Accountable, Scalable and DoS-resilient Secure Vehicular Communication
Hongyu Jin, Panos Papadimitratos
TL;DR
The paper tackles the vulnerability of secure vehicular communication to clogging DoS attacks that exploit the need to cryptographically verify a high volume of CAMs/DENMs. It introduces a DoS-resilient verification framework that extends pseudonymous VC with message verification facilitators, cooperative/self-chained verification, and event-driven verification to prioritize potentially valid messages while preserving non-repudiation. The scheme features hash-chain based one-time keys, two verification queues, and cross-checking among verifiers to detect misbehavior, delivering fast verification even under attack and enabling efficient DENM verification. Quantitative evaluation via realistic simulations demonstrates improved beacon verification latency, lower expiration ratios, and robust DENM/event-driven dissemination, while providing mechanisms to detect and evict malicious nodes. The approach offers practical resilience for VC systems across varying network conditions and future higher-bandwidth vehicular communications.
Abstract
Paramount to vehicle safety, broadcasted Cooperative Awareness Messages (CAMs) and Decentralized Environmental Notification Messages (DENMs) are pseudonymously authenticated for security and privacy protection, with each node needing to have all incoming messages validated within an expiration deadline. This creates an asymmetry that can be easily exploited by external adversaries to launch a clogging Denial of Service (DoS) attack: each forged VC message forces all neighboring nodes to cryptographically validate it; at increasing rates, easy to generate forged messages gradually exhaust processing resources and severely degrade or deny timely validation of benign CAMs/DENMs. The result can be catastrophic when awareness of neighbor vehicle positions or critical reports are missed. We address this problem making the standardized VC pseudonymous authentication DoS-resilient. We propose efficient cryptographic constructs, which we term message verification facilitators, to prioritize processing resources for verification of potentially valid messages among bogus messages and verify multiple messages based on one signature verification. Any message acceptance is strictly based on public-key based message authentication/verification for accountability, i.e., non-repudiation is not sacrificed, unlike symmetric key based approaches. This further enables drastic misbehavior detection, also exploiting the newly introduced facilitators, based on probabilistic signature verification and cross-checking over multiple facilitators verifying the same message; while maintaining verification latency low even when under attack, trading off modest communication overhead. Our facilitators can also be used for efficient discovery and verification of DENM or any event-driven message, including misbehavior evidence used for our scheme.