Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management Infrastructure M. Khodaei, H. Jin, and P. Papadimitratos Networked Systems Security Group www.ee.kth.se/nss Royal Institute of Technology (KTH) Stockholm, Sweden December 3, 2014 M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 1 / 26
Outline Introduction 1 Background Contributions System Outline Our Solution 2 System Overview VPKI Services & Protocols Security Analysis 3 Performance Evaluation 4 Conclusions 5 M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 2 / 26
Outline Introduction 1 Background Contributions System Outline Our Solution 2 System Overview VPKI Services & Protocols Security Analysis 3 Performance Evaluation 4 Conclusions 5 M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 3 / 26
Background Projects SEVECOM, EVITA, PRECIOSA, OVERSEE, DRIVE-C2X, PRESERVE, CAMP-VSC3 Standarization and Harmonization IEEE 1609.2, ETSI and C2C-CC: Vehicular Communication (VC) related specifications for privacy-preserving architectures Vehicular Public-Key Infrastructure (VPKI) Cornerstone for all these efforts Consensus on the need and basic characteristics M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 4 / 26
Background (Cont’d) Inference of service provider or service time C2C-CC [1], PRESERVE [2], SCMS [3] CoPRA [4] linking pseudonyms to the real-identity VeSPA [5, 6], SEROSA [7] V-Token [8] learns the real identity of V-Token’s owner Sybil-based misbehavior not precluded by VPKI C2C-CC [1], PRESERVE [2], SCMS [3] VeSPA [5, 6], SEROSA [7] One remedy Non-overlapping pseudonym lifetimes Downside: easier linkability M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 5 / 26
Contributions Stronger adversarial model Increased protection against honest-but-curious VPKI entities No inference of service provider or time Correct execution of protocols, but motivated to profile users Eradication of Sybil-based misbehavior VPKI design that ensures a compromised vehicle cannot obtain multiple pseudonyms valid simultaneously Extensive & detailed experimental evaluations Full-blown VC standard-compliant implementation of VPKI Significant performance improvement Multi-domain operation Efficiency Scalability M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 6 / 26
System Outline Vehicles registered with one Long Term Certification Authority (LTCA) (home domain) Pseudonym Certification Authority (PCA) servers in one or multiple domains Vehicles can obtain pseudonyms from any PCA (in home or foreign domains) Trust with the help of a Root Certification Authority (RCA) Trust associations of PCAs and LTCAs through Lightweight Directory Access Protocol (LDAP) services Resolve a pseudonym with the help of a Resolution Authority (RA) M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 7 / 26
Outline Introduction 1 Background Contributions System Outline Our Solution 2 System Overview VPKI Services & Protocols Security Analysis 3 Performance Evaluation 4 Conclusions 5 M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 8 / 26
VPKI Architecture M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 9 / 26
Ticket and Pseudonym Acquisition M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 10 / 26
Roaming User: Foreign Ticket Authentication M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 11 / 26
Native Ticket and Pseudonym Acquisition in the Foreign Domain M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 12 / 26
Outline Introduction 1 Background Contributions System Outline Our Solution 2 System Overview VPKI Services & Protocols Security Analysis 3 Performance Evaluation 4 Conclusions 5 M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 13 / 26
Security Analysis Communication integrity, confidentiality, non-repudiation Certificates, TLS and digital signatures Authentication and authorization LTCA performs Authentication, Authorization and Accounting (AAA) PCA grants the service Security Association through LDAP Concealing pseudonym providers, foreign identity providers and actual pseudonym acquisition period Sending H ( PCA id � Rnd 256 ), t s , t e , LTC v to the home LTCA PCA verifies if [ t ′ s , t ′ e ] ⊆ [ t s , t e ] Thwarting Sybil-based misbehavior LTCA keeps the records of the issued tickets A ticket is bound to a specific PCA PCA keeps records of ticket usage M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 14 / 26
Ticket & Pseudonym Lifetime Policy 10 10 9 9 8 8 7 7 6 6 5 5 4 4 3 3 2 2 1 1 0 5 10 15 20 25 30 35 40 45 50 55 60 0 5 10 15 20 25 30 35 40 45 50 55 60 Pseudonym Lifetime [sec] Pseudonym Lifetime [sec] Flexible lifetimes Fixed lifetimes Non-overlapping pseudonym lifetimes from eavesdroppers’ perspective Distinct lifetimes per vehicle make linkability easier Uniform pseudonym lifetime in a domain No distinction among obtained pseudonyms set, thus less probable to link pseudonyms M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 15 / 26
Outline Introduction 1 Background Contributions System Outline Our Solution 2 System Overview VPKI Services & Protocols Security Analysis 3 Performance Evaluation 4 Conclusions 5 M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 16 / 26
Server and Client Specifications LTCA PCA RA Clients VM Number 2 5 1 25 Dual-core CPU (Ghz) 2.0 2.0 2.0 2.0 BogoMips 4000 4000 4000 4000 Memory 2GB 2GB 1GB 1GB Database MySQL MySQL MySQL MySQL Web Server Apache Apache Apache - Load Balancer Apache Apache - - Emulated Threads - - - 400 Use cases: Pseudonym provision Pseudonym resolution & revocation Performing DDoS attack M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 17 / 26
Client and LTCA Performance Evaluation 2400 24 Entire Ticket Operations One ticket per request 2200 Entire Operations on PCA 2000 20 Networking Delay 1800 Vehicle Pseudonym Verification Processing Time [ms] Entire Time [ms] 1600 16 1400 1200 12 1000 800 8 600 400 4 200 0 0 1 10 100 200 500 1000 0 600 1200 1800 2400 3000 3600 Time [sec] Number of Pseudonyms in a Request Client processing time LTCA performance Delay to obtain pseudonyms LTCA response time to issue a ticket M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 18 / 26
PCA Performance Evaluation Empirical CDF 600 1 100 psnyms per request Server failure 0.9 500 0.8 Cumulative Probability 0.7 Processing Time [ms] 400 0.6 300 0.5 0.4 10 psnyms per request 200 0.3 20 psnyms per request 50 psnyms per request 0.2 100 100 psnyms per request 0.1 200 psnyms per request 0 0 0 600 1200 1800 2400 3000 3600 0 100 200 300 400 500 600 700 800 Time [sec] Processing Time [msec] Issuing 100 pseudonyms per request PCA performance under different configuration PCA response time, including a crash failure Efficient provision for pseudonyms, with different configurations M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 19 / 26
VPKI Servers under DDoS Attack Average Number of Legitimate Req. (per Sec.) Average Number of Legitimate Req. (per Sec.) 9 3.5 8 3 7 2.5 6 2 5 4 1.5 3 1 2 0.5 1 0 0 0 200 500 1K 2K 5K 10K 20K 0 200 500 1K 2K 5K 10K 20K Attackers Number Attackers Number LTCA performance PCA performance 10K legitimate vehicles, requesting 100 pseudonyms every 10 minutes Up to 20K attackers, sending requests every 10 seconds An LTCA is more resistant to DDoS than a PCA M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 20 / 26
Performance Evaluation for Pseudonym Revocation (CRL 1 or OCSP 2 ) and Resolution Empirical CDF Empirical CDF 1 1 0.9 0.9 0.8 0.8 Cumulative Probability Cumulative Probability 0.7 0.7 0.6 0.6 0.5 0.5 0.4 1K revoked psnyms 0.4 5K revoked psnyms 0.3 0.3 10K revoked psnyms 0.5K psnyms per request 20K revoked psnyms 1K psnyms per request 0.2 0.2 2K psnyms per request 40K revoked psnyms 50K revoked psnyms 3K psnyms per request 0.1 0.1 100K revoked psnyms 4K psnyms per request 0 0 0 100 200 300 400 500 600 700 800 900 1000 0 100 200 300 400 500 600 700 800 900 Processing Time [msec] Processing Time [msec] Obtaining a CRL OCSP validation For 50K CRL: F x (t=280)=0.9 or Pr { t ≤ 280 } =0.9 For 4K OCSP: F x (t=400)=0.9 or Pr { t ≤ 400 } =0.9 1 CRL: Certificate Revocation List 2 OCSP: Online Certificate Status Protocol M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 21 / 26
Entities Response Time to Resolve & Revoke a Pseudonym 150 Client Side Operations All RA Operations All PCA Operations 125 All LTCA Operations 100 Latency [ms] 75 50 25 0 0.01 0.05 0.1 0.5 1 5 Number of Pseudonyms in the PCA database (x 10 6 ) On average 100 ms to resolve & revoke a pseudonym M. Khodaei, H. J, P. P (KTH) IEEE VNC 2014 (Paderborn) December 3, 2014 22 / 26
Recommend
More recommend