secmace scalable and robust identity and credential
play

SECMACE: Scalable and Robust Identity and Credential Infrastructure - PowerPoint PPT Presentation

Jun 09, 2023 •140 likes •689 views

SECMACE: Scalable and Robust Identity and Credential Infrastructure in Vehicular Communication IEEE Transactions on Intelligent Transportation Systems (IEEE ITS), vol. 19, no. 5, May 2018 Mohammad Khodaei, Hongyu Jin, and Panos Papadimitratos

  1. SECMACE: Scalable and Robust Identity and Credential Infrastructure in Vehicular Communication IEEE Transactions on Intelligent Transportation Systems (IEEE ITS), vol. 19, no. 5, May 2018 Mohammad Khodaei, Hongyu Jin, and Panos Papadimitratos Networked Systems Security Group www.ee.kth.se/nss 1 / 54

  2. Introduction Vehicular communication systems (VCS) Illustration: C2C-CC 2 / 54

  3. Introduction VCS security and privacy requirements ∗ Vehicular communication Warning: Emergency vehicle approaching Authentication & In area (X,Y,Z); RSU integrity Warning: Ambulance Non-repudiation approaching RSU ! ! at (x,y,z) Authorization & access ! control Conditional anonymity Unlinkability (long-term) Slow down and yield ∗ Securing vehicular communications-assumptions, requirements, and principles , ESCAR 2006 3 / 54

  4. Introduction VCS security and privacy: Basic ideas ∗ Payload ¡ ¡ Loca%on : ¡( x V , y V , z V ) ¡ ¡ ¡ ¡ ¡ ¡ Time : ¡ t V ¡ ¡ Signature ¡with ¡k V ¡ ¡ Cert CA (V,K V ,A V ,T) ¡ Warning: ¡ Warning: ¡ Accident ¡at ¡(x,y,z) ¡ Accident ¡at ¡(x,y,z) ¡ ! ! Vehicle V Vehicle U Ephemeral pseudonymous credentials; conditional anonymity Digitally signed V2X communications Hybrid approach: combination of anonymous and pseudonymous authentication ∗ Secure vehicular communication systems: design and architecture , IEEE CommMag 2008 4 / 54

  5. Introduction VCS security and privacy: Basic ideas (cont’d) First ¡demo, ¡2008 ¡ Final ¡event, ¡2015 ¡ 5 / 54

  6. Introduction VCS security and privacy: Basic ideas (cont’d) RCA A certifies B A B Cross-certification Communication link Message dissemination Domain A Domain B Domain C RA LTCA LTCA LTCA RA PCA X-Cetify PCA PCA LDAP LDAP RA 3/4G RSU B 6 / 54

  7. Introduction VCS security and privacy: Basic ideas (cont’d) Vehicles registered with one Long Term CA (LTCA) (home domain) Pseudonym CA (PCA) servers in one or multiple domains Vehicles can obtain pseudonyms from any PCA (in home or foreign domains) Establish trust among entities with a Root CA (RCA) or with cross-certification Resolve a pseudonym with the help of a Resolution Authority (RA) 7 / 54

  8. Introduction VCS security and privacy: Basic ideas (cont’d) Adversaries Malicious users/vehicles/nodes (On-Board Units (OBUs)) Arbitrary behavior “Sybil” users (each posing as multiple users) Collusion Selfish users Honest-but-curious system infrastructure (security & privacy infrastructure servers) Correct protocol execution Curious to infer private user information 8 / 54

  9. VPKI Designing the VCS security infrastructure Focus: Vehicular Public-Key Infrastructure (VPKI) Design, analyze, implement and evaluate the VPKI Management of credentials: provisioning, revocation, resolution Protocols for all vehicle-to-VPKI and intra-VPKI interactions Challenges: complexity and constraints Security and privacy Multiple and diverse entities, global deployment, long-lived entities Short-lived credentials, very large numbers Cost-driven platform resource constraints 9 / 54

  10. VPKI Designing the VCS security infrastructure: goals Resilience to honest-but-curious VPKI entities Eradication of Sybil-based misbehavior Standard-compliant implementation Scalability Multi-domain operation Efficiency Revocation and resolution 10 / 54

  11. VPKI Designing the VCS security infrastructure: System instance A certifies B A B RCA Communication link Home Domain (A) Foreign Domain (B) LDAP RA RA F-LTCA H-LTCA I. f-tkt req. PCA PCA 1. LTC 2. n-tkt II. f-tkt III. n-tkt 3. psnym req. IV. psnym req. 4. psnyms acquisition V. psnyms acquisition 11 / 54

  12. VPKI Designing the VCS security infrastructure: Pseudonym acquisition policies t start t end Unused Trip Duration Pseudonyms User-controlled policy (P1) } } } } } τ P τ P τ P τ P τ P Γ P2 Γ P2 Oblivious policy (P2) } } } } } } τ P τ P τ P τ P τ P τ P Γ P3 Γ P3 Γ P3 Expired Pseudonym Universally fixed policy (P3) } } } } } } } } τ P τ P τ P τ P τ P τ P τ P τ P System Time P1 & P2: Requests could be user “fingerprints” : exact times of requests throughout the trip P3: Request intervals falling within “universally” fixed intervals Γ P 3 ; pseudonym lifetimes aligned with the PCA clock 12 / 54

  13. VPKI Ticket and pseudonym acquisition V LTCA PCA 1 . H ( PCA ID � Rnd 256 ) , t s , t e , LT C v , N, t 2 . Cert ( LT C ltca , tkt ) 3 . tkt, N + 1 , t v , ..., ( K n 4 . tkt, Rnd 256 , t s ′ , t e ′ , { ( K 1 v ) σ k 1 v ) σ kn v } , N ′ , t 5 . Cert ( LT C pca , P i v ) v } , N ′ + 1 , t 6 . { P 1 v , . . . , P n 13 / 54

  14. VPKI Ticket acquisition protocols Protocol 1 Ticket Request (from the LTCA) Protocol 2 Issuing a Ticket (by the LTCA) 1: procedure R EQ T ICKET ( P x , Γ Px , t s , t e , t date ) 1: procedure I SSUE T ICKET ( ( msg ) σ v , LTC v , N, t now ) if P x = P 1 then 2: Verify ( LTC v , ( msg ) σ v ) 2: ( t s , t e ) ← ( t s , t e ) 3: IK tkt ← H ( LTC v || t s || t e || Rnd IK tkt ) 3: else if P x = P 2 then 4: ζ ← ( SN, H ( Id PCA � Rnd tkt ) , IK tkt , Rnd IK tkt , 4: ( t s , t e ) ← ( t s , t s + Γ P 2 ) t s , t e , Exp tkt ) 5: else if P x = P 3 then ( tkt ) σ ltca ← Sign ( Lk ltca , ζ ) 6: 5: P 3 ) , t date + Γ i +1 ( t s , t e ) ← ( t date + Γ i P 3 ) return (( tkt ) σ ltca , N + 1 , t now ) 7: 6: end if 8: 7: end procedure ζ ← ( Id tkt - req , H ( Id PCA � Rnd tkt ) , t s , t e ) 9: ( ζ ) σ v ← Sign ( Lk v , ζ ) 10: “ticket identifiable key” ( IK tkt ): it binds a ticket to the return (( ζ ) σ v , LTC v , N, t now ) 11: 12: end procedure corresponding Long Term Certificate (LTC) A faulty LTCA cannot resolve an LTC other than the one Run over Transport Layer Security (TLS) with mutual the ticket was issued for authentication 14 / 54

  15. VPKI Pseudonym acquisition protocols Protocol 3 Pseudonym Request (from the PCA) Protocol 4 Issuing Pseudonyms (by the PCA) 1: procedure R EQ P SNYMS ( t s , t e , ( tkt ) σ ltca ) 1: procedure I SSUE P SNYMS ( psnymReq ) for i:=1 to n do 2: psnymReq → ( Id req , Rnd tkt , t s , t e , ( tkt ) σ ltca , 2: { ( K 1 v , ..., ( K n Begin v ) σ k 1 v ) σ kn v } , N, t now ) 3: Generate ( K i v , k i v ) 4: Verify ( LTC ltca , ( tkt ) σ ltca ) 3: ( K i v ← Sign ( k i v , K i H ( Id this - PCA � Rnd tkt ) ? v ) σ ki v ) 5: = H ( Id PCA � Rnd tkt ) 4: [ t s , t e ] ? End 6: = ([ t s , t e ]) tkt 5: psnymReq ← ( Id req , Rnd tkt , t s , t e , ( tkt ) σ ltca , 7: for i:=1 to n do 6: { ( K 1 v , ..., ( K n v ) σ k 1 v ) σ kn v } , N, t now ) Begin 7: Verify ( K i v , ( K i v ) σ ki v ) return psnymReq 8: 8: IK P i ← H ( IK tkt || K i v || t i s || t i 9: end procedure e || Rnd IK i v ) 9: ζ ← ( SN i , K i v , t i s , t i v , IK P i , Rnd IK i e ) 10: ( P i Run over TLS with unidirectional (server-only) v ) σ pca ← Sign ( Lk pca , ζ ) 11: End 12: authentication return ( { ( P 1 v ) σ pca , . . . , ( P n v ) σ pca } , N + 1 , t now ) 13: 14: end procedure “pseudonym identifiable key” ( IK P i ): it binds a pseudonym to the corresponding ticket A faulty PCA cannot resolve pseudonyms other than the ones issued for the ticket 15 / 54

  16. VPKI Roaming user: Foreign ticket authentication 16 / 54

  17. VPKI Ticket and pseudonym acquisition in a foreign domain 17 / 54

  18. VPKI Pseudonym revocation and resolution RA PCA LT CA 1 . P i , N, t 2 .Update CRL 3 . tkt, N + 1 , t 4 .SN tkt , N ′ , t 5 .Resolve LT C v 6 .LT C v , N ′ + 1 , t 18 / 54

  19. Analysis & evaluation Security analysis Communication integrity, confidentiality, and non-repudiation Certificates, TLS and digital signatures Authentication, authorization and access control LTCA is the policy decision and enforcement point PCA grants the service Discovery of available servers: Lightweight Directory Access Protocol (LDAP) Concealing PCAs, F-LTCA, and actual pseudonym acquisition times Sending H ( PCA id � Rnd 256 ) , t s , t e , LTC v to the H-LTCA A PCA verifies whether [ t ′ s , t ′ e ] ⊆ [ t s , t e ] Thwarting Sybil-based misbehavior An LTCA never issues valid tickets with overlapping lifetimes (for a given domain) A ticket is bound to a specific PCA A PCA keeps records of used tickets 19 / 54

  20. Analysis & evaluation Pseudonym linkability based on timing information τ P = 5 min. τ P = 5 min., Γ P 2 = 15 min. τ P = 5 min., Γ P 3 = 15 min. 10 10 10 9 9 9 8 8 8 7 7 7 6 6 6 5 5 5 4 4 4 3 3 3 2 2 2 1 1 1 0 0 0 0 5 10 15 20 25 30 35 40 45 50 55 60 0 5 10 15 20 25 30 35 40 45 50 55 60 0 5 10 15 20 25 30 35 40 45 50 55 60 System Time [min.] System Time [min.] System Time [min.] (a) P1: User-controlled policy (b) P2: Oblivious policy (c) P3: Universally fixed policy P1 & P2: Distinct lifetimes per vehicle make linkability easier (requests/pseudonyms could act as user ‘fingerprints’ ) P3: Uniform pseudonym lifetimes eliminate the timing fingerprints 20 / 54

  21. Analysis & evaluation Experimental setup VPKI testbed LTCA PCA RA Clients Implementation in C++ VM Number 2 5 1 25 OpenSSL: TLS and Elliptic Curve Digital Dual-core CPU (Ghz) 2.0 2.0 2.0 2.0 BogoMips 4000 4000 4000 4000 Signature Algorithm (ECDSA)-256 Memory 2GB 2GB 1GB 1GB according to the standard [1] Database MySQL MySQL MySQL MySQL Web Server Apache Apache Apache - Emulated Threads - - - 400 21 / 54

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular

SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular

KTH ROYAL INSTITUTE OF TECHNOLOGY SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems M. Khodaei, H. Jin and P . Papadimitratos Networked Systems Security Group (NSS) In IEEE

464 views • 42 slides
Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management

Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management

Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management Infrastructure M. Khodaei, H. Jin, and P. Papadimitratos Networked Systems Security Group www.ee.kth.se/nss Royal Institute of Technology (KTH) Stockholm,

302 views • 26 slides
Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management

Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management

KTH ROYAL INSTITUTE OF TECHNOLOGY Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management Infrastructure Mohammad Khodaei Networked Systems Security Group (NSS) November 1, 2016 July 2, 2018

1.03k views • 38 slides
The Key to Intelligent Transportation: Identity and Credential Management in Vehicular

The Key to Intelligent Transportation: Identity and Credential Management in Vehicular

The Key to Intelligent Transportation: Identity and Credential Management in Vehicular Communication Systems Mohammad Khodaei and Panos Papadimitratos Networked Systems Security Group Dec, 2015 M. Khodaei and P. Papadimitratos (KTH) LCN

260 views • 12 slides
These slides: https: / / www.grc.com/ sqrl-presentation.pdf Robust Pseudonymous Identity for the

These slides: https: / / www.grc.com/ sqrl-presentation.pdf Robust Pseudonymous Identity for the

These slides: https: / / www.grc.com/ sqrl-presentation.pdf Robust Pseudonymous Identity for the Internet (A Practical Username & Password Replacement) S Q R L S ecure Q uick R eliable L ogin A simple, straightforward, open, intellectual

668 views • 51 slides
Identity management and security Could an IdP be considered an OES? www.law.kuleuven.be/citip

Identity management and security Could an IdP be considered an OES? www.law.kuleuven.be/citip

Identity management and security Could an IdP be considered an OES? www.law.kuleuven.be/citip What is an Identity provider (IdP)? 2 Proprietary IdM and PKI IdM e.g. e.g. Belgian eID Facebook IdP IdP Verifies Issues Issues credential

517 views • 22 slides
Robust Pseudonymous Identity for the Internet (A Practical Username & Password Replacement) S

Robust Pseudonymous Identity for the Internet (A Practical Username & Password Replacement) S

Robust Pseudonymous Identity for the Internet (A Practical Username & Password Replacement) S Q R L S ecure Q uick R eliable L ogin A simple, straightforward, open, intellectual property unencumbered, easily explained, provably secure,

898 views • 41 slides
SINGLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

SINGLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

SINGLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk, Director Dora Apodaca, Credential Analyst Evelyn Martinez, Office Coordinator Leah Sosnowski, Credential Analyst Meredith West, Credential Analyst

573 views • 14 slides
MULTIPLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

MULTIPLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk,

MULTIPLE SUBJECT PROFESSIONAL DEVELOPMENT DAY FALL 2017 Credential Center Staff: Kit Van Wyk, Director Dora Apodaca, Credential Analyst Evelyn Martinez, Office Coordinator Leah Sosnowski, Credential Analyst Meredith West, Credential Analyst

502 views • 14 slides
Adaptive Diffusions for Scalable and Robust Learning over Graphs ICASSP2017 Georgios B.

Adaptive Diffusions for Scalable and Robust Learning over Graphs ICASSP2017 Georgios B.

Adaptive Diffusions for Scalable and Robust Learning over Graphs ICASSP2017 Georgios B. Giannakis A. N. Nikolakopoulos D. K. Berberidis Dept. of ECE and Digital Tech. Center, University of Minnesota Acknowledgments: NSF 1500713,1711471, NIH

277 views • 23 slides
A Method for Remote Initial Vetting of Identity with PKI

A Method for Remote Initial Vetting of Identity with PKI

A Method for Remote Initial Vetting of Identity with PKI Credential International Symposium on Grids & Clouds 2017 9 March 2017 Academia Sinica, Taipei, Taiwan

689 views • 17 slides
Implementation of a robust and scalable consensus protocol for blockchain Raphal Dunant DEDIS

Implementation of a robust and scalable consensus protocol for blockchain Raphal Dunant DEDIS

Implementation of a robust and scalable consensus protocol for blockchain Raphal Dunant DEDIS lab Supervisors: Linus Gasser, Eleftherios Kokoris-Kogias Responsible: Prof. Bryan Ford Proposal cosigning Time or timestamp services

582 views • 15 slides
Introduction to Intl Credential Evaluation 10/30/2013 Introduction to International Credential

Introduction to Intl Credential Evaluation 10/30/2013 Introduction to International Credential

Introduction to Intl Credential Evaluation 10/30/2013 Introduction to International Credential Evaluation Shelby L. Cearley Texas Tech University Office of Graduate & International Admissions Todays Session Agenda A brief roadmap

372 views • 5 slides
Robust and Scalable Models of Microbiome Dynamics for Bacteriotherapy Design Travis E. Gibson 1

Robust and Scalable Models of Microbiome Dynamics for Bacteriotherapy Design Travis E. Gibson 1

Robust and Scalable Models of Microbiome Dynamics for Bacteriotherapy Design Travis E. Gibson 1 Georg K. Gerber 1 , 2 1 Massachusetts Host Microbiome Center Brigham and Womens Hospital and Harvard Medical School 2 Health Sciences and Technology

339 views • 13 slides
Scalable and Robust Bayesian Inference via the Median Posterior CS 584: Big Data Analytics

Scalable and Robust Bayesian Inference via the Median Posterior CS 584: Big Data Analytics

Scalable and Robust Bayesian Inference via the Median Posterior CS 584: Big Data Analytics Material adapted from David Dunsons talk (http://bayesian.org/sites/default/files/Dunson.pdf) & Lizhen Lins ICML talk

638 views • 35 slides
Optimizing MPC for robust and scalable integer and floating-point arithmetic Liisi Kerik * Peeter

Optimizing MPC for robust and scalable integer and floating-point arithmetic Liisi Kerik * Peeter

Optimizing MPC for robust and scalable integer and floating-point arithmetic Liisi Kerik * Peeter Laud * Jaak Randmets * * Cybernetica AS University of Tartu, Institute of Computer Science January 30, 2016 Introduction Secure

588 views • 23 slides
Content-Agnostic Identification of Cryptojacking in Network Traffic Yebo Feng , Devkishen Sisodia,

Content-Agnostic Identification of Cryptojacking in Network Traffic Yebo Feng , Devkishen Sisodia,

The 15th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2020) Content-Agnostic Identification of Cryptojacking in Network Traffic Yebo Feng , Devkishen Sisodia, Jun Li University of Oregon {yebof, dsisodia,

285 views • 15 slides
GCSE RE-SITS: DEVELOP YOUR PRACTICE (LEVEL 5 MODULE) MATHS SESSION 8 MAKING CONNECTIONS

GCSE RE-SITS: DEVELOP YOUR PRACTICE (LEVEL 5 MODULE) MATHS SESSION 8 MAKING CONNECTIONS

GCSE RE-SITS: DEVELOP YOUR PRACTICE (LEVEL 5 MODULE) MATHS SESSION 8 MAKING CONNECTIONS Julia Smith JUNE/JULY 2020 WELCOME TEACHING APPROACHES MEETING THE NEEDS OF ALL LEARNERS You should have watched

1.15k views • 33 slides
Social Networks Hendrik Roreger HAW Hamburg hendrik.roreger@haw-hamburg.de Internet

Social Networks Hendrik Roreger HAW Hamburg hendrik.roreger@haw-hamburg.de Internet

Find Learning -Friends" in Online Social Networks Hendrik Roreger HAW Hamburg hendrik.roreger@haw-hamburg.de Internet Technologies Group Agenda 1. Project Mindstone 2. Social Network Integration 3. Computer Supported Collaborative

653 views • 49 slides
Enabling students to become independent learners Dr Louise Walker School of Mathematics

Enabling students to become independent learners Dr Louise Walker School of Mathematics

Enabling students to become independent learners Dr Louise Walker School of Mathematics University of Manchester Transition from school to university Intensively Independent supported learning learning Success at university may depend on

309 views • 14 slides
Graphical Models for Security: Overview, Challenges and Recommendations Ketil Stlen, SINTEF and

Graphical Models for Security: Overview, Challenges and Recommendations Ketil Stlen, SINTEF and

GraMSec 2014 Graphical Models for Security: Overview, Challenges and Recommendations Ketil Stlen, SINTEF and University of Oslo Grenoble, April 12, 2014 Technology for a better society 1 This talk aims to provide A classification of

852 views • 51 slides
Functional CRUD Using bureaucracy to tame a full-stack Clojure/ClojureScript app Sam

Functional CRUD Using bureaucracy to tame a full-stack Clojure/ClojureScript app Sam

Functional CRUD Using bureaucracy to tame a full-stack Clojure/ClojureScript app Sam Roberton @sroberton github.com/samroberton/bureaucracy State machines Composeable state machines Composeable state machines How do we win?

579 views • 23 slides
0-to-hero 01/10 Mentors <> 01/10 Sessions Emin Guliyev Amazon & AWS Microsoft

0-to-hero 01/10 Mentors <> 01/10 Sessions Emin Guliyev Amazon & AWS Microsoft

0-to-hero 01/10 Mentors <> 01/10 Sessions Emin Guliyev Amazon & AWS Microsoft Azercell Technical University of Munich CS (master) Baku State University CS (bachelor & master) https://www.linkedin.com/in/eminguliyev/

202 views • 9 slides
Re-Engineering of PSFC Report Submission to meet DOE Requirements February 2016 PS PSFC D

Re-Engineering of PSFC Report Submission to meet DOE Requirements February 2016 PS PSFC D

Re-Engineering of PSFC Report Submission to meet DOE Requirements February 2016 PS PSFC D Docu cument EcoSys ystem [Schem ema u until 2 2015] 15] P S F C R E P O R T Preprints + Research Reports MIT LIBRARIES PSFC LOCAL DIGITAL

634 views • 22 slides

More recommend