Vehicle-to-everything (V2X) – Applications, challenges, and attacks


Vehicle-to-everything (V2X) is a new generation of wireless communication technologies that enables data exchanges between vehicles and everything in their surroundings.

V2X supports unified connectivity between connected entities in a V2X environment, vehicles, roadside equipment, and mobile devices, allowing them to transmit information such as their current speed, position, direction, etc. and make intelligent decisions.

The technology creates an Intelligent Transportation System (ITS), transforming the experience of drivers, pedestrians, and transit riders by creating a more comfortable and safer transportation environment. It also has much significance in improving traffic efficiency and reducing greenhouse gas emissions and accident rates.

Vehicle-to-everything (V2X) It supports five types of communications.

  • Vehicle-to-Sensors (V2S) refers to the communication between sensors in the intravehicular subnetwork.
  • Vehicle-to-Vehicle (V2V) covers communication between two or more vehicles.
  • Vehicle-to-Pedestrian (V2P) covers the connection between the vehicle and roadside users.
  • Vehicle-to-Grid (V2G) supports the communication between vehicles and the electric grid to charge Electric Vehicles.
  • Vehicle-to-Infrastructure (V2I) is the communication between road entities and infrastructure units.

In a vehicular network, all road entities are supposed to generate and exchange messages to support various applications related to safety, traffic, and infotainment. These messages are categorized into four types.

  • Periodic message (beacon): Road entity periodically broadcasts a status message, which contains information such as speed, location, and direction, to the neighboring entities. With this, they can predict and anticipate dangerous situations or traffic congestion.
  • Local event-triggered message: Road entity sends the message when a local event is detected, such as the critical warning or intersection assist. It is sent locally to the neighboring entities using V2V/V2P links, containing useful information for neighborhood area only.
  • Global event-triggered message: Road entity sends the message when a global event is detected, such as road construction and road congestion. Road entities use a V2I communication link to transmit the message over a wider area.
  • Emergency vehicle message: It is sent by emergency vehicles to the surrounding vehicles using V2V/V2P links to clear the road to support a smooth movement for emergency vehicles.

V2X applications

V2X in a vehicular environment permits for the existence of various applications such as traffic management (remote vehicle diagnostics, air pollution monitoring), road safety (hazards warning on roads and driver assistance), comfort and infotainment applications.

  • Road safety – These applications assist drivers with information about the various potential dangers and situations that are not visible. They support time-critical and less time-critical applications, responsible for providing precautionary measures to avoid/minimize crashes or hazards.
  • Traffic management – This improves the traffic management on roads by providing users assistance on traffic as well as making them aware of the local traffic information, road conditions, etc. Vehicles receiving messages related to traffic management can adopt necessary actions by following an alternative route for avoiding the underlying hazards.
  • Comfort and infotainment – These applications improve the driving experience by supporting various services and applications, ranging from VoIP, video streaming, weather information, and navigation services to finding the nearest restaurant or locating the nearby gas station.


All V2X systems use a sophisticated Public Key Infrastructure (PKI)-based approach to facilitate trusted communication. Despite the security and privacy guarantees offered by such systems, there are several challenges to overcome. They are:

  • Dynamic Network Topology – The dynamic nature of the network topology due to mobility in V2X is a major challenge that is difficult to handle, particularly concerning security frameworks. The vehicles, in general, move with high velocity, thereby making connections for short durations. So, adapting the security features with the quality of communication that is influenced by the high-velocity vehicles becomes a huge task.
  • Network Scalability – The V2X technology encompasses a large scale network of vehicles worldwide. V2X standards, for example, DSRC, does not need a global authority for governing purpose. The control management of a large network, together with the security issues such as certificate exchange, is quite a demanding task to accomplish. The security techniques that need prior information about vehicles/nodes that participate are not appropriate for such networks.
  • Heterogeneity – The heterogeneity of future vehicular networks results from the implementation of various network infrastructures throughout the world. Thereby, the different manufacturers will implement the technologies based on their respective country’s security and privacy policies. So, it is quite evident that proper synchronization between the specific security features adopted by the different manufacturers and the V2X technology is hard to achieve.
  • Communication Latency – Latency in V2X communication may result from certain issues such as which information to collect and what to filter, which data should be processed, and what should be transmitted and received. Therefore, all the factors related to communication latency in V2X should be addressed so that safety and security-critical situations are handled in real-time.
  • Data Priority -The V2X communication network should be able to prioritize data received from hundreds of nodes. The data processing should consider prioritization, buffering, and queuing techniques for ensuring a robust and efficient data communication link. The data received from security-critical sectors must be handled with the highest priority to prevent collateral damage. Therefore, data priority must be handled with the highest importance to prevent collateral damage.
  • Adoption to Future Platforms – The V2X communication and security architecture should be compatible with the upcoming future vehicular technologies. The integration of security and privacy features is based on the hooking concept that preserves the compatibility factor. The hooking concept places interlayer proxies at different points of the communication stack. So, only the intermediate layers need to be configured if there is a need for transferring the security features to new platforms.
  • Attack Prevention – Future vehicular communication is envisioned to support applications of various kinds and allied services. For enabling these activities, vehicles will have to transmit critical data, such as vehicle identity, that requires maximum security for acceptance from the perspective of the total communication system. Attacks in V2X are broadly categorized into two types, viz., attacks on the system, and attacks on the user. Examples of attacks on the user consist of congestion and vehicle crashes or reducing user’s trust in the system because of message unreliability. Attacks on a V2X communication system consist of tracking instant locations for specific vehicles and false generation of misconduct reports from a vehicle, resulting in revocations or sanctions to innocent drivers. One solution for mitigating from the attacks is designing a specific PKI system for sustaining the high mobility feature of vehicular communication.

Common attacks in V2X

  • Message Spoofing Attack – The attacker in the spoofing attack provides incorrect location information to the network’s vehicles. False information about vehicle location can lead to activities that are detrimental in such environments. Spoofing attacks may also facilitate other attacks where vehicle identification is used as the tool for launching attacks.
  • Traffic Analysis/Movement Tracking Attack – In a vehicular environment, traffic analysis or movement tracking attack is a threat to the privacy of users as well as confidentiality of transmitted messages. In this passive attack, the attacker listens over a network and then analyzes the data collected during the listening period for launching attacks in the future.
  • Eavesdropping – In this passive form of attack, the attacker listens to the communication without the victim being aware of it. The confidentiality of the transmitted messages are compromised and using the collected information of the user, the attacker can track the vehicle.
  • Repudiation – This attack results in loss of tracking events when a node denies any communication
  • Message Replay Attack – In this common attack, an already sent message packet is replayed at regular intervals by the attacker. An instance can be of replaying the beacon frames by the attacker to trace the vehicle’s location.
  • Sybil Attack – In this attack, the attacker generates several vehicles on the road with identical identity. Thus the other vehicles on the road are duped and thereby end up sending messages to false recipients, resulting in the benefit of the attacker.
  • Denial of Service (DoS) Attack – The DoS attacks comprise a group of attacks that target network service availability. The attackers’ primary objective lies in disrupting the means of communication and disturbing normal services such that they are not available to legitimate users. The attacker intentionally floods the control channel with a large volume of messages so that the OBUs and RSUs cannot handle such a huge amount of messages, resulting in network disturbances.
  • Malicious Code Attack – In this attack, malicious vehicles transmit malicious information in the form of codes, such as viruses, worm, spyware, and Trojan horse, to attack the vehicle system or base stations. The malicious codes also can destruct the applications in vehicles and also hamper the services of the vehicles. This attack may also assist in obtaining information on trusted vehicles in V2X.
  • Black Hole Attack – In this attack, the attacker receives packets from the networks but denies participation in the received data routing. This causes updating of the routing tables in an untimely manner. Therefore, legitimate users are prevented from receiving important information, generally, because the attacker declares itself to be a part of the network, though, in reality, it is not so.
  • Man in the Middle (MiM) Attack – In this attack, the attacker places itself between the two communicating pair of nodes, i.e., between the sender and the receiver, and takes control of the communication of the two communicating vehicles. The MiM attack violates the integrity, authenticity, and nonrepudiation issues in the vehicle networks.
  • Brute Force Attack – This type of attack is tough to execute in vehicular networks, due to resource constraints and short connection times, but it can still affect such networks in certain scenarios. The brute force attack can occur while trying to compromise the vehicle’s network identity through a certain searching process. The confidentiality of messages and authentication processes may be hampered by launching brute force attacks.
  • Distributed Denial of Service (DDoS) Attack – DDoS attack is a type of DoS attack in which one main attacker act as an attack manager along with the other attackers. DDoS attacks mainly cause network disturbances by flooding the network with messages.
  • Tampering Hardware – This attack is the outcome of some malicious employees of vehicle manufacturers, who, during yearly maintenance, try to tamper the hardware. This attack aims to either gain access to or place special data from/in the vehicle.
  • Masquerade Attack – The attacker uses a valid identity or mask to hide and tries to create a Blackhole or generate invalid messages that seem to be obtained from authentic nodes. An attacker may pose as an emergency vehicle and compel other vehicles on the road to change lanes or reduce their speeds.
  • Message Tampering Attack – The attacker launches this attack to modify, delete or alter a specific part of the message to fulfill its malicious intentions.