Towards Deploying a Scalable & Robust Vehicular Identity and - - PowerPoint PPT Presentation

towards deploying a scalable robust vehicular identity
SMART_READER_LITE
LIVE PREVIEW

Towards Deploying a Scalable & Robust Vehicular Identity and - - PowerPoint PPT Presentation

Dec 23, 2023 42 likes •305 views

Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management Infrastructure M. Khodaei, H. Jin, and P. Papadimitratos Networked Systems Security Group www.ee.kth.se/nss Royal Institute of Technology (KTH) Stockholm,

slide-1
SLIDE 1

Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management Infrastructure

  • M. Khodaei, H. Jin, and P. Papadimitratos

Networked Systems Security Group www.ee.kth.se/nss Royal Institute of Technology (KTH) Stockholm, Sweden

December 3, 2014

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 1 / 26

slide-2
SLIDE 2

Outline

1

Introduction Background Contributions System Outline

2

Our Solution System Overview VPKI Services & Protocols

3

Security Analysis

4

Performance Evaluation

5

Conclusions

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 2 / 26

slide-3
SLIDE 3

Outline

1

Introduction Background Contributions System Outline

2

Our Solution System Overview VPKI Services & Protocols

3

Security Analysis

4

Performance Evaluation

5

Conclusions

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 3 / 26

slide-4
SLIDE 4

Background

Projects

SEVECOM, EVITA, PRECIOSA, OVERSEE, DRIVE-C2X, PRESERVE, CAMP-VSC3

Standarization and Harmonization

IEEE 1609.2, ETSI and C2C-CC: Vehicular Communication (VC) related specifications for privacy-preserving architectures

Vehicular Public-Key Infrastructure (VPKI)

Cornerstone for all these efforts Consensus on the need and basic characteristics

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 4 / 26

slide-5
SLIDE 5

Background (Cont’d)

Inference of service provider or service time C2C-CC [1], PRESERVE [2], SCMS [3] CoPRA [4] linking pseudonyms to the real-identity VeSPA [5, 6], SEROSA [7] V-Token [8] learns the real identity of V-Token’s owner Sybil-based misbehavior not precluded by VPKI C2C-CC [1], PRESERVE [2], SCMS [3] VeSPA [5, 6], SEROSA [7] One remedy

Non-overlapping pseudonym lifetimes Downside: easier linkability

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 5 / 26

slide-6
SLIDE 6

Contributions

Stronger adversarial model

Increased protection against honest-but-curious VPKI entities No inference of service provider or time Correct execution of protocols, but motivated to profile users

Eradication of Sybil-based misbehavior

VPKI design that ensures a compromised vehicle cannot obtain multiple pseudonyms valid simultaneously

Extensive & detailed experimental evaluations

Full-blown VC standard-compliant implementation of VPKI Significant performance improvement

Multi-domain operation Efficiency Scalability

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 6 / 26

slide-7
SLIDE 7

System Outline

Vehicles registered with one Long Term Certification Authority (LTCA) (home domain) Pseudonym Certification Authority (PCA) servers in one or multiple domains Vehicles can obtain pseudonyms from any PCA (in home or foreign domains) Trust with the help of a Root Certification Authority (RCA) Trust associations of PCAs and LTCAs through Lightweight Directory Access Protocol (LDAP) services Resolve a pseudonym with the help of a Resolution Authority (RA)

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 7 / 26

slide-8
SLIDE 8

Outline

1

Introduction Background Contributions System Outline

2

Our Solution System Overview VPKI Services & Protocols

3

Security Analysis

4

Performance Evaluation

5

Conclusions

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 8 / 26

slide-9
SLIDE 9

VPKI Architecture

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 9 / 26

slide-10
SLIDE 10

Ticket and Pseudonym Acquisition

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 10 / 26

slide-11
SLIDE 11

Roaming User: Foreign Ticket Authentication

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 11 / 26

slide-12
SLIDE 12

Native Ticket and Pseudonym Acquisition in the Foreign Domain

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 12 / 26

slide-13
SLIDE 13

Outline

1

Introduction Background Contributions System Outline

2

Our Solution System Overview VPKI Services & Protocols

3

Security Analysis

4

Performance Evaluation

5

Conclusions

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 13 / 26

slide-14
SLIDE 14

Security Analysis

Communication integrity, confidentiality, non-repudiation

Certificates, TLS and digital signatures

Authentication and authorization

LTCA performs Authentication, Authorization and Accounting (AAA) PCA grants the service Security Association through LDAP

Concealing pseudonym providers, foreign identity providers and actual pseudonym acquisition period

Sending H(PCAidRnd256), ts, te, LTCv to the home LTCA PCA verifies if [t′

s, t′ e] ⊆ [ts, te]

Thwarting Sybil-based misbehavior

LTCA keeps the records of the issued tickets A ticket is bound to a specific PCA PCA keeps records of ticket usage

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 14 / 26

slide-15
SLIDE 15

Ticket & Pseudonym Lifetime Policy

5 10 15 20 25 30 35 40 45 50 55 60 1 2 3 4 5 6 7 8 9 10

Pseudonym Lifetime [sec]

5 10 15 20 25 30 35 40 45 50 55 60 1 2 3 4 5 6 7 8 9 10

Pseudonym Lifetime [sec] Flexible lifetimes Fixed lifetimes

Non-overlapping pseudonym lifetimes from eavesdroppers’ perspective Distinct lifetimes per vehicle make linkability easier Uniform pseudonym lifetime in a domain No distinction among obtained pseudonyms set, thus less probable to link pseudonyms

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 15 / 26

slide-16
SLIDE 16

Outline

1

Introduction Background Contributions System Outline

2

Our Solution System Overview VPKI Services & Protocols

3

Security Analysis

4

Performance Evaluation

5

Conclusions

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 16 / 26

slide-17
SLIDE 17

Server and Client Specifications

LTCA PCA RA Clients VM Number 2 5 1 25 Dual-core CPU (Ghz) 2.0 2.0 2.0 2.0 BogoMips 4000 4000 4000 4000 Memory 2GB 2GB 1GB 1GB Database MySQL MySQL MySQL MySQL Web Server Apache Apache Apache

  • Load Balancer

Apache Apache

  • Emulated Threads
  • 400

Use cases: Pseudonym provision Pseudonym resolution & revocation Performing DDoS attack

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 17 / 26

slide-18
SLIDE 18

Client and LTCA Performance Evaluation

1 10 100 200 500 1000 200 400 600 800 1000 1200 1400 1600 1800 2000 2200 2400 Number of Pseudonyms in a Request Entire Time [ms] Entire Ticket Operations Entire Operations on PCA Networking Delay Vehicle Pseudonym Verification

600 1200 1800 2400 3000 3600 4 8 12 16 20 24

Time [sec] Processing Time [ms]

One ticket per request

Client processing time LTCA performance

Delay to obtain pseudonyms LTCA response time to issue a ticket

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 18 / 26

slide-19
SLIDE 19

PCA Performance Evaluation

600 1200 1800 2400 3000 3600 100 200 300 400 500 600

Time [sec] Processing Time [ms]

100 psnyms per request Server failure

100 200 300 400 500 600 700 800 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Processing Time [msec] Cumulative Probability

Empirical CDF

10 psnyms per request 20 psnyms per request 50 psnyms per request 100 psnyms per request 200 psnyms per request Issuing 100 pseudonyms per request PCA performance under different configuration

PCA response time, including a crash failure Efficient provision for pseudonyms, with different configurations

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 19 / 26

slide-20
SLIDE 20

VPKI Servers under DDoS Attack

200 500 1K 2K 5K 10K 20K 1 2 3 4 5 6 7 8 9 Attackers Number Average Number of Legitimate Req. (per Sec.) 200 500 1K 2K 5K 10K 20K 0.5 1 1.5 2 2.5 3 3.5 Attackers Number Average Number of Legitimate Req. (per Sec.)

LTCA performance PCA performance

10K legitimate vehicles, requesting 100 pseudonyms every 10 minutes Up to 20K attackers, sending requests every 10 seconds An LTCA is more resistant to DDoS than a PCA

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 20 / 26

slide-21
SLIDE 21

Performance Evaluation for Pseudonym Revocation (CRL1

  • r OCSP2) and Resolution

100 200 300 400 500 600 700 800 900 1000 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Processing Time [msec] Cumulative Probability

Empirical CDF

1K revoked psnyms 5K revoked psnyms 10K revoked psnyms 20K revoked psnyms 40K revoked psnyms 50K revoked psnyms 100K revoked psnyms

100 200 300 400 500 600 700 800 900 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Processing Time [msec] Cumulative Probability

Empirical CDF

0.5K psnyms per request 1K psnyms per request 2K psnyms per request 3K psnyms per request 4K psnyms per request

Obtaining a CRL OCSP validation

For 50K CRL: Fx(t=280)=0.9 or Pr{t≤280}=0.9 For 4K OCSP: Fx(t=400)=0.9 or Pr{t≤400}=0.9

1CRL: Certificate Revocation List 2OCSP: Online Certificate Status Protocol

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 21 / 26

slide-22
SLIDE 22

Entities Response Time to Resolve & Revoke a Pseudonym

0.01 0.05 0.1 0.5 1 5 25 50 75 100 125 150

Number of Pseudonyms in the PCA database (x 106) Latency [ms] Client Side Operations All RA Operations All PCA Operations All LTCA Operations

On average 100 ms to resolve & revoke a pseudonym

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 22 / 26

slide-23
SLIDE 23

Outline

1

Introduction Background Contributions System Outline

2

Our Solution System Overview VPKI Services & Protocols

3

Security Analysis

4

Performance Evaluation

5

Conclusions

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 23 / 26

slide-24
SLIDE 24

Conclusion

Strong adversarial model: honest-but-curious VPKI entities Prevention from Sybil-based misbehavior Reduction of pseudonym linkability, thus message linkability Extensive evaluation of a full-blown VC standard compliant VPKI

Very significant performance improvement over prior systems

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 24 / 26

slide-25
SLIDE 25

Bibliography

[1] Car-to-Car Communication Consortium (C2C-CC). [Online]. Available: http://www.car-2-car.org/ [2] “Preparing Secure Vehicle-to-X Communication Systems - PRESERVE.” [Online]. Available: http://www.preserve-project.eu/ [3] W. Whyte, A. Weimerskirch, V. Kumar, and T. Hehn, “A security credential management system for V2V communications,” in IEEE VNC, Boston, MA, USA, Dec. 2013. [4] N. Bißmeyer, J. Petit, and K. M. Bayarou, “Copra: Conditional pseudonym resolution algorithm in VANETs,” in IEEE WONS, Banff, Canada, Mar. 2013. [5] N. Alexiou, M. Lagan` a, S. Gisdakis, M. Khodaei, and P. Papadimitratos, “VeSPA: Vehicular Security and Privacy-preserving Architecture,” in ACM HotWiSec, Budapest, Hungary, Apr. 2013. [6] N. Alexiou, S. Gisdakis, M. Lagan` a, and P. Papadimitratos, “Towards a Secure and Privacy-preserving Multi-service Vehicular Architecture,” in D-SPAN, Madrid, Spain, Jun. 2013. [7] S. Gisdakis, M. Lagan` a, T. Giannetsos, and P. Papadimitratos, “SEROSA: SERvice Oriented Security Architecture for Vehicular Communications,” in IEEE VNC, Boston, MA, USA, Dec. 2013. [8] F. Schaub, F. Kargl, Z. Ma, and M. Weber, “V-tokens for Conditional Pseudonymity in VANETs,” in IEEE WCNC, NJ, USA, Apr. 2010.

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 25 / 26

slide-26
SLIDE 26

Questions and Discussion

Thank you!

khodaei@kth.se

  • M. Khodaei, H. J, P. P (KTH)

IEEE VNC 2014 (Paderborn) December 3, 2014 26 / 26