Authentication with Privacy for Connected Cars - A research perspective -

Transcription

1 Authentication with Privacy for Connected Cars - A research perspective - Mark Manulis Surrey Centre for Cyber Security, Deputy-Director Department of Computer Science University of Surrey sccs.surrey.ac.uk 1

2 Surrey Centre for Cyber Security Mission - To collaborate with academia, industry and government to produce internationally leading research in cyber security for the benefit of society Core academics (10+) - the technical heart of the Centre. Academics for whom cyber security related research is a significant research activity. Drawn from Department of Computer Science (Secure Systems Group), and EEE s Institute for Communication Systems. Associate academics (24) - Surrey academics whose research relates to cyber security. Drawn from 8 Departments across the University: EEE (5G Innovation Centre, CVSSP, Space Centre), Artificial Intelligence (NICE group), Mathematics, Psychology, Sociology, Law, Economics, Surrey Business School. 2

3 SCCS Core Research Capabilities From foundations to applications Application Domains Application-oriented technologies Authentication and Identity System and Code Verification Trust Management and Attestation Multimedia Security Data and User Privacy Secure Communications Human Factors Foundations and enabling techniques Applied Cryptography Formal System Analysis Artificial Intelligence Vulnerability Analysis Data Analytics 3

4 SCCS Application Domains Automotive connected vehicles, component integrity, secure communications, cloud support Democracy verifiable election integrity with voter privacy; distributed ledger technology Finance big data analysis with pattern recognition, fraud detection, blockchain applications Future Internet IoT, wireless sensors, mobile/satellite comms, security, privacy, robustness Health activity trackers, medical devices, security, privacy, cloud support Law Enforcement cybercrime, digital forensics, fraud detection, online grooming Transportation personalised rail journey, user privacy vs. benefit trade-offs 4

5 Connected Cars Expectations Improve safety on the road Enable new services/applications Provide better driving experience Simplify maintenance/service Reduce costs Environmental benefits 5

6 Connected Cars Applications Emergency (safety-critical) Detection of hazards Collision avoidance Emergency braking Intelligent Transportation Traffic control systems Adaptive cruise control Navigation, parking guidance Fleet management Car maintenance Remote diagnostics Software updates Commercial Taxes, insurance fees Toll payments, ticketing Cloud-based services 6

7 Connected Cars Technologies Wireless communications, e.g. WiFi, BT, mobile (GPRS, EDGE, LTE), DSRC, WAVE Lot s of connected sensors 100s of ECUs for in-vehicle components 7

8 Authentication Fundamental security goal for any communication Authentication typically Ensures identity of a communicating party Enables non-repudiation of communication Needs be revocable (in many cases) Crucial for V2X communications in safety-critical applications for traffic management in commercial applications sender message verifiers Authentication is subject to verification Performed by vehicles (in V2V) or infrastructure/cloud (V2I/C) Real-time, in most cases 8

9 Privacy Fundamental goal that protects drivers/passengers Main privacy threat in V2X is the creation of mobility patterns, in particular through mass surveillance Mobility patterns can be used to systematically collect and infer private information about users and their vehicles Private information includes (time-dependent) behaviours, work/home environment, etc... Privacy threat increases if V2X data is combined with other sources (e.g. social networks, mobile phone usage, etc) 9

10 Traditional authentication mechanisms Shared Key and MACs Message Authentication Codes with secret keys, preshared between senders and verifiers, e.g. via trusted Key Distribution Centre Inefficient key management: too many keys to be shared, upon revocation remaining keys must be changed K 3 K 2 K K K K K 2 3 Higher risk that keys become compromised since they are stored in many locations Shared keys do not provide non-repudiation, hence no identification in case of liability attribution K 3 K 2 K 1 K 1 MAC(K i, msg) K 2 Privacy possible if group keys are used, but then no identification can be achieved K 1 K 3 10

11 Traditional authentication mechanisms Public Key Infrastructures and Digital Signatures PKI requires trusted Certification Authorities (CAs), can be organised into a hierarchy Different PKIs for different purposes (e.g. manufacturers/dealers, insurances, ), cross-domain authentication SK A, PK A Cert(ID 1, PK 1 ) Cert(ID 2, PK 2 ) Cert(ID 2, PK 2 ) Cert(ID 3, PK 3 ) Cert(ID 7, PK 7 )... revocation repository CAs issue certificates (digital signatures) and by this vouch for vehicle ID-PK pairs CAs can revoke certificates via public repository; revocation is a bottleneck Vehicle ID becomes known to verifier; no privacy SK 1, PK 1 SK 2, PK 2 Sign(SK 1, msg) PK 1, Cert(ID 1, PK 1 ) Is Cert revoked? Verify(PK A, Cert) Verify(PK 1, Sign) 11

12 Privacy-Preserving Authentication Pseudonym-based solutions Pseudonyms replace vehicle IDs, e.g. Cert(Nym, PK) Non-scalable since pseudonyms must be changed to avoid profiling; onetime or short-lived pseudonyms Mapping between ID and Nyms are maintained by the pseudonym authorities; threat of mass surveillance Inefficient revocation since all revoked Nyms of a vehicle must be communicated to all verifiers 12

13 Privacy-Preserving Authentication Pseudonyms and Identity-based Cryptography Identity-based cryptography is an alternative to PKI; users have no PKs SK A, PK A Nym 1, SK 1 Nym 2, SK 2 revocation repository In V2X proposals IDs are replaced with pseudonyms Nym 2 Nym 3 Nym 5 Same issues as with other pseudonymbased solutions, incl. non-scalable pseudonym management, revocation, privacy threat through the authority Is Nym 1 revoked? Nym 1, Sign(SK 1, msg) Verify(PK A, Sign) 13

14 Privacy-Preserving Authentication Hiding in groups Make use of group signatures, where each signer is a member of a group and can sign without leaking own ID SK 1 SK 2 SK A, PK A Better scalability since SK can be used many times, no need for pseudonyms Inefficient revocation since SK of remaining signers must be updated and/or revocation information must be distributed to all verifiers Privacy threat since group authority can identify signers at any time Signers can be identified using SK A Is signer revoked? Sign(SK 1, msg) Verify(PK A, Sign) 14

15 Vehicle IDs From identities to properties Privacy aims to protect vehicle IDs but what is a vehicle ID in V2X context? VIN? Engine number? Number plate? Perhaps combination of various IDs? Whatever is meaningful in the context of application. But do applications care about actual IDs? Isn t it more about the properties that a vehicle has? E.g.: Does it have a valid MOT? Does it require service? Software updates? Is it taxed? Insured? Is it s height under 4m? Is engine volume above 3l? Is it powered by LPG? Is it driven for more that 6000 miles per year? Was congestion charge/road fee paid? Is it a lowemission vehicle? Perhaps V2X authentication should be caring about vehicle properties, not identifiers. Better for privacy since properties are naturally shared amongst multiple vehicles. 15

16 Privacy-Preserving Authentication Attribute-based Cryptography SK A, PK A Attribute-based cryptography is a generalisation of identity-based cryptography where IDs are replaced with attributes (A 1, A 2,, A n ). (A 1, A 2, A 3 ), SK 1 (A 1, A 3, A 4 ), SK 2 Signers can authenticate using attributes but without revealing them (attribute-hiding); signatures prove that attributes satisfy verification policy Ψ Signers can be identified using SK A Are signer s attributes revoked? No need for pseudonyms, better scalability Still issues with revocation, privacy risk from mass surveillance Sign(SK 1, msg) Verify(PK A, Ψ, Sign) involves checking Ψ(A 1,...) = True 16

17 Summary and Outlook Driving in safe, secure and privacy-friendly cars Authenticity and privacy will play an important role in V2X architectures and applications OEMs should start thinking about these properties now as it takes years until technologies are deployed Many privacy-preserving authentication techniques already exist but more research is needed (revocation, protection against mass surveillance, efficient key management/update of keys) Get on Board! 17