Abstract
In the node compromise attack, the adversary physically captures nodes and extracts the cryptographic keys from the memories, which destroys the security, reliability and confidentiality of the networks. Due to the dynamical network topology, designing an efficient node compromise attack algorithm is challenging, because it is difficult to model the attack or to enhance the attacking efficiency. In this paper, a general algorithm for modeling the node compromise attack in VANET is proposed, which promotes the attacking efficiency by destroying the network backbone. The backbone is constructed using the connected dominating set of the network, which has relevant to the intermeeting time between the vehicles. Then two attacking algorithms are proposed based on the general model, which destroy the network in a centralized and distributed version while maximizing the destructiveness. Simulations are conducted to show the advantages of our scheme. Simulation results reveal that our scheme enhances the attacking efficiency in different mobility models and different applications, which is suitable for modeling the node compromise attack in VANET. At last, discussions are presented to the illustrate the influences of the characteristics to the attacking efficiency with respect to vehicle speed, communication range and key sharing probability.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
1 Introduction
The recent years have seen enormous advances in wireless communication technology. As a special application, the vehicular communication networking has become a promising approach for facilitating road safety, traffic management and vehicular communication [28]. In the Vehicular Ad-hoc NETwork (VANET), owing to the wireless message exchange, the communication between vehicles can be achieved, which provides convenience for the mobile users. While the users are enjoying the advantages of VANET, some drawbacks appear. Due to dynamical characteristics, the VANET are prone to different kinds of malicious attacks [16]. As a special kind of attack, the node capture compromise attack [35] greatly threatens the safety, integrity and confidentiality of the wireless communication throughout VANET. In such an attack, nodes are captured, controlled or manipulated by the attacker physically. Through injecting malicious software (malware) [26], the adversary is able to grab the sensitive and secret information from the communication among nodes or even falsify the messages [19]. After a network is compromised, the attacker will acquire the secret keys to decrypt all the contents of the communication, and the VANET will no longer be safe. Even worse, the attacker can figure out the locations of each user, which largely destroy the location privacy [33] of the network. Through spreading spam advertisements, the victims will suffer from receiving unsubscribed information. It is obvious that the node compromise attack creates catastrophic results to the networks, we need to pay close attention to this kind of attack.
Researching the mechanisms of attacks can provide a variety of threatening models for further developing counter measures [22]. In recent years, attentions are given to study the effects of various attacks, especially in VANET. For example, the Sybil attack [17], the illusion attack [29], the Dos attack [20] and so on. As the performances of the defending technique directly relate to the efficiency of the attack [27], developing an effective attacking method is of great significance. As a novel attack, the node compromise attack seriously destroys the privacy and security of the communication. However, the previous node compromise attack methods lacked of attacking modeling and the attacking efficiency was low.
Attack modeling is utilized to give insights for analyzing the behavior of the attacker, which is beneficial for developing attacking algorithms in an adversarial way. After constructing the attacking model, the behavior of the attacker can be intuitively expressed, which points out the attacking target and the attacking process. Therefore, the attacking modeling can give better and effective strategies for the attacker. In the attack, another characteristic that we cannot neglect is the attacking efficiency, which is used for expressing the fraction of the compromised traffic in the network. Higher attacking efficiency indicates the attacker can compromise the network by compromising a smaller number of nodes. Therefore, when attacking, the attacker seeks to maximizing the attacking efficiency, so as to reduce the attacking times and enhance the destructiveness. As a result, designing the way of modeling the node compromise attack and enhance the attacking efficiencies are of fundamental importance [42].
In literature, although few publications have been proposed for modeling the node compromise attack in dynamical network, ad-hoc network [44] or even VANET, methods in the wireless sensor networks [1] still deserve to be mentioned. In general, approaches of formalizing the node compromise attack can be categorized into two types: the centralized attack [11, 12] and the distributed attack [5, 6, 8, 11, 12].
In the centralized attack [11, 12], the compromise process starts from a single infected node or a small set of compromised nodes. The attacker controls them to disseminate malwares to neighboring nodes. Whereas in the distributed attack, the attacker is able to attack nodes deployed anywhere in the network independently [5, 6, 8, 11, 12].
However, both distributed attack and the centralized attack suffer from one same limitation. In their scenarios, the attacker compromises nodes independently at random, and cannot dynamically make decisions on which node to attack. In [37], Tague et al. pointed out that the adversary could compromise a node intelligently to improve the efficiency of the node capture attack with publicly available information, which is learned through eavesdropping on insecure message exchange throughout the network. Hence, when evaluating the effect of the node capture attack, the factor of the decision making of the attacker must be taken into consideration. In [35], Tague et al. showed that finding the node capture attack yielding the minimum cost can be formulated as an integer-programming minimization problem. In [7, 13, 37], Tague et al. proposed a formal method to formalize the vulnerability of the network by using circuit theoretic analysis. Examples of node capture attacks were provided based on this vulnerability metric. The drawbacks of the aforementioned methods are obvious, which can be summarized as below:
-
1.
So far, no general method has been developed for modeling the node compromise attack in VANET.
-
2.
Previous methods [5–8, 11–13, 37] focused on researching the effect of node compromise in the static networks, the influences to the mobile network, especially to VANET still deserve to be paid close attention to.
-
3.
Previous methods have low attacking efficiency, which make little contributions to developing new defending techniques.
To develop a general method of modeling the node compromise attack, we have focused on following issues:
-
1.
Network backbone: in the VANET, as the vehicles are roaming over the wireless network, no deterministic infrastructure, such as the backbone [43] of the network, can be constructed. As a result, how to set up the network backbone is an important issue.
-
2.
Attack modeling: in the VANET, all the nodes communicate via wireless medium. When modeling the node compromise attack, we should develop a general method, which adapts to the dynamical changes of the wireless network.
-
3.
Attacking efficiency: the attacking efficiency determines the speed and the destructiveness of the attack. Therefore, when developing the attack method, we should focus on estimating the attacking efficiency.
Motivated by overcoming the inadequacy of aforementioned literature, in this paper, we focus on studying the effect of the node compromise attack, where the whole network will fall victim of the compromise procedure. We model the process of the attack as the procedure of destroying the network backbone. When establishing the backbone, we propose a general attacking model based on the connected dominating set (CDS) [10, 40]. The general attacking model points out the how to mount a node capture attack in the VANET to promote the attacking efficiency. Then two attacking algorithms: CCDS and DCDS are proposed, which explicitly illustrate how to compromise the network in a centralized and distributed way. At last, several simulations are conducted to clarify and testify the advantages of our scheme. We implement our algorithms under different nodal mobility model, and then we simulate their performance in SUMO. Simulation results reveal that, our algorithm can provide higher attacking efficiency, which leads to quicker compromise of the networks. Moreover, we discuss the factors that relate to the attacking efficiency, such as the vehicle speed and communication range.
The rest of this paper is organized as follows: Section 2 gives an overview of the literature review. The preliminaries are introduced in Section 3. The general model for the node compromise attack is presented in Section 4. Simulations and discussions are given in Section 5. At last, we conclude this paper in Section 6.
2 Related works
In literature, based on the behavior of the attacker, the node compromise attack can be categorized into two types: the centralized attack and the distributed attack.
In the centralized attack, the attacker spreads the malware from a single or a small set of nodes so as to compromise the whole network. De et al. [11, 12] formalized the spread process of the node compromise by using epidemic theory. In the attack, the adversary initially captures a single or small set of nodes. Then by spreading the malware to neighboring nodes, the attacker gradually controls the behavior of the compromised nodes. With the compromise going on, the attacker will find some neighboring node of the compromised nodes to attack. The attack will proceed until the whole network fall victims. De et al. studied the epidemic propagation based on the effects of different network deployment, but neglected the mobility of the nodes in the network.
The distributed attack indicates that the attacker can randomly select nodes to attack. It can be divided into 3 types: probability analysis [6, 8, 31] and vulnerability evaluation [7, 13, 25, 37] and graph based approach [41].
Some research efforts were devoted to probability analysis [6, 8] methods, which calculated the characteristic parameters of the network by utilizing probabilistic model. In [31], a probabilistic model was proposed for illustrating the process of gathering information by an adversary to capture a node. But it was difficult determine how much amount of information is gathered by the attacker. In [6], Bonaci et al. defined and characterize several important parameters of the network in the view of topology, e.g. the number of nodes an adversary needs to capture in order to disrupt the network’s functionality, the number of compromised links, the number of unit refreshment actions after one compromised node is revoked and so on. In [8], Chan et al. studied the overall network connectivity and the relationship to key pre-distribution schemes and node compromise attacks. They derived an expression that determines the required communication radius for the network. But references [6, 8, 31] suffer from some limitations. They overestimated the factor of attacking efficiency in mounting an attack.
Probability analysis only focuss on that the attacker captures the node at random. The intelligence and intention of the attack are ignored. While in the vulnerability evaluation approach, the adversary was modeled with intelligence in which he can dynamically select the node to capture by evaluating the vulnerability of the network. In [36], Tague et al. formalized a model for node capture attacks in which an adversary collects information about the network via eavesdropping on the wireless medium and captures nodes based on the learned information. They showed that the goals of node capture attacks can be decomposed into a collection of primitive events, the impact of which can be evaluated and recombined to yield an overall evaluation of the attack. In [38], Tague et al. investigated the impact of node capture attacks on the confidentiality and integrity of network traffic. They devised a method of evaluating the vulnerability of the network and formulate the minimum node capture attack problem as a nonlinear integer programming problem. Due to the NP-hardness of the minimization problem, they provided a greedy heuristic that approximates the minimum cost attack named GNAVE. Although GNAVE can enhance the attacking efficiency in terms of attacking efficiency [38], it does not consider the execution time for compromising the network.
In our previous works [9, 41], we proposed an efficient node capture attack algorithm namely GNRMK to enhance the efficiency of the node capture attack. The network is mapped as a flow network and the route minimum key set is constructed. We calculated the route minimum key and the overlapping value. In GNRMK, the node with maximum overlapping value will be captured. The attacking efficiency is higher than GNAVE [38]. However, GNRMK can only be used in the static network with deterministic key pre-distribution protocol, which is not suitable to VANET. In [9], we used a matrix to express the key sharing relationships between nodes and paths, moreover, we also take the energy cost into consideration when mounting an attack. However, MA still suffers from limitations, it pays little attention to the relationship between the attacking efficiency and the attacking cost.
3 Preliminaries
In this section, the background knowledge is introduced for comprehending the notions of the node compromise in VANET.
3.1 Network backbone
In the wired network, a network backbone is a part of the network infrastructure that interconnects various pieces of network, providing a path for the exchange of information between different subnetworks. Similarly, in the static network, such as the ad-hoc networks or wireless sensor networks, the network backbone is usually created for data transmission and aggregation, which reduces the transmission cost, balances the load and prolongs the lifetime.
Whereas in VANET, since all the nodes are moving all over, it is difficult to model the movements or the communications of the nodes. To solve this problem, Almahorg et al. proposed a scheme for establishing the virtual backbones of the network [2]. In their scheme, a set of nodes that have higher probabilities of meeting other vehicles in the future will be selected to construct the backbone of the vehicular network.
As the backbone of the network plays an important role in connecting the piece of the network, therefore, when designing the attacking algorithm, we tend to destroy the backbone. Therefore, how to construct the backbone is a critical issue.
3.2 Dominating set
To dominate the network, the attacker should control the network backbone. However, nodes are moving over time, it is impossible to create a fixed backbone. To solve this problem, we construct the virtual backbone of the network. We establish the Connected Dominating Set (CDS) [14] as the virtual backbone to balance the load and maintain the connectivity. As the connected dominating set is constructed based on the Dominating Set (DS), first, we give the definition of the dominating set.
Definition
Dominating Set: A dominating set of a network G = (N, L) is a subset of nodes DS, such that every node not in DS is joined to at least one member of DS by some edge. N is the set of nodes and L is the set of wireless links between two nodes.
The definition of the dominating set points out that every link has at least one end in DS. Obviously, if the attacker can control all the nodes in DS, all the communications will be eavesdropped. Therefore, from the adversarial view, the attacker tends to compromise the dominating set so as to wreck the safety of VANET.
3.3 Connected dominating set
When the attacker attempts to compromise the network, he repeatedly injects the malware to common nodes. As the subsets of the DS locate isolated from each other (refer to Section 4.2, Fig. 1b), it may take a long time for the attacker to wait until his dominated nodes meet with another subset of the DS. To avoid waiting for other subsets, we choose a set of nodes to connect the isolated subset of the dominating set together. Finally we get the connected dominating set, which is defined as below:
An example of constructing DS and CDS. a the network model, b the dominating set and c the connected dominating set
Definition
Connected Dominating Set: Every node in G either belongs to DS or is adjacent to a node in CDS.
In our method the connected dominating set is constructed representing the (virtual) network backbone. When mounting the node compromise attack, the attacker only needs to attack the nodes in CDS.
3.4 Network model
The network is composed of a set of homogeneous nodes (i.e. the vehicles), which can be represented by a unit disk graph G(N,L). Two nodes are neighbors if and only if they are covered by each other’s disk.
To establish a secure link between neighboring nodes, key pre-distribution or key negotiation protocols are used. By implementing specific key pre-distribution protocols, the shared keys between nodes are set up. Nodes within each others’ transmission range are able to exchange messages which are encrypted by the keys. This manner ensures the confidentiality and safety of the network transmission. As the key establishment or key negotiation protocol varies from one to another, it is difficult to describe the shared keys between nodes under in a general way [15]. In our work, regardless of the specific key distribution scheme, the probability that two neighboring nodes can directly establish a secure communication or in other words, share at least one key is denoted as α. As a result, when developing a general method in formalizing the node compromise attack, there is no need to consider what key pre-assignment protocol is implemented. We only need to focus on the influence of variable α to the attacking efficiency.
3.5 Nodal mobility model
For the dynamicity of the VANET, it is difficult to determine (1) the nodal mobility model and (2) the departure places and the destinations of the traces.
Without loss of generality, when modeling the movement of the vehicles, the patterns of movements of the nodes are characterized by two basic models: 1) the Continuous-time Markov Chain (CMC) model [3, 34] and 2) the Random WayPoint model (RWP) [4]. However, CMC and RWP sometimes cannot reflect the real circumstances in the simulation. To overcome this shortcomings, in our works, we apply three more nodal mobility models in VANET.
Since the VANET is a special application of the opportunistic network, the intermeeting time plays an important role in influencing the performances of the network, therefore, in our works, we assume all the vehicles are running in a closed region whose original locations are random. Each time, a node selects a destination. After arriving the destination, it will repeatedly choose another place as the destination.
3.5.1 Basic movement model
-
1.
Continuous-time Markov Chain (CMC) [34], in CMC, the region of the system is divided into a M parts. Each node maintains a matrix, indicating the conditional probability of moving from the current place to another. When calculating the destination, each node will refer to the probability matrix.
-
2.
Random WayPoint model (RWP), RWP is a random model for the movement of the mobile nodes in the VANET [32]. The location, velocity and acceleration are changing all over the time. Because of its simplicity and availability, it is regarded as the ”benchmark” mobility model to evaluate the performance of schemes in mobile VANET network.
Moreover, in our paper, we applied three movement models in VANET to acquire more realistic and convincing results.
3.5.2 Movement model in VANET
We mainly analyze the results of our attacking scheme in the following schemes in VANET.
-
1.
Freeway Mobility Model(FMM) [21], the vehicles are simulated in the highway, in which the intelligent driver model [18] is applied.
-
2.
Manhattan Mobility Model(MMM) [30], streets are arranged in a Manhattan style grid, with a uniform block size across the simulation area.
-
3.
Car Following Model(CFM) [24], cars are traveling in flows.
3.6 Adversary model
The objective of the attacker is to eavesdrop the messages transmitted through the compromised nodes in order to destroy the confidentiality and privacy of the user data. The adversary is considered to have the ability and resources to physically capture nodes, spread the malware from compromised nodes to infect the common nodes. In the node compromise attack, a normal node a will be compromised by a compromised node b if 1) a and b have shared keys, and 2) a and b are neighboring at a time.
The process of one round attack of the node compromise attack can be summarized as below:
-
1.
Choose an attacking target a.
-
2.
Choose a node b, who has shared keys with a to transmit malware.
-
3.
When the distance between a and b is shorter than the communication range, b will send the malware to a.
-
4.
The attacker controls a.
3.7 Node recovery model
We consider the compromised nodes can be revoked or recovered [11, 12]. In that case, the keys will be re-assigned. The adversary cannot manipulate the revoked or the recovered node. Hence, to destroy the security and confidentiality of the network, the adversary should compromise more nodes.
In our model, the network is additionally implemented with a defender. He periodically recovers the compromised nodes and re-assigns keys for such a node so as to reduce the size of the compromised node set. This manner reduces the number of the compromised nodes in the network so as to guarantee the confidentiality of the packet transmission process.
4 Node compromise using CDS
After constructing the related models in the VANET, in this section, we propose a general way of modeling the node compromise in VANET.
4.1 Constructing the CDS
To establish the CDS, each node needs to maintain a list recording the Future Intermeeting Probability (FIP). When estimating the FIP, the knowledge of previous intermeeting time is used. The FIP of node i meeting j is calculated as:
Where T i, j is the intermeeting time between i and j. T i is the time of i staying in the system. For example, vehicle i has a sojourn time of 100 s, T i = 100, if the intermeeting time between i vehicle j is T i, j = 23s, we can obtain the probability that i and j will have a intermeeting probability of 0.23.
After calculating FTP for all the nodes, we construct the backbone of the network by setting up the CDS, which has two steps: 1) constructing the dominating set (as shown in Algorithm 1) and 2) connect the dominating set as the connected dominating set (as shown in Algorithm 2).
In Algorithm 1, the way of constructing the dominating set is illustrated. N(i) stands for nodes, which are the neighbors and have common keys with i. The attacker selects the maximum FIP node for all the nodes to construct the dominating set. As the dominating set may contain several isolated subsets, the attacker needs to connect them together for mounting a centralized version attack. Therefore, after DS is established, the attacker finds other nodes to connect the dominating set together. The way of establishing the CDS is shown in Algorithm 2.
In Algorithm 2, the attacker is looking for a kind of nodes whose neighbor nodes connect a dominating set and have the maximum FIP within neighboring nodes. After finishing Algorithms 1 and 2, the connected dominating set is established. Although VANET is a dynamical network, the constructed connected dominating set will not change with the time. It only relates to the mobility model of the vehicles. As the DS and CDS of the static network are also stable, our method is suitable for both static network and the dynamic network.
4.2 An example of DS and CDS
To illustrate the process of constructing the DS and CDS, we propose a simple case. In our scenario, 100 vehicles (the yellow points) are randomly deployed in a 200 × 200 meters closed region, and all them comply with the RWP model.
As shown in Fig. 1a, each node establishes links with neighboring nodes (the blue lines). In Fig. 1b, we construct the dominating set (the black points) by referring to Algorithm 1. To connect the dominating set and ensure the connectivity, in Fig. 1c we select a set of nodes (the red points) to connect the dominating set. As a result the connected dominating set of the network is made up of the red nodes and the black points.
From Fig. 1, we notice that there exists some DS or CDS nodes, which are isolated. That’s because, at that time the distance between that node and others are beyond of the communication range or they do not have common keys. Such a node cannot exchange its messages with others. But with the simulation running on, after the isolated nodes move to high node density place, they will establish links with others.
4.3 General attack based on CDS
After establishing the CDS, we propose a general attack algorithm, which is shown in Algorithm 3.
The general attack proceeds as follows. Originally, all the nodes are deployed in the network, by applying specific key pre-distribution method, nodes can establish links with neighboring nodes with certain probability α. After finishing network initialization, we establish the CDS of the network. Then the attacker selects the target vehicle. The process of finding the attacking target depends on the way of the attack. It can be achieved in a centralized or distributed way. The detailed information of this process is illustrated in the next two sections.
When attacking, in each round, the attacker should find out a target node that can lead to the maximum destructiveness. In our methods, we define the destructiveness value SK(i) to express the number of vehicles who have shared keys with node i. For example, as shown in Fig. 2 there are 6 vehicles, three vehicles a, b and c are selected as the network backbone of the network. We express the key sharing relationship between vehicles in the figure. We use Table 1 to illustrate the key sharing relationships, at the end of each row, we calculate the sum of each row to get the value of SK().
An example
From Table 1, we note that attacking b will cause the maximum destructiveness.
In each round, the attacker checks if the network is compromised. If not, the attacker will continue to find the attacking target. This process will be iteratively executed until the network is compromised and the set of the compromised nodes will be returned as the output of the algorithm.
The general attack algorithm provides a common method for illustrating the node compromise attack in the VANET network. It only relates to connected dominating set, which is fixed from beginning to the end. Therefore, the general attack is suitable for both the static and dynamic network. That’s because, no matter in static or dynamic network, the attacker can still construct the deterministic connected dominating set.
In the following sections, we propose the centralized and distributed version of attacks based on Algorithm 3.
4.4 Centralized attack
Since the node compromise attack in wireless networks can be categorized into two types, the centralized version and the distributed version. Similarly, we propose two version of attacks based on the general attack.
Centralized attack based on Connected Dominating Set (CCDS): As illustrated in Section 3.6, in the centralized attack, the adversary chooses the target node to mount an attack by analyzing the network model, the movement model and the spread model of the system to determine which node to attack. Therefore, the most prominent task is to find out the node that can lead to maximum destructiveness. Since all the nodes in CDS are connected. After compromising one node, the attacker can intentionally control the compromise node to infect the normal nodes in the CDS so as to quicker compromise the network.
In the centralized attack, when finding the attacking target, as shown in Algorithm 4, the adversary calculate the value of SK() for the neighbor nodes of all the compromised nodes. Then he finds out the node with the maximum value to mount an attack. This manner ensures that in each attacking round, the node selected by the attacker will cause the maximum damages to the network connectivity, which promotes the attacking efficiency.
We give an example for illustrating the centralized attack in Fig. 3. On time t 0, the attacker compromises a car in yellow. Then on time t 1, the attacker needs to find a neighboring vehicle to mount an attack. As shown in the figure, another car in yellow is selected as the next attacking target.
An example of CCDS
4.5 Distributed attack
Distributed attack based on Connected Dominating Set (DCDS): In the distributed attack, attacking one node is independent of others. The attacker can choose any node in the CDS to attack. In fact, the distributed attack omits the malware spreading process of the centralized attack. The attacking capability of the adversary in the distributed attack is stronger than that of the centralized attack.
In the DDCS, in each round the attacker needs to find the attacking target. As shown in Algorithm 5, the attacker firstly records the key sharing relationship and calculates the value of SK(). After that, the attacker finds the vehicle with the maximum SK() and returns the index of the vehicle as the output of the algorithm.
Similar to CCDS, we give an example for illustrating the DCDS attack in Fig. 4. On time t 0, it is the same as Fig. 3. But on time t 1, the adversary can find any node in the system to attack, no need to find a neighboring vehicle to attack.
An example of DCDS
Compare the examples in Figs. 3 and 4, we note that in the distributed attack, the attacker has more choices in finding the target vehicle.
5 Simulations and discussions
In this section, several simulations are conducted to show the performance of DCDS and CCDS.
5.1 Experiment setup
The experiment parameters are listed in Table 2.
In several experiments, we illustrate the influence of the node recovery to the attacking efficiency. Node recovery frequency is defined as the frequency the defender recovers a node.
To highlight the performance of our proposed scheme, we compare DCDS and CCDS with two node compromise attack algorithms: random attack and epidemic attack. Random attack is a distributed attack, in which the attacker randomly selects a node to compromise. We use it as a benchmark for comparing the attacking efficiency. Epidemic attack is proposed in references [11, 12], it is a centralized version of attack. The attacker spreads the malware to the nearby vehicles so as to compromise the network.
In the simulation, r is defined as the ratio of the compromised nodes, which indicates attacking efficiency. Higher ratio represents higher efficiency. r is calculated as follows:
where | C n | is the number of compromised nodes and | N | stands for the number of nodes in the network. When calculating the number of the compromised nodes, we consider the direct compromised nodes and indirect compromised nodes.
The direct compromised nodes stand for the nodes are infected by malware or physically compromised by the attacker. The indirect compromised nodes indicate that all the neighboring nodes are compromised. In that case, all the messages sent by an indirect compromised node will be eventually eavesdropped. Therefore, we regard this kind of node as a compromised node. But with time going on, when it meets other common nodes, it can still transmit packets without being eavesdropped.
5.2 Attacking efficiency under RWP and CMC
To show the attacking efficiency of DCDS and CCDS when all the nodes comply with RWP and CMC mobility model. We create a closed, rectangular region of 50000 m × 50000 m, with 10000 vehicles randomly deployed. Each time a node determines a destination, after arriving that place, it will selectively choose another destination based on the movement model. We use the DCDS and CCDS to attack the vehicles to destroy the network security. In Figs. 5 and 6, the x-coordinate indicates the number of nodes compromised by the attacker, the y-coordinate stands for the ratio of the compromised nodes.
Attacking efficiency of the random waypoint model a without node recovery mechanism, b with node recovery mechanism
Attacking efficiency of the CMC a without node recovery mechanism, b with node recovery mechanism
5.2.1 RWP
In this simulation, we analyze the attacking efficiency of the node compromised attack when vehicles comply with RWP.
As shown in Fig. 5a, we note that the ratio of DCDS and CCDS are higher than other attacking methods. The reason is that these two methods are designed based on the connected dominating set of the network, which creates a virtual backbone of the network. The nodes in the connected dominating set play more important roles than other nodes in communication. They have higher opportunities to contact with others, therefore, attacking this kind of nodes can cause more damages than other nodes. The attacking efficiency of DCDS is higher than CCDS, because DCDS can select any node in CDS without the geographical neighboring constraint as CCDS. Therefore the destructiveness is higher than CCDS. Epidemic attack and random attack do not consider the influence in terms of topology and movements of the nodes, therefore, the attacking efficiencies are lower than DCDS and CCDS.
In Fig. 5b, the node recovery mechanism is implemented. The compromised nodes will be revoked independently at random. The attacking efficiencies of the four algorithms increase slower than Fig. 5b. The attacking efficiency of DCDS and CCDS are still higher than random attack and epidemic attack.
5.2.2 CMC
In this simulation, all the nodes comply with continuous Markov chain model.
From Fig. 6, we note that, the attacking efficiency of DCDS and CCDS are higher than the epidemic attack and the random attack. The reason is nearly the same as the that of the RMP model. We can conclude that, attacking the backbone of the network can induce more destructiveness to the network. The attacking efficiency of DCDS and CCDS are higher than random attack and epidemic attack.
5.3 Attacking efficiency in SUMO
The following simulations were constructed based on the Simulation for Urban MObility platform (SUMO) [23]. SUMO is an open source traffic simulation package including net import and demand modeling components. A region in the city of Las Vegas was downloaded from the OpenStreetMap [39] application for simulating the performance of CFM model, shown in Fig. 7 and abstracted into Fig. 8. When generating the flow of cars, we use MOVE [24] as our tools.
Map of Las Vegas
The abstracted map for CMM
For better illustrating that our scheme is suitable for VANET, we use Figs. 9 and 10 to simulate the performance of the system on SUMO by using MMM and CFM mobility models.
The map for MMM mobility model
The map for CFM mobility model
In our experiments, we selected a rectangular area of 50000 by 50000 m. We randomly generated 10000 vehicles with an average vehicle speed of 30 km/h. We set this region as a closed region. The departure place and the destination of each vehicle are randomly selected from the map. Each time a node determines a destination, after arriving the destination, it will selectively choose another destination based on the movement model. When calculating the trip to the destination, the vehicles adopt the Dijkstra algorithm to find the nearest way.
In Fig. 11, the x-coordinate indicates the number of nodes compromised by the attacker, the y-coordinate stands for the ratio of the compromised nodes.
Attacking efficiency of homogeneous VANET a without node recovery mechanism in CFM, b with node recovery mechanism in CFM c without node recovery mechanism in MMM, d without node recovery mechanism in MMM, e with node recovery mechanism in CMM and f without node recovery mechanism in CMM
5.3.1 Homogeneous VANET
In this simulation, the network is deployed with homogeneous vehicles in three different vehicle movement models: CFM, MMM and CMM.
When applying CFM, from Fig. 11 we note that, the attacking efficiency of DCDS and CCDS are higher than epidemic attack and the random attack whether the node recovery mechanism is implemented or not. The reason is nearly the same as Section 5.2.2.
When MMM is used, and the roads are deployed as Fig. 9. The density of the vehicles are nearly balanced anywhere, therefore, attacking the vehicles in such a condition will cause a higher fraction of the compromised traffic, therefore the attacking efficiency is higher than that in CFM.
In CMM, the attacking efficiency is also higher than CFM, that’s because in our simulation, we only use one cross road, the node density is also higher than CFM, and attacking this nodes will cause higher destructiveness than CFM, therefore leading to a higher fraction of the compromised traffic.
5.4 Characteristic analysis
In this section, we analyze other factors may influence the attacking efficiency. We still use the SUMO to simulate the movements of the vehicles. The parameters are the same as the experiments in Section 5.3.1 using the map of Las Vegas.
5.4.1 Vehicle speed
In this simulation, we analyze the influence of the vehicle speed to the attacking efficiency.
As shown in Fig. 12, when the speed is 20 k m / s, the attacking efficiency is the lowest, with the speed rises, the efficiency is promoted. The reason is that when the speed is higher, each node can move faster, so that they have a higher probability to meet with other nodes. Therefore, when estimating the probability of meeting with others, a more accurate FIP list will be obtained. As a result, a more precise network backbone will be constructed by the attacker. When attacking, the attacker can more explicitly figure out which node will cause the maximum destructiveness. Therefore the attacking efficiency is the highest.
Attacking efficiency under different vehicle speed
In conclusion, the higher speed will lead to higher efficient node compromise attack.
5.4.2 Communication range
In this experiment, we discuss the effect of the communication range of the vehicles in the network.
From Fig. 13, we note that when the communication is 200, the attacking efficiency is the lowest. The longer communication range will lead to lower attacking efficiency. When the nodes are implemented with the short communication range, each node has only a small number of nodes to contact. Hence, the list for recording the FIP is small. From an adversarial view, only attacking a small set of nodes, which are nearby will cause that node to become an indirect compromised node, which is easy to be realized. As a result, the attacking efficiency in such a condition is high.
Attacking efficiency under different communication range
We can conclude that, the shorter communication range can enhance the attacking efficiency.
5.4.3 Key sharing probability
In this experiment, we analyze the influence of the key sharing probability to the attacking efficiency. The key sharing probability determines the number of nodes a node can communicate with. Figure 14 depicts the influence of the key sharing probability. We note that, when α = 0. 1, the attacking efficiency is the highest. Higher key sharing probability leads to lower attacking efficiency. That’s because, higher α indicates more nodes to communicate with, so the list for recording the FIP is big. Therefore, the attacking efficiency is low.
Attacking efficiency under different key sharing probability
We conclude that, the smaller key sharing probability can enhance the attacking efficiency.
6 Conclusions and future study
In this paper, we focus on studying the effect of the node capture attack. We propose a general attack model based on the connected dominating set for modeling the node compromise. In the network, we establish the connected dominating set as the network backbone. Then we propose a general algorithm for modeling node capture attack. A centralized attack and a distributed attack are developed which aim at destroying the connected dominating set of the network. At last, we conduct several experiments to clarify and testify the advantages of our scheme under different network parameters. We analyze other factors may influence attacking efficiency.
In the future, our attentions will be paid to the following research issues:
-
1.
Study the way of constructing dynamical network backbone for the node compromise attack.
-
2.
Researching the attacking efficiencies under different nodal mobility models.
-
3.
Analyze the infective model of the malware and discuss the relationship between the attacking efficiency and nodal mobility model, which will provide insights for developing other attacks in the mobile networks.
References
Akyildiz IF, Su W, Sankarasubramaniam Y, Cayirci E (2002) Wireless sensor networks: a survey. Comput Netw 38(4):393–422
Almahorg K, Basir O (2008) Simulation-based performance comparison of vanets backbone formation algorithms. In: Proceedings of the 2008 12th IEEE/ACM international symposium on distributed simulation and real-time applications. IEEE Computer Society, pp 236–242
Aziz A, Sanwal K, Singhal V, Brayton R (2000) Model-checking continuous-time markov chains. ACM Trans Comput Logic (TOCL) 1(1):162–170
Bettstetter C, Hartenstein H, Pérez-Costa X (2004) Stochastic properties of the random waypoint mobility model. Wirel Netw 10(5):555–567
Bonaci T, Bushnell L, Poovendran R (2010) Node capture attacks in wireless sensor networks: a system theoretic approach. In: 2010 49th IEEE conference on decision and control (CDC). IEEE, pp 6765–6772
Bonaci T, Bushnell L, Poovendran R (2010) Probabilistic analysis of covering and compromise in node capture attacks. Network Security Lab (NSL), Seattle. Techical Report 1
Chan H, Perrig A, Song D (2003) Random key predistribution schemes for sensor networks. In: Proceedings. 2003 symposium on security and privacy, 2003. IEEE, pp 97–213
Chan K, Fekri F (2007) Node compromise attacks and network connectivity. In: Defense and security symposium, pp 65,780W–65,780W. International Society for Optics and Photonics
Chi Lin GW (2013) Enhancing the attacking efficiency of the node capture attack in wsn: a matrix approach. J Supercomput
Dai F, Wu J (2004) An extended localized algorithm for connected dominating set formation in ad hoc wireless networks. IEEE Trans Parallel Distrib Syst 15(10):908–920
De P, Liu Y, Das SK (2006) Modeling node compromise spread in wireless sensor networks using epidemic theory. In: Proceedings of the 2006 international symposium on on world of wireless, mobile and multimedia networks. IEEE Computer Society, pp 237–243
De P, Liu Y, Das SK (2009) Deployment-aware modeling of node compromise spread in wireless sensor networks using epidemic theory. ACM Trans Sens Netw (TOSN) 5(3):23–50
Ergun M, Levi A, Savas E (2011) Increasing resiliency in multi-phase wireless sensor networks: generationwise key predistribution approach. Comput J 54(4):602–616
Fasolo E, Zanella A, Zorzi M (2006) An effective broadcast scheme for alert message propagation in vehicular ad hoc networks. In: IEEE international conference on communications, 2006. ICC’06, vol 9. IEEE, pp 3960–3965
Felice MD, Bedogni L, Bononi L (2012) Group communication on highways: an evaluation study of geocast protocols and applications. Ad Hoc Netw 11(7):818–832
Golle P, Greene D, Staddon J (2004) Detecting and correcting malicious data in vanets. In: Proceedings of the 1st ACM international workshop on vehicular ad hoc networks. ACM, pp 29–37
Guette G, Ducourthial B (2007) On the sybil attack detection in vanet. In: IEEE internatonal conference on mobile adhoc and sensor systems, 2007. MASS 2007. IEEE, pp 1–6
Haerri J, Filali F, Bonnet C (2006) Performance comparison of aodv and olsr in vanets urban environments under realistic mobility patterns. In: Proc. of 5th IFIP mediterranean ad-hoc networking workshop (Med-Hoc-Net-2006), Lipari
Hao Y, Cheng Y, Ren K (2008) Distributed key management with protection against rsu compromise in group signature based vanets. In: Global telecommunications conference, 2008. IEEE GLOBECOM 2008. IEEE, pp 1–5
Hasbullah H, Ahmed Soomro I, Ab Manan Jl (2010) Denial of service (dos) attack and its possible solutions in vanet. World Acad Sci Eng Technol (WASET) 65:411–415
Husain A, Kumar B, Doegar A (2011) Performance evaluation of routing protocols in vehicular ad hoc networks. Int J Internet Protocol Technol 6(1):38–45
Isaac JT, Zeadally S, Cámara JS (2010) Security attacks and solutions for vehicular ad hoc networks. IET Commun 4(7):894–903
Karnadi FK, Mo ZH, Lan KC (2007) Rapid generation of realistic mobility models for vanet. In: IEEE Wireless communications and networking conference, 2007. WCNC 2007. IEEE, pp 2506–2511
Khairnar VD, Pradhan S (2011) Mobility models for vehicular ad-hoc network simulation. In: 2011 IEEE symposium on computers & informatics (ISCI). IEEE, pp 460–465
Kim DS, Suh YK, Park JS (2007) Toward assessing vulnerability and risk of sensor networks under node compromise. In: 2007 international conference on computational intelligence and security. IEEE, pp 740–744
Laurendeau C, Barbeau M (2006) Threats to security in dsrc/wave. In: Ad-hoc, mobile, and wireless networks. Springer, pp 266–279
Leinmuller T, Schmidt RK, Schoch E, Held A, Schafer G (2008) Modeling roadside attacker behavior in vanets. In: 2008 IEEE GLOBECOM workshops. IEEE, pp 1–10
Lin X, Lu R, Zhang C, Zhu H, Ho PH, Shen X (2008) Security in vehicular ad hoc networks. IEEE Commun Mag 46(4):88–95
Lo NW, Tsai HC (2007) Illusion attack on vanet applications-a message plausibility problem. In: 2007 IEEE Globecom Workshops. IEEE, pp 1–8
Martinez FJ, Toh CK, Cano JC, Calafate CT, Manzoni P (2011) A survey and comparative study of simulators for vehicular ad hoc networks (vanets). Wirel Commun Mob Comput 11(7):813–828
Mishra AK, Turuk AK (2011) Adversary information gathering model for node capture attack in wireless sensor networks. In: 2011 international conference on devices and communications (ICDeCom). IEEE, pp 1–5
Saha AK, Johnson DB (2004) Modeling mobility for vehicular ad-hoc networks. In: Proceedings of the 1st ACM international workshop on Vehicular ad hoc networks. ACM, pp 91–92
Sampigethaya K, Li M, Huang L, Poovendran R (2007) Amoeba: robust location privacy scheme for vanet. IEEE J Select Areas Commun 25(8):1569–1589
Samuel H, Zhuang W, Preiss B (2009) Dtn based dominating set routing for manet in heterogeneous wireless networking. Mob Netw Appl 14(2):154–164
Tague P, Poovendran R (2007) Modeling adaptive node capture attacks in multi-hop wireless networks. Ad Hoc Netw 5(6):801–814
Tague P, Poovendran R (2008) Modeling node capture attacks in wireless sensor networks. In: 2008 46th annual Allerton conference on communication, control, and computing. IEEE, pp 1221–1224
Tague P, Slater D, Rogers J, Poovendran R (2008) Vulnerability of network traffic under node capture attacks using circuit theoretic analysis. In: IEEE INFOCOM 2008. The 27th conference on computer communications. IEEE, pp 161–165
Tague P, Slater D, Rogers J, Poovendran R (2009) Evaluating the vulnerability of network traffic using joint security and routing analysis. IEEE Trans Depend Secure Comput 6(2):111–123
Tomandl A, Scheuer F, Federrath H (2012) Simulation-based evaluation of techniques for privacy protection in vanets. In: 2012 IEEE 8th international conference on wireless and mobile computing, networking and communications (WiMob). IEEE, pp 165–172
Wan PJ, Alzoubi KM, Frieder O (2002) Distributed construction of connected dominating set in wireless ad hoc networks. In: INFOCOM 2002. Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE, vol. 3, pp. 1597–1604. IEEE
Wu G, Chen X, Obaidat MS, Lin C (2012) A high efficient node capture attack algorithm in wireless sensor network based on route minimum key set. Secur Commun Netw
Yan G, Olariu S, Weigle MC (2008) Providing vanet security through active position detection. Comput Commun 31(12):2883–2897
Yang S, Wu J, Dai F (2008) Efficient directional network backbone construction in mobile ad hoc networks. IEEE Trans Parallel Distrib Syst 19(12):1601–1613
Zhou L, Haas ZJ (1999) Securing ad hoc networks. IEEE Netw 13(6):24–30
Acknowledgments
This research is sponsored in part by the National Natural Science Foundation of China and the Fundamental Research Funds for the Central Universities (contract/grant number: No. 61173179 and No.61202441). This research is also sponsored in part supported by the Fundamental Research Funds for the Central Universities (No. DUT13JS10).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lin, C., Wu, G., Xia, F. et al. Enhancing Efficiency of Node Compromise Attacks in Vehicular Ad-hoc Networks Using Connected Dominating Set. Mobile Netw Appl 18, 908–922 (2013). https://doi.org/10.1007/s11036-013-0469-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-013-0469-4