Rens Wouter van der Heijden

A flexible, subjective logic-based framework for misbehavior detection in V2V networks

Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I) communication aims to increase safety, efficiency, and comfort of drivers. Vehicles periodically broadcast their current status, such as position, velocity, and other information. Received information is stored in a local knowledge base, often called world model, and used for application decisions. Because of the potential impact, V2V communication is an interesting target for malicious attackers. Message integrity protection using cryptographic signatures only protects against outsider attackers. In addition to signatures, misbehavior detection mechanisms comparable to intrusion detection systems (IDS) are needed to detect insider attackers. Given the complexity and large number of foreseen V2V and V2I applications, misbehavior detection cannot be a one-size-fits-all solution. In this paper, we present a flexible framework that can combine a range of different misbehavior detection mechanisms by modeling their outputs using subjective logic. We demonstrate the feasibility of our framework by using a combination of existing detection mechanisms to increase their misbehavior detection results.

SeDyA: secure dynamic aggregation in VANETs

In vehicular ad-hoc networks (VANETs), a use case for mobile ad-hoc networks (MANETs), the ultimate goal is to let vehicles communicate using wireless message exchange to provide safety, traffic efficiency, and entertainment applications. Especially traffic efficiency applications benefit from wide-area message dissemination, and aggregation of information is an important tool to reduce bandwidth requirements and enable dissemination in large areas. The core idea is to exchange high quality summaries of the current status rather than forwarding all individual messages. Securing aggregation schemes is important, because they may be used for decisions about traffic management, as well as traffic statistics used in political decisions concerning road safety and availability. The most important challenge for security is that aggregation removes redundancy and the option to directly verify signatures on atomic messages. Existing proposals are limited, because they require roads to be segmented into small fixed-size regions, beyond which aggregation cannot be performed. In this paper, we introduce SeDyA, a scheme that allows more dynamic aggregation compared to existing work, while also providing stronger security guarantees. We evaluate SeDyA against existing proposals to show the benefits in terms of information accuracy, bandwidth usage, and resilience against attacks.

Redundancy-based statistical analysis for insider attack detection in VANET aggregation schemes

In Vehicular Ad-hoc Networks (VANETs), vehicles exchange messages to enhance safety, driving efficiency, and comfort. The limited wireless channel capacity is a challenge especially for traffic efficiency applications, such as traffic information systems. In such systems, a large number of traffic or road status observations needs to be disseminated quickly to interested vehicles, often via multi-hop forwarding and in a larger geographic area than what is needed for traffic safety applications. In-network aggregation protocols are a viable tool to enhance scalability of such applications. But from a security perspective, they open new attack vectors for insider attackers, because vehicles collaboratively merge and modify messages during dissemination. Moreover, countermeasures using too much communication bandwidth negatively affect scalability. In this paper, we present a bandwidth-efficient protection mechanism for in-network aggregation based on data-consistency checking. We combine data mining techniques to detect false information with a filtering technique for forwarding paths that limits the influence of attackers on aggregated data. Simulation results show that our approach can successfully detect common attacks on aggregation while maintaining bandwidth efficiency.

Insights on the Security and Dependability of Industrial Control Systems

The authors discuss the findings of a recent research seminar on the security and dependability of industrial control systems and provide an overview of major challenges in the field and areas where current research should focus.

Formal Verification of Privacy Properties in Electric Vehicle Charging

Electric vehicles are an up-and-coming technology that provides significant environmental benefits. A major challenge of these vehicles is their somewhat limited range, requiring the deployment of many charging stations. To effectively deliver electricity to vehicles and guarantee payment, a protocol was developed as part of the ISO 15118 standardization effort. A privacy-preserving variant of this protocol, POPCORN, has been proposed in recent work, claiming to provide significant privacy for the user, while maintaining functionality. In this paper, we outline our approach for the verification of privacy properties of the protocol. We provide a formal model of the expected privacy properties in the applied Pi-Calculus and use ProVerif to check them. We identify weaknesses in the protocol and suggest improvements to address them.

A Comparison of TCP Congestion Control Algorithms in 10G Networks

The increasing availability of 10G Ethernet network capabilities challenges existing transport layer protocols. As 10G connections gain momentum outside of backbone networks, the choice of appropriate TCP congestion control algorithms becomes even more relevant for networked applications running in environments such as data centers. Therefore, we provide an extensive overview of relevant TCP congestion control algorithms for high-speed environments leveraging 10G. We analyzed and evaluated six TCP variants using a physical network testbed, with a focus on the effects of propagation delay and significant drop rates. The results indicate that of the algorithms compared, BIC is most suitable when no legacy variant is present, CUBIC is suggested otherwise.

Analyzing attacks on cooperative adaptive cruise control (CACC)

Cooperative Adaptive Cruise Control (CACC) is one of the driving applications of vehicular ad-hoc networks (VANETs) and promises to bring more efficient and faster transportation through cooperative behavior between vehicles. In CACC, vehicles exchange information, which is relied on to partially automate driving; however, this reliance on cooperation requires resilience against attacks and other forms of misbehavior. In this paper, we propose a rigorous attacker model and an evaluation framework for this resilience by quantifying the attack impact, providing the necessary tools to compare controller resilience and attack effectiveness simultaneously. Although there are significant differences between the resilience of the three analyzed controllers, we show that each can be attacked effectively and easily through either jamming or data injection. Our results suggest a combination of misbehavior detection and resilient control algorithms with graceful degradation are necessary ingredients for secure and safe platoons.

Enhanced Position Verification for VANETs Using Subjective Logic

The integrity of messages in vehicular ad-hoc networks has been extensively studied by the research community, resulting in the IEEE~1609.2 standard, which provides typical integrity guarantees. However, the correctness of message contents is still one of the main challenges of applying dependable and secure vehicular ad-hoc networks. One important use case is the validity of position information contained in messages: position verification mechanisms have been proposed in the literature to provide this functionality. A more general approach to validate such information is by applying misbehavior detection mechanisms. In this paper, we consider misbehavior detection by enhancing two position verification mechanisms and fusing their results in a generalized framework using subjective logic. We conduct extensive simulations using VEINS to study the impact of traffic density, as well as several types of attackers and fractions of attackers on our mechanisms. The obtained results show the proposed framework can validate position information as effectively as existing approaches in the literature, without tailoring the framework specifically for this use case.

Context-adaptive detection of insider attacks in VANET information dissemination schemes

Information dissemination is one of the most-discussed applications for vehicular ad hoc networks (VANETs) and other ad hoc networks. To provide dependability for applications, information dissemination must be resilient against different kinds of attacks. Especially insider attackers, which may create valid messages that cannot easily be detected using cryptographic signatures alone, pose a viable threat to information dependability. Many proposals in existing work offer solutions to detect individual attack patterns using data consistency checks and other means. We propose a generic framework that can integrate a wide range of existing detection mechanisms, allows to combine their outputs to improve attack detection, and enables mechanism adaptation based on current attack likelihood. We employ subjective logic opinions, which enable flexible security mechanism output representation, and which we extend to support continuing operation in dynamic networks, such as VANETs. Simulation results show that our framework improves detection accuracy compared to applying individual mechanisms.

Terrorist fraud resistance of distance bounding protocols employing physical unclonable functions

Distance bounding protocols (DBPs) are security protocols that aim to limit the maximum possible distance between two partners in a wireless communication. This enables to ensure locality of interaction between two devices. Despite numerous proposed protocols, recent analyses of DBPs have shown the majority of them to be susceptible to attacks. Most prominent among the unsolved security problems of DBPs is terrorist fraud. This type of attack involves collaboration with a legitimate device, after which the attacker can successfully execute the protocol. We show how terrorist fraud can be prevented by replacing shared secrets - commonly used in classical DBPs - with physical unclonable functions (PUFs). Our new approach can be integrated in all current DBPs with minor modifications. We offer two alternate designs: One utilizing challenge-response PUFs and another using so-called SIMPL systems, a PUF-analogue to public-key cryptography. We use a security model proposed by previous work to demonstrate security of our scheme.