Security Research Of Software-defined Vehicular Networks

Vehicular network is of great significance for safe,efficient,and comfortable travel.Its development will bring profound changes to the future mode of transportation and the way of goods circulation.By communicating with other vehicles,pedestrians and roadside infrastructures,the vehicle’s environmental perception,and information acquisition ability can be effectively enhanced.However,the mobility of vehicles,the diversity of service requirements,and the heterogeneity of computing and communication technologies have also brought many difficulties and challenges to the vehicular networks.By decoupling the control plane from the data plane,software-defined networking centralizes the control logic of network devices into the controller,and can master the global information,control service migration,centrally manage roadside units and connected vehicles,effectively deal with dynamic network events,as well as better meet the stringent requirements for service quality and reliability.Given this,software-defined networking has become a promising architecture for implementing flexible,programmable,and high-performance vehicular networks,and has been widely concerned in vehicular task offloading,workload scheduling,edge caching,service provision,and so on.Software-defined networking breaks through the bottleneck of traditional vehicular network architecture.In order to be widely used in people’s production and life,security is the premise.Most of the existing security related work of software-defined vehicular network focuses on protecting vehicular network by software-defined networking technology,in which the security policy can be realized in real time through the global monitoring of the controller.However,less attention has been paid to the security threats brought by software-defined networking to the vehicular network.As the brain of the software-defined vehicular network,the controller is responsible for information collection,topology maintenance,resource scheduling,event processing,and so on of the entire network.If the security of the controller is threatened and the information and functions it maintains are tampered with or damaged,the vehicular network may fall into global chaos.In addition,if the forwarding nodes and terminal devices in the software-defined vehicular network become the target of attack,it will also cause network performance degradation to varying degrees or more targeted attacks.Therefore,this dissertation carries out top-down comprehensive security research on the software-defined vehicular network from the control layer,forwarding layer,and device layer,aiming to provide theoretical basis and technical support for its optimized deployment and wide application.The main contributions of this dissertation are as follows:1.Aiming at the control layer of the software-defined vehicular network,this dissertation studies the topology poisoning attack that destroys the topology view of the controller and its defense mechanism.By tampering or replaying the link layer discovery protocol packets,the attacks on five mainstream controllers are realized.The impacts of topology poisoning attack on software-defined vehicular network are analyzed in detail by further dividing software-defined vehicular network into the application layer,controller layer,roadside unit layer,and vehicle layer.Finally,a topology poisoning attack tolerance scheme based on deep reinforcement learning is proposed.By adjusting the deployment of vehicle services,the successful service access rate after the attack is improved,so that software-defined vehicular network can quickly recover to near-normal operation even under attack.2.Aiming at the forwarding layer of the software-defined vehicular network,this dissertation studies the attacks that damage the forwarding nodes of the vehicular network and the corresponding defense mechanisms.Three types of attacks,namely flow table manipulation,control channel disconnection,and data channel disconnection,including seven specific attacks,are successfully implemented against four mainstream controllers,and are systematically and comprehensively analyzed.In addition,considering the typical characteristics of various attacks,a general attack mitigation framework is designed to guide benign network traffic to bypass the attacked forwarding node and give the software-defined vehicular network a certain degree of self-recovery ability.3.Aiming at the device layer of the software-defined vehicular network,this dissertation studies the location hijacking attack and its countermeasures in software-defined vehicular network.In five mainstream controller platforms,network location hijacking is implemented toward edge servers and vehicles.In addition,the details and impacts of the attack are summarized and analyzed from three layers of the software-defined vehicular network.To alleviate the location hijacking attacks against the edge server in the software-defined airspace-ground integrated vehicular network,an attack recovery scheme is constructed through service migration under the two conditions of the existence or absence of the security backup center.In this way,the network performance after the attack can be greatly restored.