Security in Vehicular Ad Hoc Networks: Challenges and Countermeasures

Recently, vehicular ad hoc networks (VANETs) got much popularity and are now being considered as integral parts of the automobile industry. As a subclass of MANETs, the VANETs are being used in the intelligent transport system (ITS) to support passengers, vehicles, and facilities like road protection, including misadventure warnings and driver succor, along with other infotainment services. %e advantages and comforts of VANETs are obvious; however, with the continuous progression in autonomous automobile technologies, VANETs are facing numerous security challenges including DoS, Sybil, impersonation, replay, and related attacks. %is paper discusses the characteristics and security issues including attacks and threats at different protocol layers of the VANETs architecture. Moreover, the paper also surveys different countermeasures.


Introduction
Aiming at ensuring the safety and facilitating the passengers and driver, the VANETs are getting much popularity and attention from the researchers [1][2][3]. VANETs are the networks of vehicles communication and road infrastructures to extend road safety and infotainment [4]. e wireless sensors are fitted within vehicles, accompanied with positioning devices and maps.
rough On-Board Unit (OBU), the vehicles are connected with road-side units (RSUs) to share intervehicle and vehicle to RSU, the safety related and otherwise information [5,6].
e VANETs consist of short-range communication infrastructure. erefore, the source and destination share information through intermediate nodes. Like OBU, RSU, the trusted authority (TA) is also an entity of the VANETs architecture and is responsible for controlling and supervising the whole network [7,8].
e remaining paper is ordered as follows: Section 2 explains the VANTEs overview in detail and describes the characteristics of VANETs. Section 3 is divided into two parts.
e first part provides detailed security issues in VANETs, the security attacks on the physical layer; the second part presents other security attacks on different layers of VANETs and also describes the protocol layers threat. Section 4 describes the various challenges and solutions in VANETs, and Section 5 concludes the article.

Overview of VANETs
e VANETs architecture contains the OBU, RSU, and TA. ere are two types of communication technologies in VANETs architecture, i.e., (1) vehicle to vehicle (V2V) and (2) vehicle to infrastructure (V2I) communication as shown in Figure 1. V2V contact vehicles converse with one another and exchange the traffic-related information inside the wireless network range [3,9,10]. In such networks, when any unforeseen incident happens, such as accident or traffic blockage on the road, instantly a vehicle sends an alert signal to the other nodes or vehicles in the network suggesting to avoid that particular road or area. e vehicle, employing V2I communication, shares the information with RSU which is part of infrastructure installed on the road. e V2Ibased communication notifies the driver about traffic and weather updates to keep an eye on the nearby environment [3,9,11]. RSU and OBU are registered by a trusted authority [12,13], which is used to keep up and supervise the VANETs system. e road-side unit positions itself on the road for authentication and communication between TA and OBU. With the use of dedicated short-range communication (DSRC) [6], the OBU fitted in each vehicle can transmit traffic information to nearby vehicles and RSU [10].

Characteristics of VANETs.
VANETs is a dynamic ad hoc network that enables the vehicles converse with one another using fixed and mobile nodes offering numerous services, however with narrow access to the network's infrastructure. Compared to the MANETs, the VANETs have high mobility features and normally vary in topology [10]. In VANETs, vehicles or nodes move arbitrarily in the network, and their movement transforms the network topology. VANETs topology is complex and dynamic because of the strong mobility factor of nodes [9]. e features of VANETs are mentioned below.

High Mobility.
Because of the high mobility, the VANETs have good versatility relative to MANETs, and they play a significant role in modelling VANETs protocol. In VANETs, every node moves quickly; thus, vehicles' mobility minimizes the communication time in the network [10,14].

Driver Protection.
e VANETs might get better driver protection, improve traveller console, and support a better flow of traffic. e core benefit of VANETs is that nodes communicate straight to everyone [10].

Vibrant Network Topology.
In VANETs, the topology design is vibrant because the vehicle speed of mobility is very high. erefore, the forecast of node position is very tough to compute. e high speed of vehicle networks is extra weak to attacks, and it is incredibly complicated to identify intruders and vehicles if something is wrong in a network [10].

Variable Network
Density. Due to high-speed mobility vehicles, traffic congestion or even lousy weather, the network may experience frequent or intermittent disconnection among nodes. In this situation, the nodes may receive proper guidance from the V2I infrastructure [9,10].

e Medium of Transmission.
Due to open wireless nature, these kinds of networks inherit all security vulnerabilities as posed to other traditional wireless networks [10].
cities; hence, a massive number of nodes can be dynamically added or adjusted into the system [9,10].

Extensive Computational Processing.
In VANETs, a large number of resources such as processors, colossal memory GPS, and antenna are embedded in vehicles. Such resources may require a massive computational capabilities and guidance to provide enhanced and trustworthy wireless communication for getting accurate information, i.e., live location, speed, and route of the vehicle [9,10].

Security Issues in VANETs
e security issue is very crucial in VANETs which ensures safety for the drivers as well as passengers. is is obligatory to design essential algorithms to assure safety and protection.

Security Issues.
In this section, we provide details about various security issues in VANETs. [17] is considered a significant factor in VANETs security. is ensures that all resources are accessible forever in a network in the face of vulnerabilities and denial of service attack-based attempts. Cryptography and trust-based algorithms and protocols are helpful to protect the VANETs from these attacks [9,10,17,18].

Authentication.
Authentication enables the right participants to enter the network after dual verification. It also ensures that the sender or user who sends a message is not an intruder. Besides, the privacy of the user is preserved using pseudonyms [17][18][19].

Integrity.
Integrity or data integrity ensures that there is no change in the original data packets sent by the sender. Alternatively, it must be protected from the adversary on the way. Data accuracy is one of the fundamental security issues in VANETs. Digital signature, public key infrastructure, and cryptography revocation mechanism may be employed to ensure the integrity between the sender and receiver [9,10].

Confidentiality.
Confidentiality means to hide data from adversaries. In confidentiality we make sure only authenticated users access the data with the help of encryption and decryption. In this way the data remains confidential, while the other unauthorized users may not access this confidential information [9,20].

Nonrepudiation.
is feature ensures that the source of the originating message may not deny the fact that it has generated a particular message. Alternatively, this feature binds the content with the originator of a particular message. [9,10,19].

Pseudonymity.
e pseudonymity refers to hiding the original identity. e legal participants may use pseudonyms instead of using original identities. In this manner, the legitimate entities may communicate anonymously without revealing their true identities. is ensures protected privacy for the subscribers [18].
3.1.7. Privacy. In VANETs, the privacy refers to concealing driver identity as well as the location's information from other unauthorized users in the network [9,18,21].

Scalability.
e capability of the network to respond to the dynamically changing requirements is termed as scalability. e frequently changing topology of the vehicular network is another challenge for the researchers [18].
3.1.9. Mobility. Mobility is ubiquitous in VANETs because nodes communicating in VANTEs change their location very quickly and frequently in a network. VANETs nature is dynamic because every second, the node position is changed.
is mobility factor focuses on the need of more secure and dynamic algorithms maintaining quality of service requirements [18].

Data Verification.
It is used to eliminate malicious messages in the network. is ensures to test the accuracy of data and verify the legitimacy of participating nodes [9].
3.1.11. Access Control. Access control is used to monitor and check the policy rights and roles for all participating nodes in the network [9,15].

Key Management.
Key management refers to the key used in encryption or decryption process during communication between the nodes. e key management and issuance are resolved during the designing of security protocols for the network [18,22].

Location Verification.
A reliable mechanism for the verification of location is required in VANETs, because this is necessary to protect from various attacks during communication and is also helpful in the data validation process [18].

Attacks on the Physical Layer of VANETs (Security Attacks in VANETs).
is section on attacks in VANETs can be divided into three parts. In the first part, we discuss the attackers based on their nature, behaviour, and efficiency. In the second part, we discuss the various attacks on physical layer, and the third part focuses on the rest of the attacks in VANETs. Now we discuss the types of the attackers according to nature, behaviour, and efficiency: (i) Active vs. passive: in the case of an active assault, the assailant gets the information from the network, changes the original message's information, and forwards it to the receiver. Usually, in an active assault, the assailant wants to decrease the network's efficiency or get access to the network for unauthorized services [23]. In the case of the passive assault, the assailant does not send or receive any message on a network by eavesdropping the wireless network and collecting information about the network or seeking potential vulnerabilities [24,25]. (ii) Insider vs. outsider: insider attacker means that the authorized member who is part of the network has full information about the network and can access network efficiently. On the other side, outsider attackers are intruders who are not authorized and cannot access the network directly. at is, if they want to initiate an attack they must collect knowledge about the network first and then attack [24,26,27]. (iii) Malicious vs. rational: the attacker's intention is to attack the network and gain personal benefits. A malicious attacker may upset the network's performance with an objective to affect the legal users of the network [23,28]. On the other hand, a rational attacker may intentionally launch an attack on the network to get some information in order to damage the network [24,26]. (iv) Local vs. extended: in the case of local attackers, they launch attacks on a limited scope and cover the limited area or region like some RSU and node [27]. However, extended attackers cover bigger region or area comparatively. e extended attacker aims to degrade the network's performance or shut down the whole network [25].

Eavesdropping Assault.
Eavesdropping assault is a type of passive assault and is done in the privacy of the network. Assailant collects the secret information, and the attacker secretly monitors the traffic flow of the network or the existing location and actions of a specific vehicle. is type of assault cannot be detected easily because the attacker performs its activity without any kind of reaction [25,29]. Figure 2 shows that Car C regularly monitors ATM's cash van's facts and leaks such information to the intruder. ID revelation assault is a subcategory of eavesdropping where the assailant exposes the identity vehicle and uses it to track the under-attack vehicle.

Denial of Service Assault.
In DoS-based assault [30][31][32], the assailant attacks the service provider's services. In this attack, even the legitimate users are unable to acquire services in the network. e assailant may initiate this attack any time and jam the communication channel. is kind of assault can be launched in two ways. On the first hand, the attacker may engulf the resource with numerous requests, while that resource may not be able to respond to legal user requests. is type of attack can be extended by sending a large number of requests for messages and jamming the communication. erefore, RSU cannot accommodate several requests that OBU might have submitted [29,33,34]. In Figure 3, a DOS attack is demonstrated where auto F is an attacker in the car who denies access to RSU services for users of Cars A, C, D, E, and H.

Distributed Denial of Service Assault. Distributed
Denial of Service (DDOS) [35] could be more damaging for the ad hoc vehicular environment since the attacker may attack the network in a distributed manner. An attacker may use various time slots for different vehicles to submit a message. e only objective of the assailant is to bring the network down [27,29]. In Figure 4, a Distributed Denial of Service attack is demonstrated where the two cars, i.e., Car Q and U, attack the services provided by RSU, while the Cars M, N, O, and P denied the attackers Q and R, S and T, deprived of access to RSU services by the car in the attacker.

Illusion Assault.
It involves deception with the manipulation of vehicle's inside information, for instance, speed and location, by tampering the hardware physically. By providing the wrong information of vehicles using internal devices or sensors, it misguides the other network nodes. For instance, it may show another person by cloning the location of the other vehicle [25].
In the case of in-transit traffic tampering assault, a malicious node may deliberately cause delay, corruption, replay, or alteration of a message to spoil the VANETs communication. is type of replay assault [36,37] includes message replay where the assailant records the message received from certified nodes and then resends after sometime to create some misunderstanding or disturb the traffic. In Figure 5, it is shown that the attacker spoofs the message and sends back to the node; the original message was created by "M" assailant to create misunderstanding and replacing it as "tn." is assault could be launched in two ways, one is using an on-board unit by using a particular part of the hardware. e duplicate messages remain unsuccessful in locating the neighbor 's accurate driving status, for example, speed, location, direction, etc. [25,38].

Message Modification/Alteration.
In a message modification attack, the attacker changes the information of the vehicle integrated into a message (for example, speed, position, or direction) for its own benefit. It is a potential hazard for the security of the other nodes in the network [25].

Jamming
Assault. An assailant intentionally generates large amount of messages in a network and creates congestion on wireless channel that might affect the performance of network [25]. e assailant may initiate jamming attack by transmitting a strong radio signal to interrupt the entire communication by declining the signal to noise ratio.

Security and Communication Networks
In this, the jammer continuously sends a signal by interfering with the communication of other vehicles in a network. In VANETs, jamming is considered a big threat for its security. Figure 6 shows that the assailant is jamming the network. e victim nodes are always perceived to be busy in a network, since they are unable to send or receive messages in this jammed area. When jamming signal is enabled, the sender sends the data packet, and the receiver does not receive the intended data packet. erefore, the packet delivery ratio (PDR) is meager.
ese data packets carry essential information, such as weather conditions, road conditions, accidents, etc. Many incidents may happen if that critical information is not delivered to the nodes in due course of time.

Other Attacks in VANETs.
In this section, we discuss remaining assaults that occurred on VANETs layers during communication.

Sybil Assault.
In Sybil assault [39,40], the assailant generates numerous identities of vehicles and broadcasts the incorrect information on the network. In the case of Sybil assault, data are broadcasted with fictitious identity. is assault is implemented from an OBU upon other OBUs after authentication for acquiring personal benefits. According to this scenario, the assailant creates several identities and sends a message in a network to the authentic user, such as additional traffic on the road, and therefore alters a route. One delusion is generated by the assailant, and the same message is sent to various vehicles. e authentic user will receive the same data packets from various vehicles because the illusion is always created in a network and believes its node will alter the route. is decision goes in favour of the attacker, while the route becomes clear, thus the attacker enjoys the trip [29,41]. Figure 7 represents a Sybil assault in which an assailant in Car C creates numerous identities and sends those data packets with false identities to other users, which creates an illusion that the road has enormous traffic. After receiving such data packets, Car B and Auto D may decide alternative routes, and, currently, Car C gets a free road.

Node Impersonation Assault.
Node impersonation attack is another name for a message tempering attack [29]. In VANETs, every vehicle has a unique identifier and uses it to send the message and verify if something wrong happens in the network. In node impersonation assault, the assailant changes the original data packet and claim that the data packet comes from a genuine user [27,29]. Figure 8 shows that Vehicle D sends messages about the mishap to place x before acquiring help. However, the assailant junction C will inform the data packet and forward it to the ambulance to happen at place Y.

Black Hole Assault.
Black hole assault [42][43][44][45] is a category of routing assault in which a malicious node attracts the victim's node on the network. Furthermore, it assures transmitting data through it by presenting the shortest path to the receiver node [29,46]. e victim node chooses that shortest path and sends the data packet; any malicious node may drop the message or misuse the message for its own [41,47,48]. Figure 9 depicts that Car K desires to submit messages to Car P and Car Q, but it has no routing path for those nodes. erefore, Car K activates the route detection process. Route request is redirected to Car B and Car L. Now, a malicious vehicle, Car L, claims that it has the shortest route to arrive at Car P and Car Q. According to the availability response, Car K sends every data packet to Car L and becomes a black hole assault victim. [49] is another type of routing assault. In a worm hole attack, a malicious node receives the message from the authenticated user at any place in the network, and, with the help of another malicious node, it creates a tunnel between two malicious vehicles [29,46]. Figure 10 shows a wormhole assault in VANETs.

Gray Hole Assault.
Gray hole assault is an extended version of black hole assault, wherein the malicious node also shows itself as part of the network. It sends a request message to victims' nodes and shows as the shortest path route node; in gray hole attacker [50] also received the data packets but did not drop all packets like black hole attack. It only dropped few data packets. In Figure 11, Car H shows that part of the network and presents the shortest path for communication to Car G. It is complicated to identify this type of attack because it is not continuous. It is created for limited time period for a specific purpose [29].

Masquerading Assault.
In a masquerading attack, the attacker sends packets on behalf of other vehicles by using the identity of those vehicles [51]. In Figure 12, the C shows itself as a police van, and, through that deception, the node makes the other nodes reduce their speed or stop the node.

Global
Positioning System Spoofing Assault. Global positioning system spoofing attack is another name for location faking assault. According to this category of assault, the assailant tries to vary their present location identity and forward fake information from the GPS by using such a method, by not showing the existing location to other nodes and pretending to be in an incorrect location to others. is assault is done by the attacker with the help of set of nodes [29]. In Figure 13, three nodes are moving on the Road-ID 8; however, they do not show their present location and forward the network's incorrect information. RSUs acquiring such details show that there is no node on Road-ID 8.

Brute Force Assault.
In the ad hoc network, the sender vehicle sends the message to the receiver vehicle with the help of other nodes if the receiver vehicle is beyond its range.
us, for the sake of security, the sender nodes or vehicles encrypt the message and submit towards the target via any is type of attack is a cryptography assault wherein the intermediary node will serve as an assailant that strives to decrypt the message through various decryption techniques [29,52]. Figure 14 shows that Car L wants to send information to Car Q, while Car Q is far away.
us, Car L sends the encrypted data packet to Car Q through Car N that is a malicious node which may attempt brute force assault and decrypt the message through a variety of decryption techniques.  Security and Communication Networks aware of the network layout in topology-based RP and sends messages using the accessible nodes and network connection information. One of the other side position-based RP nodes must be aware of the other node's location or position in which packet is being forwarded [53]. Figure 15 shows the two types of VANET routing protocols.

Topology-Based
Protocol. e fundamental principle of the table-driven protocol is predetermining the route or path. It must gradually update the routing table every time the routing table is updated and share with neighboring node regularly [54]; therefore, while one node desires to communicate with another node, they already know about  the path. One significant advantage of proactive protocols is the availability of path when the node wants to communicate on a network, but bandwidth decline is due to the generation of traffic caused by the swap of control packets [53,55].
Proactive protocol examples are OLSR, DSDV, and GSR.
(i) Advantages: Tracing the location of the route is not needed Low latency when running in real time  neighboring nodes after exchanging its link-state information with those neighboring vehicle/nodes at regular intervals. As in link-state protocols, the routing messages created on a link are changed dynamically. is minimizes the number of control messages sent over the network considerably [59]. (On-Demand). e fundamental principle of reactive protocols is path allocation when the vehicle wants to communicate with another vehicle. Routing protocols have the key advantage of saving bandwidth in the reactive protocol when the node sends a message to the first path to be discovered. When a path is final from source to an intended destination, it is updated in the routing table and is then used for communication among source node to an intended destination node, and this path remains occupied with another node till the communication is completed [60,62] (Reactive Protocols Example: AODV and DSR).

Reactive Protocols
(i) Advantages: To update the routing table, periodic flooding in the network is not required. Flooding is only done when required. It saves the bandwidth.
(ii) Disadvantages: For path discovery latency is high. Too much flooding of the network disrupts the node's communication.

Ad Hoc On-Demand Distance Vector (AOVD).
AOVD [28,47,61,63], in MANETs, AODV protocol, is used for on-demand routing purposes with reactive routing. In the AODV protocol, routing table is maintained to store the next node routing information, i.e., for the target location nodes, and each routing table is used for a specific time period. If the path is demanded within a specific time, it becomes expired. Later, if a node wants to communicate, then again it finds a new route. In AODV, when the source node sends data, it checks the routing table and sends if the route is available. Otherwise, it needs to start the pathfinding process again to discover the finest route source to the target location for the purpose of transmitting packets through the broadcasting of route/path request (RREQ) message to its neighbor node. AODV was geared towards reducing the distribution of control traffic and stopping data traffic overhead, improving scalability and efficiency [16,53,58,60,64]. Figure 16 shows that in AODV the messages RREQ and RREP are used. In this figure, node S wants to communicate with node D, and all nodes are connected to their neighbor nodes and submit an RREQ message while every node sends REEQ message to the neighbor node. After receiving the RREQ message, every node sends back an RREP message. When all RREP messages are received, the source node chooses the best path and starts communication [57].

Dynamic Source Routing
Protocol. DSR [65,66] is a type of reactive routing protocol. If the vehicle desires to communicate with another vehicle in the network, it will search for a path and send packets to the intended destination. First, the vehicle searches a path after broadcasting a Route Request (RREQ), and this request passes through different nodes till the destination node where data need to be transferred. After they receive the path demand message, the intended destination broadcasts a Route Reply (RREP) packet back to the source vehicle with a unique ID. e dynamic source routing protocol stores the path information. If any unbroken connection or vacant path exists, then information is processed through path repairs. If there is any error on the path, the vehicle will send the Route Error message to the network [66]. DSR protocol is used in VANETs to maintain the network information and submit information about the traffic towards road-side unit [58,66]. Table 1 shows the features of three routing protocols.

Security Issues for ese Protocol Types.
e AODV is a part of a reactive routing protocol. AODV's key benefit is that it is uncomplicated, takes less memory, and does not produce additional communication traffic along with the active connection. In AODV, the assailant might publicize a path with a slighter interval metric than the actual interval or publicize routing updates with a big sequence number after annulling all routing updates from supplementary nodes. An additional upgrade edition of AOVD proposed to solve these issues is secure AODV that presents more protected substantiation and truthfulness in AODV through the multihop link [67]. DSR protocol is another type of reactive protocol. e dissimilarity between them utilizes source routing sooner than relying on the routing table at every intermediary node. In DSR, another option is available; i.e., the data packets in this protocol can be forwarded on a hop-by-hop basis. It is feasible to vary the source route as planned in the attacker's route request or route reply packets in dynamic source routing. In DSR, removing a node from a list, changing the order, or adding a new node to a list are potential hazards [67]. In DSDV, significant security issues are scalability and also inappropriate DSDV for extremely dynamic VANETs.

Position-Based Protocol.
e geographic location of the destination is determined in location-based routing. e positioning-based RP is generally proposed for the ad hoc network and does not use the network address to send data from the source to the intended target location. In VANETs, the transmission range is lower due to this frequent crash in the routing path. It is also due to gaps and crashes in the network.
e problem of fading effect in urban highway environments, like tunnels and giant buildings, causes severe signal loss [68,69]. Table 2 provides a summary of positionbased protocol challenges and countermeasures.
Position-based routing is separated into three major groups detailed as follows: (i) Nondelay tolerant (ii) Delay tolerant (iii) Hybrid

Nondelay Tolerant Network.
e position-based first category is based mainly on greedy forwarding. Greedy perimeter stateless routing (GPSR) [70] protocol is used in greedy forwarding. GPSR uses only city scenarios because the dilemma is routing loops, an overlong path structure, and incorrect packet orders enhancing [69]. GPSR is proposed for MANETs; GPSR has a stumpy packet delivery ratio. Another protocol used for connectivity-aware routing is called A-STAR [68] for city buses for maintaining the path-based information. is algorithm might help to find the shortest route by giving connectivity among the vehicular nodes [69]. [68] is also known as disruption tolerant network [1], delaytolerant network, and store-carry-and-forward processbased network. Most of the current VANETs protocol had been proposed for immobile destinations. Vehicle-assisted data delivery (VADD) [70] is based on a carry-and-forward mechanism. A protocol connectivity-aware minimum delay geographic routing (CMGR) is similar to VADD. If we compare the CMGR and VADD, CMGR performs better as compared to VADD [69].

Hybrid Protocol.
e hybrid protocol is a fusion of a Non-DTN and a disruption tolerant network. Geo-DTN + Nav for geographic transmission is a paradigm of hybrid protocol. In the hybrid protocol, we suppose that the target is standing still, being the reason for delay when one node switches to another. In GeoDTN + Nav [56], the message first switches to the perimeter node before moving to the disruption tolerant network for the enhanced broadcast of the message [69].

Issues for ese Protocol Types.
e crucial issue of GPRS is packet loss, and high delay could result in the loss of many hopes; as a result, perimeter mode forwarding may be expanded. STAR's reliability is drastically diminished by using a static street map to route packets of approximately possible radio obstacles, such as city buildings. GPCR uses no external static street map, so it is not easy to discover the intersection specifications. VADD is affected by the dynamic nature of the vehicular ad hoc network. It may cause a significant delay in delivery due to the traffic density [70].

Issues in the Application Layer of VANETs.
e primary purpose of the protocol in the application layer is to minimize the end-to-end delay. However, sending emergency messages should arrive at the target vehicle by maintaining the deadline to supply service quality. In other applications, for instance, infotainment services delay is inevitable [71]. Vehicular information transfer protocol [72] is an application layer communication protocol to assist disseminated and ad hoc services infrastructure in VANETs. Two primary attacks on the application layer are malevolent code assault and repudiation assault. In malicious code attacks, malicious vehicles that want to attack networks send malicious codes like a virus, Trojan horse. ese types of attacks damage the vehicle application and affect their services. In the repudiation attack [32], for instance, an application runs on a network that is used to control, track, and log user action, hence encouraging malevolent manipulation or spoofing of the recognition of new actions [71].

Solutions in VANETs
is section provides a brief review of the works furnished in the domain of VANETs security solutions. Table 3 provides a summary of challenges and countermeasures in VANETs.

Authenticated Routing for Ad Hoc Networks.
e ARAN [73] routing protocol is based on AODV. In ARAN, a third party called certificate authority (CA) is responsible for sending a signed certificate to the nodes, upon receiving a certification request to CA. Asymmetric encryption techniques are used to verify the authenticity of secure path detection, and time tags are used to clear the path [75].
ARAN essentially has five steps: (i) Certification (ii) Authentic path finding (iii) Authentic path setup (iv) Path maintenance (v) Key revocation In the ARAN path, the authentication process is done in every step by adding each middle node's sign and certificate, so this protocol solves the impersonation problem.

Secure and Efficient Ad Hoc Distance Vector Protocol.
Working over DSDV, the secure and efficient ad hoc distance vector protocol (SEAD) [74] uses the authentication process hash function. SEAD uses destination sequence number to ensure path freshness, which assists in avoiding the wrong path. To ensure path authenticity, the SEAD uses hashing on each intermediate node [75].

Ariadne.
Working on DSR, this protocol uses symmetric cryptographic operations. e one-way hash and MAC functions are used for substantiation and are transmitted via a shared key between nodes. e TESLA uses Ariadne-based authentication for data transmission. e TESLA time interval is used in the route discovery and authentication process [75].

SAODV.
is protocol proposed the integration of security measures into the AODV protocol. All routing correspondence is signed digitally to assure legitimacy, and hash functions are used to guard hop count. e route response cannot be sent in this intermediate node method, even though they know the new path. is problem can be solved by double signature; in addition, it raises the system complexity [75].

A-SAODV.
A-SAODV is an extended version of SAODV, which has an experimental adaptive response decision attribute. Depending on the length of the queue and the threshold conditions, each middle node may come to a decision, whether to send a response to the source node or not [75].
4.6. One-Time Cookie. Usually, cookies are allocated for each session for session management. However, this protocol gives OTC the concept to protect the system from session abduction and SID stealing. OTC produces a token for every request, and these tokens are linked to request using HMAC to avoid the token from being reused [75].

Elliptic Curve Digital
Signature Algorithm. ECDSA [77] algorithm utilizes a digital signature. Additionally, ECDSA ensures the genuineness and protection of the digital   [69,70] signatures through hash and related symmetric key operations. It can be initiated once both the sender and the receiver agree upon the parameters for elliptical curve domain parameters [75].

Robust Method for Sybil Attack Detection.
RobSAD [76] approach's core principle is that drivers cannot have the same movement pattern for two different vehicles, as every human being drives along with their comfort. Identifying a malicious node is achieved by the discovery of two or supplementary nodes with similar trajectories motion [76].

Holistic Protocol.
is protocol describes the method of authentication by registering the vehicle/node by RSU. e vehicles send Hello message to the RSU during the vehicle registration process; RSU then prepares and sends the Registration ID (consisting of the license number and registration number of vehicle) to the node. Additionally, the verification is complete through a RSU certificate. If the vehicle is genuine, only information will be shared; otherwise, it will be blocked [75].

Challenges in the Physical Layer of VANETs.
Due to the high speed, the signals of VANETs entities undergo multipath fading and Doppler frequency shifts. Hence, due to the effects of the multipath fading and frequency shifts, the need of physical layer communication arises. For testing the application, V2V uses radio and infrared (IR) waves to communicate. e V2V communication occurs through excessive frequencies like micro-and millimetre waves. e waves that belong to the infrared and millimetre category use the line of sight communication [71,78]. e DSRC physical layer includes the 802.11p OFDM, which operates within 5.9 GHz band (5.885-5.9.5) range with a maximum of 10 MHz channel [78]. e underlying data rate is approximately 3 Mbps, and the default data rate is 6 Mbps. e physical layer in VANETs is a thoroughly researched area. From transmission control to using multiple (or individual) antennas and from evaluation to channel-to-channel selection, there are numerous aspects of the physical layer which contribute to network scalability. Owing to the spread of delays and mobility on several roads, the multipath environment makes communication extremely challenging. Delay-spread frequency selective fading and mobility cause time-selective fading. e need of the line of sight leads to a significant delay owing to dispersal, and Doppler spreads [79]. e challenges to the physical layer in VANETs consist of the following.

Dual and Single Radio.
e coincidence among single and double radio is still vague. Although dual-radio has different clear benefits, inserting a second radio into the survival of single radios does not boost protection contact efficiency under the default scheme [79].

Model for Propagation.
Vehicular ad hoc networks work in three types of environments: countryside, city, and highway. e free-space model used for the highway is not rigorously exact as the signal passes through the adjacent reflections.
e city free-space model can be effected by shadowing and multipath fading. In a rural environment, some other factor, like trees and hills, can cause lots of reflection [79].

Selection of the
Channel. An analytical and simulation study is required at the physical layer for the channel selection. A game-theoretic approach can be used for selecting the best channel and data rate [79].

Channel Estimation.
We require advanced channel estimation techniques in VANETs to acquire a correct channel state information (CSI) [79].

Variety of Techniques.
Fading and interfering effects can be minimized using a range of techniques [79].

Algorithms in the Protocol Layer of VANETs.
e reliance on remote correspondence, control, and handling innovation renders IoV dynamically weak against potential ambushes, such as remote interruption, control, and direction [80]. For itself, compelling validation courses of action envisioning unapproved visitors must be directed to adapt to these issues. us, this work focuses on the security and protection by structuring up twofold verification conspiring for Internet of Vehicles as demonstrated by its different situations. In any case, the OBU self-makes an unclear personality and provisional encryption key to open a validation session. Second, the trust master's legitimacy of the node's actual and baffling personality can be confirmed (TA). Table 4 provides a summary of algorithms in protocol layers of VANETs challenges and countermeasures.
Zeng et al. [81] proposed a new route for city VANETs formed by connectivity analysis based on geographical position to conquer the general mistakes of VANETs route in the city area. In combination with a digital city map, LCGL manages the geographical position information about nodes and connections. LCGL selects the shortest connected route to forward the data packet to the route and link length.
As per Sun et al. [82], several open communication protocols overlook the nearness of structures or difficulties accessible amid viable use, mainly in urban regions. ese deterrents can cause signal fading or even square direct communication. Numerous vehicles are often left on the road side. As a result of their location, these left vehicles can be utilized as transfers to successfully lessen the shadowing impact of deterrents and even tackle communication issues. In this work, the author exhibited left-vehicle right-hand offrouting communication in vehicle ad hoc networks. e author of [82] proposed a practical left vehicle associate hand-off routing calculation made out of four sections: an occasional Hello packet trade instrument, competitor transfer list update, communication connect quality evaluation, and hopeful hand-off rundown selection. Simulation results uncover evident advantages for lists, such as the nature of communication, achievement rate, and time delay.
Ad hoc vehicular networks have twisted into an increasing innovation that can gratify the interest of advancing associated vehicles and developing prerequisites for the Canny Transportation Framework (ITS). Authentications are utilized to confirm vehicular correspondence though the declarations of vehicles should be disavowed if every vehicle is found to get out of hand hubs. In VANETs, authentication disavowal Certificate Revocation Lists (CRL) must be instantly conveyed to every single vehicular hub to avoid redundant correspondence with the noxious hubs. Be that as it may, because of developing several testaments, the measure of CRL constantly increases, and, subsequently, it ends up hard overseeing and conveying the CRL in vehicular networks. e author presents a compelling and adaptable plan to convey a declaration denial list in the various leveled engineering of VANETs [92].
Rahman and Tepe [83] stated that the DSRC/WAVE system is standardized to broadcast critical security information with IEEE 802.11p as MAC protocol. Studies show that IEEE 802.11p fights the adverse effects of asymmetric radio communications and mobility problems in V2V and V2I communication. e author provides a well-organized and consistent cross-layer algorithm for problems with V2V and V2I communication.
e analysis shows that the multilevel algorithm's proposal removes channel access conflicts and confirms improved channel usage. e solution can be the dissemination of up to three jumps without routing protocol. at is chiefly significant for security and emergency critical message of area vehicle network.
Kumar and Mann [84] considered the safety of VANETs. As per Kumar et al., the security of the vehicles or nodes can be enlarged if the network accessibility is increased. If the denial of service of attack happens on the network, the availability of the network decreases. e authors proposed an algorithm that was proficient at sensing the numerous malicious nodes or vehicles that transfer the unrelated packet to squeeze the network and ultimately stop the network from transmitting the safety information messages. e proposed algorithm simulated on NS-2 and the quantitative values of packet delivery ratio, packet loss ratio, and network throughput demonstrates that by detecting the denial of service attack in a good time, the proposed algorithm improves the network security.
Vehicular ad hoc network aims to improve transportation efficiency and safety. VANETs have open nature of wireless medium, so the number of chances of various attacks in this work increases. e authors proposed a solution for DOS attack which uses the redundancy removal mechanism consisting of rate decreasing algorithms and state transition mechanism as its components. e protocol of Malla and Sahu [85] uses various existing solutions (channel switching, frequency hopping, multiradio transceivers, and communication technology). e proposed solution betters the security in VANETs without using cryptographic techniques.
Due to high mobility in VANETs, secure routing is a big issue [86]. e topology nature of VANETs is dynamic; paths are regularly updated, and sometimes the communication link breaks due to hurdles such as buildings, bridges, and tunnels. It is challenging to determine the reason for packet drop because persistent connection breaks can cause packet drop, resulting in deterioration of VANETs are a subgroup of MANETs. It is developed to provide communication between vehicles and fixed equipment (RSU) to give each other's range. VANETs are very sensitive to safety issues. Jeffane and Ibrahimi [87] proposed a new mechanism that focuses on the denial of service attack on the physical and MAC layers in IEE standard 802.11p.
is solution uses the packet delivery ratio (PDR) metric to detect the DOS attack.
Security for VANETs is vital because their very presence relates to critical circumstances that are life-threatening [88]. VANETs are a subgroup of MANETs. All nodes or vehicles are equipped with an On-Board Unit (OBU), enabling data from one node to another in the network to be sent and received. In vehicular ad hoc network communication interface provided by the on-road infrastructure, to detect the denial of service attack before verification time, Roselin Mary et al. [88] proposed a new algorithm (attacked packet detection algorithm).
Important information shared for vehicle protection is the major issue. e node is self-organized, highly mobile, and of free movement in a vehicular ad hoc network, so any node may communicate with any other node that may (or not) be trustworthy. is is the area of concern inside the VANETs security horizon. e road-side unit is responsible for every node at all times and provides the communication of secure information. e vehicles and the RSU are prone to several security attacks like selfish driver attacks, masquerading attacks, Sybil attacks, and alteration attacks. DOS attack is the main challenge to network availability. Singh and Sharma [89] proposed an enhanced attacked packet detection algorithm, which prohibits network performance deterioration even under this attack. EAPDA checks the nodes, detects malicious nodes, and better gets the throughput with minimized delay, thus improving security.
As per Quyoom et al. [31], the security of VANETs plays a vital role in sustaining essential life. A sensitive, life-related information network must be open at all times for secure communication. Several types of attacks and threads possible in VANET were subject to the network accessibility problem. ese attacks include Sybil attacks, misbehaving attacks, incorrect vehicle position information, and selfish driver and jamming attacks. Among these attacks, a significant threat to the information economy is the denial of service attacks. To analyze and detect the DOS attack, the authors proposed a Malicious and Irrelevant Packet Detection Algorithm (MIPDA). [90] used the updated prediction-based authentication method (PBA) to protect against VANETs DOS attack to mitigate packet loss caused by vehicle mobility. e primary aim is to reduce the delay in validating emergency vehicles such as ambulances and fire services. e architecture of the PBA is such that the beacons cannot be predicted by the sender vehicles.

Issac and Mary
is process has been shown to be secure as a result.
e IoT plays an essential role in connecting the network with the world and new technologies. However, VANETs being an important segment of IoT have faced various challenges due to the high mobility and dynamic nature of the network. IoT focuses in future to allow internetworking to disseminate information. Previous security solutions to vehicular Internet of ings (VIoT) focus more on privacy protection and security-related challenges using PKI. Sohail et al. [91] proposed a new scheme, trust enhanced on-demand routing (TER). is scheme overcomes the security challenges in VIoT, such as efficient trust assessment, certified user nonfunctioning, and secure information diffusion.

Solutions in the Application Layer of VANETs.
e principal aim for the application layer protocols is to decrease the end-to-end delay caused by sending emergency messages. In other applications, for instance, infotainment services delay is predictable. Vehicular Information Transfer Protocol (VITP) is an application layer communication protocol to support distributed and ad hoc service infrastructure in VANET [71]. Two possible primary assaults in application layer are malevolent code attack and the repudiation attack. In malevolent code assault, malevolent vehicles send malevolent code or programs, for instance, viruses, Trojan horses. ese malicious codes damage the vehicle application and affect their services. A repudiation attack, in which attackers control the whole network with the help of the various applications, gets all information quickly and manipulates the message. e application layer is capable of detecting DoS attacks than other layers [71].
Two schemes were proposed in [67]; the first scheme is an application-aware control scheme in which all accessible applications should be periodically registered and updated and forwarded to all other VANETs nodes. e second scheme includes the unified routing scheme that will route a packet of precise applications according to demand and safety requirements.

Conclusion
Consisting of mobile information and communication infrastructure, the VANETs play an important role in road safety and travel comfort. However, as technology is growing and VANETs are getting more popular, security vulnerabilities are increasing rapidly, which ultimately restricts the widespread usage of the VANETs. In this article, the security vulnerabilities of VANETs are surveyed.
e article also provides layer-specific attack classification in the VANETS protocol stack. Besides, we also provided a discussion on several countermeasures.

Data Availability
No data were used to support this study.

Conflicts of Interest
e authors declare that they have no conflicts of interest.

Authors' Contributions
Conceptualization was done by J. M. and Y. Y.; investigation was carried out by Y. Y. and M. N. M. B.; original draft was prepared by J. M. and Y. Y.; review and editing were done by Y. Y. and J. N.; supervision was provided by Z. D. and Q. W.; funding acquisition was made by Z. D.\enleadertwodots. All authors have read and agreed to the published version of the manuscript.