Detecting misbehaviors in VANET with integrated root-cause analysis q Mainak Ghosh a , Anitha Varghese b , Arobinda Gupta a, * , Arzad A. Kherani b , Skanda N. Muthaiah b a Department of Computer Science & Engineering, Indian Institute of Technology Kharagpur, Kharagpur 721 302, WB, India b General Motors, India Science Lab, Bangalore, India article info Article history: Received 4 August 2009 Received in revised form 7 January 2010 Accepted 26 February 2010 Available online 11 March 2010 Keywords: Vehicular ad hoc network (VANET) Misbehavior Security Safety application abstract Misbehavior detection schemes (MDSs) form an integral part of misbehaving node eviction in vehicular ad hoc networks (VANETs). A misbehaving node can send messages corre- sponding to an event that either has not occurred (possibly out of malicious intent), or incorrect information corresponding to an actual event (for example, faulty sensor read- ing), or both, causing applications to malfunction. While identifying the presence of misbehavior, it is also imperative to extract the root- cause of the observed misbehavior in order to properly assess the misbehavior’s impact, which in turn determines the action to be taken. This paper uses the Post Crash Notification (PCN) application to illustrate the basic considerations and the key factors affecting the reliability performance of such schemes. The basic cause-tree approach is illustrated and used effectively to jointly achieve misbehavior detection as well as identification of its root-cause. The considerations regarding parameter tuning and impact of mobility on the perfor- mance of the MDS are studied. The performance of the proposed MDS is found to be not very sensitive to slight errors in parameter estimation. Ó 2010 Elsevier B.V. All rights reserved. 1. Introduction A vehicular ad hoc network (VANET) is an ad hoc wire- less communication system setup between multiple vehi- cles in a neighborhood. The communication can be between vehicle-to-vehicle (V2V) or between a vehicle and some roadside infrastructures (V2I). Each vehicle is equipped with an on-board unit (OBU) with computing and communication capabilities. Many applications have been proposed on VANETs for different purposes such as safety, infotainment, financial and navigational aid [1]. The V2V applications broadcast messages that contain the type of the message and possibly other application- specific information (see [2] for further details). Each mes- sage also contains some authentication information [3] to help the receivers validate the authenticity of the informa- tion. Typically, this includes a digital signature on the mes- sage using the private key of the sending entity, and a certificate on the public key issued by a trusted third party, the Certificate Authority (CA). The security layer at any re- ceiver is required to verify the digital signature of each message before passing it on to the relevant application layer. The security layer also performs a simple creden- tial-validity check that confirms if the certificate id of the received message is in the Certificate Revocation List (CRL). A CRL contains a list of known misbehaving certifi- cate identities [3], so that if the certificate id of the sending entity appears in the CRL, the message could be discarded. CRLs are periodically updated and distributed by a CA. The receiver downloads the CRL during some of its last interac- tion with the infrastructure, which could be in the form of a Road Side Entity (RSE) connected to the CA. Detection of misbehaving vehicles (certificates) requires feedback from the participating entities. A participating 1570-8705/$ - see front matter Ó 2010 Elsevier B.V. All rights reserved. doi:10.1016/j.adhoc.2010.02.008 q A poster version of this paper appears in VANET’09, Sixth ACM International Workshop on VehiculAr Inter-NETworking, Beijing, September 25, 2009. * Corresponding author. Tel.: +91 9434060943; fax: +91 3222278985. E-mail addresses: agupta@cse.iitkgp.ernet.in, arobinda@hotmail.com (A. Gupta). Ad Hoc Networks 8 (2010) 778–790 Contents lists available at ScienceDirect Ad Hoc Networks journal homepage: www.elsevier.com/locate/adhoc