A Two-Factor Authentication Scheme for Moving Connected Vehicles

Abstract

A roadside adversary who holds compromised vehicle-to-everything (V2X) credentials can easily spoof vehicle identities and broadcast fabricated messages that jeopardize the maneuvers of surrounding vehicles. Previous work on the security of ad hoc networks suggests the use of a side channel for two parties to exchange digital certificates to prevent impersonation and man-in-the-middle attacks on the main wireless channel. This paper presents a two-factor authentication scheme by leveraging line-of-sight (LOS) communication as the side channel to impede roadside adversaries who try to impersonate legitimate moving vehicles in the non-line-of-sight (NLOS) channel. To gain the trust of other traffic participants, a vehicle that has received a challenge message broadcast by infrastructure through the main (NLOS) wireless channel must send back its response through the LOS channel to demonstrate it is indeed a vehicle in traffic. The directional property and visual confirmation of the LOS channel and the fact that vehicle movement is ascertained based on physics make it extremely difficult for the roadside adversary to finish the response-challenge process without being detected. Experimental results demonstrate the feasibility of using the proposed scheme for authenticating low-speed vehicles. However, for authenticating vehicles traveling at high speed, transmitting the response message containing certificates through the LOS channel can create a communication bottleneck for the authentication process, although implicit certificates can be adopted to reduce the total authentication time. Future work will explore the alternative format of the challenge-response protocol and the potential technologies for realizing LOS communication to reduce the communication bottleneck.