Detecting Sybil Attacks Using Proofs of Work and Location in VANETs

Vehicular Ad Hoc Networks (VANETs) have the potential to enable the next-generation Intelligent Transportation Systems (ITS). In ITS, data contributed by vehicles can build a spatio-temporal view of traffic statistics, which can improve road safety and reduce slow traffic and jams. To preserve drivers’ privacy, vehicles should use multiple pseudonyms instead of only one identity. However, vehicles may exploit this abundance of pseudonyms and launch Sybil attacks by pretending to be multiple vehicles. Then, these Sybil (or fake) vehicles report false data, e.g., to create fake congestion or pollute traffic management data. In this article, we propose a Sybil attack detection scheme using proofs of work and location. The idea is that each road side unit (RSU) issues a signed time-stamped tag as a proof for the vehicle’s anonymous location. Proofs sent from multiple consecutive RSUs are used to create a trajectory which is used as vehicle anonymous identity. Also, contributions from one RSU are not enough to create trajectories, rather the contributions of several RSUs are needed. By this way, attackers need to compromise an infeasible number of RSUs to create fake trajectories. Moreover, upon receiving the proof of location from an RSU, the vehicle should solve a computational puzzle by running proof of work (PoW) algorithm. Then, it should provide a valid solution (proof of work) to the next RSU before it can obtain a proof of location. Using the PoW can prevent the vehicles from creating multiple trajectories in case of low-dense RSUs. To report an event, the vehicle has to send the latest trajectory to an event manager. Then, the event manager uses a matching technique to identify the trajectories sent from Sybil vehicles. The scheme depends on the fact that the Sybil trajectories are bounded physically to one vehicle, and therefore, their trajectories should overlap. Extensive experiments and simulations demonstrate that our scheme achieves high detection rate of Sybil attacks with low false negative and acceptable communication and computation overhead.