Asset | Vulnerability | Threat | Attack | Solution | Violated Security Requirement |
Vehicle/ Vehicular User | Software flaw (Weak message propagation algorithm) | Privacy leakage of sensitive information | Malware integration | Updating antivirus, Sandbox approach [70] | Availability/Authentication |
Vehicle | OBU vulnerability | Unauthorised manipulation of routing table | Jamming attacks at vehicle level | Frequency hopping, Multiple radio transceivers | Availability |
Vehicle | Vehicular hardware flaws | Disclosure of sensitive information | Sensor impersonation | SPECS [71] | Authentication |
Vehicle | OBU vulnerabilities, Sensors malfunctions | Network flooding with wrong information | Bogus information | ECDSA [72] | Authentication/Integrity |
Vehicle | Insecure cryptographic algorithms | Illegal software updates | Remote firmware updates | Secure firmware updates over the air (FOTA) [73] | Authentication |
Vehicle/ Vehicular User | Software flaws, Weak Password | Privacy leakage of sensitive data | Social engineering attack | Encrypted and strong password for message communication | Integrity/Privacy |
Vehicle | Ohysical access to vehicles | Damaging sensors to perform correctly | Physical damage to vehicles | Access control | Authentication |
Vehicular User | OBU vulnerabilities, Inseucre wireless communication | Revelation of users identity | User privacy disclosure | Holistic approach for data transmission [74] | Privacy/Authentication |
Information | Broadcast nature of messages via wireless communication channel | Revelation of sensitive information and user’s private credentials | Eavesdropping | Strong encrypted message for user’s communication | Privacy/Authentication |
Information | OBU vulnerabilities, Insecure wireless communication channel | Prevents vehicles to receive sensitive information and use network services | Jamming attacks | Assign IPs to vehicles and drop duplicate IP during message transfer [58] , Change packet delivery ratio (PDR) based on PDR rate decrease [75] , DJAVAN [76] | Availability |
Information | Insecure wireless communication channel | Messages alterations | Impersonation attacks | Identity-based batch verification scheme [77] | Authentication |
Information | Non-encrypted messages, Insecure wireless communication channel | Message modification with wrong and compromised messages | MITM attacks | Strong cryptographic techniques | Availability/Confidentiality |
Information | Vulnerable wireless communication channel | Message manipulation and dropping | Spoofing attacks | Multi-antenna system with known movements [78] , Secure in-region verification [79] | Authentication |
RSU, Wired communication, Central entity | Flaws in routing table and non-encrypted messages | Data leakage on back-end wired channel | Sybil attacks | Position verification of neighbouring nodes [80] , VANET PKI [17] , RobSAD [81] | Authentication/Availability |