Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management Infrastructure

Transcription

1 KTH ROYAL INSTITUTE OF TECHNOLOGY Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management Infrastructure Mohammad Khodaei and Panos Papadimitratos Networked Systems Security Group

2 Vehicular Communication (VC) PHOTO COURTESY OF THE CAR-TO-CAR COMMUNICATION CONSORTIUM (C2C-CC) 2

3 Safety Vehicular Communication Applications Warning: Accident at (x,y,z) Warning: Accident at (x,y,z) Efficiency Warning: Congestion at (x,y,z) Traffic Update: Congestion at (x,y,z); Use alternate route 3

4 Vehicular Communication Applications (cont d) Efficiency Warning: Emergency vehicle approaching In area (X,Y,Z); Warning: Ambulance approaching at (x,y,z) Slow down and yield 4

5 Security and Privacy for VC Why? Safety (?) Warning: Accident at (x,y,z) Efficiency (?) Warning: Congestion at (x,y,z) TOC Traffic Update: Congestion at (x,y,z); Use alternate route 5

6 Security and Privacy for VC Why? (cont d) Efficiency (?) Warning: Emergency vehicle approaching In area (X,Y,Z); Warning: Ambulance approaching at (x,y,z) Slow down and yield 6

7 Security and Privacy for VC Why? (cont d) Privacy (?) 7

8 Security and Privacy for VC Systems Vehicular Public-Key Infrastructure (VPKI) Pseudonymous authentication Trusted Third Party (TTP): Certification Authority (CA) Issues credentials & binds users to their pseudonyms Pseudonymous Authentication PSNYM_2 PSNYM_3 PSNYM_2 PSNYM_1 PSNYM_3 PSNYM_2 PSNYM_1 PSNYM_1 P. PAPADIMITRATOS, ET AL. SECURING VEHICULAR COMMUNICATIONS - ASSUMPTIONS, REQUIREMENTS, AND PRINCIPLES, IN ESCAR, BERLIN, GERMANY, PP. 5-14, NOV P. PAPADIMITRATOS, ET AL. SECURE VEHICULAR COMMUNICATION SYSTEMS: DESIGN AND ARCHITECTURE, IN IEEE COMMUNICATIONS MAGAZINE, VOL. 46, NO. 11, PP , NOV

9 Pseudonym Refilling & Authentication Certification Authority (CA) We focus on this part A B Pseudonymous Authentication: 1. Generate signature with SK 1 2. Append certificate 3. Send packet Beacon packet Header: H Payload: m Sig(SK 1, H, m) Cert(PNYM_K 1 ) 1. Validate certificate (if not previously done so) 2. Validate signature 3. Validate geo-stamp in the header 4. Accept/Reject packet P. PAPADIMITRATOS, ET AL. SECURING VEHICULAR COMMUNICATIONS - ASSUMPTIONS, REQUIREMENTS, AND PRINCIPLES, IN ESCAR, BERLIN, GERMANY, PP. 5-14, NOV P. PAPADIMITRATOS, ET AL. SECURE VEHICULAR COMMUNICATION SYSTEMS: DESIGN AND ARCHITECTURE, IN IEEE COMMUNICATIONS MAGAZINE, VOL. 46, NO. 11, PP , NOV

10 VPKI Overview Root Certification Authority (RCA) Long-Term (CA) Pseudonym CA (PCA) Resolution Authority (RA) Lightweight Directory Access Protocol (LDAP) M. KHODAEI, H. JIN, AND P. PAPADIMITRATOS, SECMACE: SCALABLE AND ROBUST IDENTITY AND CREDENTIAL MANAGEMENT INFRASTRUCTURE IN VEHICULAR COMMUNICATION SYSTEMS, SUBMITTED TO THE IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS. 10

11 Pseudonym Acquisition Overview M. KHODAEI, H. JIN, AND P. PAPADIMITRATOS, SECMACE: SCALABLE AND ROBUST IDENTITY AND CREDENTIAL MANAGEMENT INFRASTRUCTURE IN VEHICULAR COMMUNICATION SYSTEMS, SUBMITTED TO THE IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS. 11

12 End-to-End Delay to Obtain Pseudonyms 12

13 Vehicular Testbed at KTH V2X Security Subsystem (VSS) Dual-core 1.66 GHz 2 GB Memory 100 MB Ethernet USB 2.0 Controller Functions Hitachi communication stack CAM & DENM generator Security processing of messages (sign, verify) Crypto acceleration (AES, ECDSA, ) Secure storage 13

14 Related Publications 1. M. Khodaei, H. Jin, and P. Papadimitratos, Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management Infrastructure, in IEEE VNC, Paderborn, Germany, Dec M. Khodaei and P. Papadimitratos, The Key to Intelligent Transportation: Identity and Credential Management in Vehicular Communication Systems, IEEE VT Magazine, vol. 10, no. 4, Dec M. Khodaei and P. Papadimitratos, Evaluating On-demand Pseudonym Acquisition Policies in Vehicular Communication Systems, in Proceedings of the First International Workshop on IoV-VoI, Paderborn, Germany, July M. Khodaei, H. Jin, and P. Papadimitratos, SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems, IEEE Transactions on Intelligent Transportation Systems, in revision. 14

15 KTH ROYAL INSTITUTE OF TECHNOLOGY Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management Infrastructure Mohammad Khodaei and Panos Papadimitratos Networked Systems Security Group