A tremendous amount of content and information are exchanging in a vehicular environment between vehicles, roadside units, and the Internet. This information aims to improve the driving experience and human safety. Due to the VANET’s properties and application characteristics, the security becomes an essential aspect and a more challenging task. On the contrary, named data networking has been proposed as a future Internet architecture that may improve the network performance, enhance content access and dissemination, and decrease the communication delay. NDN uses a clean design based on content names and Interest-Data exchange model. In this paper, we focus on the vehicular named data networking environment, targeting the security attacks and privacy issues. We present a state of the art of existing VANET attacks and how NDN can deal with them. We classified these attacks based on the NDN perspective. Furthermore, we define various challenges and issues faced by NDN-based VANET and highlight future research directions that should be addressed by the research community.
During the past two decades, research academies and industrials focused their attention on vehicular ad hoc networks (VANETs) [
However, exchanging information and sharing data in VANET under the use of IP protocol have been a challenging task [
Meanwhile, different solutions have been proposed in the literature as future Internet architectures [
Security and privacy are one of the most critical aspects of the whole Internet and not only VANET. Bringing NDN in the vehicular environment has already been introduced in the literature [
Despite the existing efforts on security, most of them did not consider the nature of VANET communication and attacks in their study [
The rest of the paper is organized as follows: in the following section, we discuss the transaction from current host-centric vehicular networks toward the information-centric paradigm and overview the VANET and NDN architecture, focusing on security issues. Then, in Section
ICN is a new communication paradigm that aims to replace the current host-centric model. Shifting from the current IP-based solutions to ICN is not an easy task. Table
Comparison of host-centric and information-centric models.
Aspect | Host-centric model | Information-centric model |
---|---|---|
Addressing | (1) Host addresses | (1) Content name |
(2) DNS for host resolution | (2) No DNS required | |
Routing | (1) Sends packets to the destination address | (1) Uses Interest packets to fetch the data |
(2) Stateless data plane | (2) Stateful data plane | |
(3) Point-to-point connectivity | (3) Supports multipoint connection | |
(4) Maintains one routing table | (4) Maintains three tables: FIB, PIT, and CS | |
(5) Routing is based only on the next hop information | (5) FIB table contains multiple-hop information | |
Security | (1) Secures the communication channel | (1) Secures the content (content-based security) |
Caching | (1) No caching concept | (1) Buffers data packets and reuses them |
Mobility | (1) Resends packets to destination addresses | (1) Uses in-network caching and fetches data packets from the most convenient cache point |
Vehicular ad hoc network (VANET) [
As in any communication domain, security requirements in VANET should guarantee authentication, nonrepudiation, integrity, data availability, and confidentiality [
Named data networking (NDN) [
Every NDN node maintains three data structures: content store (CS), pending interest table (PIT), and forwarding information base (FIB). The CS maintains the locally cached data that can be served for future requests, while the PIT is used to track the received Interest packets, aggregate them, and forward the Data packet downstream. It maintains
Interest packets are triggered by consumers to discover the content in the network that can be satisfied by either a replica node or the original content producer, where a Data packet is used to deliver the content. Thus, the NDN working principle can be divided into two phases: Interest forwarding and Data forwarding, as illustrated on the right side in Figure
NDN-based VANET.
It is important to highlight here that all NDN components (CS, PIT, and FIB) are involved in the Interest forwarding phase, while only PIT and CS are used in the Data forwarding.
Preserving data security and preserving user privacy are the most important aspect of any of the today’s network architecture and protocol [
Due to the change of user and application requirements in today’s Internet, NDN aims to improve the network scalability and reliability. Towards this, various efforts have been shown tending to bring NDN to vehicular environments [
NDN offers a clean, simple, and scale design that can support a large amount of content exchange among vehicles and with infrastructure. Hierarchical NDN names provide a wide addressing range that can be customized by network designers and carry different application semantics [
The clean content discovery and data delivery mechanisms in NDN make it a suitable solution for VANET [
The time and location decoupling concept in NDN enhances the data availability and improves the overall network performance [
NDN is a session-less architecture, where no session is required to fetch the content from producers or cache store. Also, all security mechanisms are applied to the content itself, by binding the content with its name using the public-private key concept. Hence, securing the communication channel in NDN is not an issue [
By using only the content name to fetch content from the network, NDN aims to enhance node mobility [
By moving from a host-centric model to the information-centric concept and using NDN as the primary communication model in VANET, most of the traditional networking aspects will be changed. This also leads to changes in the security and privacy concerns [
Despite the efforts shown in the NDN project and the research contributions, different security issues still exist in NDN [
As the network layer takes the responsibilities to satisfy the consumer requests via the ubiquitous in-network caching, different attacks may be launched from different network layers and entities for various goals such as interest flooding attack (due the use of content name), content poisoning attack, and cache poisoning/pollution attack (in-network caching). Hence, the NDN layer should tackle DoS attacks and validate the requested content name.
The content name is the pillar element in ICN/NDN. All network-layer functionalities such as routing, forwarding, mobility, and security are based on the content name. The security of names reflects the network security. In NDN, content and name are bound and validated using the cryptographic function (e.g., public key and signature). Using this secure binding may prove the content ownership. However, in a large-scale network, content may be assigned to different names, which will affect the network scalability especially the routing plane. Thus, a secure control plane to assign names and validate content ownership is required.
Despite the clean NDN architecture design, some security issues may occur. As NDN communication is based on content name where no host addresses are included, the use of one single interface such as a wireless interface on a vehicle or another device may create a problem of looping in both Interest and Data packets. Even adding a sequence number may solve this problem, however, and according to in-network caching, any node in the network may satisfy the demands. Assuming a malicious node receives all other demands because of the explicit broadcast, it can reply with false content and satisfy these demands, and other nodes in the same rang will receive the Data packets, that by consequence remove the PIT entry where the correct data will be considered unsolicited and dropped by the NDN forwarding plane. In such a scenario, the original requester receives wrong data and will never receive the correct content. Another issue can occur on a node with multiple interfaces: as the Data forwarding plane involves only PIT, a Data packet can be delivered from an interface not indexed in the FIB table but valid on the PIT. Malicious nodes may use this vulnerability to purge all demands on PIT.
NDN can be deployed in three different modes: (a) overlay mode: running NDN on top of the TCP or IP protocol as an overlay layer; (b) coexistence with IP: a node may use the two stacks IP and NDN; and (c) clean-slate mode that consists of running NDN directly. The security of each mode depends on the security of the layer (e.g., IP or TCP). However, to show the real performance of NDN, a clean-slate deployment is required.
In the following sections, we classify VANET attacks into three categories: infrastructure attacks, content protection and access control, and content and user privacy. We overview each attack from both VANET and NDN perspectives and provide a review of existing solutions available.
Protecting the infrastructure will by consequence provide high availability and resilience by guaranteeing that only the accurate data are available. Although NDN does not address the hosts directly, securing the infrastructure hosts and endpoints is intuitive, as they are responsible for providing the content. Furthermore, as NDN allows a distributed content caching, this by consequence will increase the content availability and mitigate DoS attacks, which is not always applicable in case of dynamic content that may be generated dynamically only by its original provider.
Denial of service (DoS) attack [
As NDN deals with content names instead of IP addresses, DoS attacks are based on the use of names [
Figure
Denial of service attack.
A malicious vehicle sends a storm of different Interests asking for different content names, as RSU does not have the content, and it forwards the request and creates a new PIT. Because of the huge number of malicious Interests, the PIT is fitted, where a legitimate vehicle cannot send more requests, and may not benefit of the cache capabilities of the RSU or event forwarding its requests to other nodes. The attack is more severe when it comes to sensitive and urgent communications that may affect people’s life.
Various countermeasure solutions have been proposed to overcome and mitigate DoS attacks, by using either rate-limiting mechanisms (e.g., per face or per name-prefix) [
Another dangerous attack, shown in Figure
Black-hole attack.
In a nutshell, NDN uses a name-based forwarding scheme to forward the requests and deliver data back to consumers. Solving the black-hole and gray-hole attacks can be achieved either by securing the forwarding plane itself or by using secure namespaces to forward name-prefixes that do not exist in the FIB table. Furthermore, as the NDN forwarding plane forwards Interest/Data packets without knowing who is requesting or who will serve, these attacks may not affect VANET-based NDN even by announcing that they have the best route. However, as NDN uses hierarchical names to identify content and services, a malicious node can easily monitor the forwarding system and filter based on content names that allowed and denied packets, which makes these attacks hard to solve in such cases especially when a group of malicious vehicles launches the attack.
The wormhole attack consists of creating a tunnel between two or more collaborative malicious vehicles, aiming to record and transmit data packets between them. Similarly to the black-hole attack, malicious vehicles engage other neighbor vehicles about the link between them as the best path to fetch the data instead of using the original trust path. After malicious vehicles receive packets from victim vehicles (Figure
Wormhole attack.
In man-in-the-middle attack, a malicious vehicle in the communication path keeps listing to all traversed information and injects false information between vehicles. This attack, as shown in Figure
Man-in-the-middle attack.
Thanks to the content-based security, all information is signed by the original producer during its creation, and any changes in the data payload during the communication will be exposed to changes in the original signatures [
In this section, we have reviewed the existing VANET attacks that may affect the network infrastructure including DoS, black-hole, wormhole, gray-hole, and man-in-the-middle attacks. We found that because of using the content name instead of host addresses, many issues can be overcome, especially when binding the content name with the shared information. Also, providing content security at the packet level enhances the communication security.
As each Data packet is self-signed in NDN, content requesters verify the content signature before consuming the content. Signature verification can also be done by intermediate nodes. However, it will cost more overhead and communication delay. The content signature may ensure
In this type of attack, a malicious vehicle may generate false or wrong information and send it to the network in order to manipulate other vehicles. We find other attacks that can be classified as bogus information attacks, such as the following:
Bogus information attack is usually associated with authentication security conditions, which is an easy task to deal with NDN, as the content is protected and authenticated at the packet level with a secure content-name binding of mechanisms based on hashing techniques and public-private keys.
In the replay attack, a malicious vehicle saves a copy of the message and resends it later in the network in order to deceive other vehicles, making unnecessary stopping. As NDN is a cache-based network, this attack can be overcome by using the content name and checking the lifetime value in Data packets to know the data freshness, compared with the requested content.
Most of the existing NDN attacks related to content in VANETs can be solved by following the content-based security concept. Indeed, securing the content after its creation helps the content security life cycle. Also, when securing the content, access control rules and policies can be used to enforce who can access the content. Moreover, a robust trust model with the validation system is required in NDN to enforce content security and mitigate false content created by malicious nodes.
Regardless of the content protection level, the user and content privacy still can be compromised in NDN, especially by using plain-text names. Any malicious node may receive the traversing requests and data back. By monitoring the content names, attackers can create a fake content and cache it in any near cache store, that by consequence will be served for future requests.
Sybil attack is considered as one of the most dangerous attacks in VANETs, where the malicious vehicle acts that it is more than a hundred vehicles by creating chaos and a large number of pseudonymous as shown in Figure
Sybil attack.
NDN binds content names using cryptography algorithms such as public-private keys that may secure the binding and outdo these issues. Furthermore, distributed solutions such as blockchain can be applied to enforce the content-name binding and preserve content and user privacy.
In timing attacks, the malicious vehicles do not forward the emergency messages and information at the right time (Figure
Timing attack.
Snooping is a passive attack, where the malicious vehicle accesses the content and information that traverse it, in order to use it for its benefits without modification. However, as the content is secure and signed, using cryptographic hashing techniques, when it has been created, only legitimate users can access it. Hence, snooping attack may not have an effect on VANET-based NDN.
Content and user privacy issues are presented in this part. Content privacy can be preserved using the content-name-binding mechanisms, and more investigation is required in such a context. Also, due to the illumination of host addresses, monitoring attacks can be decreased. The only issue that can occur because of NDN names is the caching-related attacks. Finally, serious solutions and secure forwarding schemes are required to overcome the timing attacks.
Based on the presented security attacks and issues and their relation with NDN, in the following section, we identify several NDN research directions that may enhance and improve the security of the NDN architecture. Table
Summary of issues and research directions.
Category | Attacks | Compromised services | Target NDN aspects | Possible directions |
---|---|---|---|---|
Infrastructure protection | DOS | (1) Authentication |
(1) Routing and forwarding plane | (1) Interface-based rate limit |
Black-hole and gray-hole | (1) Availability | (1) Routing and forwarding plane | (1) Securing the forwarding plane | |
Wormhole | (1) Confidentiality | (1) Data packets | (1) Use of content names instead of device identifications | |
Man-in-the-middle | (1) Authentication |
(1) Data packets |
(1) Content-based security mechanism | |
|
||||
Content protection | Bogus information | (1) Authentication |
(1) Data plane | (1) Securing the content using cryptographic hashing techniques and public-private keys |
Replay | (1) Authentication |
(1) Data packet |
(1) Fetching content from the cache store based lifetime | |
|
||||
Content and user privacy | Sybil | (1) Authentication |
(1) Routing and forwarding plane | (1) Securing content-name binding |
Masquerade | (1) Authentication |
(1) Routing and forwarding plane | (1) Preserving blockchain-based identity | |
Timing attack | (1) Availability | (1) Data packets |
(1) Securing the forwarding plane | |
Snooping attack | (1) Authentication | (1) Data packets | (1) Applying content-based security mechanisms |
Solutions based on limiting Interest rate on the malicious interfaces or based on name-prefixes may end by punishing legitimate consumers and authorized requests. Hence, using the software-defined networking (SDN) approach [
The purpose of this attacker is to fill the node’s cache stores with fake contents. All the existing solutions require performing a data packet signature verification at the intermediate nodes level, that affects the content retrieval delay; comparing content hash with the hash taken from the corresponding Interest may reduce the network scalability, or ranking the content using consumers’ feedback, where attackers also have the chance to send malicious feedbacks.
Providing a secure naming scheme is still an open research challenge for ICN and NDN. A secure naming scheme should ensure an efficient and scalable binding between the name and the content that may avoid various types of attacks. All the existing binding schemes require signature verification for each and every data packet. This process is costly in terms of resources, as well as affects the data retrieval delay, where an intermediate node cannot perform it at the line speed rate.
The main objective of the caching pollution attack is to diminish the operation of in-network caching and augment content retrieval latency. The existing solutions have a high computation overhead at intermediate nodes. We consider a collaborative caching scheme a suitable solution to help the core network to mitigate this attack by exchanging feedback between cache stores, keep only the popular content, and reduce the nonpopular ones.
Preserving the SoC and content copyrights is one of the most critical privacy topics in the whole networking domain and not only ICN [
Several application-level security mechanisms have been proposed in ICN such as the following: (i) request filtering that intends to identify and remove the unwanted or forged content from untrusted providers, by using provider’s information (e.g., public keys and name-prefix) and consumers’ votes for content ranking. (ii) Anomaly detection aims to detect unwanted activities or network misbehavior, using statistical data analyses, fuzzy detection algorithms, and traffic clustering. However, there is no all-in-one scheme that deals with the existing application-level threats or discusses the design patterns for a secure application in ICN, which is a strong future research topic.
NDN architecture is a suitable candidate for the future Internet, including vehicular communication. Deploying NDN on top of VANET is still in the early phase. Security and privacy issues have a strong impact on the success of such merging. This article addresses the major networking security and privacy issues in VANET from the perspective of the NDN communication model. The nature of VANET communication and applications changes the way of seeing security; also, adding the NDN model on VANET makes the task more challenging. We categorized VANET security challenges and discussed them from the NDN perspective. Also, we highlighted different NDN research directions and guidelines.
The authors declare that they have no conflicts of interest.
This work was supported by the Hankuk University of Foreign Studies Research Fund of 2018 and National Research Foundation of Korea (2017R1C1B5017629).