Toward Protecting 5G Sidelink Scheduling in C-V2X Against Intelligent DoS Attacks

5G Cellular Vehicle-to-Everything (5G C-V2X) is emerging as the globally dominant connected vehicle technology. One critical application of 5G C-V2X is the direct exchange of safety-critical messages between vehicles to prevent crashes and correspondingly reduce roadway injuries and fatalities. While current C-V2X security protocols concern only message payloads, we expose vulnerabilities in the physical-layer attributes and decentralized MAC-layer scheduling algorithm of 5G C-V2X by developing two stealthy denial-of-service (DoS) attacks to exploit them. These low-duty-cycle attacks dramatically degrade C-V2X availability, increasing the likelihood of prolonged travel times and even vehicle crashes. We further develop detection and mitigation techniques for each attack, in part by exploiting new C-V2X features of 3GPP Rel-17. We experimentally evaluate our attacks and countermeasures in a hardware testbed composed of USRPs and state-of-the-art C-V2X kits as well as through extensive network and roadway simulations, showing that within seconds of initiation our attacks can reduce a target's packet delivery ratio by 90% or that of the C-V2X channel to under 25%. We further evaluate our machine-learning detection and low-cost mitigation techniques, showing the latter completely thwart one attack and reduce the impact of the other by 80%, providing insight towards developing a more robust 5G C-V2X.