kth.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
The Key to Intelligent Transportation Systems: Identity and Credential Management for Secure and Privacy-Preserving Vehicular Communication Systems
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Communication Systems, CoS. (Networked Systems Security group)ORCID iD: 0000-0003-1778-1416
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Vehicular Communication (VC) systems can greatly enhance road safety and transportation efficiency and enable a variety of applications providing traffic efficiency, environmental hazards, road conditions and infotainment. Vehicles are equipped with sensors and radars to sense their surroundings and external environment, as well as with an internal Controller Area Network (CAN) bus. Hence, vehicles are becoming part of a large-scale network, the so-called Internet of Vehicles (IoV). Deploying such a large-scale VC system cannot materialize unless the VC systems are secure and do not expose their users’ privacy. On the one hand, vehicles could be compromised or their sensors become faulty, thus disseminating erroneous information across the network. Therefore, participating vehicles should be held accountable for their actions and credentials (their Long Term Certificates (LTCs) and their pseudonyms) can be efficiently revoked and disseminated in a timely manner throughout a large-scale (multi-domain) VC system. On the other hand, user privacy is at stake: according to standards, vehicles should disseminate spatio-temporal information frequently, e.g., location and velocity. Due to the openness of the wireless communication, an observer can eavesdrop the vehicular communication to infer users’ sensitive information, and possibly profile users based on different attributes, e.g., trace their commutes and identify home/work locations. The objective is to secure the communication, i.e., prevent malicious or compromised entities from affecting the system operation, and ensure user privacy, i.e., keep users anonymous to any external observer but also for security infrastructure entities and service providers. This is not very straightforward because accountability and privacy, at the same time, appear contradictory. 

In this thesis, we first focus on the identity and credential management infrastructure for VC systems, taking security, privacy, and efficiency into account. We begin with a detailed investigation and critical survey of the standardization and harmonization efforts, along with industrial projects and proposals. We point out the remaining challenges to be addressed in order to build a central building block of secure and privacy-preserving VC systems, a Vehicular Public-Key Infrastructure (VPKI). Towards that, we provide a secure and privacy-preserving VPKI design that improves upon existing proposals in terms of security and privacy protection and efficiency. More precisely, our scheme facilitates multi-domain operations in VC systems and enhances user privacy, notably preventing linking of pseudonyms based on timing information and offering increased protection in the presence of honest-but-curious VPKI entities. We further extensively evaluate the performance, i.e., scalability, efficiency, and robustness, of the full-blown implementation of our VPKI for a large-scale VC deployment. We provide tangible evidence that it is possible to support a large area of vehicles by investing in modest computing resources for the VPKI entities. Our results confirm the efficiency, scalability and robustness of our VPKI.

As a second main contribution of this thesis, we focus on the distribution of Certificate Revocation Lists (CRLs) in VC systems. The main challenges here lie exactly in (i) crafting an efficient and timely distribution of CRLs for numerous anonymous credentials, pseudonyms, (ii) maintaining strong privacy for vehicles prior to revocation events, even with honest-but-curious system entities, (iii) and catering to computation and communication constraints of on-board units with intermittent connectivity to the infrastructure. Relying on peers to distribute the CRLs is a double-edged sword: abusive peers could "pollute" the process, thus degrading the timely CRLs distribution. We propose a vehicle-centric solution that addresses all these challenges and thus closes a gap in the literature. Our scheme radically reduces CRL distribution overhead: each vehicle receives CRLs corresponding only to its region of operation and its actual trip duration. Moreover, a "fingerprint" of CRL ‘pieces’ is attached to a subset of (verifiable) pseudonyms for fast CRL ‘piece’ validation (while mitigating resource depletion attacks abusing the CRL distribution). Our experimental evaluation shows that our scheme is efficient, scalable, dependable, and practical: with no more than 25 KB/s of traffic load, the latest CRL can be delivered to 95% of the vehicles in a region (15x15 KM) within 15s, i.e., more than 40 times faster than the state-of-the-art. Overall, our scheme is a comprehensive solution that complements standards and can catalyze the deployment of secure and privacy-protecting VC systems. 

As the third main contribution of the thesis, we focus on enhancing location privacy protection: vehicular communications disclose rich information about the vehicles and their whereabouts. Pseudonymous authentication secures communication while enhancing user privacy. To enhance location privacy, cryptographic mix-zones were proposed to facilitate vehicles covertly transition to new ephemeral credentials. The resilience to (syntactic and semantic) pseudonym linking (attacks) highly depends on the geometry of the mix-zones, mobility patterns, vehicle density, and arrival rates. Our experimental results show that an eavesdropper could successfully link 73% of pseudonyms (during non-rush hours) and 62% of pseudonyms (during rush hours) after vehicles change their pseudonyms in a mix-zone. To mitigate such inference attacks, we present a novel cooperative mix-zone scheme that enhances user privacy regardless of the vehicle mobility patterns, vehicle density, and arrival rate to the mix-zone. A subset of vehicles, termed relaying vehicles, are selected to be responsible for emulating non-existing vehicles. Such vehicles cooperatively disseminate decoy traffic without affecting safety-critical operations: with 50% of vehicles as relaying vehicles, the probability of linking pseudonyms (for the entire interval) drops from 68% to 18%. On average, this imposes 28 ms extra computation overhead, per second, on the Roadside Units (RSUs) and 4.67 ms extra computation overhead, per second, on the (relaying) vehicle side; it also introduces 1.46 KB/sec extra communication overhead by (relaying) vehicles and 45 KB/sec by RSUs for the dissemination of decoy traffic. Thus, user privacy is enhanced at the cost of low computation and communication overhead.

Abstract [sv]

Fordonskommunikationssystem (FKS) kan förbättra transportsäkerhet och effektivitet genom att möjliggöra många applikationer, till exempel inom trafikflöde och risker i omgivning. Fordonen utrustas med sensorer och radar och blir därmed en del av ett storskaligt nätverk, så kallade Fordonens internet. När system som FKS impementeras måste användarens säkerhet och integritet säkerställas. Å ena sidan kan fordons sensorer bli felaktiga, vilket kan leda till att falsk information sprids i nätverket. Å andra sidan kan användarens integritet sättas i fara eftersom fordonen enligt standarder måste dela information, t.ex. position, fart, och riktning. Eftersom trådlös kommunikation används så kan betraktare avlyssna fordons kommunikation, vilket kan leda till att viktig information avslöjas. På det visat kan användarna profileras baserat på olika attribut, t.ex. individer som pendlar kan spåras och det gör så att deras hem och arbetsplats kan lokaliseras. För att implementera FKS är det avgörande att säkra kommunikationen och garantera användarnas integritet, dvs. att användarna förblir anonyma. 

Denna doktorsavhandling fokuserar på infrastruktur för förvaltning av identitet- och behörighetsuppgifter och tar hänsyn till säkerhet, integritet, och effektivitet. Utmaningar identifieras för att skapa den viktigaste delen av säkra och integritetsbevarande FKS, så kallade Vehicular Public-Key Infrastructure (VPKI). Vårt system underlättar en säker och integritetsbevarande FKS, och utgör en förbättring över befintliga förslag i säkerhet, skydd av integritet samt effektivitet. Vi utvärderar vårt systems prestanda på ett omfattande sätt. Vårt resultat bekräftar effektiviteten, skalbarheten och robustheten av vårt system. 

Place, publisher, year, edition, pages
Stockholm: KTH Royal Institute of Technology, 2020. , p. 111
Series
TRITA-EECS-AVL ; 2020:32
Keywords [en]
Security, Privacy, Vehicular PKI, VPKI, Identity and Credential Management; Vehicular Communications, VANETs; Availability, Scalability, Resilient, Efficiency, Micro-service, Container Orchestration, Cloud; Certificate Revocation List; Location Privacy, Mix-zones, Pseudonymity,  Anonymity, Untraceability, Pseudonym Transition, Pseudonym Unlinkability.
Keywords [sv]
Säkerhet, personlig integritet, identitet- och behörighetsuppgifter, tillgänglighet, skalbarhet, motståndskraftig, effektivitet, moln, pseudonymitet, anonymitet, ospårbarhet.
National Category
Communication Systems
Research subject
Electrical Engineering
Identifiers
URN: urn:nbn:se:kth:diva-273636ISBN: 978-91-7873-564-8 (print)OAI: oai:DiVA.org:kth-273636DiVA, id: diva2:1431640
Public defence
2020-06-15, https://kth-se.zoom.us/webinar/register/WN_xnk7oJcxSp6kuPMLXuFHqA, Stockholm, 14:00 (English)
Opponent
Supervisors
Note

QC 20200525

Available from: 2020-05-25 Created: 2020-05-24 Last updated: 2022-06-26Bibliographically approved
List of papers
1. VeSPA: Vehicular security and privacy-preserving architecture
Open this publication in new window or tab >>VeSPA: Vehicular security and privacy-preserving architecture
Show others...
2013 (English)In: HotWiSec 2013: Proceedings of the 2013 ACM Workshop on Hot Topics on Wireless Network Security and Privacy, 2013, p. 19-23Conference paper, Published paper (Refereed)
Abstract [en]

Vehicular Communications (VC) are reaching a near deploment phase and will play an important role in improving road safety, driving efficiency and comfort. The industry and the academia have reached a consensus for the need of a Public Key Infrastructure (PKI), in order to achieve security, identity management, vehicle authentication, as well as preserve vehicle privacy. Moreover, a gamut of proprietary and safety applications, such as location-based services and pay-as-you-drive systems, are going to be offered to the vehicles. The emerging applications are posing new challenges for the existing Vehicular Public Key Infrastructure (VPKI) architectures to support Authentication, Authorization and Accountability (AAA), without exposing vehicle privacy. In this work we present an implementation of a VPKI that is compatible with the VC standards. We propose the use of tickets as cryptographic tokens to provide AAA and also preserve vehicle privacy against adversaries and the VPKI. Finally, we present the efficiency results of our implementation to prove its applicability.

Keywords
Credential management, PKI, Privacy, Security, VANETs
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-123090 (URN)10.1145/2463183.2463189 (DOI)2-s2.0-84879543302 (Scopus ID)9781450320030 (ISBN)
Conference
6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec'13), Budapest; Hungary; 19 April 2013 through 19 April 2013
Note

QC 20130819

Available from: 2013-05-31 Created: 2013-05-31 Last updated: 2024-03-18Bibliographically approved
2. Towards deploying a scalable & robust vehicular identity and credential management infrastructure
Open this publication in new window or tab >>Towards deploying a scalable & robust vehicular identity and credential management infrastructure
2014 (English)In: 2014 IEEE Vehicular Networking Conference (VNC), IEEE conference proceedings, 2014, Vol. 2015-January, no -, p. 33-40, article id 7013306Conference paper, Published paper (Refereed)
Abstract [en]

- Several years of academic and industrial research efforts have converged to a common understanding on fundamental security building blocks for the upcoming Vehicular Communication (VC) systems. There is a growing consensus towards deploying a Vehicular Public-Key Infrastructure (VPKI) enables pseudonymous authentication, with standardization efforts in that direction. However, there are still significant technical issues that remain unresolved. Existing proposals for instantiating the VPKI either need additional detailed specifications or enhanced security and privacy features. Equally important, there is limited experimental work that establishes the VPKI efficiency and scalability. In this paper, we are concerned with exactly these issues. We leverage the common VPKI approach and contribute an enhanced system with precisely defined, novel features that improve its resilience and the user privacy protection. In particular, we depart from the common assumption that the VPKI entities are fully trusted and we improve user privacy in the face of an honest-but-curious security infrastructure. Moreover, we fully implement our VPKI, in a standard-compliant manner, and we perform an extensive evaluation. Along with stronger protection and richer functionality, our system achieves very significant performance improvement over prior systems - contributing the most advanced VPKI towards deployment.

Place, publisher, year, edition, pages
IEEE conference proceedings, 2014
Series
IEEE Vehicular Networking Conference, VNC, ISSN 2157-9857 ; 2015-January
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-161908 (URN)10.1109/VNC.2014.7013306 (DOI)000786760400005 ()2-s2.0-84936889570 (Scopus ID)
Conference
IEEE Vehicular Networking Conference (VNC),3-5 Dec. 2014 , Paderborn, Germany
Note

QC 20220922

Part of proceedings: ISBN 978-147997660-7

Available from: 2015-03-18 Created: 2015-03-18 Last updated: 2024-03-18Bibliographically approved
3. The Key to Intelligent Transportation: Identity and Credential Management in Vehicular Communication Systems
Open this publication in new window or tab >>The Key to Intelligent Transportation: Identity and Credential Management in Vehicular Communication Systems
2015 (English)In: IEEE Vehicular Technology Magazine, ISSN 1556-6072, E-ISSN 1556-6080, Vol. 10, no 4, p. 63-69, article id 1556-6072Article in journal (Refereed) Published
Abstract [en]

Vehicular Communication (VC) systems will greatly enhance intelligent transportation systems. But their security and the protection of their users’ privacy are a prerequisite for deployment. Efforts in industry and academia brought forth a multitude of diverse proposals. These have now converged to a common view, notably on the design of a security infrastructure, a Vehicular Public Key Infrastructure (VPKI) that shall enable secure conditionally anonymous VC. Standardization efforts and industry readiness to adopt this approach hint to its maturity. However, there are several open questions remaining, and it is paramount to have conclusive answers before deployment. In this article, we distill and critically survey the state of the art for identity and credential management in VC systems, and we sketch a roadmap for addressing a set of critical remaining security and privacy challenges.

Place, publisher, year, edition, pages
IEEE, 2015
Keywords
Vehicular Public Key Infrastructure (VPKI); Identity Management; Vehicular Communication (VC)
National Category
Computer Systems Telecommunications
Research subject
Information and Communication Technology
Identifiers
urn:nbn:se:kth:diva-180008 (URN)10.1109/MVT.2015.2479367 (DOI)000366665800010 ()2-s2.0-84961564531 (Scopus ID)
Note

QC 20160115

Available from: 2016-01-05 Created: 2016-01-05 Last updated: 2024-03-18Bibliographically approved
4. Evaluating On-demand Pseudonym Acquisition Policies in Vehicular Communication Systems
Open this publication in new window or tab >>Evaluating On-demand Pseudonym Acquisition Policies in Vehicular Communication Systems
2016 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Standardization and harmonization efforts have reached a consensus towards using a special-purpose Vehicular Public-Key Infrastructure (VPKI) in upcoming Vehicular Communication (VC) systems. However, there are still several technical challenges with no conclusive answers; one such an important yet open challenge is the acquisition of shortterm credentials, pseudonym: how should each vehicle interact with the VPKI, e.g., how frequently and for how long? Should each vehicle itself determine the pseudonym lifetime? Answering these questions is far from trivial. Each choice can affect both the user privacy and the system performance and possibly, as a result, its security. In this paper, we make a novel systematic effort to address this multifaceted question. We craft three generally applicable policies and experimentally evaluate the VPKI system performance, leveraging two large-scale mobility datasets. We consider the most promising, in terms of efficiency, pseudonym acquisition policies; we find that within this class of policies, the most promising policy in terms of privacy protection can be supported with moderate overhead. Moreover, in all cases, this work is the first to provide tangible evidence that the state-of-the-art VPKI can serve sizable areas or domain with modest computing resources.

Place, publisher, year, edition, pages
ACM Digital Library, 2016
Keywords
Vehicular Communications, Security, Privacy, Access Control, Identity and Credential Management, Vehicular PKI
National Category
Communication Systems
Research subject
Information and Communication Technology
Identifiers
urn:nbn:se:kth:diva-189863 (URN)10.1145/2938681.2938684 (DOI)2-s2.0-84979743642 (Scopus ID)978-1-4503-4345-9 (ISBN)
Conference
Workshop on Internet of Vehicles and Vehicles of Internet (IoV-VoI 2016)
Note

QC 20160722

Available from: 2016-07-20 Created: 2016-07-20 Last updated: 2024-03-18Bibliographically approved
5. RHyTHM: A Randomized Hybrid Scheme To Hide in the Mobile Crowd
Open this publication in new window or tab >>RHyTHM: A Randomized Hybrid Scheme To Hide in the Mobile Crowd
2017 (English)In: IEEE Vehicular Networking Conference (VNC) 2017, IEEE, 2017, p. 155-158Conference paper, Published paper (Refereed)
Abstract [en]

Any on-demand pseudonym acquisition strategy is problematic should the connectivity to the credential management infrastructure be intermittent. If a vehicle runs out of pseudonyms with no connectivity to refill its pseudonym pool, one solution is the on-the-fly generation of pseudonyms, e.g., leveraging anonymous authentication. However, such a vehicle would stand out in the crowd: one can simply distinguish pseudonyms, thus signed messages, based on the pseudonym issuer signature, link them and track the vehicle. To address this challenge, we propose a randomized hybrid scheme, RHyTHM, to enable vehicles to remain operational when disconnected without compromising privacy: vehicles with valid pseudonyms help others to enhance their privacy by randomly joining them in using on-the-fly self-certified pseudonyms along with aligned lifetimes. This way, the privacy of disconnected users is enhanced with a reasonable computational overhead. 

Place, publisher, year, edition, pages
IEEE, 2017
Keywords
Security, Privacy, Vehicular PKI, Public Key Infrastructure, Hybrid Scheme
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-219868 (URN)10.1109/VNC.2017.8275642 (DOI)000426903100034 ()2-s2.0-85046277411 (Scopus ID)
Conference
2017 IEEE Vehicular Networking Conference, VNC 2017, Torino, Italy, 27 November 2017 through 29 November 2017
Note

QC 20171215

Available from: 2017-12-13 Created: 2017-12-13 Last updated: 2022-06-26Bibliographically approved
6. SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems
Open this publication in new window or tab >>SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems
2018 (English)In: IEEE transactions on intelligent transportation systems (Print), ISSN 1524-9050, E-ISSN 1558-0016, Vol. 19, no 5, p. 1430-1444Article in journal (Refereed) Published
Abstract [en]

Several years of academic and industrial research efforts have converged to a common understanding on fundamental security building blocks for the upcoming vehicular communication (VC) systems. There is a growing consensus toward deploying a special-purpose identity and credential management infrastructure, i.e., a vehicular public-key infrastructure (VPKI), enabling pseudonymous authentication, with standardization efforts toward that direction. In spite of the progress made by standardization bodies (IEEE 1609.2 and ETSI) and harmonization efforts [Car2Car Communication Consortium (C2C-CC)], significant questions remain unanswered toward deploying a VPKI. Deep understanding of the VPKI, a central building block of secure and privacy-preserving VC systems, is still lacking. This paper contributes to the closing of this gap. We present SECMACE, a VPKI system, which is compatible with the IEEE 1609.2 and ETSI standards specifications. We provide a detailed description of our state-of-the-art VPKI that improves upon existing proposals in terms of security and privacy protection, and efficiency. SECMACE facilitates multi-domain operations in the VC systems and enhances user privacy, notably preventing linking pseudonyms based on timing information and offering increased protection even against honest-but-curious VPKI entities. We propose multiple policies for the vehicle-VPKI interactions and two large-scale mobility trace data sets, based on which we evaluate the full-blown implementation of SECMACE. With very little attention on the VPKI performance thus far, our results reveal that modest computing resources can support a large area of vehicles with very few delays and the most promising policy in terms of privacy protection can be supported with moderate overhead.

Place, publisher, year, edition, pages
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 2018
Keywords
Vehicular communications, security, privacy, identity and credential management, vehicular PKI
National Category
Computer Sciences
Identifiers
urn:nbn:se:kth:diva-228442 (URN)10.1109/TITS.2017.2722688 (DOI)000431439200009 ()2-s2.0-85045197857 (Scopus ID)
Note

QC 20180528

Available from: 2018-05-28 Created: 2018-05-28 Last updated: 2024-03-18Bibliographically approved
7. Efficient, Scalable, and Resilient Vehicle-Centric Certificate Revocation List Distribution in VANETs
Open this publication in new window or tab >>Efficient, Scalable, and Resilient Vehicle-Centric Certificate Revocation List Distribution in VANETs
2018 (English)In: Proceedings of the ACM Conference on Security and Privacy in Wireless & Mobile Networks (WiSec), Stockholm, Sweden, June 2018., 2018Conference paper, Published paper (Refereed)
Abstract [en]

In spite of progress in securing Vehicular Communication (VC) systems, there is no consensus on how to distribute Certificate Revocation Lists (CRLs). The main challenges lie exactly in (i) crafting an efficient and timely distribution of CRLs for numerous anonymous credentials, pseudonyms, (ii) maintaining strong privacy for vehicles prior to revocation events, even with honest-but-curious system entities, (iii) and catering to computation and communication constraints of on-board units with intermittent connectivity to the infrastructure. Relying on peers to distribute the CRLs is a double-edged sword: abusive peers could ‘‘pollute’’ the process, thus degrading the timely CRLs distribution. In this paper, we propose a vehicle-centric solution that addresses all these challenges and thus closes a gap in the literature. Our scheme radically reduces CRL distribution overhead: each vehicle receives CRLs corresponding only to its region of operation and its actual trip duration. Moreover, a ‘‘fingerprint’’ of CRL ‘pieces’ is attached to a subset of (verifiable) pseudonyms for fast CRL ‘piece’ validation (while mitigating resource depletion attacks abusing the CRL distribution). Our experimental evaluation shows that our scheme is efficient, scalable, dependable, and practical: with no more than 25 KB/s of traffic load, the latest CRL can be delivered to 95% of the vehicles in a region (50×50 KM) within 15s, i.e., more than 40 times faster than the state-of-the-art. Overall, our scheme is a comprehensive solution that complements standards and can catalyze the deployment of secure and privacy-protecting VC systems.

Keywords
Vehicular Communications, VPKI, Revocation, CRL Distribution
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-232024 (URN)
Conference
The ACM Conference on Security and Privacy in Wireless & Mobile Networks (WiSec), Stockholm, Sweden, June 2018.
Note

QC 20180717

Available from: 2018-07-08 Created: 2018-07-08 Last updated: 2022-06-26Bibliographically approved
8. Scaling Pseudonymous Authentication for Large Mobile Systems
Open this publication in new window or tab >>Scaling Pseudonymous Authentication for Large Mobile Systems
2019 (English)In: WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks, Miami, FL, USA, 2019, p. 174-185Conference paper, Published paper (Refereed)
Abstract [en]

The central building block of secure and privacy-preserving Vehicular Communication (VC) systems is a Vehicular Public-Key Infrastructure (VPKI), which provides vehicles with multiple anonymized credentials, termed pseudonyms. These pseudonyms are used to ensure message authenticity and integrity while preserving vehicle (thus passenger) privacy. In the light of emerging large-scale multi-domain VC environments, the efficiency of the VPKI and, more broadly, its scalability are paramount. By the same token, preventing misuse of the credentials, in particular, Sybil-based misbehavior, and managing “honest-but-curious” insiders are other facets of a challenging problem. In this paper, we leverage the state-of-the-art VPKI system and enhance its functionality towards a highly-available, dynamically-scalable, and resilient design; this ensures that the system remains operational in the presence of benign failures or resource depletion attacks, and that it dynamically scales out, or possibly scales in, according to request arrival rates. Our full-blown implementation on the Google Cloud Platform shows that deploying large-scale and efficient VPKI can be cost-effective.

Place, publisher, year, edition, pages
Miami, FL, USA: , 2019
Keywords
VANETs, VPKI, Security, Privacy, Availability, Scalability, Resilient, Micro-service, Container Orchestration, Cloud.
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-253012 (URN)10.1145/3317549.3323410 (DOI)000477981300017 ()2-s2.0-85066733902 (Scopus ID)978-1-4503-6726-4 (ISBN)
Conference
12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019; Miami; United States; 15 May 2019 through 17 May 2019
Note

QC 20190619

Available from: 2019-06-11 Created: 2019-06-11 Last updated: 2022-06-26Bibliographically approved
9. Scalable & Resilient Vehicle-Centric Certificate Revocation List Distribution in Vehicular Communication Systems
Open this publication in new window or tab >>Scalable & Resilient Vehicle-Centric Certificate Revocation List Distribution in Vehicular Communication Systems
2021 (English)In: IEEE Transactions on Mobile Computing, ISSN 1536-1233, E-ISSN 1558-0660, Vol. 20, no 7, p. 2473-2489Article in journal (Refereed) Published
Abstract [en]

In spite of progress in securing Vehicular Communication (VC) systems, there is no consensus on how to distribute Certificate Revocation Lists (CRLs). The main challenges lie exactly in (i) crafting an efficient and timely distribution of CRLs for numerous anonymous credentials, pseudonyms, (ii) maintaining strong privacy for vehicles prior to revocation events, even with honest-but-curious system entities, (iii) and catering to computation and communication constraints of on-board units with intermittent connectivity to the infrastructure. Relying on peers to distribute the CRLs is a double-edged sword: abusive peers could "pollute" the process, thus degrading the timely CRLs distribution. In this paper, we propose a vehicle-centric solution that addresses all these challenges and thus closes a gap in the literature. Our scheme radically reduces CRL distribution overhead: each vehicle receives CRLs corresponding only to its region of operation and its actual trip duration. Moreover, a "fingerprint" of CRL 'pieces' is attached to a subset of (verifiable) pseudonyms for fast CRL 'piece' validation (while mitigating resource depletion attacks abusing the CRL distribution). Our experimental evaluation shows that our scheme is efficient, scalable, dependable, and practical: with no more than 25 KB/s of traffic load, the latest CRL can be delivered to 95% of the vehicles in a region (15 x 15 KM) within 15s, i.e., more than 40 times faster than the state-of-the-art. Overall, our scheme is a comprehensive solution that complements standards and can catalyze the deployment of secure and privacy-protecting VC systems.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2021
Keywords
Vehicular Communications, VANETs, Vehicular PKI, Certificate Revocation, CRL Distribution, Security, Privacy, Efficiency
National Category
Communication Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:kth:diva-271703 (URN)10.1109/TMC.2020.2981887 (DOI)000658333000011 ()2-s2.0-85107536378 (Scopus ID)
Note

QC 20210720

Available from: 2020-04-05 Created: 2020-04-05 Last updated: 2023-10-16Bibliographically approved
10. Cooperative Location Privacy in Vehicular Networks: Why Simple Mix-zones are not Enough
Open this publication in new window or tab >>Cooperative Location Privacy in Vehicular Networks: Why Simple Mix-zones are not Enough
(English)In: Article in journal (Refereed) Submitted
Abstract [en]

Vehicular communications disclose rich information about the vehicles and their whereabouts. Pseudonymous authentication secures communication while enhancing user privacy. To enhance location privacy, cryptographic mix-zones were proposed to facilitate vehicles covertly transition to new ephemeral credentials. The resilience to (syntactic and semantic) pseudonym linking (attacks) highly depends on the geometry of the mix-zones, mobility patterns, vehicle density, and arrival rates. Our experimental results show that an eavesdropper could successfully link 73% of pseudonyms (during non-rush hours) and 62% of pseudonyms (during rush hours) after vehicles change their pseudonyms in a mix-zone. To mitigate such inference attacks, we present a novel cooperative mix-zone scheme that enhances user privacy regardless of the vehicle mobility patterns, vehicle density, and arrival rate to the mix-zone. A subset of vehicles, termed relaying vehicles, are selected to be responsible for emulating non-existing vehicles. Such vehicles cooperatively disseminate decoy traffic without affecting safety-critical operations: with 50% of vehicles as relaying vehicles, the probability of linking pseudonyms (for the entire interval) drops from 68% to 18%. On average, this imposes 28 ms extra computation overhead, per second, on the Roadside Units (RSUs) and 4.67 ms extra computation overhead, per second, on the (relaying) vehicle side; it also introduces 1.46 KB/sec extra communication overhead by (relaying) vehicles and 45 KB/sec by RSUs for the dissemination of decoy traffic. Thus, user privacy is enhanced at the cost of low computation and communication overhead.

Keywords
Privacy, Anonymity, Pseudonymity, Location Privacy, Mix Networks, Vehicular Communication, VANETs.
National Category
Communication Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:kth:diva-273027 (URN)
Note

QC 20200624

Available from: 2020-05-05 Created: 2020-05-05 Last updated: 2022-06-26Bibliographically approved

Open Access in DiVA

dissertation-fulltext(5023 kB)692 downloads
File information
File name FULLTEXT01.pdfFile size 5023 kBChecksum SHA-512
f6bfc8e685e6b999a57c27617f85e1ed928309e991f31d632cd1d0c9c9eae4981da2659a3d179f4a910c489efe135558a6ce202bae10ebb1c244e19f514740b9
Type fulltextMimetype application/pdf

Other links

Zoom

Search in DiVA

By author/editor
Khodaei, Mohammad
By organisation
Communication Systems, CoS
Communication Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 693 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 2650 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf