sampling and real-time attack intensity predicting, an autoencoder-based method is proposed to detect DDoS attacks. We leverage an efficient scheduling method to optimize the edge resource allocation and the service quality for benign users during DDoS attacks. When executed in the real-world edge environment, our experimental findings validate the efficacy of the proposed SecEG strategy. Compared to conventional methods, the service rate of benign requests increases by 23% under intense DDoS attacks, and the CPU resource is saved up to 35%.

computer science, information systems,telecommunications

Sushmita Ruj,Marcos Antonio Cavenaghi,Zhen Huang,Amiya Nayak,Ivan Stojmenovic

DOI: https://doi.org/10.48550/arXiv.1103.2404

2011-03-12

Abstract:Detecting misbehavior (such as transmissions of false information) in vehicular ad hoc networks (VANETs) is very important problem with wide range of implications including safety related and congestion avoidance applications. We discuss several limitations of existing misbehavior detection schemes (MDS) designed for VANETs. Most MDS are concerned with detection of malicious nodes. In most situations, vehicles would send wrong information because of selfish reasons of their owners, e.g. for gaining access to a particular lane. Because of this (\emph{rational behavior}), it is more important to detect false information than to identify misbehaving nodes. We introduce the concept of data-centric misbehavior detection and propose algorithms which detect false alert messages and misbehaving nodes by observing their actions after sending out the alert messages. With the data-centric MDS, each node can independently decide whether an information received is correct or false. The decision is based on the consistency of recent messages and new alert with reported and estimated vehicle positions. No voting or majority decisions is needed, making our MDS resilient to Sybil attacks. Instead of revoking all the secret credentials of misbehaving nodes, as done in most schemes, we impose fines on misbehaving nodes (administered by the certification authority), discouraging them to act selfishly. This reduces the computation and communication costs involved in revoking all the secret credentials of misbehaving nodes.

Networking and Internet Architecture

Chen Chen,Xin Wang,Weili Han,Binyu Zang

DOI: https://doi.org/10.1109/ICDCSW.2009.48

2009-01-01

Abstract:The Sybil attack is one of the serious attacks to Vehicular Ad Hoc Networks (VANETs), because it severely damages the security of VANETs and, even leads to a threat to lives of drivers and passengers. In this paper, we propose a solution to detect the Sybil attack based on the differences between the normal motion trajectories of vehicles and the abnormal ones. In our approach, each node can accomplish the attack detection independently with the limited assistance from the infrastructures of VANETs. We improve the feasibility of our approach with limited infrastructures at the early deployment stages of VANETs. In addition, the independency and feasibility of our algorithm are more robust than the existing solutions that rely on collaboration of neighboring nodes. Simulation results show that the proposed method outperforms the existing solutions in terms of robustness, detection rate, overhead efficiency, and lower system requirements.

Ying Gao,Hongrui Wu,Binjie Song,Yaqia Jin,Xiongwen Luo,Xing Zeng

DOI: https://doi.org/10.1109/access.2019.2948382

IF: 3.9

2019-01-01

IEEE Access

Abstract:Security assurance in Vehicular Ad hoc Network (VANET) is a crucial and challenging task due to the open-access medium. One great threat to VANETs is Distributed Denial-of-Service (DDoS) attack because the target of this attack is to prevent authorized nodes from accessing the services. To provide high availability of VANETs, a scalable, reliable and robust network intrusion detection system should be developed to efficiently mitigate DDoS. However, big data from VANETs poses serious challenges to DDoS attack detection since the detection system require scalable methods to capture, store and process the big data. To overcome these challenges, this paper proposes a distributed DDoS network intrusion detection system based on big data technology. The proposed detection system consists of two main components: real-time network traffic collection module and network traffic detection module. To build our proposed system, we use Spark to speed up data processing and use HDFS to store massive suspicious attacks. In the network collection module, micro-batch data processing model is used to improve the real-time performance of traffic feature collection. In the traffic detection module, the classification algorithm based on Random Forest (RF) is adopted. In order to evaluate the accuracy of detection, the algorithm was evaluated and compared in the datasets, containing NSL-KDD and UNSW-NB15. The experimental results show that the proposed detection algorithm reached the accuracy rate of 99.95% and 98.75%, and the false alarm rate (FAR) of 0.05% and 1.08%, respectively, in two datasets.

computer science, information systems,telecommunications,engineering, electrical & electronic

Nadeem Ahmed,Fayaz Hassan,Khursheed Aurangzeb,Arif Hussain Magsi,Musaed Alhussein

DOI: https://doi.org/10.1016/j.heliyon.2024.e28844

IF: 3.776

2024-03-29

Heliyon

Abstract:Recent years have witnessed security as a great concern in vehicular networks (VANET). Particularly, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks can jeopardize the network by broadcasting a storm of packets. Correspondingly, the network resources are jammed with malicious traffic. In this connection, the existing research presented various techniques to cope with DoS and DDoS attacks. Different from those traditional approaches, this study proposes an Intelligent Intrusion Detection System (IDS) by leveraging Machine Learning (ML). The proposed IDS utilizes a publicly available dataset on the application layer for mitigating DDoS attacks. The designed ML-based IDS relies on combining both the Random Projection (RP) and Randomized Matrix Factorization (RMF) methods to achieve the best results for enhancing the detection capabilities of the IDS. This amalgamation enhances the system's detection capabilities by extracting and analyzing meaningful features from network traffic data. Experimental validation of our approach involves a comprehensive evaluation of various ML models, including Extra Tree Classifier (ETC), Logistic Regression (LR), and Random Forest (RF). Remarkably, the combined accuracy of these models yields an average system accuracy of 0.98, surpassing existing methods. Unlike conventional approaches, our proposed IDS excels in efficiency and exhibits notable performance in detecting DoS and DDoS attacks in VANET. This proficiency ensures the integrity and safety of vehicle communications. Thus, our research substantially contributes to the vehicular network security field. The presented findings establish a foundation for future advancements in securing connected vehicles.

Tianci Yang,Carlos Murguia,Chen Lv

DOI: https://doi.org/10.48550/arXiv.2109.01553

2021-09-03

Abstract:Cooperative Adaptive Cruise Control (CACC) is an autonomous vehicle-following technology that allows groups of vehicles on the highway to form in tightly-coupled platoons. This is accomplished by exchanging inter-vehicle data through Vehicle-to-Vehicle (V2V) wireless communication networks. CACC increases traffic throughput and safety, and decreases fuel consumption. However, the surge of vehicle connectivity has brought new security challenges as vehicular networks increasingly serve as new access points for adversaries trying to deteriorate the platooning performance or even cause collisions. In this manuscript, we propose a novel attack detection scheme that leverage real-time sensor/network data and physics-based mathematical models of vehicles in the platoon. Nevertheless, even the best detection scheme could lead to conservative detection results because of unavoidable modelling uncertainties, network effects (delays, quantization, communication dropouts), and noise. It is hard (often impossible) for any detector to distinguish between these different perturbation sources and actual attack signals. This enables adversaries to launch a range of attack strategies that can surpass the detection scheme by hiding within the system uncertainty. Here, we provide risk assessment tools (in terms of semidefinite programs) for Connected and Automated Vehicles (CAVs) to quantify the potential effect of attacks that remain hidden from the detector (referred here as \emph{stealthy attacks}). A numerical case-study is presented to illustrate the effectiveness of our methods.

Systems and Control

Xiaofen Fang,Kunli Fang,Guohua Li,Xinjun Jin,Lihui Zheng

DOI: https://doi.org/10.26855/ea.2022.12.006

2023-01-01

Engineering Advances

Abstract:Smart vehicles constitute the intelligent transportation system, the complex traffic network of multiple types of sensors in the energy consumption data and the amount of data transmitted is increasing, the network consisting of multi-source wireless sensors in the vehicle is often subject to DDoS attacks, the DDoS will lead to data loss or even traffic failure.Since multiple distributed vehicle nodes are dynamic constantly entering or leaving a network cluster, as smart vehicles continue to join the new wireless sensor network and obtain new identity IDs based on location, IP addresses are always allocated and recycled.DDoS attacks against vehicle networking clusters are difficult to identify, destructive and easy to implement.In this paper, we analyze the topology and communication patterns of wireless sensor networks in vehicular networks, the characteristics of being subject to DDoS attacks, the detection methods of each, and propose the initial detection and energy consumption trust value calculation for the detection of DDoS attack network nodes.

Fei Sun,Richard R. Brooks,Gurcan Comert,Nathan Tusing

DOI: https://doi.org/10.1109/tits.2022.3164779

IF: 8.5

2022-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:This paper investigates side-channel vulnerabilities of a wireless communication application in vehicular environments (DSRC/WAVE) protocol implementation of a traffic intersection application. A prototype roadside unit (RSU) was implemented using real DSRC devices. The functionality of the WAVE short message (Wsm)-channel is extended to include an implementation of WAVE short message protocol (WSMP) for broadcasting GPS data and RSU instructions in vehicular communications. In the example used, DSRC is used to replace an intersection stoplight. Denial of service attacks are executed that leverage DSRC RSU timing and packet size side-channels to selectively disable the stoplight. Simulations are implemented to determine our ability to stealthily drop packets so as to force two vehicles to collide. Hidden Markov models (HMM) and Support Vector Machines (SVM) are constructed from sniffed side-channel information. We use inter-packet delay time and packet size side-channel information to design our attackes. In operational networks, packets should be encrypted in order to hide the contents of the packet payloads, but packet sizes and timing are not affected by encryption. HMMs were inferred using only side-channel information. The inferred HMMs track the protocol status over time. The SVM classifier was inferred using both side-channel data and packet payloads. At run-time, though, the SVM only had access to side-channel information. Simulation experiments were implemented to test HMM and SVM ability to identify packets used to signal vehicles to stop and yield right-of-way. Timing HMM side-channel attack caused collision with 2.5% false positive rate (FPR), while the packet size one resulted 9.5% FPR.

engineering, electrical & electronic,transportation science & technology, civil

Qi Wang,Zeeshan Pervez,J. Alcaraz-Calero,Ana Serrano Mamolar

DOI: https://doi.org/10.1109/EuCNC.2019.8801975

2019-06-01

Abstract:The fifth-generation (5G) mobile networks target a variety of new use cases that involve a massive amount of heterogeneous devices connected to the same infrastructure. This trend also brings new security threats, and one of the most critical ones for the availability of network services is a Distributed Denial of Service (DDoS) attack. A small portion of the billions of connected devices can be employed as a botnet to trigger a massive DDoS flooding attack that can bring down important services or affect the complete infrastructure. Traditional security systems against DDoS attacks are generally designed to work in infrastructures with a particular topology. However, the mobility of many devices subscribed to the network should be taken into account when designing defence systems. Otherwise, both the detection and the trace back of the attacker will be limited to non-mobile devices as the source of the attack. This is specially relevant when security needs to be part of the definition of the network slices associated to the 5G networks. This paper presents a novel approach to overcome the limitation of traditional detection systems. A novel sensor provides the required information to trace back an attacker even if it is moving among different locations. The proposed approach is suitable to be deployed in almost all 5G network segments including the Edge. Architectural design is described and empirical experiments have validated the proposed approach.

Engineering,Computer Science

Zepei Sun,Randall Berry

2024-10-01

Abstract:This paper evaluates the performance of the one-shot Semi-Persistent Scheduling (SPS) mechanism in Cellular Vehicle-to-Everything (C-V2X) networks under Denial-of-Service (DoS) smart attack scenarios. The study focuses on the impact of these attacks on key performance metrics, including Packet Delivery Ratio (PDR), Inter-Packet Gap (IPG), and Age of Information (AoI). Through extensive Monte Carlo simulations, we demonstrate that the one-shot mechanism significantly enhances network resilience by mitigating the adverse effects of smart DoS attacks. The findings reveal that while the one-shot mechanism improves the PDR and reduces the IPG and AoI tail values, its effectiveness diminishes slightly in high-density vehicular environments. Nevertheless, the one-shot mechanism proves to be a robust solution for maintaining the stability and reliability of C-V2X communications under adversarial conditions.

Systems and Control

Hongjia Li,Chang Yang,Liming Wang,Nirwan Ansari,Ding Tang,Xueqing Huang,Zhen Xu,Dan Hu

DOI: https://doi.org/10.1109/tmc.2021.3086219

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Mobile edge computing (MEC), extending computing services from cloud to edge, is recognized as one of key pillars to facilitate real-time services and tackle backhaul bottleneck. However, it is not economically efficient to attach intensive security appliances to every MEC node to defend application-level DDoS attacks and ensure the availability of services. Thus, we explore the elasticity of security defense among MEC nodes by proposing a COoperative DEfense (CODE) framework for MEC, referred to as CODE4MEC. CODE4MEC aims to adapt to traffic changes by coordinating container-carried defensive resources among cooperative MEC nodes in an automatic way. Towards this aim, we propose four control plane functions to enable a life-cycle management for CODE4MEC, namely, CODE triggering, scheduling, coordination and releasing. However, an effective CODE4MEC requires non-trivial algorithmic schemes, in particular for CODE scheduling and coordination functions. We thus design an online combinatorial auction mechanism for real-time CODE scheduling, and prove a tighter performance bound relative to prior arts. As for CODE coordination, a flow-based traffic and context information coordination scheme is proposed to enable classical defense schemes to work properly and efficiently. Finally, using a combination of real testbed and simulation evaluations, we validate the effectiveness of CODE4MEC.

computer science, information systems,telecommunications

Joelle Kabdjou,Norihiko Shinomiya

DOI: https://doi.org/10.1109/access.2024.3361476

IF: 3.9

2024-02-20

IEEE Access

Abstract:Creating a cyber deception framework for 5G networks, particularly in IoT and cellular applications, is complex due to critical constraints in managing resources, meeting low latency demands, and addressing security concerns. While cloud computing aids in alleviating some limitations, it often falls short in meeting low-latency requirements. Multi-Access Edge Computing (MEC) has emerged as a solution by bringing resources closer to User Equipment (UEs) to reduce latency. Various MEC architectures have leveraged Software Defined Networking (SDN), Network Function Virtualization (NFV), Service Function Chaining (SFC), Network Slicing (NS), decision-making systems, and deception components. However, none have integrated these technologies comprehensively to achieve superior Quality of Service (QoS) and strengthen security. In this paper, we unify SDN, NFV, SFC, NS, decision-making technologies, and deception to efficiently manage MEC server resources and lure attackers. We utilize cyber deception metrics, including request collection rates over time and variations in request numbers concerning different botnet sizes. Moreover, we meticulously address QoS parameters such as latency, computing, storage, and bandwidth resources. Our approach initiates with a mathematical model for MEC server resource allocation, introducing a novel architecture that reduces bandwidth, computing, and storage resource usage. We introduce a cyber deception strategy utilizing uniform distribution and random selection to divert potential attackers. Simulations validate efficient resource management, notably reducing end-to-end latency for requests processed on the edge and in the cloud. This enhancement improves QoS within the MEC system and provides valuable insights for advancing decision-making technologies.

computer science, information systems,telecommunications,engineering, electrical & electronic

Tong Zhou,Romit Roy,Choudhury Peng Ning,Krishnendu Chakrabarty

DOI: https://doi.org/10.1109/jsac.2011.110308

IF: 16.4

2011-01-01

IEEE Journal on Selected Areas in Communications

Abstract:Vehicular ad hoc networks (VANETs) are being increasingly advocated for traffic control, accident avoidance, and management of parking lots and public areas. Security and privacy are two major concerns in VANETs. Unfortunately, in VANETs, most privacy-preserving schemes are vulnerable to Sybil attacks, whereby a malicious user can pretend to be multiple (other) vehicles. In this paper, we present a lightweight and scalable protocol to detect Sybil attacks. In this protocol, a malicious user pretending to be multiple (other) vehicles can be detected in a distributed manner through passive overhearing by s set of fixed nodes called road-side boxes (RSBs). The detection of Sybil attacks in this manner does not require any vehicle in the network to disclose its identity; hence privacy is preserved at all times. Simulation results are presented for a realistic test case to highlight the overhead for a centralized authority such as the DMV, the false alarm rate, and the detection latency. The results also quantify the inherent trade-off between security, i.e., the detection of Sybil attacks and detection latency, and the privacy provided to the vehicles in the network. From the results, we see our scheme being able to detect Sybil attacks at low overhead and delay, while preserving privacy of vehicles.