kth.sePublications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Communication Systems, CoS, Network Systems Laboratory (NS Lab).ORCID iD: 0000-0003-1778-1416
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Communication Systems, CoS, Network Systems Laboratory (NS Lab).
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Communication Systems, CoS, Network Systems Laboratory (NS Lab).ORCID iD: 0000-0002-3267-5374
2018 (English)In: IEEE transactions on intelligent transportation systems (Print), ISSN 1524-9050, E-ISSN 1558-0016, Vol. 19, no 5, p. 1430-1444Article in journal (Refereed) Published
Abstract [en]

Several years of academic and industrial research efforts have converged to a common understanding on fundamental security building blocks for the upcoming vehicular communication (VC) systems. There is a growing consensus toward deploying a special-purpose identity and credential management infrastructure, i.e., a vehicular public-key infrastructure (VPKI), enabling pseudonymous authentication, with standardization efforts toward that direction. In spite of the progress made by standardization bodies (IEEE 1609.2 and ETSI) and harmonization efforts [Car2Car Communication Consortium (C2C-CC)], significant questions remain unanswered toward deploying a VPKI. Deep understanding of the VPKI, a central building block of secure and privacy-preserving VC systems, is still lacking. This paper contributes to the closing of this gap. We present SECMACE, a VPKI system, which is compatible with the IEEE 1609.2 and ETSI standards specifications. We provide a detailed description of our state-of-the-art VPKI that improves upon existing proposals in terms of security and privacy protection, and efficiency. SECMACE facilitates multi-domain operations in the VC systems and enhances user privacy, notably preventing linking pseudonyms based on timing information and offering increased protection even against honest-but-curious VPKI entities. We propose multiple policies for the vehicle-VPKI interactions and two large-scale mobility trace data sets, based on which we evaluate the full-blown implementation of SECMACE. With very little attention on the VPKI performance thus far, our results reveal that modest computing resources can support a large area of vehicles with very few delays and the most promising policy in terms of privacy protection can be supported with moderate overhead.
Place, publisher, year, edition, pages
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC , 2018. Vol. 19, no 5, p. 1430-1444
Keywords [en]
Vehicular communications, security, privacy, identity and credential management, vehicular PKI
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:kth:diva-228442DOI: 10.1109/TITS.2017.2722688ISI: 000431439200009Scopus ID: 2-s2.0-85045197857OAI: oai:DiVA.org:kth-228442DiVA, id: diva2:1210501
Note

QC 20180528

Available from: 2018-05-28 Created: 2018-05-28 Last updated: 2024-03-18Bibliographically approved
In thesis
1. The Key to Intelligent Transportation Systems: Identity and Credential Management for Secure and Privacy-Preserving Vehicular Communication Systems
Open this publication in new window or tab >>The Key to Intelligent Transportation Systems: Identity and Credential Management for Secure and Privacy-Preserving Vehicular Communication Systems
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Vehicular Communication (VC) systems can greatly enhance road safety and transportation efficiency and enable a variety of applications providing traffic efficiency, environmental hazards, road conditions and infotainment. Vehicles are equipped with sensors and radars to sense their surroundings and external environment, as well as with an internal Controller Area Network (CAN) bus. Hence, vehicles are becoming part of a large-scale network, the so-called Internet of Vehicles (IoV). Deploying such a large-scale VC system cannot materialize unless the VC systems are secure and do not expose their users’ privacy. On the one hand, vehicles could be compromised or their sensors become faulty, thus disseminating erroneous information across the network. Therefore, participating vehicles should be held accountable for their actions and credentials (their Long Term Certificates (LTCs) and their pseudonyms) can be efficiently revoked and disseminated in a timely manner throughout a large-scale (multi-domain) VC system. On the other hand, user privacy is at stake: according to standards, vehicles should disseminate spatio-temporal information frequently, e.g., location and velocity. Due to the openness of the wireless communication, an observer can eavesdrop the vehicular communication to infer users’ sensitive information, and possibly profile users based on different attributes, e.g., trace their commutes and identify home/work locations. The objective is to secure the communication, i.e., prevent malicious or compromised entities from affecting the system operation, and ensure user privacy, i.e., keep users anonymous to any external observer but also for security infrastructure entities and service providers. This is not very straightforward because accountability and privacy, at the same time, appear contradictory. 

In this thesis, we first focus on the identity and credential management infrastructure for VC systems, taking security, privacy, and efficiency into account. We begin with a detailed investigation and critical survey of the standardization and harmonization efforts, along with industrial projects and proposals. We point out the remaining challenges to be addressed in order to build a central building block of secure and privacy-preserving VC systems, a Vehicular Public-Key Infrastructure (VPKI). Towards that, we provide a secure and privacy-preserving VPKI design that improves upon existing proposals in terms of security and privacy protection and efficiency. More precisely, our scheme facilitates multi-domain operations in VC systems and enhances user privacy, notably preventing linking of pseudonyms based on timing information and offering increased protection in the presence of honest-but-curious VPKI entities. We further extensively evaluate the performance, i.e., scalability, efficiency, and robustness, of the full-blown implementation of our VPKI for a large-scale VC deployment. We provide tangible evidence that it is possible to support a large area of vehicles by investing in modest computing resources for the VPKI entities. Our results confirm the efficiency, scalability and robustness of our VPKI.

As a second main contribution of this thesis, we focus on the distribution of Certificate Revocation Lists (CRLs) in VC systems. The main challenges here lie exactly in (i) crafting an efficient and timely distribution of CRLs for numerous anonymous credentials, pseudonyms, (ii) maintaining strong privacy for vehicles prior to revocation events, even with honest-but-curious system entities, (iii) and catering to computation and communication constraints of on-board units with intermittent connectivity to the infrastructure. Relying on peers to distribute the CRLs is a double-edged sword: abusive peers could "pollute" the process, thus degrading the timely CRLs distribution. We propose a vehicle-centric solution that addresses all these challenges and thus closes a gap in the literature. Our scheme radically reduces CRL distribution overhead: each vehicle receives CRLs corresponding only to its region of operation and its actual trip duration. Moreover, a "fingerprint" of CRL ‘pieces’ is attached to a subset of (verifiable) pseudonyms for fast CRL ‘piece’ validation (while mitigating resource depletion attacks abusing the CRL distribution). Our experimental evaluation shows that our scheme is efficient, scalable, dependable, and practical: with no more than 25 KB/s of traffic load, the latest CRL can be delivered to 95% of the vehicles in a region (15x15 KM) within 15s, i.e., more than 40 times faster than the state-of-the-art. Overall, our scheme is a comprehensive solution that complements standards and can catalyze the deployment of secure and privacy-protecting VC systems. 

As the third main contribution of the thesis, we focus on enhancing location privacy protection: vehicular communications disclose rich information about the vehicles and their whereabouts. Pseudonymous authentication secures communication while enhancing user privacy. To enhance location privacy, cryptographic mix-zones were proposed to facilitate vehicles covertly transition to new ephemeral credentials. The resilience to (syntactic and semantic) pseudonym linking (attacks) highly depends on the geometry of the mix-zones, mobility patterns, vehicle density, and arrival rates. Our experimental results show that an eavesdropper could successfully link 73% of pseudonyms (during non-rush hours) and 62% of pseudonyms (during rush hours) after vehicles change their pseudonyms in a mix-zone. To mitigate such inference attacks, we present a novel cooperative mix-zone scheme that enhances user privacy regardless of the vehicle mobility patterns, vehicle density, and arrival rate to the mix-zone. A subset of vehicles, termed relaying vehicles, are selected to be responsible for emulating non-existing vehicles. Such vehicles cooperatively disseminate decoy traffic without affecting safety-critical operations: with 50% of vehicles as relaying vehicles, the probability of linking pseudonyms (for the entire interval) drops from 68% to 18%. On average, this imposes 28 ms extra computation overhead, per second, on the Roadside Units (RSUs) and 4.67 ms extra computation overhead, per second, on the (relaying) vehicle side; it also introduces 1.46 KB/sec extra communication overhead by (relaying) vehicles and 45 KB/sec by RSUs for the dissemination of decoy traffic. Thus, user privacy is enhanced at the cost of low computation and communication overhead.
Abstract [sv]

Fordonskommunikationssystem (FKS) kan förbättra transportsäkerhet och effektivitet genom att möjliggöra många applikationer, till exempel inom trafikflöde och risker i omgivning. Fordonen utrustas med sensorer och radar och blir därmed en del av ett storskaligt nätverk, så kallade Fordonens internet. När system som FKS impementeras måste användarens säkerhet och integritet säkerställas. Å ena sidan kan fordons sensorer bli felaktiga, vilket kan leda till att falsk information sprids i nätverket. Å andra sidan kan användarens integritet sättas i fara eftersom fordonen enligt standarder måste dela information, t.ex. position, fart, och riktning. Eftersom trådlös kommunikation används så kan betraktare avlyssna fordons kommunikation, vilket kan leda till att viktig information avslöjas. På det visat kan användarna profileras baserat på olika attribut, t.ex. individer som pendlar kan spåras och det gör så att deras hem och arbetsplats kan lokaliseras. För att implementera FKS är det avgörande att säkra kommunikationen och garantera användarnas integritet, dvs. att användarna förblir anonyma. 

Denna doktorsavhandling fokuserar på infrastruktur för förvaltning av identitet- och behörighetsuppgifter och tar hänsyn till säkerhet, integritet, och effektivitet. Utmaningar identifieras för att skapa den viktigaste delen av säkra och integritetsbevarande FKS, så kallade Vehicular Public-Key Infrastructure (VPKI). Vårt system underlättar en säker och integritetsbevarande FKS, och utgör en förbättring över befintliga förslag i säkerhet, skydd av integritet samt effektivitet. Vi utvärderar vårt systems prestanda på ett omfattande sätt. Vårt resultat bekräftar effektiviteten, skalbarheten och robustheten av vårt system. 
Place, publisher, year, edition, pages
Stockholm: KTH Royal Institute of Technology, 2020. p. 111
Series
TRITA-EECS-AVL ; 2020:32
Keywords
Security, Privacy, Vehicular PKI, VPKI, Identity and Credential Management; Vehicular Communications, VANETs; Availability, Scalability, Resilient, Efficiency, Micro-service, Container Orchestration, Cloud; Certificate Revocation List; Location Privacy, Mix-zones, Pseudonymity,  Anonymity, Untraceability, Pseudonym Transition, Pseudonym Unlinkability., Säkerhet, personlig integritet, identitet- och behörighetsuppgifter, tillgänglighet, skalbarhet, motståndskraftig, effektivitet, moln, pseudonymitet, anonymitet, ospårbarhet.
National Category
Communication Systems
Research subject
Electrical Engineering
Identifiers
urn:nbn:se:kth:diva-273636 (URN)978-91-7873-564-8 (ISBN)
Public defence
2020-06-15, https://kth-se.zoom.us/webinar/register/WN_xnk7oJcxSp6kuPMLXuFHqA, Stockholm, 14:00 (English)
Opponent
Supervisors
Note

QC 20200525

Available from: 2020-05-25 Created: 2020-05-24 Last updated: 2022-06-26Bibliographically approved

Open Access in DiVA

secmace-tits(4535 kB)179 downloads
File information
File name FULLTEXT01.pdfFile size 4535 kBChecksum SHA-512
4bfad8b41a07ff56381069541651125a6c821c60456f6687a358fbe5544e6f27e5364df4ff2c16c07a84802e468a36d613472147a96e88a6770cec7f1125928b
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Khodaei, MohammadJin, HongyuPapadimitratos, Panagiotis

Search in DiVA

By author/editor
Khodaei, MohammadJin, HongyuPapadimitratos, Panagiotis
By organisation
Network Systems Laboratory (NS Lab)
In the same journal
IEEE transactions on intelligent transportation systems (Print)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 179 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 642 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.46.0
|
WCAG
|
KTH Library
|
DiVA support
|
Register in DiVA
|
Posting your thesis
|
SwePub