Conference PaperPDF Available

Prevention of Timing Attack in Software Defined Named Data Network with VANETs

Authors:
Ahmad Arsalan at Bahria University
Ahmad Arsalan
Rana Asif Rehman at National University of Computer and Emerging Sciences (NUCES-FAST)
Rana Asif Rehman
  • National University of Computer and Emerging Sciences (NUCES-FAST)
Download full-text PDF
Read full-text
Download citation

Abstract

Software Defined Network (SDN) is getting popularity both from academic and industry. Lot of researches have been made to combine SDN with future Internet paradigms to manage and control networks efficiently. SDN provide better management and control in a network through decoupling of data and control plane. Named Data Networking (NDN) is a future Internet technique with aim to replace IPv4 addressing problems. In NDN, communication between different nodes done on the basis of content names rather than IP addresses. Vehicular Ad-hoc Network (VANET) is a subtype of MANET which is also considered as future Internet paradigm. Different vehicles communicate with each other to form a network known as VANET. Communication between VANET can be done in two ways (1) Vehicle to Vehicle (V2V) (2) Vehicle to Infrastructure (V2I). Combination of these techniques in future Internet can solve lot of problems which were hard to answer in single technique. Security in VANET is always challenging due to unstable topology of VANET. In this paper, we merge future Internet techniques and propose a new scheme to answer timing attack problem in VANETs named as ”Timing Attack Prevention (TAP)” protocol. Proposed scheme is evaluated through simulations which shows the superiority of TAP regarding detection and mitigation of attacker vehicles as compared to normal VNDN timing attack scenario.
Content uploaded by Rana Asif Rehman
Author content
All content in this area was uploaded by Rana Asif Rehman on Feb 15, 2019
Content may be subject to copyright.
Prevention of Timing Attack in Software Defined
Named Data Network with VANETs
Ahmad Arsalan
Department of Computer Science
National University of Computer and Emerging Sciences
Chiniot-Faisalabad Campus, 35400, Pakistan
Email: ahmadarslan31@gmail.com
Rana Asif Rehman
Department of Computer Science
National University of Computer and Emerging Sciences
Chiniot-Faisalabad Campus, 35400, Pakistan
Email: r.asif@nu.edu.pk
Abstract—Software Defined Network (SDN) is getting popu-
larity both from academic and industry. Lot of researches have
been made to combine SDN with future Internet paradigms to
manage and control networks efficiently. SDN provides better
management and control in a network through decoupling of
data and control plane. Named Data Networking (NDN) is a
future Internet technique with aim to replace IPv4 addressing
problems. In NDN, communication between different nodes done
on the basis of content names rather than IP addresses. Vehicular
Ad-hoc Network (VANET) is a subtype of MANET which is
also considered as a hot area for future applications. Different
vehicles communicate with each other to form a network known
as VANET. Communication between VANET can be done in two
ways (i) Vehicle to Vehicle (V2V) (ii) Vehicle to Infrastructure
(V2I). Combination of SDN and NDN techniques in future
Internet can solve lot of problems which were hard to answer
by considering a single technique. Security in VANET is always
challenging due to unstable topology of VANET. In this paper,
we merge future Internet techniques and propose a new scheme
to answer timing attack problem in VANETs named as Timing
Attack Prevention (TAP) protocol. Proposed scheme is evaluated
through simulations which shows the superiority of proposed
protocol regarding detection and mitigation of attacker vehicles
as compared to normal timing attack scenario in NDN based
VANET.
Index Terms—Content, Interest, Software Defined Networks,
Named Data Networking, Ad Hoc Networks, Vehicular Ad Hoc
Networks, Timing Attack
I. INTRODUCTION
As Internet is flourishing, network communication is be-
coming complex and error prone. Users need better and
efficient ways to communicate with each other. Due to increase
in Internet applications like online games, VoIP, and video
streaming, communication networks need better mechanism to
manage and control the complexity of the system. Complex
network system is composed of large number of switches,
routers or hubs. It is the duty of the network administrator to
compose and implement different protocols on large variety of
networks. The main problem occurs when administrator has
to implement these protocols through low stage commands
which are hard and complex to remember as well as they
have restricted tools to perform such actions on a network.
Therefore, management and control of a network is complex
and error sensitive.
Software Defined Network (SDN) [1] is a new emerging
field in computer networks with aim to manage and control
the network systems more easily and efficiently. SDN main
function is to separate the network devices (i.e. switches,
routers) from the control decisions. Its benefit is that it
strikingly change the management of a network from complex
to simple. There are two basic components of SDN (i) Control
plane (ii) Data plan. Control plane consist of SDN controller
which manages and control whole network while data plane
consists of switches or routers which forward the data to other
nodes. SDN controller can be programmable through simpler
interface.
Named Data Networking (NDN) [2] is a new technique in
computer networks with aim to overcome all the issues of
IPv4 addressing. In NDN, communication between different
nodes can be achieved through content names rather than their
IPv4 addresses. In this process, one or more nodes become
consumer or producer nodes. A consumer node is a node
which needs a specific data and producer node is a node which
contains that specific data and respond back to the consumer
node by sending requested data. This mechanism is used to
overcome the addressing limitation of IPv4 [3].
Another paradigm that is getting popular now a days is
Vehicular Ad-hoc Networks (VANETs). VANET is basically
a sub type of Mobile Ad-hoc Networks (MANETs)[4]. In
VANET, communication is done between vehicles in two
forms . (i) Vehicle to Vehicle (V2V) (ii) Vehicle to Infrastruc-
ture (V2I) [5]. In V2V, communication is done between two
or more different vehicles on highway. Packets are exchanged
between vehicles until the receiving vehicle received the
packets. In V2I, communication is done with vehicles and road
side units (RSUs). Road side units are static infrastructures
which can be in form of road side signals. Packets are ex-
changed between vehicles and RSU until the producer vehicle
received these packets. The packets exchanged in VANETs
are categorized into two types (i) Safety critical packets (ii)
Infotainment packets.
With the combinations of all these techniques different
security attacks can mitigate easily. Timing attack is one of
the attack that can be detected and mitigated using SDN
and NDN in VANETs. In timing attack an attacker node
exist in a network which add delay in safety critical packets.
247
2018 International Conference on Frontiers of Information Technology (FIT)
978-1-5386-9355-1/18/$31.00 ©2018 IEEE
DOI 10.1109/FIT.2018.00050
These packets can contain information about an accident, vip
protocol or traffic jam scenario.
Therefore, in this paper, by taking the advantages of SDN
and NDN communication paradigm in VANETs, we proposed
a mechanism to overcome the timing attack problem named as
Timing Attack Prevention (TAP) protocol. In TAP, a legitimate
vehicle detects an attacker vehicle while network controller is
used to mitigate that detected attacker.
The rest of this paper is organized as follows. In Section
II, we discussed detailed studies in terms of timing attack.
Section III defines the architecture of software defined named
data network with VANET. Then in section IV, we describe
the main research problem which we tackled in our scheme. In
section V, we presented our proposed scheme regarding timing
attack problem. Section VI provides the simulation results and
analysis, and finally the conclusions are presented in Section
VII.
II. RELATED WORK
In this section, we discuss some of the studies which are
done on software defined named data network with VANET
and on timing attack problem.
Ahmad et al [6]. proposed first ever architecture of soft-
ware defined vehicular network with respect of named data
networking. They discussed possible combination of NDN
with sofware defined vehicle network (SDVN). Main working
of their research includes the pull based and push based
forwarding mechanism in SDVN with NDN. This is only paper
till now in which all three SDN, NDN and VANET techniques
are combined together.
Irshad et al [7]. discussed some issues related to timing
attack problem in detail. According to authors, V2V have two
levels of timing attack (i) Basic level attack (ii) Extended level
attack. In basic level, peer to peer (P2P) network communi-
cation suffers from this attack while in extended level, more
than one attacker attacks the network. In V2I, attacker attack
on authentication and for taking services.
Paolo et al [8]. proposed a scheme named VIPER: a
Vehicle-to-Infrastructure Communication Privacy Enforcement
Protocol. This protocol shows strong resilient to three VANET
attacks: timing attack, message volume and message coding
attack. Their results show that VIPER performed well in terms
of message delivery time, message path length and queue
occupancy.
In addition to these schemes, there exist multiple research
studies on timing attack in VANET. However, all above
mentioned schemes are limited to one or two future Internet
paradigm and there exist no such scenario in which SDN,
NDN and VANET technologies are implemented together.
In this paper, we are first to our knowledge that combined
SDN, NDN and VANET paradigm together and implemented
a novel scheme for timing attack which not only detect but
also mitigate attacker from network with the help of SDN.
III. SOFTWARE DEFINED NAMED DATA NETWORK WITH
VANET
In software defined named data network with VANET
architecture, a centralized controller is present which is used
to manage and control whole network. Communication be-
tween different vehicles and controller is done through NDN
messages. Vehicles which are interested in communication
are called consumer vehicles. These vehicles broadcast the
NDN request packets which are known as interest packets. In
reply of consumer nodes, there exist multiple producer nodes
which contain requested data in their cache. Data packets are
generated same like interest packets from producers which
are than sent back to consumers. In software defined named
data network with VANET, each vehicle communicate with
other vehicles and road side units (RSUs). These RSUs than
broadcast corresponding packets to other RSUs and controller
through Internet. Response of these corresponding packets
follow exact same path from controller to vehicles. Also
each vehicle in network have its own cache to store data
[6]. As shown in Fig 1., red consumer vehicle generates
interest packets which are broadcast in vehicle range. Two
other vehicles and RSU2 receive these packets. On arrival of
these packets each vehicle forward data packet to consumer
vehicle if they have data in their cache. In case of RSU2,
it forwards the packet to controller using Internet and than a
response from controller is forwarded to corresponding vehicle
by RSU2 using same path.
A. Traditional NDN implementation
In native NDN, when a new packet arrived it only takes one
of two possible processing paths which is determined using
packet type. This packet type is decoded to check whether
incoming packet is interest or data packet. There exist three
data structures in NDN named as pending interest table (PIT),
content store (CS) and forwarding information base (FIB)
[3]. If decoded packet turns out to be a data packet than
first of all PIT entry of corresponding node is checked. If
PIT entry matched than node caches the data in its CS and
forward data to next nodes. If PIT entry does not matches
than it simply discard the packet. In case of interest packet,
PIT entry of corresponding node is matched against interest
packet. If PIT is found than its mean that this specific interest
is already present in node so it simply discard the packet. If
PIT is not found, it first check its CS and if no entry found
in CS it forwards the packet to FIB which is responsible of
forwarding it to next face. However, if CS entry found than
node simply forwards the data in response of interest packet.
Fig 2. shows packets processing in traditional NDN. Further
studies regarding NDN implementation over VANET can be
found in [9],[10],[11].
IV. TIMING ATTACK PROBLEM
As the Internet is expanding the network security is be-
coming more complex. Lot of researches have been done
both on traditional wired and wireless networks in terms
of security of networks. Through these researches lot of
248
Fig. 1. Software defined named data network with VANET architecture
Fig. 2. Packet processing in NDN
attacks are mitigated but some of them are still pending in
wireless due to its unstable topologies. In VANETs, there are
two type of applications (i) Safety critical applications (ii)
Infotainment applications [4]. Safety critical applications are
those application which require data in real time. They contain
sensitive data which must be received to vehicles without any
delay. These applications contain data about the situation of
highway like accident information, VIP protocol movement
and traffic jam. Transmitting and receiving data in VANET
are important to achieve data integrity and security. Timing
attack which is relatively a new attack in VANETs contains
one or more attacker vehicles. These attacker vehicles do not
forward the safety critical data to other vehicles on right time
but they add some extra delays in packets in terms of time-slots
[7]. However, other vehicles which are near to attacker vehicle
received these data packets after they actually require it. Fig 3
graphically illustrates timing attack scenario. In this scenario,
an accident is occurred between vehicle A and B. Vehicle
B broadcast this critical information in terms of emergency
packet in a network. Therefore, when this emergency packet
is received on malicious yellow vehicle it does not transmit
it to the vehicle C at the right time. But it add some extra
delay in terms of time-slots in the packet so whenever vehicle
C receives these emergency packet it is on the spot C1where
the accident has occurred [12],[13].
V. P ROPOSED SCHEME
In this section, we proposed a scheme for timing attack
problem named as Timing Attack Prevention (TAP) protocol to
detect and mitigate attacker vehicle in software defined named
data network with VANET.
A. Timing Attack Prevention (TAP)
Detection of the attacker vehicles and than mitigating them
using the functionality of controller in a network is the respon-
sibility of TAP scheme. Algorithm 1 shows the processing of
249
Fig. 3. Timing attack scenario
send and receive emergency packet for safety critical applica-
tions. In order to send emergency packets to other vehicles,
first coordinates and vehicle ID of corresponding vehicle are
set in the packet fields i.e x coordinates,y coordinates and vID
fields respectively (Lines 1-5). After that vehicle gets packet
arrival time (PAT) and previous packet arrival time (PPAT). But
if corresponding vehicle is consumer and sending the packet
for very first time in the network than PAT,PPAT values will be
0 (Lines 6-7). Now in the last packet generation time (PGT) is
get using clock of the vehicle (Line 8). The main contribution
of the proposed scheme (TAP) is to mitigate the attacker
from the network. However, when a new vehicle received
emergency packet it first checks the Controller-Defaulter-List.
This list will be populated using control messages. Packet
received by a vehicle contains the previous sender vehicle
id. Now this vehicle id is matched against the Controller-
Defaulter-List which was already stored in cache (Line 10). If
results matched than automatically vehicle dropped the latest
packet and perform no further action (Lines 19-20). It shows
that this previously received packet is from such a vehicle
which was already detected as a attacker by controller. If no
results are matched then this means that previously received
packet is from such a vehicle which is not attacker or not
detected as a attacker. So in this case after matching with
attacker list, the detection process start. In detection process,
a vehicle first calculates distance using its x,y and sender’s x,y
coordinates (Line 11). In next step, after distance calculation
vehicle finds out the time period in which a packet is arrived
from a source to destination using signal propagation speed
which is equal to 3.0*108m/s. is a time period which can
be get by dividing distance (D) over signal speed (S) (Line
12). After that this time period value is minus from packet
arrival time (PAT) to get previous vehicle arrival time to check
whether previous vehicle added any delay in packet or not
(Line 13-14). If the value of previous vehicle arrival time
does not matches with the value of (PPAT) in packet then
it means that previous vehicle is attacker and added delay in
the packet. This packet is now useless as it comes to vehicles
after they actually require it. Therefore, previous vehicle id is
then forwarded to controller so that it stores attacker id in its
defaulter list (Line 15) and if no delay is added then vehicle
simply forward the emergency packet to other vehicles as this
means that previous vehicle is not an attacker vehicle (Lines
16,17).
VI. PERFORMANCE EVALUATIONS
We use ndnSim [14] using NS3 and SUMO [15] to simulate
proposed scheme and considered protocol in vehicular ad-hoc
network scenario. We randomly generate mobility of 64 vehi-
cles in a network. These vehicles move in a constant speed.
Therefore no vehicle can overtake others. Some simulation
parameters regarding TAP is shown in Table 1.
In our scenario, we assume that 70% of vehicles are
legitimate users while remaining 30% are attacker vehicles.
To investigate average delay and duplicate emergency packets
we vary the number of attackers in a network. Attackers
proportion are set as 5%,10%,15%,20%,25%. We simulate
our simulations for 300s. We also use IEEE 802.11a, since
IEEE 802.11p is not supported by ndnSIM v2.0 [16].In our
simulations, we evaluated percentage of attackers that gener-
ated delays, control broadcast ratio and duplicate emergency
packets. To evaluate the performance of both proposed and
normal VNDN with attacker we have considered following
metrics:
Average delay: Average delay can be measured by adding
all delays. A delay can be define as amount of time taken by
250
TABLE I
SIMULATION PARAMETERS
Parameter Value
Number of vehicles 64
Type of vehicles Mobile
Area (m * m) 1000 * 1000
Mobility Uniform
Simulation time 300s
No. of attackers 5%,10%,15%,20%,25%
Emergency packet timout 20s
No. of legitimate vehicles 70%
Mobility model used Random Direction
MAC Layer IEEE 802.11a
Packet size 400 bit
Tx power 0.0091 mW
Traffic Generator Tool SUMO
packet to travel across network from source to destination.
Control packets broadcast ratio: This ratio is equal to total
number of control packets generated by controller whenever
an attacker vehicle is identified.
Duplicate Emergency packets (DEP): Duplicate emergency
packets are those packets which attacker vehicles generate
after adding time slots.
Fig. 4. Average delay of attacker vehicles
A. Simulation Results
Fig 4. represents average delay according to the attacker
vehicles in a normal VNDN. As simulation time increases in
normal VNDN with attacker implementation, attacker vehicles
generate more delay. This is mainly due to the fact that there
exist no such mechanism to prevent attackers from adding
time-slots in packets.
Fig 5. shows the ratio of control packets. These packets are
exchanged in a network when an attacker is identified by a
legitimate vehicle. Control packets broadcast ratio is directly
proportional to number of attackers. These control packets
include attacker vehicle ids that were identified in detection
phase. TAP mitigation phase done on each vehicles whenever
a new packet is received.
Fig. 5. Control packets broadcast ratio according to attackers
Fig. 6. Duplicate emergency packets with respect to time
Fig 6. shows number of duplicate emergency packets. These
packets are generated whenever attacker vehicles add delays
in packets. In normal VNDN with attackers, large number
of duplicate emergency packets were broadcast in network.
While in case of TAP, this number decreased significantly
due to controller defaulter list. This list is checked by every
vehicle before starting detection phase. These vehicles match
the coming packet vehicle id field to controller defaulter
list and performs action according to the function of receive
emergency packet in algorithm 1.
VII. CONCLUSION
In this paper, we implemented software defined named data
networking with VANET and proposed technique to tackle
timing attack in safety critical applications. In TAP, we first
detect a vehicle to check whether corresponding vehicle is
an attacker or not. When an attacker vehicle is detected,
251
SDN controller is used to mitigate it with the help of con-
troller defaulter list. This mechanism ensured that no delayed
emergency packets forwarded in the network. This detection
process is always done on next hop node from attacker vehicle.
Our simulation results show that increased delay is due to
increased attacker vehicles in a network and also control
packets broadcast ratio increases with increase of attacker
vehicles. Duplicate emergency messages are also decreased
in a network with the help of TAP protocol while in case of
normal VNDN timing attack they increases significantly.
As a future work, we will work on other security issues of
VANET with support of NDN and SDN controller.
ACKNOWLEDGMENT
I would like to thanks my supervisor Dr. Rana Asif Rehman
for the motivation and support. This research work was funded
by National University of Computer and Emerging Sciences.
REFERENCES
[1] D. Kreutz, F. M. V. Ramos, P. E. Verssimo, C. E. Rothenberg, S.
Azodolmolky, S. Uhlig, ”Software-Defined Networking: A Comprehen-
sive Survey”, Proceedings of the IEEE, 2015.
[2] L. Zhang, A. Afanasyev, J. Burke, V. Jacobson, ”Named Data Network-
ing”, ACM SIGCOMM Computer Communication Review, 2014.
[3] D. Saxena, V. Raychoudhury, N. Suri, ”Named Data Networking: A
Survey”, ACM Journal Computer Science Review, 2016.
[4] S. Yousefi, M. S. Mousavi, M. Fathy, ”Vehicular Ad Hoc Networks
(VANETs): Challenges and Perspectives”, 6th International Conference
on ITS Telecommunications, 2006.
[5] F. Cunha, L. Villas, A. Boukerche, G. Maia, A. Viana, R. A. Mini, and A.
A. Loureiro, Data communication in VANETs: Protocols, applications
and challenges, Ad Hoc Networks, vol. 44, pp. 90103, 2016.
[6] S. H. Ahmed, S. H. Bouk, D. Kim, D. B. Rawat, and H. Song,
Named Data Networking for Software Defined Vehicular Networks,
IEEE Communications Magazine August 2017.
[7] I. A. Sumra, J AB Manan, H. Hasbullah, Timing Attack in Vehicular
Network, Proceedings of the 15th WSEAS international conference on
Computers Pages 151-155, 2011.
[8] P. Cencioni, R. D. Pietro, A mechanism to enforce privacy in vehicle-
to-infrastructure communication, Computer Communications 31 (2008)
27902802.
[9] M. Amadeo, C. Campolo, and A. Molinaro, Information-centric net-
working for connected vehicles: a survey and future perspectives, IEEE
Communications Magazine, vol. 54, no. 2, pp. 98104, 2016.
[10] L. Wang, R. Wakikawa, R. Kuntz, R. Vuyyuru, and L. Zhang, Data nam-
ing in vehicle-to-vehicle communications, in Proc. of the IEEE Conf. on
Computer Communications Workshops (INFOCOM WKSHPS), 2012,
pp. 328333.
[11] G. Grassi, D. Pesavento, L. Wang, G. Pau, R. Vuyyuru, R. Wakikawa,
and L. Zhang, Vehicular inter-networking via named data, ACM SIG-
MOBILE Mobile Computing and Communications Review, vol. 17, no.
3, pp. 2324, 2013.
[12] I. A. Sumra, J AB Manan, H. Hasbullah, Behavior of Attacker and
Some New Possible Attacks in Vehicular Ad hoc Network (VANET),
3rd International Congress on Ultra Modern Telecommunications and
Control Systems and Workshops (ICUMT), 2011.
[13] A. Rawat, S. Sharma, R. Sushil, VANET: Security attacks and its
possible solutions, Journal of Information and Operations Management,
Volume 3, Issue 1, 2012.
[14] A. Afanasyev, I. Moiseenko, and L. Zhang, ndnSIM: NDN simulator
for NS-3, NDN, Technical Report NDN-0005, 2012.
[15] M. Behrisch, L. Bieker, J. Erdmann, and D. Krajzewicz, Sumo simu-
lation of urban mobility: an overview, in Proceedings of SIMUL 2011,
The Third International Conference on Advances in System Simulation.
ThinkMind, 2011.
[16] Kalogeiton, Eirini, Thomas Kolonko, and Torsten Braun. A multihop and
multipath routing protocol using ndn for vanets. In Ad Hoc Networking
Workshop (Med-Hoc-Net), 2017 16th Annual Mediterranean, pp. 1-8.
IEEE, 2017.
252
... Adversaries can be easily fabricated and employ various MAC addresses. Arsalan et al. [29] also presented a timing attack technique for vehicular ad hoc networks. Anyi Liu et al. [30] proposed a technique to detect timing channel intrusions in SDN. ...
... Most studies have focused solely on identifying IP addresses, without considering IP spoofing. Furthermore, the controller is an essential component of most existing defense mechanisms [26,28,29], leading to a significant increase in the network overhead. ...
Mitigating Timing Side-Channel Attacks in Software-Defined Networks: Detection and Response
Article
Full-text available
  • Dec 2023
Software-defined networking (SDN) is an innovative technology that has the potential to enhance the scalability, flexibility, and security of telecommunications networks. The emergence and development of SDNs have introduced new opportunities and challenges in the telecommunications industry. One of the major challenges encountered by SDNs is the timing side-channel attacks. These attacks exploit timing information to expose sensitive data, including flow tables, routes, controller types, and ports, which pose a significant threat to communication networks. Existing techniques for mitigating timing side-channel attacks primarily focus on limiting them via network architectural changes. This significantly increases the overhead of SDNs and makes it difficult to identify the origin of the attack. To secure resilient integration of SDN in telecommunications networks, it is necessary to conduct comprehensive research that not only identifies the attack activity, but also formulates an adequate response. In this paper, we propose a detection and response solution for timing side-channel attacks in SDN. We used a machine learning-based approach to detect the probing activity and identify the source. To address the identified timing side-channel attack queries, we propose a response mechanism. This entails devising a feedback-oriented response to counter the identified source, such as blocking or diverting it, while minimising any adverse effects on legitimate network traffic. This methodology is characterised by an automated data-driven approach that enables prompt and effective responses. The architecture of this security solution ensures that it has a minimal impact on network traffic and resource usage as it is designed to be used in conjunction with SDN. The overall design findings show that our detection approach is 94% precise in identifying timing side-channel attacks in SDN when compared with traditional mitigation strategies. Additionally, the response mechanism employed by this approach yielded highly customised and precise responses, resulting in an impressive accuracy score of 97.6%.
View
View
View
Using Machine Learning for Detecting Timing Side-Channel Attacks in SDN
Chapter
  • Jul 2023
Software-Defined Networking (SDN) is a networking technology that allows for the programming and efficient management of networks. Due to the separation of the data plane and the control plane, SDN is prone to timing side-channel attacks. The adversary can use timing information to obtain data about the network such as flow tables, routes, controller types, ports, and so on. The focus of current mitigation strategies for timing side-channel attacks is largely on minimizing them through network architectural changes. This adds considerable overhead to the SDNs and makes establishing the origin of the attack a challenge. In this paper, we propose a machine learning-based approach for detecting timing side-channel attacks and identifying their source in SDNs. We adopt the machine learning methodology for this solution since it delivers faster and more accurate output. As opposed to conventional methods, it can precisely detect timing side-channel activity in SDN and determine the attacker’s origin. Because this security solution is intended to be used in association with SDN, its architecture ensures that it has a low impact on network traffic and resource consumption. The overall design findings indicate that our method is effective in detecting timing side-channel attacks in SDN and accurately identifying the attacker’s machine.Keywordssoftware-defined networkside-channel attackmachine learning-based detection
View
A Systematic Literature Review of Offensive and Defensive Security Solutions With Software Defined Network
Article
Full-text available
  • Jan 2023
Software Defined Networking (SDN) is one of the most significant innovations in telecommunication systems in the past two decades. From the very beginning, the scientific community understood the importance of investigating the possible usages of SDN as a means to increase network security, but also their potential to be exploited as an attack device. For this reason, there has been a massive production of research works, which, however, do not form a well-defined corpus. The literature is spread over many venues and composed of contributions with very different flavors. Though some review works already exist, in this work we conduct a systematic literature review of the field, gathering 466 relevant publications— the largest curated dataset on the topic to the best of our knowledge. In our work, the dataset undergoes a twofold analysis: (a) quantitative, through publication metadata, which allows us to chart publication outlets, approaches, and tackled issues; (b) qualitative, through 14 research questions that provide an aggregated overview of the literature contributions to the key issues, also to spot gaps left open. From these analyses, we derive a call for action to address the main open challenges.
View
On trust management in vehicular ad hoc networks: A comprehensive review
Article
Full-text available
  • Oct 2022
Security issues have always posed a major threat and challenge to the Internet of Things (IoTs), especially the vehicular ad-hoc networks (VANETs), a subcategory of IoTs in the automotive field. The traditional methods to solve these ever-growing security issues in VANETs are mainly cryptography-based. As an effective and efficient complement to those solutions, trust management solutions and reputation models have been widely explored to deal with malicious or selfish vehicle intrusion and forged data spoofing, with the aim of enhancing the overall security, reliability, trustworthiness, and impartiality of VANETs. For the integrity of the article, this survey begins with providing the background information of VANETs, including the basic components and general architecture. Then, many attacks in VANETs are investigated, analyzed, and compared to understand the functional relevance of the following trust and reputation methods. Various approaches offer various countermeasures against these types of attacks. At the same time, the latest development of emerging technologies such as blockchain, software-defined network, and cloud computing opens up new possibilities for more and more promising trust and reputation management models and systems in VANETs. After that, the survey reviews the most important trust and reputation models and schemes which are widely mentioned in the literature based on our developed technique-based taxonomy, in contrast to the popular “entity-centric, data-centric, hybrid” taxonomy in the field, to adapt to the recent technological development of these management schemes in VANETs. Finally, discussions and speculations on the future direction of research into the trust and reputation management in VANETs are presented.
View
BIoVN: A Novel Blockchain-Based System for Securing Internet of Vehicles Over NDN Using Bioinspired HoneyGuide
Chapter
  • Jan 2022
Internet of vehicles (IoV) over named data networking (NDN) has recently emerged as a new model to enable vehicular communications and improve road safety. Nevertheless, a malicious vehicle can disseminate fake content to other vehicles in the network, affect driving decisions, and result in traffic congestion or even accidents. Blockchain technology has brought believable achievements in every research field such as academia, health care, genetic engineering, and transportation management, where preserving security is the primary priority. In this paper, we propose a new system that brings blockchain to NDN-based IoV, namely, BIoVN. In addition, a novel bioinspired algorithm of name HoneyGuide is introduced in the data forwarding process that is used in BIoVN. Our contribution aims to secure vehicular communications over NDN. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
View
View
Autonomous Driving Security: State of the Art and Challenges
Article
  • Nov 2021
The autonomous driving industry has mushroomed over the past decade. Although autonomous driving has undoubtedly become one of the most promising technologies of this century, its development faces multiple challenges, of which security is the major concern. In this paper, we present a thorough analysis of autonomous driving security. At first, the attack surface of autonomous driving is presented. After an analysis of the operation of autonomous driving in terms of key components and technologies, the security of autonomous driving is elaborated in four dimensions: sensors, operating system, control system, and vehicle-to-everything communication. Sensor security is examined from five components which are mainly responsible for self-positioning and environmental perception. The analysis of operating system security, the second dimension, is concentrated on the robot operating system. Concerning the control system security, controller area network is approached mainly from vulnerabilities and protection measures. The fourth dimension, vehicle-to-everything communication security, is probed from four categories of attacks: authenticity/identification, availability, data integrity, and confidentiality with corresponding solutions. Moreover, the drawbacks of existing methods adopted in the four dimensions are also provided. Finally, a conceptual multi-layer defense framework is proposed to secure the information flow from external communication to the physical autonomous vehicle.
View
A Survey on the Current Security Landscape of Intelligent Transportation Systems
Article
Full-text available
  • Jan 2021
With the proliferation of embedded technologies and wireless capabilities, today’s vehicles are no longer isolated mechanical machines. They become part of a hyper-connected system -Intelligent Transportation Systems (ITS)- that has the potential to support multiple levels of autonomy and intelligence improving considerably the safety, efficiency, and sustainability of transportation networks. However, this raises new security issues that make the whole system prone to cybersecurity attacks that threaten both the safety and privacy of all road-users. This paper gives a short background tutorial on the main security issues and the different attacks that hinder Intelligent Transport Systems. To enable secure and safe ITS applications, this paper provides a comprehensive analysis of existing solutions and highlights their strengths and limitations. Finally, this survey presents key challenges in the field and discusses recent trends that must be factored in by researchers, implementers, and car manufactures to improve the security of ITS.
View
Named Data Networking: A Survey
Article
Full-text available
  • Jan 2016
Internet was developed as a packet data network where users and data sources (server) with specific IP addresses interacted over a pre-established communication channel. This model of client-server data communication has evolved into a peer-to-peer mode of data sharing in recent times. Applications like, YouTube, Bit Torrent, social networks have revolutionized the idea of user generated contents. Modern users care only for specific data items irrespective of their sources. So, the idea of using IP addresses to identify servers hosting a particular content is losing its importance. Moreover, want of IP addresses is a challenging issue haunting the Internet community since long. The need of the time is a content-centric networking platform where data hosts are of less importance, and Named Data Networking (NDN) has been proposed to that end. NDN allows users to float a data request without any knowledge about the hosting entity. NDN can handle user mobility, security issues more efficiently than the current Internet. Although NDN has been proposed in 2010, so far, there is no survey paper studying its architecture and various schemes proposed for its different characteristic features, like, naming, adaptive forwarding and routing, caching, security, mobility, etc. In this paper, we introduce a novel taxonomy to study NDN features in depth. We have also covered several NDN applications. We conclude our survey by identifying a set of open challenges which should be addressed by researchers in due course.
View
VANET: Security attacks and its possible solutions
Article
Full-text available
  • Jan 2012
Vehicular Ad hoc NETwork (VANET) is an emerging paradigm in networking. It is a new form of Mobile Ad hoc NETwork (MANET). Its life saving characteristic has attracted the industry and researchers. In VANET vehicles are the nodes with mobility so does not have fixed infrastructure It serves safe and non safe applications in a wireless medium which makes it vulnerable to several attacks. Security is the most important concern in VANET due to open access medium. In this paper we present the comprehensive study of possible attacks and their possible solutions.
View
Software-Defined Networking: A Comprehensive Survey
Article
Full-text available
  • Jun 2014
Software-Defined Networking (SDN) is an emerging paradigm that promises to change the state of affairs of current networks, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns introduced between the definition of network policies, their implementation in switching hardware, and the forwarding of traffic, is key to the desired flexibility: by breaking the network control problem into tractable pieces, SDN makes it easier to create and introduce new abstractions in networking, simplifying network management and facilitating network evolution. Today, SDN is both a hot research topic and a concept gaining wide acceptance in industry, which justifies the comprehensive survey presented in this paper. We start by introducing the motivation for SDN, explain its main concepts and how it differs from traditional networking. Next, we present the key building blocks of an SDN infrastructure using a bottom-up, layered approach. We provide an in-depth analysis of the hardware infrastructure, southbound and northbounds APIs, network virtualization layers, network operating systems, network programming languages, and management applications. We also look at cross-layer problems such as debugging and troubleshooting. In an effort to anticipate the future evolution of this new paradigm, we discuss the main ongoing research efforts and challenges of SDN. In particular, we address the design of switches and control platforms -- with a focus on aspects such as resiliency, scalability, performance, security and dependability -- as well as new opportunities for carrier transport networks and cloud providers. Last but not least, we analyze the position of SDN as a key enabler of a software-defined environment.
View
Timing Attack in Vehicular Network
Conference Paper
Full-text available
  • Jul 2011
VANET safety and non safety applications have received more attention both by drivers and passengers on today's highway. The main purpose of safety application is to provide safety road condition information to users and hence save human lives from accidents. Warning messages are the more critical part of the safety messages and if attackers alter its messages, it will not help in achieving the safety objectives. These messages may easily be altered due to the dynamic topology and high speed of running vehicles, which makes timing as the key factor for its success. In this paper we discuss some issues related to timing attack which can create delay in messages.
View
Vehicular Inter-Networking via Named Data
Article
Full-text available
  • Oct 2013
In this paper we apply the Named Data Networking, a newly proposed Internet architecture, to networking vehicles on the run. Our initial design, dubbed V-NDN, illustrates NDN's promising potential in providing a unifying architecture that enables networking among all computing devices independent from whether they are connected through wired infrastructure, ad hoc, or intermittent DTN. This paper describes the prototype implementation of V-NDN and its preliminary performance assessment.
View
View
Named Data Networking for Software Defined Vehicular Networks
Article
  • Jul 2017
Named Data Networking (NDN) and Software Defined Networking (SDN) share the mutual courage of changing legacy networking architectures. In case of NDN, the IP-based communication has been tackled down by naming the data or content itself, while SDN proposes to decouple the Control and Data planes to make various services in hands without physical interferences with switches and routers. Both NDN and SDN also support communication via heterogeneous interfaces and has been recently investigated for Vehicular Networks (VNs). The na¨ıve VNs are based on IP-based legacy that is prone to several issues due to the dynamic network topology, etc. In this article, for the very first time, we present an architecture that combines SDN functionalities within VNs to retrieve the required content via NDN. Also, we see both SDN and NDN enabled VNs through a Bird’s-Eye and the current status and similarities of SDN and NDN for VNs. Moreover, we discuss a number of current research challenges and provide a precise roadmap that can be considered to jointly address such challenges by the research community.
View
Information-Centric Networking for Connected Vehicles: A Survey and Future Perspectives
Article
  • Feb 2016
In the connected vehicle ecosystem, a high volume of information-rich and safety-critical data will be exchanged by roadside units and onboard transceivers to improve the driving and traveling experience. However, poor-quality wireless links and the mobility of vehicles highly challenge data delivery. The IP address-centric model of the current Internet barely works in such extremely dynamic environments and poorly matches the localized nature of the majority of vehicular communications, which typically target specific road areas (e.g., in the proximity of a hazard or a point of interest) regardless of the identity/address of a single vehicle passing by. Therefore, a paradigm shift is advocated from traditional IP-based networking toward the groundbreaking information- centric networking. In this article, we scrutinize the applicability of this paradigm in vehicular environments by reviewing its core functionalities and the related work. The analysis shows that, thanks to features like named content retrieval, innate multicast support, and in-network data caching, information-centric networking is positioned to meet the challenging demands of vehicular networks and their evolution. Interoperability with the standard architectures for vehicular applications along with synergies with emerging computing and networking paradigms are debated as future research perspectives.
View
Named Data Networking
Article
  • Jul 2014
  • COMPUT COMMUN REV
Named Data Networking (NDN) is one of five projects funded by the U.S. National Science Foundation under its Future Internet Architecture Program. NDN has its roots in an earlier project, Content-Centric Networking (CCN), which Van Jacobson first publicly presented in 2006.(1) The NDN project investigates Jacobson's proposed evolution from today's host-centric network architecture (IP) to a data-centric network architecture (NDN). This conceptually simple shift has far-reaching implications for how we design, develop, deploy, and use networks and applications. We describe the motivation and vision of this new architecture, and its basic components and operations. We also provide a snapshot of its current design, development status, and research challenges. More information about the project, including prototype implementations, publications, and annual reports, is available on named-data.net.
View
Data naming in Vehicle-to-Vehicle communications
Article
  • Mar 2012
Vehicular networking is becoming reality. Today vehicles use TCP/IP to communicate with centralized servers through cellular networks. However many vehicular applications, such as information sharing for safety and real time traffic purposes, desire direct V2V communications which is difficult to achieve using the existing solutions. This paper explores the named-data approach to address this challenge. We use case studies to identify the design requirements and put forth a strawman proposal for the data name design to understand its advantages and limitations.
View