Real-World Evaluation of Protocol-Compliant Denial-of-Service Attacks on C-V2X-based Forward Collision Warning Systems

Computer Science > Cryptography and Security [Submitted on 4 Aug 2025 (v1), last revised 27 Apr 2026 (this version, v3)] Real-World Evaluation of Protocol-Compliant Denial-of-Service Attacks on C-V2X-based Forward Collision Warning Systems Jean Michel Tine, Mohammed Aldeen, Abyad Enan, M Sabbir Salek, Long Cheng, Mashrur Chowdhury Cellular Vehicle-to-Everything (C-V2X) technology enables low-latency, reliable communications essential for safety applications such as a Forward Collision Warning (FCW) system. C-V2X deployments operate under strict protocol compliance with the 3rd Generation Partnership Project (3GPP) and the Society of Automotive Engineers Standard (SAE) J2735 specifications to ensure interoperability. This paper presents a real-world testbed evaluation of protocol-compliant Denial-of-Service (DoS) attacks using User Datagram Protocol (UDP) flooding and oversized Basic Safety Message (BSM) attacks that 7 exploit transport- and application-layer vulnerabilities in C-V2X. The attacks presented in this study transmit valid messages over standard PC5 sidelinks, fully adhering to 3GPP and SAE J2735 specifications, but at abnormally high rates and with oversized payloads that overload the receiver resources without breaching any protocol rules such as IEEE 1609. Using a real-world connected vehicle 11 testbed with commercially available On-Board Units (OBUs), we demonstrate that high-rate UDP flooding and oversized payload of BSM flooding can severely degrade FCW performance. Results show that UDP flooding alone reduces packet delivery ratio by up to 87% and increases latency to over 400ms, while oversized BSM floods overload receiver processing resources, delaying or completely suppressing FCW alerts. When UDP and BSM attacks are executed simultaneously, they cause near-total communication failure, preventing FCW warnings entirely. These findings reveal that protocol-compliant communications do not necessarily guarantee safe or reliable operation of C-V2X-based safety applications. Comments: This paper was submitted to the Transportation Research Board (TRB) 2026 and is under review Subjects: Cryptography and Security (cs.CR) Cite as: arXiv:2508.02805 [cs.CR]   (or arXiv:2508.02805v3 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2508.02805 Focus to learn more Submission history From: Jean Michel Tine [view email] [v1] Mon, 4 Aug 2025 18:20:45 UTC (935 KB) [v2] Tue, 13 Jan 2026 14:43:21 UTC (1,340 KB) [v3] Mon, 27 Apr 2026 19:50:51 UTC (1,943 KB) Access Paper: view license Current browse context: cs.CR < prev   |   next > new | recent | 2025-08 Change to browse by: cs References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)