VPKIs: State-of-the-Art, Challenges and Extensions

Transcription

1 VPKIs: State-of-the-Art, Challenges and Extensions VPKIs: State-of-the-Art, Challenges and Extensions Hongyu Jin, Mohammad Khodaei and Panos Papadimitratos Networked Systems Security Group Royal Institute of Technology (KTH) June 24, / 19

2 Vehicular Communication Systems (VCS) 2 / 19

3 State-of-the-Art Projects SEVECOM, EVITA, PRECIOSA, OVERSEE, DRIVE-C2X, PRESERVE, CAMP-VSC3 Standarization and Harmonization IEEE , ETSI and C2C-CC: Vehicular Communication (VC) related specifications for privacy-preserving architectures Vehicular Public-Key Infrastructure (VPKI) Do we indeed have a corner-stone to build upon secure and privacy-protecting VC systems? More precisely, do we have all answers needed to deploy an identity and credential management infrastructure for VC? 3 / 19

4 VCS Security and Privacy Architecture: Goals Resilience to honest-but-curious VPKI entities Eradication of Sybil-based misbehavior Standard-compliant implementation Scalability Multi-domain operation Efficiency 4 / 19

5 VCS Security and Privacy Architecture: Overview Vehicles registered with one Long Term Certification Authority (LTCA) (home domain) Pseudonym Certification Authority (PCA) servers in one or multiple domains Vehicles can obtain pseudonyms from any PCA (in home or foreign domains) Establish trust among entities with a Root Certification Authority (RCA) Resolve a pseudonym with the help of a Resolution Authority (RA) 5 / 19

6 VPKI Architecture M. Khodaei, et. al, Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management Infrastructure, IEEE VNC / 19

7 Roaming User: Foreign Ticket Authentication 7 / 19

8 Ticket and Pseudonym Acquisition in Foreign Domain 8 / 19

9 Client and LTCA Performance Evaluation Entire Time [ms] Entire Ticket Operations Entire Operations on PCA Networking Delay Vehicle Pseudonym Verification Number of Pseudonyms in a Request Processing Time [ms] One ticket per request Time [sec] Client processing time Delay to obtain pseudonyms LTCA response time to issue a ticket LTCA performance 9 / 19

10 PCA Performance Evaluation psnyms per request Server failure Empirical CDF Processing Time [ms] Cumulative Probability psnyms per request 20 psnyms per request 50 psnyms per request 100 psnyms per request 200 psnyms per request Time [sec] Processing Time [msec] Issuing 100 pseudonyms per request PCA performance under different configuration PCA response time, including a crash failure Efficient provision for pseudonyms, with different configurations 10 / 19

11 Security Analysis Communication integrity, confidentiality, non-repudiation Certificates, TLS and digital signatures Authentication and authorization LTCA performs Authentication, Authorization and Accounting (AAA) PCA grants the service Security Association through Lightweight Directory Access Protocol (LDAP) Concealing pseudonym providers, foreign identity providers and actual pseudonym acquisition period Sending H(P CA id Rnd 256 ), t s, t e, LT C v to the home LTCA PCA verifies if [t s, t e] [t s, t e ] Thwarting Sybil-based misbehavior LTCA keeps the records of the issued tickets A ticket is bound to a specific PCA PCA keeps records of ticket usage 11 / 19

12 Privacy Challenges Stronger adversarial model [Gisdakis et al., 2013 and Khodaei et al., 2014.] User privacy protection against honest-but-curious entities Inference of service provider or time LTCA infers relevant information from the requests [Khodaei et al., 2014.] Direct (C2C-CC design) or indirect (ticket-based designs) approaches Actual pseudonym acquisition period Targeted PCA that the vehicle seeks to obtain credentials from Trivially linking pseudonyms issued by the PCA Fully-trusted proxy-based scheme (CAMP) [Whyte et al. 2013] that shuffles the requests Honest-but-curious proxy? M. Khodaei and P. Papadimitratos, Identity and Credential Management in Vehicular Communication Systems, IEEE VT Magazine, minor revision (to appear in Dec ) 12 / 19

13 Pseudonym Lifetime Policy Ideally one pseudonym for a single message authentication But costly, e.g. 10 beacons per sec. Safety applications necessitate partial linkability E.g. collision avoidance: inferring a collision hazard based on unlinkable CAMs is hard; requires precise location information Sybil-based misbehavior Non-overlapping lifetime Flexible access to PCA undermine unlinkability Timing information makes sets of pseudonyms linkable 5 No conclusive view or guideline for pseudonym lifetime policy Pseudonym Lifetime [sec] 13 / 19

14 Traffic Information Systems Traffic Information Systems S. Gisdakis, et. al, Secure and Privacy-Preserving Smartphone-based Traffic Information Systems, IEEE Trans. on ITS, Vol. 16, No. 3, pp , June 2015 V. Manolopoulos, et. al, Securing smartphone based ITS, ITST, Aug / 19

15 Location Based Services LBS Privacy {loc, interest} Adversary: Honest-but-curious LBS server 15 / 19

16 Location Based Services Centralized and Decentralized LBS Privacy LBS Server Anonymizer LBS Server Why do we trust the (possibly honest-but-curious) anonymizer? Mobile sharing leveraging P2P communication Adversaries Active: Masquerading, tampering, DoS... Passive: Eavesdrop queries and responses R. Shokri, et.al, Hiding in the Mobile Crowd: Location Privacy through Collaboration, IEEE TDSC, / 19

17 Location Based Services Decentralized LBS Privacy and Security LTCA (Long Term CA) PCA (Pseudonym CA) 1. Ticket Request 2. Ticket Response 3. Pseudonym Request using Ticket 4.Pseudonym Response 5. Queries Signed with Pseudonyms 6. Responses Signed by the LBS Server LBS (Location Based Service) Leverage a PKI solution as the earlier one Pseudonymous authentication of peer interactions Render the peer functionality resilient to misbehavior Run this scheme in parallel to the LBS, without shifting trust; motivation for privacy-cautious users 17 / 19

18 Relevant Publications Relevant Publications M. Khodaei and P. Papadimitratos, Identity and Credential Management in Vehicular Communication Systems, IEEE VT Magazine, minor revision (to appear in Dec ) S. Gisdakis, V. Manolopoulos, S. Tao, A. Rusu, and P. Papadimitratos, Secure and Privacy-Preserving Smartphone-based Traffic Information Systems, IEEE Trans. on ITS, Vol. 16, No. 3, pp , June 2015 M. Khodaei, H. Jin, and P. Papadimitratos, Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management Infrastructure, IEEE VNC, Paderborn, Germany, Dec S. Gisdakis, T. Giannetsos and P. Papadimitratos, SPPEAR: Security & Privacy-Preserving Architecture for Mobile Crowd-Sensing Applications, ACM WiSec, Oxford, UK, July 2014 (best paper award) R. Shokri, G. Theodorakopoulos, P. Papadimitratos, E. Kazemi, and J.-P. Hubaux, Hiding in the Mobile Crowd: Location Privacy through Collaboration, IEEE TDSC, Vol. 11, No. 3, pp , May-June / 19

19 Relevant Publications Relevant Publications (cont d) S. Gisdakis, M. Lagan, T. Giannetsos, and P. Papadimitratos, SEROSA: Service Oriented Security Architecture for Vehicular Communications, IEEE VNC, Boston, MA, Dec W. Whyte, A. Weimerskirch, V. Kumar, and T. Hehn, A security credential management system for V2V communications, IEEE VNC, Boston, MA, Dec N. Alexiou, S. Gisdakis, M. Laganà, and P. Papadimitratos, Towards a Secure and Privacy-preserving Multi-service Vehicular Architecture, IEEE D-SPAN, Madrid, June 2013 N. Alexiou, M. Laganà, S. Gisdakis, and P. Papadimitratos, VeSPA: Vehicular Security and Privacy-preserving Architecture, ACM HotWiSec, Budapest, April 2013 V. Manolopoulos, P. Papadimitratos, S. Tao, and A. Rusu, Securing smartphone based ITS, ITST, Aug / 19