1. Introduction
The number of automobiles has skyrocketed globally in recent years. As a result of this unprecedented growth, issues such as car accidents and traffic congestion have been witnessed [
1]. According to a projection in 2015, the number of traditional vehicles will double in the next 10 to 20 years [
2]. The World Health Organization (WHO) predicts that road accidents will be the fifth leading cause of mortality by 2030 [
3]. Alternatively, the vehicular ad hoc network (VANET) [
4] has gained significant recognition to cope with road accidents and traffic congestion and facilitated drivers and passengers to obtain infotainment services.
Despite the impressive features and popularity of VANET, its communication mechanism has several limitations due to the end-to-end communication architecture of traditional transmission control protocol/internet protocol (TCP/IP). On top of its limitations, it is a host-centric network that incurs additional overhead and exacerbates network latency [
5]. In addition, security is the topmost priority in VANET, as human lives are directly involved in it.
To address TCP/IP limitations in VANET, today’s internet paradigm has subverted the traditional host-centric network into a content-centric network. In this connection, named data networking (NDN) [
6] is one of the most promising instances of an information-centric network (ICN) [
7], which is envisioned as a future internet architecture. NDN has great potential to support high mobility, dynamic network topology, and intermittent connectivity, which makes NDN the most efficient network architecture for VNDN. Specifically, in-network content caching enables the consumer node to fetch the content from its vicinal replica node rather than querying a faraway original content provider. Another key feature of NDN is to secure content rather than the communication channel. In NDN, every data packet is signed with a cryptographic signature that guarantees packet security.
NDN was initially proposed by VAN Jacobson [
8] under the U.S National Science Foundation (NFS) project. NDN employs two types of packets for content exchange, i.e.,
Interest Packet, which is used by consumers to express their desire for particular content in the network, and
Data Packet, which contains a payload sent back to the content consumers. In addition, there are three types of nodes in NDN, i.e.,
(1) Consumer Node, which is a requester node that initiates an interest packet to fetch the content,
(2) Intermediate Node, which is a relay node that forwards the content to the next hop; another role of the intermediate node is to cache the content in its local storage, and
(3) Producer Node, which disseminates the content among content consumers or intermediate nodes using a data packet. NDN contains three data structures:
1. Content Store (CS): Each node maintains a CS to cache the received content. It provides the matched content to the consumer nodes rather than forwarding interest to the original content provider.
2. Pending Interest Table (PIT): A PIT keeps track of all the unsatisfied interests and their interfaces in a table.
3. Forward Information Base (FIB): The FIB determines name prefixes and forwards the interest packets to all available interfaces upstream except the incoming interface. The FIB is exploited when content is not satisfied by CS.
Figure 1 depicts the content exchange mechanism of NDN in VANET.
Despite sprung-up features, the current form of NDN faces many challenges, including content forwarding, privacy, and security issues [
9]. Specifically, NDN is highly vulnerable to a variety of attacks [
10], including the Interest Flooding Attack (IFA) [
11], Cache pollution Attack, [
12], Man-in-the-Middle Attack [
13], and Content Poisoning Attack (CPA). Among them, CPA is the most difficult to identify and prevent in VNDN because the attacker vehicles modify the original content with malicious data and distribute it with the correct name. In this connection, current literature has proposed several strategies, such as the reputation management scheme [
14], trust management scheme [
15], and signature-based content legitimacy verification [
16]. The authors of [
17,
18] proposed a blockchain-based reputation management scheme for secure content caching. Although these approaches are essential, they cannot adhere to the native content transmission scheme of NDN. Unlike the above-mentioned schemes, we propose a comprehensive network architecture for detecting and preventing CPA using a threshold-based reputation analysis at RSUs. Our proposed CPA detection mechanism classifies attackers and legitimate vehicles based on their previous reputation.
Another significant drawback of NDN is its pull-based content retrieval mechanism, where producer nodes are passive. They can only provide content once a content consumer node initiates an interest packet for a corresponding data packet. To enhance the scope of NDN from a pull-based content retrieval mechanism to a push-based content dissemination mechanism, we employ the Publish-Subscribe (Pub-Sub) [
19] system for disseminating content among pre-subscribed nodes. We integrate pub-sub in our proposed reputation dissemination scheme for disseminating the reputations of host vehicles among RSUs in VNDN.
Meanwhile, secure reputation management is another challenge in VNDN. The centralized cloud-based [
20] and distributed reputation management scheme [
21] are inefficient in VANET due to the mobility of nodes. Blockchain is gaining momentum to maintain the reputation of vehicles securely due to its secure, distributed, and append-only characteristics. As illustrated in
Figure 2, a blockchain contains a series of blocks. Each block is linked to another block. A block contains transactions, the previous block’s hash, and a nonce (a random or incremental number used in blockchain mining to find a hash that meets specific criteria). Leveraging the properties of blockchain, numerous research contributions have been made in the last decade; for example, the authors of [
21,
22,
23,
24,
25,
26] proposed different blockchain strategies for secure data storage in VANET. However, none of those mentioned above explored the blockchain system for CPA detection in VNDN.
Keeping in view the challenges mentioned above and considering the limitations in existing literature, the fundamental goal of this research is to propose an effective network framework for valid content dissemination and CPA detection and prevention system using a reputation management scheme. Thus, our proposed research work prevents intermediate vehicles from accepting malicious content from attacker vehicles. The key contributions of this research are as follows:
We evaluate the legitimacy of vehicles using a threshold-based reputation management system that classifies vehicles as attacker or benign.
We propose push-based content dissemination in VNDN that enables vehicles to propagate content without considering interest packets.
We integrate a blockchain-based reputation management system that stores the reputation of every vehicle at RSUs.
The remainder of this paper is organized as follows. In
Section 2, we review the related works for efficient content caching and CPA detection in VNDN and highlight their limitations.
Section 3 discusses a detailed system model, network elements, and a proposed network architecture. We provide implementation details and simulation results in
Section 4. Finally,
Section 5 provides a conclusion and suggestions for future work.
2. Related Work
Although the concept of enhancing security in VNDN is widely acknowledged [
27], the development and implementation of effective measures to prevent security attacks [
28] in VNDN is still in its early stage. The strategies for efficient content caching include popularity-based content caching [
29,
30], cooperative caching [
31], signature-based content verification [
32], and rating-based trust management system [
21].
Most recent work in [
33] integrated blockchain into NDN for a secure and trusted content caching scheme in VNDN. The authors evaluated the legitimacy of the content and assigned them positive or negative ratings. This work derived an algorithm based on a biological rule named the honeyGuide search algorithm. In this system, each node is assigned an initial ranking that is updated according to the behavior of the content-providing node. The authors also proposed a Malicious Vehicle Table (MVT) containing a list of CPAs. The nodes query the MVT before caching content. On the other, signature-based content legitimacy verification is exploited in [
32]. In this approach, the content consumer verifies the signature of the host node by querying another node. The authors of [
34] proposed a Most Frequently Requested Content (MFRC) scheme that caches frequently requested content.
Analogously, Khelifi et al. [
35] proposed a blockchain-based reputation system for CPA detection and prevention system in VNDN that evaluates the reputation of every content provider before caching their content in CS. Additionally, the authors improved and extended research in [
17]. They proposed a blockchain-based reputation system that addresses both IFA and CPA. Their latest research work evaluates the reputation of content consumers and producers. Thus, this research mitigates the IFA by calculating the total interest sent, total PIT size, and average expunge time of PIT entry. Based on these calculations, the reputation of content consumers is determined and stored in a Local Neighbors Table (LNT). Secondly, the proposed mechanism mitigates CPA by evaluating the reputation of CS.
In [
36], Kim et al. proposed an optimized fuzzy reputation-based trust model for detecting and preventing CPA at the intermediate node in NDN that saves computational resources and flushes out the invalid content from CS. Another significant contribution [
37] employed a blockchain-based secure content sharing scheme in VNDN, wherein a double-layer blockchain content sharing was proposed. In the bottom layer, all the nodes are specified in a group with the same interests. The nodes in a group can desire the content of their interest within the group. If no content is available in the relevant group, the request is forwarded to the upper layer of RSUs. Each group maintains its own blockchain and mining process. Moreover, the authors proposed an incentive-based reputation management system that records positive and negative reputations through blockchain transactions.
Lei et al. in [
38] integrated a private blockchain to maintain Unmanned Aerial Vehicles (UAV) information in NDN. This study aims to exploit blockchain to cope with CPA by verifying the content name and publisher key digest. The authors employed a consensus algorithm named adaptive delegate consensus algorithm (ADCA), a lightweight consensus algorithm that does not require a mining process. In [
39], Bernardini et al. proposed a Most Popular Content (MPC) strategy for caching the most popular content in CS. The content popularity relies on the cache hit ratio. The more hits for content is considered reputable content. In this scheme, every node maintains a popularity table comprising the content name and popularity score, which relies on a pre-defined threshold.
Similarly, Yang et al. in [
23] designed a blockchain-based reputation system for assessing the credibility of content in VANET. This work issues the ratings to the content-providing vehicles, which are then forwarded to a temporarily selected node as blocks. The temporarily selected node is responsible for propagating the reputation among other nodes. Similar to our work, ref. [
40] proposed reputation-based content dissemination in VANET, wherein the reputation of a host vehicle is evaluated before acting upon the message. In this work, reputation is stored and aggregated by a trusted centralized authority. Finally, the authors of [
41] proposed a content source verification for multiple receivers. In this scheme, every consumer node verifies the signature of the content producer. However, the content producer can inject malicious content with the correct signature. Thus, the proposed approach cannot verify the legitimacy of the content.
Table 1 reflects the limitations of the above-mentioned related work.
The above-mentioned related works provide a partial and traditional solution to mitigate CPA. Unlike those works, our proposed work provides an intelligent CPA detection and prevention mechanism that categorizes vehicles into three categories. These categories are reputed vehicles, legitimate vehicles, and attacker vehicles. Based on the category of vehicles, our proposed algorithm decides to accept or reject the hosted content. Secondly, our proposed blockchain-based reputation management scheme ensures the security and privacy of every vehicle’s reputation. Finally, we enhance the scope of NDN from push-based content retrieval to push-based content dissemination.
Table 2 shows the notations used in this paper.
3. System Model
This section exhibits the major entities and their roles in our proposed system model. In this section, we propose a content caching mechanism for detecting and preventing CPA in accordance with our proposed Algorithm 1. Then, we propose a content validation scheme at the content consumer node, as per Algorithm 2. Thereafter, we propose push-based transaction dissemination among RSUs using a suitable naming structure. Furthermore, this section proposes a blockchain block propagation and verification scheme.
3.1. System Components
As depicted in
Figure 3, the proposed system comprises several essential components with distinct roles, as mentioned below:
Trusted Authority (TA): TA is responsible for registering the vehicle by assigning them a pair of keys (public and private).
Car: An OBU-equipped car can serve as a consumer, intermediate node, or producer, with interchangeable roles depending on the situation.
RSU: Keeping in view the availability and stability of RSUs alongside the road, their primary role is to calculate, store, and provide the aggregate reputation of every vehicle to the requesting nodes. In addition to RSUs, we determine public buses as moving RSU (mRSU) [
42,
43]. Due to their mobility and prolonged availability, they are suitable to provide reputations to the vehicles.
Figure 3.
System components in VNDN.
Figure 3.
System components in VNDN.
3.2. Secure Content Caching Mechanism
Our proposed content caching mechanism aims to identify and prevent attacker vehicles. We enable RSUs to evaluate every vehicle’s threshold-based reputation to achieve our goal. Unlike the default content caching mechanism of NDN, which allows intermediate nodes to store every content at intermediate nodes without determining content legitimacy, we first evaluate the legitimacy of the content-providing node before caching served content in CS. Based on our proposed reputation evaluation, an intermediate node decides whether to cache or ignore the content provided by a producer. In our proposed Algorithm 1 and
Figure 4, an intermediate node receives an interest packet from a content consumer and forwards it to the content producer. The content producer then serves the requested content with a data packet to the intermediate node. Subsequently, the intermediate node queries its local reputation data. It is worth noting that every node must download an updated reputation of a host vehicle from RSUs. Due to the mobility of nodes, the intermediate nodes cannot query RSUs/mRSUs during content transmission. Therefore, each vehicle must receive an updated aggregated reputation of all the vehicles from RSUs/mRSUs using an optional “MustBeFresh” field in the interest packet. Our content caching decision is based on three rules. (1) Cache and forward the content to the consumer if the reputation score of the host vehicle is greater than 10. (2) Forward the content to the consumer without caching it if the reputation score is between 0 and 9. (3) Immediately discard the packet if the reputation score is negative. Following our content caching policy, the intermediate node decides whether to cache, forward, or discard the data packet. Our reputation-based scheme initially assigns a 0 reputation score to every newly joined node. In our proposed reputation management system, the role of RSUs/mRSU is to collect and calculate the reputation of every individual vehicle and provide an aggregate reputation according to Equation (
1). The aggregate reputation score enables the intermediate nodes to classify CPA and legitimate nodes:
where
denotes the number of calculated reputations of a content producer and is assigned to
, which represents the aggregate reputation score of a producer node. Thus, no content sent from CPA will be stored in the CS of the intermediate node or forwarded to the content consumer node.
Algorithm 1 Content Caching policy at the intermediate node |
- Require:
from - 1:
Calculate - 2:
if
then - 3:
Drop the packet - 4:
else if
then - 5:
Forward Data Packet to Content Consumer - 6:
else if
then - 7:
Cache content - 8:
Forward Data Packet to Content Consumer - 9:
end if
|
Our proposed Algorithm 1 determines a pre-configured threshold-based reputation system. In this system, a threshold-qualifying vehicle with a reputation score of (10) or above is considered reputed. An intermediate node caches and forwards the content to the consumer node if the content provider is reputed. On the other hand, a vehicle with a reputation value between 0 and 9 is considered trusted. Their hosted content can be forwarded to the consumer without caching at the intermediate node because they are not yet qualified for content caching. Finally, we assume a vehicle is an attacker with a negative reputation.
3.3. Content Validation Mechanism
Upon receiving content from the intermediate node, the content consumer utilizes and evaluates the legitimacy of the content. The content validation policy plays a significant role in this stage. Based on the legitimacy of content, the content consumer node decides whether the served content is valid or malicious. According to Equation (
2), legitimate content is identified with 1 and malicious content with 0. In our proposed content validation scheme, a consumer rewards a producer
with +1 if the served content is valid. Conversely, a producer
is punished with −1 if the served content is malicious/invalid. After assigning the reputation value
based on the legitimacy of the content, a consumer has another role in broadcasting the reputation of the content producer among pre-subscribed RSUs/mRSUs. Algorithm 2 shows the content validation and transaction dissemination among RSUs/mRSUs. It is worth noting that consumers can identify the content producers with their public key assigned by TA.
Algorithm 2 Content validation policy |
- Require:
Data Packet - 1:
if = then - 2:
- 3:
Push to pre-subscribed vehicles - 4:
else if Trusted then - 5:
- 6:
Push to pre-subscribed vehicles - 7:
end if
|
3.4. Pub-Sub Model
In our proposed system model, we enable the nodes to broadcast the reputation of host vehicles without receiving interest requests for each content. To this end, we exploit a pub-sub in VNDN. The proposed pub-sub model allows consumer nodes to disseminate the reputation score (+1 or −1) to the nearest RSUs/mRSUs. It is important to note that every RSU/mRSU must subscribe to the reputations at least once using a prefix naming structure, e.g., /VNDN/Reputation/Version/MustBeFresh. The naming structure for the subscription of a reputation informs the nodes to send back the latest reputation of vehicles when it becomes available. In the response, a publisher (which is the consumer in NDN) provides the content producer’s reputation with the naming structure VNDN/Reputation/Version/Vehicle/No/(+1 or −1). Our proposed scheme prevents subscribing to every vehicle’s reputation individually. Due to the unpredictable reputation generation time, it is infeasible for subscribers to decide when to broadcast the subscription packet for a specific reputation. Periodic subscription requests that are too short or too long can impact network performance. Therefore, we design a suitable prefix naming structure that enables the RSUs/mRSUs to receive many packets in response to a single subscription request.
3.5. Naming Structure
The opaque naming structure plays a significant role in content dissemination in NDN. It allows the applications to design the naming structure as per requirement. Taking advantage of the flexible naming structure and considering the native hierarchical naming rule of NDN, we propose the following naming structure for interest packet requests, reputation requests to RSUs/mRSUs, and subscription requests in pub-sub.
- Content Request:
/VNDN/Infotainment/Misuc/Artist/Album/Track
- Reputation Request:
/VNDN/Reputation/Version/MustBeFresh
- Subscription Request:
/VNDN/Pub-Sub/Reputation/MustBeFresh
3.6. Transaction and Block Dissemination
Leveraging the availability of RSUs/mRSU on the road, we consider them blockchain nodes in our proposed system. Their primary role is receiving transactions from vehicles and storing and sharing them in the network. To disseminate the reputation of vehicles among blockchain nodes, the content validator (consumer) takes advantage of pub-sub and broadcasts the reputation (+1 or −1) in the form of a blockchain transaction to the nearest RSU/mRSU. Once RSU/mRSU receives the transaction, it packs the transaction into a block and disseminates it among all blockchain nodes. Subsequently, every blockchain node receives and performs a specific consensus algorithm (mining) to validate the block, as shown in
Figure 5.
3.7. Consensus Mechanism
The consensus mechanism plays a significant role in validating the blocks in the blockchain. It ensures that all nodes in the network agree to append the block to the network. Thus, the consensus mechanism prevents tempered blocks from appending in the blockchain. After creating and disseminating the block to the blockchain network, our proposed consensus mechanism takes place to validate the block. Our proposed system uses the PoW consensus mechanism, which is the most secure and difficult for attackers to manipulate. PoW requires the nodes to perform complex calculations to mine the block. In the blockchain, the attacker nodes can compromise the integrity of RSUs/mRSU with propagating tempered blocks by changing or deleting transaction data. To verify the integrity of blocks, the blockchain nodes calculate the previous block’s hash. Any change in the hash of the previous block will automatically reject the block. Hence, adding a tempered block to the blockchain network is nearly impossible.
3.8. A Summarized System Model Flow
As illustrated in
Figure 6, our proposed system model flowchart exhibits content dissemination, content caching, content validation, reputation propagation, and block validation in the blockchain. Our proposed model is divided into four stages. Stage 1: A content consumer node broadcasts an interest packet to the intermediate node. The neighboring intermediate node satisfies the interest request if the corresponding information is available in its CS. Otherwise, the intermediate node forwards the request to other nodes. A node with matched content responds with a data packet to the intermediate node. Step 2: Before caching content in its CS or forwarding it to the consumer, the intermediate node evaluates the reputation of the content producer. Based on the reputation score, an intermediate node decides whether to cache, forward, or reject the content. Step 3: The content consumer uses and classifies the content as legitimate or malicious. Based on this evaluation, the consumer node assigns (+1 or −1) and propagates the reputation as a transaction to the blockchain network. Step 4: The blockchain nodes receive the transaction, pack it into the block, and disseminate it among neighboring nodes. The neighboring nodes apply the PoW consensus algorithm. Based on the legitimacy of the block, the nodes add a valid block or reject a tempered block.
5. Conclusions
The NDN in VANET faces several challenges, including security, privacy, and fair content dissemination. Specifically, secure content dissemination is an extremely important facet of VNDN, where the existence of CPA can jeopardize the integrity of the whole network. To solve the above-mentioned challenges, we proposed a threshold-based CPA detection and prevention technique. In this paper, we address CPA, ensure privacy, and enhance the scope of NDN from pull-based content retrieval to push-based content dissemination. Our proposed CPA detection scheme enables intermediate nodes to accept or reject the content based on the reputation of vehicles. Thus, our proposed model motivates legitimate vehicles to exchange trusted content and reject malicious content. We compared our proposed scheme with default content caching in NDN, reflecting that our proposed mechanism identifies attackers with 100% accuracy. On the other hand, the default NDN caching mechanism stores every content without determining the legitimacy of the content provider. Besides, we integrated a decentralized and secure blockchain system to store the reputation of every vehicle at RSUs/mRSUs. Our proposed blockchain-based framework stores all privacy content and prevents attackers from tempering with the blocks with 100% accuracy. Finally, we enhance the scope of NDN using a pub-sub mechanism that enables nodes to disseminate reputation through push-based communication. Hence, our contribution significantly enhances confidence among vehicles to accept or reject content based on the reputation of content-providing vehicles. Moreover, the scope of this research is limited to simulation-based CPA detection and prevention, which can be further executed in an NDN testbed using real-time scenarios. Our proposed CPA detection system is a rule-based reputation evaluation system. The CPA detection system can be further evaluated in future work through Machine Learning (ML) and Deep Learning (DL) classifiers using different publicly available datasets. Thus, the most accurate classifier can detect CPA with accuracy. Moreover, our proposed research work is simulation-based, which can be further implemented in real-time scenarios in the future.