scalable resilient vehicle centric certificate revocation
play

Scalable & Resilient Vehicle-Centric Certificate Revocation List - PowerPoint PPT Presentation

Apr 11, 2023 •452 likes •981 views

KTH ROYAL INSTITUTE OF TECHNOLOGY Scalable & Resilient Vehicle-Centric Certificate Revocation List Distri- bution in Vehicular Communication Systems Mohammad Khodaei and Panos Papadimitratos Networked Systems Security Group (NSS)

  1. KTH ROYAL INSTITUTE OF TECHNOLOGY Scalable & Resilient Vehicle-Centric Certificate Revocation List Distri- bution in Vehicular Communication Systems Mohammad Khodaei and Panos Papadimitratos Networked Systems Security Group (NSS) www.eecs.kth.se/nss

  2. Outline Challenges for Revocation in VC Systems System Overview Security Protocols Qualitative Analysis Quantitative Analysis Conclusion 2/52

  3. Vehicular Communication (VC) Systems Figure: Photo Courtesy of the Car2Car Communication Consortium (C2C-CC) 3/52

  4. Security and Privacy for VC Systems 1 Basic Requirements [1, 2] ◮ Authentication & integrity ◮ Non-repudiation ◮ Authorization and access control ◮ Conditional anonymity ◮ Unlinkability (long-term) Vehicular Public-Key Infrastructure (VPKI) ◮ Pseudonymous authentication ◮ Trusted Third Party (TTP): ◮ Certification Authority (CA) ◮ Issues credentials & binds users to their pseudonyms 1P. Papadimitratos, et al. ‘‘Securing Vehicular Communications - Assumptions, Require- ments, and Principles,’’ in ESCAR, Berlin, Germany, pp. 5-14, Nov. 2006. 4/52 P. Papadimitratos, et al. ‘‘Secure Vehicular Communication Systems: Design and Architec- ture,’’ in IEEE Communications Magazine, vol. 46, no. 11, pp. 100-109, Nov. 2008.

  5. Security and Privacy for VC Systems (cont’d) ◮ Sign packets with the private key, corresponding to the current valid pseudonym ◮ Verify packets with the valid pseudonym ◮ Cryptographic operations in a Hardware Security Module (HSM) 5/52

  6. Secure & Privacy-preserving VC Systems RCA A certifies B A B Cross-certification Communication link Message dissemination Domain A Domain B Domain C ◮ RA Root Certification Authority (RCA) RA LTCA RA LTCA LTCA X-Cetify ◮ Long Term CA (LTCA) PCA PCA PCA LDAP LDAP ◮ Pseudonym CA (PCA) ◮ Resolution Authority (RA) 3/4/5G RSU {Msg} (P iv ) , {P i v } (PCA) ◮ Lightweight Directory Access Protocol (LDAP) {Msg} (P iv ) , {P i v } (PCA) ◮ Roadside Unit (RSU) B ◮ Trust established with RCA, or through cross Figure: VPKI Overview certification 6/52

  7. Challenges & Motivation Traditional PKI vs. Vehicular PKI ◮ Dimensions (5 orders of magnitude more credentials) ◮ Balancing act: security, privacy, and efficiency ◮ Honest-but-curious VPKI entities ◮ Performance constraints: safety- and time-critical operations (rates of 10 safety beacons per second) ◮ Mechanics of revocation: ◮ Highly dynamic environment with intermittent connectivity ◮ Short-lived pseudonyms, multiple per entity ◮ Resource constraints 7/52

  8. Challenges and Motivation (cont’d) Revocation challenges: ◮ Efficient and timely distribution of Certificate Revocation Lists (CRLs) to every legitimate vehicle in the system ◮ Strong privacy for vehicles prior to revocation events to every vehicle ◮ Computation and communication constraints of On-Board Units (OBUs) with intermittent connectivity to the infrastructure ◮ Peer-to-peer distribution is a double-edged sword: abusive peers could ‘‘pollute’’ the process, thus degrading the timely CRL distribution 8/52

  9. Outline Challenges for Revocation in VC Systems System Overview Security Protocols Qualitative Analysis Quantitative Analysis Conclusion 9/52

  10. System Model and Assumptions A certifies B A B RCA Communication link Home Domain (A) LDAP Foreign Domain (B) RA RA t start t end F-LTCA H-LTCA Unused Trip Duration Pseudonyms User-controlled policy (P1) I. f-tkt req. } } } } } τ P τ P τ P τ P τ P Γ P2 Γ P2 Oblivious policy (P2) PCA PCA } } } } } } 1. LTC 2. n-tkt II. f-tkt III. n-tkt τ P τ P τ P τ P τ P τ P 3. psnym req. IV. psnym req. Γ P3 Γ P3 Γ P3 Expired Universally fixed policy (P3) Pseudonym 4. psnyms acquisition V. psnyms acquisition } } } } } } } } τ P τ P τ P τ P τ P τ P τ P τ P System Time Figure: Pseudonym acquisition overview in Figure: Pseudonym Acquisition Policies. the home and foreign domains. M. Khodaei, H. Jin, and P. Papadimitratos. IEEE T-ITS, vol. 19, no. 5, pp. 1430-1444, May 2018. 10/52

  11. System Model and Requirements Adversarial Model: ◮ Excluding revoked pseudonym serial numbers from a CRL ◮ Adding valid pseudonyms by forging a fake CRL (piece) ◮ Preventing legitimate vehicles from obtaining genuine and the most up-to-date CRL (pieces) or delaying the distribution ◮ Harming user privacy by the VPKI entities Requirements: ◮ Fine-grained authentication, integrity, and non-repudiation ◮ Unlinkability (perfect-forward-privacy) ◮ Availability ◮ Efficiency ◮ Explicit and/or implicit notification on revocation events 11/52

  12. Vehicle-Centric CRL Distribution Γ 1 Γ 2 Γ 3 Trip Duration: D CRL CRL CRL Partitioned Interval: ✆ i CRL ✁ i ✂ i+2 ☎ i+4 � i+1 ✄ i+3 CRL CRL CRL CRL CRL { { { { { ... ... ... ... ... Dv 2 Dv 3 Dv 4 Dv 5 Trip Duration Dv 1 System Time Figure: CRL as a Stream: Figure: A vehicle-centric approach: each CRL , Γ i + 1 CRL , Γ i + 2 V 1 subscribes to { Γ i CRL } ; vehicle only subscribes for pieces of CRLs V 2 : { Γ i CRL , Γ i + 1 CRL } ; corresponding to its trip duration. V 3 : { Γ i + 2 CRL } ; V 4 : { Γ i + 3 CRL } ; V 5 : { Γ i + 4 CRL } . 12/52

  13. Bloom Filter Construction & Membership Checks y x z ✵ 1 1 1 1 1 1 1 1 ✵ ✵ ✵ ✵ ✵ ✵ ✵ ✵ ✵ ✵ ✵ ✵ ✵ y'=y x' = x z' (false positive) Bloom Filter (BF) features: ◮ A space-efficient probabilistic data structure ◮ Fast membership checking ◮ No false negatives, but false positive matches are possible ◮ A query returns either ‘‘possibly in set’’ or ‘‘definitely not in set’’ ◮ No deletion is allowed in a BF; (Cuckoo Filter (CF) supports deletion) 13/52

  14. ⑥ ⑥ ⑥ ⑥ ⑥ ⑥ Vehicle-Centric CRL Distribution (cont’d) Γ i CRL ❍ ✝✞ ❍ ✝✞ ❍ ✝✞ ❍ ✝✞ ❍ ✝✞ V1 V2 V3 V4 V5 V6 V7 V8 V9 τ τ τ τ τ τ P P P P P P (a) Revoked (b) CRL fingerprint construction pseudonyms Figure: CRL piece & fingerprint construction by the PCA. CRL Fingerprint: ◮ A signed fingerprint is broadcasted by RSUs ◮ Also integrated in a subset of recently issued pseudonyms ◮ A notification about a new CRL-update (revocation) event 14/52

  15. Vehicle-centric ∆ - CRL distribution Γ j CRL H(K i ) H(K i+1 ) H(K i+2 ) H(K i+3 ) H(K i+4 ) K i-1 K i K i+1 K i+2 K i+3 H'(K i ) H'(K i+2 ) H'(K i-1 ) H'(K i+1 ) H'(K i+3 ) K' i-1 K' i K' i+1 K' i+2 K' i+3 Disclosure of K i New Revocation Event New Revocation Event New R evocation Event } } } } Δ -CRL i Δ -CRL i+1 Δ -CRL i+2 Δ -CRL i+3 15/52

  16. Outline Challenges for Revocation in VC Systems System Overview Security Protocols Qualitative Analysis Quantitative Analysis Conclusion 16/52

  17. Notation Used in the Protocols Table: Notation Used in the Protocols. Notation Description Notation Description ( P i v ) pca , P i a valid psnym signed by the PCA Append () appending a revoked psnym SN to CRLs v ( K i v , k i v ) psnym pub./priv. key pairs BFTest() BF membership test ( K pca ; Lk pca ) long-term pub./priv. key pairs p , K false positive rate, optimal hash functions ( msg ) σ v signed msg with vehicle’s priv. key Γ interval to issue time-aligned psnyms LTC Long Term Certificate Γ CRL interval to release CRLs t now , t s , t e a fresh, starting, ending timestamp RIK revocation identifiable key T timeout response reception timeout B max. bandwidth for CRL distribution n - tkt , ( n - tkt ) ltca a native ticket revocation rate R Id req , Id res request/response identifiers N total number of CRL pieces in each Γ CRL SN psnym serial number n number of remaining psnyms in each batch Sign ( Lk ca , msg ) signing a msg with CA’s priv. key k index of the first revoked psnym Verify ( LTC ca , msg ) verifying with the CA’s pub. key CRL v CRL version GenRnd () , rand ( 0 , ∗ ) GEN. a random number, or in range ∅ Null or empty vector H k () , H hash function ( k times), hash value k, j, m, ζ temporary variables 17/52

  18. Pseudonym Acquisition Process OBU LT CA PCA 1 . ( H ( Id pca � Rnd 256 ) , t s , t e , LT C v , N, t ) 2 . IK tkt ← H ( LT C v || t s || t e || Rnd IK tkt ) 3 . tkt ← ( H ( Id pca � Rnd tkt ) , IK tkt , t s , t e ) 4 . Cert ( LT C ltca , tkt ) 5 . ( tkt σ ltca , N + 1 , t ) 6 . ( t s , t e , ( tkt ) σ ltca , { ( K 1 v ) σ k 1 v , · · · , ( K n v ) σ kn v } , N ′ , t now ) 7 . Verify( LT C ltca , ( tkt ) σ ltca ) 8 . Rnd v ← GenRnd () 9 . Verify( K i v , ( K i v ) σ ki v ) 1: if i = 1 then SN i ← 2: v || H i ( Rnd v )) 10 . RIK P i v ← H ( IK tkt || K i v || t i s || t i e || H i ( Rnd v )) H ( RIK P i 3: else SN i 4: ← 11 . ζ ← ( SN i , K i v , CRL v , BF Γ i CRL , RIK P i v , t i s , t i e ) H ( SN i − 1 || H i ( Rnd v )) 5: end if 12 . ( P i v ) σ pca ← Sign ( Lk pca , ζ ) 13 . ( { ( P 1 v ) σ pca , . . . , ( P n v ) σ pca } , Rnd v , N + 1 , t now ) 18/52

Recommend

Efficient, Scalable, and Resilient Vehicle-Centric Certificate Revocation List Distribution in

Efficient, Scalable, and Resilient Vehicle-Centric Certificate Revocation List Distribution in

Efficient, Scalable, and Resilient Vehicle-Centric Certificate Revocation List Distribution in VANETs Mohammad Khodaei and Panos Papadimitratos Networked Systems Security Group (NSS) www.ee.kth.se/nss Royal Institute of Technology (KTH)

700 views • 35 slides
Revocation Methods Explicit: CRL - Certificate Revocation List Sources: CRL-DP, indirect

Revocation Methods Explicit: CRL - Certificate Revocation List Sources: CRL-DP, indirect

Revocation Methods Explicit: CRL - Certificate Revocation List Sources: CRL-DP, indirect CRL, dynamic CRL-DP Delta-CRL, windowed CRL, etc. Certificate Revocation Tree (CRT) and other Authenticated Data Structures OCSP

745 views • 35 slides
Scalable Secret Key and Certificate Revocation List Distribution for Hierarchical Vehicular Ad-hoc

Scalable Secret Key and Certificate Revocation List Distribution for Hierarchical Vehicular Ad-hoc

Scalable Secret Key and Certificate Revocation List Distribution for Hierarchical Vehicular Ad-hoc Networks Kastuv M. Tuladhar Department of Computer Science University of South Dakota kastuv.tuladhar@coyotes.usd.edu November 20, 2018 Thesis

991 views • 68 slides
An End-to-End Measurement of Certificate Revocation in the Webs PKI Yabing Liu*, Will Tome*,

An End-to-End Measurement of Certificate Revocation in the Webs PKI Yabing Liu*, Will Tome*,

An End-to-End Measurement of Certificate Revocation in the Webs PKI Yabing Liu*, Will Tome*, Liang Zhang*, David Choffnes*, Dave Levin , Bruce Maggs , Alan Mislove*, Aaron Schulman , Christo Wilson* *Northeastern University

1.33k views • 65 slides
An End-to-End Measurement of Certificate Revocation in the Webs PKI Yabing Liu*, Will Tome*,

An End-to-End Measurement of Certificate Revocation in the Webs PKI Yabing Liu*, Will Tome*,

An End-to-End Measurement of Certificate Revocation in the Webs PKI Yabing Liu*, Will Tome*, Liang Zhang*, David Choffnes*, Dave Levin , Bruce Maggs , Alan Mislove*, Aaron Schulman , Christo Wilson* University of Maryland

1.32k views • 67 slides
Lets Revoke Public key infrastructure prevents Man-in-the-Middle attacks Revocation protects

Lets Revoke Public key infrastructure prevents Man-in-the-Middle attacks Revocation protects

Lets Revoke Public key infrastructure prevents Man-in-the-Middle attacks Revocation protects clients from compromised certificates Without revocation, these attacks would go undetected 2 Certificate Revocation Lists (CRLs) Lists of

544 views • 27 slides
A Distributed A Distributed Online Certificate Status Protocol Online Certificate Status

A Distributed A Distributed Online Certificate Status Protocol Online Certificate Status

A Distributed A Distributed Online Certificate Status Protocol Online Certificate Status Protocol Satoshi Koga, Kouichi Sakurai Satoshi Koga Kyushu University, Japan Background Background Certificate Revocation Problem Certificate

349 views • 10 slides
RevCast : Fast, Private Certificate Revocation over FM radio Aaron Schulman Stanford University

RevCast : Fast, Private Certificate Revocation over FM radio Aaron Schulman Stanford University

RevCast : Fast, Private Certificate Revocation over FM radio Aaron Schulman Stanford University Dave Levin Neil Spring University of Maryland University of Maryland Authentication in the PKI Authentication in the PKI I want an

834 views • 81 slides
Certificates, Revocation and the new gTLD's Oh My! Dan Timpson sales@digicert.com

Certificates, Revocation and the new gTLD's Oh My! Dan Timpson sales@digicert.com

Certificates, Revocation and the new gTLD's Oh My! Dan Timpson sales@digicert.com www.digicert.com +1 (801) 877-2100 Focus What is a Certificate Authority? Current situation with gTLD's and internal names

246 views • 13 slides
S6357 Towards Efficient Communication Methods and Models for Scalable GPU-Centric Computing

S6357 Towards Efficient Communication Methods and Models for Scalable GPU-Centric Computing

S6357 Towards Efficient Communication Methods and Models for Scalable GPU-Centric Computing Systems Holger Frning Computer Engineering Group Ruprecht-Karls University of Heidelberg GPU Technology Conference 2016 About us JProf. Dr.

484 views • 33 slides
Public Key Infrastructure Towards a reliable revocation status checking method Royal Holloway,

Public Key Infrastructure Towards a reliable revocation status checking method Royal Holloway,

Public Key Infrastructure Towards a reliable revocation status checking method Royal Holloway, University of London Keith Vella Licari Weekend Conference 2013 keith@vellalicari.com Agenda About me Project approach Certificate

446 views • 27 slides
CCTCP: A Scalable Receiver-driven Congestion Control Protocol for Content Centric Networking

CCTCP: A Scalable Receiver-driven Congestion Control Protocol for Content Centric Networking

CCTCP: A Scalable Receiver-driven Congestion Control Protocol for Content Centric Networking Lorenzo Saino, Cosmin Cocora and George Pavlou Communications and Information Systems Group Department of Electrical and Electronics Engineering

500 views • 13 slides
Scalable Certificate Extraction for QBF Aina Niemetz, Mathias Preiner, Florian Lonsing, Martina

Scalable Certificate Extraction for QBF Aina Niemetz, Mathias Preiner, Florian Lonsing, Martina

Scalable Certificate Extraction for QBF Aina Niemetz, Mathias Preiner, Florian Lonsing, Martina Seidl, and Armin Biere Institute for Formal Models and Verification (FMV) Johannes Kepler University, Linz, Austria http://fmv.jku.at/ Alpine

478 views • 17 slides
Cloud Native Go Building Scalable, Resilient Microservices for the Cloud in Go 1 / 29

Cloud Native Go Building Scalable, Resilient Microservices for the Cloud in Go 1 / 29

Cloud Native Go 6/28/17, 11)02 AM Cloud Native Go Building Scalable, Resilient Microservices for the Cloud in Go 1 / 29 file:///Users/kimberlyamaral/Desktop/cng-presentation/pres.html#1 Page 1 of 38 Cloud Native Go 6/28/17, 11)02 AM Agenda

566 views • 38 slides
Network-Centric Approach Using Task Migration for Drive-by-Wire Vehicle Resilience Jeanseong Baik

Network-Centric Approach Using Task Migration for Drive-by-Wire Vehicle Resilience Jeanseong Baik

Network-Centric Approach Using Task Migration for Drive-by-Wire Vehicle Resilience Jeanseong Baik , Haegeon Jeong, Kyungtae Kang* Computer Science and Engineering, Hanyang University ICNP 2020 Rise of the Autonomous Vehicles Define Accident

211 views • 10 slides
Recommendation Overview KNOWLEDGE ACADEMIES REVOCATION APPEALS OCTOBER 28, 2019 Statutory Charge

Recommendation Overview KNOWLEDGE ACADEMIES REVOCATION APPEALS OCTOBER 28, 2019 Statutory Charge

Recommendation Overview KNOWLEDGE ACADEMIES REVOCATION APPEALS OCTOBER 28, 2019 Statutory Charge REVOCATIONS AND REVOCATION APPEALS The Revocation Decision Pursuant to T.C.A. 49-13-122(b), a charter school authorizer may revoke a

386 views • 35 slides
I nefficient device utilization Host-centric device m anagem ent Host manages every device

I nefficient device utilization Host-centric device m anagem ent Host manages every device

DCS: A Fast and Scalable Device-Centric Server Architecture Jaehyung Ahn, Dongup Kwon, Youngsok Kim, Mohammadamin Ajdari, Jaewon Lee, and Jangwoo Kim { jh2ekd, nankdu7, elixir, majdari, spiegel0, jangwoo} @postech.ac.kr High Performance

812 views • 26 slides
Internal Load Balancing in 5 mins Deliver scalable and resilient internal-only services on GCP

Internal Load Balancing in 5 mins Deliver scalable and resilient internal-only services on GCP

Internal Load Balancing in 5 mins Deliver scalable and resilient internal-only services on GCP Google Cloud Load Balancing HTTP(S) Load SSL proxy Global Balancing Network TCP/UDP Internal TCP/UDP Regional Load Balancing Load Balancing

538 views • 18 slides
Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR

Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR

Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR Fintech Index is a long-only, USD-based, actively managed total return index. The pace of innovation in financial technology (Fintech) has been

616 views • 26 slides
Secure Path-Key Revocation for Symmetric Key Pre-distribution Schemes in Sensor Networks Tyler

Secure Path-Key Revocation for Symmetric Key Pre-distribution Schemes in Sensor Networks Tyler

Introduction & background Path-key-enabled attacks Secure path-key revocation Conclusions Secure Path-Key Revocation for Symmetric Key Pre-distribution Schemes in Sensor Networks Tyler Moore and Jolyon Clulow University of Cambridge

505 views • 22 slides
Reactive, Message- Driven & Scalable Todd L. Montgomery @toddlmontgomery Why Reactive!?

Reactive, Message- Driven & Scalable Todd L. Montgomery @toddlmontgomery Why Reactive!?

Reactive, Message- Driven & Scalable Todd L. Montgomery @toddlmontgomery Why Reactive!? Why Message-Driven!? The most scalable, resilient, & fast systems seem to follow some common principles http://www.reactivemanifesto.org/

897 views • 60 slides
NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No.

NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No.

NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No. 2426-CPR-105 NEO is an innovative Public Address and Voice Alarm system that allows an easy audio installation with just one piece of equipment.

326 views • 7 slides
V2X Technology Date: 11 th May 2013 What is V2X? V2X V2X - Vehicle to Vehicle or Vehicle to

V2X Technology Date: 11 th May 2013 What is V2X? V2X V2X - Vehicle to Vehicle or Vehicle to

V2X Technology Date: 11 th May 2013 What is V2X? V2X V2X - Vehicle to Vehicle or Vehicle to Infrastructure communication using wireless technology V2I V2V Vehicle to Vehicle to Vehicle Infrastructure Page 2 CONTENTS 1 Why V2X? 5

660 views • 16 slides
X-Stream: Edge-centric Graph Processing using Streaming Partitions Amitabha Roy, Ivo Mihailovic,

X-Stream: Edge-centric Graph Processing using Streaming Partitions Amitabha Roy, Ivo Mihailovic,

X-Stream: Edge-centric Graph Processing using Streaming Partitions Amitabha Roy, Ivo Mihailovic, Willy Zwaenepoel (SOSP13) Presented by: Stella Lau 24 October 2017 Motivation: scalable graph processing Problem Performance of large scale

450 views • 29 slides

More recommend