Communications - February 2012

harm if the network is not secured and if the privacy of each individual is not protected. Consider a node (for example, a driver or vehicle) that can insert false information about other drivers and traffic, or the one that can eavesdrop private information and use this information against other users in his or her own favor (for example, to stop or mislead a flow of vehicles).

Another issue in security of VAN is the mobility feature of vehicles, which could easily result in rapid changes in the VAN topology. Thus, security and privacy protocols should be carefully designed to avoid overwhelming the radio link bandwidth with sudden node density fluctuations. In addition, due to having so many participating elements, we open the door for unintentional network congestion, or intentional flooding of the network with junk data that would result in denial of service. 6 This is critical, particularly for VAN, as attackers may completely bring down vehicular networks this way.

While all the cases here are antisocial behaviors, they are real-life possibilities with devastating results in terms of public safety. Papadimitratos et al. 14 explain how the sweet dream of deploying VANs may turn into a nightmare if security and privacy elements are not carefully embedded. In that case, the disadvantages of deploying vehicular communications in VANs would be more than the benefits.

Many researchers in academia and industry have investigated secure vehicular communications in ITS-VAN. 32 Among those are cryptography, public or private keys, and digital signature verification approaches for security and privacy as well as redundant packets delivery for a more reliable communication. 31 Others have worked on schemes that can be used on top of the IEEE 1609.2 standard for secure messaging protocols in WAVE. 50

Anomaly detection systems can be
employed to minimize the effect of ma-
licious breaches on VAN. 2, 13, 43 The main
idea is to employ data/packet process-
ing techniques (for example, packet
content inspection such as worm de-
tection, 13, 29, 40 or machine learning5) for
such behavioral analysis. Other tech-
niques include continuous monitoring
of network flow to identify anomalies
or malicious attempts. 52 Here, we list a
few cases where anomaly detection can
be effectively deployed to enhance VAN
security or safety:

secure communication

According to Williamson, 52 security and privacy in VAN communication should account for features such as message authentication, integrity, accountability and privacy protection. Current research on security in vehicular communication protocols mostly focuses on periodic beaconing, flooding, Geocast and position-based mechanisms. 21, 37, 48

Geocast refers to multi-hop broadcast information dissemination in a large geographically restricted destination region. It is important to secure VAN’s geocast against denial-of-service attacks caused by overloading. According to Schoch et al., 37 secure Geocast (where a large number of nodes forward a message), can be achieved by employing probabilistic protocols such as advanced adaptive gossiping techniques along with adaptive load control mechanisms. These techniques probabilistically choose a subset of nodes for message forwarding and dynamically control the load on each node to prevent congestion and overloading. On the other hand, security of VAN can be compromised by attacks that cause jamming where the reception of messages is blocked. Jamming attacks can be overcome by using message loss avoidance techniques such as the one introduced in Schoch. 37 In this technique the unre-ceived messages are detected, stored, and queued for retransmission.

The Secure Vehicular Communication (SeVeCom) project, 38 funded and carried out by European organizations, focused on the design and practical implementation aspects of security and privacy in VAN. Digital signatures are known as the underlying basis to support security and anonymity in VAN. SeVeCom made use of customized hardware security modules (HSM), implemented as ap-plication-specific integrated circuits (ASIC) both onboard and at the roadside infrastructure to support cryptographic operations. HSM stores and protects private keys for digital signature generation, and handles the key and device management. SeVeCom relies on multiple short-term certified private-private key pairs, known as pseudonyms, rather than traditional long-term private and public keys for