VeSPA: Vehicular Security and Privacy-preserving Architecture
1. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
VeSPA: Vehicular Security and Privacy-preserving
architecture
N. Alexiou M. Lagan` S. Gisdakis
a
M. Khodaei P. Papadimitratos
School of Electrical Engineering, KTH, Sweden
surname@kth.se
HotWiSec13’
April 19, 2013
1 / 20
2. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Table of Contents
Introduction
Status and current Directions for VC
Future Challenges for VC
List of Future Challenges
VeSPA
Architecture & Operation
Analysis of VeSPA
Efficiency & Privacy Improvements
Future Work
Ongoing Work and Future Directions
2 / 20
3. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Vehicular Communications
• Vehicular Communications (VC)
• Vehicles propagate information
for Safe-Driving
• Location, Velocity, angle
• Hazardous warnings
• Emergency break etc.
• Cooperative awareness through
beaconed status messages and
event-triggered warnings
• ..Security in VC?
• Assure legitimate vehicles
propagate information
• Secure integrity of information
Image source: C2C-CC
3 / 20
4. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Digital Signatures for VC
• Vehicles hold Private-Public
Key pair
• Unique pair to each vehicle
• Digital Signature of the
messages
• Authentication
• Integrity
• Non-repudiation
• Vehicular Public Key
Infrastructure (VPKI)
• To assign credentials
• Propagate trust
Image Source: Secure Vehicular Communication Systems: Design and Architecture, P. Papadimitratos et al
4 / 20
5. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Privacy in VC
• Packets signed using same
credentials can be trivially
linked
• Solution:
• Offer multiple short-lived
credentials (Pseudonyms
(PS))
• Pseudonyms valid for
unique time periods
• Sign packets with valid
pseudonyms
• Cryptographic operations in
a Hardware Security Module
• Extend the VPKI to support
Pseudonyms
5 / 20
6. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Current Status: Overview
• Credential management in Vehicular Communications (VC)
• Long-term Credentials for accountability and Authentication
• Short-lived Pseudonyms for anonymity and Location Privacy
• A VPKI to support credential management
• VPKI Architecture:
• LTCA: Issuer of Long-term Credentials
• PCA: Issuer of Pseudonymous Credentials
• RA: Resolution Authority
• VPKI Protocols:
• Pseudonym provision: Refresh pool of pseudonyms
• Pseudonym Resolution: De-anonymize misbehaving vehicles
• Car accident, violation of traffic regulation, police request
• Pseudonym revocation: Revoke the misbehaving pseudonyms
• Main Suspects: SEVECOM, C2C-CC, PRESERVE, 1609
family of standards WAVE, ETSI
6 / 20
7. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Table of Contents
Introduction
Status and current Directions for VC
Future Challenges for VC
List of Future Challenges
VeSPA
Architecture & Operation
Analysis of VeSPA
Efficiency & Privacy Improvements
Future Work
Ongoing Work and Future Directions
7 / 20
8. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Future Challenges for VC
• Implement an efficient VPKI prototype according to the
standard
• How to enhance privacy towards the infrastructure
• Envision support for future vehicular services
• Safety as a service, not the target application
• Location based services, Pay-as-you-drive systems
• Enhance current VPKI to support vehicular services
• AAA solution with current VPKI architecture as the starting
point
• Authentication: Legitimate part of the system
• Authorization: Right to access a service
• Accountability: Track of consumption
8 / 20
9. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Table of Contents
Introduction
Status and current Directions for VC
Future Challenges for VC
List of Future Challenges
VeSPA
Architecture & Operation
Analysis of VeSPA
Efficiency & Privacy Improvements
Future Work
Ongoing Work and Future Directions
9 / 20
10. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
VeSPA: Vehicular Security and Privacy-preserving
Architecture
• “Kerberized” version of a VPKI
• Efficient VPKI Credential Management Architecture
• Enhanced VPKI design with respect to privacy
• Cryptographic tickets to support AAA
• Tickets:
• tkt = SigLTCA ([te ], {S1 }, . . . , {Sn })
• Carrier of service subscription information
• Anonymous proof of access to obtain pseudonyms
• Authorization and Authentication to the PCA
• Limited lifetime dependent on vehicle subscription to the
service
• Revocable upon misbehavior
10 / 20
11. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
VeSPA: Operation
• AAA check at LTCA
• LTCA issues ticket
• 73, 5msec/ticket
• Ticket per service/access
• Increased anonymity set
• Low overhead introduced
• Ticket received
• Request for new
pseudonyms
• Communication over TLS
(one-way authentication)
11 / 20
12. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
VeSPA: Protocols
Pseudonym Provision:
Resolution Protocol:
• V −→LTCA: Sigkv (t1 ,Request) LTv
i
• RA−→PCA: SigRA (Pv ,t1 )
• LTCA−→V : tkt
• PCA−→RA: SigPCA (tkt,t2 )
•
1
n
V −→PCA:t3 ,tkt,{Kv ,...,Kv }
• RA−→LTCA: SigRA (tkt,t3 )
•
1
n
PCA−→V :t4 ,{Psv ,...,Psv }
• LTCA−→RA: SigLTCA (LTv ,t4 )
12 / 20
13. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Table of Contents
Introduction
Status and current Directions for VC
Future Challenges for VC
List of Future Challenges
VeSPA
Architecture & Operation
Analysis of VeSPA
Efficiency & Privacy Improvements
Future Work
Ongoing Work and Future Directions
13 / 20
14. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Implementation Details
• OpenCA for cryptographic operations
• ECC-256 keys for digital certificates
• 1609.2 standard compatible
• Separate machines for each entity:
• Intel Xeon 3.4 GHz, 8 GB RAM
• System scales up with more machines or..
• stronger equipment
• Communications over encrypted TLS channel (one-way
authentication)
• Authentication of server
• Confidentiality
14 / 20
17. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Pseudonym Provision Efficiency
18
Preparing the Request
Entire Operations on the Server
Entire Communication
Verification and Storage
16
Latency [seconds]
14
12
10
8
6
4
2
0
1
10
20
50
100 200
Number of Pseudonyms
500
1000
Infrastructure, Vehicle, Communications Efficiency vs number of requested
pseudonyms
17 / 20
18. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Pseudonym Revocation Efficiency
3600
Latency [milliseconds]
3200
Preparing the Request
Entire Operations on the Server
Entire Communication
Verification and Storage
2800
2400
2000
1600
1200
800
400
0
1
10
100
1000 10,000 100,000
Number of Revoked Pseudonyms in CRL
Infrastructure, Vehicle, Communications Efficiency vs number of revoked pseudonyms
18 / 20
19. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Table of Contents
Introduction
Status and current Directions for VC
Future Challenges for VC
List of Future Challenges
VeSPA
Architecture & Operation
Analysis of VeSPA
Efficiency & Privacy Improvements
Future Work
Ongoing Work and Future Directions
19 / 20
20. Introduction
Future Challenges for VC
VeSPA
Analysis of VeSPA
Future Work
Overview & Future Work
VeSPA:
• Efficient VPKI Prototype according to the standards
• Increased Privacy to towards the infrastructure
• Enhanced VPKI with AAA capabilities
• A VPKI able to support vehicular services
Ongoing Work:
• Integration of Anonymous Authentication Mechanisms
• Extensions to support multi-Domain VPKI architectures
20 / 20