Baber Aslam

Defense against Sybil attack in vehicular ad hoc network based on roadside unit support

In this paper, we propose a timestamp series approach to defend against Sybil attack in a vehicular ad hoc network (VANET) based on roadside unit support. The proposed approach targets the initial deployment stage of VANET when basic roadside unit (RSU) support infrastructure is available and a small fraction of vehicles have network communication capability. Unlike previously proposed schemes that require a dedicated vehicular public key infrastructure to certify individual vehicles, in our approach RSUs are the only components issuing the certificates. Due to the differences of moving dynamics among vehicles, it is rare to have two vehicles passing by multiple RSUs at exactly the same time. By exploiting this spatial and temporal correlation between vehicles and RSUs, two messages will be treated as Sybil attack issued by one vehicle if they have the similar timestamp series issued by RSUs. The timestamp series approach needs neither vehicular-based public-key infrastructure nor Internet accessible RSUs, which makes it an economical solution suitable for the initial stage of VANET.

Optimal roadside units placement in urban areas for vehicular networks

The most important component of a vehicular ad hoc network (VANET), besides VANET-enabled vehicles, is roadside units (RSUs). The effectiveness of a VANET largely depends on the density and location of these RSUs. During the initial stages of VANET, it will not be possible to deploy a large number of RSUs either due to the low market penetration of VANET-enabled vehicles or due to the deployment cost of RSUs. There is, therefore, a need to optimally place a limited number of RSUs in a given region in order to achieve maximum performance. In this paper, we present two different optimization methods for placement of a limited number of RSUs in an urban region: an analytical Binary Integer Programming (BIP) method and a novel Balloon Expansion Heuristic (BEH) method. BIP method utilizes branch and bound approach to find an optimal analytical solution whereas BEH method uses balloon expansion analogy to find an optimal or near optimal solution. Our evaluations show that both methods perform optimally or near optimally compared with the exhaustive method. Further, BEH method is more versatile and performs better than BIP method in terms of computational cost and scalability.

Optimal roadside units placement along highways

Roadside units (RSUs) are a critical component of Vehicular ad hoc network (VANET). Ideally, RSUs should be deployed pervasively to provide continuous coverage or connectivity. However, during the initial stages of VANET, it will not be possible to ensure such a pervasive RSU deployment due to the huge cost and/or the lack of market penetration of VANET enabled vehicles. Given a limited number of RSUs, in this paper, we address the issue of optimal placement of these RSUs along highways with the goal of minimizing the average time taken for a vehicle to report an event of interest to a nearby RSU. We present a so-called balloon optimization method ─ the optimal solution is found by using a dynamic process similar to the natural expansion of multiple balloons in a two-dimensional space where each balloon corresponds to the coverage area of one RSU. Our preliminary evaluation shows that the balloon method performs optimal or near optimal compared with the exhaustive method and it can be used for the optimal placement of RSUs along highways.

Defense against Sybil attack in the initial deployment stage of vehicular ad hoc network based on roadside unit support

In this paper, we propose two certificate mechanisms for preventing the Sybil attack in a vehicular ad hoc network (VANET): the timestamp series approach and the temporary certificate approach. We focus on an early-stage VANET when the number of smart vehicles is only a small fraction of the vehicles on the road and the only infrastructure components available are the roadside units (RSUs). Our approach does not require a dedicated vehicular public key infrastructure to certify individual vehicles but RSUs are the only components issuing certificates. The vehicles can obtain certificates by simply driving by RSUs, without the need to pre-register at a certificate authority. The timestamp series approach exploits the fact that because of the variance of the movement patterns of the vehicles, it is extremely rare that the two vehicles pass by a series of RSUs at exactly the same time points. The vehicles obtain a series of certificates signed by the RSUs, which certify their passing by at the RSU at a certain time point. By exploiting the spatial and temporal correlation between vehicles and RSUs, we can detect the Sybil attack by checking the similarity of timestamp series. In the temporary certificate-based approach, an RSU issues temporary certificates valid only in a particular area for a limited time. To guarantee that each vehicle is assigned only a single certificate, at the issuance of the first certificate, it is required that the RSU physically authenticate the vehicle. When driving by the subsequent RSUs, however, the certificate can be updated in a chained manner. By guaranteeing that each vehicle is issued a single certificate in a single area, the Sybil attack is prevented. We provide mathematical analysis and simulation for the timestamp series approach. The simulation shows that it works with a small false-positive rate in simple roadway architecture. Copyright

Peer-to-Peer Botnets

A botnet is a network of computers that are compromised and controlled by an attacker. Botnets are one of the most serious threats to today’s Internet. Most current botnets have centralized command and control (C&C) architecture. However, peer-to-peer (P2P) structured botnets have gradually emerged as a new advanced form of botnets. Without C&C servers, P2P botnets are more resilient to defense countermeasures than traditional centralized botnets. In this chapter, we systematically study P2P botnets along multiple dimensions: botnet construction, C&C mechanisms, performance measurements, and mitigation approaches.

Distributed certificate and application architecture for VANETs

Privacy, authentication, confidentiality and non repudiation are the most desired security attributes for all vehicular ad hoc network (VANET) applications. A lot of solutions have been presented to address these issues. However, they are mostly dependent on centralized certificate architecture and some sort of hardware-based security. These solutions are expensive to carry out and lack the incentive for both users and service providers to deploy, which make them especially difficult to be implemented during the important initial deployment stage of VANET. In this paper, we present a distributed security architecture for VANET that does not rest on expensive security hardware or elaborate security infrastructure. The architecture can be incrementally deployed, facilitating small companies to jump in the VANET business, and can fill the void during the VANET initial deployment phase. Our solution is based on spatial and temporal restricted certificates, which are issued upon users request and can be used for various VANET applications. Due to the restricted nature of these certificates, the certificate revocation process is simple and efficient, which solves another drawback of existing solutions.

Pseudo Randomized Sequence Number Based Solution to 802.11 Disassociation Denial of Service Attack

Wireless local area networks (WLAN) provide network connectivity and flexibility at a very low cost. Last two decades have seen the exponential growth in this area. Institute of Electrical and Electronics Engineers (IEEE) ratified IEEE standard 802.11 in 1999, which is the defacto wireless standard. Security flaws were soon detected in this standard, and as a result amendments / enhancements were introduced. IEEE 802.1 li a security enhancement, was ratified in 2004. It was designed to address wireless security issues however it also has some flaws and fails to achieve desired objectives especially availability. Unauthenticated management and control frames open the vulnerability of identity theft and are the main cause of Denial of Service (DoS) attacks. Spoofed disassociation messages can successfully be used to launch DoS attacks. In this paper we have explained the Spoofed disassociation DoS attack and proposed a robust solution to this attack.

Long-term reputation system for vehicular networking based on vehicle's daily commute routine

A vehicular network must ensure a trust relationship among participating “smart vehicles” (vehicles installed with wireless network devices) and roadside infrastructure in order to maximize the benefit provided by the network. In this paper, we present practical ways to provide reliable reputation scores for vehicles in a vehicular network. Because in most of the time, the majority of people drive their vehicles locally for their daily commute (to work places, schools, daycares, superstores, etc), most vehicles have their predefined constant daily trajectories. Based on this phenomenon, roadside infrastructure could rely on repeated daily observations of the same set of passing-by vehicles to build long-term reputation scores for these local “community” vehicles, in the similar way as the reputation built-up for people in a club or a church community. The proposed scheme does not require sufficient density of smart vehicles and only requires each smart vehicle has one secret and verifiable certificate. These features make it especially suitable for the initial deployment stage of vehicular network when the penetration rate of smart vehicles is very low and vehicle-based public-key infrastructure is not mature.

Secure traffic data propagation in Vehicular Ad Hoc Networks

In vehicular ad hoc network, vehicles can share traffic/emergency information. The information should not be modified/manipulated during transmission without detection. We present two novel approaches to provide reliable traffic information propagation: two-directional data verification, and time-based data verification. The traffic message is sent through two (spatially or temporally spaced) channels. A recipient vehicle verifies the message integrity by checking if data received from both channels are matched. Compared with the popular public-key based security systems, the proposed approaches are much simpler and cheaper to implement, especially during the initial transition stage when a mature VANET network infrastructure does not exist.

An economical, deployable and secure vehicular ad hoc network

With the significant development of wireless technologies, vehicular ad-hoc network (VANET) has gradually become the killing application for automobile industry. Many VANET systems have been developed in recent years. However, the majority of them have the assumption that all or most vehicles have wireless communication devices installed along with an elaborate road side infrastructure. This assumption is not true for the critical and long transition period when only a small portion of vehicles will be equipped with wireless communication devices (we refer them as smart vehicles) and limited roadside infrastructure will exist. In this paper, we present an economical, scalable and deployable VANET system design that could facilitate the gradual deployment of wireless communication among vehicles. Economical roadside service units (RSSU) that do not need expensive Internet access (especially in rural areas) can be incrementally deployed along critical road sections. They behave as traffic information storage and relay points to serve any passing by smart vehicles, while smart vehicles report/receive traffic information to/from RSSUs and relay information between RSSUs. In addition, RSSUs provide strong but economical information assurance to VANET similar to the public-key base Internet Web service-RSSUs behave like Web servers with certificates and vehicles behave like client computers. In this way, the mature Internet-like public-key infrastructure can be directly deployed in VANET without requiring digital certificate for every smart vehicle, which is complicated to manage and very expensive considering the huge vehicular population. We show that we can achieve connectivity with a high degree of confidence with a small number of smart vehicles and few RSSUs.