A New Approach towards Creation of List of Malicious Nodes in VANETsDr. Sapna Gambhir

Department of Computer Engineering, YMCAUST,

Faridabad, Haryanasapnagambhir@gmail.com

MeghaDepartment of Computer Engineering,

YMCAUST, Faridabad, Haryana

meghvashist@gmail.com

Abstract- The Vehicular Ad – Hoc Networks (VANETs) were introduced with the main aim to enhance the road safety and traffic efficiency by providing the information

related to the road environment in real time. In VANETs, the vehicles on road create a network on fly. These vehicles are mobile nodes and form a network according to requirement say in case of emergency. The safety-critical information can be accessed and disseminated to other nodes through some wireless link. The information flowing in this network must be secured enough because drivers in assistance make crucial decisions on the basis of the received information. The authentication scheme allows the verification of vehicles which are forming a network for efficient communication among them. Safety can only be achieved if the vehicles participating in communication are reliable or messages announced by vehicles are reliable. And nodes behaving malicious should also be traceable. Our analysis of various authentication schemes indicates that most schemes did not achieve vehicle authentication as well as message authentication and did not support creation of certificate revocation lists (CRLs). These observations lead to construction of new authentication scheme including a new approach towards the creation of list of malicious nodes in VANETs based on the formation of clusters of vehicles.

Keywords: VANETs, Cluster Head, Mobile RSU (RSUM).

I. INTRODUCTIONThe Networks that are formed without any centralized or pre-established infrastructure are termed as ad-hoc networks. They may use multi-hop radio relay. A core type of ad-hoc network is a mobile ad-hoc networks (MANETs) [1] in which mobile nodes can directly communicate with each other if a contact occurs between them. Thus, mobile nodes require cooperation of each other for successful communication. VANETs are commercial instantiation of MANETs in which communication nodes are vehicles. In near future vehicles are expected to be equipped with

intelligent devices and radio interfaces termed as On-Board Units (OBUs) which are used vehicle-to-vehicle(V2V) and vehicle-to-infrastructure(V2I) communication [4]. An On-Board unit is equipped with a network devices following IEEE 802.11p standard. And this network device will be responsible for communication. The main functions of OBUs are wireless radio access, geographical ad-hoc routing, network congestion control, reliable message transfer, data security and IP mobile support. Road side units (RSUs) are physical devices situated along roads or highways or at some dedicated locations. These are also equipped with networking devices based on IEEE 802.11p. Some of the main features of RSUs to provide internet connection to the OBUs extend the communication range by re-distributing the information to other OBUs, run safety applications and acts as information source. As vehicles form networks they will some of the same security threats as other networking devices. This include sending of fake warning signals to the driver and rob, deactivating the brake system or disrupt with other vehicle accessories such as airbags, Global Positioning System (GPS) or headlights. Car hacking was a crucial topic in Defcon 21[6] held in Las Vegas in 2013. A car hacking code was also released. Security breach on a vehicle could pose a threat, make them vulnerable and causes potential harm. In general, security is concerned with the protection against malicious manipulation of vehicles and network system and privacy preservation of vehicles. These aspects play an important role when designing and implementing such applications. Hence the security of this category becomes mandatory.In initial stage, when Dedicated Short Range Communications (DSRC) technology [15] was deployed then two wirelessly capable vehicles that are not in each other’s vicinity may communicate through cellular networks, satellite, Wi-Max etc. Thus infrastructure acts as link for vehicle to vehicle communications. Thus special Road Side Units (RSUs) becomes an attractive solution for providing infrastructure support. As RSUs becomes

a promising solution for improving V2V communication but the cost of manufacturing, installing and maintaining becomes a major obstacle for large scale deployment of RSU. Thus, a new scheme has been proposed to leverage the existing DSRC-equipped vehicles to be used as mobile RSU instead of fixed infrastructure based RSU. The proposed authentication scheme uses mobile RSUs for communication. Common authentication schemes use public key infrastructures with centralized certification authority which is hard to deploy. The proposed scheme evaluates the security concept based on distributed certificate facility. A communication network is divided into cluster. Certificate Revocation List (CRLs) are also not prepared or broadcasted by some central authority (CA), instead CRLs will be prepared by either the cluster head or by the mobile RSUs.In this paper, new authentication scheme is presented and evaluation has been done in detail. The rest of the paper is organized as follows: In section II, the literature review is performed. In section III the newly proposed authentication scheme has been discussed followed by the simulation results of the proposed scheme in section IV. In the last section the paper is concluded with the future work of the proposed scheme.

II. LITERATURE REVIEWIn [8], the security challenges faced in VANETs are defined and also that PKI can be effectively used to secure the messages broadcasted in VANET and also to authenticate the nodes in VANETs.In [9], authors use classical PKI for the authentication of the nodes. In the classical approach each vehicle has large set of anonymous certificates. And this set of certificates is so huge that it can be used for almost one year. And then during the annual inspection each vehicle get updated list of certificates. In this approach if user wants to check for single other user then it must revoke complete set of certificates that becomes its major drawback.In [10], authors have proposed an Efficient Certificate Revocation List Organization which reduces the size of CRLs. It uses certificate id to check the CRLs which get turned into lightweight mechanism for CRL checking. A bloom filter is a data structure that is used to store certificate Ids which again reduces the time of searching, because searching in bloom filters have non zero but very small rate of searching.In [11], authors have stated an efficient pseudonymous authentication scheme with strong privacy preservation (PASS), CRLs in PASS are linear in size with number of revoked vehicles. PASS supports Roadside Units aided distributed

certificate service that allows vehicle to update their certificates while moving on road. In this strong privacy of vehicle is also maintained so that eavesdropping can’t be possible. It has less overhead of updating the certificates on road other than traditional pseudonymous authentication schemes.

III. THE PROPOSED SCHEMEThe proposed scheme is based on the hierarchical structure. The vehicular nodes are divided into the group of interested and uninterested vehicles. Mobile RSUs are defined as infrastructure less vehicles having the DSRC equipped devices. A network is formed when an interested vehicle comes in the vicinity of the mobile RSU. In the proposed scheme, among various interested vehicles, mobile RSU selects a vehicle as a cluster head (CH) on the basis of certain parameters. This CH will initiate the communication and ask other interested vehicles to participate in the network. The CH will only forward the message to other CHs or the mobile RSUs. Messages get broadcasted only to single hop. A connected vehicular node can transmit any information to other connected vehicular network in form of beacons. The CH and mobile RSU will maintain the table of the nodes to which they are communicating. The proposed scheme is divided into two phases-network setup phase, communication phase.In network setup phase, whenever the vehicular node comes in the vicinity of any mobile RSU (RSUM) and showing interest to form the network sends the request for certificate i.e., CertREQ packet to RSUM. The format of CertREQ packet is shown in Fig 1.1. The requesting vehicle will send its VIN and location so that verification can be performed by the RSUM.

64bits 32 bitsFig1.1 CertREQ Packet

When RSUM receives the request from multiple vehicles, it calculates the distance between every requesting vehicle and itself. Then compares all the distances and consider the minimum distance vehicular node with itself as Cluster Head (CH) and assigns the certificate. The format of the CertREP is given in the Fig 1.2

64 bits 6 bits 20 bitsFig 1.2 CertREP Packet

RSUM stores the local information of CH into its table. The format of table is shown in Figure 1.3.

Vehicle Identification LocationNumber (VIN)

Vehicle Identification Life UniqueNumber (VIN) time of Pair

Certificate Key

VIN (RSUM) Unique Pair Key Assigned

Figure 1.3 Table format of RSUM

Once after receiving the certificate from the RSUM

and becoming the cluster head (CH), the CH now initiate the communication and broadcast the CREQ packet to other vehicular nodes. The format of CREQ is shown in Fig 1.4.

90 bits 4 bits 6 bitsFig 1.4 CREQ Packet

In this packet, the range of prime numbers is used in order to know the number of vehicles a single cluster head (CH) can handle. To get connected with the CH, VN will send the CREP packet. The format of CREP packet is shown in Fig 1.5.

64 bits 4 bits 32 bitsFig 1.5 CREP packet

After verified the local information like the VIN, prime number allocated will get stored into the table maintained by CH. The format of the table is given in Fig 1.6.

VIN (RSUM) Prime No. Allocated

Fig 1.6 Table format of CHOnce the network is formed, the vehicular node (VN) can communicate only to the CH and CH on the other hand can communicate to the RSUM. In communication phase, the actual transmission of the messages created by the either the cluster head (CH) or by the vehicular node (VN) is done. It is pre assumed that in VANETs all the messages like the safety-critical messages will get broadcasted to single hop. Any vehicular node (VN) will create the message on the occurrences of safety critical event. The VN will create the message in the given format. The format is given in Fig 1.7.

96 bytes 6 bits 4 bits 22 bitsFig 1.7 Message Format

The size of the message gets reduced in this proposed scheme. Here the vehicle which is transmitting the message adds its prime number in second field which will be used while authentication of the node and to know the CH to which a particular node is connected in case of more than one CH in the vicinity of the VN. Unique pair key will be used only when CH wants to transmit some message to nearest RSU and act as a unique number to differentiate the recipient RSUM from other RSUMs in the vicinity. And

timestamp added here adds the freshness to the message. It will automatically remove the old messages from the channel to reduce the load of the channel.The number of proposed algorithms for the implementation of authentication scheme is defined in sequence in next section.

III.II Proposed AlgorithmsThe detail working of the algorithms are according to the network setup and communication taking place between the nodes that can be either RSUM or the CH or the VN. The algorithms used during the phases of network setup and communications are explained below:A. Cluster head Selection algorithm implemented

by RSUM This algorithm is used to select the cluster head in VANETs by RSUM. In this algorithm some notations were used and input and output are mentioned in the Fig 1.8. The algorithm takes the coordinates of the RSUM and number of nodes than gives the CH by calculating the distance of every VN with itself and then comparing it. It also gives the Certificate allocated to the CH and the table formed by the RSUM.B. Algorithm for Creation and maintenance of

cluster implemented by Cluster Head The algorithm given in Fig 1.9 is for the creation of cluster by the cluster head i.e., adding the vehicular nodes and forming a cluster. On the other hand, maintenance of cluster means re-clustering is also done if cluster head (CH) can no longer act as cluster head and passes the hold to other legitimate vehicular node is shown in Fig 1.10.C. Algorithm for the creation of CRLs and

Malicious Node Detection implemented by RSU and Cluster Head

The algorithm shown in Fig 1.12 is to create the Certificate Revocation List by RSUM and Cluster Head. In this algorithm to detect the malicious node (MN), the locations of the requesting vehicular nodes will be checked against each other. Two vehicles with different VIN can’t have the same location at the same time in terms of coordinates of GPS. If this condition gets validated then either of the two nodes is acting as malicious. D. Message authentication algorithm

implemented by Cluster Head The algorithm is used to do the message authentication and will get implemented by cluster head and given in Fig 1.10. To perform the message authentication, it is assumed that the CH is preinstalled with the hash values using MD-5 of the messages. The CH will calculate the hash value of the received message and then compare it with the predefined values, if the results violates than the message is declared as fake and get rejected. The VIN of the sending VN will be entered into the CRL of CH. Also the timestamp of the message

Certificate Unique Pair Key Prime No Range

Vehicle Identification Chosen LocationNumber (VIN) Prime No.

Message Prime No. Unique Timestamp Selected Pair Key

will be checked so that in case of old message floating on the channel can get rejected. The MN node can send replicated message then the frequency of message is checked and if it is greater than the predefined frequency than also the messages are replicated mes sages or fake messages.

Fig 1.8 Algorithm For CH Selection

Fig 1.9 Algorithm for Cluster Formation

Fig 1.10 Algorithm For Re-Clustering

Fig 1.11 Algorithm For CRL Creation

Fig 1.12 Algorithm For Message Verification

IV. SIMULATION AND RESULT ANALYSIS

The proposed work is simulated in MATLAB RELEASE 2010a by creating the vehicular nodes. These nodes form the vehicular network. The nodes are randomly deployed and other simulation parameters taken are given in Table 1.1.

Table 1.1 Simulation Parameters

Fig 1.13 shows the formation of the link between the RSUMs, Cluster head, and the OBUs. The red color nodes are interested nodes, Green ones are RSUM and black ones are the selected cluster heads.

Fig 1.13 Formations of Clusters

Fig 1.14 shows the throughput received by the proposed scheme. The graph shows that the throughput achieved by the proposed scheme is much better than the existing schemes. The number of OBUs present and the number of the cluster head affects the throughput.

Fig 1.14 Throughput Graph of Proposed schemeFig 1.15 shows the average packet loss ratio. The total number of the packets generated by the RSU and the total number of packets received by the OBUs are another important factor for the performance analysis. According to the graph analysis, the packet loss ratio may vary according to the number of OBUs interested and number of malicious nodes.

Fig 1.15 Average Packet Loss Ratio GraphFig 1.16 shows the average end to end delay. For the proposed scenario, the message will be disseminating at every 300msec.End to End delay is defined as the time taken by the message to receive by the receiver. In the graph the end to end delay is in msec with density of the OBU is in hundred. After analyzing the graph it has been

determined that with the increase of the OBU density the delay also increases.

Fig. 1.16 End To End Delay Graph

IV.II RESULT ANALYSIS OF PROPOSED SCHEME

The Proposed scheme is compared with the existing scheme of authentication in VANETs on the basis of parameters like the message size which must be small because of memory limitations in VN, security bits which if taken large increases the overhead, encryption technique which increases the time complexity, CRL creation and other quality of service parameters like throughput are given Table 1.2.The comparison shows that the proposed scheme is effectively much efficient as compared to the other existing schemes. The computational complexity of the proposed scheme is much lesser than the other scheme.

Table 1.2 COMPARISON TABLE

V. CONCLUSION AND FUTURE SCOPEThe schemes which are based on Public Key Infrastructure (PKI) are most prevalent for security services of vehicular networks. However, there are many limitations in secure messaging using PKI based schemes. The computational complexity of the PKI based scheme are much high as compared

COMPARISON BETWEEN EXISTING AUTHENTICATION SCHEME AND PROPOSED SCHEME

PROPOSED SCHEME

EXISTING SCHEME

MESSAGE SIZE 100 bytes 300 bytes – 400 bytes

SECURITY BITS OVERHEAD

90 bits 128 bits

ENCRYPTION TECHNIQUE

None(No Overhead added)

Public/Private Encryption(Increases Overhead)

CRL CREATION Yes (Distributed fashion)

No(Download from CA)

THROUGHPUT High Low

ATTACK TYPE Malicious node detection

Gray hole attack, Black hole attack

MESSAGE AUTHENTICATION AND ENTITY AUTHENTICATION

Supports both

Either message authentication or entity authentication

to the symmetric based approach. The time complexities of much of the authentication protocols are very high because most of the authentication protocols use bilinear pairing which is very expensive function in case of VANETs. The newly proposed scheme introduces the concept of the using certain type of vehicles as mobile RSUs (RSUM). Those vehicles will be having high computational power and storage space then other vehicles. This reduces the installation cost of the infrastructure based RSUs. The issue of computational overhead due to large scale of nodes in communication has been processed by using this concept of cluster formation. The main objective of the proposed work presented is to do the authentication of the entities as well as of the messages and then detect the malicious node. This concept is not present in the existing authentication schemes. In the proposed scheme the CRLs will also be formed by the CH and RSUMs instead of some central authority which additionally reduces the overhead of downloading the CRLs. The proposed scheme has used original VIN number which can’t be tampered in normal conditions and which can’t also reduce the overall message size.The message size and the security overhead also get reduced in the proposed scheme. The throughput gets better in the proposed scheme as compared to the existing schemes. Most of the scheme uses heavy cryptography based systems for encryption and decryption but the proposed scheme has used very high weight prime number concept which maintains the privacy concept when one vehicle sends data to another vehicle. The performance evaluation of the proposed schemes shows that the schemes are better candidate to enhance the security than the other protocols. The future scope of the proposed scheme is defined as the vehicles are divided into interested and uninterested vehicles. In order to make maximum vehicles as interested vehicles, the cluster head can make them greedy by giving them some beneficiary incentives on joining the network. The revocation of the malicious node in the proposed is non-time-critical but the problem with most of the malicious node is that they can attack the network and then after some time can become benign and thus it becomes hard to locate the actual attacker. Thus the revocation of the malicious node must be time critical.

VI. REFERNCES[1] Imrich Chlamtac, Marco Conti, and Jennifer J Liu,

“Mobile Ad Hoc Networking:Imperatives and Challenges.

Ad Hoc Networks”, Jul 2003.

[2] Jeroen Hoebeke, Ingrid Moerman, Bart Dhoedt, and Piet

Demeester, “An Overview of Mobile Ad Hoc Networks:

Applications and Challenges”. The Communications

Network, 2004.

[3] Stephan Eichler, “Security Challanges in MANET-based

Telematics Environments” In Proceedings of the 10th

Open European Summer School and IFIP WG,Jun 2004.

[4] ETSI - European Telecommunications Standards Institute,

“Intelligent transport systems (ITS); security header and

certificate formats”, 2013.

[5] Peter Ebinger, “Robust Situation Awareness in Tactical

Mobile Ad Hoc Networks”. PhD thesis, Technische

Universität Darmstadt, 2013.

[6] S. Rosenblatt. Car Hacking Code Released at Defcon,

2013. http://www.cnet.com/news/car-hacking-code-

released-at-defcon/, 2014.

[7] Megha, Sapna ghambhir, “Comparative Analysis of

Authentication Protocols in VANETs” in National

Conference on Role of Science and Technology towards

Make in India, RSTTMI-2016.

[8] Megha, Sapna Gambhir, “Security Issues and Challenges

in Vehicular Ad Hoc Networks (VANETs)” in

International Conference on Advancement in Electrical,

Electronics & Computer Engineering (E2CE), 2016.

[9] M. Raya and J.-P. Hubaux, “Securing Vehicular Ad Hoc

Networks,” J. Computer Security, 2007.

[10] Haas, J.J., Yih-Chun Hu , Laberteaux, K.P , Efficient

Certificate Revocation List Organization and Distribution,

2011.

[11] Y. Sun, R. Lu, X. Lin and X. (Sherman) Shen, “Fellow An

Efficient Pseudonymous Authentication Scheme with

Strong Privacy Preservation for Vehicular

Communications”.

[12] Sourabh Sharma and Dr. Sapna Gambhir “PPN: Prime

Product Number based Malicious Node Detection Scheme

for MANETs”, in proceeding of IEEE 3rd

Advance Computing conference, 2013.

[13] P. Krishna, N. H. Vaidya, M. Chatterjee and D. K.

Pradhan, “A cluster-based approach for routing in dynamic

networks,” ACM Sigcomm Computer Communication

Review, 1997.

[14] Y. Gunter, B. Wiegel, and H. P. Grossmann, “Cluster-

based medium access scheme for VANETs,” in Proc.

IEEE Intelligent Transportation, 2007.

[15] “5.9 GHz North American DSRC”,

http://grouper.ieee.org/groups/scc32/dsrc, 2009.