towards deploying a scalable robust vehicular identity
play

Towards Deploying a Scalable & Robust Vehicular Identity and - PowerPoint PPT Presentation

Dec 23, 2023 •42 likes •302 views

Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management Infrastructure M. Khodaei, H. Jin, and P. Papadimitratos Networked Systems Security Group www.ee.kth.se/nss Royal Institute of Technology (KTH) Stockholm,

  1. Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management Infrastructure M. Khodaei, H. Jin, and P. Papadimitratos Networked Systems Security Group www.ee.kth.se/nss Royal Institute of Technology (KTH) Stockholm, Sweden December 3, 2014 M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 1 / 26

  2. Outline Introduction 1 Background Contributions System Outline Our Solution 2 System Overview VPKI Services & Protocols Security Analysis 3 Performance Evaluation 4 Conclusions 5 M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 2 / 26

  3. Outline Introduction 1 Background Contributions System Outline Our Solution 2 System Overview VPKI Services & Protocols Security Analysis 3 Performance Evaluation 4 Conclusions 5 M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 3 / 26

  4. Background Projects SEVECOM, EVITA, PRECIOSA, OVERSEE, DRIVE-C2X, PRESERVE, CAMP-VSC3 Standarization and Harmonization IEEE 1609.2, ETSI and C2C-CC: Vehicular Communication (VC) related specifications for privacy-preserving architectures Vehicular Public-Key Infrastructure (VPKI) Cornerstone for all these efforts Consensus on the need and basic characteristics M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 4 / 26

  5. Background (Cont’d) Inference of service provider or service time C2C-CC [1], PRESERVE [2], SCMS [3] CoPRA [4] linking pseudonyms to the real-identity VeSPA [5, 6], SEROSA [7] V-Token [8] learns the real identity of V-Token’s owner Sybil-based misbehavior not precluded by VPKI C2C-CC [1], PRESERVE [2], SCMS [3] VeSPA [5, 6], SEROSA [7] One remedy Non-overlapping pseudonym lifetimes Downside: easier linkability M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 5 / 26

  6. Contributions Stronger adversarial model Increased protection against honest-but-curious VPKI entities No inference of service provider or time Correct execution of protocols, but motivated to profile users Eradication of Sybil-based misbehavior VPKI design that ensures a compromised vehicle cannot obtain multiple pseudonyms valid simultaneously Extensive & detailed experimental evaluations Full-blown VC standard-compliant implementation of VPKI Significant performance improvement Multi-domain operation Efficiency Scalability M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 6 / 26

  7. System Outline Vehicles registered with one Long Term Certification Authority (LTCA) (home domain) Pseudonym Certification Authority (PCA) servers in one or multiple domains Vehicles can obtain pseudonyms from any PCA (in home or foreign domains) Trust with the help of a Root Certification Authority (RCA) Trust associations of PCAs and LTCAs through Lightweight Directory Access Protocol (LDAP) services Resolve a pseudonym with the help of a Resolution Authority (RA) M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 7 / 26

  8. Outline Introduction 1 Background Contributions System Outline Our Solution 2 System Overview VPKI Services & Protocols Security Analysis 3 Performance Evaluation 4 Conclusions 5 M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 8 / 26

  9. VPKI Architecture M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 9 / 26

  10. Ticket and Pseudonym Acquisition M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 10 / 26

  11. Roaming User: Foreign Ticket Authentication M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 11 / 26

  12. Native Ticket and Pseudonym Acquisition in the Foreign Domain M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 12 / 26

  13. Outline Introduction 1 Background Contributions System Outline Our Solution 2 System Overview VPKI Services & Protocols Security Analysis 3 Performance Evaluation 4 Conclusions 5 M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 13 / 26

  14. Security Analysis Communication integrity, confidentiality, non-repudiation Certificates, TLS and digital signatures Authentication and authorization LTCA performs Authentication, Authorization and Accounting (AAA) PCA grants the service Security Association through LDAP Concealing pseudonym providers, foreign identity providers and actual pseudonym acquisition period Sending H ( PCA id � Rnd 256 ), t s , t e , LTC v to the home LTCA PCA verifies if [ t ′ s , t ′ e ] ⊆ [ t s , t e ] Thwarting Sybil-based misbehavior LTCA keeps the records of the issued tickets A ticket is bound to a specific PCA PCA keeps records of ticket usage M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 14 / 26

  15. Ticket & Pseudonym Lifetime Policy 10 10 9 9 8 8 7 7 6 6 5 5 4 4 3 3 2 2 1 1 0 5 10 15 20 25 30 35 40 45 50 55 60 0 5 10 15 20 25 30 35 40 45 50 55 60 Pseudonym Lifetime [sec] Pseudonym Lifetime [sec] Flexible lifetimes Fixed lifetimes Non-overlapping pseudonym lifetimes from eavesdroppers’ perspective Distinct lifetimes per vehicle make linkability easier Uniform pseudonym lifetime in a domain No distinction among obtained pseudonyms set, thus less probable to link pseudonyms M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 15 / 26

  16. Outline Introduction 1 Background Contributions System Outline Our Solution 2 System Overview VPKI Services & Protocols Security Analysis 3 Performance Evaluation 4 Conclusions 5 M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 16 / 26

  17. Server and Client Specifications LTCA PCA RA Clients VM Number 2 5 1 25 Dual-core CPU (Ghz) 2.0 2.0 2.0 2.0 BogoMips 4000 4000 4000 4000 Memory 2GB 2GB 1GB 1GB Database MySQL MySQL MySQL MySQL Web Server Apache Apache Apache - Load Balancer Apache Apache - - Emulated Threads - - - 400 Use cases: Pseudonym provision Pseudonym resolution & revocation Performing DDoS attack M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 17 / 26

  18. Client and LTCA Performance Evaluation 2400 24 Entire Ticket Operations One ticket per request 2200 Entire Operations on PCA 2000 20 Networking Delay 1800 Vehicle Pseudonym Verification Processing Time [ms] Entire Time [ms] 1600 16 1400 1200 12 1000 800 8 600 400 4 200 0 0 1 10 100 200 500 1000 0 600 1200 1800 2400 3000 3600 Time [sec] Number of Pseudonyms in a Request Client processing time LTCA performance Delay to obtain pseudonyms LTCA response time to issue a ticket M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 18 / 26

  19. PCA Performance Evaluation Empirical CDF 600 1 100 psnyms per request Server failure 0.9 500 0.8 Cumulative Probability 0.7 Processing Time [ms] 400 0.6 300 0.5 0.4 10 psnyms per request 200 0.3 20 psnyms per request 50 psnyms per request 0.2 100 100 psnyms per request 0.1 200 psnyms per request 0 0 0 600 1200 1800 2400 3000 3600 0 100 200 300 400 500 600 700 800 Time [sec] Processing Time [msec] Issuing 100 pseudonyms per request PCA performance under different configuration PCA response time, including a crash failure Efficient provision for pseudonyms, with different configurations M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 19 / 26

  20. VPKI Servers under DDoS Attack Average Number of Legitimate Req. (per Sec.) Average Number of Legitimate Req. (per Sec.) 9 3.5 8 3 7 2.5 6 2 5 4 1.5 3 1 2 0.5 1 0 0 0 200 500 1K 2K 5K 10K 20K 0 200 500 1K 2K 5K 10K 20K Attackers Number Attackers Number LTCA performance PCA performance 10K legitimate vehicles, requesting 100 pseudonyms every 10 minutes Up to 20K attackers, sending requests every 10 seconds An LTCA is more resistant to DDoS than a PCA M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 20 / 26

  21. Performance Evaluation for Pseudonym Revocation (CRL 1 or OCSP 2 ) and Resolution Empirical CDF Empirical CDF 1 1 0.9 0.9 0.8 0.8 Cumulative Probability Cumulative Probability 0.7 0.7 0.6 0.6 0.5 0.5 0.4 1K revoked psnyms 0.4 5K revoked psnyms 0.3 0.3 10K revoked psnyms 0.5K psnyms per request 20K revoked psnyms 1K psnyms per request 0.2 0.2 2K psnyms per request 40K revoked psnyms 50K revoked psnyms 3K psnyms per request 0.1 0.1 100K revoked psnyms 4K psnyms per request 0 0 0 100 200 300 400 500 600 700 800 900 1000 0 100 200 300 400 500 600 700 800 900 Processing Time [msec] Processing Time [msec] Obtaining a CRL OCSP validation For 50K CRL: F x (t=280)=0.9 or Pr { t ≤ 280 } =0.9 For 4K OCSP: F x (t=400)=0.9 or Pr { t ≤ 400 } =0.9 1 CRL: Certificate Revocation List 2 OCSP: Online Certificate Status Protocol M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 21 / 26

  22. Entities Response Time to Resolve & Revoke a Pseudonym 150 Client Side Operations All RA Operations All PCA Operations 125 All LTCA Operations 100 Latency [ms] 75 50 25 0 0.01 0.05 0.1 0.5 1 5 Number of Pseudonyms in the PCA database (x 10 6 ) On average 100 ms to resolve & revoke a pseudonym M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 22 / 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular

SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular

KTH ROYAL INSTITUTE OF TECHNOLOGY SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems M. Khodaei, H. Jin and P . Papadimitratos Networked Systems Security Group (NSS) In IEEE

464 views • 42 slides
SECMACE: Scalable and Robust Identity and Credential Infrastructure in Vehicular Communication

SECMACE: Scalable and Robust Identity and Credential Infrastructure in Vehicular Communication

SECMACE: Scalable and Robust Identity and Credential Infrastructure in Vehicular Communication IEEE Transactions on Intelligent Transportation Systems (IEEE ITS), vol. 19, no. 5, May 2018 Mohammad Khodaei, Hongyu Jin, and Panos Papadimitratos

689 views • 54 slides
Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management

Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management

KTH ROYAL INSTITUTE OF TECHNOLOGY Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management Infrastructure Mohammad Khodaei Networked Systems Security Group (NSS) November 1, 2016 July 2, 2018

1.03k views • 38 slides
The Key to Intelligent Transportation: Identity and Credential Management in Vehicular

The Key to Intelligent Transportation: Identity and Credential Management in Vehicular

The Key to Intelligent Transportation: Identity and Credential Management in Vehicular Communication Systems Mohammad Khodaei and Panos Papadimitratos Networked Systems Security Group Dec, 2015 M. Khodaei and P. Papadimitratos (KTH) LCN

260 views • 12 slides
Scalable Secret Key and Certificate Revocation List Distribution for Hierarchical Vehicular Ad-hoc

Scalable Secret Key and Certificate Revocation List Distribution for Hierarchical Vehicular Ad-hoc

Scalable Secret Key and Certificate Revocation List Distribution for Hierarchical Vehicular Ad-hoc Networks Kastuv M. Tuladhar Department of Computer Science University of South Dakota kastuv.tuladhar@coyotes.usd.edu November 20, 2018 Thesis

991 views • 68 slides
Scalable & Resilient Vehicle-Centric Certificate Revocation List Distri- bution in Vehicular

Scalable & Resilient Vehicle-Centric Certificate Revocation List Distri- bution in Vehicular

KTH ROYAL INSTITUTE OF TECHNOLOGY Scalable & Resilient Vehicle-Centric Certificate Revocation List Distri- bution in Vehicular Communication Systems Mohammad Khodaei and Panos Papadimitratos Networked Systems Security Group (NSS)

981 views • 52 slides
Deploying Robust Security in IoT Ruozhou Yu, Guoliang Xue , Vishnu Teja Kilari, Xiang Zhang

Deploying Robust Security in IoT Ruozhou Yu, Guoliang Xue , Vishnu Teja Kilari, Xiang Zhang

Deploying Robust Security in IoT Ruozhou Yu, Guoliang Xue , Vishnu Teja Kilari, Xiang Zhang Arizona State University Outlines Introduction and Methodology Overview System Model Optimization Framework Performance Evaluation Conclusions 2

275 views • 27 slides
These slides: https: / / www.grc.com/ sqrl-presentation.pdf Robust Pseudonymous Identity for the

These slides: https: / / www.grc.com/ sqrl-presentation.pdf Robust Pseudonymous Identity for the

These slides: https: / / www.grc.com/ sqrl-presentation.pdf Robust Pseudonymous Identity for the Internet (A Practical Username & Password Replacement) S Q R L S ecure Q uick R eliable L ogin A simple, straightforward, open, intellectual

668 views • 51 slides
Robust Pseudonymous Identity for the Internet (A Practical Username & Password Replacement) S

Robust Pseudonymous Identity for the Internet (A Practical Username & Password Replacement) S

Robust Pseudonymous Identity for the Internet (A Practical Username & Password Replacement) S Q R L S ecure Q uick R eliable L ogin A simple, straightforward, open, intellectual property unencumbered, easily explained, provably secure,

898 views • 41 slides
Adaptive Diffusions for Scalable and Robust Learning over Graphs ICASSP2017 Georgios B.

Adaptive Diffusions for Scalable and Robust Learning over Graphs ICASSP2017 Georgios B.

Adaptive Diffusions for Scalable and Robust Learning over Graphs ICASSP2017 Georgios B. Giannakis A. N. Nikolakopoulos D. K. Berberidis Dept. of ECE and Digital Tech. Center, University of Minnesota Acknowledgments: NSF 1500713,1711471, NIH

277 views • 23 slides
Vehicular Urban Sensing: Dissemination and Vehicular Urban Sensing: Dissemination and Retrieval

Vehicular Urban Sensing: Dissemination and Vehicular Urban Sensing: Dissemination and Retrieval

Vehicular Urban Sensing: Dissemination and Vehicular Urban Sensing: Dissemination and Retrieval UC Irvine, May 21, 2009 Mario Gerla Computer Science Dept, UCLA www.cs.ucla.edu/NRL Outline Vehicular Ad Hoc Networks (VANETs)

785 views • 59 slides
Implementation of a robust and scalable consensus protocol for blockchain Raphal Dunant DEDIS

Implementation of a robust and scalable consensus protocol for blockchain Raphal Dunant DEDIS

Implementation of a robust and scalable consensus protocol for blockchain Raphal Dunant DEDIS lab Supervisors: Linus Gasser, Eleftherios Kokoris-Kogias Responsible: Prof. Bryan Ford Proposal cosigning Time or timestamp services

582 views • 15 slides
Robust and Scalable Models of Microbiome Dynamics for Bacteriotherapy Design Travis E. Gibson 1

Robust and Scalable Models of Microbiome Dynamics for Bacteriotherapy Design Travis E. Gibson 1

Robust and Scalable Models of Microbiome Dynamics for Bacteriotherapy Design Travis E. Gibson 1 Georg K. Gerber 1 , 2 1 Massachusetts Host Microbiome Center Brigham and Womens Hospital and Harvard Medical School 2 Health Sciences and Technology

339 views • 13 slides
Scalable and Robust Bayesian Inference via the Median Posterior CS 584: Big Data Analytics

Scalable and Robust Bayesian Inference via the Median Posterior CS 584: Big Data Analytics

Scalable and Robust Bayesian Inference via the Median Posterior CS 584: Big Data Analytics Material adapted from David Dunsons talk (http://bayesian.org/sites/default/files/Dunson.pdf) & Lizhen Lins ICML talk

638 views • 35 slides
Optimizing MPC for robust and scalable integer and floating-point arithmetic Liisi Kerik * Peeter

Optimizing MPC for robust and scalable integer and floating-point arithmetic Liisi Kerik * Peeter

Optimizing MPC for robust and scalable integer and floating-point arithmetic Liisi Kerik * Peeter Laud * Jaak Randmets * * Cybernetica AS University of Tartu, Institute of Computer Science January 30, 2016 Introduction Secure

588 views • 23 slides
Astrolabe: A Robust and Scalable Technology for Distributed System R. van Renesse, K.P. Birman,

Astrolabe: A Robust and Scalable Technology for Distributed System R. van Renesse, K.P. Birman,

Astrolabe: A Robust and Scalable Technology for Distributed System R. van Renesse, K.P. Birman, W. Vogels (Cornell University) Presentation by Konrad Iwanicki October 3rd and 8th, 2012 Distributed Systems Course, University of Warsaw 1

861 views • 47 slides
VeSPA: Vehicular Security and Privacy-preserving architecture N. Alexiou M. Lagan` a S.

VeSPA: Vehicular Security and Privacy-preserving architecture N. Alexiou M. Lagan` a S.

Introduction Future Challenges for VC VeSPA Analysis of VeSPA Future Work VeSPA: Vehicular Security and Privacy-preserving architecture N. Alexiou M. Lagan` a S. Gisdakis M. Khodaei P. Papadimitratos School of Electrical Engineering,

641 views • 20 slides
Lagan View WiFi: Enter Email, Agree and Connect Welcome! International Travel Trade Platforms

Lagan View WiFi: Enter Email, Agree and Connect Welcome! International Travel Trade Platforms

Lagan View WiFi: Enter Email, Agree and Connect Welcome! International Travel Trade Platforms Masterclass 23 rd January 2018 Eimear Callaghan Business Solutions Manager Tourism Northern Ireland Programme Where are we now? Kate

758 views • 43 slides
How mobile working can help you deliver local authority transformation 10th February 2016

How mobile working can help you deliver local authority transformation 10th February 2016

How mobile working can help you deliver local authority transformation 10th February 2016 Birmingham Abavus Ltd. & iTouch Vision www.abavus.co.uk Agenda Registration & coffee Introduction & welcome - 1000 The

714 views • 8 slides
Yale N o v 3 , 2 0 1 7 1 SIMULATION Theory Hard Interactions (ME Calculations) Parton

Yale N o v 3 , 2 0 1 7 1 SIMULATION Theory Hard Interactions (ME Calculations) Parton

FAST SIMULATION with GENERATIVE ADVERSARIAL NETWORKS M I C H E L A PA G A N I N I Ya l e U n i v e r s i t y m i c h e l a . p a g a n i n i @ y a l e . e d u Yale N o v 3 , 2 0 1 7 1 SIMULATION Theory Hard Interactions

357 views • 22 slides
High performance computing for numerical probability J er ome Lelong Universit e de

High performance computing for numerical probability J er ome Lelong Universit e de

HPC for numerical probability High performance computing for numerical probability J er ome Lelong Universit e de Grenoble Alpes Ensimag / LJK Thursday 15 October 2015 J. Lelong (Univ. Grenoble Alpes) 15/10/2015 1 / 31 HPC for

583 views • 37 slides
Welcome Georgina Statham Highways Liaison Manager Agenda 1. Introduction 2. Asset Management

Welcome Georgina Statham Highways Liaison Manager Agenda 1. Introduction 2. Asset Management

Highways Service Parish Liaison Sessions Welcome Georgina Statham Highways Liaison Manager Agenda 1. Introduction 2. Asset Management 3. Network Management 4. Web Portal Demonstration 5. Communications and future liaison Commissioning and

395 views • 36 slides
Technology as a problem in South African land reform. -Engaging with Hernando de Sotos

Technology as a problem in South African land reform. -Engaging with Hernando de Sotos

Technology as a problem in South African land reform. -Engaging with Hernando de Sotos criticism of technicians Jonathan Jackson Programme of land surveying University of Natal Durban Background on Hernando de Soto:

516 views • 18 slides
Remaking the Economy: Who Owns the Land? December 13 th , 2018 image courtesy of artist Heather

Remaking the Economy: Who Owns the Land? December 13 th , 2018 image courtesy of artist Heather

Remaking the Economy: Who Owns the Land? December 13 th , 2018 image courtesy of artist Heather Goodwind Steve Dubb, Nonprofit Quarterly Tamara Jones , SAAFON Diane Linn , Proud Ground Join the conversation! Neil Thapar , SELC Use our hashtag,

482 views • 25 slides

More recommend