Incorporation of Smart Transportation Security

By: Mrunal K. Shende

Smart transportation security is becoming more prevalent due to the increasing number of devices connected to the network. An attacker can easily access the mobility’s internal dedicated system or use it for unauthorized purposes. This short article aims to provide an overview of the various security frameworks that are used in smart transportation systems [1-4].

Intelligent transportation systems (ITS) can be used for increasing efficiency by reducing congestion. However, the lack of security in these systems can lead to a significant loss of resources. IoT devices are vulnerable to cyber-attacks because they are frequently not updated with the latest security patches. AI-based transportation systems are also vulnerable to hacking because they depend on data collected from sensors, cameras, and other IoT devices that are not fully secured. Due to the increasing number of uses of IoT, wireless communication is becoming more robust. But as with increasing technology, there is also equal number of threats that need to be disparaged.

Introduction

Vehicle communication is a process that involves constant communication with each other. This technology can help make the driving experience smoother and safer. Since vehicles are now connected to the internet, they are more vulnerable to various types of cyber-attacks. An attacker could potentially cause a life-threatening situation by taking over the vehicle’s internal systems.

Let’s take GPS for understanding, GPS is an integral part of our lives, it makes transportation comfortable and secure. However, if an attacker gets into the system, it can corrupt the data and take us to the wrong destination. Smart cities are becoming more prevalent in many countries. One of the main components of smart security is Smart transportation. This is mainly due to the implementation of wireless Ad-Hoc networks for smart transportation [6-10].

Challenges and Solutions

 Smart transportation security is a most needed aspect in the whole ITS to work smoothly. The operations of ITS are entirely under the control of the embedded software in the vehicle. If a remote attacker gets into the system, they can control the vehicle’s operations. This makes it possible for them to modify the system’s settings remotely.

The real challenge in making counter-attacks is to make the security framework system have less overhead. A packet traveling with more overhead will consume more time getting acknowledged and more time for a reply. with this, our system is mobile and it can take long time to respond to an attack. Some categories of attacks are Active – Passive, Local – Extended, External – Internal.

The most important things in cyber security are Confidentiality, Integrity, and Availability called CIA triad in cyber security. If one of these falls whole security structure will fail. Attackers main aim is to disturb any of the (whether it may integrity, confidentiality or availability) CIA triad in order to harm the victim. Below we have discussed some major and popular attacks on this triad. There are various attacks performed by attackers on the availability of the system

1. Attacks on Availability:

Denial of service (DoS) Attack

It is the most common and typical attack performed [5]  on the availability of the resources in the ITS. performing a DoS attack by a single person is expensive and time consuming, so by using latest technologies attackers are able to perform distributed DoS attacks, where they use different machines from different locations (the possibility is some of them are zombie machines), and this is a very effective mechanism. DoS attacks basically exhaust the resources like proceeding power, bandwidth, and memory so that the legitimate user can’t access the resource.

There are various counters available that will mitigate the chances of getting attacked by DoS:

• Cryptographic counter:
• We can use digital signature algorithm like [8]
  • Elliptic Curve Digital Signature algorithm: where we use digital signatures to authenticate the legitimate user by sending digital signature created using ECDSA along with the original message.
  • TESLA (Timed Efficient stream loss-tolerant Authentication)
  • TESLA++ (Timed Efficient stream loss-tolerant Authentication)
  • VAST (VANET authentication using signature and TESLA)
  • FastAuth and SelAuth
  • PBA (Prediction based Authentication)

• Ant colony Optimization:
  • This is best suited for the black-hole attack which is a form of DoS attack [6]. This optimization technique is used to find the malicious packet and drop that packet or reject that packet or send that packet on other irrational route. Algorithm gives values for pheromone and trust to the route and the node which has low values in pheromone and trust are considered malicious and are dropped.

• Other examples of attack on availability are:
  • Black-hole attack,
  • Malware attack,
  • Jamming,
  • Broadcast Tampering/Spamming,
  • Flooding etc.

2. Attack on Authenticity

By using this, attacker can get into the system, acting like it’s a legitimate user. Some attacks in this category are:

Sybil attack: It’s a kind of Identity theft attack but on a different level. Here also attacker creates fake identities and use them to get into the system as a legitimate user. this attack is also used in launching distributed denial of service attacks. this can paralyze the whole system.

There are various Sybil defense techniques available and categorized into three. [3]

• Trusted certificates
• Resource Testing Based scheme
• Social Network Based scheme

Wormhole attack is also one of the attacks which attacks authenticity.

Other attacks on authenticity are:

• Brute force attack
• Impersonation Attack
• Password sniffing
• Spoofing
• Man in the middle

The safest solution for authentication is authentication using Virtual certificates: the virtual certificates will be given to each vehicle before just before the faulty vehicles (with malicious intent) are discovered based on a threshold value.

Some other reliable authentication schemes are [1]:

• Public Key Based authentication schemes,
• Identity Based authentication schemes.
• Group Signature Based Authentication,
• symmetric Key based Authentication scheme

3. Attack on Integrity

The main aim of the attacker in this category is to change the exchange of messages between network members.

Some popular attacks under this category are –

Replay attack: this attack has a close resemblance with Man in the middle attack, where the attacker eavesdrops on the user’s network communication. As an example, let’s take OTP for the user which is valid only for 2 minutes, then attacker can capture the OTP and transmit when the time is up. this is the replay attack.

Timing attacks and bush telegraph attacks are other popular attacks that come [4] under attacks on integrity.

Some other attacks which also comes under attack on integrity are:

• Message alteration attacks,
• Message Fabrication Attack,
• Incorrect Data Injection Attack.

We can Avoid Attacks on integrity by using Trusted Platform Module (TPM) [8]. TPM maintains the security of the channel or nodes by using strong cryptographic schemes. TPM plays a major role in acting against the Timing Attack which defects the integrity of data.

Bush Telegraph also works against the attacks which provide bogus information to the network or in case of VANET work against the vehicles which are feeding the fake information to the surrounding vehicles in the network.

Conclusion

Here we have briefly introduced the concept of ITS and learned various aspects of VANET. Moreover, we have seen the counters and challenges faced in order to secure the ITS (VANET). we have learned about various mitigation techniques against various attacks. So along with the pros, we got some cons as in ITS, Security is the main major concern to look out for. As technology is increasing and everything going online or wireless the attackers are also being active more .so we need to take things seriously with the security and safety in ITS (Intelligent Transportation System).

References:  

1. Lamssaggad, A., Benamar, N., Hafid, A. S., & Msahli, M. (2021). A Survey on the Current Security Landscape of Intelligent Transportation Systems. IEEE Access, 9, 9180-9208.
2. Fatemidokht, H., Rafsanjani, et al. (2021). Efficient and secure routing protocol based on artificial intelligence algorithms with UAV-assisted for vehicular Ad Hoc networks in intelligent transportation systems. IEEE Transactions on Intelligent Transportation Systems.
3. Prathiba, S. B., Raja, G., et al. (2021). SDN-assisted Safety Message Dissemination Framework for Vehicular Critical Energy Infrastructure. IEEE Transactions on Industrial Informatics.
4. Al‐Qurishi, M., Rahman, S. M. M., Alamri, A., Mostafa, et al. (2018). SybilTrap: A graph‐based semi‐supervised Sybil defense scheme for online social networks. Concurrency and Computation: Practice and Experience, 30(5), e4276.
5. Sumra, Irshad & Hasbullah, Halabi & Ab Manan, Jamalul-Lail. (2014). Attacks on Security Goals (Confidentiality, Integrity, Availability) in VANET: A Survey. Advances in Intelligent Systems and Computing. 306. 10.1007/978-981-287-158-9_5.
6. Thilak, Deepa & Amuthan, A.. (2016). DoS attack on VANET routing and possible defending solutions — A survey. 1-7. 10.1109/ICICES.2016.7518892.
7. M. Dorigo, M. Birattari and T. Stutzle, “Ant colony optimization,” in IEEE Computational Intelligence Magazine, vol. 1, no. 4, pp. 28-39, Nov. 2006, doi: 10.1109/MCI.2006.329691.
8. Sumra, Irshad. (2012). Trusted computing in vehicular ad hoc network (VANET). Global Journal on Technology. Vol 1.
9. Bharat, M., Sree, K. S., & Kumar, T. M. (2014). Authentication solution for security attacks in VANETs. International Journal of Advanced Research in Computer and Communication Engineering, 3(8), 2278-1021.
10. Quyoom, A., Mir, A. A. and Sarwar, D. A. (2020) “Security Attacks and Challenges of VANETs : A Literature  Survey,” Journal of Multimedia Information System. Korea Multimedia Society – English Version Journal. doi: 10.33851/jmis.2020.7.1.45.

Cite this article

Mrunal K. Shende (2021) Incorporation of cyber security in intelligent transportation systems (ITS), Insights2Techinfo, pp. 1

Also Read

• 15 Most Popular Books on Electrical Vehicle Technologies
• Electric Vehicles: Future of Automobile Industry

1627120cookie-checkIncorporation of Smart Transportation Securityyes