DeQoS Attack: Degrading Quality of Service in VANETs and its Mitigation

In this paper, we introduce a degradation-of-QoS (DeQoS) attack against vehicular ad hoc networks (VANETs). Through DeQoS, the attacker can relay the authentication exchanges between roadside units (RSUs) and faraway vehicles to establish connections but will not relay the service afterwards, which wastes the limited connection resources of RSUs. With enough number of dummy connections, RSUs’ resources could run out such that they can no longer provide services for legitimate vehicles. Since the mobility of vehicles is highly related to the success probability of the attacker, we model the arrival and departure of vehicles into an $M/M/N$ -queue system and show how the attacker can adaptively choose different attack strategies to perform the attack in distinct traffic environments. A series of simulations are conducted to verify the practicality of the attack using MATLAB. The experimental results demonstrate that the attacker can easily find exploitable vehicles and launch the DeQoS attack with an overwhelming probability (e.g., more than 0.98). As DeQoS exploits the weakness of lacking physical proximity authentication, only employing existing application-layer defense protocols in VANETs such as cryptography-based protocols cannot prevent this attack. Therefore, we design a new cross-layer relay-resistant authentication protocol by leveraging the distance-bounding technique. Security analysis is given to show that the defense mechanism can effectively mitigate DeQoS.