Many different kinds of attacks on VANETs have been proposed [188, 218, 292]. Obtained at- tacks are based on various attacker models. Hence, an overview about common attacker models is given in Section 2.3.1. Afterwards, different kinds of attacks are discussed in detail. A general overview about attacks on VANETs is given in [222]. Such attacks show many similarities to attacks on other kinds of wireless ad-hoc networks [80].
2.3.1 Attacker Models
A common approach is to differentiate attackers based on the communication area covered by the attacker. Typically, two different kinds of attackers are considered, which are [251, 312]
1. local attackers, which just influence a well defined area around malicious nodes and can be further differentiated into
(a) static attackers, and (b) mobile attackers.
2. global attackers, which have full access to the whole VANET.
Moreover, each of the mentioned attacker types can be either passive, i.e., only receiving mes- sages, or active, i.e., sending and receiving messages. Additionally, insider and outsider attacks can be discriminated. An attacker is considered an insider in case he controls a valid node being part of a VANET. In contrast, an outsider attacker has no physical access to a valid node [251, 312].
2.3.2 Denial of Service Style Attacks
A common requirement of DOS attacks is the presence of an active attacker. The simplest attack on data dissemination in a VANET is jamming of the used wireless channel(s). A detection mechanism for DOS attacks on VANET beacon distribution by jamming is proposed in [214]. The area affected by the jamming attack is mainly limited by the transmission power, which the attacker is able to use. A jamming attack clearly violates regulations in regard to channel usage limitations and the attacker’s node massively violates standards for VANET communication. In contrast, this work proposes DOS attacks misusing valid protocol functionality, which are much harder to be detected, as they facilitate only valid VANET messages. Moreover, it is shown that an attacker can target areas, which greatly exceed his own communication range by causing invalid behavior of valid nodes. Details are given in Chapter 5. A general overview of DOS attacks on VANETs is given in [157].
A so called PSC depletion attack is proposed in [251]. To perform it, an attacker sends messages with a duplicated network layer source address to the target, i.e., the attacker uses the same address as the target, to cause a pseudonym change at the target. In case PSCs are only used once, the attacker is assumed to be able to cause the change such often that the target has no more PSC available. However, following the security concept of both ETSI ITS and WAVE, this attack is almost impossible. The check for a duplicated address is performed after the corresponding message got verified by the security entity. Thus, the attack can only be carried out by an insider attacker with access to valid ITS credentials. Moreover, the attacker needs a PSC whose ID (i.e., its shortened hash value) leads to the network layer address (see also Section 2.2.3), which the attacker wants to duplicate. Otherwise, the PSC used by the attacker does not match the network layer address used in the attacker’s messages. Hence, a simple consistency check at the receiver would identify the attack and lead to discarding of the attacker’s message. Obtaining the required PSC(s) can be assumed to be very hard for any attacker. The attack not even works in case VoD (see also Section 2.2.4.6) is used, as a duplicated address should clearly trigger verification of the message, which caused the detection.
2.3.3 De-pseudonymisation or Tracking Attacks
De-pseudonymisation and node tracking attacks compromise privacy of nodes. Much work has been done in regard to such attacks on VANETs (see also Section 2.2.3).
De-pseudonymisation of nodes re-using PSCs from a PSC pool with low update intervals via long term monitoring by a static passive outsider attacker is shown in [45]. Time triggered PSC changes are monitored and tracking is used to obtain a mapping of different PSC to their common user. A backbone database is created, which allows to learn many or even all PSCs from the pool used by a node. Thereby, pseudonymisation of the node can be circumvented. An extra location dependency of PSC changes can limit the impact of the attack, but more powerful attackers can easily overcome this countermeasure. Hence, re-usage of PSCs is discouraged [45].
Node tracking via characteristic data sets on different protocol layers is discussed in Section 5.4. Moreover, suggestions for improvements of current standards are given to over- come the found weaknesses of the current approaches. Availability of prior work is very limited in regard to this aspect. Within the C2C-CC a still unpublished draft for a privacy memo has been started, which briefly gives some aspects being similar to the analysis provided within this work. However, no in detail evaluation is provided there [274].
2.3.4 Attacks on VANET Applications
Attacks on VANET applications, e.g., ADASs, are typically either based on banned reception of messages (see DOS attacks in Section 2.3.2) or on injection of extra malicious messages. Countermeasures to successful message injection attacks are provided by the digital signature and PKI scheme outlined above. However, usage of VoD enables such kind of attacks, as shown in Section 5.2.
The GNSS spoofing based attack introduced in Section 5.3 allows to perform message in- jection attacks, which are based on replay attacks. Moreover, we show that advanced attackers can even perform such attacks in the form of a Sybil attack.