Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Garbled Circuits for Secure Credential Management Services

661 views

Published on

This presentation discusses the use of Garbled Circuits for improving security and simplifying implementation of Secure Credential Management Systems (SCMS) in the Automotive industry

Published in: Technology
  • Be the first to comment

Garbled Circuits for Secure Credential Management Services

  1. 1. SCMS Simplifications and Security Improvements using Secure Computation
  2. 2. Outline § Introduction and Motivation § Review of Relevant SCMS Protocols § Secure Computation and Yao’s Garbled Circuit § Secure Computation for Linkage Value Generation § Demo of Linkage Value Generation § Secure Computation for Misbehavior Identification § Demo of Misbehavior Identification
  3. 3. Introduction and Motivation
  4. 4. Overview 4 • Organizational separation à More people and resources à More cost • Necessity due to low trust • One (bad) solution is to sacrifice privacy • We have a better solution! • Our goals: reduce organizational complexity and hence cost, while at the same time improve overall security/privacy • Our approach: replace distributed computation with secure computation protocols • Our focus: Linkage Value (LV) generation and Misbehavior Identification (MID)
  5. 5. Problems with Distributed Computation § Different authorities are required to have organizational separation – Extremely difficult and costly – Not realistic under many scenarios, e.g., when an OEM wants to build and operate its own SCMS § Different authorities are assumed to follow the protocols as specified – Malicious insiders can deviate from the protocol without the fear of detection – Malicious insiders can collude to subvert the protocol § Secure computation protocols remove both these problems – Trade-off: increased communication and computation complexity – OnBoard Security research has been working to address both of these – Long-term, advancements in microelectronics and CPU architecture, and economies of scale for cloud computing are also on our side 5
  6. 6. Review of Relevant SCMS Protocols
  7. 7. Linkage Value Generation 7 • Pseudonym certificate provisioning • Request for pseudonym certificates • Pseudonym certificate generation • Initial download of pseudonym certificates • Schedule generation of subsequent batch of pseudonym certificates • Top-off pseudonym certificates • Only Linkage Value (LV) generation, which is embedded inside pseudonym certificate generation, requires distributed computation among multiple authorities
  8. 8. Current Process of LV Generation 8 LS0 LS1 LSi… … PLVi,j EPLVi,j EPLVi,j LS0LS1LSi …… PLVi,j LA1 LA2 PCA PLVi,j PLVi,j LVi,j EPLVi,j EPLVi,j H H H H H H H H E E E: Encryption EPLV: Encrypted PLV H: Hash LS: Linkage seed PLV: Pre-linkage value LV: Linkage value One-way computation RAShuffle across multiple devices
  9. 9. Malicious Security 9 § Current SCMS design is vulnerable to malicious insiders – Malicious LA: A malicious LA can provide pre-linkage values that look “normal”, but completely subvert misbehavior detection, e.g. § by using multiple seeds (instead of a single seed) per device § by using random 9-bit values instead of following the pre-linkage value generation algorithm – Malicious RA: A malicious RA can subvert misbehavior detection and revocation, e.g. § by using pre-linkage values from different chains for a given device § by provisioning a revoked device with certificates using a new linkage chain – Malicious LA/PCA: A malicious LA/PCA can subvert misbehavior investigation by, e.g. § on MA’s query (plv1, plv2), LA responding that they don’t belong to a device, even if they do § on MA’s query lv (=plv1 ⊕ plv2) PCA responding with (plv3, lv ⊕ plv3), where plv3 ≠ (plv1 or plv2) § This is not an exhaustive list of attacks. In fact, creating an exhaustive list seems infeasible § Some attacks can possibly be addressed by small changes in the current protocols, but we need a holistic approach that counters all attacks, even those we have not discovered yet.
  10. 10. Global Misbehavior Detection FAQ Q: Do we really need it? A: Yes, because whether you like it or not, misbehavior will happen. Q: Why can’t each OEM take care of misbehavior on their own? A: In a cooperative system like V2V, misbehavior will impact everyone not just a particular OEM. Q: As an OEM, we handle far more sensitive information, so why can’t we also handle linkage value generation? A: Even if OEM 1 is doing everything alright, OEM 2 can set the system such that its vehicles will never get revoked, as illustrated in the last slide. 10
  11. 11. Misbehavior Identification 11 • Global misbehavior detection and revocation • Misbehavior report validation • Misbehavior analysis • Misbehavior investigation • Revocation • Misbehavior post-processing • Only misbehavior investigation and part of revocation require distributed computation among multiple authorities, which we call Misbehavior Identification (MID)
  12. 12. Current Misbehavior Investigation 12 {sLV1, rLV1} … {sLVi, rLVi} … {sLVn, rLVn} LV à EPLVEPLV à LS MA PCALA 1. LV 2. EPLV 3. {sEPLV1, rEPLV1} … {sEPLV50, rEPLV50} MA’s query size and LA’s response are deliberately limited due to privacy concern. 4. {sEPLV, sCount, UniqueRCount} EPLV: Encrypted PLV LS: Linkage seed LV: Linkage value rEPLV: Reporter EPLV rLV: Reporter LV sEPLV: Suspect EPLV sLV: Suspect LV
  13. 13. Current Revocation 13 Revoked LV list LV à HRPRHRPRà LCI1, LCI2 MA PCARA LCI1 -> LS1 LA1 LCI2 -> LS2 LA2 HRPR: Hash of RA-PCA request LCI: Linkage chain identifier LS: Linkage seed LV: Linkage value 1. LV 2. HPRR 3. HPRR 4. LCI1, LCI2 5. LCI1 7. LCI2 6. LS1 8. LS2
  14. 14. All Misbehavior Detection § MA should be able to detect all misbehavior in reports as per the policy. Perfect Privacy Protection § MA should only learn linkage seeds of vehicles to be revoke. § No one should learn anything else. 14 Goals of MID Suspect Threshold: 5 Reporter Threshold: 3 Color: Suspect Vehicle Shape: Reporter Vehicle
  15. 15. Issues with current MID - Effectiveness 15 Assume: a) Suspect Threshold: 5 b) Reporter Threshold: 3 Color: Suspect Vehicle Shape: Reporter Vehicle Due to the limited query size, MA does not detect all misbehaviors, i.e. red color vehicle goes undetected Misbehavior Report Database Query 1 Query 2 A smart attacker can easily create a strategy that defeats the current algorithm of MA.
  16. 16. Issues with current MID - Privacy 16 § PCA learns which LVs are being investigated. § LA also learns which EPLV and LS are being investigated. § MA learns information also about honest vehicles. § Our goals for MID – Make sure all misbehavior can be detected – Achieve security and privacy via a theoretically sound mechanism
  17. 17. Secure Computation and Yao’s Garbled Circuit
  18. 18. Secure Computation to the Rescue § In theory, secure computation can solve all the previously identified problems § But even the most efficient previously known solutions for secure computation are extremely impractical for use in SCMS – LV Generation: Even if one can generate one linkage value in a reasonable amount of time, generating 30 years’ worth for 300 million vehicles is extremely impractical – MID: Due to current one-way design of linkage values, the inputs of LAs will consist of 300 million linkage seeds, which makes the protocol extremely impractical 18
  19. 19. Real Life Computation Problems 19 Solution: Trusted third party But, do we really have to?
  20. 20. Secure Computation § Parties P1, P2, …, Pn with private inputs x1, x2, …, xn can jointly compute any arbitrary function f(x1, x2, …, xn), s.t. – Correctness: Output is guaranteed to be correct. – Privacy: Inputs are guaranteed to remain private. – … § [Yao ’82] achieved this for n = 2. § [Goldreich-Micali-Wigderson ’87] achieved this for n ≥ 2. § Active area of cryptographic research. 20
  21. 21. Garbled Circuits [Yao ’82] 21 f(x1, x2)
  22. 22. Garbled Circuits contd. 22 w1 w2 w3 k10, k11 k20, k21 k30, k31 Garbling w1 w2 w3 Garbling 0 0 0 G1 = E(k10, k20, k30) 0 1 1 G2 = E(k10, k21, k31) 1 0 1 G3 = E(k11, k20, k31) 1 1 1 G4 = E(k11, k21, k31) P1 (x1 = 0) P2 (x2 = 1)G2, G1, G3, G4 (k30, 0), (k31, 1) k10 OT for k21 1. Try to decrypt G1, …, G4. 2. With k10 and k21, can decrypt only G2 to obtain k31. 3. k31 maps to 1, so the output is 1. Output = 1
  23. 23. Secure Computation for Linkage Value Generation
  24. 24. Secure Computation for LV Generation § AStraightforward 4-Party Secure Computation for LV generation – Inputs § LA1: entire database of linkage seeds § LA2: entire database of linkage seeds § RA: (EE, i, j) § PCA: nothing – Outputs § LA1, LA2, RA: nothing § PCA: linkage value for (EE, i, j) § It is inefficient because protocol complexity grows with the number of parties and linkage seed database is extremely large § Our protocol V1 – Functionality of LAs is merged with PCA, so it is a 2-party protocol between PCA and RA – Linkage seed is computed on the fly inside secure computation using a hash function, so parties’ inputs become very small and manageable 24
  25. 25. V1: Hash-based Initial Linkage Seed Generation 25 SHA-256RA EE PCA KPCA PCA ls1(EE,0), ls2(EE,0) PCA RA Private Inputs KPCA EE, i, j Private Outputs lv(EE, i, j) lv pointer
  26. 26. V2: Batched Generation 26
  27. 27. V3: Stateful Generation § V2 is a huge improvement over V1, e.g., for weekly batches – 1st week: 3 vs. 41 SHA-256, – 2nd week: 5 vs. (41+81) SHA-256, – 3rd week: 7 vs. (41+81+121) SHA-256, and so on § However, V2 is a trade-off – Maximum benefit only if batch size = life of vehicle, i.e., 30 years – Generating all 30 years’ worth at once has drawbacks § Huge waste, as average lifespan is only 13 – 17 years (https://berla.co/average-us-vehicle-lifespan/) § Large storage and communication requirements § Stateful Generation in V3 – Last week’s linkage seed is stored at PCA in garbled form – Has performance similar to V2 with batch size = life of vehicle – Doesn’t have any of the drawbacks of V2 27
  28. 28. Compatibility and Further Improvements § V1 – V3 are fully compatible with current LV design, i.e., vehicles won’t notice any difference § V4: Privacy is guaranteed by secure computation, so only one (instead of two) linkage chain per vehicle is sufficient – No obvious security weaknesses compared to current design – Currently deployed devices need software update for new CRL expansion – Cuts CRL size in half (or, doubles the number of devices that can be revoked) – Cuts CRL expansion time in half, a big plus for resource-constrained devices – Cuts LV generation time and resources in (almost) half – Makes misbehavior identification more efficient 28
  29. 29. Results of GC Implementations for LV generation 29 One LV (MB) One Vehicle for 30 Years (GB) 300 Million Vehicles for 1 Week (TB) Improvement Factor (V1/Vx) V1 (Hash-based Initial Linkage Seed) 6,019 183,390 34,440,744 N/A V2 (Batched Generation) 301 9,184 1,726,169 20 V3 (Stateful Generation) 1.13 35 6,481 5,314 V4 (One Linkage Chain per Vehicle) 0.69 21 3,953 8,713 § Table shows average garbled circuit sizes for 20 LVs per week § Garbling of V4, on AWS t2.micro takes about 0.02 seconds per LV – Hardware: Intel Xeon CPU at 2.4 GHz and 1GB RAM – Cost: $0.0035 per hour (https://aws.amazon.com/ec2/spot/pricing/). § LV generation for 300 million vehicles without the LA-pair would cost $15,000/year § CAMP’s cost model puts a price tag on the LA-pair at $150,000/year
  30. 30. Demo of Linkage Value Generation
  31. 31. Secure Computation for Misbehavior Identification
  32. 32. Secure Computation for MID § A Straightforward 5-Party Secure Computation for MID – Inputs § MA: misbehavior reports containing suspect and reporter linkage values § PCA: entire database of (linkage value, hash of RA-PCArequest) mapping § RA: entire database of (hash of RA-PCArequest, LCI1, LCI2) mapping § LA1, LA2: entire database of (LCI1, LS1) and (LCI2, LS2), respectively – Outputs § MA: linkage seeds of devices satisfying the revocation criteria § PCA, RA, LA1, LA2: nothing § It is inefficient because protocol complexity grows with the number of parties and databases of PCA, RA, LA1 and LA2 are extremely large § Our protocol V1 – LAs are replaced by our novel design of Misbehavior Helper (MH), so it is a 3-party protocol – No database lookups, MH is decrypted jointly by PCA and RA to retrieve linkage seeds 32
  33. 33. V1: Misbehavior Helper Info 33 Misbehavior Helper Info (MH) = Enc(KRA+KPCA, LV||LS) LS0 LS1 LSi… … MH RA KRA LVi,j PCA KPCA MA PCA RA Private Inputs {(Suspect MH, Reporter MH)} KPCA KRA Private Outputs Linkage seeds for CRL Nothing Nothing
  34. 34. V2: Boolean Circuit Improvements 34 § V1’s Boolean circuit grows quadratically with input size § Novel approach for “Filtering over Threshold” – Sorting using bitonic sorting network: O(n * log2n) – Counting the sorted input: O(n) – Filtering based on threshold: O(n) § O(n2 ) à O(n * log2 n): Improvement factor grows dramatically – Boolean circuits are 9 times smaller for input size = 1,000 – Extrapolations for larger input sizes are below Input Size 1,000 10,000 100,000 1,000,000 Improvement Factor 9 51 324 2,250
  35. 35. Results of GC Implementations for MID 35 Number of Gates in Boolean Circuit Garbled Circuit Size (GB) Garbling Time (seconds) Improvement Factor (V1/Vx) V1 (Misbehavior Helper Info) 1.1 Billion 12 27 N/A V2 (Boolean Circuit Improvements) 121 Million 1.3 3 9 § Table shows MID for 1024 inputs (suspect, reporter LVs) and 1 linkage chain per vehicle § Garbling times are on AWS c5d.xlarge § Hardware: Intel Xeon CPU at 2.4 GHz and 8GB RAM § Cost: $0.0388 per hour (https://aws.amazon.com/ec2/spot/pricing/). § Current code utilizes only 1 core, significant improvements are expected by our (upcoming) research on parallelization
  36. 36. Demo of Misbehavior Identification
  37. 37. Conclusions § Linkage Value (LV) Generation – Better security and privacy at a fraction of the original cost – Simpler overall system – Opportunities for significant improvements in CRL efficiency and other parts of SCMS by switching to one linkage chain per vehicle § Misbehavior Identification (MID) – Best possible security and privacy – Highly effective, i.e., MA can catch all misbehavior in reports as per the policy § Ongoing research at OnBoard Security and academia will further improve efficiencies for both LV Generation and MID 37
  38. 38. Thank you! 38 We hope it was worth your time.

×