Top security risks of dedicated short-range communication (DSRC)

connected-cars

Most modern vehicles use dedicated short-range communication (DSRC) technologies to enable reliable and very high data transmission between vehicle-based devices and active safety applications in the vehicle to vehicle (V2V) and vehicle to infrastructure (V2I) communication environments.

This two-way short-to-medium range wireless communication has the potential to significantly reduce, mitigate, or prevent collisions through real-time advisories. It can alert drivers to imminent hazards, such as collision paths during merging, sudden braking, blind spots, sharp curves, slippery patches of roadway ahead, etc. Additionally, V2I applications using DSRC provide more convenient e-parking, vehicle safety inspection, and toll payment services.

However, DSRC technologies come with their own security risks. They are susceptible to all types of attacks against traditional Wi-Fi, including jamming, spoofing, and interference. In addition to these attacks, DSRC devices are also susceptible to attacks on user confidentiality. Even isolated security breaches can have a dramatic impact on consumer confidence. In this post, we present some of the key security risks associated with DSRC systems.

1. Jamming

DSRC devices operate at a relatively low 5.9 GHz frequency, enhancing its maximum detection range but making it more susceptible to jamming attacks. Research has shown that constant, random, and intelligent jamming attacks can deny DSRC applications service to the point of disabling all of their functionality.

Besides, DSRC may face denial-of-service attacks designed to jam the system from within the vehicle network, such as malware, spamming, and black hole attacks. All of these attacks have the potential to deactivate vehicle communications for an extended period, endangering the targeted vehicle and its occupants if the vehicle relies on DSRC to warn of collisions.

Considerable research has examined solutions to combat these potential attacks, such as implementing additional authentication, physically separating networks within the same vehicle, switching frequencies when denied service, and communicating with legitimate DSRC devices to blacklist rogue devices. Despite these efforts, jamming remains a major security concern for DSRC systems due to the ease with which an attack is carried out and the potential consequences on targeted systems.

2. Spoofing

Despite being susceptible to jamming, DSRC exhibits inherent resistance to spoofing attacks. Because DSRC is a subset of the IEEE 802.11 standard, it has a predefined packet sequence that incorporates packet authentication into its packet headers. Because of this, spoofing a DSRC device requires knowledge about specific sequences of the packet headers. Also, during transmission, the DSRC standard may incorporate public-key cryptography, further improving those devices’ security.

Despite these advantages, DSRC is still vulnerable to specific types of spoofing attacks. These include attacks from within the network itself and attacks that modify the signals sent throughout the network. Suppose the attacker can somehow determine or obtain the necessary credentials for authentication. In that case, it may impersonate a legitimate device, enabling the attacker to send false information to the target device.

3. Interference

The Federal Communications Commission has assigned DSRC a frequency band of 75 MHz at 5.9 GHz. Because of this, DSRC has no (legal) interference from non-DSRC devices, such as Wi-Fi devices that operate on the 5 GHz band.

There are currently relatively few DSRC devices implemented on the road in vehicles, making interference a non-issue. However, when DSRC devices become widespread in the future, interference between mutual devices will be a concern, particularly in congested environments like downtown areas.

Although the current strategies to reduce mutual interference (such as interference cancellation, power and frequency adaptation, and improved MAC layer protocol design) may decrease the effect of interference on DSRC, mutual interference is still a notable security concern that has yet to be addressed entirely.

4. Confidentiality

In addition to jamming, spoofing, and interference, DSRC devices also need to address confidentiality due to their nature as a communications system. Not only do DSRC devices need to maintain data privacy, but they also need to ensure that unwanted third parties can not covertly track the device’s location over an extended period. Potential confidentiality threats include eavesdropping, masquerading, and analysis of the traffic.

Although the consequences of failing to address information and location privacy are not as severe as those of jamming, spoofing and interference, maintaining confidentiality is one of the security topics in vehicle networks that has been discussed more. This is because of the exceptionally small complexity of conducting a confidentiality attack.

Such attacks can be performed for naïve DSRC technologies by listening to the data transmissions within a network and analyzing the traffic. There are currently various measures to prevent confidentiality attacks, such as device cloaking, but these solutions bring considerable complexity to the entire network and are sometimes undesirable.