2015 International Conference on Computer Communication and Informatics (ICCCI -2015), Jan.
08 10, 2015, Coimbatore, INDIA
Detection of Impersonation Attack in VANETs Using
BUCK Filter and VANET Content Fragile
Watermarking (VCFW)
Simranpreet Singh Chhatwal1, Manmohan Sharma2
1
Student, IT, Lovely Professional University, Phagwara, India. Email: Simransahib19@yahoo.com
2
Assistant professor, IT, Lovely Professional University, Phagwara, India. Email: Manmohan_er@yahoo.co.in
Abstract- VANET is a vehicular ad hoc network where a short-
lived network is formed among the VANET nodes. VANET
nodes communicate and interchange messages with other
vehicular nodes either in an infrastructure or infrastructure-
less network. Due to lack of fixed infrastructure, VANET is
prone to varied attacks. In impersonation attack, identity of
the legitimate node is stolen by an attacker. In this paper,
Building up Secure Connection along with Key Factors
(BUCK) Filter detects against impersonation attack by
broadcasting beacons and detecting the accurate position of the
messaged vehicle. Once the faulty node is detected, it is isolated
from the communication environment. VANET Content
Fragile Watermarking is used to transit the messages in a
secure way through images. The proposed scheme has been
analyzed using the metrics Beaconing Overhead, Node Load,
Routing Stretch, CDF, Delay.
Index Terms--BUCK, VCFW, CA, IDS, MI, CDF.
I. INTRODUCTION
Vehicular Ad Hoc Network (VANETs) is a mobile
network where a short lived and self organizing network is
formed among the vehicles. Network operates either in an
infrastructure network (V2X) or in an infrastructure less
network (V2V). In an infrastructure network, Road Side
Units (RSUs) interacts with vehicles wireless equipments
in a sporadically mode when a vehicle passes by it. In an
infrastructure less network, Vehicles communicate with
other vehicles on-Board Units (OBUs) to exchange security
messages. Each vehicle is equipped with a set of sensors
such as GPS, Radar, and Directional antenna [1].
The characteristics of this network are: wireless
medium, mobile nature, high mobility, absence of
infrastructure, high dynamic network topology [2].
Due to lack of fixed infrastructure, nodes are prone to
varied attacks. Securing the communication among vehicles
is the main challenge that lies in the vehicular network.
Deployment of network intrusion detection system helps in
identifying the attack taken place in vehicular network [3].
___________________________________
978-1-4799-6805-3/15/$31.00 2015 IEEE
Nodes in VANET are subjected to various types of
impersonation attacks, few of which are hard to deal with,
even if any security mechanisms are enforced. Some of
which are Sybil attack, stolen identity attack, Man-in-the-
Middle attack. Identification of the node and its
authentication are of fundamental importance within a
secure network [4].
Over the last few decades, many researches and efforts
have been done to investigate various issues related to V2I,
V2X areas. Several approaches to deal with identification of
the node and its authentication in VANET have been
proposed in the literature. Norbert Bibmeyer [9] et al
proposes a scheme based on data plausibility check that
ensures positional reliability in order to assess the
trustworthiness of the neighboring node. S. Roselin Mary
[3] et al proposes an attacked packet detection algorithm to
detect the position of the vehicle and checks whether the
packet sent by the vehicle has been attacked or not.
The proposed scheme floods the beacons into the
network to discover the presence of the neighboring
vehicles and accurate position of the messaged vehicle is
detected. It verifies the MD5 hashes assigned to the VANET
nodes and once a malicious node is detected, warning
message will be broadcasted to all the trusted VANET
nodes and the malicious node is isolated from the
communication environment. Authentication is done
through VANET Content Fragile Watermarking. In this
paper we focus on security, faulty node detection and
authentication schemes. A city scenario is considered with
10 vehicles and 3 RSUs and it is further analyzed on the
basis of various performance metrics.
The paper is devised as followed; Section 2 described
IDS; Section 3 describes the system model; Section 4 shows
the simulation results.
 2015 International Conference on Computer Communication and Informatics (ICCCI -2015), Jan. 08 10, 2015, Coimbatore, INDIA

II INTRUSION DETECTION SYSTEMS Impersonation can be detected on the basis of location.

There are two postulates of hygenberg which states that two
Intrusion is any set of actions that commit to vehicles cannot occupy the same space at the same time and
compromise integrity, confidentiality, availability, one vehicle can occupy only one space at a given time [9].
repudiation, authenticity due to dearth of trust relationship
among the network nodes. It analyzes the activities in the A BUCK Algorithm:
network and capture data (audit data) to determine whether
The working of the BUCK algorithm works in this way,
the system is under attack or not [2]. Deployment of
network intrusion detection system in VANET helps in Beacons (B0, B1Bn)
identifying the attacks [3]. dist (P,Q) =i|Pi Qi| .[12]
Identify (V_id)
Identify (RSU_id)
Begin
While MI_rsu== MI_v do
If (hash_V == hash_RSU)
Identify (Valid Vehicle)
Identify (Valid RSU)
BUCKAlgo (R)
Begin if Verify (Request)
Return true
Figure 1: IDS Categorization
Else
Confidant: a system based on reputation: IDS based on Return Invalid Request
monitoring the behavior of neighbor nodes: end if
In this intrusion detection system, behavior of the end while
neighboring node is analyzed by each node. Once the faulty
Table I. Notations
node is detected, it is isolated from the communication
environment and warning message is broadcasted to all. Notation Description
The proposed scheme uses the following module to detect
B0, B1, Bn Beacons
the malicious activity in the network.
P,Q Nodes
i Beacon weight
III.SYSTEM MODEL
V_id Vehicle Unique ID
VANET nodes may frequently change their positions RSU_id RSU Unique ID
due to high mobility, leading to frequent changes in the MI_RSU Mobility Info from RSU
network topology as well. Therefore, mobility MI_V Mobility Info from Vehicle
Hash_RSU Hash Value at RSU
information should be provided to the vehicles in a timely Hash_V Hash Value at Vehicle
and accurate fashion. In the Vehicle-to-Infrastructure R Request
Communication (V2I or V2X), mobility information is
broadcasted sporadically to all the VANET nodes by road Working of Algorithm:
side station using Cooperative Awareness Messages
Each vehicle in the vehicular network broadcasts
(CAMs). In Vehicle-to-Vehicle Communication (V2V),
beacons in every 100-300 milliseconds to an
every vehicle receives broadcasted single-hop CAMs by
adjacent vehicle.
their neighboring vehicles with which we can identify their
Beacons (B0, B1, B2..., Bn) are flooded to discover
position. Local Sensors of the Vehicle provides information
the presence of the nearby vehicles.
that includes speed, location, direction with the sensors
located at the OBUs such as GPS, Radar, and Directional
Antennas. Different location information is combined from
all the different sources [10].
 2015 International Conference on Computer Communication and Informatics (ICCCI -2015), Jan. 08 10, 2015, Coimbatore, INDIA

Hashes assigned to the vehicles are verified against

the hashes stored at the road side unit. If they come
out to be identical then the vehicle and road side
station is considered to be valid and not bogus.

Mobility Information obtained from all different
sources (rsu, neighbour vehicle and local vehicle
sensors) are verified with respect to the timestamp.

If they come out to be identical, there is no
Figure 2: Broadcasting of the beacons
impersonation of the node identity.
But if any malicious node is detected, it will be
Distance within the vehicles is computed.
isolated from the communication uenvirent.
d= i| Pi Qi | [12]
D= Ci i| Pi Qi | + Ci1 i| Pi1 Qi1 |+ +
B VANET Content Fragile Watermark (VCFW):
Ci i| Pi Qi |
Where C denotes to Cluster no;
VANET Content Fragile Watermark is a technique that
wi denotes to beacon weights;
is used for hiding the information as it prevents illegal
o D denotes to total distance;
manipulation of the content. Images can be used to hide the
o d denotes to distance within a cluster;
data. If the destined node is not able to extract the
o Pi and Qi are the two nodes within which
watermark out of the content, it would mean that alteration
distance is being calculated.
has been done to the data. VCFW contains a unique identity
It maintains a distance table from every node to
that is only known to the source node.
every other node. With the help of the distance
Images can be used to hide the data, key used to insert
table, nodes remain connected to one another in a
the data into the image is the one used for extracting the
cluster. Once a node is out of the radio connectivity
data. Data is hidden in the least significant bit of the image.
of other vehicles, distance table is updated again.
It is not visible and naked eye cannot judge whether any
content is hidden in the image or not. There is no difference
in the original and the watermarked image [11].

Figure 3: Vehicles connected to one another

Optimal route selection is performed. It aims to
choose the shortest path which is considered to be
the best path among the all. Optimal route is
Figure 4: VCFW working
computed using dijkstra algorithm. It maintains a
table of all possible shortest routes from source to
destination. At the Source End;
Hop-by-Hop cost analysis is performed. Data is embedded into an image and a key is used
Compact node positions are required to reduce the to lock the content into the image.
per-packet overhead. Key is very essential as no key other than the one
Vehicles are interacting with one another in a with which the data is locked can extract data from
group forming clusters. Cluster size and density the image.
within the cluster is computed
 2015 International Conference on Computer Communication and Informatics (ICCCI -2015), Jan. 08 10, 2015, Coimbatore, INDIA

It will give two images as an output that seems to Routing Stretch: Routing stretch addresses the reliable
be identical. But in actual, one image is the original delivery at large scale and at high constrained node. Due to
one and the other image is the watermarked image increasing network size and the network density, routing
that hid the content in it. stretch is important to achieve.
Before the transmission of the image over the
Cumulative Distribution Frequency is taken at the y-axis
network, it is compressed as it would consume
that represents the function that described that the
less bandwidth and other resources. probability of a random-variable provided with the
Compression takes place at the sender end in which probability distribution is found to be less than it should be.
dimensions of the image are made half to its actual Here in this graph, successful delivery of the data is attained
size. It has no effect on the content hidden in it. no matter how much dense the network is.
Image is then transmitted over the network.
At the Destination End;
Compressed image is received at the destination
end.
Compressed image is then decompressed to bring
the dimensions of the image back to the original
size.
Key used for insertion of data in the image is used
at the destination end to extract the data from the
image.
IV. SIMULATION RESULTS

Beaconing Overhead: Beacons are flooded into the

network. This graph shows the success rate with true
positions (locations) =86%. Beacons are flooded into the
network and positions of the neighboring nodes are
computed. For avoiding the impersonation attack, valid user
has to be on one location and not on other. This would
indicate that the identity of the valid user is not stolen. Here
in this graph, it is providing us with the true positioning of
the users which is obtained up to 86%. 10 beacons have
been sent at a time in every 100-300 milliseconds.
Figure 6: Routing Stretch vs. CDF
Node Load: Graph indicates the optimal search done by
dijkstra algorithm, compact node positioning and Buck
Filter where the attacks are prevented. Optimal routing
specifies which route a vehicle should follow. And compact
routing specifies the exact position of a node (vehicle). Here
in this graph, optimal route has been followed by the vehicle
and the red diamonds specify the area where the prevention
has been done.

Figure 5: Beacons vs. Successive flooding

Figure 7: Node load vs CDF

 2015 International Conference on Computer Communication and Informatics (ICCCI -2015), Jan. 08 10, 2015, Coimbatore, INDIA
Delay: Delay is calculated from one end to another end.
Delay is a parameter that plays a crucial role in the field of
VANET. Vehicles are not stationary. Impact of mobility is
very high and due to mobile nature of vehicular network,
various threats and attacks are prone to it. So, drivers must
be provided with timely and accurate information so as to
avoid the collisions. Here in this graph, the delay is accepted
up to some milliseconds.
Figure 8: Number of Vehicles vs. Delay
V. CONCLUSION
Detection of attack is an important requirement for the
trustworthy communication among VANET network nodes.
BUCK Filter is a method proposed to detect against
impersonation attack whereas VANET Content Fragile
Watermark transmits the message in a more secure manner.
Attacker after stealing the identity of a valid user pretends to
be a registered user further sends messages to other VANET
nodes at different timestamps and from different locations.
Detection of the location of the messaged vehicle helps in
detecting the intruder. A range of simulations have
conducted, BUCK Filter is found to be useful in identifying
the attacker with a low overhead of beacons and high
throughput.
In the future work, improvement over the method would
be done to conduct more simulation experiments to ensure
the effectiveness of the proposed method.
REFERENCES
[1] V. Lakshmi Praba, Isolating Malicious Vehicles and Avoiding
Collision between Vehicles in VANET, International conference on
Communication and Signal Processing on IEEE, 3-5 April 2013, pp.
811-815.
[2] Mohammed ERRITALI, Bouabid El Ouahidi, A Review and
Classification of Various VANET Intrusion Detection Systems,
IEEE, 26-27 April 2013, pp. 1-6.
[3] [S. RoselinMary, M. Maheshwari, M. Thamaraiselvan, Early
Detection of DOS Attacks in VANET Using Attacked Packet
Detection Algorithm (APDA), IEEE, 21-22 February 2013, pp.
237-240.
[4] Dimitris Glynos, Panayiotis Kotzanikolaou, Christos Douligeris,
Preventing Impersonation Attacks in MANET with Multi-factor
Authentication, WIOPT05 Proceedings of the Third International
Symposium on Modeling and Optimization in Mobile, Ad Hoc, and
Wireless Networks, 2005, pp. 59-64.
[5] Noriaki Tanabe, Eitaro Kohno, and Yoshiaki Kakuda, An
Impersonation Attack Detection Method Using Bloom Filters and
Dispersed Data Transmission for Wireless Sensor Networks, IEEE
International Conference on Green Computing and Communications,
Conference on Internet of Things, and Conference on Cyber,
Physical and Social Computing, 20-23 November 2012. pp. 767-770.
[6] Irshad Ahmed Sumra, Iftikhar Ahmad, Halabi Hasbullah, Classes
of Attacks in VANET, IEEE, April 2011, pp. 1-5.
[7] Irshad Ahmed Sumra, Iftikhar Ahmad, Halabi Hasbullah, Behavior
of Attacker and Some New Possible Attacks in Vehicular Ad hoc
Network (VANET), Ultra Modern Telecommunications and
Control Systems and Workshops (ICUMT), 2011 3rd International
Congress on IEEE 5-7 Oct. 2011, pp. 1-8.
[8] Chen Lyu, Dawu Gu, Xiaomei Zhang, Shifeng Sun, Yingi Tang,
2013, Efficient, Fast and Scalable Authentication for VANETs,
IEEE Wireless Communications and Networking Conference, 7-10
April 2013, pp. 1768-1773.
[9] Md. Mashud Rana, Khandakar Entenam Unayes Ahmed, Nazmur
Rowshan Sumel, Md. Shamsul Alam, Liton Sarkar, Security in Ad
Hoc Networks: A Location Based Impersonation Detection
Method, IEEE International Conference on Computer Engineering
and Technology, vol. 2, January 2009. pp. 380-384.
[10] Norbert Bibmeyer, Sebastian Mauthofer, Kpatcha M. Bayarou,
Frank Kargl, Assessment of Node Trustworthiness in VANETs
Using Data Plausibility Checks with Particle Filters, IEEE
Vehicular Networking Conference (VNC), 14-16 November 2012.
pp. 77-85.
[11] Wei-Fan Hsieh, Pei-Yu Lin, Analyze the Digital Watermarking
Security Demands for the Facebook Website, IEEE Sixth
International Conference on Genetic and Evolutionary Computing,
25-28 August 2012. pp. 31-34.
[12] Rodrigo Fonseca, Sylvia Ratnasamy, Jerry Zhao, Cheng Tien Ee,
Beacon Vector Routing: Scalable Point-to-point Routing in
Wireless Sensornets, NSDI'05 Proceedings of the 2nd conference
on Symposium on Networked Systems Design & Implementation,
vol. 2, 2005, pp. 329-342.