Description of the Attacks

In what follows we describe and consider the typical attacks that have been indicated as the main causes of vulnerability in cooperative driving applications, according to the very recent literature in the field of V2V connected vehicles (e.g. see [11]), i.e. Spoofing, Message Falsification, Denial of Service (DoS) and Burst Transmission.

6.5.2.1 Spoofing

In this kind of attack, an adversary impersonates a vehicle in the stream with the intention of injecting fraudulent information into a specific vehicle or of taking the control of the vehicle itself [24]. This kind of attack compromises the platoon maintenance and, in the worst case, it may cause collisions.

In our scenario we assume that an internal adversary (cryptography security procedures in terms of digital signatures are implemented to prevent external attacks [134]) takes the control of the third vehicle and imposes a constant offset to its current acceleration value, namely equal to 3.5 [ms−2] from a given time instant t. This implies that the third vehicle starts to improperly accelerate, then it incorrectly moves from the prescribed velocity and, hence, it perturbs the motion of all the vehicles within its communication range. The attack has to be mitigated by algorithms able to discard the incorrect information.

6.5.2.2 Message Falsification

An adversary, internal or external to the platoon, starts listening to the wireless messages exchanged among vehicles and, after receiving each beacon, it falsifies the content of messages. Finally, it rebroadcasts the malicious messages [44]. Countermeasures to this kind of attack rely on efficient detection algorithms, such as the voting technique presented in this paper, to construct a more well formed belief, which can then be checked against the vehicle belief. As well as spoofing, note that here we consider an insider malicious attacker since, if the adversary is external to the platoon, then cryptography security procedures would guarantee the prevention of the attack.

Specifically, in our exemplar analysis the adversary is the fourth vehicle of the fleet and it manipulates the position field of the beacon to be

sent by adding, at a specific time instant t, a value of +5 [m] to its current position value. The incorrect information are then rebroadcast to the other vehicles. Note that, since passengers security is one of the most important issue for the platooning application diffusion, this kind of attack is very dangerous because it compromises the inter-vehicular distance and, in the worst case, it causes a collision.

6.5.2.3 Denial of Service

This attack aims to compromise the communication capability of a specific vehicle, or of a group of vehicles within the platoon, by making them unable to properly collaborate.

Specifically, here we consider that the third vehicle is under the DoS attack and it gets only the 70% of the exchanged information among vehicles within the platoon from a given time instant t. This lack of information downgrades the ability to correctly collaborate during driving and, thus, the attached vehicle may even collide with its predecessor. Possible countermeasures are based on the explicit compensation of the communication impairments. Note that the effects of a DoS attack are usually mitigated by technical solutions that act on the communication layer, such as channel switching, technology switching, frequency hopping, or multiple radio transceivers [11], [23, 85]. Hence, in our simulation scenario we suppose that the duration of each DoS attack is limited to a specific time interval, after which it is rejected. The DoS attack is then repeated again and again in a periodic fashion every 25 seconds (with a DoS time duration of 20 [s] and with a percentage loss rate equal to 30%).

6.5.2.4 Burst Transmission

The burst transmission is a particular network attack that induces packet losses with a random loss rate. An internal or external adversary, at a specific time instant t, manipulates the data traffic flow in order to disperse some of the packets exchanged among vehicles. In particular here we consider a loss rate that randomly varies between 40% and 60%. The effect of this kind of attack can be disastrous, bringing vehicles platoon to collision. Note that both the DoS and the Burst Transmis- sion require that the collaborative algorithms, robust with respect to

6.5 Numerical Analysis  127 0 50 100 150 -100 -80 -60 -40 -20 0 p ositio n erro r [m] time [s] v1 v2 v3 v4 v5 v6 v7 (a) 0 50 100 150 -10 -5 0 5 10 sp ee d erro r [m/s] time [s] v1 v2 v3 v4 v5 v6 v7 (b) 0 50 100 150 -4 -2 0 2 4 co n tro l effor t [m/ s 2] time [s] v0 v1 v2 v3 v4 v5 v6 v7 (c)

Figure 6.1: Maintaining tight formation maneuver under L-P-F topology: (a): time history of the position error computed as ri(t) − r0(t) − di0 (∀i = 1, · · · , 7); (b): time history of the speed

error computed as vi(t) − v0 (∀i = 1, · · · , 7); (c): time history of

the control effort ai(t) (∀i = 0, · · · , 7).

networks delays due to packet losses, are implemented together with cryptography solutions and authentication procedures for the access to vehicular networks [85].