pith. sign in

arxiv: 2508.02805 · v3 · submitted 2025-08-04 · 💻 cs.CR

Real-World Evaluation of Protocol-Compliant Denial-of-Service Attacks on C-V2X-based Forward Collision Warning Systems

Jean Michel Tine , Mohammed Aldeen , Abyad Enan , M Sabbir Salek , Long Cheng , Mashrur Chowdhury This is my paper

Pith reviewed 2026-05-19 00:17 UTC · model grok-4.3

classification 💻 cs.CR
keywords C-V2XDenial-of-ServiceForward Collision WarningProtocol-compliant attacksBasic Safety MessagesPC5 sidelinkReal-world testbed
0
0 comments X

The pith

Protocol-compliant high-rate UDP flooding and oversized BSM messages can disable C-V2X forward collision warnings entirely.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper shows through real-world tests that attacks staying inside C-V2X protocol rules can still break safety functions. UDP flooding alone cuts packet delivery by up to 87 percent and pushes latency past 400 milliseconds. Oversized Basic Safety Messages overload the receiver's processing and block or delay collision alerts. When both attacks run together they produce near-total loss of communication and stop warnings from appearing. A sympathetic reader would care because C-V2X is meant to rely on protocol compliance for interoperability, yet the results indicate that compliance by itself does not deliver reliable safety performance.

Core claim

The paper establishes that protocol-compliant denial-of-service attacks using high-rate UDP flooding and oversized Basic Safety Messages transmitted over standard PC5 sidelinks can severely degrade or eliminate the performance of a C-V2X Forward Collision Warning system. In a testbed built from commercial On-Board Units, UDP flooding reduced packet delivery ratio by up to 87 percent and raised latency above 400 ms; oversized BSM floods exhausted receiver resources and suppressed alerts; and the combination produced near-total communication failure that prevented any FCW warnings.

What carries the argument

Protocol-compliant high-rate UDP flooding combined with oversized Basic Safety Message transmission over PC5 sidelinks, executed on commercial On-Board Units.

If this is right

  • UDP flooding reduces packet delivery ratio by up to 87 percent and raises latency above 400 ms.
  • Oversized BSM floods overload receiver processing and delay or suppress FCW alerts.
  • Simultaneous UDP and BSM attacks produce near-total communication failure that prevents FCW warnings.
  • Strict adherence to 3GPP and SAE J2735 specifications does not by itself guarantee reliable operation of C-V2X safety applications.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Manufacturers may need to add rate-limiting or anomaly detection layers that go beyond current protocol requirements.
  • The same resource-exhaustion pattern could affect other C-V2X safety messages such as intersection-movement-assist alerts.
  • Certification processes could incorporate adversarial high-rate traffic scenarios to verify resilience.
  • Future protocol revisions might need explicit resource-allocation rules to limit per-sender load.

Load-bearing premise

A testbed built from commercially available On-Board Units accurately reflects the behavior of production C-V2X vehicles and their operating conditions without any extra mitigations that real vehicles might include.

What would settle it

Measuring whether production vehicles equipped with additional rate-limiting or resource-protection mechanisms still lose all FCW functionality when subjected to the same UDP and oversized-BSM flooding rates used in the testbed.

read the original abstract

Cellular Vehicle-to-Everything (C-V2X) technology enables low-latency, reliable communications essential for safety applications such as a Forward Collision Warning (FCW) system. C-V2X deployments operate under strict protocol compliance with the 3rd Generation Partnership Project (3GPP) and the Society of Automotive Engineers Standard (SAE) J2735 specifications to ensure interoperability. This paper presents a real-world testbed evaluation of protocol-compliant Denial-of-Service (DoS) attacks using User Datagram Protocol (UDP) flooding and oversized Basic Safety Message (BSM) attacks that 7 exploit transport- and application-layer vulnerabilities in C-V2X. The attacks presented in this study transmit valid messages over standard PC5 sidelinks, fully adhering to 3GPP and SAE J2735 specifications, but at abnormally high rates and with oversized payloads that overload the receiver resources without breaching any protocol rules such as IEEE 1609. Using a real-world connected vehicle 11 testbed with commercially available On-Board Units (OBUs), we demonstrate that high-rate UDP flooding and oversized payload of BSM flooding can severely degrade FCW performance. Results show that UDP flooding alone reduces packet delivery ratio by up to 87% and increases latency to over 400ms, while oversized BSM floods overload receiver processing resources, delaying or completely suppressing FCW alerts. When UDP and BSM attacks are executed simultaneously, they cause near-total communication failure, preventing FCW warnings entirely. These findings reveal that protocol-compliant communications do not necessarily guarantee safe or reliable operation of C-V2X-based safety applications.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper evaluates protocol-compliant DoS attacks on C-V2X-based Forward Collision Warning (FCW) systems via a real-world testbed with commercially available On-Board Units (OBUs). It demonstrates that high-rate UDP flooding over PC5 reduces packet delivery ratio by up to 87% and increases latency beyond 400 ms, while oversized Basic Safety Message (BSM) floods overload receiver processing and suppress or delay FCW alerts; combined UDP+BSM attacks cause near-total communication failure. All attacks adhere to 3GPP and SAE J2735 specifications without violating rules such as those in IEEE 1609.

Significance. If the empirical results hold under production conditions, the work provides valuable evidence that protocol compliance alone does not ensure reliable operation of C-V2X safety applications, highlighting practical DoS risks at transport and application layers. The use of real hardware and quantitative outcomes from testbed experiments strengthens its relevance to automotive cybersecurity, though broader impact depends on addressing generalizability to deployed vehicle stacks.

major comments (2)
  1. [Testbed Evaluation] Testbed Evaluation / Experimental Setup section: The headline claims (87% PDR reduction, >400 ms latency, and total FCW suppression under combined attacks) rest on the assumption that the commercial OBU testbed accurately represents production C-V2X deployments. The manuscript does not provide firmware versions, configuration details, or evidence ruling out production-grade mitigations such as application-layer rate limiting, duplicate suppression, or hardware-accelerated validation, which could alter the observed overload severity.
  2. [Results] Results section (quantitative outcomes): The reported PDR drop of up to 87% and latency exceeding 400 ms lack accompanying details on the number of experimental runs, statistical methods, variance across trials, or precise attack parameters (e.g., exact UDP rates and BSM payload sizes), making it difficult to evaluate the robustness and reproducibility of the central quantitative findings.
minor comments (2)
  1. [Abstract] Abstract: The phrase 'that 7 exploit' appears to be a typographical or formatting artifact and should be corrected for clarity.
  2. [Introduction] Introduction or Attack Design: Provide a clearer enumeration of how the attacks remain fully protocol-compliant (e.g., explicit reference to specific 3GPP/SAE constraints that are respected versus those that are stressed).

Simulated Author's Rebuttal

2 responses · 1 unresolved

We thank the referee for the constructive feedback on our manuscript. The comments highlight important aspects of experimental rigor and generalizability that we address below. We have prepared revisions to strengthen the presentation of our testbed details and quantitative results while maintaining the core findings on protocol-compliant DoS attacks.

read point-by-point responses

  1. Referee: [Testbed Evaluation] Testbed Evaluation / Experimental Setup section: The headline claims (87% PDR reduction, >400 ms latency, and total FCW suppression under combined attacks) rest on the assumption that the commercial OBU testbed accurately represents production C-V2X deployments. The manuscript does not provide firmware versions, configuration details, or evidence ruling out production-grade mitigations such as application-layer rate limiting, duplicate suppression, or hardware-accelerated validation, which could alter the observed overload severity.

    Authors: We agree that greater transparency on the testbed hardware strengthens the work. The commercial OBUs employed are production-grade devices used in early C-V2X field trials and adhere to 3GPP Release 14/15 PC5 specifications. In the revised manuscript we will add the specific firmware versions, OBU configuration parameters (including sidelink settings and message processing queues), and a dedicated limitations paragraph discussing potential differences from full vehicle-stack implementations. We note that the observed overload occurs at the transport and application layers even under strict protocol compliance; however, we cannot provide exhaustive evidence ruling out every conceivable production mitigation because the testbed reflects the hardware as deployed in research and early commercial settings. revision: partial

  2. Referee: [Results] Results section (quantitative outcomes): The reported PDR drop of up to 87% and latency exceeding 400 ms lack accompanying details on the number of experimental runs, statistical methods, variance across trials, or precise attack parameters (e.g., exact UDP rates and BSM payload sizes), making it difficult to evaluate the robustness and reproducibility of the central quantitative findings.

    Authors: We concur that these methodological details are necessary for reproducibility. The experiments were repeated across multiple independent trials under controlled conditions to capture wireless variability. The revised Results section will report the exact number of runs (five trials per scenario), statistical methods (mean values with standard deviation), observed variance, and precise attack parameters including a UDP flooding rate of 1000 packets per second and BSM payloads of 1500 bytes. These additions will be integrated into the text, tables, and figure captions. revision: yes

standing simulated objections not resolved
  • Definitive evidence ruling out all possible production-grade mitigations (e.g., hardware-accelerated validation) in the specific commercial OBUs, as access to proprietary production configurations is limited.

Circularity Check

0 steps flagged

No circularity: empirical measurement study with direct observations only

full rationale

The paper is a real-world testbed evaluation reporting measured effects of protocol-compliant DoS attacks (UDP flooding and oversized BSM) on C-V2X FCW performance. Results such as up to 87% PDR reduction, >400 ms latency, and FCW suppression are presented as direct experimental outcomes from commercially available OBUs over PC5 links. No equations, fitted parameters, first-principles derivations, or predictions appear in the abstract or described methods. There are no self-citations forming load-bearing premises, no ansatzes smuggled via prior work, and no renaming of known results as new unifications. The central claims reduce to observed data from the described setup rather than any tautological reduction to inputs. This is a standard empirical study whose validity rests on testbed fidelity (addressed separately by the skeptic), not on any circular derivation chain.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests on the validity of the testbed as a proxy for real deployments and on the assumption that the transmitted messages remain fully protocol-compliant.

axioms (1)
  • domain assumption The testbed with commercial OBUs accurately models production C-V2X operating conditions.
    This premise underpins the claim that observed performance degradation would occur in deployed systems.

pith-pipeline@v0.9.0 · 5848 in / 1219 out tokens · 61394 ms · 2026-05-19T00:17:04.583575+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

34 extracted references · 34 canonical work pages

  1. [1]

    Varga, A

    Ficzere, D., P. Varga, A. Wippelhauser, H. Hejazi, O. Csernyava, A. Kovács, and C. Hegedűs. Large- Scale Cellular Vehicle-to-Everything Deployments Based on 5G—Critical Challenges, Solutions, and Vision towards 6G: A Survey. Sensors, Vol. 23, No. 16, 2023, p. 7031. https://doi.org/10.3390/s23167031

    work page doi:10.3390/s23167031 2023

  2. [2]

    Martinez, and J

    Mansouri, A., V. Martinez, and J. Harri. A First Investigation of Congestion Control for LTE-V2X Mode 4. Presented at the 2019 15th Annual Conference on Wireless On-demand Network Systems and Services (WONS), Wengen, Switzerland, 2019

    work page 2019

  3. [3]

    Enan, A., A. A. Mamun, J. M. Tine, J. Mwakalonge, D. A. Indah, G. Comert, and M. Chowdhury. Basic Safety Message Generation through a Video-Based Analytics for Potential Safety Applications. ACM Journal on Autonomous Transportation Systems, Vol. 1, No. 4, 2024, pp. 1–26. https://doi.org/10.1145/3643823

    work page doi:10.1145/3643823 2024

  4. [4]

    Zadobrischi, E., and M. Dimian. Vehicular Communications Utility in Road Safety Applications: A Step toward Self-Aware Intelligent Traffic Systems. Symmetry, Vol. 13, No. 3, 2021, p. 438. https://doi.org/10.3390/sym13030438

    work page doi:10.3390/sym13030438 2021

  5. [5]

    Kauvo, P

    Kutila, M., K. Kauvo, P. Pyykonen, X. Zhang, V. G. Martinez, Y. Zheng, and S. Xu. A C-V2X/5G Field Study for Supporting Automated Driving. Presented at the 2021 IEEE Intelligent Vehicles Symposium (IV), Nagoya, Japan, 2021

    work page 2021

  6. [7]

    Sepulcre, R

    Gonzalez-Martin, M., M. Sepulcre, R. Molina-Masegosa, and J. Gozalvez. Analytical Models of the Performance of C-V2X Mode 4 Vehicular Communications. IEEE Transactions on Vehicular Technology, Vol. 68, No. 2, 2019, pp. 1155–1166. https://doi.org/10.1109/TVT.2018.2888704

    work page doi:10.1109/tvt.2018.2888704 2019

  7. [8]

    O’Driscoll

    McCarthy, B., and A. O’Driscoll. Congestion Control in the Cellular-V2X Sidelink. https://arxiv.org/abs/2106.04871. Accessed July 28, 2025

    work page arXiv 2025

  8. [9]

    Boualegue

    Chihi, H., and R. Boualegue. Congestion Control Investigation into 5G V2V. https://www.researchsquare.com/article/rs-312939/v1. Accessed July 31, 2025

    work page 2025

  9. [10]

    Cinque, M

    Balador, A., E. Cinque, M. Pratesi, F. Valentini, C. Bai, A. A. Gómez, and M. Mohammadi. Survey on Decentralized Congestion Control Methods for Vehicular Communication. Vehicular Communications, Vol. 33, 2022, p. 100394. https://doi.org/10.1016/j.vehcom.2021.100394

    work page doi:10.1016/j.vehcom.2021.100394 2022

  10. [11]

    Sepulcre, M., J. Mira, G. Thandavarayan, and J. Gozalvez. Is Packet Dropping a Suitable Congestion Control Mechanism for Vehicular Networks? Presented at the 2020 IEEE 91st Vehicular Technology Conference (VTC2020-Spring), Antwerp, Belgium, 2020

    work page 2020

  11. [12]

    Starobinski, and R

    Trkulja, N., D. Starobinski, and R. A. Berry. Denial-of-Service Attacks on C-V2X Networks. http://arxiv.org/abs/2010.13725. Accessed July 28, 2025

    work page arXiv 2010

  12. [13]

    Twardokus, G., and H. Rahbari. Vehicle-to-Nothing? Securing C-V2X Against Protocol-Aware DoS Attacks. Presented at the IEEE INFOCOM 2022 - IEEE Conference on Computer Communications, London, United Kingdom, 2022. Tine, Aldeen, Enan, Salek, Cheng, Chowdhury. 19

    work page 2022

  13. [14]

    Berry, and I

    Fouda, A., R. Berry, and I. Vukovic. Interleaved One-Shot Semi-Persistent Scheduling for BSM Transmissions in C-V2X Networks. http://arxiv.org/abs/2110.00056. Accessed July 28, 2025

    work page arXiv 2025

  14. [15]

    IEEE, S.l., 2021

    1609.3-2020 - IEEE Standard for Wireless Access in Vehicular Environments (WAVE)--Networking - Redline. IEEE, S.l., 2021

    work page 2020

  15. [16]

    IEEE, S.l., 2016

    1609.2-2016 - IEEE Standard for Wireless Access in Vehicular Environments--Security Services for Applications and Management Messages. IEEE, S.l., 2016

    work page 2016

  16. [17]

    Silva, T. R., T. D. S. Correia, J. F. M. Sarubbi, and F. V. C. Martins. Roadside Units Deployment in Hybrid VANETs with Synchronous Communication. Presented at the 2018 IEEE 87th Vehicular Technology Conference (VTC Spring), Porto, 2018

    work page 2018

  17. [18]

    Topilin, A

    Wang, J., I. Topilin, A. Feofilova, M. Shao, and Y. Wang. Cooperative Intelligent Transport Systems: The Impact of C-V2X Communication Technologies on Road Safety and Traffic Efficiency. Sensors, Vol. 25, No. 7, 2025, p. 2132. https://doi.org/10.3390/s25072132

    work page doi:10.3390/s25072132 2025

  18. [19]

    Dapa, K. B. S. A., G. Point, S. Bensator, and F. E. Boukour. Vehicular Communications Over OFDM Radar Sensing in the 77 GHz mmWave Band. IEEE Access, Vol. 11, 2023, pp. 4821–4829. https://doi.org/10.1109/ACCESS.2023.3235199

    work page doi:10.1109/access.2023.3235199 2023

  19. [20]

    Shtaiwi, E., Abdelhadi, H. Li, Z. Han, and H. V. Poor. Orthogonal Time Frequency Space for Integrated Sensing and Communication: A Survey. http://arxiv.org/abs/2402.09637. Accessed July 28, 2025

    work page arXiv 2025

  20. [21]

    Blumenstein, J

    Prokes, A., J. Blumenstein, J. Vychodil, T. Mikulasek, R. Marsalek, E. Zochmann, H. Groll, C. F. Mecklenbrauker, T. Zemen, A. Chandra, H. Hammoud, and A. F. Molisch. Multipath Propagation Analysis for Vehicle-to-Infrastructure Communication at 60 GHz. Presented at the 2019 IEEE Vehicular Networking Conference (VNC), Los Angeles, CA, USA, 2019

    work page 2019

  21. [22]

    Zaman, M

    Shah, G., M. Zaman, M. Saifuddin, B. Toghi, and Y. Fallah. Scalable Cellular V2X Solutions: Large- Scale Deployment Challenges of Connected Vehicle Safety Networks. Automotive Innovation, Vol. 7, No. 3, 2024, pp. 373–382. https://doi.org/10.1007/s42154-023-00277-6

    work page doi:10.1007/s42154-023-00277-6 2024

  22. [23]

    Paranjothi, A., M. S. Khan, and S. Zeadally. A Survey on Congestion Detection and Control in Connected Vehicles. Ad Hoc Networks, Vol. 108, 2020, p. 102277. https://doi.org/10.1016/j.adhoc.2020.102277

    work page doi:10.1016/j.adhoc.2020.102277 2020

  23. [24]

    Saifuddin, H

    Toghi, B., M. Saifuddin, H. N. Mahjoub, M. O. Mughal, Y. P. Fallah, J. Rao, and S. Das. Multiple Access in Cellular V2X: Performance Analysis in Highly Congested Vehicular Networks. Presented at the 2018 IEEE Vehicular Networking Conference (VNC), Taipei, Taiwan, 2018

    work page 2018

  24. [25]

    Oliveira

    Tabassum, M., and A. Oliveira. Collision Probabilities Between User Equipment Using 5G NR Sidelink Time-Domain-Based Resource Allocation in C-V2X. Electronics, Vol. 14, No. 4, 2025, p. 751. https://doi.org/10.3390/electronics14040751

    work page doi:10.3390/electronics14040751 2025

  25. [26]

    Berry, and I

    Fouda, A., R. Berry, and I. Vukovic. Study of BSM Inter-Packet Gap Tails in C-V2X Networks. http://arxiv.org/abs/2311.16904. Accessed July 28, 2025

    work page arXiv 2025

  26. [27]

    Kenney, J. B. Dedicated Short-Range Communications (DSRC) Standards in the United States. Proceedings of the IEEE, Vol. 99, No. 7, 2011, pp. 1162–1182. https://doi.org/10.1109/JPROC.2011.2132790. Tine, Aldeen, Enan, Salek, Cheng, Chowdhury. 20

    work page doi:10.1109/jproc.2011.2132790 2011

  27. [28]

    Petit, J., and S. E. Shladover. Potential Cyberattacks on Automated Vehicles. IEEE Transactions on Intelligent Transportation Systems, 2014, pp. 1–11. https://doi.org/10.1109/TITS.2014.2342271

    work page doi:10.1109/tits.2014.2342271 2014

  28. [29]

    Dey, and P

    Abdollahi Biron, Z., S. Dey, and P. Pisu. Real-Time Detection and Estimation of Denial of Service Attack in Connected Vehicle Systems. IEEE Transactions on Intelligent Transportation Systems, Vol. 19, No. 12, 2018, pp. 3893–3902. https://doi.org/10.1109/TITS.2018.2791484

    work page doi:10.1109/tits.2018.2791484 2018

  29. [30]

    Kousaridas, K

    Boban, M., A. Kousaridas, K. Manolakis, J. Eichinger, and W. Xu. Connected Roads of the Future: Use Cases, Requirements, and Design Considerations for Vehicle-to-Everything Communications. IEEE Vehicular Technology Magazine, Vol. 13, No. 3, 2018, pp. 110–123. https://doi.org/10.1109/MVT.2017.2777259

    work page doi:10.1109/mvt.2017.2777259 2018

  30. [31]

    Garcia, M. H. C., A. Molina-Galan, M. Boban, J. Gozalvez, B. Coll-Perales, T. Şahin, and A. Kousaridas. A Tutorial on 5G NR V2X Communications. IEEE Communications Surveys & Tutorials, Vol. 23, No. 3, 2021, pp. 1972–2026. https://doi.org/10.1109/COMST.2021.3057017

    work page doi:10.1109/comst.2021.3057017 2021

  31. [32]

    Berry, and I

    Fouda, A., R. Berry, and I. Vukovic. HARQ Retransmissions in C-V2X: A BSM Latency Analysis. https://arxiv.org/abs/2311.16983. Accessed July 28, 2025

    work page arXiv 2025

  32. [33]

    Burbano-Abril, V

    McCarthy, B., A. Burbano-Abril, V. R. Licea, and A. O’Driscoll. OpenCV2X: Modelling of the V2X Cellular Sidelink and Performance Evaluation for Aperiodic Traffic. https://arxiv.org/abs/2103.13212. Accessed July 28, 2025

    work page arXiv 2025

  33. [34]

    Ma, J., J. Li, Z. Gong, and H. Huang. An Adaptive Multi-Staged Forward Collision Warning System Using a Light Gradient Boosting Machine. Information, Vol. 13, No. 10, 2022, p. 483. https://doi.org/10.3390/info13100483

    work page doi:10.3390/info13100483 2022

  34. [35]

    Ranganathan

    Bitsikas, E., and A. Ranganathan. Security Analysis of 5G NR Device-to-Device Sidelink Communications. http://arxiv.org/abs/2502.16650. Accessed Aug. 2, 2025

    work page arXiv 2025