SlideShare a Scribd company logo

VeSPA: Vehicular Security and Privacy-preserving Architecture

N
nalexiou
EducationTechnologyNews & Politics
1 of 20
Download to read offline
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work VeSPA: Vehicular Security and Privacy-preserving architecture N. Alexiou M. Lagan` S. Gisdakis a M. Khodaei P. Papadimitratos School of Electrical Engineering, KTH, Sweden surname@kth.se HotWiSec13’ April 19, 2013 1 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Table of Contents Introduction Status and current Directions for VC Future Challenges for VC List of Future Challenges VeSPA Architecture & Operation Analysis of VeSPA Efficiency & Privacy Improvements Future Work Ongoing Work and Future Directions 2 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Vehicular Communications • Vehicular Communications (VC) • Vehicles propagate information for Safe-Driving • Location, Velocity, angle • Hazardous warnings • Emergency break etc. • Cooperative awareness through beaconed status messages and event-triggered warnings • ..Security in VC? • Assure legitimate vehicles propagate information • Secure integrity of information Image source: C2C-CC 3 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Digital Signatures for VC • Vehicles hold Private-Public Key pair • Unique pair to each vehicle • Digital Signature of the messages • Authentication • Integrity • Non-repudiation • Vehicular Public Key Infrastructure (VPKI) • To assign credentials • Propagate trust Image Source: Secure Vehicular Communication Systems: Design and Architecture, P. Papadimitratos et al 4 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Privacy in VC • Packets signed using same credentials can be trivially linked • Solution: • Offer multiple short-lived credentials (Pseudonyms (PS)) • Pseudonyms valid for unique time periods • Sign packets with valid pseudonyms • Cryptographic operations in a Hardware Security Module • Extend the VPKI to support Pseudonyms 5 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Current Status: Overview • Credential management in Vehicular Communications (VC) • Long-term Credentials for accountability and Authentication • Short-lived Pseudonyms for anonymity and Location Privacy • A VPKI to support credential management • VPKI Architecture: • LTCA: Issuer of Long-term Credentials • PCA: Issuer of Pseudonymous Credentials • RA: Resolution Authority • VPKI Protocols: • Pseudonym provision: Refresh pool of pseudonyms • Pseudonym Resolution: De-anonymize misbehaving vehicles • Car accident, violation of traffic regulation, police request • Pseudonym revocation: Revoke the misbehaving pseudonyms • Main Suspects: SEVECOM, C2C-CC, PRESERVE, 1609 family of standards WAVE, ETSI 6 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Table of Contents Introduction Status and current Directions for VC Future Challenges for VC List of Future Challenges VeSPA Architecture & Operation Analysis of VeSPA Efficiency & Privacy Improvements Future Work Ongoing Work and Future Directions 7 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Future Challenges for VC • Implement an efficient VPKI prototype according to the standard • How to enhance privacy towards the infrastructure • Envision support for future vehicular services • Safety as a service, not the target application • Location based services, Pay-as-you-drive systems • Enhance current VPKI to support vehicular services • AAA solution with current VPKI architecture as the starting point • Authentication: Legitimate part of the system • Authorization: Right to access a service • Accountability: Track of consumption 8 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Table of Contents Introduction Status and current Directions for VC Future Challenges for VC List of Future Challenges VeSPA Architecture & Operation Analysis of VeSPA Efficiency & Privacy Improvements Future Work Ongoing Work and Future Directions 9 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work VeSPA: Vehicular Security and Privacy-preserving Architecture • “Kerberized” version of a VPKI • Efficient VPKI Credential Management Architecture • Enhanced VPKI design with respect to privacy • Cryptographic tickets to support AAA • Tickets: • tkt = SigLTCA ([te ], {S1 }, . . . , {Sn }) • Carrier of service subscription information • Anonymous proof of access to obtain pseudonyms • Authorization and Authentication to the PCA • Limited lifetime dependent on vehicle subscription to the service • Revocable upon misbehavior 10 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work VeSPA: Operation • AAA check at LTCA • LTCA issues ticket • 73, 5msec/ticket • Ticket per service/access • Increased anonymity set • Low overhead introduced • Ticket received • Request for new pseudonyms • Communication over TLS (one-way authentication) 11 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work VeSPA: Protocols Pseudonym Provision: Resolution Protocol: • V −→LTCA: Sigkv (t1 ,Request) LTv i • RA−→PCA: SigRA (Pv ,t1 ) • LTCA−→V : tkt • PCA−→RA: SigPCA (tkt,t2 ) • 1 n V −→PCA:t3 ,tkt,{Kv ,...,Kv } • RA−→LTCA: SigRA (tkt,t3 ) • 1 n PCA−→V :t4 ,{Psv ,...,Psv } • LTCA−→RA: SigLTCA (LTv ,t4 ) 12 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Table of Contents Introduction Status and current Directions for VC Future Challenges for VC List of Future Challenges VeSPA Architecture & Operation Analysis of VeSPA Efficiency & Privacy Improvements Future Work Ongoing Work and Future Directions 13 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Implementation Details • OpenCA for cryptographic operations • ECC-256 keys for digital certificates • 1609.2 standard compatible • Separate machines for each entity: • Intel Xeon 3.4 GHz, 8 GB RAM • System scales up with more machines or.. • stronger equipment • Communications over encrypted TLS channel (one-way authentication) • Authentication of server • Confidentiality 14 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Increased Privacy against the VPKI 15 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Privacy against the Infrastructure 16 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Pseudonym Provision Efficiency 18 Preparing the Request Entire Operations on the Server Entire Communication Verification and Storage 16 Latency [seconds] 14 12 10 8 6 4 2 0 1 10 20 50 100 200 Number of Pseudonyms 500 1000 Infrastructure, Vehicle, Communications Efficiency vs number of requested pseudonyms 17 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Pseudonym Revocation Efficiency 3600 Latency [milliseconds] 3200 Preparing the Request Entire Operations on the Server Entire Communication Verification and Storage 2800 2400 2000 1600 1200 800 400 0 1 10 100 1000 10,000 100,000 Number of Revoked Pseudonyms in CRL Infrastructure, Vehicle, Communications Efficiency vs number of revoked pseudonyms 18 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Table of Contents Introduction Status and current Directions for VC Future Challenges for VC List of Future Challenges VeSPA Architecture & Operation Analysis of VeSPA Efficiency & Privacy Improvements Future Work Ongoing Work and Future Directions 19 / 20
Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Overview & Future Work VeSPA: • Efficient VPKI Prototype according to the standards • Increased Privacy to towards the infrastructure • Enhanced VPKI with AAA capabilities • A VPKI able to support vehicular services Ongoing Work: • Integration of Anonymous Authentication Mechanisms • Extensions to support multi-Domain VPKI architectures 20 / 20

Recommended

презентация для Forbes
презентация для Forbesпрезентация для Forbes
презентация для Forbes
galaydanazar
 
презентация для Forbes
презентация для Forbesпрезентация для Forbes
презентация для Forbes
galaydanazar
 
Law 421 Final Exam
Law 421 Final ExamLaw 421 Final Exam
Law 421 Final Exam
Uop Students
 
Forward Networks - Networking Field Day 13 presentation
Forward Networks - Networking Field Day 13 presentationForward Networks - Networking Field Day 13 presentation
Forward Networks - Networking Field Day 13 presentation
Forward Networks
 
Resume
ResumeResume
Resume
vijay Vijayarajancs
 
7th SDN Expert Group Seminar - Session2
7th SDN Expert Group Seminar - Session27th SDN Expert Group Seminar - Session2
7th SDN Expert Group Seminar - Session2
NAIM Networks, Inc.
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service Mesh
Rafik HARABI
 
Forward Networks - Networking Field Day 13 presentation
Forward Networks - Networking Field Day 13 presentationForward Networks - Networking Field Day 13 presentation
Forward Networks - Networking Field Day 13 presentation
Andrew Wesbecher
 

Recommended

презентация для Forbes
презентация для Forbesпрезентация для Forbes
презентация для Forbes
galaydanazar
 
презентация для Forbes
презентация для Forbesпрезентация для Forbes
презентация для Forbes
galaydanazar
 
Law 421 Final Exam
Law 421 Final ExamLaw 421 Final Exam
Law 421 Final Exam
Uop Students
 
Forward Networks - Networking Field Day 13 presentation
Forward Networks - Networking Field Day 13 presentationForward Networks - Networking Field Day 13 presentation
Forward Networks - Networking Field Day 13 presentation
Forward Networks
 
Resume
ResumeResume
Resume
vijay Vijayarajancs
 
7th SDN Expert Group Seminar - Session2
7th SDN Expert Group Seminar - Session27th SDN Expert Group Seminar - Session2
7th SDN Expert Group Seminar - Session2
NAIM Networks, Inc.
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service Mesh
Rafik HARABI
 
Forward Networks - Networking Field Day 13 presentation
Forward Networks - Networking Field Day 13 presentationForward Networks - Networking Field Day 13 presentation
Forward Networks - Networking Field Day 13 presentation
Andrew Wesbecher
 
Embracing SDN in the Next Gen Network
Embracing SDN in the Next Gen NetworkEmbracing SDN in the Next Gen Network
Embracing SDN in the Next Gen Network
NetCraftsmen
 
A Practical Deep Dive into Observability of Streaming Applications with Kosta...
A Practical Deep Dive into Observability of Streaming Applications with Kosta...A Practical Deep Dive into Observability of Streaming Applications with Kosta...
A Practical Deep Dive into Observability of Streaming Applications with Kosta...
HostedbyConfluent
 
SD-WAN for Service Providers - VeloCloud
SD-WAN for Service Providers - VeloCloudSD-WAN for Service Providers - VeloCloud
SD-WAN for Service Providers - VeloCloud
VeloCloud Networks, Inc.
 
Resume_ApparaoC
Resume_ApparaoCResume_ApparaoC
Resume_ApparaoC
Apparao Chandrapati
 
Advanced network experiments in FED4FIRE
Advanced network experiments in FED4FIREAdvanced network experiments in FED4FIRE
Advanced network experiments in FED4FIRE
ARCFIRE ICT
 
Cisco UCS Solution EMC World 2015
Cisco UCS Solution EMC World 2015Cisco UCS Solution EMC World 2015
Cisco UCS Solution EMC World 2015
ldangelo0772
 
Istio presentation jhug
Istio presentation jhugIstio presentation jhug
Istio presentation jhug
Georgios Andrianakis
 
Event Horizon at Solace Connect Singapore
Event Horizon at Solace Connect SingaporeEvent Horizon at Solace Connect Singapore
Event Horizon at Solace Connect Singapore
Solace
 
Building a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istioBuilding a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istio
SAMIR BEHARA
 
Next steps on Transport SDN - OIF Panel OFC 2015
Next steps on Transport SDN - OIF Panel OFC 2015Next steps on Transport SDN - OIF Panel OFC 2015
Next steps on Transport SDN - OIF Panel OFC 2015
Deborah Porchivina
 
Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN
Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN
Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN
Colt Technology Services
 
WAN Automation Engine API Deep Dive
WAN Automation Engine API Deep DiveWAN Automation Engine API Deep Dive
WAN Automation Engine API Deep Dive
Cisco DevNet
 
Unmeshing the service mesh
Unmeshing the service meshUnmeshing the service mesh
Unmeshing the service mesh
CodeValue
 
Cisco Connect 2018 Singapore - Easing the Transition
Cisco Connect 2018 Singapore - Easing the Transition Cisco Connect 2018 Singapore - Easing the Transition
Cisco Connect 2018 Singapore - Easing the Transition
NetworkCollaborators
 
The Next Generation of Microservices — YOW 2017 Brisbane
The Next Generation of Microservices — YOW 2017 BrisbaneThe Next Generation of Microservices — YOW 2017 Brisbane
The Next Generation of Microservices — YOW 2017 Brisbane
Phil Calçado
 
MMIX Peering Forum: Securing Internet Routing
MMIX Peering Forum: Securing Internet RoutingMMIX Peering Forum: Securing Internet Routing
MMIX Peering Forum: Securing Internet Routing
APNIC
 
btNOG 6: Securing Internet Routing
btNOG 6: Securing Internet RoutingbtNOG 6: Securing Internet Routing
btNOG 6: Securing Internet Routing
APNIC
 
SDN in the Enterprise: APIC Enterprise Module
SDN in the Enterprise: APIC Enterprise Module SDN in the Enterprise: APIC Enterprise Module
SDN in the Enterprise: APIC Enterprise Module
Cisco Canada
 
Simplifying Cloud Adoption with Cisco
Simplifying Cloud Adoption with CiscoSimplifying Cloud Adoption with Cisco
Simplifying Cloud Adoption with Cisco
Cisco Canada
 
BKNIX Peering Forum 2019: Securing Internet Routing
BKNIX Peering Forum 2019: Securing Internet RoutingBKNIX Peering Forum 2019: Securing Internet Routing
BKNIX Peering Forum 2019: Securing Internet Routing
APNIC
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
VishalSingh1417
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
Nirmal Dwivedi
 

More Related Content

Similar to VeSPA: Vehicular Security and Privacy-preserving Architecture

A Practical Deep Dive into Observability of Streaming Applications with Kosta...
A Practical Deep Dive into Observability of Streaming Applications with Kosta...A Practical Deep Dive into Observability of Streaming Applications with Kosta...
A Practical Deep Dive into Observability of Streaming Applications with Kosta...
HostedbyConfluent
 
Building a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istioBuilding a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istio
SAMIR BEHARA
 

Similar to VeSPA: Vehicular Security and Privacy-preserving Architecture (20)

Embracing SDN in the Next Gen Network
Embracing SDN in the Next Gen NetworkEmbracing SDN in the Next Gen Network
Embracing SDN in the Next Gen Network
 
A Practical Deep Dive into Observability of Streaming Applications with Kosta...
A Practical Deep Dive into Observability of Streaming Applications with Kosta...A Practical Deep Dive into Observability of Streaming Applications with Kosta...
A Practical Deep Dive into Observability of Streaming Applications with Kosta...
 
SD-WAN for Service Providers - VeloCloud
SD-WAN for Service Providers - VeloCloudSD-WAN for Service Providers - VeloCloud
SD-WAN for Service Providers - VeloCloud
 
Resume_ApparaoC
Resume_ApparaoCResume_ApparaoC
Resume_ApparaoC
 
Advanced network experiments in FED4FIRE
Advanced network experiments in FED4FIREAdvanced network experiments in FED4FIRE
Advanced network experiments in FED4FIRE
 
Cisco UCS Solution EMC World 2015
Cisco UCS Solution EMC World 2015Cisco UCS Solution EMC World 2015
Cisco UCS Solution EMC World 2015
 
Istio presentation jhug
Istio presentation jhugIstio presentation jhug
Istio presentation jhug
 
Event Horizon at Solace Connect Singapore
Event Horizon at Solace Connect SingaporeEvent Horizon at Solace Connect Singapore
Event Horizon at Solace Connect Singapore
 
Building a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istioBuilding a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istio
 
Next steps on Transport SDN - OIF Panel OFC 2015
Next steps on Transport SDN - OIF Panel OFC 2015Next steps on Transport SDN - OIF Panel OFC 2015
Next steps on Transport SDN - OIF Panel OFC 2015
 
Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN
Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN
Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN
 
WAN Automation Engine API Deep Dive
WAN Automation Engine API Deep DiveWAN Automation Engine API Deep Dive
WAN Automation Engine API Deep Dive
 
Unmeshing the service mesh
Unmeshing the service meshUnmeshing the service mesh
Unmeshing the service mesh
 
Cisco Connect 2018 Singapore - Easing the Transition
Cisco Connect 2018 Singapore - Easing the Transition Cisco Connect 2018 Singapore - Easing the Transition
Cisco Connect 2018 Singapore - Easing the Transition
 
The Next Generation of Microservices — YOW 2017 Brisbane
The Next Generation of Microservices — YOW 2017 BrisbaneThe Next Generation of Microservices — YOW 2017 Brisbane
The Next Generation of Microservices — YOW 2017 Brisbane
 
MMIX Peering Forum: Securing Internet Routing
MMIX Peering Forum: Securing Internet RoutingMMIX Peering Forum: Securing Internet Routing
MMIX Peering Forum: Securing Internet Routing
 
btNOG 6: Securing Internet Routing
btNOG 6: Securing Internet RoutingbtNOG 6: Securing Internet Routing
btNOG 6: Securing Internet Routing
 
SDN in the Enterprise: APIC Enterprise Module
SDN in the Enterprise: APIC Enterprise Module SDN in the Enterprise: APIC Enterprise Module
SDN in the Enterprise: APIC Enterprise Module
 
Simplifying Cloud Adoption with Cisco
Simplifying Cloud Adoption with CiscoSimplifying Cloud Adoption with Cisco
Simplifying Cloud Adoption with Cisco
 
BKNIX Peering Forum 2019: Securing Internet Routing
BKNIX Peering Forum 2019: Securing Internet RoutingBKNIX Peering Forum 2019: Securing Internet Routing
BKNIX Peering Forum 2019: Securing Internet Routing
 

Recently uploaded

Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 

Recently uploaded (20)

Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxThird Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptx
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 

VeSPA: Vehicular Security and Privacy-preserving Architecture

  • 1. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work VeSPA: Vehicular Security and Privacy-preserving architecture N. Alexiou M. Lagan` S. Gisdakis a M. Khodaei P. Papadimitratos School of Electrical Engineering, KTH, Sweden surname@kth.se HotWiSec13’ April 19, 2013 1 / 20
  • 2. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Table of Contents Introduction Status and current Directions for VC Future Challenges for VC List of Future Challenges VeSPA Architecture & Operation Analysis of VeSPA Efficiency & Privacy Improvements Future Work Ongoing Work and Future Directions 2 / 20
  • 3. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Vehicular Communications • Vehicular Communications (VC) • Vehicles propagate information for Safe-Driving • Location, Velocity, angle • Hazardous warnings • Emergency break etc. • Cooperative awareness through beaconed status messages and event-triggered warnings • ..Security in VC? • Assure legitimate vehicles propagate information • Secure integrity of information Image source: C2C-CC 3 / 20
  • 4. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Digital Signatures for VC • Vehicles hold Private-Public Key pair • Unique pair to each vehicle • Digital Signature of the messages • Authentication • Integrity • Non-repudiation • Vehicular Public Key Infrastructure (VPKI) • To assign credentials • Propagate trust Image Source: Secure Vehicular Communication Systems: Design and Architecture, P. Papadimitratos et al 4 / 20
  • 5. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Privacy in VC • Packets signed using same credentials can be trivially linked • Solution: • Offer multiple short-lived credentials (Pseudonyms (PS)) • Pseudonyms valid for unique time periods • Sign packets with valid pseudonyms • Cryptographic operations in a Hardware Security Module • Extend the VPKI to support Pseudonyms 5 / 20
  • 6. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Current Status: Overview • Credential management in Vehicular Communications (VC) • Long-term Credentials for accountability and Authentication • Short-lived Pseudonyms for anonymity and Location Privacy • A VPKI to support credential management • VPKI Architecture: • LTCA: Issuer of Long-term Credentials • PCA: Issuer of Pseudonymous Credentials • RA: Resolution Authority • VPKI Protocols: • Pseudonym provision: Refresh pool of pseudonyms • Pseudonym Resolution: De-anonymize misbehaving vehicles • Car accident, violation of traffic regulation, police request • Pseudonym revocation: Revoke the misbehaving pseudonyms • Main Suspects: SEVECOM, C2C-CC, PRESERVE, 1609 family of standards WAVE, ETSI 6 / 20
  • 7. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Table of Contents Introduction Status and current Directions for VC Future Challenges for VC List of Future Challenges VeSPA Architecture & Operation Analysis of VeSPA Efficiency & Privacy Improvements Future Work Ongoing Work and Future Directions 7 / 20
  • 8. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Future Challenges for VC • Implement an efficient VPKI prototype according to the standard • How to enhance privacy towards the infrastructure • Envision support for future vehicular services • Safety as a service, not the target application • Location based services, Pay-as-you-drive systems • Enhance current VPKI to support vehicular services • AAA solution with current VPKI architecture as the starting point • Authentication: Legitimate part of the system • Authorization: Right to access a service • Accountability: Track of consumption 8 / 20
  • 9. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Table of Contents Introduction Status and current Directions for VC Future Challenges for VC List of Future Challenges VeSPA Architecture & Operation Analysis of VeSPA Efficiency & Privacy Improvements Future Work Ongoing Work and Future Directions 9 / 20
  • 10. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work VeSPA: Vehicular Security and Privacy-preserving Architecture • “Kerberized” version of a VPKI • Efficient VPKI Credential Management Architecture • Enhanced VPKI design with respect to privacy • Cryptographic tickets to support AAA • Tickets: • tkt = SigLTCA ([te ], {S1 }, . . . , {Sn }) • Carrier of service subscription information • Anonymous proof of access to obtain pseudonyms • Authorization and Authentication to the PCA • Limited lifetime dependent on vehicle subscription to the service • Revocable upon misbehavior 10 / 20
  • 11. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work VeSPA: Operation • AAA check at LTCA • LTCA issues ticket • 73, 5msec/ticket • Ticket per service/access • Increased anonymity set • Low overhead introduced • Ticket received • Request for new pseudonyms • Communication over TLS (one-way authentication) 11 / 20
  • 12. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work VeSPA: Protocols Pseudonym Provision: Resolution Protocol: • V −→LTCA: Sigkv (t1 ,Request) LTv i • RA−→PCA: SigRA (Pv ,t1 ) • LTCA−→V : tkt • PCA−→RA: SigPCA (tkt,t2 ) • 1 n V −→PCA:t3 ,tkt,{Kv ,...,Kv } • RA−→LTCA: SigRA (tkt,t3 ) • 1 n PCA−→V :t4 ,{Psv ,...,Psv } • LTCA−→RA: SigLTCA (LTv ,t4 ) 12 / 20
  • 13. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Table of Contents Introduction Status and current Directions for VC Future Challenges for VC List of Future Challenges VeSPA Architecture & Operation Analysis of VeSPA Efficiency & Privacy Improvements Future Work Ongoing Work and Future Directions 13 / 20
  • 14. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Implementation Details • OpenCA for cryptographic operations • ECC-256 keys for digital certificates • 1609.2 standard compatible • Separate machines for each entity: • Intel Xeon 3.4 GHz, 8 GB RAM • System scales up with more machines or.. • stronger equipment • Communications over encrypted TLS channel (one-way authentication) • Authentication of server • Confidentiality 14 / 20
  • 15. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Increased Privacy against the VPKI 15 / 20
  • 16. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Privacy against the Infrastructure 16 / 20
  • 17. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Pseudonym Provision Efficiency 18 Preparing the Request Entire Operations on the Server Entire Communication Verification and Storage 16 Latency [seconds] 14 12 10 8 6 4 2 0 1 10 20 50 100 200 Number of Pseudonyms 500 1000 Infrastructure, Vehicle, Communications Efficiency vs number of requested pseudonyms 17 / 20
  • 18. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Pseudonym Revocation Efficiency 3600 Latency [milliseconds] 3200 Preparing the Request Entire Operations on the Server Entire Communication Verification and Storage 2800 2400 2000 1600 1200 800 400 0 1 10 100 1000 10,000 100,000 Number of Revoked Pseudonyms in CRL Infrastructure, Vehicle, Communications Efficiency vs number of revoked pseudonyms 18 / 20
  • 19. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Table of Contents Introduction Status and current Directions for VC Future Challenges for VC List of Future Challenges VeSPA Architecture & Operation Analysis of VeSPA Efficiency & Privacy Improvements Future Work Ongoing Work and Future Directions 19 / 20
  • 20. Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work Overview & Future Work VeSPA: • Efficient VPKI Prototype according to the standards • Increased Privacy to towards the infrastructure • Enhanced VPKI with AAA capabilities • A VPKI able to support vehicular services Ongoing Work: • Integration of Anonymous Authentication Mechanisms • Extensions to support multi-Domain VPKI architectures 20 / 20