Emerging attacks on VANET security based on GPS Time Spoofing

Car2X communication is about to enter the mass market in upcoming years. So far all realization proposals heavily depend on the global positioning system for providing location information and time synchronization. However, studies on security impact of this kind of data input have focused on the possibility to spoof location information. In contrast, attacks on time synchronization have not received much attention so far. Thus, an analysis of the attack potential on vehicular ad-hoc network (VANET) realizations in regard to spoofed time information is provided in this work. Thereby, we show that this kind of attack allows for severe denial of service attacks. Moreover, by such attacks one can violate the non-repudiation feature of the security system by offering the possibility to misuse authentication features. Additionally, a sybil attack can be performed and reliability of the basic data sets of time and position inside VANET messages is highly questionable considering the outlined attacks. Mechanisms to avoid or limit the impact of outlined security flaws are discussed. An evaluation of the possibility to carry out the described attacks in practice using a current Car2X hardware solution is provided.