Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Binary Hash Tree based Certificate Access Management for Connected Vehicles (BCAM)

627 views

Published on

Presentation given at WiSec 2017 by Dr. Virendra Kumar. His, along with Drs. Jonathan Petit and William Whyte's, paper was one of six to receive the reproducibility label.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Binary Hash Tree based Certificate Access Management for Connected Vehicles (BCAM)

  1. 1. Binary Hash Tree based Certificate Access Management for Connected Vehicles (BCAM) Virendra Kumar, Jonathan Petit, William Whyte
  2. 2. Background
  3. 3. source: nhtsa.gov 3
  4. 4. source: gpo.gov 4
  5. 5. V2V Communications Security Basic Safety Message Basic Safety Message Basic Safety Message Basic Safety Message 5
  6. 6. The Big Dilemma Lifetime Supply Who pays for 2-way connectivity? What happens if the vehicle is hacked? 6
  7. 7. Current Certificate Model 3 years’ worth 3 years’ worth RA 7
  8. 8. BCAM Proposal
  9. 9. Encrypted Batches of Certificates 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 … n 9
  10. 10. Periodic Key Updates i i 10
  11. 11. Compression using Binary Hash Trees 10 0100 10 11 000 001 010 011 100 101 110 111 seed 0 1 2 3 4 5 6 7 11
  12. 12. Day 1: No Revocation 10 0100 10 11 000 001 010 011 100 101 110 111 seed 0 1 2 3 4 5 6 7 Published node Derived node 12
  13. 13. Day 2: Vehicles 2, 4, 5 Revoked 10 0100 10 11 000 001 010 011 100 101 110 111 seed 0 1 2 3 4 5 6 7 Published node Derived node Revoked node 13
  14. 14. Pathological: Every Other Vehicle Revoked 10 0100 10 11 000 001 010 011 100 101 110 111 seed 0 1 2 3 4 5 6 7 Published node Derived node Revoked node 14
  15. 15. Binary Tree Encoding Encoding Size Decoding Time Unique index of each published node r * log2(n/r) * (log2(n) + 1) number of published nodes Same as searching Unique index of each revoked leaf node r * log2(n) No efficient algorithm known n: number of leaf-nodes, r: number of revoked vehicles, 1 ≤ r ≤ n/2 Can we get the best of both worlds? 15
  16. 16. A New Algorithm for Full Binary Trees Observations: 1. Topology known, only need to know which nodes are published and which are omitted. 2. Subtree of a published node can be ignored without any loss of information. Encoding: 1. Start from root with an empty string. 2. Do breadth-first traversal. 1. Append 0 for revoked node. 2. Append 1 for published node. 3. Do nothing for derived node. 0 0 0 1 0 0 1 0 1 0 0 0 00 1001 0100Encoded string: Disclaimer: Authors are not aware of any prior art with equivalent encoding sizes and decoding times. 1 2 3 Published nodes: 00, 11, 011 16
  17. 17. A New Algorithm for Full Binary Trees Contd. Decoding: 1. Start from root and process 1 level at a time. 2. At every level, look at the bit of interest 1. If 0, go to next level. 2. If 1, output the number of 1s so far, and stop. Example (vehicle 3  011): Disclaimer: Authors are not aware of any prior art with equivalent encoding sizes and decoding times. Encoding: 0 00 1001 0100 Bits at a level: # bits before bit of interest: 0 # bits after bit of interest: 0 Rules for going to next level: 1. # bits before = 2 * (# 0s in bits before bit of interest) 2. Add 1 to (# bits before), if next bit of vehicle ID is 1. 3. # bits after = 2 * (# 0s in bits after bit of interest) 4. Add 1 to (# bits after), if next bit of vehicle ID is 0. bit of interest Vehicle ID bit Bits at a level: # bits before bit of interest: 0 # bits after bit of interest: 1 Bits at a level: # bits before bit of interest: 1 # bits after bit of interest: 2 Bits at a level: # bits before bit of interest: 1 # bits after bit of interest: 2 3 1 2 3 17
  18. 18. Efficiency of Encoding Algorithm  Encoding size – # published nodes ≈ # revoked nodes, i.e. encoding has roughly the same number of 0s and 1s. – Size ≈ 2*r*log2(n/r) – For n=240, r=1,000, encoding takes less than 1% of the full packet, i.e. about 20 times smaller than using unique index of each published node.  Decoding time – Breadth-first but queue size ≤ r. – For n=240, r=10,000, a consumer laptop (2.7 GHz Intel Core i7, 16GB RAM) takes less than 3 milliseconds on average. 18 n: number of leaf-nodes, r: number of revoked vehicles, 1 ≤ r ≤ n/2
  19. 19. “Not all compromises are created equal.” Software Compromise Hardware Compromise Can be easily replicated and spread quickly Most likely require specialized hardware Can be easily fixed by over-the-air updates Most likely need to replace the hardware Attack can be distributed over the Internet requiring less effort and resources Most likely require lot of effort and resources 19
  20. 20. “So, we treat them differently.”  Software compromise  “soft revocation list” 0 1 2 3 4 5 6 7 8 9 …  A compromised vehicle is put on the SRL first, by flipping its bit.  If the vehicle on SRL continues to misbehave, it is “hard” revoked via binary tree approach. 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 …1 1 1 20
  21. 21. Conclusion  Positives – No need of bidirectional connectivity for certificate download – Revocation enforced at sender  Soft/hard revocation prevent sender from sending valid messages  Receivers don’t need to store revocation information  Scales naturally, can handle a much higher rate of revocation than current system – Vehicles can be unrevoked  Vehicles revoked in error  Vehicles whose issues have been addressed  Negatives – Less agile – Longer CA lifetimes Our belief is that positives outweigh the negatives. We hope you feel the same.  21 positives
  22. 22. Thank you! 22

×